公开(公告)号：US10050870B2

公开(公告)日：2018-08-14

申请号：US15013027

申请日：2016-02-02

Applicant: Cisco Technology, Inc.

Inventor： K. Tirumaleswar Reddy ,  Prashanth Patil ,  Daniel G. Wing ,  James Neil Guichard

IPC: H04L12/707 ,  H04L12/741 ,  H04L12/851 ,  H04L12/801

Abstract: A service classifier network device receives a subflow and identifies that the subflow is one of at least two subflows in a multipath data flow. Related data packets are sent from a source node to a destination node in the multipath data flow. The service classifier generates a multipath flow identifier and encapsulates the subflow with a header to produce an encapsulated first subflow. The header identifies a service function path and includes metadata with the multipath flow identifier.

公开(公告)号：US20180205734A1

公开(公告)日：2018-07-19

申请号：US15408616

申请日：2017-01-18

Applicant: Cisco Technology, Inc.

Inventor： Daniel G. Wing ,  K. Tirumaleswar Reddy ,  Prashanth Patil

IPC: H04L29/06 ,  H04L29/12 ,  H04L29/08

CPC classification number: H04L63/0236 ,  H04L61/1511 ,  H04L63/101 ,  H04L63/168 ,  H04L63/20 ,  H04L67/02 ,  H04L67/10 ,  H04L67/42 ,  H04L2463/121

Abstract: In one embodiment, a browser operating on a host device receives, from a user, a request to access a web server that includes a Uniform Resource Locator (URL) associated with the web server. In response, the browser sends, to a Domain Name System (DNS) server, a request for an Internet Protocol (IP) address correlated with the domain hosting the URL, and receives, from the DNS server, a response that comprises a block policy IP address and an appropriate error code. Based on this IP address and the error code indicated in the response, the browser renders an access denied page indicating that access to the web server associated with the URL is not permitted, wherein at least a portion of the access denied page is stored in memory accessible to the browser prior to sending the request for the IP address correlated with the domain that is hosting the URL.

公开(公告)号：US20180205643A1

公开(公告)日：2018-07-19

申请号：US15922253

申请日：2018-03-15

Applicant: Cisco Technology, Inc.

Inventor： Prashanth Patil ,  K. Tirumaleswar Reddy ,  Gonzalo Salgueiro ,  James N. Guichard ,  Carlos M. Pignataro

IPC: H04L12/721

CPC classification number: H04L45/566 ,  H04L45/302

Abstract: In one embodiment, a service function classifier device determines a classification of a packet using one or more packet classification rules. The device selects a service function path based on the classification of the packet. The device determines one or more traffic flow characteristics based on the classification of the packet. The device generates a service function chaining (SFC) header that identifies the selected service function path and the determined one or more traffic flow characteristics. The SFC header is configured to cause a device along the service function path to forward the encapsulated packet based on the identified service function path and the determined one or more traffic flow characteristics. The device sends the packet along the selected service function path as an encapsulated packet that includes the generated SFC header.

公开(公告)号：US09985906B2

公开(公告)日：2018-05-29

申请号：US15283554

申请日：2016-10-03

Applicant: Cisco Technology, Inc.

Inventor： K. Tirumaleswar Reddy ,  Prashanth Patil ,  Daniel G. Wing

IPC: H04L12/927 ,  H04W72/04 ,  H04W24/08 ,  H04W72/08 ,  H04W84/12 ,  H04W84/04

CPC classification number: H04W24/08 ,  H04W28/26 ,  H04W72/1226 ,  H04W84/042 ,  H04W84/12

Abstract: In one embodiment, a device in an access network receives network condition data regarding the access network and requested flow characteristic data. The requested flow characteristic data is indicative of one or more flow characteristics requested by one or more subscribers for different periods of time. The device trains a machine learning-based classifier using the network condition data and the request flow characteristic data and receives a particular flow characteristic request from a particular subscriber node. The particular request indicates one or more requested flow characteristics for a specified time period. The device determines a probability of the access network being able to accommodate the particular flow characteristic request by classifying the particular flow characteristic request using the trained classifier. The device sends a flow characteristic response to the node of the particular subscriber node based on the determined probability.

公开(公告)号：US20180097740A1

公开(公告)日：2018-04-05

申请号：US15283554

申请日：2016-10-03

Applicant: Cisco Technology, Inc.

Inventor： K. Tirumaleswar Reddy ,  Prashanth Patil ,  Daniel G. Wing

IPC: H04L12/927 ,  H04W72/04 ,  H04W24/08 ,  H04W72/08

CPC classification number: H04W24/08 ,  H04W28/26 ,  H04W72/1226 ,  H04W84/042 ,  H04W84/12

Abstract: In one embodiment, a device in an access network receives network condition data regarding the access network and requested flow characteristic data. The requested flow characteristic data is indicative of one or more flow characteristics requested by one or more subscribers for different periods of time. The device trains a machine learning-based classifier using the network condition data and the request flow characteristic data and receives a particular flow characteristic request from a particular subscriber node. The particular request indicates one or more requested flow characteristics for a specified time period. The device determines a probability of the access network being able to accommodate the particular flow characteristic request by classifying the particular flow characteristic request using the trained classifier. The device sends a flow characteristic response to the node of the particular subscriber node based on the determined probability.

