公开(公告)号：US20200252374A1

公开(公告)日：2020-08-06

申请号：US16373055

申请日：2019-04-02

Applicant: Cisco Technology, Inc.

Inventor： Peter Bosch ,  Alessandro Duminuco ,  Jeffrey Napper ,  Sape Jurrien Mullender ,  David Delano Ward

IPC: H04L29/06 ,  H04L29/12 ,  H04L12/46

Abstract: Systems, methods, and computer-readable storage media are provided for managing application traffic. A routing policy defines the data flow path between the client device (which uses a virtual private network (VPN) client) and the appropriate network-based service. Based on various factors associated with the user, the client device, and the destination (e.g. network-based service), the routing policy will direct the VPN client to communicate with either a public DNS (via the public Internet) or to a private DNS (via the private Intranet). The resulting IP addresses will be used to establish a particular route (either over a public Internet or private Intranet) between the client device and the network-based service in accordance to the routing policy.

公开(公告)号：US20180357108A1

公开(公告)日：2018-12-13

申请号：US15617190

申请日：2017-06-08

Applicant: Cisco Technology, Inc.

Inventor： Sape Mullender ,  David Richard Barach ,  Jim McKie ,  Peter Bosch

IPC: G06F9/50 ,  G06F3/06 ,  G06F9/44 ,  G06F9/455

Abstract: A baseboard management controller (BMC) can physically partition the computing resources of a physical host into different resource groups for concurrently running a different operating system per resource group. The BMC can allocate a first processor of the host to a first resource group and a second processor of the host to a second resource group. The BMC can separate the memory of the host into a first memory range for the first processor and a second memory range for the second processor, and the BMC can limit access to the first memory range to the first processor and limit access to the second memory range to the second processor. The BMC can also distribute physical or virtual peripheral devices of the host between the first processor and the second processor.

公开(公告)号：US11146620B2

公开(公告)日：2021-10-12

申请号：US15899179

申请日：2018-02-19

Applicant: Cisco Technology, Inc.

Inventor： Peter Bosch ,  Jeffrey Napper ,  Alessandro Duminuco ,  Michael Francis O'Gorman ,  Sean Chandler ,  Roman Sorokin ,  David Delano Ward ,  Baton Daullxhi ,  Florin Stelian Balus

IPC: H04L29/08 ,  G06F9/50 ,  G06F8/35 ,  G06F8/60 ,  G06F8/71

Abstract: The present disclosure involves systems and methods for (a) model distributed applications for multi-cloud deployments, (b) derive, by way of policy, executable orchestrator descriptors, (c) model underlying (cloud) services (private, public, server-less and virtual-private) as distributed applications themselves, (d) dynamically create such cloud services if these are unavailable for the distributed application, (e) manage those resources equivalent to the way distributed applications are managed; and (f) present how these techniques are stackable. As applications may be built on top of cloud services, which themselves can be built on top of other cloud services (e.g., virtual private clouds on public cloud, etc.) even cloud services themselves may be considered applications in their own right, thus supporting putting cloud services on top of other cloud services.

公开(公告)号：US10521273B2

公开(公告)日：2019-12-31

申请号：US15617190

申请日：2017-06-08

Applicant: Cisco Technology, Inc.

Inventor： Sape Mullender ,  David Richard Barach ,  Jim McKie ,  Peter Bosch

IPC: G06F9/50 ,  G06F3/06 ,  G06F9/4401 ,  G06F9/455

Abstract: A baseboard management controller (BMC) can physically partition the computing resources of a physical host into different resource groups for concurrently running a different operating system per resource group. The BMC can allocate a first processor of the host to a first resource group and a second processor of the host to a second resource group. The BMC can separate the memory of the host into a first memory range for the first processor and a second memory range for the second processor, and the BMC can limit access to the first memory range to the first processor and limit access to the second memory range to the second processor. The BMC can also distribute physical or virtual peripheral devices of the host between the first processor and the second processor.

公开(公告)号：US20150281173A1

公开(公告)日：2015-10-01

申请号：US14225279

申请日：2014-03-25

Applicant: CISCO TECHNOLOGY, INC.

Inventor： Paul Quinn ,  Jim Guichard ,  Surendra Kumar ,  Peter Bosch

IPC: H04L29/12

CPC classification number: H04L61/256 ,  H04L41/0893 ,  H04L61/2507 ,  H04L61/6068

Abstract: In one embodiment, a method includes receiving a packet associated with a flow at a network device, classifying the packet at the network device based on information received from a policy layer, inserting a Network Address Translation (NAT) indicator for the flow into the packet, and transmitting the packet in a service chain comprising network address translation. The NAT indicator is associated with the flows before and after network address translation to provide symmetry between the service chain and a return traffic service chain. An apparatus and logic are also disclosed herein.

