公开(公告)号：US09973961B2

公开(公告)日：2018-05-15

申请号：US14683228

申请日：2015-04-10

Applicant: CISCO TECHNOLOGY, INC.

Inventor： Flemming S. Andreasen ,  Kent K. Leung ,  Michel Khouderchah ,  Jayaraman R. Iyer ,  Timothy P. Stammers

IPC: H04W28/02 ,  H04L12/46 ,  H04L12/707 ,  H04L12/721 ,  H04W48/16 ,  H04L29/12 ,  H04W40/24

CPC classification number: H04W28/0226 ,  H04L12/4633 ,  H04L29/12367 ,  H04L45/22 ,  H04L45/26 ,  H04L61/2514 ,  H04W40/24 ,  H04W48/16

Abstract: A method is provided in one example embodiment and includes receiving a data packet transported on a backhaul link at a first network element; de-capsulating the data packet; identifying whether the data packet is an upstream data packet; identifying whether the data packet matches an internet protocol (IP) access control list (ACL) or a tunnel endpoint identifier; and offloading the data packet from the backhaul link. In more specific embodiment, the method can include identifying that the data packet does not match the IP ACL or the tunnel endpoint identifier; and communicating the data packet to a second network element. In other examples, the method can include identifying that the data packet is a downstream data packet; identifying a service to be performed for the data packet that cannot be performed at the first network element; and communicating the data packet to a second network element.

公开(公告)号：US20140310358A1

公开(公告)日：2014-10-16

申请号：US13860860

申请日：2013-04-11

Applicant: CISCO TECHNOLOGY, INC.

Inventor： Carlos M. Pignataro ,  Joseph M. Clarke ,  Rajesh Kumar ,  Mohammed Baseer Khan ,  Michel Khouderchah ,  Mohamed Mostafa

IPC: H04L12/58

CPC classification number: H04L51/046 ,  H04L67/2809 ,  H04L67/327

Abstract: A context-driven publication option is received over a network at an adaptive publish subscribe broker from a publishing network device. The context driven publication options are presented over the network to a subscribing network device. A selection of a context-driven subscription is received over the network at the adaptive publish/subscribe broker from the subscribing network device. A publication configured for network management and operations is received at the adaptive publish/subscribe broker. Publications are filtered at the adaptive publish/subscribe broker for the subscribing network device according to the selection of the context-driven subscription.

Abstract translation: 在发布网络设备的自适应发布订阅代理处通过网络接收上下文驱动的发布选项。 上下文驱动的发布选项通过网络呈现给订阅网络设备。 在订阅网络设备的自适应发布/订阅代理处通过网络接收上下文驱动订阅的选择。 在自适应发布/订阅代理处接收配置用于网络管理和操作的出版物。 根据上下文驱动订阅的选择，在订阅网络设备的自适应发布/订阅代理处过滤出版物。

公开(公告)号：US20140115080A1

公开(公告)日：2014-04-24

申请号：US14097768

申请日：2013-12-05

Applicant: Cisco Technology, Inc.

Inventor： Carlos Maria Pignataro ,  Joseph Michael Clarke ,  Rajesh Kumar ,  Mohammed Baseer Khan ,  Mohamed Saad Mostafa ,  Sanjeev S. Ukhalkar ,  Michel Khouderchah ,  Mark Allan Son-Bell

IPC: H04L12/58

CPC classification number: H04L51/04 ,  H04L41/0266

Abstract: Techniques are provided herein for establishing at a network management server a presence on a network. A presence associated with one or more managed devices on the network is detected. An instant messaging (IM) session is established with the one or more managed devices. The IM session forms a virtual chat room for performing a management function on the one or more managed devices, and IM messages are sent that are configured to perform the management function on the one or more managed devices. Techniques are also provided herein for establishing on a network an enriched presence by a network management server that is configured to perform a management function via a presence function of a messaging and presence protocol.

Abstract translation: 本文提供了在网络管理服务器上建立在网络上的存在的技术。 检测到与网络上的一个或多个被管理设备相关联的存在。 与一个或多个受管设备建立即时消息（IM）会话。 IM会话形成用于在一个或多个被管理设备上执行管理功能的虚拟聊天室，并且发送被配置为在一个或多个被管理设备上执行管理功能的IM消息。 本文还提供了在网络上建立网络管理服务器的丰富存在的技术，网络管理服务器经配置以经由消息传递和存在协议的存在功能执行管理功能。

公开(公告)号：US11412000B2

公开(公告)日：2022-08-09

申请号：US16741794

申请日：2020-01-14

Applicant: Cisco Technology, Inc.

