公开(公告)号：US10659358B2

公开(公告)日：2020-05-19

申请号：US15695713

申请日：2017-09-05

Applicant: Cisco Technology, Inc.

Inventor： Suraj Nellikar ,  Maithili Narasimha

IPC: H04L12/741 ,  H04L12/931 ,  H04L12/721 ,  H04L12/26 ,  H04L12/24 ,  G06F9/455 ,  H04L29/12

Abstract: Systems, methods, and computer-readable media provide for collection of statistics relating to network traffic between virtual machines (VMs) in a network. In an example embodiment, a virtual switch hosted on a physical server provides network address information of VMs deployed on the physical server to a virtual switch controller. The controller collects this network address information from each virtual switch under its control, and distributes the aggregate address information to each switch. In this manner, the controller and each switch within the controller's domain can learn the network address information of each VM deployed on physical servers hosting switches under the controller's control. Each virtual switch can determine a classification of a frame passing through the switch (e.g., intra-server, inter-server and intra-domain, or inter-domain traffic), and statistics relating to the traffic. In an example embodiment, the virtual switch controller can collect the statistics from each switch within its domain.

公开(公告)号：US11509578B2

公开(公告)日：2022-11-22

申请号：US16713650

申请日：2019-12-13

Applicant: Cisco Technology, Inc.

Inventor： Gianluca Mardente ,  Shrey Ajmera ,  Cheng Wang ,  Maithili Narasimha ,  Aleksandr Oshurkov

IPC: G06F11/34 ,  G06F9/50 ,  H04L45/64 ,  H04L41/0893 ,  H04L43/08

Abstract: This disclosure describes a method of utilizing network controllers to store mappings between policies, dynamic operating attributes (DOA), and trigger values in a manifest and utilizing software agents in communication to monitor DOAs of respective workloads or workload groupings for trigger values associated with the DOAs to apply a corresponding policy at run-time. The method provides for flexible policy semantics and on-demand policy provisioning. The method includes receiving at a network controller, a definition of a policy, a DOA associated with a workload, and a trigger value associated with the DOA, storing a mapping between the policy, DOA and trigger value, sending the DOA and the trigger value to a datapath agent monitoring respective workloads, receiving an indication that a current value of the DOA of the workload corresponds to the trigger value from the software agent, and sending the policy to the software agent for distribution to the workload.

公开(公告)号：US09559896B2

公开(公告)日：2017-01-31

申请号：US13936966

申请日：2013-07-08

Applicant: CISCO TECHNOLOGY, INC.

Inventor： Sourabh Suresh Patwardhan ,  Maithili Narasimha ,  Shankar Ramachandran

IPC: G06F15/173 ,  H04L12/863 ,  H04L12/24 ,  H04L12/741

CPC classification number: H04L41/0803

Abstract: An example method for network-assisted configuration and programming of gateways in a network environment is provided and includes registering a non-Virtual eXtensible Local Area Network (VXLAN) device with a central controller, for example, by generating registration information associating the non-VXLAN device with a virtual local area network (VLAN) in a network environment, receiving a communication request from a VXLAN enabled device to communicate with the non-VXLAN device, mapping, based on the registration information, a VXLAN segment corresponding to the VXLAN enabled device with the VLAN associated with the non-VXLAN device, and configuring a gateway with the mapping through a suitable application programming interface exposed at the gateway.

Abstract translation: 提供了网络环境中的网络辅助配置和网关编程的示例方法，包括例如通过产生将非VXLAN相关联的注册信息，将非虚拟可扩展局域网（VXLAN）设备注册到中央控制器 在网络环境中具有虚拟局域网（VLAN）的设备，接收来自启用VXLAN的设备的通信请求以与非VXLAN设备进行通信，基于注册信息，映射与启用VXLAN的设备相对应的VXLAN段 其中与非VXLAN设备关联的VLAN，以及通过在网关上公开的合适的应用程序编程接口进行映射来配置网关。

公开(公告)号：US09491094B2

公开(公告)日：2016-11-08

申请号：US14037143

申请日：2013-09-25

Applicant: Cisco Technology, Inc.

Inventor： Sourabh Suresh Patwardhan ,  Maithili Narasimha ,  Suraj Nellikar

IPC: H04L12/721 ,  H04L12/727 ,  H04L12/725

CPC classification number: H04L45/44 ,  H04L45/121 ,  H04L45/308

Abstract: An example method for path optimization in distributed service chains in a network environment is provided and includes receiving information about inter-node latency of a distributed service chain in a network environment comprising a distributed virtual switch (DVS), where the inter-node latency is derived at least from packet headers of respective packets traversing a plurality of service nodes comprising the distributed service chain, and modifying locations of the service nodes in the DVS to reduce the inter-node latency. In specific embodiments, the method further includes storing and time-stamping a path history of each packet in a network service header portion of the respective packet header. A virtual Ethernet Module (VEM) of the DVS stores and time-stamps the path history and a last VEM in the distributed service chain calculates runtime traffic latencies from the path history and sends the calculated runtime traffic latencies to a virtual supervisor module.

