公开(公告)号：US12069051B2

公开(公告)日：2024-08-20

申请号：US17743758

申请日：2022-05-13

Applicant: Cisco Technology, Inc.

Inventor： Roberto Mitsuo Kobo ,  Zheng Li ,  Gopala Krishna Andagunda ,  Einar Nilsen-Nygaard ,  Shree Murthy ,  Parthiv Shah

IPC: H04L29/06 ,  G06F9/455 ,  H04L9/40 ,  H04L61/5014

CPC classification number: H04L63/0876 ,  G06F9/45558 ,  H04L61/5014 ,  H04L63/101 ,  H04L63/20 ,  G06F2009/45587 ,  G06F2009/45595

Abstract: Techniques for authenticating and enforcing differentiated policies for a virtual machine (VM) executing in bridge mode on a wireless host device in a media access control (MAC)-based authentication network are described. In an example method a wireless host device is authorized to join a fabric enabled wireless network. A VM executes in bridge mode on the wireless host device. At the fabric edge, a source MAC address of the VM is determined. A session is created between the VM and an authentication server. The VM is authenticated. A policy for the VM is determined. A source internet protocol (IP) address is assigned to the VM to create a MAC-IP binding. A data-plane device in the fabric enabled wireless network is programmed to apply the policy to traffic communicated with the VM. Finally, the data-plane device applies the policy for the VM based at least in part on the MAC-IP binding.

公开(公告)号：US20230370453A1

公开(公告)日：2023-11-16

申请号：US17743758

申请日：2022-05-13

Applicant: Cisco Technology, Inc.

Inventor： Roberto Mitsuo Kobo ,  Zheng Li ,  Gopala Krishna Andagunda ,  Einar Nilsen-Nygaard ,  Shree Murthy ,  Parthiv Shah

IPC: H04L9/40 ,  H04L61/5014 ,  G06F9/455

CPC classification number: H04L63/0876 ,  H04L63/101 ,  H04L63/20 ,  H04L61/5014 ,  G06F9/45558 ,  G06F2009/45595 ,  G06F2009/45587

Abstract: Techniques for authenticating and enforcing differentiated policies for a virtual machine (VM) executing in bridge mode on a wireless host device in a media access control (MAC)-based authentication network are described. In an example method a wireless host device is authorized to join a fabric enabled wireless network. A VM executes in bridge mode on the wireless host device. At the fabric edge, a source MAC address of the VM is determined. A session is created between the VM and an authentication server. The VM is authenticated. A policy for the VM is determined. A source internet protocol (IP) address is assigned to the VM to create a MAC-IP binding. A data-plane device in the fabric enabled wireless network is programmed to apply the policy to traffic communicated with the VM. Finally, the data-plane device applies the policy for the VM based at least in part on the MAC-IP binding.

公开(公告)号：US20240340283A1

公开(公告)日：2024-10-10

申请号：US18746555

申请日：2024-06-18

Applicant: Cisco Technology, Inc.

Inventor： Roberto Mitsuo Kobo ,  Zheng Li ,  Gopala Krishna Andagunda ,  Einar Nilsen-Nygaard ,  Shree Murthy ,  Parthiv Shah

IPC: H04L9/40 ,  G06F9/455 ,  H04L61/5014

CPC classification number: H04L63/0876 ,  G06F9/45558 ,  H04L61/5014 ,  H04L63/101 ,  H04L63/20 ,  G06F2009/45587 ,  G06F2009/45595

Abstract: Techniques for authenticating and enforcing differentiated policies for a virtual machine (VM) executing in bridge mode on a host device are described. In an example method a fabric edge device determines a MAC address of the VM executing on the host device. The fabric edge device transmits an access request to create a session for the VM to an authentication server. The fabric edge device receives an indication that the VM is authenticated and a session for the VM has been created from the authentication server. The authentication server determines a policy to apply to packets communicated from the VM and assigns an IP address to the VM to create a MAC-IP binding for the VM. The fabric edge device applies the policy for the VM to packets with a source IP address corresponding to an IP address assigned to the VM.

公开(公告)号：US12082294B2

公开(公告)日：2024-09-03

申请号：US17554887

申请日：2021-12-17

Applicant: Cisco Technology, Inc.

Inventor： Prakash C. Jain ,  Parthiv Shah ,  Anton Smirnov

IPC: H04W8/00 ,  H04W60/04 ,  H04W76/12 ,  H04W76/15

CPC classification number: H04W8/005 ,  H04W60/04 ,  H04W76/12 ,  H04W76/15

Abstract: Techniques and architecture are described for providing connectivity and monitoring the connectivity of a fabric network controller/control plane with external and extended network controllers/control planes. The techniques and architecture provide a method that includes provisioning a control plane of a first network with a control plane of a second network. The method also includes establishing a session between the control planes of the first and second networks. The method further includes registering nodes of the first network with the control plane of the second network and providing, by the control plane of the first network to the control plane of the second network, information related to endpoints within the first network. The method also includes monitoring, reporting, and possibly taking corrective actions, by the control plane of the second network, with respect to connectivity/status between the control plane of the first network and the control plane of the second network.

公开(公告)号：US11303511B2

公开(公告)日：2022-04-12

申请号：US17004639

申请日：2020-08-27

Applicant: Cisco Technology, Inc.

