公开(公告)号：US12184547B2

公开(公告)日：2024-12-31

申请号：US18367941

申请日：2023-09-13

Applicant: Cisco Technology, Inc.

Inventor： Kyle Andrew Donald Mestery ,  Christopher Blair Murray ,  Jon Langemak ,  Rahim Lalani ,  Alvin Wong

IPC: H04L45/74 ,  H04L12/46 ,  H04L41/0816 ,  H04L41/0853 ,  H04L45/00 ,  H04L45/02 ,  H04L45/30 ,  H04L45/42 ,  H04L45/50 ,  H04L45/586 ,  H04L45/741 ,  H04L45/745 ,  H04L67/51

Abstract: Techniques for using global virtual network instance (VNI) labels in a multi-domain network to route network data with a multi-tenant network overlay are described herein. A routing device provisioned in a network domain of the multi-domain network may register with a service discovery system of the network domain for use of network configuration data to establish routes through the multi-domain network with network nodes. Each network domain of the multi-domain network may include an application programming interface (API) server for processing API requests to make changes to configurations of a network domain. A border gateway protocol (BGP) large community may be utilized to encode global VNI labels, network addresses, local next hop nodes, and/or additional network information and sent to routing devices provisioned in separate network domains. A service chain may be signaled by global VNI labels to route network traffic through various services prior to reaching a destination endpoint.

公开(公告)号：US20240243971A1

公开(公告)日：2024-07-18

申请号：US18620459

申请日：2024-03-28

Applicant: Cisco Technology, Inc.

Inventor： Pankaj Chitrigi Ganesh ,  Kyle Andrew Donald Mestery ,  Danxiang Li ,  Rahim Lalani ,  Andrzej Konrad Kielbasinski

IPC: H04L41/082 ,  H04L12/46 ,  H04L45/00 ,  H04L67/1031 ,  H04L67/563

CPC classification number: H04L41/082 ,  H04L12/4675 ,  H04L45/22 ,  H04L67/1031 ,  H04L67/563

Abstract: Techniques for the transparent rolling of nodes in a cloud-delivered headend service without disrupting client traffic or making users aware of the various nodes in the system being rolled are described herein. The techniques may include receiving an indication that a first node of a network is to be rolled. Based at least in part on the indication, new connection requests may not be sent to the first intermediate node. Additionally, a client device having an existing connection through the first node may be identified. In some examples, a request may be sent to the client device to prompt the client device to establish a new connection. After determining that the new connection has been established such that the new connection flows through a second node of the network, the first node may be rolled.

公开(公告)号：US20230421497A1

公开(公告)日：2023-12-28

申请号：US18367941

申请日：2023-09-13

Applicant: Cisco Technology, Inc.

Inventor： Kyle Andrew Donald Mestery ,  Christopher Blair Murray ,  Jon Langemak ,  Rahim Lalani ,  Alvin Wong

IPC: H04L45/74 ,  H04L12/46 ,  H04L45/02 ,  H04L45/50 ,  H04L45/741 ,  H04L67/51 ,  H04L41/0853 ,  H04L45/00 ,  H04L45/30 ,  H04L45/42 ,  H04L45/586 ,  H04L45/745 ,  H04L41/0816

CPC classification number: H04L45/74 ,  H04L12/4641 ,  H04L45/04 ,  H04L45/50 ,  H04L45/741 ,  H04L67/51 ,  H04L41/0853 ,  H04L45/22 ,  H04L45/30 ,  H04L12/4633 ,  H04L45/42 ,  H04L45/586 ,  H04L45/745 ,  H04L41/0816 ,  H04L45/02

Abstract: Techniques for using global virtual network instance (VNI) labels in a multi-domain network to route network data with a multi-tenant network overlay are described herein. A routing device provisioned in a network domain of the multi-domain network may register with a service discovery system of the network domain for use of network configuration data to establish routes through the multi-domain network with network nodes. Each network domain of the multi-domain network may include an application programming interface (API) server for processing API requests to make changes to configurations of a network domain. A border gateway protocol (BGP) large community may be utilized to encode global VNI labels, network addresses, local next hop nodes, and/or additional network information and sent to routing devices provisioned in separate network domains. A service chain may be signaled by global VNI labels to route network traffic through various services prior to reaching a destination endpoint.

