公开(公告)号：US11522828B2

公开(公告)日：2022-12-06

申请号：US15664869

申请日：2017-07-31

Applicant: Cisco Technology, Inc.

Inventor： Syed Khalid Raza ,  Murtuza Attarwala

IPC: H04L61/2592 ,  H04L45/74 ,  H04L61/2514

Abstract: In some examples, an example method to provide a virtualized Carrier-grade Network Address Translation (CGN) at a first customer edge router may include establishing a tunnel between the first customer edge router and each aggregation router among one or more aggregation routers, performing a Network Address Translation (NAT) on a first data packet to create a NAT'ed first data packet, selecting a first aggregation router from amongst the one or more aggregation routers to send the NAT'ed first data packet to, encapsulating the NAT'ed first data packet with overlay information corresponding to a tunnel established between the first customer edge router and a first aggregation router, and sending the encapsulated NAT'ed first data packet through the tunnel to the first aggregation router.

公开(公告)号：US11201817B2

公开(公告)日：2021-12-14

申请号：US15489673

申请日：2017-04-17

Applicant: Cisco Technology, Inc.

Inventor： Linus Aranha ,  Murtuza Attarwala

IPC: H04L12/28 ,  H04L12/725 ,  H04L12/707 ,  H04L12/721

Abstract: A method may include an instruction to route the data to a destination. The method may additionally include inspecting the data to identify metadata associated with the data. The method may further include identifying, based on the metadata, a first routing path and a second routing path that both lead to the destination. The first routing path may include a first communication link associated with a first link classification, and the second routing path may include a second communication link associated with a second link classification. The method may also include selecting the first routing path based on a configuration preference and based on the first routing path including the first communication link associated with the first link classification. The method may additionally include transmitting the data along the first routing path via the first communication link.

公开(公告)号：US10798071B2

公开(公告)日：2020-10-06

申请号：US16019475

申请日：2018-06-26

Applicant: Cisco Technology, Inc.

Inventor： Praveen Raju Kariyanahalli ,  Mosaddaq Hussain Turabi ,  Murtuza Attarwala

IPC: H04L29/06

Abstract: In some examples, an example method to provide an IPsec anti-replay window with quality of service (QoS) at a first network endpoint may include configuring a multiple number of anti-replay windows, generating a first security association (SA), and establishing the first SA with a second network endpoint. The first SA may include a first multiple number of security parameter indexes (SPIs), where each of the first multiple number of SPIs may be assigned to a specific QoS level, and each of the first multiple number of SPIs may be assigned to one of the multiple number of anti-replay windows. Establishing the first SA with the second network endpoint may include assigning the first SA to a first encryption key, and providing the first encryption key to the second network endpoint.

公开(公告)号：US10771375B2

公开(公告)日：2020-09-08

申请号：US15591065

申请日：2017-05-09

Applicant: Cisco Technology, Inc.

Inventor： Himanshu Shah ,  Murtuza Attarwala ,  Linus Aranha

IPC: H04L12/701 ,  H04L12/721 ,  H04L12/741 ,  H04L12/707 ,  H04L12/26 ,  H04L29/12 ,  H04L29/06 ,  H04L12/725 ,  H04L12/729 ,  H04L12/715

Abstract: A method may include identifying an address within a packet of a traffic flow associated with a network device. The method may also include comparing the address within the packet with a stored address, the stored address associated with a route for an alternative traffic path, where the alternative traffic path may be different from a default route of traffic passing through the network device. The method may additionally include, based on the address within the packet matching the stored address, routing the packet along the alternative traffic path instead of the default route of traffic.

公开(公告)号：US20230090829A1

公开(公告)日：2023-03-23

申请号：US18059693

申请日：2022-11-29

Applicant: Cisco Technology, Inc.

Inventor： Syed Khalid Raza ,  Murtuza Attarwala

IPC: H04L61/2592 ,  H04L45/74 ,  H04L61/2514

Abstract: In some examples, an example method to provide a virtualized Carrier-grade Network Address Translation (CGN) at a first customer edge router may include establishing a tunnel between the first customer edge router and each aggregation router among one or more aggregation routers, performing a Network Address Translation (NAT) on a first data packet to create a NAT'ed first data packet, selecting a first aggregation router from amongst the one or more aggregation routers to send the NAT'ed first data packet to, encapsulating the NAT'ed first data packet with overlay information corresponding to a tunnel established between the first customer edge router and a first aggregation router, and sending the encapsulated NAT'ed first data packet through the tunnel to the first aggregation router.

公开(公告)号：US20210243095A1

公开(公告)日：2021-08-05

申请号：US17239361

申请日：2021-04-23

Applicant: Cisco Technology, Inc.

