公开(公告)号：US20180267990A1

公开(公告)日：2018-09-20

申请号：US15461291

申请日：2017-03-16

Applicant: CISCO TECHNOLOGY, INC.

Inventor： Sunil Cherukuri ,  Xiao Hu Gao ,  Alexander B. Altman

IPC: G06F17/30 ,  G06F9/445

CPC classification number: G06F16/178 ,  G06F8/60 ,  G06F8/63 ,  G06F9/45533 ,  G06F16/13 ,  G06F16/25

Abstract: One embodiment includes identifying a common file associated with a first software container deployed on a host; adding a single copy of the common file to a common file pool maintained by the host, removing the common file from the first container and replacing it with a pointer to the copy of the common file in the shared file pool, and removing the common file from the first container and replacing it with a pointer to the copy of the common file in the shared file pool; identifying at least one unique file associated with the first container; and moving the unique file to the common file pool maintained by the host and removing the unique file from the first container and replacing it with a pointer to the copy of the unique file in the shared file pool.

公开(公告)号：US09210223B2

公开(公告)日：2015-12-08

申请号：US14466972

申请日：2014-08-23

Applicant: Cisco Technology, Inc.

Inventor： Mohamed Khalid ,  Sunil Cherukuri ,  Haseeb Sarwar Niazi ,  Muhammad Afaq Khan

IPC: H04L29/08 ,  H04L12/46 ,  H04L29/06

CPC classification number: H04L67/141 ,  H04L12/4641 ,  H04L63/0272 ,  H04L63/164 ,  H04L63/20

Abstract: In one embodiment, a first network device receives a priority message from a second network device, wherein the priority message conforms to a connection establishment protocol and indicates a priority associated with the second network device. The first network device obtains the priority from the priority message and stores the priority. The first network device allocates resources for at least one of control or data plane processing to the second network device in accordance with the priority.

Abstract translation: 在一个实施例中，第一网络设备从第二网络设备接收优先级消息，其中优先级消息符合连接建立协议并且指示与第二网络设备相关联的优先级。 第一网络设备从优先级消息获取优先级并存储优先级。 第一网络设备根据优先级向第二网络设备分配至少一个控制或数据平面处理的资源。

公开(公告)号：US10936549B2

公开(公告)日：2021-03-02

申请号：US15461291

申请日：2017-03-16

Applicant: CISCO TECHNOLOGY, INC.

Inventor： Sunil Cherukuri ,  Xiao Hu Gao ,  Alexander B. Altman

IPC: G06F16/178 ,  G06F16/13 ,  G06F8/60

Abstract: One embodiment includes identifying a common file associated with a first software container deployed on a host; adding a single copy of the common file to a common file pool maintained by the host, removing the common file from the first container and replacing it with a pointer to the copy of the common file in the shared file pool, and removing the common file from the first container and replacing it with a pointer to the copy of the common file in the shared file pool; identifying at least one unique file associated with the first container; and moving the unique file to the common file pool maintained by the host and removing the unique file from the first container and replacing it with a pointer to the copy of the unique file in the shared file pool.

公开(公告)号：US20180167450A1

公开(公告)日：2018-06-14

申请号：US15374504

申请日：2016-12-09

Applicant: Cisco Technology, Inc.

Inventor： Sunil Cherukuri ,  Xiao Hu Gao ,  Alexander B. Altman

IPC: H04L29/08 ,  H04L29/06

Abstract: Disclosed are systems, methods, and computer-readable storage media for adaptive load balancing for application chains. A load-balancer can receive a data packet for a connection/transaction to be routed through an application chain. The load-balancer can select, based on an application path table, a first end-to-end application path through the application chain. The application path table can identify two or more end-to-end application paths through the application chain along with a corresponding performance status for each end-to-end application path through the application chain. The performance status for an application path can indicate a performance level of the end-to-end application path determined based on performance of previous data packets for previous connections transmitted through the application chain according to the end-to-end application path. The load-balancer can then route the data packet through the application chain according to the first end-to-end application path and across multiple tiers.

