公开(公告)号：US20220286515A1

公开(公告)日：2022-09-08

申请号：US17826003

申请日：2022-05-26

Applicant: Cisco Technology, Inc.

Inventor： Paul Quinn ,  Kyle Andrew Donald Mestery

IPC: H04L67/141 ,  H04L61/4511

Abstract: Techniques for policy-based connection provisioning using Domain Name System (DNS) requests are described herein. The techniques may include receiving policy data associated with one or more headend nodes that manage connections to computing resources. Additionally, the techniques may include receiving a DNS request from a client device to establish a connection between the client device and a first headend node of the one or more headend nodes. The DNS request may include an attribute associated with the client device. A provisioning service may determine that the connection should be established between the client device and the first headend node based at least in part on evaluating the attribute with respect to the policy data. Additionally, the techniques may include sending an internet protocol (IP) address, which is associated with the first headend node, to the client device to facilitate establishment of the connection.

公开(公告)号：US20220271920A1

公开(公告)日：2022-08-25

申请号：US17324876

申请日：2021-05-19

Applicant: Cisco Technology, Inc.

Inventor： Ian James Wells ,  Kyle Andrew Donald Mestery

IPC: H04L9/08 ,  H04L9/30

Abstract: Techniques for creating consent contracts for devices that indicate whether the devices consent to receiving network-based communications from other devices. Further, the techniques include enforcing the consent contracts such that network-based communications are either allowed or disallowed in the network-communications layer prior to the network communications reaching the devices. Rather than simply allowing a device to communicate with any other device over a network, the techniques described herein include building in consent for network-based communications where the consent is consulted at one or more points in a communication process to make informed decisions about network-based traffic.

公开(公告)号：US20220247819A1

公开(公告)日：2022-08-04

申请号：US17660371

申请日：2022-04-22

Applicant: Cisco Technology, Inc.

Inventor： Dominik Rene Tornow ,  Urmil Vijay Dave ,  Kyle Andrew Donald Mestery ,  Ian Wells

IPC: H04L67/1097

Abstract: Systems, methods, and computer-readable media are provided for reusing execution environments and code of serverless functions while ensuring isolation in serverless computing environments. In some examples, a method can include, in response to a first request to run a serverless function, executing, at an execution environment on a network, computer-readable code configured to perform the serverless function; after the computer-readable code has executed, modifying a pointer to an area of memory used to store a first state of the serverless function to reference a different area of memory; in response to a second request to run the serverless function, reusing, at the execution environment, the computer-readable code to perform the serverless function; and based on the pointer referencing the different area of memory, using the different area of memory to store a second state of the serverless function.

公开(公告)号：US20220191145A1

公开(公告)日：2022-06-16

申请号：US17171604

申请日：2021-02-09

Applicant: Cisco Technology, Inc.

Inventor： Grzegorz Boguslaw Duraj ,  Leonardo Rangel Augusto ,  Kyle Andrew Donald Mestery

IPC: H04L12/851 ,  H04L29/06 ,  H04L12/803 ,  H04L12/801

Abstract: Techniques for load balancing encrypted traffic based on security parameter index (SPI) values of packet headers and sets of 5-tuple values of the packet headers are described herein. Additionally, techniques for including quality of service (QoS)-type information in SPI value fields of packet headers are also described herein. The QoS-type information may indicate a particular traffic class according to which the packet is to be handled. Further, techniques for pre-configuring a backend host such that encrypted traffic may be migrated to the backend host from another backend host without causing temporary service disruptions are also described herein.

公开(公告)号：US20220191141A1

公开(公告)日：2022-06-16

申请号：US17171679

申请日：2021-02-09

Applicant: Cisco Technology, Inc.

Inventor： Grzegorz Boguslaw Duraj ,  Leonardo Rangel Augusto ,  Kyle Andrew Donald Mestery

IPC: H04L12/803 ,  H04L12/851 ,  H04L9/08 ,  H04L12/46

Abstract: Techniques for load balancing encrypted traffic based on security parameter index (SPI) values of packet headers and sets of 5-tuple values of the packet headers are described herein. Additionally, techniques for including quality of service (QoS)-type information in SPI value fields of packet headers are also described herein. The QoS-type information may indicate a particular traffic class according to which the packet is to be handled. Further, techniques for pre-configuring a backend host such that encrypted traffic may be migrated to the backend host from another backend host without causing temporary service disruptions are also described herein.

