公开(公告)号：US10237068B2

公开(公告)日：2019-03-19

申请号：US14992109

申请日：2016-01-11

Applicant: Cisco Technology, Inc.

Inventor： Venkata Krishna Sashank Dara ,  Shwetha Subray Bhandari ,  Andrew Yourtchenko ,  Eric Vyncke ,  Frank Brockners

IPC: H04L12/721 ,  H04L9/32 ,  H04L29/06 ,  H04L29/12 ,  H04L12/46 ,  H04L12/24

Abstract: A system and methods are provided for verifying proof of transit of network traffic through a plurality of network nodes in a network. Information is obtained about a packet at a network node in a network. The information may include in-band metadata of the packet. Verification information is read from in-band metadata of the packet. Updated verification information is generated from the verification information read from the packet and based on configuration information associated with the network node. The updated verification information is written back to the in-band metadata in the packet. The packet is forwarded from the network node in the network.

公开(公告)号：US10187209B2

公开(公告)日：2019-01-22

申请号：US14992112

申请日：2016-01-11

Applicant: Cisco Technology, Inc.

Inventor： Venkata Krishna Sashank Dara ,  Shwetha Subray Bhandari ,  Andrew Yourtchenko ,  Eric Vyncke ,  Frank Brockners

IPC: H04L9/32 ,  H04L29/06 ,  H04L29/12 ,  H04L12/46 ,  H04L12/24 ,  H04L12/721

Abstract: A system and methods are provided for verifying proof of transit of network traffic through a plurality of network nodes in a network. In one embodiment, each network node reads a first value and a second value from in-band metadata of packet, and generates, using a cryptographic key that is unique to each respective network node, an encryption result based on the first value. An updated second value is generated based on the second value read from the packet and the encryption result. Each network node writes the updated second value to the in-band metadata of the packet, and forwards the packet in the network. In another embodiment, a secret sharing scheme is employed by each network node computes a portion of verification information using a unique share of a secret and based on the packet specific information.

公开(公告)号：US20180227168A1

公开(公告)日：2018-08-09

申请号：US15949189

申请日：2018-04-10

Applicant: Cisco Technology, Inc.

Inventor： David D. Ward ,  Carlos M. Pignataro ,  Frank Brockners ,  Shwetha Subray Bhandari

IPC: H04L12/24 ,  H04L29/06 ,  H04L12/46 ,  H04L12/54 ,  H04L12/26 ,  H04L12/723 ,  H04L12/70

CPC classification number: H04L41/0631 ,  H04L12/4633 ,  H04L12/4641 ,  H04L12/56 ,  H04L41/04 ,  H04L41/0677 ,  H04L41/0686 ,  H04L43/024 ,  H04L43/04 ,  H04L43/0811 ,  H04L43/0817 ,  H04L43/0829 ,  H04L43/0852 ,  H04L43/087 ,  H04L43/0876 ,  H04L43/10 ,  H04L45/50 ,  H04L69/22 ,  H04L2012/5625

Abstract: Embodiments of the disclosure pertain to activating in-band OAM based on a triggering event. Aspects of the embodiments are directed to receiving a first notification indicating a problem in a network; triggering a data-collection feature on one or more nodes in the network for subsequent packets that traverse the one or more nodes; evaluating a subsequent packet that includes data augmented by the data collection feature; and determining the problem in the network based on the data augmented to the subsequent packet.

公开(公告)号：US09992056B2

公开(公告)日：2018-06-05

申请号：US15148864

申请日：2016-05-06

Applicant: CISCO TECHNOLOGY, INC.

