公开(公告)号：US11546312B2

公开(公告)日：2023-01-03

申请号：US17027424

申请日：2020-09-21

Applicant: Cisco Technology, Inc.

Inventor： Syed Khalid Raza ,  Mosaddaq Hussain Turabi ,  Lars Olaf Stefan Olofsson ,  Atif Khan ,  Praveen Raju Kariyanahalli

IPC: H04L29/06 ,  H04L9/40 ,  H04L9/08 ,  H04L9/32

Abstract: A method may include determining, by a first network device, a type of control channel to open across a transport in a software-defined network (SDN). The method may also include establishing the control channel with a control device via a control plane that is separate from a data plane. The method may further include advertising first security association parameters to the control device via the control channel. The method may include receiving, from the control device via the control channel, second security association parameters associated with a second network device. The method may also include establishing a data plane connection with the second network device using the second security association parameters.

公开(公告)号：US20190229991A1

公开(公告)日：2019-07-25

申请号：US16374427

申请日：2019-04-03

Applicant: Cisco Technology, Inc.

Inventor： Vinay Prabhu ,  Praveen Kariyanahalli ,  Manan Shah ,  Atif Khan ,  Shreyas Heranjal

IPC: H04L12/24 ,  H04L12/46 ,  H04L12/715 ,  H04L12/28

Abstract: A method and system for managing connections with a distributed control plane is provided. The method includes generating, by a router, a controller identifier (ID) list comprising a plurality of controller group IDs of a plurality of controller groups, wherein one controller group ID uniquely identifies one controller group. The method also includes identifying a first controller group, by the router from the list, with which a connection is to be established. Further, the method includes establishing, by the router, the connection with a controller of the first controller group if at least one of following conditions is met I) the router has not exhausted maximum number of connections, 2) the router has previously had a connection with the controller of the first controller group, and 3) the router has an existing connection with a controller of a second controller group not present in the list.

公开(公告)号：US10142254B1

公开(公告)日：2018-11-27

申请号：US14028514

申请日：2013-09-16

Applicant: Cisco Technology, Inc.

Inventor： Lars Olof Stefan Olofsson ,  Atif Khan ,  Syed Khalid Raza ,  Himanshu H. Shah ,  Amir Khan ,  Nehal Bhau

IPC: H04L12/28 ,  H04L12/911

Abstract: A method for routing is disclosed. The method comprises establishing an overlay network, comprising a plurality of network elements and an overlay controller; wherein the overlay controller is in communication with each network element via a secure tunnel established through an underlying transport network; receiving by the overlay controller, information from each service-hosting network element information said information identifying a service hosted at that service-hosting network element, and label associated with the service-hosting network element; identifying by the overlay controller, at least one policy that associates traffic from a site with a service; and causing by said overly controller, the at least one policy to be executed so that traffic from the site identified in the policy is routed using the underlying transport network to the service-hosting network element associated with the said service.

公开(公告)号：USRE50121E1

公开(公告)日：2024-09-10

申请号：US17104933

申请日：2020-11-25

Applicant: Cisco Technology, Inc.

Inventor： Lars Olof Stefan Olofsson ,  Atif Khan ,  Syed Khalid Raza ,  Himanshu H. Shah ,  Amir Khan ,  Nehal Bhau

IPC: H04L12/28 ,  H04L12/911 ,  H04L45/64 ,  H04L47/70

CPC classification number: H04L47/70 ,  H04L45/64

Abstract: A method for routing is disclosed. The method comprises establishing an overlay network, comprising a plurality of network elements and an overlay controller; wherein the overlay controller is in communication with each network element via a secure tunnel established through an underlying transport network; receiving by the overlay controller, information from each service-hosting network element information said information identifying a service hosted at that service-hosting network element, and label associated with the service-hosting network element; identifying by the overlay controller, at least one policy that associates traffic from a site with a service; and causing by said overly controller, the at least one policy to be executed so that traffic from the site identified in the policy is routed using the underlying transport network to the service-hosting network element associated with the said service.

公开(公告)号：USRE49485E1

公开(公告)日：2023-04-04

申请号：US17160178

申请日：2021-01-27

Applicant: Cisco Technology, Inc.

Inventor： Atif Khan ,  Syed Khalid Raza ,  Nehal Bhau ,  Himanshu H. Shah

IPC: H04L29/06 ,  H04L12/751 ,  H04L12/715 ,  H04L12/701 ,  H04L9/40 ,  H04L45/00 ,  H04L45/02 ,  H04L45/64 ,  H04L12/28

Abstract: A method for creating a secure network is provided. The method comprises establishing an overlay domain to control routing between overlay edge routers based on an underlying transport network, wherein said establishing comprises running an overlay management protocol to exchange information within the overlay domain; in accordance with the overlay management protocol defining service routes that exist exclusively within the overlay domain wherein each overlay route includes information on at least service availability within the overlay domain; and selectively using the service routes to control routing between the overlay edge routers; wherein the said routing is through the underlying transport network in a manner in which said overlay routes is shared with the overlay edge routers but not with the underlying transport network via the overlay management protocol.

