公开(公告)号：US11822443B2

公开(公告)日：2023-11-21

申请号：US17902677

申请日：2022-09-02

Applicant: Cisco Technology, Inc.

Inventor： Pierre Pfister ,  Ian James Wells ,  Kyle Andrew Donald Mestery ,  William Mark Townsley ,  Yoann Desmouceaux ,  Guillaume Ruty ,  Aloys Augustin

IPC: G06F11/20 ,  G06F9/455 ,  H04L61/2503 ,  H04L61/58 ,  H04L101/00

CPC classification number: G06F11/2033 ,  G06F9/45558 ,  H04L61/2503 ,  G06F2009/45595 ,  G06F2201/85 ,  H04L61/58 ,  H04L2101/00

Abstract: This disclosure describes techniques for providing a distributed scalable architecture for Network Address Translation (NAT) systems with high availability and mitigations for flow breakage during failover events. The NAT servers may include functionality to serve as fast-path servers and/or slow-path servers. A fast-path server may include a NAT worker that includes a cache of NAT mappings to perform stateful network address translation and to forward packets with minimal latency. A slow-path server may include a mapping server that creates new NAT mappings, depreciates old ones, and answers NAT worker state requests. The NAT system may use virtual mapping servers (VMSs) running on primary physical servers with state duplicated VMSs on different physical failover servers. Additionally, the NAT servers may implement failover solutions for dynamically allocated routeable address/port pairs assigned to new sessions by assigning new outbound address/port pairs when a session starts and broadcasting pairing information.

公开(公告)号：US12095855B2

公开(公告)日：2024-09-17

申请号：US18101845

申请日：2023-01-26

Applicant: Cisco Technology, Inc.

Inventor： Yoann Desmouceaux ,  Pierre Pfister ,  Aloys Augustin ,  Mohammed Hawari

IPC: H04L67/1023 ,  H04L45/24 ,  H04L67/01 ,  H04L67/146 ,  H04L69/163 ,  H04L69/164 ,  H04L69/165

CPC classification number: H04L67/1023 ,  H04L45/24 ,  H04L67/146 ,  H04L69/163 ,  H04L69/164 ,  H04L69/165 ,  H04L67/01

Abstract: Techniques are described for providing a distributed application load-balancing architecture that supports multipath transport protocol for client devices connecting to an application service. Rather than having client devices generate new network five-tuples for new subflows to the application servers, the techniques described herein include shifting the burden to the application servers to ensure that the new network five-tuples land in the same bucket in the consistent hashing table. The application servers may receive a hashing function utilized by the load balancers to generate the hash of the network five-tuple. By having the application servers generate the hashes, the load balancers are able to continue stateless, low-level processing of the packets to route them to the correct application servers. In this way, additional subflows can be opened for client devices according to a multipath transport protocol while ensuring that the subflows are routed to the correct application server.

公开(公告)号：US20210103507A1

公开(公告)日：2021-04-08

申请号：US16592613

申请日：2019-10-03

Applicant: Cisco Technology, Inc.

Inventor： Pierre Pfister ,  Ian James Wells ,  Kyle Andrew Donald Mestery ,  William Mark Townsley ,  Yoann Desmouceaux ,  Guillaume Ruty ,  Aloys Augustin

IPC: G06F11/20 ,  G06F9/455 ,  H04L29/12

Abstract: This disclosure describes techniques for providing a distributed scalable architecture for Network Address Translation (NAT) systems with high availability and mitigations for flow breakage during failover events. The NAT servers may include functionality to serve as fast-path servers and/or slow-path servers. A fast-path server may include a NAT worker that includes a cache of NAT mappings to perform stateful network address translation and to forward packets with minimal latency. A slow-path server may include a mapping server that creates new NAT mappings, depreciates old ones, and answers NAT worker state requests. The NAT system may use virtual mapping servers (VMSs) running on primary physical servers with state duplicated VMSs on different physical failover servers. Additionally, the NAT servers may implement failover solutions for dynamically allocated routeable address/port pairs assigned to new sessions by assigning new outbound address/port pairs when a session starts and broadcasting pairing information.

