公开(公告)号：US20200136862A1

公开(公告)日：2020-04-30

申请号：US16173487

申请日：2018-10-29

Applicant: Cisco Technology, Inc.

Inventor： Prakash Chand JAIN ,  Sanjay Kumar HOODA ,  Victor M. MORENO ,  Satish Kumar KONDALAM

IPC: H04L12/46 ,  H04L12/715 ,  H04L12/713 ,  H04L12/741

Abstract: In one example, a router is configured to process communications according to a tunneling protocol to provide network overlay tunnels to facilitate virtual private networks (VPNs) for hosts, and to process communications associated with an external network with use of a provider virtualization routing and forwarding (VRF) instance. With use of a subscription function, the router receives an initial set of extranet VPN prefixes associated with the network overlays for storage in association with the provider VRF, as well as regularly receive publications of updates to extranet VPN prefixes associated with the network overlays. With use of a route obtaining function, the router, in response to receiving a communication associated with one of the stored extranet VPN prefixes at the provider VRF, sends to a communications management server a message indicating request for a host-to-router mapping and receive from the communications management server a reply including the host-to-router mapping.

公开(公告)号：US20190104091A1

公开(公告)日：2019-04-04

申请号：US15721914

申请日：2017-10-01

Applicant: Cisco Technology, INC.

Inventor： Sanjay Kumar HOODA ,  Atri INDIRESAN ,  Da-Yuan TUNG ,  Kaushik Kumar DAM ,  Anand PULICAT GOPALAKRISHNAN

IPC: H04L12/931 ,  H04L12/46 ,  H04L12/24

CPC classification number: H04L49/354 ,  H04L12/4641 ,  H04L12/4675 ,  H04L41/0806 ,  H04L41/0896 ,  H04L63/08 ,  H04L63/10

Abstract: In one embodiment a network device includes a plurality of ports. The network device is adapted to receive at least one configuring instruction, and adapted, after receipt of any of the at least one configuring instruction, to configure one or more access ports, of the plurality of ports, for endpoint virtual local area network (VLAN) assignment that is in accordance with at least one VLAN assignment algorithm. The at least one VLAN assignment algorithm allows at least two endpoints to be assigned to at least two different respective VLANs of a plurality of VLANs in a network, the at least one VLAN assignment algorithm enabling the at least two endpoints to connect to a same access port of the one or more access ports and provide data which is not VLAN tagged when received at the same access port.

公开(公告)号：US20220103424A1

公开(公告)日：2022-03-31

申请号：US16948627

申请日：2020-09-25

Applicant: Cisco Technology, Inc.

Inventor： Shyamsundar N. MANIYAR ,  Sanjay Kumar HOODA ,  Shree N. MURTHY ,  Sonal Prem Kumar CHHABRIA ,  Akshay DORWAT

IPC: H04L12/24 ,  H04L12/46 ,  H04L29/08

Abstract: In one embodiment, dynamic user private networks are virtually segmented within a shared virtual network. A network control system maintains the dynamic logical segmentation of the shared virtual network. User entities (e.g., user devices and/or services) are communicatively coupled to respective personal virtual networks via endpoints of access devices. Each of these endpoints is associated with a corresponding user private network. Responsive in real-time to automated processing of a received electronic particular user request, the network control system automatically modifies the dynamic logical segmentation of the shared virtual network to move a particular user entity on the shared virtual network to newly being on the first dynamic user private network without being disconnected from the shared virtual network. One embodiment uses different user private network identifiers (UPN-IDs) associated with endpoints and received packets to identify their respective user private network.

公开(公告)号：US20170054688A1

公开(公告)日：2017-02-23

申请号：US14831557

申请日：2015-08-20

Applicant: Cisco Technology, Inc.

Inventor： Ripon BHATTACHARJEE ,  Sanjay Kumar HOODA ,  Nalinaksh M. PAI ,  Saravanan RADHAKRISHNAN

IPC: H04L29/06 ,  H04L12/24 ,  H04L12/947

CPC classification number: H04L63/0281 ,  H04L41/5003 ,  H04L41/5096 ,  H04L43/026 ,  H04L45/306 ,  H04L45/38 ,  H04L45/72 ,  H04L63/0254 ,  H04L63/08 ,  H04L67/322 ,  H04L69/22

Abstract: Techniques for tagging packets within a network fabric. An authentication device for a network fabric receives a first packet originating from a source device, in transit to a destination device, corresponding to a first network flow. User identification information corresponding to an authenticated user of the source device is inserted into a Network Services Header of the first packet. Embodiments receive a second packet that corresponds to the first network flow at the authentication device, the second packet including service identification information within a Network Services Header of the second packet that identifies a service type of the network flow. Upon receiving a third packet for the first network flow, the authentication device inserts the user identification and the service identification information into a Network Services Header of the third packet.

Abstract translation: 在网络结构中标记数据包的技术。 用于网络结构的认证设备从与源设备相对应的第一网络流接收到传送到目的地设备的第一分组。 与源设备的认证用户相对应的用户识别信息被插入到第一分组的网络服务报头中。 实施例接收对应于认证装置处的第一网络流的第二分组，第二分组包括识别网络流的服务类型的第二分组的网络服务报头内的服务标识信息。 在接收到用于第一网络流的第三分组时，认证设备将用户标识和服务标识信息插入到第三分组的网络服务报头中。

公开(公告)号：US20220116382A1

公开(公告)日：2022-04-14

申请号：US17070415

申请日：2020-10-14

Applicant: Cisco Technology, Inc.

Inventor： Syam Sundar APPALA ,  Sanjay Kumar HOODA ,  Rex E. FERNANDO ,  Vikram PENDHARKAR

IPC: H04L29/06

Abstract: Network controls for application access secured by transport layer security (TLS) using single sign on (SSO) flow may be provided. An application access request for authenticating a user may be received in response to the user requesting an access to an application. User credentials associated with the user may be validated. In response to validating the user credentials, user attributes associated with the user may be determined. Network controls for a user session associated with the application access request may be determined based on the user attributes. The application access request may be redirected to a plain text user session. The plain text user session may comprise the network controls for the user session.

公开(公告)号：US20180367337A1

公开(公告)日：2018-12-20

申请号：US16010444

申请日：2018-06-16

Applicant: Cisco Technology, Inc.

Inventor： Prakash Chand JAIN ,  Sanjay Kumar HOODA ,  Victor M. Moreno ,  Satish Kumar KONDALAM

IPC: H04L12/46 ,  H04L12/741

Abstract: In one embodiment, a method is performed at a first node. The method may include receiving, at a first node, a request from a source host associated with a network to communicate with a destination host. The first node may determine whether the destination host is associated with the network. If the destination host is not associated with the network, the first node may determine an instance identifier (IID) and a proxy egress tunnel router (PETR) locator address used to communicate with the destination host. The first node may send an indicator to an ingress tunnel router (ITR) to encapsulate a packet with the IID and the PETR locator address before sending the packet from the source host to the destination host.