公开(公告)号：US11848865B2

公开(公告)日：2023-12-19

申请号：US17486477

申请日：2021-09-27

Applicant: Cisco Technology, Inc.

Inventor： Kyle Andrew Donald Mestery ,  Christopher Blair Murray ,  Jon Langemak ,  Rahim Lalani ,  Alvin Wong

IPC: G06F15/173 ,  H04L45/74 ,  H04L12/46 ,  H04L45/02 ,  H04L45/50 ,  H04L45/741 ,  H04L67/51 ,  H04L41/0853 ,  H04L45/00 ,  H04L45/30 ,  H04L45/42 ,  H04L45/586 ,  H04L45/745 ,  H04L41/0816

CPC classification number: H04L45/74 ,  H04L12/4633 ,  H04L12/4641 ,  H04L41/0816 ,  H04L41/0853 ,  H04L45/02 ,  H04L45/04 ,  H04L45/22 ,  H04L45/30 ,  H04L45/42 ,  H04L45/50 ,  H04L45/586 ,  H04L45/741 ,  H04L45/745 ,  H04L67/51

Abstract: Techniques for using global virtual network instance (VNI) labels in a multi-domain network to route network data with a multi-tenant network overlay are described herein. A routing device provisioned in a network domain of the multi-domain network may register with a service discovery system of the network domain for use of network configuration data to establish routes through the multi-domain network with network nodes. Each network domain of the multi-domain network may include an application programming interface (API) server for processing API requests to make changes to configurations of a network domain. A border gateway protocol (BGP) large community may be utilized to encode global VNI labels, network addresses, local next hop nodes, and/or additional network information and sent to routing devices provisioned in separate network domains. A service chain may be signaled by global VNI labels to route network traffic through various services prior to reaching a destination endpoint.

公开(公告)号：US11689454B2

公开(公告)日：2023-06-27

申请号：US17223486

申请日：2021-04-06

Applicant: Cisco Technology, Inc.

Inventor： Kyle Andrew Donald Mestery ,  Rahim Lalani

IPC: H04L45/00 ,  H04L45/02 ,  H04L45/24 ,  H04L45/42

CPC classification number: H04L45/566 ,  H04L45/02 ,  H04L45/22 ,  H04L45/24 ,  H04L45/42

Abstract: Techniques for multi-tenant overlays with per-tenant distributed routing are described herein. The techniques may include provisioning an overlay network such that tenants hosted by a forwarding plane of the overlay network are each configured to forward routing protocol packets to a routing control plane of the overlay network and the routing control plane of the overlay network is configured to determine routing paths between each tenant and respective destinations. A routing protocol packet may be sent to the routing control plane by a first tenant. The routing protocol packet may include an indication of a destination that is served by the first tenant. Based on receiving the routing protocol packet, the routing control plane may determine one or more routing paths between the tenants and the destination. Additionally, an indication of the routing path may be sent to the tenants.

公开(公告)号：US11979284B2

公开(公告)日：2024-05-07

申请号：US17462781

申请日：2021-08-31

Applicant: Cisco Technology, Inc.

Inventor： Pankaj Chitrigi Ganesh ,  Kyle Andrew Donald Mestery ,  Danxiang Li ,  Rahim Lalani ,  Andrzej Konrad Kielbasinski

IPC: H04L41/082 ,  H04L12/46 ,  H04L45/00 ,  H04L67/1031 ,  H04L67/563

CPC classification number: H04L41/082 ,  H04L12/4675 ,  H04L45/22 ,  H04L67/1031 ,  H04L67/563

Abstract: Techniques for the transparent rolling of nodes in a cloud-delivered headend service without disrupting client traffic or making users aware of the various nodes in the system being rolled are described herein. The techniques may include receiving an indication that a first node of a network is to be rolled. Based at least in part on the indication, new connection requests may not be sent to the first intermediate node. Additionally, a client device having an existing connection through the first node may be identified. In some examples, a request may be sent to the client device to prompt the client device to establish a new connection. After determining that the new connection has been established such that the new connection flows through a second node of the network, the first node may be rolled.

