公开(公告)号：US20150207729A1

公开(公告)日：2015-07-23

申请号：US14160804

申请日：2014-01-22

Applicant: Cisco Technology, Inc.

Inventor： Roque Gagliano ,  Alvaro E. Retana ,  Keyur P. Patel ,  Burjiz F. Pithawala ,  Ed Kern ,  Carlos M. Pignataro

IPC: H04L12/721 ,  H04L29/08 ,  H04L12/24 ,  H04L12/741 ,  H04L12/805

CPC classification number: H04L45/44 ,  H04L41/0893 ,  H04L45/04 ,  H04L45/745 ,  H04L47/36 ,  H04L67/2819 ,  H04L69/22

Abstract: In one embodiment, a router located at an exit edge of an autonomous system (AS) receives a data packet in a data plane, and determines a destination of the data packet and an associated AS-path information to the destination. The router may then insert the AS-path information into the data packet, and forwards the data packet with the AS-path information toward the destination, such that a receiving device in a destination AS can validate whether the data packet was routed through a path that was secure from a control plane perspective based on a collection of one or more insertions of AS-path information.

Abstract translation: 在一个实施例中，位于自治系统（AS）的出口边缘处的路由器接收数据平面中的数据分组，并且确定数据分组的目的地和相关联的AS路径信息到目的地。 路由器然后可以将AS路径信息插入到数据包中，并将数据包与AS路径信息转发到目的地，使得目的地AS中的接收设备可以验证数据包是否通过路径路由 基于AS路径信息的一个或多个插入的集合，从控制平面的角度来看是安全的。

公开(公告)号：US09722919B2

公开(公告)日：2017-08-01

申请号：US14160804

申请日：2014-01-22

Applicant: Cisco Technology, Inc.

Inventor： Roque Gagliano ,  Alvaro E. Retana ,  Keyur P. Patel ,  Burjiz F. Pithawala ,  Ed Kern ,  Carlos M. Pignataro

IPC: H04L29/08 ,  H04L12/721 ,  H04L12/741 ,  H04L12/805 ,  H04L12/715 ,  H04L29/06 ,  H04L12/24

CPC classification number: H04L45/44 ,  H04L41/0893 ,  H04L45/04 ,  H04L45/745 ,  H04L47/36 ,  H04L67/2819 ,  H04L69/22

Abstract: In one embodiment, a router located at an exit edge of an autonomous system (AS) receives a data packet in a data plane, and determines a destination of the data packet and an associated AS-path information to the destination. The router may then insert the AS-path information into the data packet, and forwards the data packet with the AS-path information toward the destination, such that a receiving device in a destination AS can validate whether the data packet was routed through a path that was secure from a control plane perspective based on a collection of one or more insertions of AS-path information.

公开(公告)号：US09654482B2

公开(公告)日：2017-05-16

申请号：US14160968

申请日：2014-01-22

Applicant: Cisco Technology, Inc.

Inventor： Roque Gagliano ,  Alvaro E. Retana ,  Keyur P. Patel

IPC: H04L29/06

CPC classification number: H04L63/108 ,  H04L63/029

Abstract: In one embodiment, a validation server in a computer network determines that an edge router of the computer network has blocked access to a desired server address based on the edge router not having authentication information for the desired server address. In response, the server creates a white-listing policy to temporarily allow access to the desired server address at the edge router, and sends the white-listing policy to the edge router. The validation server may then proceed with performing server fetching operations to the desired server address from the validation server while the white-listing policy is in effect, and instructs the edge device to remove the white-listing policy once the server fetching operations are completed.

公开(公告)号：US20240388932A1

公开(公告)日：2024-11-21

申请号：US18197262

申请日：2023-05-15

Applicant: Cisco Technology, Inc.

Inventor： Domenico Ficara ,  Pascal Thubert ,  Amine Choukir ,  Roque Gagliano

IPC: H04W24/08 ,  H04W24/10

Abstract: Techniques for improving telemetry in resource-constrained device environments. In some examples, the techniques include gossiping telemetry information between peer devices of a wireless network to, among other things, reduce telemetry cost and/or an amount of telemetry data streamed to a telemetry collector. In some examples, the techniques may also include intelligently exporting telemetry data from resource-constrained devices towards backend systems without exhausting the resource-constrained devices and/or the backend systems. In examples, the telemetry data may be contextual information associated with an endpoint, an application, a network-device resource (e.g., CPU, battery, memory, storage, etc.), geographical constraints, and/or the like.

公开(公告)号：US09641430B2

公开(公告)日：2017-05-02

申请号：US14160736

申请日：2014-01-22

Applicant: Cisco Technology, Inc.

