公开(公告)号：US20240106755A1

公开(公告)日：2024-03-28

申请号：US18535935

申请日：2023-12-11

Applicant: Cisco Technology, Inc.

Inventor： Leonardo Rangel Augusto ,  Grzegorz Boguslaw Duraj ,  Kyle Andrew Donald Mestery

IPC: H04L47/125

CPC classification number: H04L47/125

Abstract: Techniques for dynamically load balancing traffic based on predicted and actual load capacities of data nodes are described herein. The techniques may include determining a predicted capacity of a data node of a network during a period of time. The data node may be associated with a first traffic class. The techniques may also include determining an actual capacity of the data node during the period of time, as well as determining that a difference between the actual capacity and the predicted capacity is greater than a threshold difference. Based at least in part on the difference, a number of data flows sent to the data node may be either increased or decreased. Additionally, or alternatively, a data flow associated with a second traffic class may be redirected to the data node during the period of time to be handled according to the first traffic class.

公开(公告)号：US11888808B2

公开(公告)日：2024-01-30

申请号：US17503011

申请日：2021-10-15

Applicant: Cisco Technology, Inc.

Inventor： Kyle Andrew Donald Mestery ,  Grzegorz Boguslaw Duraj

IPC: H04L12/24 ,  H04L12/46 ,  H04L29/06 ,  H04L29/12 ,  H04L61/103 ,  H04L41/0893 ,  H04L69/22 ,  H04L101/622

CPC classification number: H04L61/103 ,  H04L41/0893 ,  H04L69/22 ,  H04L2101/622

Abstract: A system receives a first request from a first instance of a network function associated with a first address. The system may determine the first address and, based at least in part on the first address, may identify a second address with which to respond to the first request. The system may then send, to the first instance of the network function, a response to the first request specifying the second address. The system may also receive a second request from a second instance of the network function associated with a third address. The system may determine a fourth address with which to respond to the second request, and may thereafter send a response to the second request to the second instance of the network function, with the response specifying the fourth address.

公开(公告)号：US11863453B2

公开(公告)日：2024-01-02

申请号：US17335401

申请日：2021-06-01

Applicant: Cisco Technology, Inc.

Inventor： Leonardo Rangel Augusto ,  Grzegorz Boguslaw Duraj ,  Kyle Andrew Donald Mestery

IPC: G06F15/16 ,  H04L47/125

CPC classification number: H04L47/125

Abstract: Techniques for dynamically load balancing traffic based on predicted and actual load capacities of data nodes are described herein. The techniques may include determining a predicted capacity of a data node of a network during a period of time. The data node may be associated with a first traffic class. The techniques may also include determining an actual capacity of the data node during the period of time, as well as determining that a difference between the actual capacity and the predicted capacity is greater than a threshold difference. Based at least in part on the difference, a number of data flows sent to the data node may be either increased or decreased. Additionally, or alternatively, a data flow associated with a second traffic class may be redirected to the data node during the period of time to be handled according to the first traffic class.

公开(公告)号：US20230291813A1

公开(公告)日：2023-09-14

申请号：US18198124

申请日：2023-05-16

Applicant: Cisco Technology, Inc.

Inventor： Vincent E. Parla ,  Kyle Andrew Donald Mestery

IPC: H04L67/63 ,  H04L67/1001 ,  H04L45/74 ,  H04L47/2475

CPC classification number: H04L67/63 ,  H04L67/1001 ,  H04L45/74 ,  H04L47/2475

Abstract: Techniques for using computer networking protocol extensions to route control-plane traffic and data-plane traffic associated with a common application are described herein. For instance, a traffic flow associated with an application may be established such that control-plane traffic is sent to a control-plane node associated with the application and data-plane traffic is sent to a data-plane node associated with the application. When a client device sends an authentication request to connect to the application, the control-plane node may send an indication of a hostname to be used by the client device to send data-plane traffic to the data-node. As such, when a packet including the hostname corresponding with the data-plane node is received, the packet may be forwarded to the data-plane node.

公开(公告)号：US20230269275A1

公开(公告)日：2023-08-24

申请号：US17678560

申请日：2022-02-23

Applicant: Cisco Technology, Inc.

Inventor： Kyle Andrew Donald Mestery ,  Vincent E. Parla

IPC: H04L9/40

CPC classification number: H04L63/205 ,  H04L63/0272 ,  H04L63/0254

Abstract: Techniques for binding communication flows to unique addresses and/or ports, and configuring networking devices internal to a network to apply policy without the need to further introspect a given stream. Further, by creating mappings of unique addresses and/or ports to flows, the network devices are able to enforce policy without needing to coordinate with an edge node of the network at which the communication session terminates. Further, the techniques may include providing an SDN controller with a mapping between a unique address/port and a network flow, determining flow-specific policy to enforce on the flow, and programming one or more network devices to enforce the flow-specific policy in the network using the unique address/port.