Abstract translation: 在一个实施例中，一种方法包括接收与网络设备上的流相关联的分组，基于从策略层接收的信息对网络设备上的分组进行分类，将流的网络地址转换（NAT）指示符插入到分组中 并且在包括网络地址转换的服务链中传送分组。 NAT指示符与网络地址转换之前和之后的流相关联，以提供服务链和返回业务链之间的对称性。 本文还公开了一种装置和逻辑。

公开(公告)号：US11115387B2

公开(公告)日：2021-09-07

申请号：US16373055

申请日：2019-04-02

Applicant: Cisco Technology, Inc.

Inventor： Peter Bosch ,  Alessandro Duminuco ,  Jeffrey Napper ,  Sape Jurrien Mullender ,  David Delano Ward

IPC: H04L29/06 ,  H04L29/12 ,  H04L12/46

Abstract: Systems, methods, and computer-readable storage media are provided for managing application traffic. A routing policy defines the data flow path between the client device (which uses a virtual private network (VPN) client) and the appropriate network-based service. Based on various factors associated with the user, the client device, and the destination (e.g. network-based service), the routing policy will direct the VPN client to communicate with either a public DNS (via the public Internet) or to a private DNS (via the private Intranet). The resulting IP addresses will be used to establish a particular route (either over a public Internet or private Intranet) between the client device and the network-based service in accordance to the routing policy.

公开(公告)号：US10303450B2

公开(公告)日：2019-05-28

申请号：US15704904

申请日：2017-09-14

Applicant: Cisco Technology, Inc.

Inventor： Peter Bosch ,  Jeffrey Napper ,  Alessandro Duminuco ,  Michael Francis O'Gorman ,  Sean Chandler ,  Roman Sorokin ,  David Delano Ward

IPC: H04L29/08 ,  G06F8/60 ,  G06F8/61

Abstract: The present disclosure involves systems and methods for compiling abstract application and associated service models into deployable descriptors under control of a series of policies, maintaining and enforcing dependencies between policies and applications/services, and deploying policies as regularly managed policy applications themselves. In particular, an orchestration system includes one or more policy applications that are executed to apply policies to a deployable application or service in a computing environment. In general, the orchestration system operates to create one or more solution models for execution of an application on one or more computing environments (such as one or more cloud computing environments) based on a received request for deployment.

公开(公告)号：US20190082004A1

公开(公告)日：2019-03-14

申请号：US15899179

申请日：2018-02-19

Applicant: Cisco Technology, Inc.

Inventor： Peter Bosch ,  Jeffrey Napper ,  Alessandro Duminuco ,  Michael Francis O'Gorman ,  Sean Chandler ,  Roman Sorokin ,  David Delano Ward ,  Baton Daullxhi ,  Florin Stelian Balus

IPC: H04L29/08 ,  G06F9/50

Abstract: The present disclosure involves systems and methods for (a) model distributed applications for multi-cloud deployments, (b) derive, by way of policy, executable orchestrator descriptors, (c) model underlying (cloud) services (private, public, server-less and virtual-private) as distributed applications themselves, (d) dynamically create such cloud services if these are unavailable for the distributed application, (e) manage those resources equivalent to the way distributed applications are managed; and (f) present how these techniques are stackable. As applications may be built on top of cloud services, which themselves can be built on top of other cloud services (e.g., virtual private clouds on public cloud, etc.) even cloud services themselves may be considered applications in their own right, thus supporting putting cloud services on top of other cloud services.

公开(公告)号：US20190079744A1

公开(公告)日：2019-03-14

申请号：US15704904

申请日：2017-09-14

Applicant: Cisco Technology, Inc.

Inventor： Peter Bosch ,  Jeffrey Napper ,  Alessandro Duminuco ,  Michael Francis O'Gorman ,  Sean Chandler ,  Roman Sorokin ,  David Delano Ward

IPC: G06F9/445 ,  H04L29/08

Abstract: The present disclosure involves systems and methods for compiling abstract application and associated service models into deployable descriptors under control of a series of policies, maintaining and enforcing dependencies between policies and applications/services, and deploying policies as regularly managed policy applications themselves. In particular, an orchestration system includes one or more policy applications that are executed to apply policies to a deployable application or service in a computing environment. In general, the orchestration system operates to create one or more solution models for execution of an application on one or more computing environments (such as one or more cloud computing environments) based on a received request for deployment.

公开(公告)号：US09930008B2

公开(公告)日：2018-03-27

申请号：US14225279

申请日：2014-03-25

Applicant: CISCO TECHNOLOGY, INC.

Inventor： Paul Quinn ,  Jim Guichard ,  Surendra Kumar ,  Peter Bosch

IPC: G06F15/16 ,  H04L12/28 ,  H04L29/12 ,  H04L12/24

CPC classification number: H04L61/256 ,  H04L41/0893 ,  H04L61/2507 ,  H04L61/6068

Abstract: In one embodiment, a method includes receiving a packet associated with a flow at a network device, classifying the packet at the network device based on information received from a policy layer, inserting a Network Address Translation (NAT) indicator for the flow into the packet, and transmitting the packet in a service chain comprising network address translation. The NAT indicator is associated with the flows before and after network address translation to provide symmetry between the service chain and a return traffic service chain. An apparatus and logic are also disclosed herein.