Inventor： Michel Khouderchah ,  Jayaraman Iyer ,  Kent K. Leung ,  Jianxin Wang ,  Donovan O'Hara ,  Saman Taghavi Zargar ,  Subharthi Paul

IPC: H04L9/40 ,  H04L67/02 ,  H04L41/22

Abstract: Presented herein are methodologies for implementing application security. A method includes generating an extraction vector based on a plurality of application security rules to be enforced, transmitting the extraction vector to a first agent operating on a first network device and to a second agent operating on a second network device; receiving, separately, from the first agent and from the second agent, first metadata generated by the first agent and second metadata generated by the second agent by the agents applying the extraction vector to network traffic passing, respectively, through the first network device and the second network device. The first metadata includes a transaction ID assigned by the first agent, and the second metadata includes the same transaction ID. The method further includes correlating the first metadata with the second metadata based on the transaction ID to construct a transactional service graph for the network traffic.

公开(公告)号：US09553831B2

公开(公告)日：2017-01-24

申请号：US13860860

申请日：2013-04-11

Applicant: Cisco Technology, Inc.

Inventor： Carlos M. Pignataro ,  Joseph M. Clarke ,  Rajesh Kumar ,  Mohammed Baseer Khan ,  Michel Khouderchah ,  Mohamed Mostafa

IPC: G06F15/16 ,  H04L12/58 ,  H04L29/08

CPC classification number: H04L51/046 ,  H04L67/2809 ,  H04L67/327

Abstract: A context-driven publication option is received over a network at an adaptive publish subscribe broker from a publishing network device. The context driven publication options are presented over the network to a subscribing network device. A selection of a context-driven subscription is received over the network at the adaptive publish/subscribe broker from the subscribing network device. A publication configured for network management and operations is received at the adaptive publish/subscribe broker. Publications are filtered at the adaptive publish/subscribe broker for the subscribing network device according to the selection of the context-driven subscription.

Abstract translation: 在发布网络设备的自适应发布订阅代理处通过网络接收上下文驱动的发布选项。 上下文驱动的发布选项通过网络呈现给订阅网络设备。 在订阅网络设备的自适应发布/订阅代理处通过网络接收上下文驱动订阅的选择。 在自适应发布/订阅代理处接收配置用于网络管理和操作的出版物。 根据上下文驱动订阅的选择，在订阅网络设备的自适应发布/订阅代理处过滤出版物。

公开(公告)号：US20210218771A1

公开(公告)日：2021-07-15

申请号：US16741794

申请日：2020-01-14

Applicant: Cisco Technology, Inc.

Inventor： Michel Khouderchah ,  Jayaraman Iyer ,  Kent K. Leung ,  Jianxin Wang ,  Donovan O'Hara ,  Saman Taghavi Zargar ,  Subharthi Paul

IPC: H04L29/06 ,  H04L12/24 ,  H04L29/08

Abstract: Presented herein are methodologies for implementing application security. A method includes generating an extraction vector based on a plurality of application security rules to be enforced, transmitting the extraction vector to a first agent operating on a first network device and to a second agent operating on a second network device; receiving, separately, from the first agent and from the second agent, first metadata generated by the first agent and second metadata generated by the second agent by the agents applying the extraction vector to network traffic passing, respectively, through the first network device and the second network device. The first metadata includes a transaction ID assigned by the first agent, and the second metadata includes the same transaction ID. The method further includes correlating the first metadata with the second metadata based on the transaction ID to construct a transactional service graph for the network traffic.

公开(公告)号：US10588044B2

公开(公告)日：2020-03-10

申请号：US15978694

申请日：2018-05-14

Applicant: Cisco Technology, Inc.

Inventor： Flemming S. Andreasen ,  Kent K. Leung ,  Michel Khouderchah ,  Jayaraman R. Iyer ,  Timothy P. Stammers

IPC: H04W28/02 ,  H04L12/707 ,  H04L12/46 ,  H04L12/721 ,  H04W48/16 ,  H04L29/12 ,  H04W40/24

Abstract: A method is provided in one example embodiment and includes receiving a data packet transported on a backhaul link at a first network element; de-capsulating the data packet; identifying whether the data packet is an upstream data packet; identifying whether the data packet matches an internet protocol (IP) access control list (ACL) or a tunnel endpoint identifier; and offloading the data packet from the backhaul link. In more specific embodiment, the method can include identifying that the data packet does not match the IP ACL or the tunnel endpoint identifier; and communicating the data packet to a second network element. In other examples, the method can include identifying that the data packet is a downstream data packet; identifying a service to be performed for the data packet that cannot be performed at the first network element; and communicating the data packet to a second network element.

