公开(公告)号：US09560018B2

公开(公告)日：2017-01-31

申请号：US14563688

申请日：2014-12-08

Applicant: CISCO TECHNOLOGY, INC.

Inventor： Patrice Bellagamba ,  Michael H. Behringer ,  Santiago Vazquez Freitas

IPC: H04L29/06 ,  H04L29/08 ,  H04L29/12 ,  H04L12/715

CPC classification number: H04L63/0281 ,  H04L45/04 ,  H04L45/64 ,  H04L61/103 ,  H04L61/2084 ,  H04L67/10 ,  H04L67/141 ,  H04L67/2819

Abstract: A method is provided in one example embodiment and includes configuring a local network element as an autonomic registrar for a designated network domain; establishing an autonomic control plane (“ACP”) between the local network element and one or more remote network elements identified by local network element as a remote neighbor; designating a locally-defined subnet at the local network element to be extended to each of the one or more remote network elements; and executing an ACP command at the local network element, wherein the executing triggers a message to each of the one or more remote network elements, the message including information regarding the designated local subnet. The information included in the message is used by each of the remote network elements to auto-resolve its Locator/Identifier Separation Protocol (“LISP”) configuration, enabling the designated local subnet to be extended to each of the one or more remote network elements.

Abstract translation: 在一个示例实施例中提供了一种方法，并且包括将本地网络元件配置为用于指定网络域的自主注册器; 在本地网络元件和由本地网元识别为远程邻居的一个或多个远程网络元件之间建立自主控制平面（“ACP”）; 在所述本地网络元件处指定要扩展到所述一个或多个远程网络元件中的每一个的本地定义的子网; 以及在所述本地网络单元处执行ACP命令，其中所述执行向所述一个或多个远程网络元件中的每一个触发消息，所述消息包括关于所指定的本地子网的信息。 消息中包含的信息被每个远程网络元件使用以自动解析其定位器/标识符分离协议（“LISP”）配置，使指定的本地子网能够扩展到一个或多个远程网络元件 。

公开(公告)号：US20160337169A1

公开(公告)日：2016-11-17

申请号：US14711035

申请日：2015-05-13

Applicant: Cisco Technology, Inc.

Inventor： Gaurav Chhabra ,  Ather Sayeed Kanak ,  Shashi Kumar Bansal ,  Michael H. Behringer

IPC: H04L12/24 ,  H04L12/707

CPC classification number: H04L41/0672 ,  H04L41/082 ,  H04L45/28

Abstract: In one embodiment, a device in a network receives update recovery data from a neighbor of the device in the network. The device monitors the neighbor during installation of a software update by the neighbor. The device detects an installation failure of the software update by the neighbor. The device causes recovery of the neighbor using the update recovery data, in response to detecting the installation failure of the software update by the neighbor.

Abstract translation: 在一个实施例中，网络中的设备从网络中的设备的邻居接收更新恢复数据。 设备在邻居安装软件更新期间监控邻居。 设备检测到邻居软件更新的安装失败。 响应于检测到邻居的软件更新的安装故障，设备使用更新恢复数据使得邻居恢复。

公开(公告)号：US20150280916A1

公开(公告)日：2015-10-01

申请号：US14722444

申请日：2015-05-27

Applicant: CISCO TECHNOLOGY, INC.

Inventor： Steinthor Bjarnason ,  Michael H. Behringer ,  Yves Francis Eugene Hertoghs ,  Max Pritikin

IPC: H04L9/32 ,  H04L29/06

CPC classification number: H04L9/3213 ,  H04L9/3247 ,  H04L41/0809 ,  H04L63/061 ,  H04L63/08 ,  H04L63/0823 ,  H04L63/0876 ,  H04L63/20

Abstract: A method in an example embodiment includes creating an initial information package for a device attempting to join a network domain of a network environment; communicating the initial information package to a signing authority; sending an authorization token generated by the signing authority to the device, wherein the device validates the authorization token based on a credential in the device; and receiving an audit history report of the device, wherein the audit history report comprises information regarding previous attempts by the device to join the network environment. The method may also include applying a policy to the device based on the audit history report; generating a completed information package, wherein the completed information package includes an authorization token; applying a second signature to the completed information package; and sending the authorization token and the completed information package to the device, the device validating the second signature on the completed information package.

Abstract translation: 示例实施例中的方法包括为尝试加入网络环境的网络域的设备创建初始信息包; 将初始信息包传送给签字机构; 向所述设备发送由所述签名机构生成的授权令牌，其中所述设备基于所述设备中的凭证来验证所述授权令牌; 以及接收所述设备的审计历史报告，其中所述审计历史报告包括关于所述设备加入所述网络环境的先前尝试的信息。 该方法还可以包括基于审计历史报告向设备应用策略; 生成完成的信息包，其中完成的信息包包括授权令牌; 对完成的信息包应用第二签名; 并将所述授权令牌和完成的信息包发送到所述设备，所述设备在完成的信息包上验证所述第二签名。

公开(公告)号：US10110483B2

公开(公告)日：2018-10-23

申请号：US15073931

申请日：2016-03-18

Applicant: CISCO TECHNOLOGY, INC.