公开(公告)号：US09444789B2

公开(公告)日：2016-09-13

申请号：US14470497

申请日：2014-08-27

Applicant: CISCO TECHNOLOGY, INC.

Inventor： Sunil Cherukuri ,  Mohamed Khalid ,  Brian Cinque

IPC: H04L9/32 ,  H04L29/06 ,  H04L29/08 ,  H04L12/24 ,  H04L9/08

CPC classification number: H04L63/0272 ,  H04L9/0838 ,  H04L41/0803 ,  H04L67/1002

Abstract: An example method includes receiving a request for a cloud capability set during an Internet Key Exchange negotiation associated with a virtual private network (VPN) tunnel between a subscriber and a cloud, wherein the cloud capability set comprises one or more cloud capabilities, mapping the request to one or more cryptographic modules that can support the cloud capability set, and offloading the VPN tunnel to the one or more cryptographic modules. The request can be an Internet Security Association and Key Management Protocol (ISAKMP) packet listing the one or more cloud capabilities in a private payload. The method may further include splitting the VPN tunnel between the cryptographic modules if no single cryptographic module can support substantially all the cloud capabilities in the cloud capability set. In some embodiments, the request is compared with a service catalog comprising authorized cloud capabilities.

Abstract translation: 示例性方法包括在与订户和云之间的虚拟专用网（VPN）隧道相关联的因特网密钥交换协商期间接收对云能力集的请求，其中所述云能力集合包括一个或多个云能力，映射请求 到一个或多个可以支持云能力集合的加密模块，以及将VPN隧道卸载到一个或多个加密模块。 该请求可以是列出私有有效载荷中的一个或多个云能力的因特网安全关联和密钥管理协议（ISAKMP）分组。 该方法还可以包括在加密模块之间分割VPN隧道，如果没有单个密码模块可以支持云能力集中的实质上所有的云能力。 在一些实施例中，该请求与包括授权云能力的服务目录进行比较。

公开(公告)号：US20180062944A1

公开(公告)日：2018-03-01

申请号：US15254764

申请日：2016-09-01

Applicant: CISCO TECHNOLOGY, INC.

Inventor： Alexander B. Altman ,  Sunil Cherukuri ,  Xiao Hu Gao

IPC: H04L12/24 ,  H04L12/26

CPC classification number: H04L43/0876 ,  H04L41/5025 ,  H04L41/5096 ,  H04L43/0817 ,  H04L43/12 ,  H04L47/12 ,  H04L47/125 ,  H04L47/80 ,  H04L47/803 ,  H04L67/10 ,  H04L67/1008 ,  H04L67/1023

Abstract: A method is described and in one embodiment includes intercepting an API call destined for an application executing on a host server; accessing a Service Level Agreement (“SLA”) profile for the application, wherein the SLA indicates performance guarantees for the application; determining resource utilization for the host server and resource utilization for the current application and other applications running on that server; comparing the performance guarantees with the host server and application resource utilization to determine whether performance guarantees can be met if the API call is forwarded to the application based on the host server resource utilization; and, if it determined that the performance guarantees cannot be met if the API call is forwarded to the application, refraining from forwarding the API call to the application.

公开(公告)号：US20150143501A1

公开(公告)日：2015-05-21

申请号：US14084378

申请日：2013-11-19

Applicant: Cisco Technology, Inc.

Inventor： Sunil Cherukuri ,  Xiao Hu Gao ,  Goran Saradzic

IPC: H04L29/06

CPC classification number: H04L63/02 ,  H04L45/00 ,  H04L45/50 ,  H04L63/0227 ,  H04L63/0272

Abstract: A device and method are provided to provide multi-exit firewall capabilities for cloud server or cloud service deployments without prior knowledge of reachability information of a client device where the client device may belong to one of several networks accessing the cloud server or cloud service. The reachability information may be derived based on flow of data to and from the client device in response to a data transfer initiation request. A firewall connection table may be updated to record routability to the client device comprising the derived reachability information. The recorded reachability information in the connection table may be used for the data transfer with the client device instead of a default route in a routing table.