公开(公告)号：US20230097734A1

公开(公告)日：2023-03-30

申请号：US17491163

申请日：2021-09-30

Applicant: Cisco Technology, Inc.

Inventor： Vincent Parla ,  Kyle Andrew Donald Mestery ,  Rahim Lalani ,  Scott Roy Fluhrer

IPC: H04L29/06

Abstract: A system and computer-implemented method for routing an encrypted packet through a cloud enforcement network based on a metadata tag. The cloud enforcement network applies policy and routing attributions or tags outside of the encrypted packet payload in such a way as to not require an inner packet to first be decrypted. Traffic prioritization, data protection, and per application policies are achieved by using such metadata tags for internode routing without the need for DPI or decryption. Furthermore, the metadata itself can also be signed or encrypted depending on the provenance of the data. As such, applying meta-tagging external to an encrypted packet, the payload would not be needed to be decrypted during transit of the packet to express end-to-end policy and routing decisions.

公开(公告)号：US20230066784A1

公开(公告)日：2023-03-02

申请号：US17462781

申请日：2021-08-31

Applicant: Cisco Technology, Inc.

Inventor： Pankaj Chitrigi Ganesh ,  Kyle Andrew Donald Mestery ,  Danxiang Li ,  Rahim Lalani ,  Andrzej Konrad Kielbasinski

IPC: H04L12/24 ,  H04L12/707 ,  H04L29/08 ,  H04L12/46

Abstract: Techniques for the transparent rolling of nodes in a cloud-delivered headend service without disrupting client traffic or making users aware of the various nodes in the system being rolled are described herein. The techniques may include receiving an indication that a first node of a network is to be rolled. Based at least in part on the indication, new connection requests may not be sent to the first intermediate node. Additionally, a client device having an existing connection through the first node may be identified. In some examples, a request may be sent to the client device to prompt the client device to establish a new connection. After determining that the new connection has been established such that the new connection flows through a second node of the network, the first node may be rolled.

公开(公告)号：US20220385558A1

公开(公告)日：2022-12-01

申请号：US17486477

申请日：2021-09-27

Applicant: Cisco Technology, Inc.

Inventor： Kyle Andrew Donald Mestery ,  Christopher Blair Murray ,  Jon Langemak ,  Rahim Lalani ,  Alvin Wong

IPC: H04L12/751 ,  H04L12/717 ,  H04L12/715 ,  H04L12/713 ,  H04L12/24

Abstract: Techniques for using global virtual network instance (VNI) labels in a multi-domain network to route network data with a multi-tenant network overlay are described herein. A routing device provisioned in a network domain of the multi-domain network may register with a service discovery system of the network domain for use of network configuration data to establish routes through the multi-domain network with network nodes. Each network domain of the multi-domain network may include an application programming interface (API) server for processing API requests to make changes to configurations of a network domain. A border gateway protocol (BGP) large community may be utilized to encode global VNI labels, network addresses, local next hop nodes, and/or additional network information and sent to routing devices provisioned in separate network domains. A service chain may be signaled by global VNI labels to route network traffic through various services prior to reaching a destination endpoint.

公开(公告)号：US20220321468A1

公开(公告)日：2022-10-06

申请号：US17223486

申请日：2021-04-06

Applicant: Cisco Technology, Inc.

Inventor： Kyle Andrew Donald Mestery ,  Rahim Lalani

IPC: H04L12/721 ,  H04L12/717 ,  H04L12/707 ,  H04L12/751

Abstract: Techniques for multi-tenant overlays with per-tenant distributed routing are described herein. The techniques may include provisioning an overlay network such that tenants hosted by a forwarding plane of the overlay network are each configured to forward routing protocol packets to a routing control plane of the overlay network and the routing control plane of the overlay network is configured to determine routing paths between each tenant and respective destinations. A routing protocol packet may be sent to the routing control plane by a first tenant. The routing protocol packet may include an indication of a destination that is served by the first tenant. Based on receiving the routing protocol packet, the routing control plane may determine one or more routing paths between the tenants and the destination. Additionally, an indication of the routing path may be sent to the tenants.