知搜-全球专利检索

  1. Login
  2. Sign Up

Search Results

27 records (took 0.025 seconds)

    Method and Apparatus for Best Effort Propagation of Security Group Information
    2.
    发明申请
    Method and Apparatus for Best Effort Propagation of Security Group Information 审中-公开
    安全组信息最佳努力传播的方法与装置

    公开(公告)号:US20160308831A1

    公开(公告)日:2016-10-20

    申请号:US15195582

    申请日:2016-06-28

    Applicant: Cisco Technology, Inc.

    Inventor: Michael R. Smith

    IPC: H04L29/06

    CPC classification number: H04L63/0227 H04L12/56 H04L29/12018 H04L45/52 H04L49/35 H04L61/10 H04L63/101 H04L67/00 H04L69/22

    Abstract: A method and system for best effort propagation of security group information is disclosed. The method includes determining if a reserved group identifier is associated with a destination and, if the reserved group identifier is associated with the destination, indicating that a packet received at a network node can be sent to another network node. The packet includes destination information that identifies the destination as a destination of the packet.

    Abstract translation: 公开了安全组信息的最佳努力传播的方法和系统。 该方法包括确定保留组标识符是否与目的地相关联,并且如果保留组标识符与目的地相关联,指示在网络节点处接收的分组可以被发送到另一网络节点。 该分组包括将目的地标识为分组的目的地的目的地信息。

    Network address translation offload to network infrastructure for service chains in a network environment
    3.
    发明授权
    Network address translation offload to network infrastructure for service chains in a network environment 有权
    网络地址转换卸载到网络环境中服务链的网络基础设施

    公开(公告)号:US09363183B2

    公开(公告)日:2016-06-07

    申请号:US14249636

    申请日:2014-04-10

    Applicant: CISCO TECHNOLOGY, INC.

    Inventor: Surendra M. Kumar Paul Quinn James N. Guichard Michael R. Smith

    IPC: H04L12/803 H04L29/12 H04L12/851 H04L12/54 H04L12/28

    CPC classification number: H04L47/125 H04L12/28 H04L12/56 H04L47/2483 H04L61/2514

    Abstract: An example method for network address translation (NAT) offload to network infrastructure for service chains in a network environment is provided and includes receiving a packet at a network infrastructure in a network comprising a plurality of service nodes interconnected through the network infrastructure, each service node executing at least one service function, identifying the packet as belonging to a first flow based on a cookie in a network service header of the packet that indicates a service chain that includes a sequence of service functions to be executed on the packet at the service nodes, determining that a service function in the service chain is to be offloaded from one of the service nodes to the network infrastructure for subsequent packets of the first flow, and executing the offloaded service function at the network infrastructure for subsequent packets of the first flow.

    Abstract translation: 提供了一种用于网络地址转换(NAT)卸载到网络环境中的服务链的网络基础设施的示例性方法,并且包括在网络中的网络基础设施处接收包括通过网络基础设施互连的多个服务节点的分组,每个服务节点 执行至少一个服务功能,基于所述分组的网络服务报头中的cookie来将分组标识为属于第一流的分组,其指示服务链,所述服务链包括将在所述服务节点处对所述分组执行的服务功能序列 确定所述服务链中的服务功能将从所述服务节点之一卸载到所述网络基础设施以用于所述第一流的后续分组,以及在所述网络基础设施处执行所述卸载的服务功能以用于所述第一流的后续分组。

    Method and System for Including Network Security Information in a Frame
    4.
    发明申请
    Method and System for Including Network Security Information in a Frame 审中-公开
    在网络中包含网络安全信息的方法和系统

    公开(公告)号:US20150106896A1

    公开(公告)日:2015-04-16

    申请号:US14051854

    申请日:2013-10-11

    Applicant: Cisco Technology, Inc.

    Inventor: Norman W. Finn Michael R. Smith

    IPC: H04L29/06

    CPC classification number: H04L63/08 H04L63/104

    Abstract: A method and apparatus for including network security information in a frame is disclosed. Network security information is included in a secure portion of overhead of a frame. The network security information is configured to facilitate network security. A network device configured to process a frame is also disclosed. The frame includes frame security information and network security information. The frame security information is configured to facilitate securing a portion of overhead of the frame, and the network security information is located in the secure portion of the overhead of the frame and is configured to facilitate network security.

    Abstract translation: 公开了一种在网络中包含网络安全信息的方法和装置。 网络安全信息被包含在帧的开销的安全部分中。 网络安全信息被配置为便于网络安全。 还公开了一种被配置为处理帧的网络设备。 该帧包括帧安全信息和网络安全信息。 帧安全信息被配置为有助于保护帧的开销的一部分,并且网络安全信息位于帧的开销的安全部分中,并且被配置为便于网络安全性。

    Method and Apparatus for Best Effort Propagation of Security Group Information
    5.
    发明申请
    Method and Apparatus for Best Effort Propagation of Security Group Information 审中-公开
    安全组信息最佳努力传播的方法与装置

    公开(公告)号:US20140181953A1

    公开(公告)日:2014-06-26

    申请号:US14143935

    申请日:2013-12-30

    Applicant: Cisco Technology, Inc

    Inventor: Michael R. Smith

    IPC: H04L29/06

    CPC classification number: H04L63/0227 H04L12/56 H04L29/12018 H04L45/52 H04L61/10 H04L63/101 H04L69/22

    Abstract: A method and system for best effort propagation of security group information is disclosed. The method includes determining if a reserved group identifier is associated with a destination and, if the reserved group identifier is associated with the destination, indicating that a packet received at a network node can be sent to another network node. The packet includes destination information that identifies the destination as a destination of the packet.