Inventor： Murtuza Attarwala ,  Lars Olof Stefan Olofsson ,  Himanshu Shah

IPC: H04L12/26 ,  H04L12/851 ,  H04L29/12 ,  H04L12/725 ,  H04L12/707 ,  H04L12/729 ,  H04L12/721

Abstract: A method may include receiving a domain name system (DNS) query at a network device, where the DNS query may be associated with a traffic flow identified for rerouting through an alternative path utilizing an alternative network device instead of a default path. The method may also include rewriting the DNS query such that the DNS query is routed through the alternative network device along the alternative path and to a DNS server associated with the alternative path. The method may additionally include receiving a DNS response from the DNS server, where a resource identified in the DNS response may be based on the DNS query coming through the alternative network device.

公开(公告)号：US20210006545A1

公开(公告)日：2021-01-07

申请号：US17023224

申请日：2020-09-16

Applicant: Cisco Technology, Inc.

Inventor： Praveen Raju Kariyanahalli ,  Mosaddaq Hussain Turabi ,  Murtuza Attarwala

IPC: H04L29/06

Abstract: In some examples, an example method to provide an IPsec anti-replay window with quality of service (QoS) at a first network endpoint may include configuring a multiple number of anti-replay windows, generating a first security association (SA), and establishing the first SA with a second network endpoint. The first SA may include a first multiple number of security parameter indexes (SPIs), where each of the first multiple number of SPIs may be assigned to a specific QoS level, and each of the first multiple number of SPIs may be assigned to one of the multiple number of anti-replay windows. Establishing the first SA with the second network endpoint may include assigning the first SA to a first encryption key, and providing the first encryption key to the second network endpoint.

公开(公告)号：US10439950B2

公开(公告)日：2019-10-08

申请号：US15909943

申请日：2018-03-01

Applicant: Cisco Technology, Inc.

Inventor： Murtuza Attarwala ,  Venu Hemige

IPC: H04L12/805 ,  H04L12/24 ,  H04L12/26 ,  H04L29/08

Abstract: A computer-implemented method for facilitating communications between two peer nodes in a network. The method comprises (a) configuring a first of the peer nodes to transmit a Path Maximum Transmission Unit (PMTU) request to a second of the peer nodes; wherein the PMTU request comprises a PMTU test value; (b) configuring the second peer node to transmit a PMTU reply responsive to receiving the PMTU request; said PMTU reply comprising a PMTU value set to match the PMTU test value in PMTU request; and (c) configuring the first peer node to determine a PMTU for the network based on determinations of fragmentation in connection with the PMTU reply.

公开(公告)号：US11658898B2

公开(公告)日：2023-05-23

申请号：US16991400

申请日：2020-08-12

Applicant: Cisco Technology, Inc.

Inventor： Himanshu Shah ,  Murtuza Attarwala ,  Linus Aranha

IPC: H04L12/701 ,  H04L12/715 ,  H04L12/721 ,  H04L45/00 ,  H04L43/028 ,  H04L69/16 ,  H04L43/08 ,  H04L43/026 ,  H04L45/745 ,  H04L45/74 ,  H04L61/4511 ,  H04L45/302 ,  H04L45/125 ,  H04L45/64

CPC classification number: H04L45/22 ,  H04L43/026 ,  H04L43/028 ,  H04L43/08 ,  H04L45/74 ,  H04L45/745 ,  H04L61/4511 ,  H04L69/16 ,  H04L45/125 ,  H04L45/302 ,  H04L45/306 ,  H04L45/308 ,  H04L45/64

Abstract: A method may include identifying an address within a packet of a traffic flow associated with a network device. The method may also include comparing the address within the packet with a stored address, the stored address associated with a route for an alternative traffic path, where the alternative traffic path may be different from a default route of traffic passing through the network device. The method may additionally include, based on the address within the packet matching the stored address, routing the packet along the alternative traffic path instead of the default route of traffic.

公开(公告)号：US11509639B2

公开(公告)日：2022-11-22

申请号：US17023224

申请日：2020-09-16

Applicant: Cisco Technology, Inc.

Inventor： Praveen Raju Kariyanahalli ,  Mosaddaq Hussain Turabi ,  Murtuza Attarwala

IPC: H04L9/40

Abstract: In some examples, an example method to provide an IPsec anti-replay window with quality of service (QoS) at a first network endpoint may include configuring a multiple number of anti-replay windows, generating a first security association (SA), and establishing the first SA with a second network endpoint. The first SA may include a first multiple number of security parameter indexes (SPIs), where each of the first multiple number of SPIs may be assigned to a specific QoS level, and each of the first multiple number of SPIs may be assigned to one of the multiple number of anti-replay windows. Establishing the first SA with the second network endpoint may include assigning the first SA to a first encryption key, and providing the first encryption key to the second network endpoint.