公开(公告)号：US20210243116A1

公开(公告)日：2021-08-05

申请号：US16860896

申请日：2020-04-28

Applicant: Cisco Technology, Inc.

Inventor： Clarence Filsfils ,  Ahmed Mohamed Ahmed Abdelsalam ,  Francois Clad ,  Pablo Camarillo Garvia ,  Kiran Sasidharan Pillai

IPC: H04L12/723 ,  H04L12/46 ,  H04L29/06 ,  H04L12/703 ,  H04L12/741

Abstract: The present technology pertains to a group-based network policy using Segment Routing over an IPv6 dataplane (SRv6). After a source application sends a packet, an ingress node can receive the packet, and if the source node is capable, it can identify an application policy and apply it. The ingress node indicates that the policy has been applied by including policy bits in the packet encapsulation. When the packet is received by the egress node, it can determine whether the policy was already applied, and if so, the packet is forward to the destination application. If the egress node determines that the policy has not be applied the destination application can apply the policy. Both the ingress node and egress nodes can learn of source application groups, destination application groups, and applicable policies through communication with aspects of the segment routing fabric.

公开(公告)号：US20220385573A1

公开(公告)日：2022-12-01

申请号：US17865125

申请日：2022-07-14

Applicant: Cisco Technology, Inc.

Inventor： Clarence Filsfils ,  Ahmed Mohamed Ahmed Abdelsalam ,  Francois Clad ,  Pablo Camarillo Garvia ,  Kiran Sasidharan Pillai

IPC: H04L45/741 ,  H04L45/42 ,  H04L45/00

Abstract: The present technology pertains to a group-based network policy using Segment Routing over an IPv6 dataplane (SRv6). After a source application sends a packet, an ingress node can receive the packet, and if the source node is capable, it can identify an application policy and apply it. The ingress node indicates that the policy has been applied by including policy bits in the packet encapsulation. When the packet is received by the egress node, it can determine whether the policy was already applied, and if so, the packet is forward to the destination application. If the egress node determines that the policy has not be applied the destination application can apply the policy. Both the ingress node and egress nodes can learn of source application groups, destination application groups, and applicable policies through communication with aspects of the segment routing fabric.

公开(公告)号：US20240275727A1

公开(公告)日：2024-08-15

申请号：US18166571

申请日：2023-02-09

Applicant: Cisco Technology, Inc.

Inventor： Kiran Sasidharan Pillai ,  Rajagopalan Janakiraman ,  Murukanandam Panchalingam ,  Muralidhar Annabatula

IPC: H04L47/2441

CPC classification number: H04L47/2441

Abstract: The techniques described herein relate to a method including: generating a first network policy and a second network policy at a forwarding device within a network, wherein the first network policy is applied to a first traffic classification and the second network policy is applied to a second traffic classification; obtaining first traffic from an endpoint device; classifying the first traffic with the first traffic classification; applying, at the forwarding device, the first network policy to the first traffic; obtaining, at the forwarding device, an indication of a network event within the network; obtaining second traffic from the endpoint device; classifying the second traffic with the second traffic classification in response to obtaining the indication of the network event; and applying, at the forwarding device, the second network policy to the second traffic.

公开(公告)号：US11706133B2

公开(公告)日：2023-07-18

申请号：US17865125

申请日：2022-07-14

Applicant: Cisco Technology, Inc.

Inventor： Clarence Filsfils ,  Ahmed Mohamed Ahmed Abdelsalam ,  Francois Clad ,  Pablo Camarillo Garvia ,  Kiran Sasidharan Pillai

IPC: H04L45/50 ,  H04L12/46 ,  H04L45/74 ,  H04L45/28 ,  H04L69/22 ,  H04L45/42 ,  H04L45/00 ,  H04L45/741

CPC classification number: H04L45/50 ,  H04L12/4633 ,  H04L45/28 ,  H04L45/42 ,  H04L45/566 ,  H04L45/74 ,  H04L45/741 ,  H04L69/22

Abstract: The present technology pertains to a group-based network policy using Segment Routing over an IPv6 dataplane (SRv6). After a source application sends a packet, an ingress node can receive the packet, and if the source node is capable, it can identify an application policy and apply it. The ingress node indicates that the policy has been applied by including policy bits in the packet encapsulation. When the packet is received by the egress node, it can determine whether the policy was already applied, and if so, the packet is forward to the destination application. If the egress node determines that the policy has not be applied the destination application can apply the policy. Both the ingress node and egress nodes can learn of source application groups, destination application groups, and applicable policies through communication with aspects of the segment routing fabric.

公开(公告)号：US11418435B2

公开(公告)日：2022-08-16

申请号：US16860896

申请日：2020-04-28

Applicant: Cisco Technology, Inc.

Inventor： Clarence Filsfils ,  Ahmed Mohamed Ahmed Abdelsalam ,  Francois Clad ,  Pablo Camarillo Garvia ,  Kiran Sasidharan Pillai

IPC: H04L45/50 ,  H04L12/46 ,  H04L45/74 ,  H04L45/28 ,  H04L69/22

Abstract: The present technology pertains to a group-based network policy using Segment Routing over an IPv6 dataplane (SRv6). After a source application sends a packet, an ingress node can receive the packet, and if the source node is capable, it can identify an application policy and apply it. The ingress node indicates that the policy has been applied by including policy bits in the packet encapsulation. When the packet is received by the egress node, it can determine whether the policy was already applied, and if so, the packet is forward to the destination application. If the egress node determines that the policy has not be applied the destination application can apply the policy. Both the ingress node and egress nodes can learn of source application groups, destination application groups, and applicable policies through communication with aspects of the segment routing fabric.