公开(公告)号：US09419919B2

公开(公告)日：2016-08-16

申请号：US13839969

申请日：2013-03-15

Applicant: Cisco Technology, Inc.

Inventor： Ankur Goyal ,  Manuwela Kanade ,  Shivaranjani Sankara Krishnan ,  Anand Parthasarathy

IPC: H04L12/28 ,  H04L12/931 ,  H04L12/24

CPC classification number: H04L49/354 ,  H04L41/0803 ,  H04L41/0846 ,  Y02D30/30

Abstract: Techniques for configuring a virtual network device are provided. Embodiments identify a network device profile specifying a virtual link teaming domain. Upon receiving a network message advertising the virtual link teaming domain from a peer network device of the two or more network devices, on a plurality of links of the first network device, the plurality of links are teamed, based on the virtual link teaming domain, to create a first link bundle. Embodiments advertise a virtual link teaming identifier to a neighboring network device of the first network device. Here, the neighboring network device is configured to use the virtual link teaming identifier to bundle links between the neighboring network device and the virtual network device.

Abstract translation: 提供了用于配置虚拟网络设备的技术。 实施例识别指定虚拟链路分组域的网络设备简档。 在从所述两个或多个网络设备的对等网络设备接收到在所述第一网络设备的多个链路上广告所述虚拟链路分组域的网络消息时，基于所述虚拟链路分组域，所述多个链路被组合， 创建第一个链接包。 实施例将虚拟链路组合标识符通告给第一网络设备的相邻网络设备。 这里，相邻网络设备被配置为使用虚拟链路组合标识符来捆绑相邻网络设备和虚拟网络设备之间的链路。

公开(公告)号：US20140269432A1

公开(公告)日：2014-09-18

申请号：US13839969

申请日：2013-03-15

Applicant: Cisco Technology, Inc.

Inventor： Ankur Goyal ,  Manuwela Kanade ,  Shivaranjani Sankara Krishnan ,  Anand Parthasarathy

IPC: H04L12/24 ,  H04L12/931

CPC classification number: H04L49/354 ,  H04L41/0803 ,  H04L41/0846 ,  Y02D30/30

Abstract: Techniques for configuring a virtual network device are provided. Embodiments identify a network device profile specifying a virtual link teaming domain. Upon receiving a network message advertising the virtual link teaming domain from a peer network device of the two or more network devices, on a plurality of links of the first network device, the plurality of links are teamed, based on the virtual link teaming domain, to create a first link bundle. Embodiments advertise a virtual link teaming identifier to a neighboring network device of the first network device. Here, the neighboring network device is configured to use the virtual link teaming identifier to bundle links between the neighboring network device and the virtual network device.

Abstract translation: 提供了用于配置虚拟网络设备的技术。 实施例识别指定虚拟链路分组域的网络设备简档。 在从所述两个或多个网络设备的对等网络设备接收到在所述第一网络设备的多个链路上广告所述虚拟链路分组域的网络消息时，基于所述虚拟链路分组域，所述多个链路被组合， 创建第一个链接包。 实施例将虚拟链路组合标识符通告给第一网络设备的相邻网络设备。 这里，相邻网络设备被配置为使用虚拟链路组合标识符来捆绑相邻网络设备和虚拟网络设备之间的链路。

公开(公告)号：US10148431B2

公开(公告)日：2018-12-04

申请号：US14472358

申请日：2014-08-28

Applicant: Cisco Technology, Inc.

Inventor： Praveen Patnala ,  Anand Parthasarathy ,  Makarand Deshmukh ,  Jason Mellblom

IPC: H04L9/08 ,  H04L29/06 ,  H04L9/14

Abstract: Mechanisms are provided for generating a master key used to secure key objects associated with data blocks in a data center. A cryptographic node creation request is received. It is determined that a master key can not be obtained from another cryptographic node in the data center. A master key is generated. The master key is included in a key hierarchy used to encrypt a data center key object, the data center key object corresponding to a data block maintained in a storage area network (SAN), where the data center key object includes a unique identifier, an encrypted key, and a wrapper unique identifier. The master key is split into N shares, with M shares required to recreate the master key, wherein M is less than N. The N shares are distributed to different entities.

公开(公告)号：US20150172156A1

公开(公告)日：2015-06-18

申请号：US14132269

申请日：2013-12-18

Applicant: Cisco Technology, Inc.

Inventor： Anil K. Lohiya ,  Vipin Jain ,  Dhananjaya Rao ,  Anand Parthasarathy

IPC: H04L12/26 ,  H04L29/12

CPC classification number: H04L61/103 ,  H04L61/2069 ,  H04L61/2503 ,  H04L61/6068

Abstract: A method of one example embodiment includes receiving at a first network element a packet from a host local to the first network element destined for a remote host; determining that a subnet of the remote host is not instantiated on the first network element; originating a discovery request to discover the remote host, wherein the discovery request is originated in a Virtual Routing Forwarding instance (“VRF”) and identifies the subnet to which the remote host belongs; and broadcasting the discovery request to network elements comprising the VRF. The method may further include, upon receipt of the discovery request, determining whether the identified subnet is configured locally on the second network element and if not, dropping the discovery request; otherwise, rewriting the discovery request to include to an anycast IP address of the remote host's subnet and forwarding the rewritten request.

Abstract translation: 一个示例性实施例的方法包括在第一网络元件处接收来自本地到主机到远程主机的第一网络元件的主机的分组; 确定所述远程主机的子网不在所述第一网络元件上被实例化; 发起发现请求以发现远程主机，其中发现请求起始于虚拟路由转发实例（“VRF”），并且识别远程主机所属的子网; 并将发现请求广播到包括VRF的网络元件。 所述方法还可以包括：在接收到所述发现请求时，确定所识别的子网是否被配置在所述第二网元上的本地，如果不是，则丢弃所述发现请求; 否则，重写发现请求以包括在远程主机的子网的任播IP地址并转发重写的请求。

公开(公告)号：US20150019870A1

公开(公告)日：2015-01-15

申请号：US14472358

申请日：2014-08-28

Applicant: Cisco Technology, Inc.

Inventor： Praveen Patnala ,  Anand Parthasarathy ,  Makarand Deshmukh ,  Jason Mellblom

IPC: H04L9/08 ,  H04L9/14

CPC classification number: H04L9/0822 ,  H04L9/085 ,  H04L9/0866 ,  H04L9/14 ,  H04L63/06 ,  H04L2209/24

Abstract: Mechanisms are provided for generating a master key used to secure key objects associated with data blocks in a data center. A cryptographic node creation request is received. It is determined that a master key can not be obtained from another cryptographic node in the data center. A master key is generated. The master key is included in a key hierarchy used to encrypt a data center key object, the data center key object corresponding to a data block maintained in a storage area network (SAN), where the data center key object includes a unique identifier, an encrypted key, and a wrapper unique identifier. The master key is split into N shares, with M shares required to recreate the master key, wherein M is less than N. The N shares are distributed to different entities.

Abstract translation: 提供了用于生成用于保护与数据中心中的数据块相关联的密钥对象的主密钥的机制。 接收加密节点创建请求。 确定不能从数据中心中的另一密码节点获得主密钥。 生成主密钥。 主密钥被包括在用于加密数据中心密钥对象的密钥层级中，数据中心密钥对象对应于维护在存储区域网络（SAN）中的数据块，其中数据中心密钥对象包括唯一标识符， 加密密钥和封装唯一标识符。 主密钥分为N股，M股需要重新创建主密钥，其中M小于N。N股分配给不同的实体。