公开(公告)号：US20220091836A1

公开(公告)日：2022-03-24

申请号：US17028715

申请日：2020-09-22

Applicant: Cisco Technology, Inc.

Inventor： Kyle Andrew Donald Mestery ,  Ian James Wells ,  Grzegorz Boguslaw Duraj

IPC: G06F8/65 ,  H04L29/08

Abstract: This disclosure describes techniques and mechanisms for using a domain-specific language (DSL) to express and compile serverless network functions, and optimizing the deployment location for the serverless network functions on network devices. In some examples, the serverless network functions may be expressed entirely in the DSL (e.g., via a text-based editor, a graphics-based editor, etc.), where the DSL is a computer language specialized to a particular domain, such as a network function domain. In additional examples, the serverless network functions may be expressed and compiled using a DSL in combination with a general-purpose language (GSL). Once the serverless network function have been expressed and/or compiled, the techniques of this disclosure further include determining an optimized network component on which the serverless network function is to execute, and deploying the serverless function to the optimized network component.

公开(公告)号：US11153261B2

公开(公告)日：2021-10-19

申请号：US16749621

申请日：2020-01-22

Applicant: Cisco Technology, Inc.

Inventor： Kyle Andrew Donald Mestery ,  Grzegorz Boguslaw Duraj

IPC: H04L12/24 ,  H04L12/46 ,  H04L29/12 ,  H04L29/06

Abstract: A VM receives a first ARP request from a first instance of a virtualized network function (VNF) associated with a first MAC address. The VM may determine the first MAC address and, based at least in part on the first MAC address, may a second MAC address with which to respond to the first ARP request. The VM may then send, to the first instance of the VNF, a response to the first ARP request specifying the second MAC address. The VM may also receive a second ARP request from a second instance of the VNF associated with a third MAC address. The VM may determine a fourth MAC address with which to respond to the second ARP request, and may thereafter send a response to the second ARP request to the second instance of the VNF, with the response specifying the fourth MAC address.

公开(公告)号：US20210226911A1

公开(公告)日：2021-07-22

申请号：US16749621

申请日：2020-01-22

Applicant: Cisco Technology, Inc.

Inventor： Kyle Andrew Donald Mestery ,  Grzegorz Boguslaw Duraj

IPC: H04L29/12 ,  H04L29/06 ,  H04L12/24

Abstract: A VM receives a first ARP request from a first instance of a virtualized network function (VNF) associated with a first MAC address. The VM may determine the first MAC address and, based at least in part on the first MAC address, may a second MAC address with which to respond to the first ARP request. The VM may then send, to the first instance of the VNF, a response to the first ARP request specifying the second MAC address. The VM may also receive a second ARP request from a second instance of the VNF associated with a third MAC address. The VM may determine a fourth MAC address with which to respond to the second ARP request, and may thereafter send a response to the second ARP request to the second instance of the VNF, with the response specifying the fourth MAC address.

公开(公告)号：US20210218644A1

公开(公告)日：2021-07-15

申请号：US16741162

申请日：2020-01-13

Applicant: Cisco Technology, Inc.

Inventor： Kyle Andrew Donald Mestery ,  Ian Wells

IPC: H04L12/24 ,  G06N20/00 ,  G06N7/00 ,  H04L12/801

Abstract: Systems, methods, computer-readable media are disclosed for influencing serverless function placement across hosts within a network. A method includes receiving a notification from a network component, the notification indicating a performance bottleneck in association with one or more instances of a serverless function being executed at one or more hosts of a network; initiating at least one additional instance of the serverless function in response to the performance bottleneck; and sending a message to the network component identifying the at least one additional instance of the serverless function, the network component directing network traffic based on the message.

公开(公告)号：US20200228439A1

公开(公告)日：2020-07-16

申请号：US16247664

申请日：2019-01-15

Applicant: Cisco Technology, Inc.

Inventor： Kyle Andrew Donald Mestery ,  Ian Wells ,  Gregory Shepherd

IPC: H04L12/761 ,  H04L12/747 ,  H04L12/721 ,  H04L12/707

Abstract: In one embodiment, a local content hub device in a network receives content for distribution to a plurality of nodes in the network. The content is sent to the local content hub via a wide area network (WAN) using bit index explicit replication (BIER) messaging. The local content hub device caches the content and multicasts the cached content to the plurality of nodes in the network. The local content device determines that at least one of the plurality of nodes in the network did not receive the multicast content. The local content device retransmits the content to at least one of the plurality of nodes in the network that did not receive the multicast content.