公开(公告)号：US11570239B2

公开(公告)日：2023-01-31

申请号：US16853048

申请日：2020-04-20

Applicant: Cisco Technology, Inc.

Inventor： Yoann Desmouceaux ,  Pierre Pfister ,  Aloys Augustin ,  Mohammed Hawari

IPC: H04L67/1023 ,  H04L45/24 ,  H04L69/163 ,  H04L69/164 ,  H04L69/165 ,  H04L67/146 ,  H04L67/01

Abstract: Techniques are described for providing a distributed application load-balancing architecture that supports multipath transport protocol for client devices connecting to an application service. Rather than having client devices generate new network five-tuples for new subflows to the application servers, the techniques described herein include shifting the burden to the application servers to ensure that the new network five-tuples land in the same bucket in the consistent hashing table. The application servers may receive a hashing function utilized by the load balancers to generate the hash of the network five-tuple. By having the application servers generate the hashes, the load balancers are able to continue stateless, low-level processing of the packets to route them to the correct application servers. In this way, additional subflows can be opened for client devices according to a multipath transport protocol while ensuring that the subflows are routed to the correct application server.

公开(公告)号：US11029891B2

公开(公告)日：2021-06-08

申请号：US16181639

申请日：2018-11-06

Applicant: Cisco Technology, Inc.

Inventor： Andre Jean-Marie Surcouf ,  Guillaume Ruty ,  Mohammed Joseph Hawari ,  Aloys Augustin

IPC: G06F12/00 ,  G06F3/06 ,  G06F11/10 ,  H03M13/15

Abstract: Techniques are provided for storing data in a distributed storage system. A server stores an object according to a first storage policy in the distributed storage system that includes a plurality of storage nodes. Storing the object according to the first storage policy results in a first storage overhead for the object. The server receives a triggering event associated with the object, and the triggering event changes an attribute of the object. In response to the triggering event, the server identifies a second storage policy for the object. Storing the object according to the second storage policy results in a second storage overhead for the object different from the first storage overhead.

公开(公告)号：US20240364669A1

公开(公告)日：2024-10-31

申请号：US18139871

申请日：2023-04-26

Applicant: Cisco Technology, Inc.

Inventor： William Mark Townsley ,  Edward Albert Warnicke ,  Jerome Tollet ,  Aloys Augustin ,  Andrew Yourtchenko ,  Giles Douglas Yorke Heron

IPC: H04L9/40 ,  H04L45/24 ,  H04L45/745

CPC classification number: H04L63/0485 ,  H04L45/24 ,  H04L45/745

Abstract: Techniques for routing Internet Protocol security (IPsec) data packets. An index is assigned to a Security Parameter Index (SPI) header of the IPsec data packet. The index includes information for routing the data packet to a particular Encapsulating Security Payload (ESP) processor. The data packet can be routed using techniques that are analogous to conventional routing protocols such as IPv4 routing protocol. This allows the data packet to be routed using less expensive routing protocols rather than relying solely on more expensive load balancing techniques to route the data packet. This also advantageously allows the data packet to be routed employing routing techniques developed over decades of routing protocol development.

公开(公告)号：US20230179652A1

公开(公告)日：2023-06-08

申请号：US18101845

申请日：2023-01-26

Applicant: Cisco Technology, Inc.

Inventor： Yoann Desmouceaux ,  Pierre Pfister ,  Aloys Augustin ,  Mohammed Hawari

IPC: H04L67/1023 ,  H04L45/24 ,  H04L69/163 ,  H04L69/164 ,  H04L69/165 ,  H04L67/146

CPC classification number: H04L67/1023 ,  H04L45/24 ,  H04L69/163 ,  H04L69/164 ,  H04L69/165 ,  H04L67/146 ,  H04L67/01

Abstract: Techniques are described for providing a distributed application load-balancing architecture that supports multipath transport protocol for client devices connecting to an application service. Rather than having client devices generate new network five-tuples for new subflows to the application servers, the techniques described herein include shifting the burden to the application servers to ensure that the new network five-tuples land in the same bucket in the consistent hashing table. The application servers may receive a hashing function utilized by the load balancers to generate the hash of the network five-tuple. By having the application servers generate the hashes, the load balancers are able to continue stateless, low-level processing of the packets to route them to the correct application servers. In this way, additional subflows can be opened for client devices according to a multipath transport protocol while ensuring that the subflows are routed to the correct application server.