公开(公告)号：US20150172119A1

公开(公告)日：2015-06-18

申请号：US14633572

申请日：2015-02-27

Applicant: CISCO TECHNOLOGY, INC.

Inventor： Gary B. Mahaffey ,  Jayaraman R. Iyer ,  Michel Khouderchah ,  Kent K. Leung ,  Robert A. Mackie ,  Timothy P. Stammers ,  Hy Quoc Pham

IPC: H04L12/24 ,  H04W48/16

CPC classification number: H04L41/0813 ,  H04L41/0866 ,  H04L41/12 ,  H04L67/14 ,  H04W48/16 ,  H04W76/10

Abstract: A method is provided in one example embodiment and includes communicating a message from a network element to a remote data plane element in order to request a data plane resource for hosting a session for a particular subscriber. The remote data plane element is designated to host a data plane function for a particular mobile network subscriber and the data plane resource comprises at least one of memory space and processor allocation. The method further includes discovering nodes capable of supporting the control plane functions; discovering nodes capable of supporting the data plane functions for the session; and performing a system-specific internal configuration to support separation of the data plane functions and the control plane functions.

Abstract translation: 在一个示例实施例中提供了一种方法，并且包括将消息从网络元件传送到远程数据平面元件，以便请求用于托管特定用户的会话的数据平面资源。 指定远程数据平面元件以托管特定移动网络用户的数据平面功能，并且数据平面资源包括存储器空间和处理器分配中的至少一个。 该方法还包括发现能够支持控制平面功能的节点; 发现能够支持该会话的数据平面功能的节点; 并执行系统特定的内部配置，以支持数据平面功能和控制平面功能的分离。

公开(公告)号：US10110433B2

公开(公告)日：2018-10-23

申请号：US14633572

申请日：2015-02-27

Applicant: CISCO TECHNOLOGY, INC.

Inventor： Gary B. Mahaffey ,  Jayaraman R. Iyer ,  Michel Khouderchah ,  Kent K. Leung ,  Robert A. Mackie ,  Timothy P. Stammers ,  Hy Quoc Pham

IPC: H04L12/24 ,  H04L29/08 ,  H04W48/16 ,  H04W76/10

Abstract: A method is provided in one example embodiment and includes communicating a message from a network element to a remote data plane element in order to request a data plane resource for hosting a session for a particular subscriber. The remote data plane element is designated to host a data plane function for a particular mobile network subscriber and the data plane resource comprises at least one of memory space and processor allocation. The method further includes discovering nodes capable of supporting the control plane functions; discovering nodes capable of supporting the data plane functions for the session; and performing a system-specific internal configuration to support separation of the data plane functions and the control plane functions.

公开(公告)号：US20150215810A1

公开(公告)日：2015-07-30

申请号：US14683228

申请日：2015-04-10

Applicant: CISCO TECHNOLOGY, INC.

Inventor： Flemming S. Andreasen ,  Kent K. Leung ,  Michel Khouderchah ,  Jayaraman R. Iyer ,  Timothy P. Stammers

IPC: H04W28/02 ,  H04W48/16 ,  H04L12/721 ,  H04L12/46 ,  H04L12/707

CPC classification number: H04W28/0226 ,  H04L12/4633 ,  H04L29/12367 ,  H04L45/22 ,  H04L45/26 ,  H04L61/2514 ,  H04W40/24 ,  H04W48/16

Abstract: A method is provided in one example embodiment and includes receiving a data packet transported on a backhaul link at a first network element; de-capsulating the data packet; identifying whether the data packet is an upstream data packet; identifying whether the data packet matches an internet protocol (IP) access control list (ACL) or a tunnel endpoint identifier; and offloading the data packet from the backhaul link. In more specific embodiment, the method can include identifying that the data packet does not match the IP ACL or the tunnel endpoint identifier; and communicating the data packet to a second network element. In other examples, the method can include identifying that the data packet is a downstream data packet; identifying a service to be performed for the data packet that cannot be performed at the first network element; and communicating the data packet to a second network element.

Abstract translation: 在一个示例性实施例中提供了一种方法，并且包括接收在第一网络元件处的回程链路上传送的数据分组; 解封装数据包; 识别数据分组是否是上行数据分组; 识别数据分组是否与互联网协议（IP）访问控制列表（ACL）或隧道端点标识符匹配; 并从回程链路卸载数据包。 在更具体的实施例中，该方法可以包括识别数据分组与IP ACL或隧道端点标识符不匹配; 以及将所述数据分组传送到第二网络单元。 在其他示例中，该方法可以包括识别数据分组是下游数据分组; 识别对于在第一网络元件不能执行的数据分组执行的服务; 以及将所述数据分组传送到第二网络单元。