    Abstract translation: 公开了安全组信息的最佳努力传播的方法和系统。 该方法包括确定保留组标识符是否与目的地相关联,并且如果保留组标识符与目的地相关联,指示在网络节点处接收的分组可以被发送到另一网络节点。 该分组包括将目的地标识为分组的目的地的目的地信息。

    Method and Apparatus for Providing Network Security Using Role-Based Access Control
    6.
    发明申请
    Method and Apparatus for Providing Network Security Using Role-Based Access Control 审中-公开
    使用基于角色的访问控制提供网络安全的方法和装置

    公开(公告)号:US20140173703A1

    公开(公告)日:2014-06-19

    申请号:US14188227

    申请日:2014-02-24

    Applicant: Cisco Technology, Inc.

    Inventor: Michael R. Smith

    IPC: H04L29/06

    CPC classification number: H04L63/101 G06F21/6218 H04L12/4645 H04L12/4675 H04L45/04 H04L45/54 H04L45/7453 H04L63/08 H04L63/105 H04L63/20

    Abstract: A method and apparatus for providing network security using role-based access control is disclosed. A network device implementing such a method can include, for example, an access control list. Such an access control list includes an access control list entry, which, in turn, includes a user group field. Alternatively, a network device implementing such a method can include, for example, a forwarding table that includes a plurality of forwarding table entries. In such a case, at least one of the forwarding table entries includes a user group field.

    Abstract translation: 公开了一种使用基于角色的访问控制来提供网络安全性的方法和装置。 实现这种方法的网络设备可以包括例如访问控制列表。 这样的访问控制列表包括访问控制列表条目,其又包括用户组字段。 或者,实现这种方法的网络设备可以包括例如包括多个转发表条目的转发表。 在这种情况下,转发表项中的至少一个包括用户组字段。

    NETWORK ADDRESS TRANSLATION OFFLOAD TO NETWORK INFRASTRUCTURE FOR SERVICE CHAINS IN A NETWORK ENVIRONMENT
    9.
    发明申请
    NETWORK ADDRESS TRANSLATION OFFLOAD TO NETWORK INFRASTRUCTURE FOR SERVICE CHAINS IN A NETWORK ENVIRONMENT 有权
    网络地址转换为网络环境中的服务链网络基础设施脱机

    公开(公告)号:US20150295831A1

    公开(公告)日:2015-10-15

    申请号:US14249636

    申请日:2014-04-10

    Applicant: CISCO TECHNOLOGY, INC.

    Inventor: Surendra M. Kumar Paul Quinn James N. Guichard Michael R. Smith

    IPC: H04L12/803 H04L12/851

    CPC classification number: H04L47/125 H04L12/28 H04L12/56 H04L47/2483 H04L61/2514

    Abstract: An example method for network address translation (NAT) offload to network infrastructure for service chains in a network environment is provided and includes receiving a packet at a network infrastructure in a network comprising a plurality of service nodes interconnected through the network infrastructure, each service node executing at least one service function, identifying the packet as belonging to a first flow based on a cookie in a network service header of the packet that indicates a service chain that includes a sequence of service functions to be executed on the packet at the service nodes, determining that a service function in the service chain is to be offloaded from one of the service nodes to the network infrastructure for subsequent packets of the first flow, and executing the offloaded service function at the network infrastructure for subsequent packets of the first flow.

    Abstract translation: 提供了一种用于网络地址转换(NAT)卸载到网络环境中的服务链的网络基础设施的示例性方法,并且包括在网络中的网络基础设施处接收包括通过网络基础设施互连的多个服务节点的分组,每个服务节点 执行至少一个服务功能,基于所述分组的网络服务报头中的cookie来将分组标识为属于第一流的分组,其指示服务链,所述服务链包括将在所述服务节点处对所述分组执行的服务功能序列 确定所述服务链中的服务功能将从所述服务节点之一卸载到所述网络基础设施以用于所述第一流的后续分组,以及在所述网络基础设施处执行所述卸载的服务功能以用于所述第一流的后续分组。

    Stacking Metadata Contexts for Service Chains
    10.
    发明申请
    Stacking Metadata Contexts for Service Chains 有权
    堆栈服务链的元数据上下文

    公开(公告)号:US20140362857A1

    公开(公告)日:2014-12-11

    申请号:US13910179

    申请日:2013-06-05

    Applicant: Cisco Technology, Inc.

    Inventor: James Guichard Paul Quinn David Ward Surendra Kumar Nagaraj A. Bagepalli Michael R. Smith Navindra Yadav

    IPC: H04L12/721

    CPC classification number: H04L45/566 H04L45/306 H04L69/22

    Abstract: Presented herein are techniques useful in a network comprising a plurality of network nodes each configured to apply one or more service functions to traffic that passes through the respective network nodes. A network node receives packets encapsulated in a service header that includes information defining a variable set of context headers stacked into an association of metadata that is relevant to one or more service functions within a service path comprised of one or more network nodes. The network node interprets a forwarding state and a next-hop network node for the service path from the service header, and determines a service action or associated metadata from the set of context headers.

    Abstract translation: 这里呈现的是在网络中有用的技术,其包括多个网络节点,每个网络节点被配置为将一个或多个服务功能应用于通过各个网络节点的业务。 网络节点接收封装在服务头部中的分组,该分组包括定义一组上下文标题的信息,这些信息堆叠成与由一个或多个网络节点组成的服务路径内的一个或多个服务功能相关的元数据关联。 网络节点从服务头解释用于服务路径的转发状态和下一跳网络节点,并且从上下文头集合中确定服务动作或相关联的元数据。

Patent Agency Ranking