公开(公告)号：US12149436B2

公开(公告)日：2024-11-19

申请号：US17979640

申请日：2022-11-02

Applicant: Cisco Technology, Inc.

Inventor： David John Zacks ,  Nagendra Kumar Nainar ,  Madhan Sankaranarayanan ,  Jaganbabu Rajamanickam ,  Craig Thomas Hill ,  Cesar Obediente

IPC: H04L45/00 ,  H04L43/50 ,  H04L45/28

Abstract: Technologies for testing resiliency of a data network with real-world accuracy without affecting the flow of production data through the network. A method according to the technologies may include receiving a production data packet and determining a preferred data route toward a destination node for the production data packet based on a first routing information base, wherein the first routing information base includes a database where routes and route metadata are stored according to a routing protocol. The method may also include, receiving a test data packet, and determining an alternate data route toward the destination node for the test data packet based on a second routing information base, wherein the second routing information base simulates an error in the preferred data route. The method may include sending the production data packet to the preferred data route and sending the test data packet to the alternate data route.

公开(公告)号：US12126691B2

公开(公告)日：2024-10-22

申请号：US17747165

申请日：2022-05-18

Applicant: Cisco Technology, Inc.

Inventor： Nagendra Kumar Nainar ,  Carlos M. Pignataro ,  David John Zacks ,  Thomas Szigeti

IPC: H04L67/306 ,  H04L43/0876 ,  H04L67/141

CPC classification number: H04L67/306 ,  H04L43/0876 ,  H04L67/141

Abstract: A connection request is received from a user device associated with a user. The connection request includes an identifier associated with a profile associated with the user, the profile being a static profile or a dynamic profile. An observability profile associated with the user is identified based on the profile when the profile is a static profile and based on a current traffic profile associated with the user device when the profile is a dynamic profile. Measurements associated with a data session are executed for the user device based on the observability profile and one or more configurations are adjusted in a network to improve performance of the data session based on the measurements.

公开(公告)号：US12101219B2

公开(公告)日：2024-09-24

申请号：US18103918

申请日：2023-01-31

Applicant: Cisco Technology, Inc.

Inventor： Pascal Thubert ,  Nagendra Kumar Nainar ,  Carlos M. Pignataro

IPC: H04L12/24 ,  H04L41/0668 ,  H04L41/12 ,  H04L45/28 ,  H04L47/24

CPC classification number: H04L41/0668 ,  H04L41/12 ,  H04L45/28 ,  H04L47/24

Abstract: Techniques for identifying nodes in a data center fabric that are affected by a failure in the fabric, and selectively sending disaggregation advertisements to the nodes affected by the failure. The techniques include a process where a component monitors the network fabric to identify communication paths between leaf nodes, and determines what leaf nodes would be affected by a failure in those communication paths. The component may detect a failure in the network and determine which communication paths, and thus which leaf nodes, are affected by the failure and send disaggregation advertisements to the affected leaf nodes. In some examples, ingress leaf nodes send data through the fabric that indicate egress nodes for the communication paths. Intermediate nodes along may receive the data from the leaf nodes to identify communication paths, and the notify only affected nodes upon detecting a failure in the network.

公开(公告)号：US20240291816A1

公开(公告)日：2024-08-29

申请号：US18174177

申请日：2023-02-24

Applicant: Cisco Technology, Inc.

Inventor： Walter Hulick ,  David John Zacks ,  Thomas Szigeti ,  Nagendra Kumar Nainar

IPC: H04L9/40

CPC classification number: H04L63/0876 ,  H04L63/0245 ,  H04L63/20

Abstract: Provided herein are techniques to facilitate enhanced cloud access security broker (CASB) functionality via in-band application observability in which a CASB can be implemented in-line between the client device and an embedded application security service. In one instance, a method may include, obtaining, by a CASB from a client device, a first message for an application transaction involving an application operating via the client device. The first message can be augmented to include first security metadata and can be forwarded to trigger one or more actions by an embedded application security service associated with the application. The CASB may obtain a second message from the embedded application security service that includes second security metadata, and one or more actions can be triggered at the CASB based, at least in part, on the second security metadata included in the second message.

公开(公告)号：US20240281265A1

公开(公告)日：2024-08-22

申请号：US18650798

申请日：2024-04-30

Applicant: Cisco Technology, Inc.

Inventor： Jaganbabu Rajamanickam ,  Nagendra Kumar Nainar ,  Madhan Sankaranarayanan ,  David John Zacks

IPC: G06F9/445 ,  G06F8/65 ,  H04L45/02

CPC classification number: G06F9/44505 ,  G06F8/65 ,  H04L45/02

Abstract: A network controller deploys a first component and a second component to run concurrently on a network device. The second component is an upgraded version of the first component. The first component receives a first instance of a packet routed to the network device and has a timestamp and a first ID, and the second component receives a second instance of the packet routed to the network device and has the timestamp and a second ID. The network controller receives first functionality data for the first component and second functionality data for the second component from the network device. Based on the first functionality data and the second functionality data, the network controller determines whether to continue operating the first component or the second component on the network device.

公开(公告)号：US12052176B2

公开(公告)日：2024-07-30

申请号：US17495479

申请日：2021-10-06

Applicant: Cisco Technology, Inc.

