-
公开(公告)号:US10944733B2
公开(公告)日:2021-03-09
申请号:US16021281
申请日:2018-06-28
Applicant: Cisco Technology, Inc.
Inventor: Syed Khalid Raza , Mosaddaq Hussain Turabi , Lars Olaf Stefan Olofsson , Atif Khan , Praveen Raju Kariyanahalli
Abstract: A method may include determining, by a first network device, a type of control channel to open across a transport in a software-defined network (SDN). The method may also include establishing the control channel with a control device via a control plane that is separate from a data plane. The method may further include advertising first security association parameters to the control device via the control channel. The method may include receiving, from the control device via the control channel, second security association parameters associated with a second network device. The method may also include establishing a data plane connection with the second network device using the second security association parameters.
-
公开(公告)号:US10819564B2
公开(公告)日:2020-10-27
申请号:US16597598
申请日:2019-10-09
Applicant: Cisco Technology, Inc.
Inventor: Mosaddaq Hussain Turabi , Vinay Prabhu
Abstract: A method may include receiving a hub ID configuration preference message from a control device, wherein the hub ID configuration preference message includes an order in which to connect to network hubs that are associated with the hub IDs; selecting the first hub ID from the hub ID configuration preference message based on the first connection priority having a higher priority as compared to the second connection priority; identifying a first set of network hubs that are associated with the first hub ID; establishing a connection with at least one network hub associated with the first hub ID; in response to identifying a triggering event, selecting the second hub ID from the hub ID configuration preference message; identifying a second set of network hubs that are associated with the second hub ID; and establishing a connection with at least one network hub associated with the second hub ID.
-
公开(公告)号:US11546312B2
公开(公告)日:2023-01-03
申请号:US17027424
申请日:2020-09-21
Applicant: Cisco Technology, Inc.
Inventor: Syed Khalid Raza , Mosaddaq Hussain Turabi , Lars Olaf Stefan Olofsson , Atif Khan , Praveen Raju Kariyanahalli
Abstract: A method may include determining, by a first network device, a type of control channel to open across a transport in a software-defined network (SDN). The method may also include establishing the control channel with a control device via a control plane that is separate from a data plane. The method may further include advertising first security association parameters to the control device via the control channel. The method may include receiving, from the control device via the control channel, second security association parameters associated with a second network device. The method may also include establishing a data plane connection with the second network device using the second security association parameters.
-
公开(公告)号:US10798071B2
公开(公告)日:2020-10-06
申请号:US16019475
申请日:2018-06-26
Applicant: Cisco Technology, Inc.
IPC: H04L29/06
Abstract: In some examples, an example method to provide an IPsec anti-replay window with quality of service (QoS) at a first network endpoint may include configuring a multiple number of anti-replay windows, generating a first security association (SA), and establishing the first SA with a second network endpoint. The first SA may include a first multiple number of security parameter indexes (SPIs), where each of the first multiple number of SPIs may be assigned to a specific QoS level, and each of the first multiple number of SPIs may be assigned to one of the multiple number of anti-replay windows. Establishing the first SA with the second network endpoint may include assigning the first SA to a first encryption key, and providing the first encryption key to the second network endpoint.
-
公开(公告)号:US10992654B2
公开(公告)日:2021-04-27
申请号:US16104456
申请日:2018-08-17
Applicant: Cisco Technology, Inc.
Inventor: Syed Khalid Raza , Mosaddaq Hussain Turabi , Fabio Rodolfo Maino , Vina Ermagan , Atri Indiresan
Abstract: A method is performed by an access router of an enterprise network including a first edge router to communicate with a second edge router over a wide area network (WAN). The method includes receiving a packet from a first endpoint, receiving from a mapping service a network location of a second edge router for which the packet is destined and a security association (SA) to encrypt the packet from the access router to the second edge router, and generating for the first edge router one or more path selectors for WAN path selection. The method includes encrypting the packet using the SA, and adding to the encrypted IP packet, in clear text, the path selectors and outer encapsulation including the network location, to produce an encrypted tunnel packet. The method also includes forwarding the encrypted tunnel packet to the second edge router via the first edge router and the WAN.
