公开(公告)号：US20240080309A1

公开(公告)日：2024-03-07

申请号：US18508743

申请日：2023-11-14

Applicant: Cisco Technology, Inc.

Inventor： Govind Prasad Sharma ,  Javed Asghar ,  Prabhu Balakannan ,  Sridhar Vallepalli

IPC: H04L9/40 ,  H04L9/08 ,  H04L12/46 ,  H04L69/14 ,  H04L69/22

CPC classification number: H04L63/062 ,  H04L9/0891 ,  H04L12/4641 ,  H04L63/0428 ,  H04L63/166 ,  H04L69/14 ,  H04L69/22

Abstract: A Software-Defined Networking (SDN)-based “upstream” approach is a controller-based solution that provides secure key distribution and management for multi-site data centers. The approach uses an SDN Multi-Site Controller (MSC) that acts as an intermediary between SDN controllers at sites in a multi-site data center and manages the distribution of keys to sites. The approach is not dependent upon any particular routing protocol, such as the Border Gateway Protocol (BGP), and is well suited for multicast stream encryption by allowing the same key to be used for all replicated packets sent to downstream sites from an upstream source site. The approach distributes keys in a secure manner, ensures that data transferred between sites is done in a secure manner, and supports re-keying with error handling.

公开(公告)号：US20240314114A1

公开(公告)日：2024-09-19

申请号：US18673183

申请日：2024-05-23

Applicant: Cisco Technology, Inc.

Inventor： Govind Prasad Sharma ,  Javed Asghar ,  Prabhu Balakannan ,  Sridhar Vallepalli

IPC: H04L9/40 ,  H04L9/08 ,  H04L12/46 ,  H04L69/14 ,  H04L69/22

CPC classification number: H04L63/062 ,  H04L9/0891 ,  H04L12/4641 ,  H04L63/0428 ,  H04L63/166 ,  H04L69/14 ,  H04L69/22

Abstract: A Software-Defined Networking (SDN)-based “upstream” approach is a controller-based solution that provides secure key distribution and management for multi-site data centers. The approach uses an SDN Multi-Site Controller (MSC) that acts as an intermediary between SDN controllers at sites in a multi-site data center and manages the distribution of keys to sites. The approach is not dependent upon any particular routing protocol, such as the Border Gateway Protocol (BGP), and is well suited for multicast stream encryption by allowing the same key to be used for all replicated packets sent to downstream sites from an upstream source site. The approach distributes keys in a secure manner, ensures that data transferred between sites is done in a secure manner, and supports re-keying with error handling.

公开(公告)号：US11201859B2

公开(公告)日：2021-12-14

申请号：US16163453

申请日：2018-10-17

Applicant: Cisco Technology, Inc.

Inventor： Javed Asghar ,  Sridhar Vallepalli ,  Govind Prasad Sharma ,  Eshwar Rao Yedavalli

IPC: H04L29/06 ,  H04L9/08 ,  H04L9/14

Abstract: A method and apparatus for providing tenant specific encryption is described herein. According to an embodiment, a transmission site receives a data packet for transmission or forwarding. The transmission site determines, based on information in a header of the data packet, that the data packet is to be encrypted before transmission or forwarding. Using the information in the header, the transmission site identifies an encryption key for the data packet. The transmission site generates, for the data packet, an additional header and populates the additional header with a destination port number based on a destination port header value of the data packet. The transmission site overwrites the destination port header value of the packet with data indicating that the data packet is encrypted and then encrypts an encapsulated packet within the data packet using the encryption key prior to transmitting or forwarding the data packet. Upon receipt, the destination port header is used by the receiving site to determine that the packet is encrypted.

公开(公告)号：US12199963B2

公开(公告)日：2025-01-14

申请号：US18508743

申请日：2023-11-14

Applicant: Cisco Technology, Inc.

Inventor： Govind Prasad Sharma ,  Javed Asghar ,  Prabhu Balakannan ,  Sridhar Vallepalli

IPC: H04L9/40 ,  H04L9/08 ,  H04L12/46 ,  H04L69/14 ,  H04L69/22

Abstract: A Software-Defined Networking (SDN)-based “upstream” approach is a controller-based solution that provides secure key distribution and management for multi-site data centers. The approach uses an SDN Multi-Site Controller (MSC) that acts as an intermediary between SDN controllers at sites in a multi-site data center and manages the distribution of keys to sites. The approach is not dependent upon any particular routing protocol, such as the Border Gateway Protocol (BGP), and is well suited for multicast stream encryption by allowing the same key to be used for all replicated packets sent to downstream sites from an upstream source site. The approach distributes keys in a secure manner, ensures that data transferred between sites is done in a secure manner, and supports re-keying with error handling.

公开(公告)号：US11895100B2

公开(公告)日：2024-02-06

申请号：US16940114

申请日：2020-07-27

Applicant: Cisco Technology, Inc.

Inventor： Govind Prasad Sharma ,  Javed Asghar ,  Prabhu Balakannan ,  Sridhar Vallepalli

IPC: H04L9/40 ,  H04L9/08 ,  H04L12/46 ,  H04L69/14 ,  H04L69/22

CPC classification number: H04L63/062 ,  H04L9/0891 ,  H04L12/4641 ,  H04L63/0428 ,  H04L63/166 ,  H04L69/14 ,  H04L69/22

Abstract: A Software-Defined Networking (SDN)-based “upstream” approach is a controller-based solution that provides secure key distribution and management for multi-site data centers. The approach uses an SDN Multi-Site Controller (MSC) that acts as an intermediary between SDN controllers at sites in a multi-site data center and manages the distribution of keys to sites. The approach is not dependent upon any particular routing protocol, such as the Border Gateway Protocol (BGP), and is well suited for multicast stream encryption by allowing the same key to be used for all replicated packets sent to downstream sites from an upstream source site. The approach distributes keys in a secure manner, ensures that data transferred between sites is done in a secure manner, and supports re-keying with error handling.