Inventor： Rajesh Indira Viswambharan ,  Nagendra Kumar Nainar ,  Akram Sheriff ,  Vinay Saini ,  David J. Zacks ,  Carlos M. Pignataro

IPC: H04L12/24 ,  H04L1/00 ,  H04L47/20 ,  H04L47/32

CPC classification number: H04L47/20 ,  H04L1/0078 ,  H04L47/32

Abstract: Techniques for policy-based failure handling of data that is received for processing by failed edge services are described herein. The techniques may include receiving, at an edge node of a network, a data handling policy for a service hosted on the edge node. The service may be configured to process traffic on behalf of an application hosted by a cloud-based platform. In some examples, the data handling policy may be stored in a memory that is accessible to the edge node. The techniques may also include receiving traffic at the edge node that is to be processed at least partially by the service. At least partially responsive to detecting an error associated with the service, the edge node may cause the traffic to be handled according to the data handling policy while the service is experiencing the error.

公开(公告)号：US20240205131A1

公开(公告)日：2024-06-20

申请号：US18504840

申请日：2023-11-08

Applicant: Cisco Technology, Inc.

Inventor： Jaganbabu Rajamanickam ,  Madhan Sankaranarayanan ,  Nagendra Kumar Nainar ,  Rakesh Gandhi

IPC: H04L45/02 ,  H04L45/00 ,  H04L45/28

CPC classification number: H04L45/02 ,  H04L45/20 ,  H04L45/28

Abstract: In one aspect, a method for monitoring a Fast Re-Route (FRR) path between a source node (Node-S) and a destination node (Node-E) in a network, includes generating a discovery-probe at the source node (Node-S) to detect at least one node with an FRR indicator along the FRR path that includes a plurality of next available nodes. The method also includes upon the discovery probe reaching a first node with the FRR indicator, generating a primary probe configured to detect a primary path and a repair probe configured to detect a repair path. The method also includes in response to receiving the primary probe via the primary path and the repair probe via the repair path at the destination node, sending the primary probe and the repair probe back to the source node to monitor the FRR path between the source node and the destination node.

公开(公告)号：US11966413B2

公开(公告)日：2024-04-23

申请号：US16811806

申请日：2020-03-06

Applicant: Cisco Technology, Inc.

Inventor： Hugo Latapie ,  Enzo Fenoglio ,  Carlos M. Pignataro ,  Nagendra Kumar Nainar ,  David Delano Ward

IPC: G06F16/27 ,  G06F18/00 ,  G06N5/022 ,  G06N5/043 ,  G06N5/048 ,  G06N20/00

CPC classification number: G06F16/27 ,  G06F18/00 ,  G06N5/022 ,  G06N5/043 ,  G06N5/048 ,  G06N20/00

Abstract: In one embodiment, a first deep fusion reasoning engine (DFRE) agent in a network receives first sensor data from a first set of one or more sensors in the network. The first DFRE agent translates the first sensor data into symbolic data. The first DFRE agent applies, using a symbolic knowledge base maintained by the first DFRE agent, symbolic reasoning to the symbolic data to make an inference regarding the first sensor data. The first DFRE agent updates, based on the inference regarding the first sensor data, the knowledge base. The first DFRE agent propagates the inference to one or more other DFRE agents in the network.

公开(公告)号：US11909641B2

公开(公告)日：2024-02-20

申请号：US18148245

申请日：2022-12-29

Applicant: Cisco Technology, Inc.

Inventor： Nagendra Kumar Nainar ,  Carlos M. Pignataro ,  Zafar Ali ,  Syed Kamran Raza

IPC: H04L45/74 ,  H04L45/745 ,  H04L43/12

CPC classification number: H04L45/745 ,  H04L43/12

Abstract: The present disclosure includes methods, systems, and non-transitory computer-readable media for validating data in a data structure used for forwarding packets by a network device comprising sending a data packet probe identifying a destination and including a segment ID, wherein the segment ID maps to a first interpretation by a receiving router to perform an action on the data packet probe to rewrite a portion of a destination address in a header of the data packet probe, and to redirect the data packet probe to the network device that initiated the data packet probe.

公开(公告)号：US20240014923A1

公开(公告)日：2024-01-11

申请号：US18321854

申请日：2023-05-23

Applicant: Cisco Technology, Inc.

Inventor： Mankamana Prasad Mishra ,  Nagendra Kumar Nainar ,  Carlos M. Pignataro ,  IJsbrand Wijnands

IPC: H04L45/00 ,  H04L45/745

CPC classification number: H04L45/566 ,  H04L45/745

Abstract: The present disclosure is directed to BIER forwarding over varying BSL domains, the methods including the steps of receiving, at a border node, a packet comprising a BIER header having a BIER bit string with a first bit string length; reading an incoming label of the packet comprising instructions to split the BIER header into a plurality of smaller headers associated with a plurality of smaller bit strings; generating a set of split bit masks; performing a separate bitwise AND operation on each split bit mask and the BIER bit string to generate the plurality of smaller bit strings, each copied to a corresponding smaller header of the plurality of smaller headers; and performing a lookup for each of the plurality of smaller headers on a respective forwarding table to determine one or more egress routers to which to transmit the packet.