Abstract translation: 提供了一种在网络环境中的分布式服务链中的路径优化的示例方法，包括在包括分布式虚拟交换机（DVS）的网络环境中接收关于分布式服务链的节点间延迟的信息，其中节点间等待时间 至少从穿过包括分布式服务链的多个服务节点的各个分组的分组报头导出，以及修改DVS中的服务节点的位置以减少节点间等待时间。 在具体实施例中，该方法还包括在相应分组报头的网络服务报头部分中存储和时间戳每个分组的路径历史。 DVS的虚拟以太网模块（VEM）存储并对路径历史进行时间戳，并且分布式服务链中的最后一个VEM从路径历史中计算运行时流量延迟，并将计算的运行时流量延迟发送到虚拟主管模块。

公开(公告)号：US20140108632A1

公开(公告)日：2014-04-17

申请号：US13651597

申请日：2012-10-15

Applicant: Cisco Technology, Inc.

Inventor： Maithili Narasimha ,  Ashwin Deepak Swaminathan ,  Naga Venkata Kiran K. Chunduri ,  Srinivas Sardar

IPC: G06F15/173

CPC classification number: H04L45/38 ,  H04L45/54 ,  H04W40/242

Abstract: A method is provided in one example embodiment and includes determining an action to be performed with respect to a packet corresponding to a new flow received at a network device and determining whether a new entry comprising an indication of the determined action can be added to a flow table of the network device. The determination of whether a new entry can be added to the flow table is made with reference to reservation information specified in a port profile associated with the new flow. Responsive to a determination that the new entry can be added, the new entry is added to the flow table. In one embodiment, determining whether the new entry can be added comprises determining whether an existing entry can be aged out based on the reservation information specified in the associated port profile.

Abstract translation: 在一个示例性实施例中提供了一种方法，并且包括确定相对于对应于在网络设备处接收的新流量的分组来执行的动作，并且确定是否可以将包括所确定的动作的指示的新条目添加到流 网络设备表。 参考在与新流相关联的端口配置文件中指定的预留信息来确定是否可以将新条目添加到流表。 响应于可以添加新条目的确定，新条目将添加到流表中。 在一个实施例中，确定是否可以添加新条目包括基于在相关联的端口简档中指定的预约信息来确定现有条目是否可以老化。

公开(公告)号：US20180013675A1

公开(公告)日：2018-01-11

申请号：US15695713

申请日：2017-09-05

Applicant: Cisco Technology, Inc.

Inventor： Suraj Nellikar ,  Maithili Narasimha

IPC: H04L12/741 ,  H04L12/24 ,  G06F9/455 ,  H04L12/931 ,  H04L12/721 ,  H04L12/26 ,  H04L29/12

CPC classification number: H04L45/745 ,  G06F9/45558 ,  G06F2009/4557 ,  G06F2009/45595 ,  H04L41/12 ,  H04L43/08 ,  H04L43/12 ,  H04L45/66 ,  H04L49/70 ,  H04L61/2007 ,  H04L61/2038 ,  H04L61/2076 ,  H04L61/6022

Abstract: Systems, methods, and computer-readable media provide for collection of statistics relating to network traffic between virtual machines (VMs) in a network. In an example embodiment, a virtual switch hosted on a physical server provides network address information of VMs deployed on the physical server to a virtual switch controller. The controller collects this network address information from each virtual switch under its control, and distributes the aggregate address information to each switch. In this manner, the controller and each switch within the controller's domain can learn the network address information of each VM deployed on physical servers hosting switches under the controller's control. Each virtual switch can determine a classification of a frame passing through the switch (e.g., intra-server, inter-server and intra-domain, or inter-domain traffic), and statistics relating to the traffic. In an example embodiment, the virtual switch controller can collect the statistics from each switch within its domain.

公开(公告)号：US20150012998A1

公开(公告)日：2015-01-08

申请号：US13935314

申请日：2013-07-03

Applicant: CISCO TECHNOLOGY, INC.