公开(公告)号：US20230224248A1

公开(公告)日：2023-07-13

申请号：US17572320

申请日：2022-01-10

Applicant: Cisco Technology, Inc.

Inventor： Kyle Andrew Donald Mestery ,  Vincent E. Parla ,  Ian James Wells

IPC: H04L45/74 ,  H04L69/165

CPC classification number: H04L45/74 ,  H04L69/165

Abstract: Techniques for NAT-based steering of traffic in cloud-based networks. The techniques may include establishing, by a frontend node of a network, a connection with a client device. The frontend node may receive, via the connection, a packet including an indication of an identity of a service hosted on a backend node of the network. Based at least in part on the indication, the frontend node may establish a second connection with the backend node. Additionally, the frontend node may store a mapping indicating that packets received from the client device are to be sent to the backend node. The techniques may also include receiving another packet at the frontend node or another frontend node of the network. Based at least in part on the mapping, the frontend node or other frontend node may alter one or more network addresses of the other packet and forward it to the backend node.

公开(公告)号：US11652872B1

公开(公告)日：2023-05-16

申请号：US17679800

申请日：2022-02-24

Applicant: Cisco Technology, Inc.

Inventor： Vincent E. Parla ,  Kyle Andrew Donald Mestery

IPC: H04L67/101 ,  H04L67/1008 ,  H04L9/40

CPC classification number: H04L67/101 ,  H04L63/0272 ,  H04L63/0281 ,  H04L63/1416 ,  H04L63/20 ,  H04L67/1008

Abstract: Techniques for operationalizing workloads at edge network nodes, while maintaining centralized intent and policy controls. The techniques may include storing, in a cloud-computing network, a workload image that includes a function capability. The techniques may also include receiving, at the cloud-computing network, a networking policy associated with an enterprise network. Based at least in part on the networking policy, a determination may be made at the cloud-computing network that the function capability is to be operationalized on an edge device of the enterprise network. The techniques may also include sending the workload image to the edge device to be installed on the edge device to operationalize the function capability. In some examples, the function capability may be a security function capability (e.g., proxy, firewall, etc.), a routing function capability (e.g., network address translation, load balancing, etc.), or any other function capability.

公开(公告)号：US11632431B2

公开(公告)日：2023-04-18

申请号：US17826003

申请日：2022-05-26

Applicant: Cisco Technology, Inc.

Inventor： Paul Quinn ,  Kyle Andrew Donald Mestery

IPC: H04L67/141 ,  H04L61/4511

Abstract: Techniques for policy-based connection provisioning using Domain Name System (DNS) requests are described herein. The techniques may include receiving policy data associated with one or more headend nodes that manage connections to computing resources. Additionally, the techniques may include receiving a DNS request from a client device to establish a connection between the client device and a first headend node of the one or more headend nodes. The DNS request may include an attribute associated with the client device. A provisioning service may determine that the connection should be established between the client device and the first headend node based at least in part on evaluating the attribute with respect to the policy data. Additionally, the techniques may include sending an internet protocol (IP) address, which is associated with the first headend node, to the client device to facilitate establishment of the connection.

公开(公告)号：US11558462B2

公开(公告)日：2023-01-17

申请号：US17660371

申请日：2022-04-22

Applicant: Cisco Technology, Inc.

Inventor： Dominik Rene Tornow ,  Urmil Vijay Dave ,  Kyle Andrew Donald Mestery ,  Ian Wells

IPC: H04L67/1097

Abstract: Systems, methods, and computer-readable media are provided for reusing execution environments and code of serverless functions while ensuring isolation in serverless computing environments. In some examples, a method can include, in response to a first request to run a serverless function, executing, at an execution environment on a network, computer-readable code configured to perform the serverless function; after the computer-readable code has executed, modifying a pointer to an area of memory used to store a first state of the serverless function to reference a different area of memory; in response to a second request to run the serverless function, reusing, at the execution environment, the computer-readable code to perform the serverless function; and based on the pointer referencing the different area of memory, using the different area of memory to store a second state of the serverless function.

公开(公告)号：US11463277B2

公开(公告)日：2022-10-04

申请号：US16842362

申请日：2020-04-07

Applicant: Cisco Technology, Inc.

Inventor： Kyle Andrew Donald Mestery ,  Grzegorz Boguslaw Duraj

IPC: H04L12/46 ,  H04L41/12 ,  H04L9/40

Abstract: Techniques for detecting inactive peers of a tunneled communication session, while allowing for a scalable tunneled protocol that includes split control plane nodes and data plane nodes are described herein. A method according to a technique described herein may include establishing a communication session between a first node and a second node in a network such that control plane traffic of the communication session flows through one or more control nodes and data plane traffic of the communication session flows through one or more data nodes different than the one or more control nodes. The method may also include receiving, at a control node, an indication from a data node that a probe message is to be generated. The probe message may be configured to determine data plane connectivity in the communication session. Additionally, the control node may generate the probe message and send it to the first node.