公开(公告)号：US20230131771A1

公开(公告)日：2023-04-27

申请号：US17508731

申请日：2021-10-22

Applicant: Cisco Technology, Inc.

Inventor： Shree Murthy ,  Sanjay Kumar Hooda ,  Prakash C. Jain ,  Roberto Kobo ,  Rajagopal Venkatraman

IPC: H04L9/40 ,  H04L61/5014 ,  G06F9/455

Abstract: Techniques for analyzing traffic originating from a host device in a wireless network to identify one or more virtual machines (VMs) running on the host device and connected to the network via the host device in bridge mode. When a VM is created in bridge mode behind a host device, the traffic originated by the VM will have the source Media Access Layer (MAC) address of the host device. According to techniques described herein, devices and/or components associated with the network may profile the traffic to identify an address of the VM, such as by analyzing dynamic host configuration protocol (DHCP) packets to determine the Internet Protocol (IP) address of the VM. Once the IP address and the MAC address of the VM is known, the components and/or devices may apply security policies to the VM that may be different than security policies applied to the host device.

公开(公告)号：US12113698B2

公开(公告)日：2024-10-08

申请号：US17446918

申请日：2021-09-03

Applicant: Cisco Technology, Inc.

Inventor： Rajeev Kumar ,  Sanjay K. Hooda ,  Balaji Pitta Venkatachalapathy ,  Prakash C. Jain ,  Rajagopal Venkatraman

IPC: H04L45/64 ,  H04L45/02 ,  H04L45/745

CPC classification number: H04L45/02 ,  H04L45/64 ,  H04L45/745

Abstract: Techniques and apparatus for allowing a network fabric to accept network devices associated with other fabric networks are described. An example technique involves establishing a communication session between a first network node and a first control plane of the network fabric, wherein the first network node supports a second control plane different from the first control plane; First routing information from the first network node is imported into a first routing table of the first control plane. Second routing information from a second network node is imported into a second routing table of the first network node.

公开(公告)号：US12069098B2

公开(公告)日：2024-08-20

申请号：US17508731

申请日：2021-10-22

Applicant: Cisco Technology, Inc.

Inventor： Shree Murthy ,  Sanjay Kumar Hooda ,  Prakash C. Jain ,  Roberto Kobo ,  Rajagopal Venkatraman

IPC: G06F15/16 ,  G06F9/455 ,  H04L9/40 ,  H04L61/5007 ,  H04L61/5014

CPC classification number: H04L63/20 ,  G06F9/45558 ,  H04L61/5007 ,  H04L61/5014

Abstract: Techniques for analyzing traffic originating from a host device in a wireless network to identify one or more virtual machines (VMs) running on the host device and connected to the network via the host device in bridge mode. When a VM is created in bridge mode behind a host device, the traffic originated by the VM will have the source Media Access Layer (MAC) address of the host device. According to techniques described herein, devices and/or components associated with the network may profile the traffic to identify an address of the VM, such as by analyzing dynamic host configuration protocol (DHCP) packets to determine the Internet Protocol (IP) address of the VM. Once the IP address and the MAC address of the VM is known, the components and/or devices may apply security policies to the VM that may be different than security policies applied to the host device.

公开(公告)号：US12212485B2

公开(公告)日：2025-01-28

申请号：US18317576

申请日：2023-05-15

Applicant: Cisco Technology, Inc.

Inventor： Rajeev Kumar ,  Rajagopal Venkatraman

IPC: H04L45/16 ,  H04L12/18 ,  H04L43/12 ,  H04L45/00

Abstract: A method may include bridging in, via a fabric, a multicast data packet from a source device to a first edge device of a plurality of edge devices and flooding the multicast data packet to the plurality of edge devices within a mutual subnetwork of the fabric. The method further includes bridging out the multicast data packet from a second edge device of the plurality of edge devices to a receiving device. The source device and the receiving device are located within the mutual subnetwork.

公开(公告)号：US11824753B2

公开(公告)日：2023-11-21

申请号：US17446965

申请日：2021-09-05

Applicant: Cisco Technology, Inc.

Inventor： Rajagopal Venkatraman ,  Rajeev Kumar ,  Roberto Mitsuo Kobo ,  Vikash Agarwal

IPC: H04L43/12 ,  H04L45/02 ,  H04L45/74

CPC classification number: H04L43/12 ,  H04L45/02 ,  H04L45/74

Abstract: In one embodiment, network node-to-node connectivity verification is performed in a network including data path processing of packets within a packet switching device. In one embodiment, an echo request connectivity test packet, emulating an echo request connectivity test packet received from a first connected network node, is inserted by the packet switching device prior in its data processing path prior to ingress processing performed for packets received from the first connected network node. A correspondingly received echo reply connectivity test packet is intercepted by the packet switching device during data path egress processing performed for packets to be forwarded to the first connected network node.

公开(公告)号：US20230010247A1

公开(公告)日：2023-01-12

申请号：US17368503

申请日：2021-07-06

Applicant: Cisco Technology, Inc.