公开(公告)号：US09912480B2

公开(公告)日：2018-03-06

申请号：US15442722

申请日：2017-02-27

Applicant: Cisco Technology, Inc.

Inventor： Paul Quinn ,  Scott Fluhrer ,  Jim Guichard ,  Tirumaleswar Reddy ,  Prashanth Patil ,  David Ward

IPC: H04L12/24 ,  H04L9/32 ,  H04L29/06 ,  H04L9/08 ,  G06F9/445

CPC classification number: H04L9/3213 ,  H04L9/0861 ,  H04L9/3242 ,  H04L63/0428 ,  H04L63/06 ,  H04L63/062 ,  H04L2463/062

Abstract: A network service packet (NSP) header security method includes receiving an NSP on a communication interface, analyzing, by a processor, the NSP in order to identify a plurality of service functions and an associated service function path for the plurality of service functions, identifying, by the processor, which security function or functions may be performed by each of the plurality of service functions on an NSP header to be generated for the NSP, requesting, by the processor, at least one key for securing at least part of the NSP header, receiving the at least one key on the communication interface, generating, by the processor, the NSP header for the NSP, securing, by the processor, the NSP header based on the at least one key, and sending, on the communication interface, the NSP with the NSP header to one of the plurality of service functions.

公开(公告)号：US20170374090A1

公开(公告)日：2017-12-28

申请号：US15191152

申请日：2016-06-23

Applicant: Cisco Technology, Inc.

Inventor： David McGrew ,  Blake Harrell Anderson ,  K. Tirumaleswar Reddy ,  Prashanth Patil ,  Daniel G. Wing

IPC: H04L29/06 ,  H04L12/833 ,  H04L12/851 ,  H04L12/46 ,  H04L29/08 ,  G06N99/00

CPC classification number: H04L63/1425 ,  G06N99/005 ,  H04L12/4641 ,  H04L41/16 ,  H04L43/026 ,  H04L43/04 ,  H04L47/2483 ,  H04L47/31 ,  H04L63/145 ,  H04L63/1458

Abstract: In one embodiment, a device in a network receives traffic data regarding one or more traffic flows in the network. The device applies a machine learning classifier to the traffic data. The device determines a priority for the traffic data based in part on an output of the machine learning classifier. The output of the machine learning classifier comprises a probability of the traffic data belonging to a particular class. The device stores the traffic data for a period of time that is a function of the determined priority for the traffic data.

公开(公告)号：US20170257310A1

公开(公告)日：2017-09-07

申请号：US15058259

申请日：2016-03-02

Applicant: Cisco Technology, Inc.

Inventor： Prashanth Patil ,  K Tirumaleswar Reddy ,  Steven Richard Stites ,  James N. Guichard

IPC: H04L12/725 ,  H04L12/46 ,  H04L29/08

CPC classification number: H04L45/306 ,  H04L12/4633 ,  H04L45/64 ,  H04L47/115 ,  H04L47/31

Abstract: At a service function node configured to perform at least one service function on a data flow that follows a service function path, degradation in performing the service function is detected. The service function node generates a status indicator for the degradation in performing the service function and inserts the status indicator into a peer detection packet. The peer detection packet encapsulates an inner packet with a header that indicates the service function path. The service function node forwards the peer detection packet to a neighboring service function node along the service function path.

公开(公告)号：US20170222998A1

公开(公告)日：2017-08-03

申请号：US15014724

申请日：2016-02-03

Applicant: Cisco Technology, Inc.

Inventor： Steven Stites ,  Prashanth Patil

IPC: H04L29/06 ,  H04W12/06 ,  H04L29/08

CPC classification number: H04L63/08 ,  H04L63/0884 ,  H04L63/126 ,  H04L63/162 ,  H04L63/164 ,  H04L67/02 ,  H04L67/141 ,  H04L69/22 ,  H04W12/06

Abstract: In one embodiment, a system, method, and computer program product are disclosed for authenticating a packet received from a client node, storing the results of the authentication in a cache memory of a service classifier node, and including the results of the authentication in a network service header of a packet before forwarding the packet to downstream service nodes. In one embodiment, the initial authentication is performed in conjunction with an authentication node.

公开(公告)号：US09621520B2

公开(公告)日：2017-04-11

申请号：US14726534

申请日：2015-05-31

Applicant: Cisco Technology, Inc.

Inventor： Paul Quinn ,  Scott Fluhrer ,  Jim Guichard ,  Tirumaleswar Reddy ,  Prashanth Patil ,  David Ward

IPC: H04L9/08 ,  H04L29/06 ,  H04L9/32 ,  H04L12/953

CPC classification number: H04L9/3213 ,  H04L9/0861 ,  H04L9/3242 ,  H04L63/0428 ,  H04L63/06 ,  H04L63/062 ,  H04L2463/062

Abstract: A network service packet (NSP) header security method includes receiving an NSP on a communication interface, analyzing, by a processor, the NSP in order to identify a plurality of service functions and an associated service function path for the plurality of service functions, identifying, by the processor, which security function or functions may be performed by each of the plurality of service functions on an NSP header to he generated for the NSP, requesting, by the processor, at least one key for securing at least part of the NSP header, receiving the at least one key on the communication interface, generating, by the processor, the NSP header for the NSP, securing, by the processor, the NSP header based on the at least one key, and sending, on the communication interface, the NSP with the NSP header to one of the plurality of service functions.