Inventor： Suraj Nellikar ,  Maithili Narasimha

IPC: H04L29/06

CPC classification number: H04L63/0245 ,  H04L49/356 ,  H04L49/70 ,  H04L63/101 ,  H04L63/102 ,  H04L63/108 ,  H04L63/1408 ,  H04L63/162 ,  H04L63/20

Abstract: An example method is provided and, in an example embodiment, includes receiving a data packet at an ingress switch function, the data packet associated with a data packet flow; obtaining access control information associated with a destination of the data packet flow from a centralized service engine; and performing access filtering on the data packet flow at the ingress switch function using the access control information.

Abstract translation: 提供了一种示例性方法，并且在示例实施例中，包括以入口切换功能接收与数据分组流相关联的数据分组的数据分组; 从集中式服务引擎获取与数据分组流的目的地相关联的访问控制信息; 并使用访问控制信息对入口切换功能的数据分组流执行访问过滤。

公开(公告)号：US11916758B2

公开(公告)日：2024-02-27

申请号：US16530874

申请日：2019-08-02

Applicant: Cisco Technology, Inc.

Inventor： Sourabh S. Patwardhan ,  Maithili Narasimha

IPC: H04L41/5022 ,  H04L47/11 ,  H04L43/0882 ,  G06F9/455 ,  H04L41/5009

CPC classification number: H04L41/5022 ,  G06F9/45558 ,  H04L41/5009 ,  H04L43/0882 ,  H04L47/11 ,  G06F2009/45595

Abstract: Techniques for service level performance updates based on network level factors are described. by establishing a co-operative model between a network fabric and service proxies to enhance the service mesh failure management primitives as well as bring in network level intelligence in service (service instance) placement decisions in the fabric. A virtual network edge (VNE) instance interacts with the network fabric including the next level switches (such as a top of rack switch) and a network controller in order to determine a network level health-score and a modulated health-score for a service instance executing on the node. The modulated health score causes actions such as an influence on load balancing, request routing, rolling upgrades, canary deployments, change in the utilization of network resources, a downgrade of service, etc., based on the network level health-score.

公开(公告)号：US09548920B2

公开(公告)日：2017-01-17

申请号：US13651597

申请日：2012-10-15

Applicant: CISCO TECHNOLOGY, INC.

Inventor： Maithili Narasimha ,  Ashwin Deepak Swaminathan ,  Naga Venkata Kiran K. Chunduri ,  Srinivas Sardar

IPC: G06F15/173 ,  H04L12/721 ,  H04W40/24 ,  H04L12/741

CPC classification number: H04L45/38 ,  H04L45/54 ,  H04W40/242

Abstract: A method is provided in one example embodiment and includes determining an action to be performed with respect to a packet corresponding to a new flow received at a network device and determining whether a new entry comprising an indication of the determined action can be added to a flow table of the network device. The determination of whether a new entry can be added to the flow table is made with reference to reservation information specified in a port profile associated with the new flow. Responsive to a determination that the new entry can be added, the new entry is added to the flow table. In one embodiment, determining whether the new entry can be added comprises determining whether an existing entry can be aged out based on the reservation information specified in the associated port profile.

Abstract translation: 在一个示例性实施例中提供了一种方法，并且包括确定相对于对应于在网络设备处接收的新流量的分组来执行的动作，并且确定是否可以将包括所确定的动作的指示的新条目添加到流 网络设备表。 参考在与新流相关联的端口配置文件中指定的预留信息来确定是否可以将新条目添加到流表。 响应于可以添加新条目的确定，新条目将添加到流表中。 在一个实施例中，确定是否可以添加新条目包括基于在相关联的端口简档中指定的预约信息来确定现有条目是否可以老化。

公开(公告)号：US09380025B2

公开(公告)日：2016-06-28

申请号：US13935314

申请日：2013-07-03

Applicant: CISCO TECHNOLOGY, INC.

Inventor： Suraj Nellikar ,  Maithili Narasimha

IPC: G06F9/00 ,  G06F15/16 ,  G06F17/00 ,  H04L29/06 ,  H04L12/931

CPC classification number: H04L63/0245 ,  H04L49/356 ,  H04L49/70 ,  H04L63/101 ,  H04L63/102 ,  H04L63/108 ,  H04L63/1408 ,  H04L63/162 ,  H04L63/20

Abstract: An example method is provided and, in an example embodiment, includes receiving a data packet at an ingress switch function, the data packet associated with a data packet flow; obtaining access control information associated with a destination of the data packet flow from a centralized service engine; and performing access filtering on the data packet flow at the ingress switch function using the access control information.

Abstract translation: 提供了一种示例性方法，并且在示例实施例中，包括以入口切换功能接收与数据分组流相关联的数据分组的数据分组; 从集中式服务引擎获取与数据分组流的目的地相关联的访问控制信息; 并使用访问控制信息对入口切换功能的数据分组流执行访问过滤。