公开(公告)号：US20240098063A1

公开(公告)日：2024-03-21

申请号：US17932754

申请日：2022-09-16

Applicant: Cisco Technology, Inc.

Inventor： Pascal Thubert ,  Jonas Zaddach ,  Patrick Wetterwald ,  Eric Levy-Abegnoli

IPC: H04L9/40

CPC classification number: H04L63/0263

Abstract: In one embodiment, a method includes identifying, using a Static Context Header Compression (SCHC) rules engine, one or more packets matching a rule, selecting a firewall decision based on the identified one or more packets and the rule, and applying the firewall decision to the one or more identified packets.

公开(公告)号：US20230275868A1

公开(公告)日：2023-08-31

申请号：US18195136

申请日：2023-05-09

Applicant: Cisco Technology, Inc.

Inventor： Pascal Thubert ,  Pradeep Kumar Kathail ,  Eric Levy-Abegnoli ,  David A. Maluf

IPC: H04L61/2503 ,  H04L61/4511

CPC classification number: H04L61/2503 ,  H04L61/4511

Abstract: Techniques for using Network Address Translation (NAT), Mobile Internet Protocol (MIP), and/or other techniques in conjunction with Domain Name System (DNS) to anonymize server-side addresses in data communications. Rather than having DNS provide a client device with an IP address of an endpoint device, such as a server, the DNS instead returns a virtual IP (VIP) address that is mapped to the client device and the endpoint device. In this way, IP addresses of servers are obfuscated by a virtual network of VIP addresses. The client device may then communicate data packets to the server using the VIP address as the destination address, and a virtual network service that works in conjunction with DNS can convert the VIP address to the actual IP address of the server using NAT and forward the data packet onto the server.

公开(公告)号：US11606347B2

公开(公告)日：2023-03-14

申请号：US17004368

申请日：2020-08-27

Applicant: Cisco Technology, Inc.

Inventor： Pascal Thubert ,  Patrick Wetterwald ,  Jonas Zaddach ,  Eric Levy-Abegnoli

IPC: H04L9/40 ,  H04L67/141 ,  H04L67/142

Abstract: This disclosure describes techniques for authenticating a user device for a session. For instance, an authentication entity may authenticate a user device using single sign-on authentication and/or multi-factor authentication. The authentication entity may then determine a duration for which the user device is authenticated for the session. For example, the authentication entity may receive information representing a state of an environment of the user device. The authentication entity may then use the information to identify one or more transitions associated with the environment between the session and a previous session. Using the one or more transitions, the authentication entity may determine the duration for the session by increasing or decreasing a previous duration associated with the previous session.

公开(公告)号：US11552823B2

公开(公告)日：2023-01-10

申请号：US16796146

申请日：2020-02-20

Applicant: Cisco Technology, Inc.

Inventor： Pascal Thubert ,  Jean-Philippe Vasseur ,  Patrick Wetterwald ,  Eric Levy-Abegnoli

IPC: H04L12/46 ,  H04L9/40 ,  G06N20/00

Abstract: In one embodiment, a server instructs one or more networking devices in a local area network (LAN) to form a virtual network overlay in the LAN that redirects traffic associated with a particular node in the LAN to the server. The server receives the redirected traffic associated with the particular node. The server trains a machine learning-based behavioral model for the particular node based on the redirected traffic. The server controls whether a particular redirected traffic flow associated with the node in the LAN is sent to a destination of the traffic flow using the trained behavioral model.

公开(公告)号：US11036571B2

公开(公告)日：2021-06-15

申请号：US15825248

申请日：2017-11-29

Applicant: Cisco Technology, Inc.

Inventor： Patrick Wetterwald ,  Pascal Thubert ,  Eric Levy-Abegnoli ,  Jean-Philippe Vasseur

IPC: G06F11/07 ,  H04L29/08 ,  H04B17/309 ,  H04L29/06 ,  G06F9/50 ,  G06F15/16 ,  G06F13/14 ,  H04B17/14 ,  H04L12/24

Abstract: In one embodiment, a supervisory device in a network receives a help request from a first node in the network indicative of a problem in the network detected by the first node. The supervisory device identifies a second node in the network that is hosting a repair walker agent able to address the detected problem. The supervisory device determines a network path via which the second node is to send repair walker agent to the first node. The supervisory device instructs the second node to send the repair walker agent to the first node via the determined path.

公开(公告)号：US20210068137A1

公开(公告)日：2021-03-04

申请号：US16560852

申请日：2019-09-04

Applicant: Cisco Technology, Inc.