Inventor： Michael H. Behringer ,  Patrice Bellagamba

IPC: G06F15/173 ,  H04L12/715 ,  H04L12/46

Abstract: In one embodiment, a method includes receiving at a virtual controller operating at a network device, global parameters for a plurality of virtual machines located in a first network site and in communication with a second network site through a switch, converting at the virtual controller, the global parameters into global overlay network parameters, and transmitting the global overlay network parameters to the switch for use in automatically creating a global network overlay. The global overlay network parameters define an end-to-end network extending from the virtual machines in the first network site to a plurality of virtual machines in the second network site. An apparatus and logic are also disclosed herein.

公开(公告)号：US10142167B2

公开(公告)日：2018-11-27

申请号：US14711035

申请日：2015-05-13

Applicant: Cisco Technology, Inc.

Inventor： Gaurav Chhabra ,  Ather Sayeed Kanak ,  Shashi Kumar Bansal ,  Michael H. Behringer

IPC: H04L12/24 ,  H04L12/707

Abstract: In one embodiment, a device in a network receives update recovery data from a neighbor of the device in the network. The device monitors the neighbor during installation of a software update by the neighbor. The device detects an installation failure of the software update by the neighbor. The device causes recovery of the neighbor using the update recovery data, in response to detecting the installation failure of the software update by the neighbor.

公开(公告)号：US20160164832A1

公开(公告)日：2016-06-09

申请号：US14563688

申请日：2014-12-08

Applicant: CISCO TECHNOLOGY, INC.

Inventor： Patrice Bellagamba ,  Michael H. Behringer ,  Santiago Vazquez Freitas

IPC: H04L29/06 ,  H04L29/08

CPC classification number: H04L63/0281 ,  H04L45/04 ,  H04L45/64 ,  H04L61/103 ,  H04L61/2084 ,  H04L67/10 ,  H04L67/141 ,  H04L67/2819

Abstract: A method is provided in one example embodiment and includes configuring a local network element as an autonomic registrar for a designated network domain; establishing an autonomic control plane (“ACP”) between the local network element and one or more remote network elements identified by local network element as a remote neighbor; designating a locally-defined subnet at the local network element to be extended to each of the one or more remote network elements; and executing an ACP command at the local network element, wherein the executing triggers a message to each of the one or more remote network elements, the message including information regarding the designated local subnet. The information included in the message is used by each of the remote network elements to auto-resolve its Locator/Identifier Separation Protocol (“LISP”) configuration, enabling the designated local subnet to be extended to each of the one or more remote network elements.

Abstract translation: 在一个示例实施例中提供了一种方法，并且包括将本地网络元件配置为用于指定网络域的自主注册器; 在本地网络元件和由本地网元识别为远程邻居的一个或多个远程网络元件之间建立自主控制平面（“ACP”）; 在所述本地网络元件处指定要扩展到所述一个或多个远程网络元件中的每一个的本地定义的子网; 以及在所述本地网络单元处执行ACP命令，其中所述执行向所述一个或多个远程网络元件中的每一个触发消息，所述消息包括关于所指定的本地子网的信息。 消息中包含的信息被每个远程网络元件使用以自动解析其定位器/标识符分离协议（“LISP”）配置，使指定的本地子网能够扩展到一个或多个远程网络元件 。

公开(公告)号：US09774452B2

公开(公告)日：2017-09-26

申请号：US14722444

申请日：2015-05-27

Applicant: CISCO TECHNOLOGY, INC.

Inventor： Steinthor Bjarnason ,  Michael H. Behringer ,  Yves Francis Eugene Hertoghs ,  Max Pritikin

IPC: G06F17/00 ,  H04L29/06 ,  H04L9/32 ,  H04L12/24

CPC classification number: H04L9/3213 ,  H04L9/3247 ,  H04L41/0809 ,  H04L63/061 ,  H04L63/08 ,  H04L63/0823 ,  H04L63/0876 ,  H04L63/20

Abstract: A method in an example embodiment includes creating an initial information package for a device attempting to join a network domain of a network environment; communicating the initial information package to a signing authority; sending an authorization token generated by the signing authority to the device, wherein the device validates the authorization token based on a credential in the device; and receiving an audit history report of the device, wherein the audit history report comprises information regarding previous attempts by the device to join the network environment. The method may also include applying a policy to the device based on the audit history report; generating a completed information package, wherein the completed information package includes an authorization token; applying a second signature to the completed information package; and sending the authorization token and the completed information package to the device, the device validating the second signature on the completed information package.

公开(公告)号：US20170272359A1

公开(公告)日：2017-09-21

申请号：US15073931

申请日：2016-03-18

Applicant: CISCO TECHNOLOGY, INC.

Inventor： Michael H. Behringer ,  Patrice Bellagamba

IPC: H04L12/715 ,  H04L12/46

CPC classification number: H04L45/64 ,  H04L12/4641

Abstract: In one embodiment, a method includes receiving at a virtual controller operating at a network device, global parameters for a plurality of virtual machines located in a first network site and in communication with a second network site through a switch, converting at the virtual controller, the global parameters into global overlay network parameters, and transmitting the global overlay network parameters to the switch for use in automatically creating a global network overlay. The global overlay network parameters define an end-to-end network extending from the virtual machines in the first network site to a plurality of virtual machines in the second network site. An apparatus and logic are also disclosed herein.