公开(公告)号：US20210006546A1

公开(公告)日：2021-01-07

申请号：US17027424

申请日：2020-09-21

Applicant: Cisco Technology, Inc.

Inventor： Syed Khalid Raza ,  Mosaddaq Hussain Turabi ,  Lars Olaf Stefan Olofsson ,  Atif Khan ,  Praveen Raju Kariyanahalli

IPC: H04L29/06 ,  H04L9/08 ,  H04L9/32

Abstract: A method may include determining, by a first network device, a type of control channel to open across a transport in a software-defined network (SDN). The method may also include establishing the control channel with a control device via a control plane that is separate from a data plane. The method may further include advertising first security association parameters to the control device via the control channel. The method may include receiving, from the control device via the control channel, second security association parameters associated with a second network device. The method may also include establishing a data plane connection with the second network device using the second security association parameters.

公开(公告)号：US20200036686A1

公开(公告)日：2020-01-30

申请号：US16536756

申请日：2019-08-09

Applicant: Cisco Technology, Inc.

Inventor： Lars Olof Stefan Olofsson ,  Atif Khan ,  Syed Khalid Raza ,  Himanshu H. Shah ,  Amir Khan ,  Nehal Bhau

IPC: H04L29/06 ,  H04L12/46 ,  H04L9/08 ,  H04L12/715 ,  H04L29/08

Abstract: A method for operating a network is provided. The method comprises segmenting the network into a plurality of virtual private networks, wherein each virtual private network runs on an underlying physical network; and wherein each virtual private network represents a particular context; and configuring at least some nodes within the network to send and receive traffic based on context.

公开(公告)号：USRE50148E1

公开(公告)日：2024-09-24

申请号：US17085767

申请日：2020-10-30

Applicant: Cisco Technology, Inc.

Inventor： Atif Khan ,  Syed Khalid Raza ,  Nehal Bhau ,  Himanshu H. Shah

IPC: H04L29/06 ,  H04L9/40 ,  H04L12/701 ,  H04L12/715 ,  H04L12/751 ,  H04L45/00 ,  H04L45/02 ,  H04L45/64 ,  H04L12/28

CPC classification number: H04L63/0209 ,  H04L45/00 ,  H04L45/02 ,  H04L45/64 ,  H04L63/0272 ,  H04L63/205 ,  H04L12/2854 ,  H04L63/166

Abstract: A method for creating a secure network is provided. The method comprises establishing an overlay domain to control routing between overlay edge routers based on an underlying transport network, wherein said establishing comprises running an overlay management protocol to exchange information within the overlay domain; in accordance with the overlay management protocol defining service routes that exist exclusively within the overlay domain wherein each overlay route includes information on at least service availability within the overlay domain; and selectively using the service routes to control routing between the overlay edge routers; wherein the said routing is through the underlying transport network in a manner in which said overlay routes is shared with the overlay edge routers but not with the underlying transport network via the overlay management protocol.

公开(公告)号：US10938714B2

公开(公告)日：2021-03-02

申请号：US16551381

申请日：2019-08-26

Applicant: Cisco Technology, Inc.

Inventor： Atif Khan ,  Himanshu H. Shah ,  Nehal Bhau

IPC: H04L12/24 ,  H04L12/723 ,  H04L12/745 ,  H04L12/715

Abstract: A system may include a first border network device located between a first network domain and a third network domain, and a first edge network device in the first network domain, where the first edge network device may be configured to receive a packet. The packet may be directed to a second edge network device in a second network domain. The first edge network device may also be configured to add a second label to the packet that identifies a second border network device located at the border of a second network domain and the third network domain. The third network domain may be located between the first network domain and the second network domain. The first edge network device may additionally be configured to add a first label to the packet that identifies the first border network device, and route the packet to the first border network device.

公开(公告)号：US10785103B2

公开(公告)日：2020-09-22

申请号：US16374427

申请日：2019-04-03

Applicant: Cisco Technology, Inc.

Inventor： Vinay Prabhu ,  Praveen Kariyanahalli ,  Manan Shah ,  Atif Khan ,  Shreyas Heranjal

IPC: H04L12/24 ,  H04L12/28 ,  H04L12/46 ,  H04L12/715 ,  H04L12/721

Abstract: A method and system for managing connections with a distributed control plane is provided. The method includes generating, by a router, a controller identifier (ID) list comprising a plurality of controller group IDs of a plurality of controller groups, wherein one controller group ID uniquely identifies one controller group. The method also includes identifying a first controller group, by the router from the list, with which a connection is to be established. Further, the method includes establishing, by the router, the connection with a controller of the first controller group if at least one of following conditions is met I) the router has not exhausted maximum number of connections, 2) the router has previously had a connection with the controller of the first controller group, and 3) the router has an existing connection with a controller of a second controller group not present in the list.