Abstract translation: 提供了一种设备和方法，用于为云服务器或云服务部署提供多出口防火墙功能，而无需事先了解客户端设备的可达性信息，客户端设备可能属于接入云服务器或云服务的多个网络之一。 可访问性信息可以基于响应于数据传送发起请求的客户端设备的数据流而导出。 可以更新防火墙连接表以记录包括导出的可达性信息的客户端设备的可路由性。 连接表中记录的可达性信息可以用于与客户端设备的数据传输而不是路由表中的默认路由。

公开(公告)号：US20140372761A1

公开(公告)日：2014-12-18

申请号：US14470497

申请日：2014-08-27

Applicant: CISCO TECHNOLOGY, INC.

Inventor： Sunil Cherukuri ,  Mohamed Khalid ,  Brian Cinque

IPC: H04L29/06 ,  H04L12/24

CPC classification number: H04L63/0272 ,  H04L9/0838 ,  H04L41/0803 ,  H04L67/1002

Abstract: An example method includes receiving a request for a cloud capability set during an Internet Key Exchange negotiation associated with a virtual private network (VPN) tunnel between a subscriber and a cloud, wherein the cloud capability set comprises one or more cloud capabilities, mapping the request to one or more cryptographic modules that can support the cloud capability set, and offloading the VPN tunnel to the one or more cryptographic modules. The request can be an Internet Security Association and Key Management Protocol (ISAKMP) packet listing the one or more cloud capabilities in a private payload. The method may further include splitting the VPN tunnel between the cryptographic modules if no single cryptographic module can support substantially all the cloud capabilities in the cloud capability set. In some embodiments, the request is compared with a service catalog comprising authorized cloud capabilities.

Abstract translation: 示例性方法包括在与订户和云之间的虚拟专用网（VPN）隧道相关联的因特网密钥交换协商期间接收对云能力集的请求，其中所述云能力集合包括一个或多个云能力，映射请求 到一个或多个可以支持云能力集合的加密模块，以及将VPN隧道卸载到一个或多个加密模块。 该请求可以是列出私有有效载荷中的一个或多个云能力的因特网安全关联和密钥管理协议（ISAKMP）分组。 该方法还可以包括在加密模块之间分割VPN隧道，如果没有单个密码模块可以支持云能力集中的实质上所有的云能力。 在一些实施例中，该请求与包括授权云能力的服务目录进行比较。

公开(公告)号：US10523568B2

公开(公告)日：2019-12-31

申请号：US15374504

申请日：2016-12-09

Applicant: Cisco Technology, Inc.

Inventor： Sunil Cherukuri ,  Xiao Hu Gao ,  Alexander B. Altman

IPC: H04L12/801 ,  H04L29/08 ,  H04L29/06 ,  H04L12/851 ,  H04L12/803 ,  G06F9/50

Abstract: Disclosed are systems, methods, and computer-readable storage media for adaptive load balancing for application chains. A load-balancer can receive a data packet for a connection/transaction to be routed through an application chain. The load-balancer can select, based on an application path table, a first end-to-end application path through the application chain. The application path table can identify two or more end-to-end application paths through the application chain along with a corresponding performance status for each end-to-end application path through the application chain. The performance status for an application path can indicate a performance level of the end-to-end application path determined based on performance of previous data packets for previous connections transmitted through the application chain according to the end-to-end application path. The load-balancer can then route the data packet through the application chain according to the first end-to-end application path and across multiple tiers.

公开(公告)号：US09979622B2

公开(公告)日：2018-05-22

申请号：US13953862

申请日：2013-07-30

Applicant: Cisco Technology, Inc.

Inventor： Haseeb Niazi ,  Sunil Cherukuri ,  Mohammed Khalid

IPC: G06F15/173 ,  H04L12/26 ,  H04L12/24

CPC classification number: H04L43/0876 ,  H04L41/0806 ,  H04L41/0823 ,  H04L43/16

Abstract: In one embodiment, a cloud network provides cloud services to the one or more clients, where data usage of each client is monitored on a per client basis. If the data usage of any client is above a first predetermined threshold, then a WAN optimization platform is automatically implemented within the cloud network for the client having the data usage determined to be above the first predetermined threshold.