公开(公告)号：US20200145321A1

公开(公告)日：2020-05-07

申请号：US16230933

申请日：2018-12-21

Applicant: Cisco Technology, Inc.

Inventor： Carlos M. PIGNATARO ,  Frank BROCKNERS ,  Shwetha Subray BHANDARI ,  Nagendra Kumar NAINAR

IPC: H04L12/761 ,  H04L12/749 ,  H04L12/715 ,  H04L12/723

Abstract: In one embodiment, improved operations processing of multiple-protocol packets is performed by a node connected to a network. Received is a multiple-protocol (MP) packet that has multiple protocol headers, each having an operations data field. The operations data field of a first protocol header includes first protocol ordered operations data. Operations data is cohered from the operations data field of each of multiple protocol headers into the operations data field of a second protocol header resulting in the operations data field of the second protocol header including ordered MP operations data evidencing operations data of each of the multiple network nodes in a node traversal order taken by the MP packet among multiple network nodes. The ordered MP operations data includes said first protocol ordered operations data cohered from the operations data field of the first protocol header.

公开(公告)号：US20200145255A1

公开(公告)日：2020-05-07

申请号：US16231247

申请日：2018-12-21

Applicant: Cisco Technology, Inc.

Inventor： Carlos M. PIGNATARO ,  Frank BROCKNERS ,  Shwetha Subray BHANDARI ,  Nagendra Kumar NAINAR

IPC: H04L12/46 ,  H04L12/749 ,  H04L12/54

Abstract: In one embodiment, a service function forwarder (SFF) analyzes pre-service state and post-service state of an original packet to determine whether to initiate and perform service offload or service bypass. A service function forwarder (SFF) receives a particular packet having a service function chain (SFC) encapsulation of the original packet, the SFC encapsulation identifying a particular service function path (SFP) designating a particular service function (SF). The SFF extracts pre-service state of the original packet, typically adding it to the particular packet in an In-Situ Operations, Administration, and Maintenance (IOAM) data field (or alternatively storing locally) before sending the particular packet to the particular SF. The SFF receives the particular packet after the SF applies the particular network service. In response to analyzing pre-service state and post-service state by the SFF, the SFF may perform service bypass or service offload for subsequently received packets identifying the same particular SFP.

公开(公告)号：US20190327187A1

公开(公告)日：2019-10-24

申请号：US16503558

申请日：2019-07-04

Applicant: Cisco Technology, Inc.

Inventor： Carlos M. PIGNATARO ,  Frank BROCKNERS ,  David Delano WARD

IPC: H04L12/935 ,  H04L29/06 ,  H04L12/721 ,  H04L12/715 ,  H04L29/08

Abstract: In one embodiment, a service chain data packet is instrumented as it is communicated among network nodes in a network providing service-level and/or networking operations visibility. The service chain data packet includes a particular header identifying a service group defining one or more service functions, and is a data packet and not a probe packet. A network node adds networking and/or service-layer operations data to the particular service chain data packet, such as, but not limited to, in the particular header. Such networking operations data includes a performance metric or attribute related to the transport of the particular service chain packet in the network. Such service-layer operations data includes a performance metric or attribute related to the service-level processing of the particular service chain data packet in the network.

公开(公告)号：US20240012931A1

公开(公告)日：2024-01-11

申请号：US17859715

申请日：2022-07-07

Applicant: Cisco Technology, Inc.

Inventor： Marcelo Yannuzzi ,  Hervé MUYAL ,  Jean Andrei DIACONU ,  Frank BROCKNERS ,  Carlos GONCALVES PEREIRA

IPC: G06F21/62 ,  G06F21/51

CPC classification number: G06F21/6245 ,  G06F21/51

Abstract: In one embodiment, a device determines a category of sensitive data processed by an application, based on annotations embedded into programming code of the application and protection bindings, which associate the category of sensitive data with one or more data types used by the application. The device computes, based on one or more data compliance constraints for the category of sensitive data, a set of one or more execution constraints for the application. The device identifies target infrastructure to execute a workload of the application that satisfies the set of one or more execution constraints. The device causes a deployment of the workload of the application for execution by the target infrastructure.

公开(公告)号：US20240012911A1

公开(公告)日：2024-01-11

申请号：US17859707

申请日：2022-07-07

Applicant: Cisco Technology, Inc.