Inventor： Roque Gagliano ,  Alvaro E. Retana ,  Keyur P. Patel ,  Carlos M. Pignataro

IPC: H04L12/721 ,  H04L12/24 ,  H04L12/26 ,  H04L12/715 ,  H04L9/32

CPC classification number: H04L45/44 ,  H04L9/3265 ,  H04L41/12 ,  H04L43/10 ,  H04L45/04

Abstract: In one embodiment, a plurality of packets is sent from an origin device along a communication path toward a destination device. Each packet includes a lifespan indicator which is incrementally increased for each subsequently sent packet. A plurality of response messages are received at the origin device from a plurality of intermediate devices, respectively. A plurality of secure path objects included in the plurality of response messages, respectively, is determined. Additionally, the plurality of secure path objects are validated based on validation information accessible by the origin device. Validation results of the plurality of secure path objects are checked to determine whether a packet that is sent from the origin device and received by the destination device travels along a particular communication path as dictated by control plane information.

公开(公告)号：US20250039068A1

公开(公告)日：2025-01-30

申请号：US18360099

申请日：2023-07-27

Applicant: Cisco Technology, Inc.

Inventor： Roque Gagliano ,  Marcelo Yannuzzi ,  Carlos M. Pignataro ,  Francisco Sedano Crippa

IPC: H04L43/04 ,  H04L43/12

Abstract: In one example embodiment, at least one processor determines an impact of an event on a network to a network application based on network data and telemetry information of the network application. The telemetry information of the network application is obtained from the network application placed under conditions corresponding to the event. The at least one processor adjusts operation of the network application based on the impact.

公开(公告)号：US20180270113A1

公开(公告)日：2018-09-20

申请号：US15460391

申请日：2017-03-16

Applicant: Cisco Technology, Inc.

Inventor： Nagendra Kumar Nainar ,  Carlos M. Pignataro ,  Rajiv Asati ,  Roque Gagliano

IPC: H04L12/24 ,  H04L12/851 ,  H04L12/26

CPC classification number: H04L43/0876 ,  H04L41/16 ,  H04L41/5019

Abstract: In one embodiment, a device in a network receives traffic sent via a service function chain (SFC). The device models one or more behavioral characteristics of the traffic using a machine learning-based service function in the SFC. The device causes a change to the SFC based on the modeled one or more behavioral characteristics of the traffic.

公开(公告)号：US20150207818A1

公开(公告)日：2015-07-23

申请号：US14160968

申请日：2014-01-22

Applicant: Cisco Technology, Inc.

Inventor： Roque Gagliano ,  Alvaro E. Retana ,  Keyur P. Patel

IPC: H04L29/06

CPC classification number: H04L63/108 ,  H04L63/029

Abstract: In one embodiment, a validation server in a computer network determines that an edge router of the computer network has blocked access to a desired server address based on the edge router not having authentication information for the desired server address. In response, the server creates a white-listing policy to temporarily allow access to the desired server address at the edge router, and sends the white-listing policy to the edge router. The validation server may then proceed with performing server fetching operations to the desired server address from the validation server while the white-listing policy is in effect, and instructs the edge device to remove the white-listing policy once the server fetching operations are completed.

Abstract translation: 在一个实施例中，计算机网络中的验证服务器基于没有所需服务器地址的认证信息的边缘路由器确定计算机网络的边缘路由器已经阻止对所需服务器地址的访问。 作为响应，服务器创建一个白名单策略，以临时允许访问边缘路由器上所需的服务器地址，并将白名单策略发送到边缘路由器。 然后，当白名单策略生效时，验证服务器可以继续从验证服务器执行服务器提取操作到所需的服务器地址，并且一旦完成了服务器提取操作，就指示边缘设备删除白名单策略。

公开(公告)号：US20150207728A1

公开(公告)日：2015-07-23

申请号：US14160736

申请日：2014-01-22

Applicant: Cisco Technology, Inc.

Inventor： Roque Gagliano ,  Alvaro E. Retana ,  Keyur P. Patel ,  Carlos M. Pignataro

IPC: H04L12/721 ,  H04L12/24

CPC classification number: H04L45/44 ,  H04L9/3265 ,  H04L41/12 ,  H04L43/10 ,  H04L45/04

Abstract: In one embodiment, a plurality of packets is sent from an origin device along a communication path toward a destination device. Each packet includes a lifespan indicator which is incrementally increased for each subsequently sent packet. A plurality of response messages are received at the origin device from a plurality of intermediate devices, respectively. A plurality of secure path objects included in the plurality of response messages, respectively, is determined. Additionally, the plurality of secure path objects are validated based on validation information accessible by the origin device. Validation results of the plurality of secure path objects are checked to determine whether a packet that is sent from the origin device and received by the destination device travels along a particular communication path as dictated by control plane information.

Abstract translation: 在一个实施例中，多个分组从原始设备沿着通信路径发送到目的设备。 每个分组包括一个寿命指示符，其对于每个随后发送的分组而递增地增加。 在原始设备上分别从多个中间设备接收多个响应消息。 确定分别包括在多个响应消息中的多个安全路径对象。 另外，基于原始设备可访问的验证信息来验证多个安全路径对象。 检查多个安全路径对象的验证结果以确定从原始设备发送并且由目的地设备接收的分组是否沿着由控制平面信息指定的特定通信路径传播。