公开(公告)号：US20220413975A1

公开(公告)日：2022-12-29

申请号：US17902677

申请日：2022-09-02

Applicant: Cisco Technology, Inc.

Inventor： Pierre Pfister ,  Ian James Wells ,  Kyle Andrew Donald Mestery ,  William Mark Townsley ,  Yoann Desmouceaux ,  Guillaume Ruty ,  Aloys Augustin

IPC: G06F11/20 ,  G06F9/455 ,  H04L61/2503 ,  H04L61/58 ,  H04L101/00

Abstract: This disclosure describes techniques for providing a distributed scalable architecture for Network Address Translation (NAT) systems with high availability and mitigations for flow breakage during failover events. The NAT servers may include functionality to serve as fast-path servers and/or slow-path servers. A fast-path server may include a NAT worker that includes a cache of NAT mappings to perform stateful network address translation and to forward packets with minimal latency. A slow-path server may include a mapping server that creates new NAT mappings, depreciates old ones, and answers NAT worker state requests. The NAT system may use virtual mapping servers (VMSs) running on primary physical servers with state duplicated VMSs on different physical failover servers. Additionally, the NAT servers may implement failover solutions for dynamically allocated routeable address/port pairs assigned to new sessions by assigning new outbound address/port pairs when a session starts and broadcasting pairing information.

公开(公告)号：US11436111B2

公开(公告)日：2022-09-06

申请号：US16592613

申请日：2019-10-03

Applicant: Cisco Technology, Inc.

Inventor： Pierre Pfister ,  Ian James Wells ,  Kyle Andrew Donald Mestery ,  William Mark Townsley ,  Yoann Desmouceaux ,  Guillaume Ruty ,  Aloys Augustin

IPC: G06F11/20 ,  G06F9/455 ,  H04L61/2503 ,  H04L61/58

Abstract: This disclosure describes techniques for providing a distributed scalable architecture for Network Address Translation (NAT) systems with high availability and mitigations for flow breakage during failover events. The NAT servers may include functionality to serve as fast-path servers and/or slow-path servers. A fast-path server may include a NAT worker that includes a cache of NAT mappings to perform stateful network address translation and to forward packets with minimal latency. A slow-path server may include a mapping server that creates new NAT mappings, depreciates old ones, and answers NAT worker state requests. The NAT system may use virtual mapping servers (VMSs) running on primary physical servers with state duplicated VMSs on different physical failover servers. Additionally, the NAT servers may implement failover solutions for dynamically allocated routable address/port pairs assigned to new sessions by assigning new outbound address/port pairs when a session starts and broadcasting pairing information.

公开(公告)号：US20210329069A1

公开(公告)日：2021-10-21

申请号：US16853048

申请日：2020-04-20

Applicant: Cisco Technology, Inc.

Inventor： Yoann Desmouceaux ,  Pierre Pfister ,  Aloys Augustin ,  Mohammed Hawari

IPC: H04L29/08 ,  H04L12/707 ,  H04L29/06

Abstract: Techniques are described for providing a distributed application load-balancing architecture that supports multipath transport protocol for client devices connecting to an application service. Rather than having client devices generate new network five-tuples for new subflows to the application servers, the techniques described herein include shifting the burden to the application servers to ensure that the new network five-tuples land in the same bucket in the consistent hashing table. The application servers may receive a hashing function utilized by the load balancers to generate the hash of the network five-tuple. By having the application servers generate the hashes, the load balancers are able to continue stateless, low-level processing of the packets to route them to the correct application servers. In this way, additional subflows can be opened for client devices according to a multipath transport protocol while ensuring that the subflows are routed to the correct application server.