Inventor： Marcelo Yannuzzi ,  Hervé MUYAL ,  Jean Andrei DIACONU ,  Frank BROCKNERS ,  Carlos GONCALVES PEREIRA

IPC: G06F21/60 ,  G06F21/62

CPC classification number: G06F21/602 ,  G06F21/6245

Abstract: In one embodiment, an observability and assurance service, associated with various clusters of application services for an application that are executed in a data mesh, may configure a data compliance filter for a particular application service in one of the clusters of application services according to a data compliance policy. The observability and assurance service may monitor the data and traffic associated with the particular application service, wherein the data compliance filter is applied to the traffic to restrict sensitive data in the traffic from being processed by the particular application service. The observability and assurance service may make a determination that the data compliance policy has been violated by the particular application service. The observability and assurance service may modify, based on the determination, the data compliance filter for the particular application service.

公开(公告)号：US20200153734A1

公开(公告)日：2020-05-14

申请号：US16231197

申请日：2018-12-21

Applicant: Cisco Technology, Inc.

Inventor： Nagendra Kumar NAINAR ,  Carlos M. PIGNATARO ,  Frank BROCKNERS ,  Shwetha Subray BHANDARI

IPC: H04L12/715 ,  H04L12/741 ,  H04L12/801 ,  H04L12/803 ,  H04L12/54 ,  H04L12/713

Abstract: In one embodiment, in-band operations data included in packets being processed is used to signal among entities of a virtualized packet processing apparatus. Using in-band operations data provides insight on actual entities used in processing of the packet within the virtualized packet processing apparatus. The operations data in the packet is modified to signal a detected overload condition of an entity that participates in communicating the packet within the virtualized packet processing apparatus and/or applying a network service to the packet. An In-Situ Operations, Administration, and Maintenance (IOAM) header is used in one embodiment, with the IOAM header typically including a new Overload Flag to signal the detection of the overload condition. In response to the signaled overload condition, a load balancer is adjusted such that future packets are not distributed to the virtualized entity associated with the detected overload condition.

公开(公告)号：US20240305562A1

公开(公告)日：2024-09-12

申请号：US18117841

申请日：2023-03-06

Applicant: Cisco Technology, Inc.

Inventor： Mankamana Prasad Mishra ,  Rajiv ASATI ,  Nitin KUMAR ,  Krishnaswamy MUDDENAHALLY ANANTHAMURTHY ,  Frank BROCKNERS

IPC: H04L45/48 ,  H04L43/12 ,  H04L45/30

CPC classification number: H04L45/48 ,  H04L43/12 ,  H04L45/30

Abstract: According to one or more embodiments of the disclosure, an example process herein may comprise: causing, responsive to a triggering event, establishment of a service tree that follows a same path as a multicast parent tree through a data communication network to one or more intended recipient devices; causing a duplication of a particular flow from the multicast parent tree to the service tree; causing a determination of a performance characteristic of the particular flow through the service tree; and causing an association of the performance characteristic with the multicast parent tree.

公开(公告)号：US20240012921A1

公开(公告)日：2024-01-11

申请号：US17859720

申请日：2022-07-07

Applicant: Cisco Technology, Inc.

Inventor： Marcelo Yannuzzi ,  Hervé MUYAL ,  Jean Andrei DIACONU ,  Frank BROCKNERS ,  Carlos GONCALVES PEREIRA

IPC: G06F21/62 ,  G06F9/54

CPC classification number: G06F21/6218 ,  G06F9/543

Abstract: In one embodiment, a device may obtain a location of an endpoint that communicates with an application service. The device may match the location of the endpoint to a data compliance policy. The device may identify sensitive data within the application service to which the data compliance policy applies. The device may configure the application service to permit the endpoint to at least one of access or send the sensitive data when permitted by the data compliance policy.

公开(公告)号：US20200344152A1

公开(公告)日：2020-10-29

申请号：US16392299

申请日：2019-04-23

Applicant: Cisco Technology, Inc.

Inventor： Carlos M. PIGNATARO ,  Nagendra Kumar NAINAR ,  Reshad RAHMAN ,  Frank BROCKNERS ,  Shwetha Subray BHANDARI

IPC: H04L12/707 ,  H04L12/703 ,  H04L12/24 ,  H04L29/06

Abstract: In one embodiment, in-band operations data (e.g., In-situ Operations, Administration, Maintenance and/or other operations data) is added to Seamless Bidirectional Forwarding (S-BFD) packets. In one embodiment, a S-BFD packet received by a node includes a BFD discriminator and operations data. Reactive processing is identified based on the BFD discriminator. The S-BFD packet and the operations data (e.g., in an operations data field in a header of the received S-BFD packet, in an IOAM Type-Length-Value (TLV), etc.) is processed according to the identified reactive function. Examples of these reactive actions include, but are not limited to, determining a result based on processing of said particular operations data by the local node or a remote analytics server, and sending a response packet including unprocessed and/or a result of the processed operations data (e.g., performance, loss, jitter, an indication of compliance with a service level agreement, and/or another data measurement or result).