Inventor： David D. Ward ,  Carlos M. Pignataro ,  Frank Brockners ,  Shwetha Subray Bhandari

IPC: H04W4/00 ,  H04L12/24 ,  H04L12/54 ,  H04L29/06 ,  H04L12/26 ,  H04L12/46 ,  H04L12/723 ,  H04L12/70

CPC classification number: H04L41/0631 ,  H04L12/4633 ,  H04L12/4641 ,  H04L12/56 ,  H04L41/04 ,  H04L41/0677 ,  H04L41/0686 ,  H04L43/024 ,  H04L43/04 ,  H04L43/0811 ,  H04L43/0817 ,  H04L43/0829 ,  H04L43/0852 ,  H04L43/087 ,  H04L43/0876 ,  H04L43/10 ,  H04L45/50 ,  H04L69/22 ,  H04L2012/5625

Abstract: Embodiments of the disclosure pertain to activating in-band OAM based on a triggering event. Aspects of the embodiments are directed to receiving a first notification indicating a problem in a network; triggering a data-collection feature on one or more nodes in the network for subsequent packets that traverse the one or more nodes; evaluating a subsequent packet that includes data augmented by the data collection feature; and determining the problem in the network based on the data augmented to the subsequent packet.

公开(公告)号：US20170339072A1

公开(公告)日：2017-11-23

申请号：US15156689

申请日：2016-05-17

Applicant: Cisco Technology, Inc.

Inventor： Carlos M. Pignataro ,  Frank Brockners ,  David Delano Ward

IPC: H04L12/935 ,  H04L12/715 ,  H04L29/08 ,  H04L29/06

CPC classification number: H04L49/3009 ,  H04L45/566 ,  H04L45/586 ,  H04L45/64 ,  H04L67/32 ,  H04L69/22

Abstract: In one embodiment, a particular service chain data packet is received by a particular service node, with the service chain data packet including a header identifying service chain information. The particular service node applies a service to the particular service chain data packet. The particular service node adds service-layer operations data to the particular service chain data packet, with the service-layer operations data related to the current service function or the particular service node. Subsequently, the particular service node sends the particular service chain data packet with the service-layer operations data from the particular service node. In one embodiment, networking operations data is also added to the particular service chain data packet. In one embodiment, an egress service node removes the service-layer (and possibly networking) operations data and forwards to another system, possibly after processing this operations data.

公开(公告)号：US20160315819A1

公开(公告)日：2016-10-27

申请号：US14992114

申请日：2016-01-11

Applicant: Cisco Technology, Inc.

Inventor： Venkata Krishna Sashank Dara ,  Shwetha Subray Bhandari ,  Andrew Yourtchenko ,  Eric Vyncke ,  Frank Brockners

IPC: H04L12/24 ,  H04L29/12 ,  H04L12/46 ,  H04L29/06

CPC classification number: H04L9/32 ,  H04L12/4633 ,  H04L41/0246 ,  H04L41/0853 ,  H04L41/0866 ,  H04L41/28 ,  H04L45/26 ,  H04L61/6059 ,  H04L63/06 ,  H04L63/12 ,  H04L63/1408 ,  H04L69/166 ,  H04L69/22

Abstract: A system and methods are provided herein for verifying proof of transit of traffic through a plurality of network nodes in a network. In one embodiment, a method is provided in which information is obtained about a packet at a network node in a network. The information includes in-band metadata. Verification information is read from the in-band metadata. The verification information for use in verifying a path of the packet in the network. Updated verification information is generated from the verification information read from the packet. The updated verification information is written to the in-band metadata of the packet, and the packet is forwarded from the network node in the network.

Abstract translation: 本文提供的系统和方法用于验证通过网络中的多个网络节点的业务的传输证明。 在一个实施例中，提供了一种方法，其中获得关于网络中网络节点处的分组的信息。 该信息包括带内元数据。 从带内元数据中读取验证信息。 用于验证网络中分组路径的验证信息。 根据从数据包读取的验证信息生成更新的验证信息。 将更新的验证信息写入分组的带内元数据，并且从网络中的网络节点转发分组。

公开(公告)号：US20140169374A1

公开(公告)日：2014-06-19

申请号：US14180379

申请日：2014-02-14

Applicant: CISCO TECHNOLOGY, INC.

