公开(公告)号：US12199942B1

公开(公告)日：2025-01-14

申请号：US18484897

申请日：2023-10-11

Applicant: Cisco Technology, Inc.

Inventor： Balaji Sundararajan ,  Ajeet Pal Singh Gill ,  Sampath Sthothra Bhasham ,  Satish Kumar Mahadevan ,  Madhusudan V. Gindi ,  Tahir Ali

IPC: G06F15/16 ,  H04L12/46 ,  H04L61/256

Abstract: A process can include determining a plurality of Network Address Translation (NAT) routes associated with respective edge routers included in a same virtual private network (VPN) for communicating with a software-defined wide area network (SDWAN). A process can include identifying a first subset of the plurality of NAT routes as mapped to a first public NAT address included in a NAT pool associated with the VPN. A process can include tagging each NAT route of the first subset with a tag value indicative of a preferred router for receiving return traffic of the respective NAT route. A process can include routing traffic on a respective NAT route of the plurality of NAT routes based on applying, at an SDWAN controller, a corresponding control policy matching the tag value of the respective NAT route.

公开(公告)号：US20240015225A1

公开(公告)日：2024-01-11

申请号：US18473422

申请日：2023-09-25

Applicant: Cisco Technology, Inc.

Inventor： Srilatha Tangirala ,  Rahul Hardikar ,  Sheikh Qumruzzaman ,  Ravi Kiran Chintallapudi ,  Samir Thoria ,  Ajeet Pal Singh Gill ,  Vivek Agarwal

IPC: H04L67/141 ,  H04L12/46 ,  H04L9/40

CPC classification number: H04L67/141 ,  H04L12/4641 ,  H04L63/0428 ,  H04L63/166

Abstract: In one embodiment, a method includes onboarding, by an edge router, a first tenant from a network management system and determining, by the edge router, a mapping of a tenant identifier associated with the first tenant to a controller identifier associated with a controller. The method also includes reserving, by the edge router, a port number in a kernel for the first tenant and inserting, by the edge router, the tenant identifier into a first control packet. The method further includes communicating, by the edge router, the first control packet to the controller via an encrypted control connection during a first peering session. The first peering session shares the encrypted control connection with a second peering session.

公开(公告)号：US20230327994A1

公开(公告)日：2023-10-12

申请号：US17718775

申请日：2022-04-12

Applicant: Cisco Technology, Inc.

Inventor： Balaji Sundararajan ,  Srilatha Tangirala ,  Ajeet Pal Singh Gill ,  Vivek Agarwal ,  Nithin Bangalore Raju

IPC: H04L47/20 ,  H04L69/16

CPC classification number: H04L47/20 ,  H04L69/16

Abstract: According to certain embodiments, a method by a network device includes receiving a handshake message for a traffic flow from a Software-Defined Wide-Area Network (SDWAN) and determining, from a traffic policy, whether the traffic flow should be symmetrical. In response to determining from the traffic policy that the traffic flow should be symmetrical, the method further includes performing a flow lookup on the traffic flow to determine if the network device originated the traffic flow. In response to determining that the network device did not originate the traffic flow, the method further includes determining a second network device that originated the traffic flow and sending the handshake message for the traffic flow to the second network device in order to maintain symmetry for the traffic flow.

公开(公告)号：US10382346B2

公开(公告)日：2019-08-13

申请号：US15791616

申请日：2017-10-24

Applicant: Cisco Technology, Inc.

Inventor： Prasannakumar Murugesan ,  Ajeet Pal Singh Gill ,  Aeneas Sean Dodd-Noble ,  David A. Johnson ,  Ian McDowell Campbell

IPC: H04L12/721 ,  H04L12/851

Abstract: In accordance with various implementations, a method is performed at a data plane node with one or more processors, non-transitory memory, and a control interface between a network function module associated with the data plane node and a switch associated with the data plane node. The method includes determining whether an offload capability is available for a data flow received at an ingress network interface of the data plane node. The method also includes determining whether the data flow satisfies offload criteria in response to determining that the offload capability is available. The method includes bypassing the network function module associated with the data plane node and providing the data flow to at least one of the switch associated with the data plane node or an egress network interface associated with the data plane node in response to determining the offload capability is available and the offload criteria is satisfied.

公开(公告)号：US20250030638A1

公开(公告)日：2025-01-23

申请号：US18908162

申请日：2024-10-07

Applicant: Cisco Technology, Inc.

Inventor： Balaji Sundararajan ,  Srilatha Tangirala ,  Ajeet Pal Singh Gill ,  Vivek Agarwal ,  Nithin Bangalore Raju

IPC: H04L47/20 ,  H04L69/16

Abstract: According to certain embodiments, a method by a network device includes receiving a handshake message for a traffic flow from a Software-Defined Wide-Area Network (SDWAN) and determining, from a traffic policy, whether the traffic flow should be symmetrical. In response to determining from the traffic policy that the traffic flow should be symmetrical, the method further includes performing a flow lookup on the traffic flow to determine if the network device originated the traffic flow. In response to determining that the network device did not originate the traffic flow, the method further includes determining a second network device that originated the traffic flow and sending the handshake message for the traffic flow to the second network device in order to maintain symmetry for the traffic flow.

公开(公告)号：US11962429B1

公开(公告)日：2024-04-16

申请号：US17979255

申请日：2022-11-02

Applicant: Cisco Technology, Inc.

