公开(公告)号：US10834010B2

公开(公告)日：2020-11-10

申请号：US16172659

申请日：2018-10-26

Applicant: Cisco Technology, Inc.

Inventor： Saravanan Sampathkumar ,  Ajay K. Modi ,  Umamaheswararao Karyampudi ,  Vikas V. Patel ,  Gautam Venkataramanan

IPC: H04L12/863 ,  H04L12/851 ,  H04L12/935 ,  H04L12/865 ,  H04L12/861

Abstract: Embodiments provide for mitigating priority flow control deadlock in stretch topologies by initializing a plurality of queues in a buffer of a leaf switch at a local cluster of a site having a plurality of clusters, wherein each queue of the plurality of queues corresponds to a respective one cluster of the plurality of clusters; receiving a pause command for no-drop traffic on the leaf switch, the pause command including an internal Class-of-Service (iCoS) identifier associated with a particular cluster of the plurality of cluster and a corresponding queue in the plurality of queues; and in response to determining, based on the iCoS identifier, that the pause command was received from a remote spine switch associated with a different cluster than the local cluster: forwarding the pause command to a local spine switch in the local cluster; and implementing the pause command on the corresponding queue in the buffer.

公开(公告)号：US12052290B2

公开(公告)日：2024-07-30

申请号：US17937169

申请日：2022-09-30

Applicant: Cisco Technology, Inc.

Inventor： Saravanan Sampathkumar ,  Ajay K. Modi ,  Umamaheswararao Karyampudi ,  Kamal Bakshi ,  Yousuf H. Khan

IPC: H04L67/55 ,  G06F8/65 ,  G06F16/28 ,  H04L9/40

CPC classification number: H04L63/20 ,  G06F8/65 ,  G06F16/285 ,  H04L67/55

Abstract: Zero-trust dynamic discovery in provided by identifying a plurality of endpoints, including targets and initiators, connected to a software defined network, wherein the targets are provided on the software defined network according to a network addressable memory standard that lacks a native discovery service; grouping the targets into a plurality of target groups and the initiators into a plurality of initiator groups; and in response to receiving a discovery request from a given initiator grouped in a given initiator group of the plurality of initiator groups, returning addressing information for a target group of the plurality of target groups associated with the given initiator group in a security policy configuration for the software defined network.

公开(公告)号：US11503077B2

公开(公告)日：2022-11-15

申请号：US16988419

申请日：2020-08-07

Applicant: Cisco Technology, Inc.

Inventor： Saravanan Sampathkumar ,  Ajay K. Modi ,  Umamaheswararao Karyampudi ,  Kamal Bakshi ,  Yousuf H. Khan

IPC: H04L9/40 ,  G06F8/65 ,  G06F16/28 ,  H04L67/55

Abstract: Zero-trust dynamic discovery in provided by identifying a plurality of endpoints, including targets and initiators, connected to a software defined network, wherein the targets are provided on the software defined network according to a network addressable memory standard that lacks a native discovery service; grouping the targets into a plurality of target groups and the initiators into a plurality of initiator groups; and in response to receiving a discovery request from a given initiator grouped in a given initiator group of the plurality of initiator groups, returning addressing information for a target group of the plurality of target groups associated with the given initiator group in a security policy configuration for the software defined network.

公开(公告)号：US20210044622A1

公开(公告)日：2021-02-11

申请号：US16532385

申请日：2019-08-05

Applicant: Cisco Technology, Inc.

Inventor： Gautam Venkataramanan ,  Umamaheswararao Karyampudi ,  Murukanandam K. Panchalingam ,  Ajay K. Modi ,  Maurizio Portolani

IPC: H04L29/06 ,  H04L12/24

Abstract: Techniques for hierarchical security policies are disclosed. A first network configuration is received, where the first network configuration includes a plurality of subnets and a plurality of security zones. An updated network configuration is generated based on the first network configuration by generating, for a first security zone of the plurality of security zones, a first master class, and generating, for each respective subnet of the plurality of subnets, a respective bridge domain. For each respective bridge domain, a respective local endpoint group (EPG) corresponding to the first security zone is created, and the first master class is assigned to the respective local EPG. Finally, one or more contracts are generated for the first master class based on the first network configuration.

公开(公告)号：US12284219B2

公开(公告)日：2025-04-22

申请号：US18412033

申请日：2024-01-12

Applicant: Cisco Technology, Inc.

Inventor： Saravanan Sampathkumar ,  Ajay K. Modi ,  Umamaheswararao Karyampudi ,  Kamal Bakshi ,  Yousuf H. Khan

IPC: H04L67/55 ,  G06F8/65 ,  G06F16/28 ,  H04L9/40

Abstract: Zero-trust dynamic discovery in provided by identifying a plurality of endpoints, including targets and initiators, connected to a software defined network, wherein the targets are provided on the software defined network according to a network addressable memory standard that lacks a native discovery service; grouping the targets into a plurality of target groups and the initiators into a plurality of initiator groups; and in response to receiving a discovery request from a given initiator grouped in a given initiator group of the plurality of initiator groups, returning addressing information for a target group of the plurality of target groups associated with the given initiator group in a security policy configuration for the software defined network.

公开(公告)号：US11336694B2

公开(公告)日：2022-05-17

申请号：US16532385

申请日：2019-08-05

Applicant: Cisco Technology, Inc.

Inventor： Gautam Venkataramanan ,  Umamaheswararao Karyampudi ,  Murukanandam K. Panchalingam ,  Ajay K. Modi ,  Maurizio Portolani

IPC: G06F17/30 ,  H04L29/06 ,  H04L41/0893 ,  H04L41/0803 ,  H04L41/0813

Abstract: Techniques for hierarchical security policies are disclosed. A first network configuration is received, where the first network configuration includes a plurality of subnets and a plurality of security zones. An updated network configuration is generated based on the first network configuration by generating, for a first security zone of the plurality of security zones, a first master class, and generating, for each respective subnet of the plurality of subnets, a respective bridge domain. For each respective bridge domain, a respective local endpoint group (EPG) corresponding to the first security zone is created, and the first master class is assigned to the respective local EPG. Finally, one or more contracts are generated for the first master class based on the first network configuration.

公开(公告)号：US11303576B2

公开(公告)日：2022-04-12

申请号：US16656353

申请日：2019-10-17

Applicant: Cisco Technology, Inc.

Inventor： Ajay K. Modi ,  Atul Garg ,  Murukanandam K. Panchalingam ,  Umamaheswararao Karyampudi ,  Munish Mehta

IPC: H04L12/50 ,  H04L47/2483 ,  H04L45/7453 ,  H04L47/125 ,  H04L49/9057 ,  H04L49/00 ,  H04L12/18

Abstract: A network device receives a fragmented packet of an internet protocol (IP) packet. The fragmented packet is subsequently received relative to an initial fragmented packet of the IP packet and includes a first set of tuple information. The network device determines an entry of a hash table associated with the IP packet, based on the first set of tuple information and a fragment identifier (ID) within the fragmented packet. The network device retrieves a second set of tuple information associated with the fragmented packet from the hash table entry, and transmits an indication of the first and second sets of tuple information.