公开(公告)号：US20160277188A1

公开(公告)日：2016-09-22

申请号：US14726534

申请日：2015-05-31

Applicant: Cisco Technology, Inc.

Inventor： Paul QUINN ,  Scott FLUHRER ,  Jim GUICHARD ,  Tirumaleswar REDDY ,  Prashanth PATIL ,  David WARD

IPC: H04L9/32 ,  H04L29/06

CPC classification number: H04L9/3213 ,  H04L9/0861 ,  H04L9/3242 ,  H04L63/0428 ,  H04L63/06 ,  H04L63/062 ,  H04L2463/062

Abstract: In one embodiment, a network service packet header security method includes receiving a network service packet, analyzing the network service packet in order to identify a plurality of service functions and an associated service function path for the service functions, identifying which security function or functions may be performed by each of the service functions on a network service packet header to be generated for the network service packet, requesting at least one key for securing at least part of the network service packet header, receiving the at least one key, securing the network service packet header based on the at least one key, and sending the network service packet with the network service packet header to one of the service functions. Related apparatus and methods are also described.

Abstract translation: 在一个实施例中，网络服务分组报头安全方法包括接收网络服务分组，分析网络服务分组以识别服务功能的多个服务功能和相关联的服务功能路径，识别哪些安全功能或功能可以 由网络服务分组头部上的每个服务功能执行，为网络服务分组生成，请求至少一个密钥用于保护网络服务分组报头的至少一部分，接收至少一个密钥，保护网络 基于所述至少一个密钥的服务分组报头，并且将具有所述网络服务分组报头的所述网络服务分组发送到所述服务功能之一。 还描述了相关装置和方法。

公开(公告)号：US20140280834A1

公开(公告)日：2014-09-18

申请号：US13842774

申请日：2013-03-15

Applicant: CISCO TECHNOLOGY, INC

Inventor： Jan MEDVED ,  Andrew MCLACHLAN ,  David WARD ,  David MEYER

IPC: H04L12/70

CPC classification number: H04L47/122 ,  H04L41/0609 ,  H04L41/0686 ,  H04L43/08 ,  H04L43/16

Abstract: A network node may contain a virtual software-defined networking (SDN) switch and a local a management engine (e.g., a software application) for generating performance metrics based on received management plane traffic. Specifically, the virtual SDN switch may identify and forward received management plane traffic to the local management engine. In turn, the management engine evaluates the management plane traffic to generate performance metrics without forwarding the management plane packets to the remote SDN controller. The management engine may compare the metrics to one or more thresholds to determine the current state or health of the data paths in a network. If a threshold is exceeded, the management engine may transmit an alert to the virtual SDN switch to perform a corrective action—e.g., using a backup data path after the primary data path fails.

Abstract translation: 网络节点可以包含虚拟软件定义网络（SDN）交换机和本地管理引擎（例如，软件应用程序），用于基于接收到的管理平面业务来生成性能度量。 具体地说，虚拟SDN交换机可以识别并转发接收到的管理平面流量到本地管理引擎。 反过来，管理引擎评估管理平面流量以生成性能度量，而不将管理平面数据包转发到远程SDN控制器。 管理引擎可以将度量与一个或多个阈值进行比较，以确定网络中数据路径的当前状态或运行状况。 如果超过阈值，则管理引擎可以向虚拟SDN交换机发送警报以执行纠正措施，例如在主数据路径发生故障之后使用备份数据路径。

公开(公告)号：US20140280338A1

公开(公告)日：2014-09-18

申请号：US13830062

申请日：2013-03-14

Applicant: CISCO TECHNOLOGY, INC.

Inventor： Chris METZ ,  Saileshwar KRISHNAMURTHY ,  Rex FERNANDO ,  Jisu BHATTACHARYA ,  David WARD

IPC: G06F17/30

CPC classification number: H04L41/14 ,  H04L41/0853

Abstract: In an embodiment, a method comprises receiving, at an analytics engine, from a separate analytics application, an analytics query for data that is potentially available in data streams of networked computing devices; sending, to a distributed network analytics controller, sub-queries based on the analytics query; determining distributed network analytics agents capable of executing each of the sub-queries; sending instructions to the agents to initiate the sub-queries for the data at specified locations; initiating execution of the sub-queries on data streams that are locally available at one of the networked computing devices at which the agents are running; forming summarized data streams and zero or more raw data streams at the networked computing devices having the analytics agents; sending the summarized data streams and the zero or more raw data streams to the analytics engine; wherein the method is performed by computing device(s).

Abstract translation: 在一个实施例中，一种方法包括在分析引擎处从独立的分析应用程序接收对于在网络计算设备的数据流中潜在可用的数据的分析查询; 向分布式网络分析控制器发送基于分析查询的子查询; 确定能够执行每个子查询的分布式网络分析代理; 向代理发送指令以在指定位置发起数据的子查询; 启动在代理正在运行的联网计算设备之一本地可用的数据流上的子查询的执行; 在具有分析代理的联网计算设备上形成汇总数据流和零个或多个原始数据流; 将归一化数据流和零个或多个原始数据流发送到分析引擎; 其中所述方法由计算设备执行。

公开(公告)号：US20170237562A1

公开(公告)日：2017-08-17

申请号：US15442722

申请日：2017-02-27

Applicant: Cisco Technology, Inc.

Inventor： Paul QUINN ,  Scott FLUHRER ,  Jim GUICHARD ,  Tirumaleswar REDDY ,  Prashanth PATIL ,  David WARD

IPC: H04L9/32 ,  H04L9/08 ,  H04L29/06

CPC classification number: H04L9/3213 ,  H04L9/0861 ,  H04L9/3242 ,  H04L63/0428 ,  H04L63/06 ,  H04L63/062 ,  H04L2463/062

Abstract: A network service packet (NSP) header security method includes receiving an NSP on a communication interface, analyzing, by a processor, the NSP in order to identify a plurality of service functions and an associated service function path for the plurality of service functions, identifying, by the processor, which security function or functions may be performed by each of the plurality of service functions on an NSP header to be generated for the NSP, requesting, by the processor, at least one key for securing at least part of the NSP header, receiving the at least one key on the communication interface, generating, by the processor, the NSP header for the NSP, securing, by the processor, the NSP header based on the at least one key, and sending, on the communication interface, the NSP with the NSP header to one of the plurality of service functions.