Inventor： Rajeev Kumar ,  Rajagopal Venkatraman

IPC: H04L12/761 ,  H04L12/733 ,  H04L12/721 ,  H04L12/18 ,  H04L12/26

Abstract: A method may include bridging in, via a fabric, a multicast data packet from a source device to a first edge device of a plurality of edge devices and flooding the multicast data packet to the plurality of edge devices within a mutual subnetwork of the fabric. The method further includes bridging out the multicast data packet from a second edge device of the plurality of edge devices to a receiving device. The source device and the receiving device are located within the mutual subnetwork.

公开(公告)号：US12273254B2

公开(公告)日：2025-04-08

申请号：US18334947

申请日：2023-06-14

Applicant: Cisco Technology, Inc.

Inventor： Rajagopal Venkatraman ,  Rajeev Kumar ,  Roberto Mitsuo Kobo ,  Vikash Agarwal

IPC: H04L43/12 ,  H04L45/02 ,  H04L45/74

Abstract: In one embodiment, network node-to-node connectivity verification is performed in a network including data path processing of packets within a packet switching device. In one embodiment, an echo request connectivity test packet, emulating an echo request connectivity test packet received from a first connected network node, is inserted by the packet switching device prior in its data processing path prior to ingress processing performed for packets received from the first connected network node. A correspondingly received echo reply connectivity test packet is intercepted by the packet switching device during data path egress processing performed for packets to be forwarded to the first connected network node.

公开(公告)号：US11425044B2

公开(公告)日：2022-08-23

申请号：US17071154

申请日：2020-10-15

Applicant: CISCO TECHNOLOGY, INC.

Inventor： Ramchander R. Nadipally ,  Ajinkya Abhay Chouthai ,  Rajagopal Venkatraman ,  Xiangqun Li ,  Rahul Kachalia

IPC: H04L47/125 ,  H04L45/74 ,  H04L12/46 ,  H04L41/0866 ,  H04L61/5007 ,  H04L61/5076

Abstract: This technology enables a dynamic host configuration protocol (“DHCP”) Layer 2 relay in a Virtual Extensible Local Area Network (“VXLAN”) overlay fabric. A host device broadcasts a configuration request, such as a DHCP discover, across an Ethernet virtual private network (“EVPN”) overlay fabric. The DHCP discover is intercepted by a VXLAN Tunnel End Point (“VTEP”) device with Layer 2 bridging functionality. The VTEP device selects a centralized gateway (“CGW”) device with Layer 3 relay functionality as a destination for the DHCP discover. The VTEP device encapsulates the DHCP discover with a unicast VXLAN header comprising the media access control (“MAC”) address of the CGW device and transmits the encapsulated DHCP discover to the CGW device, resolving the destination address associated with the broadcast. The CGW device transmits the DHCP discover to an Internet Protocol (“IP”) address associated with a DHCP server that is external to the EVPN overlay fabric.

公开(公告)号：US20220124037A1

公开(公告)日：2022-04-21

申请号：US17071154

申请日：2020-10-15

Applicant: CISCO TECHNOLOGY, INC.

Inventor： Ramchander R. Nadipally ,  Ajinkya Abhay Chouthai ,  Rajagopal Venkatraman ,  Xiangqun Li ,  Rahul Kachalia

IPC: H04L12/803 ,  H04L12/741 ,  H04L12/46 ,  H04L29/12 ,  H04L12/24

Abstract: This technology enables a dynamic host configuration protocol (“DHCP”) Layer 2 relay in a Virtual Extensible Local Area Network (“VXLAN”) overlay fabric. A host device broadcasts a configuration request, such as a DHCP discover, across an Ethernet virtual private network (“EVPN”) overlay fabric. The DHCP discover is intercepted by a VXLAN Tunnel End Point (“VTEP”) device with Layer 2 bridging functionality. The VTEP device selects a centralized gateway (“CGW”) device with Layer 3 relay functionality as a destination for the DHCP discover. The VTEP device encapsulates the DHCP discover with a unicast VXLAN header comprising the media access control (“MAC”) address of the CGW device and transmits the encapsulated DHCP discover to the CGW device, resolving the destination address associated with the broadcast. The CGW device transmits the DHCP discover to an Internet Protocol (“IP”) address associated with a DHCP server that is external to the EVPN overlay fabric.

公开(公告)号：US20240396945A1

公开(公告)日：2024-11-28

申请号：US18791151

申请日：2024-07-31

Applicant: Cisco Technology, Inc.

Inventor： Shree Narasimha Murthy ,  Sanjay Kumar Hooda ,  Prakash C. Jain ,  Roberto Mitsuo Kobo ,  Rajagopal Venkatraman

IPC: H04L9/40 ,  G06F9/455 ,  H04L61/5007 ,  H04L61/5014

Abstract: Techniques for analyzing traffic originating from a host device in a wireless network to identify one or more virtual machines (VMs) running on the host device and connected to the network via the host device in bridge mode. When a VM is created in bridge mode behind a host device, the traffic originated by the VM will have the source Media Access Layer (MAC) address of the host device. According to techniques described herein, devices and/or components associated with the network may profile the traffic to identify an address of the VM, such as by analyzing dynamic host configuration protocol (DHCP) packets to determine the Internet Protocol (IP) address of the VM. Once the IP address and the MAC address of the VM is known, the components and/or devices may apply security policies to the VM that may be different than security policies applied to the host device.