公开(公告)号：US20240275727A1

公开(公告)日：2024-08-15

申请号：US18166571

申请日：2023-02-09

Applicant: Cisco Technology, Inc.

Inventor： Kiran Sasidharan Pillai ,  Rajagopalan Janakiraman ,  Murukanandam Panchalingam ,  Muralidhar Annabatula

IPC: H04L47/2441

CPC classification number: H04L47/2441

Abstract: The techniques described herein relate to a method including: generating a first network policy and a second network policy at a forwarding device within a network, wherein the first network policy is applied to a first traffic classification and the second network policy is applied to a second traffic classification; obtaining first traffic from an endpoint device; classifying the first traffic with the first traffic classification; applying, at the forwarding device, the first network policy to the first traffic; obtaining, at the forwarding device, an indication of a network event within the network; obtaining second traffic from the endpoint device; classifying the second traffic with the second traffic classification in response to obtaining the indication of the network event; and applying, at the forwarding device, the second network policy to the second traffic.

公开(公告)号：US10819753B2

公开(公告)日：2020-10-27

申请号：US16567995

申请日：2019-09-11

Applicant: Cisco Technology, Inc.

Inventor： Murukanandam Panchalingam ,  Umamaheswararao Karyampudi ,  Pirabhu Raman ,  Sameer Merchant

IPC: H04L29/06 ,  H04L12/743

Abstract: Disclosed are systems, methods, and computer-readable storage media for guaranteeing symmetric bi-directional policy based redirect of traffic flows. A first switch connected to a first endpoint can receive a first data packet transmitted by the first endpoint to a second endpoint connected to a second switch. The first switch can enforce an ingress data policy to the first data packet by applying a hashing algorithm to a Source Internet Protocol (SIP) value and a Destination Internet Protocol (DIP) value of the first data packet, resulting in a hash value of the first data packet. The first switch can then route the first data packet to a first service node based on the hash value of the first data packet.

公开(公告)号：US10419496B2

公开(公告)日：2019-09-17

申请号：US15186304

申请日：2016-06-17

Applicant: Cisco Technology, Inc.

Inventor： Murukanandam Panchalingam ,  Umamaheswararao Karyampudi ,  Pirabhu Raman ,  Sameer Merchant

IPC: H04L29/06 ,  H04L12/743

Abstract: Disclosed are systems, methods, and computer-readable storage media for guaranteeing symmetric bi-directional policy based redirect of traffic flows. A first switch connected to a first endpoint can receive a first data packet transmitted by the first endpoint to a second endpoint connected to a second switch. The first switch can enforce an ingress data policy to the first data packet by applying a hashing algorithm to a Source Internet Protocol (SIP) value and a Destination Internet Protocol (DIP) value of the first data packet, resulting in a hash value of the first data packet. The first switch can then route the first data packet to a first service node based on the hash value of the first data packet.

公开(公告)号：US20230096045A1

公开(公告)日：2023-03-30

申请号：US18058113

申请日：2022-11-22

Applicant: Cisco Technology, Inc.

Inventor： Murukanandam Panchalingam ,  Umamaheswararao Karyampudi ,  Gianluca Mardente ,  Aram Aghababyan

IPC: H04L9/40 ,  H04L41/0806 ,  H04L41/12 ,  H04L41/0893

Abstract: Systems, methods, and computer-readable media for on-demand security provisioning using whitelist and blacklist rules. In some examples, a system in a network including a plurality of pods can configure security policies for a first endpoint group (EPG) in a first pod, the security policies including blacklist and whitelist rules defining traffic security enforcement rules for communications between the first EPG and a second EPG in a second pods in the network. The system can assign respective implicit priorities to the one or more security policies based on a respective specificity of each policy, wherein more specific policies are assigned higher priorities than less specific policies. The system can respond to a detected move of a virtual machine associated with the first EPG to a second pod in the network by dynamically provisioning security policies for the first EPG in the second pod and removing security policies from the first pod.

公开(公告)号：US11533340B2

公开(公告)日：2022-12-20

申请号：US17146204

申请日：2021-01-11

Applicant: Cisco Technology, Inc.

Inventor： Murukanandam Panchalingam ,  Umamaheswararao Karyampudi ,  Gianluca Mardente ,  Aram Aghababyan

IPC: H04L29/06 ,  H04L12/24 ,  H04L9/40 ,  H04L41/0806 ,  H04L41/12 ,  H04L41/0893

Abstract: Systems, methods, and computer-readable media for on-demand security provisioning using whitelist and blacklist rules. In some examples, a system in a network including a plurality of pods can configure security policies for a first endpoint group (EPG) in a first pod, the security policies including blacklist and whitelist rules defining traffic security enforcement rules for communications between the first EPG and a second EPG in a second pods in the network. The system can assign respective implicit priorities to the one or more security policies based on a respective specificity of each policy, wherein more specific policies are assigned higher priorities than less specific policies. The system can respond to a detected move of a virtual machine associated with the first EPG to a second pod in the network by dynamically provisioning security policies for the first EPG in the second pod and removing security policies from the first pod.

公开(公告)号：US20190297114A1

公开(公告)日：2019-09-26

申请号：US16014644

申请日：2018-06-21

Applicant: Cisco Technology, Inc.