Inventor： Parthiv Shah ,  Prakash C. Jain

IPC: H04L12/24 ,  H04L29/12 ,  H04L29/08 ,  H04L12/66 ,  H04L41/0806 ,  H04L67/00 ,  H04L67/51 ,  H04L67/2876 ,  H04L67/563 ,  H04L61/5014 ,  H04L41/0816

Abstract: Boot server support in an enterprise fabric network may be provided. A border device may forward, to a configuration server, a discovery message associated with a client device and the border device may forward, to a pre-boot server, the discovery message associated with a client device. The border device may then encapsulate, in response to receiving a reply to the discovery message from the configuration server and in response to receiving a reply to the discovery message from the pre-boot server, the reply to the discovery message from the pre-boot server using a Routing Locator (RLOC) from the reply to the discovery message from the configuration server. The encapsulated reply to the discovery message from the pre-boot server may include boot information. The border device may then forward the encapsulated reply to the discovery message from the pre-boot server to an edge device associated with the client device.

公开(公告)号：US20230199465A1

公开(公告)日：2023-06-22

申请号：US17554887

申请日：2021-12-17

Applicant: Cisco Technology, Inc.

Inventor： Prakash C. Jain ,  Parthiv Shah ,  Anton Smirnov

IPC: H04W8/00 ,  H04W76/15 ,  H04W60/04 ,  H04W76/12

CPC classification number: H04W8/005 ,  H04W76/15 ,  H04W60/04 ,  H04W76/12

Abstract: Techniques and architecture are described for providing connectivity and monitoring the connectivity of a fabric network controller/control plane with external and extended network controllers/control planes. The techniques and architecture provide a method that includes provisioning a control plane of a first network with a control plane of a second network. The method also includes establishing a session between the control planes of the first and second networks. The method further includes registering nodes of the first network with the control plane of the second network and providing, by the control plane of the first network to the control plane of the second network, information related to endpoints within the first network. The method also includes monitoring, reporting, and possibly taking corrective actions, by the control plane of the second network, with respect to connectivity/status between the control plane of the first network and the control plane of the second network.

公开(公告)号：US20220070276A1

公开(公告)日：2022-03-03

申请号：US17004639

申请日：2020-08-27

Applicant: Cisco Technology, Inc.

Inventor： Parthiv Shah ,  Prakash C. Jain

IPC: H04L29/08 ,  H04L12/66 ,  H04L29/12

Abstract: Boot server support in an enterprise fabric network may be provided. A border device may forward, to a configuration server, a discovery message associated with a client device and the border device may forward, to a pre-boot server, the discovery message associated with a client device. The border device may then encapsulate, in response to receiving a reply to the discovery message from the configuration server and in response to receiving a reply to the discovery message from the pre-boot server, the reply to the discovery message from the pre-boot server using a Routing Locator (RLOC) from the reply to the discovery message from the configuration server. The encapsulated reply to the discovery message from the pre-boot server may include boot information. The border device may then forward the encapsulated reply to the discovery message from the pre-boot server to an edge device associated with the client device.

公开(公告)号：US20250081157A1

公开(公告)日：2025-03-06

申请号：US18242430

申请日：2023-09-05

Applicant: Cisco Technology, Inc.

Inventor： Prakash C. Jain ,  Aaditya Nitin Vadnere ,  Parthiv Shah

IPC: H04W64/00 ,  H04W28/02

Abstract: Techniques for identifying locations of network devices in a fabric network. The method includes a network controller and/or control plane of a network fabric coupled to an access switch at a software-defined access (SDA) site. At least one mapping is registered at the SDA site and sent with the location data from the access switch to the network controller. The network controller and/or control plane is configured to at least one of to learn, update, and publish location data of a destination address from at least one mapping received from the access switch by the location data being associated with a mapping at the SDA site and destination address. The network controller identifies the location of the destination address from a received request based on associating the destination address with the location learned from the location data of at least one mapping that has been registered at the SDA site.

公开(公告)号：US11729139B2

公开(公告)日：2023-08-15

申请号：US17381539

申请日：2021-07-21

Applicant: Cisco Technology, Inc.

Inventor： Roberto Mitsuo Kobo ,  Parthiv Shah ,  Ramesh Yeevani-Srinivas

IPC: H04L12/741 ,  H04L12/721 ,  H04L29/12 ,  H04L61/5014 ,  G06F9/455 ,  H04L101/622

CPC classification number: H04L61/5014 ,  G06F9/45558 ,  G06F2009/45562 ,  G06F2009/45595 ,  H04L2101/622

Abstract: A system and method for onboarding a virtual machine in a bridge host extension mode are provided. The method includes: creating a virtual machine on a host computing device, wherein the host computing device is associated with a first MAC address and a first IP address; assigning the virtual machine a second MAC address by the host computing device; receiving a first DHCP packet from the virtual machine by the host computing device, wherein the first DHCP packet comprises a first field that includes the second MAC address; replacing the second MAC address in the first field with the first MAC address by the host computing device; adding the second MAC address to a second field of the first DHCP packet by the host computing device; and providing the first DHCP packet to a DHCP server through a network by the host computing device.

公开(公告)号：US20230034148A1

公开(公告)日：2023-02-02

申请号：US17381539

申请日：2021-07-21

Applicant: Cisco Technology, Inc.

Inventor： Roberto Mitsuo Kobo ,  Parthiv Shah ,  Ramesh Yeevani-Srinivas

IPC: H04L29/12 ,  G06F9/455

Abstract: A system and method for onboarding a virtual machine in a bridge host extension mode are provided. The method includes: creating a virtual machine on a host computing device, wherein the host computing device is associated with a first MAC address and a first IP address; assigning the virtual machine a second MAC address by the host computing device; receiving a first DHCP packet from the virtual machine by the host computing device, wherein the first DHCP packet comprises a first field that includes the second MAC address; replacing the second MAC address in the first field with the first MAC address by the host computing device; adding the second MAC address to a second field of the first DHCP packet by the host computing device; and providing the first DHCP packet to a DHCP server through a network by the host computing device.