Inventor： Pascal Thubert ,  Patrick Wetterwald ,  Eric Levy-Abegnoli

IPC: H04W72/12 ,  H04B7/14 ,  H04B17/318 ,  H04W40/24

Abstract: The aspects ensure redundancy by including at least two access points (APs), in an environment, that are capable of serving at least one station (STA). A first AP functions as a primary AP and a second AP functions as a secondary AP. The primary AP can send a layer 2 (L2) control message, for example, a Target Wait Time (TWT) response, to a STA. The primary AP may then wait for an indication (e.g., an Acknowledgement (ACK) signal) of receipt of the L2 control message. The primary AP can also provide the L2 control message to the secondary AP that covers the same room. In at least some configurations, the L2 control message includes metadata about when the secondary AP is to send the copy of the L2 control message over the air. The secondary AP can then relay the L2 control message to the STA.

公开(公告)号：US10911400B2

公开(公告)日：2021-02-02

申请号：US15156571

申请日：2016-05-17

Applicant: Cisco Technology, Inc.

Inventor： Eric Levy-Abegnoli ,  Patrick Wetterwald ,  Pascal Thubert

IPC: G06F15/16 ,  H04L29/12 ,  H04L29/08 ,  G06F16/951 ,  H04W4/70

Abstract: In one embodiment, a tracking device detects a first device connecting to a computer network, and forces an install of fake routing information on the first device that is unique to the first device. Upon detecting a second device connecting to the computer network, the second device having at least one identifying property in common with the first device and at least one identifying property differing from the first device, the tracking device may then query the second device to determine if the second device knows the fake routing information unique to the first device. As such, the tracking device may then determine that the second device is the first device in response to the second device knowing the fake routing information unique to the first device.

公开(公告)号：US10771531B2

公开(公告)日：2020-09-08

申请号：US15623902

申请日：2017-06-15

Applicant: Cisco Technology, Inc.

Inventor： Eric Levy-Abegnoli ,  Pascal Thubert ,  Patrick Wetterwald ,  Jean-Philippe Vasseur

IPC: H04L29/08 ,  H04L12/721 ,  H04L12/26 ,  H04L12/729 ,  H04L12/771 ,  H04L12/24 ,  H04L12/727 ,  H04W4/70

Abstract: In one embodiment, a device in a network receives a path computation agent configured to determine a path in the network that satisfies an objective function. The device executes the path computation agent to update state information regarding the network maintained by the path computation agent. The device selects a neighbor of the device in the network to execute the path computation agent based on the updated state information regarding the network. The device instructs the selected neighbor to execute the path computation agent with the updated state information regarding the network. The device unloads the path computation agent from the device after selecting the neighbor of the device to execute the path computation agent.

公开(公告)号：US20200244576A1

公开(公告)日：2020-07-30

申请号：US16260820

申请日：2019-01-29

Applicant: Cisco Technology, Inc.

Inventor： Patrick Wetterwald ,  Eric Levy-Abegnoli ,  Pascal Thubert

IPC: H04L12/741 ,  H04L12/721 ,  H04L12/801 ,  H04L12/823 ,  H04L12/865

Abstract: In one embodiment, a particular device along a path in a deterministic network receives a first packet sent from a source towards a destination via the path. The particular device sends the first packet to a next hop device along the path, according to a deterministic schedule associated with the first packet. The particular device determines, after sending the first packet, an action to be performed on the first packet. The particular device then sends a second packet to the next hop device indicative of the determined action. The second packet causes another device along the path to perform the action on the first packet.

公开(公告)号：US10681128B2

公开(公告)日：2020-06-09

申请号：US15291211

申请日：2016-10-12

Applicant: Cisco Technology, Inc.

Inventor： Patrick Wetterwald ,  Eric Levy-Abegnoli ,  Pascal Thubert

IPC: G06F15/16 ,  H04L29/08 ,  H04L29/06 ,  H04W4/70 ,  H04L12/801

Abstract: In one embodiment, a device in a network identifies a node in the network that is not synchronized to a network time synchronization mechanism. The device determines a scheduled reception time for a particular deterministic traffic flow at which the device is to receive the traffic flow from the node. The device sends, prior to the scheduled reception time, a request to the node for the particular deterministic traffic flow. The request identifies the particular deterministic traffic flow and causes the node to send the traffic flow to the device. The device receives the particular deterministic traffic flow from the node at the scheduled reception time.