Inventor： Murukanandam Panchalingam ,  Umamaheswararao Karyampudi ,  Gianluca Mardente ,  Aram Aghababyan

IPC: H04L29/06 ,  H04L12/24

Abstract: Systems, methods, and computer-readable media for on-demand security provisioning using whitelist and blacklist rules. In some examples, a system in a network including a plurality of pods can configure security policies for a first endpoint group (EPG) in a first pod, the security policies including blacklist and whitelist rules defining traffic security enforcement rules for communications between the first EPG and a second EPG in a second pods in the network. The system can assign respective implicit priorities to the one or more security policies based on a respective specificity of each policy, wherein more specific policies are assigned higher priorities than less specific policies. The system can respond to a detected move of a virtual machine associated with the first EPG to a second pod in the network by dynamically provisioning security policies for the first EPG in the second pod and removing security policies from the first pod.

公开(公告)号：US20240056386A1

公开(公告)日：2024-02-15

申请号：US17819260

申请日：2022-08-11

Applicant: Cisco Technology, Inc.

Inventor： Murukanandam Panchalingam ,  Rajagopalan Janakiraman ,  Muralidhar Annabatula ,  Junyun Li ,  Hari Hara Prasad Muthulingam

IPC: H04L45/302 ,  H04L45/745

CPC classification number: H04L45/306 ,  H04L45/74591

Abstract: An embodiment of the present disclosure is directed a set of data centers and associated controls in which the data centers include network fabric comprises network routing devices configured to route bi-directional traffic symmetrically through insertable service, e.g., via the associated inter-site and intra-site controls, for a given set of policies or contracts using an ASIC or circuit-assisted arithmetic logic, enforcing such policies at the local network devices, to deterministically select the insertable services.

公开(公告)号：US11863591B2

公开(公告)日：2024-01-02

申请号：US18058113

申请日：2022-11-22

Applicant: Cisco Technology, Inc.

Inventor： Murukanandam Panchalingam ,  Umamaheswararao Karyampudi ,  Gianluca Mardente ,  Aram Aghababyan

IPC: H04L9/40 ,  H04L41/0806 ,  H04L41/12 ,  H04L41/0893

CPC classification number: H04L63/20 ,  H04L41/0806 ,  H04L41/0893 ,  H04L41/12 ,  H04L63/00 ,  H04L63/0227 ,  H04L63/101

Abstract: Systems, methods, and computer-readable media for on-demand security provisioning using whitelist and blacklist rules. In some examples, a system in a network including a plurality of pods can configure security policies for a first endpoint group (EPG) in a first pod, the security policies including blacklist and whitelist rules defining traffic security enforcement rules for communications between the first EPG and a second EPG in a second pods in the network. The system can assign respective implicit priorities to the one or more security policies based on a respective specificity of each policy, wherein more specific policies are assigned higher priorities than less specific policies. The system can respond to a detected move of a virtual machine associated with the first EPG to a second pod in the network by dynamically provisioning security policies for the first EPG in the second pod and removing security policies from the first pod.

公开(公告)号：US20210136124A1

公开(公告)日：2021-05-06

申请号：US17146204

申请日：2021-01-11

Applicant: Cisco Technology, Inc.

Inventor： Murukanandam Panchalingam ,  Umamaheswararao Karyampudi ,  Gianluca Mardente ,  Aram Aghababyan

IPC: H04L29/06 ,  H04L12/24

Abstract: Systems, methods, and computer-readable media for on-demand security provisioning using whitelist and blacklist rules. In some examples, a system in a network including a plurality of pods can configure security policies for a first endpoint group (EPG) in a first pod, the security policies including blacklist and whitelist rules defining traffic security enforcement rules for communications between the first EPG and a second EPG in a second pods in the network. The system can assign respective implicit priorities to the one or more security policies based on a respective specificity of each policy, wherein more specific policies are assigned higher priorities than less specific policies. The system can respond to a detected move of a virtual machine associated with the first EPG to a second pod in the network by dynamically provisioning security policies for the first EPG in the second pod and removing security policies from the first pod.

公开(公告)号：US10917436B2

公开(公告)日：2021-02-09

申请号：US16014644

申请日：2018-06-21

Applicant: Cisco Technology, Inc.

Inventor： Murukanandam Panchalingam ,  Umamaheswararao Karyampudi ,  Gianluca Mardente ,  Aram Aghababyan

IPC: H04L29/06 ,  H04L12/24

Abstract: Systems, methods, and computer-readable media for on-demand security provisioning using whitelist and blacklist rules. In some examples, a system in a network including a plurality of pods can configure security policies for a first endpoint group (EPG) in a first pod, the security policies including blacklist and whitelist rules defining traffic security enforcement rules for communications between the first EPG and a second EPG in a second pods in the network. The system can assign respective implicit priorities to the one or more security policies based on a respective specificity of each policy, wherein more specific policies are assigned higher priorities than less specific policies. The system can respond to a detected move of a virtual machine associated with the first EPG to a second pod in the network by dynamically provisioning security policies for the first EPG in the second pod and removing security policies from the first pod.