公开(公告)号：US11368484B1

公开(公告)日：2022-06-21

申请号：US16396096

申请日：2019-04-26

Applicant: Cisco Technology, Inc.

Inventor： Govind Prasad Sharma ,  Eshwar Rao Yedavalli ,  Mohammed Javed Asghar ,  Ashwath Kumar Chandrasekaran ,  Swapnil Mankar ,  Umamaheswararao Karyampudi

IPC: H04L101/622 ,  G06F9/455 ,  H04L61/103 ,  H04L9/40

Abstract: Methods to secure against IP address thefts by rogue devices in a virtualized datacenter are provided. Rogue devices are detected and distinguished from a migration of an endpoint in a virtualized datacenter. A first hop network element in a one or more network fabrics intercepts a request that includes an identity of an endpoint and performs a local lookup for the endpoint entity identifier. Based on the lookup not finding the endpoint entity identifier, the first hop network element broadcasts a message such as a remote media access address (MAC) query to other network elements in the one or more network fabrics. Based on the received response, which may include an IP address associated with the MAC address, the first hop network element performs a theft validation process to determine whether the request originated from a migrated endpoint or a rogue device.

公开(公告)号：US12238079B2

公开(公告)日：2025-02-25

申请号：US18673183

申请日：2024-05-23

Applicant: Cisco Technology, Inc.

Inventor： Govind Prasad Sharma ,  Javed Asghar ,  Prabhu Balakannan ,  Sridhar Vallepalli

IPC: H04L9/40 ,  H04L9/08 ,  H04L12/46 ,  H04L69/14 ,  H04L69/22

Abstract: A Software-Defined Networking (SDN)-based “upstream” approach is a controller-based solution that provides secure key distribution and management for multi-site data centers. The approach uses an SDN Multi-Site Controller (MSC) that acts as an intermediary between SDN controllers at sites in a multi-site data center and manages the distribution of keys to sites. The approach is not dependent upon any particular routing protocol, such as the Border Gateway Protocol (BGP), and is well suited for multicast stream encryption by allowing the same key to be used for all replicated packets sent to downstream sites from an upstream source site. The approach distributes keys in a secure manner, ensures that data transferred between sites is done in a secure manner, and supports re-keying with error handling.

公开(公告)号：US20220263865A1

公开(公告)日：2022-08-18

申请号：US17736748

申请日：2022-05-04

Applicant: Cisco Technology, Inc.

Inventor： Govind Prasad Sharma ,  Eshwar Rao Yedavalli ,  Mohammed Javed Asghar ,  Ashwath Kumar Chandrasekaran ,  Swapnil Mankar ,  Umamaheswararao Karyampudi

IPC: H04L9/40 ,  G06F9/455 ,  H04L61/103 ,  H04L101/622

Abstract: Methods to secure against IP address thefts by rogue devices in a virtualized datacenter are provided. Rogue devices are detected and distinguished from a migration of an endpoint in a virtualized datacenter. A first hop network element in a one or more network fabrics intercepts a request that includes an identity of an endpoint and performs a local lookup for the endpoint entity identifier. Based on the lookup not finding the endpoint entity identifier, the first hop network element broadcasts a message such as a remote media access address (MAC) query to other network elements in the one or more network fabrics. Based on the received response, which may include an IP address associated with the MAC address, the first hop network element performs a theft validation process to determine whether the request originated from a migrated endpoint or a rogue device.

公开(公告)号：US20200127987A1

公开(公告)日：2020-04-23

申请号：US16166973

申请日：2018-10-22

Applicant: Cisco Technology, Inc.

Inventor： Govind Prasad Sharma ,  Javed Asghar ,  Prabhu Balakannan ,  Sridhar Vallepalli

IPC: H04L29/06 ,  H04L9/08 ,  H04L12/46

Abstract: A Software-Defined Networking (SDN)-based “upstream” approach is a controller-based solution that provides secure key distribution and management for multi-site data centers. The approach uses an SDN Multi-Site Controller (MSC) that acts as an intermediary between SDN controllers at sites in a multi-site data center and manages the distribution of keys to sites. The approach is not dependent upon any particular routing protocol, such as the Border Gateway Protocol (BGP), and is well suited for multicast stream encryption by allowing the same key to be used for all replicated packets sent to downstream sites from an upstream source site. The approach distributes keys in a secure manner, ensures that data transferred between sites is done in a secure manner, and supports re-keying with error handling.

公开(公告)号：US09083613B2

公开(公告)日：2015-07-14

申请号：US13653129

申请日：2012-10-16

Applicant: CISCO TECHNOLOGY, INC.

Inventor： Vipin Jain ,  Govind Prasad Sharma ,  Dhananjaya Rao ,  Herman Levenson

IPC: H04L12/26 ,  H04L12/24

CPC classification number: H04L43/0811 ,  H04L41/12 ,  H04L43/10 ,  Y02D30/30

Abstract: In one embodiment, a method at a network device includes receiving a link layer advertisement, comparing information in the link layer advertisement with connectivity information stored at the network device, and based on the comparison, determining if there is a cabling error between the network device and a link peer transmitting the link layer advertisement. An apparatus and logic are also disclosed herein.

Abstract translation: 在一个实施例中，网络设备的方法包括接收链路层通告，将链路层广告中的信息与存储在网络设备中的连接性信息进行比较，并且基于该比较，确定网络设备之间是否存在布线错误 以及发送链路层广告的链路对等体。 本文还公开了一种装置和逻辑。