Inventor： Balaji Sundararajan ,  Srilatha Tangirala ,  Ajeet Pal Singh Gill ,  Nithin Bangalore Raju ,  Ravi Kiran Chintallapudi ,  Pradeepan Kannawadi ,  Ganesh Devendrachar

IPC: H04L12/28 ,  H04L67/10

CPC classification number: H04L12/28 ,  H04L67/10

Abstract: Techniques for virtualizing tenant transport interfaces configured to implement per-tenant network routing attribute differentiation in each tenant overlay of a multisite wide area network (WAN) and share the virtual transport interfaces between multi-tenant edge (MTE) devices providing transport services to tenant devices based on a defined tenant tier model. A Software-Defined Networking (SDN) controller may receive a physical transport interface and/or a device type associated with a tenant device. The SDN controller may determine a virtual transport interface for the tenant device based on a tier associated with the tenant. MTE device(s) may utilize the physical transport interface to establish sessions with other MTE device(s) in the WAN. The virtual transport interface may be utilized by MTE devices to implement and/or enforce network routing attributes when forwarding network traffic associated with the tenant via the sessions established between the MTE devices through the WAN.

公开(公告)号：US11778038B2

公开(公告)日：2023-10-03

申请号：US17709877

申请日：2022-03-31

Applicant: Cisco Technology, Inc.

Inventor： Srilatha Tangirala ,  Rahul Hardikar ,  Sheikh Qumruzzaman ,  Ravi Kiran Chintallapudi ,  Samir Thoria ,  Ajeet Pal Singh Gill ,  Vivek Agarwal

IPC: H04L67/141 ,  H04L9/40 ,  H04L45/76 ,  H04L41/122

CPC classification number: H04L67/141 ,  H04L41/122 ,  H04L45/76 ,  H04L63/0428

Abstract: In one embodiment, a method includes onboarding, by an edge router, a first tenant from a network management system and determining, by the edge router, a mapping of a tenant identifier associated with the first tenant to a controller identifier associated with a controller. The method also includes reserving, by the edge router, a port number in a kernel for the first tenant and inserting, by the edge router, the tenant identifier into a first control packet. The method further includes communicating, by the edge router, the first control packet to the controller via an encrypted control connection during a first peering session. The first peering session shares the encrypted control connection with a second peering session.

公开(公告)号：US20230262525A1

公开(公告)日：2023-08-17

申请号：US17882859

申请日：2022-08-08

Applicant: Cisco Technology, Inc.

Inventor： Gangadharan Byju Pularikkal ,  Einar Nilsen-Nygaard ,  Vivek Agarwal ,  Ajeet Pal Singh Gill ,  Ravi Sankar Mantha ,  Saravanan Radhakrishnan

IPC: H04W28/12 ,  H04L41/40 ,  H04W40/24

CPC classification number: H04W28/12 ,  H04L41/40 ,  H04W40/24

Abstract: In one embodiment, a method includes receiving one or more 5G software-defined wide area network (SD-WAN) policies, identifying one or more identity-based policies from the one or more 5G SD-WAN policies, communicating the identified one or more identity-based policies to one or more WAN routers, communicating one or more 5G bindings to the one or more WAN routers, and applying the identified one or more identity-based policies to one or more flows between the one or more WAN routers.

公开(公告)号：US20250039089A1

公开(公告)日：2025-01-30

申请号：US18775523

申请日：2024-07-17

Applicant: Cisco Technology, Inc.

Inventor： Ganesh Devendrachar ,  Ajeet Pal Singh Gill ,  Balaji Sundararajan ,  Srilatha Tangirala ,  Satish Varadarajula ,  Satyajit Das

IPC: H04L45/76 ,  H04L45/24 ,  H04L47/125

Abstract: Techniques for automatically providing per tenant weighted DCMP over shared transport interfaces and automated flow has load balancing are described. The techniques may include onboarding, by an SD-WAN controller, the tenant with a resource profile to a first multi-tenant edge device, where the resource profile defines a traffic allowance per transport interface for the tenant on the first multi-tenant edge device. The SD-WAN controller receives, from the first multi-tenant edge device, information including a first weight per transport interface of the first multi-tenant edge device for the tenant. The SD-WAN controller transmits the information to a second multi-tenant device. The SD-WAN controller receives, from the second multi-tenant edge device, information including a second weight per transport interface of the second multi-tenant edge device, and transmits the information to the first multi-tenant edge device.

公开(公告)号：US20240146565A1

公开(公告)日：2024-05-02

申请号：US17979255

申请日：2022-11-02

Applicant: Cisco Technology, Inc.

Inventor： Ajeet Pal Singh Gill ,  Balaji Sundararajan ,  Srilatha Tangirala ,  Nithin Bangalore Raju ,  Ravi Kiran Chintallapudi ,  Pradeepan Kannawadi ,  Ganesh Devendrachar

IPC: H04L12/28 ,  H04L67/10

CPC classification number: H04L12/28 ,  H04L67/10

Abstract: Techniques for virtualizing tenant transport interfaces configured to implement per-tenant network routing attribute differentiation in each tenant overlay of a multisite wide area network (WAN) and share the virtual transport interfaces between multi-tenant edge (MTE) devices providing transport services to tenant devices based on a defined tenant tier model. A Software-Defined Networking (SDN) controller may receive a physical transport interface and/or a device type associated with a tenant device. The SDN controller may determine a virtual transport interface for the tenant device based on a tier associated with the tenant. MTE device(s) may utilize the physical transport interface to establish sessions with other MTE device(s) in the WAN. The virtual transport interface may be utilized by MTE devices to implement and/or enforce network routing attributes when forwarding network traffic associated with the tenant via the sessions established between the MTE devices through the WAN.