-
Patent Agency Ranking
公开(公告)号:US20210006545A1
公开(公告)日:2021-01-07
申请号:US17023224
申请日:2020-09-16
Applicant: Cisco Technology, Inc.
IPC: H04L29/06
Abstract: In some examples, an example method to provide an IPsec anti-replay window with quality of service (QoS) at a first network endpoint may include configuring a multiple number of anti-replay windows, generating a first security association (SA), and establishing the first SA with a second network endpoint. The first SA may include a first multiple number of security parameter indexes (SPIs), where each of the first multiple number of SPIs may be assigned to a specific QoS level, and each of the first multiple number of SPIs may be assigned to one of the multiple number of anti-replay windows. Establishing the first SA with the second network endpoint may include assigning the first SA to a first encryption key, and providing the first encryption key to the second network endpoint.
-
公开(公告)号:US20200059457A1
公开(公告)日:2020-02-20
申请号:US16104456
申请日:2018-08-17
Applicant: Cisco Technology, Inc.
Inventor: Syed Khalid Raza , Mosaddaq Hussain Turabi , Fabio Rodolfo Maino , Vina Ermagan , Atri Indiresan
Abstract: A method is performed by an access router of an enterprise network including a first edge router to communicate with a second edge router over a wide area network (WAN). The method includes receiving a packet from a first endpoint, receiving from a mapping service a network location of a second edge router for which the packet is destined and a security association (SA) to encrypt the packet from the access router to the second edge router, and generating for the first edge router one or more path selectors for WAN path selection. The method includes encrypting the packet using the SA, and adding to the encrypted IP packet, in clear text, the path selectors and outer encapsulation including the network location, to produce an encrypted tunnel packet. The method also includes forwarding the encrypted tunnel packet to the second edge router via the first edge router and the WAN.
-
公开(公告)号:US20200044914A1
公开(公告)日:2020-02-06
申请号:US16597598
申请日:2019-10-09
Applicant: Cisco Technology, Inc.
Inventor: Mosaddaq Hussain Turabi , Vinay Prabhu
Abstract: A method may include receiving a hub ID configuration preference message from a control device, wherein the hub ID configuration preference message includes an order in which to connect to network hubs that are associated with the hub IDs; selecting the first hub ID from the hub ID configuration preference message based on the first connection priority having a higher priority as compared to the second connection priority; identifying a first set of network hubs that are associated with the first hub ID; establishing a connection with at least one network hub associated with the first hub ID; in response to identifying a triggering event, selecting the second hub ID from the hub ID configuration preference message; identifying a second set of network hubs that are associated with the second hub ID; and establishing a connection with at least one network hub associated with the second hub ID.
-
公开(公告)号:US11509639B2
公开(公告)日:2022-11-22
申请号:US17023224
申请日:2020-09-16
Applicant: Cisco Technology, Inc.
IPC: H04L9/40
Abstract: In some examples, an example method to provide an IPsec anti-replay window with quality of service (QoS) at a first network endpoint may include configuring a multiple number of anti-replay windows, generating a first security association (SA), and establishing the first SA with a second network endpoint. The first SA may include a first multiple number of security parameter indexes (SPIs), where each of the first multiple number of SPIs may be assigned to a specific QoS level, and each of the first multiple number of SPIs may be assigned to one of the multiple number of anti-replay windows. Establishing the first SA with the second network endpoint may include assigning the first SA to a first encryption key, and providing the first encryption key to the second network endpoint.
-
公开(公告)号:US20210006546A1
公开(公告)日:2021-01-07
申请号:US17027424
申请日:2020-09-21
Applicant: Cisco Technology, Inc.
Inventor: Syed Khalid Raza , Mosaddaq Hussain Turabi , Lars Olaf Stefan Olofsson , Atif Khan , Praveen Raju Kariyanahalli
Abstract: A method may include determining, by a first network device, a type of control channel to open across a transport in a software-defined network (SDN). The method may also include establishing the control channel with a control device via a control plane that is separate from a data plane. The method may further include advertising first security association parameters to the control device via the control channel. The method may include receiving, from the control device via the control channel, second security association parameters associated with a second network device. The method may also include establishing a data plane connection with the second network device using the second security association parameters.
-
-
-
-
-
-
-
-
-
Search Results
11
records
(took 0.015 seconds)