Inventor： Srinath Gundavelli ,  Frank Brockners ,  Mark Grayson ,  Kent K. Leung ,  Flemming S. Andreasen

IPC: H04L12/56 ,  H04L29/06

CPC classification number: H04L45/741 ,  H04L12/4633 ,  H04L29/12367 ,  H04L29/12377 ,  H04L61/106 ,  H04L61/2514 ,  H04L61/2517 ,  H04L69/22

Abstract: An example method is provided and includes receiving a packet associated with a flow, determining a tunnel identifier for the flow, and determining a flow identifier for the flow. The method includes associating the flow identifier and the tunnel identifier to an Internet protocol (IP) address to generate a binding to be used for a network address and port translation (NAPT). In other embodiments, a routing decision is executed based on the binding between the identifiers and the IP address. The flow identifier can be a context identifier (CID), and the tunnel identifier can be a softwire tunnel ID. In yet other embodiments, the packet can be tagged as part of an encapsulation operation, which includes providing information about a network location at which the network address and port translation is to be executed.

Abstract translation: 提供了示例性方法，并且包括接收与流相关联的分组，确定流的隧道标识符，以及确定流的流标识符。 该方法包括将流标识符和隧道标识符与因特网协议（IP）地址相关联，以生成用于网络地址和端口转换（NAPT）的绑定。 在其他实施例中，基于标识符和IP地址之间的绑定来执行路由决定。 流标识符可以是上下文标识符（CID），隧道标识符可以是软线隧道ID。 在其他实施例中，分组可以被标记为封装操作的一部分，其包括提供关于将要执行网络地址和端口转换的网络位置的信息。

公开(公告)号：US12301404B2

公开(公告)日：2025-05-13

申请号：US18065221

申请日：2022-12-13

Applicant: Cisco Technology, Inc.

Inventor： Mankamana Mishra Prasad ,  Nitin Kumar ,  Frank Brockners ,  Carlos M. Pignataro ,  Rakesh Gandhi

IPC: H04L45/16 ,  H04L41/0631 ,  H04L43/12

Abstract: A method is performed by a network controller that is configured to control routers configured to forward a multicast flow downstream from a first hop router that is a root of a multicast tree formed by the routers to last hop routers that terminate branches of the multicast tree, respectively. The method includes collecting operational configuration information from the routers and constructing a topological view of the multicast tree based on the operational configuration information; causing the routers to forward multicast probes downstream from the first hop router along all of the branches toward the last hop routers to trace the multicast tree; receiving, from particular ones of the last hop routers that received the multicast probes, indications that the multicast probes were received; and detecting failures in the multicast tree based on the indications and the topological view.

公开(公告)号：US20250055751A1

公开(公告)日：2025-02-13

申请号：US18883589

申请日：2024-09-12

Applicant: Cisco Technology, Inc.

Inventor： Frank Brockners ,  Trevor George Smith ,  Sándor Szilárd Magyari ,  Marco Trinelli ,  Tal Maoz

IPC: H04L41/0654 ,  H04L43/0811 ,  H04L67/10

Abstract: A method for unjoining and rejoining clusters of computing nodes in edge site computing networks to reduce the impact of interruption to connectivity between computing nodes is presented. The method includes accessing a cluster of computing nodes executing on an edge site computing network. The cluster of computing nodes includes a plurality of follower computing nodes and a leader computing node. The method further includes detecting an interruption to connectivity established between the leader computing node and one or more of the plurality of follower computing nodes. In response to detecting the interruption to connectivity, the method includes bifurcating the cluster of computing nodes into a first subcluster of computing nodes and a second subcluster of computing nodes. In response to detecting a restoration of connectivity, the method includes recombining the first subcluster of computing nodes and the second subcluster of computing nodes.

公开(公告)号：US20240372735A1

公开(公告)日：2024-11-07

申请号：US18143470

申请日：2023-05-04

Applicant: Cisco Technology, Inc.

Inventor： Eric Voit ,  Pascal Thubert ,  Frank Brockners

IPC: H04L9/32 ,  G06F9/50

Abstract: Techniques performed by offload computing devices that establish and advertise confidential computing environments for use by other computing devices. The offload computing devices may each be executing an attestable bootloader that creates the confidential computing environments, advertises the available resources to the other computing devices, establish secure encrypted channels with the other devices, and run processes in the confidential computing environments on behalf of the other computing devices. In addition to advertising the availability of computing resources in the confidential environments, the offload computing devices may additionally advertise performance metrics associated with the confidential computing environments. Computing devices may receive the advertisements, and send requests to the offload computing devices to run processes on their behalf in the confidential computing environments.