公开(公告)号：US20250062988A1

公开(公告)日：2025-02-20

申请号：US18938015

申请日：2024-11-05

Applicant: Cisco Technology, Inc.

Inventor： Prakash C. Jain ,  Sanjay Kumar Hooda ,  Vinay Saini ,  Victor Manuel Moreno

IPC: H04L45/586 ,  H04L12/46 ,  H04L45/00 ,  H04L45/02 ,  H04L45/302

Abstract: Techniques are described herein for service chaining in fabric networks such that hardware resources can be preserved without service nodes needing additional capabilities. The techniques may include storing a first configuration associated with a first VRF instance of a service forwarding node that is connected to a first service of a service chain sequence. The first configuration may indicate an identifier and a type associated with a second service of the service chain sequence where traffic is to be sent after the first service. Additionally, the techniques may also include storing a second configuration associated with a second VRF instance of the service forwarding node that is connected to the second service. The second configuration may indicate that the second service is a last service of the service chain sequence. When traffic is received at the service forwarding node, the service forwarding node can determine whether the traffic is pre-service traffic or post-service traffic.

公开(公告)号：US12224931B2

公开(公告)日：2025-02-11

申请号：US17897634

申请日：2022-08-29

Applicant: Cisco Technology, Inc.

Inventor： Prakash C. Jain ,  Vinay Saini ,  Sanjay Kumar Hooda

IPC: H04L45/00 ,  H04L45/12

Abstract: Techniques for a Software-Defined Networking (SDN) controller associated with a multisite network to implement jurisdictional data sovereignty polices in a multisite network, route network traffic flows between user sites and destination services over one or more provider sites, and/or perform a routing operation on the network traffic flow(s) based on the jurisdictional data sovereignty policies. The jurisdictional data sovereignty polices may be implemented using destination group tags (DGTs) and/or source group tags (SGTs). A secure access service edge (SASE) associated with the network controller may generate, store, and distribute the DGTs to provider sites and/or the SGTs to user sites. Based on the SGT and/or DGT associated with a network traffic flow, one or more services may be applied to the network traffic flow, and the network traffic flow may be routed through a particular region of a software-defined access (SDA) transit.

公开(公告)号：US12192057B2

公开(公告)日：2025-01-07

申请号：US18677720

申请日：2024-05-29

Applicant: Cisco Technology, Inc.

Inventor： Sanjay Kumar Hooda ,  Muninder Singh Sambi ,  Victor Moreno ,  Prakash C. Jain ,  Tarunesh Ahuja ,  Satish Kondalam

IPC: H04L41/0893 ,  G06F9/455 ,  H04L12/46

Abstract: Systems, methods, and computer-readable storage media are provided for provisioning a common subnet across a number of subscribers and their respective virtual networks using dynamically generated network policies that provide isolation between the subscribers. The dynamic generation of the network policies is performed when a host (e.g. client) is detected (via a switch) as the host joins the computing network via virtual networks. This ability to configure a common subnet for all the subscriber virtual networks allows these subscribers to more easily access external shared services coming from a headquarter site while keeping the separation and segmentation of multiple subscriber virtual networks within a single subnet. This allows the Enterprise fabric to be more simple and convenient to deploy without making security compromises.

公开(公告)号：US12184539B2

公开(公告)日：2024-12-31

申请号：US18303493

申请日：2023-04-19

Applicant: Cisco Technology, Inc.

Inventor： Anubhav Gupta ,  Rex Fernando ,  Sanjay Kumar Hooda ,  Syam Sundar Appala ,  Samir Thoria

IPC: H04L45/302 ,  H04L12/28 ,  H04L45/74 ,  H04L47/20

Abstract: In one embodiment, a method by an edge router configured to operate at a first site of a software-defined wide-area network includes receiving a data packet from a first host located in the first site, where the data packet is destined to a second host located in a second site, determining that an identifier of a second group to which the second host belongs is not available at the edge router, sending a request for an identifier of the second group to a network apparatus, where the request may comprise an address of the second host, receiving a response comprising the identifier of the second group from the network apparatus, determining that the second group is a destination group, applying one or more policies associated with the destination group to the data packet, and causing the data packet to be routed to the second host.

公开(公告)号：US20240348681A1

公开(公告)日：2024-10-17

申请号：US18754465

申请日：2024-06-26

Applicant: Cisco Technology, Inc.

Inventor： Prakash C. Jain ,  Sanjay Kumar Hooda ,  Marc Portoles Comeras ,  Vinay Saini ,  Victor Manuel Moreno

IPC: H04L67/1001 ,  H04L41/0893 ,  H04L41/122 ,  H04L45/76 ,  H04L67/51

CPC classification number: H04L67/10015 ,  H04L41/0893 ,  H04L41/122 ,  H04L45/76 ,  H04L67/51

Abstract: This disclosure describes techniques and mechanisms for providing hybrid cloud services for enterprise fabric. The techniques include enhancing an on-demand protocol (e.g., such as LISP) and allowing simplified security and/or firewall service insertion for datacenter servers providing those services. Accordingly, the techniques described herein provide hybrid cloud services that work in disaggregated, distributed, and consistent way, while avoiding complex datacenter network devices (e.g., such running overlay on TOR), replacing and moving the functionality to on demand protocol enabled servers, which intelligently receive the required mappings as well as registers and publishes the service information to intelligently interact with the network.

公开(公告)号：US12107734B2

公开(公告)日：2024-10-01

申请号：US18360451

申请日：2023-07-27

Applicant: Cisco Technology, Inc.

Inventor： Sanjay Kumar Hooda ,  Muninder Singh Sambi ,  Victor Moreno ,  Prakash C. Jain ,  Tarunesh Ahuja ,  Satish Kondalam

IPC: H04L41/0893 ,  G06F9/455 ,  H04L12/46

CPC classification number: H04L41/0893 ,  G06F9/45558 ,  H04L12/4633 ,  H04L12/4641 ,  G06F2009/45587 ,  G06F2009/45595

Abstract: Systems, methods, and computer-readable storage media are provided for provisioning a common subnet across a number of subscribers and their respective virtual networks using dynamically generated network policies that provide isolation between the subscribers. The dynamic generation of the network policies is performed when a host (e.g. client) is detected (via a switch) as the host joins the computing network via virtual networks. This ability to configure a common subnet for all the subscriber virtual networks allows these subscribers to more easily access external shared services coming from a headquarter site while keeping the separation and segmentation of multiple subscriber virtual networks within a single subnet. This allows the Enterprise fabric to be more simple and convenient to deploy without making security compromises.

公开(公告)号：US20240267326A1

公开(公告)日：2024-08-08

申请号：US18640438

申请日：2024-04-19

Applicant: Cisco Technology, Inc.

Inventor： Sanjay Kumar Hooda ,  Anoop Vetleth ,  Himanshu Mehra ,  Rajeev Kumar

IPC: H04L45/00 ,  H04L43/0829 ,  H04L43/0852 ,  H04L43/087

CPC classification number: H04L45/70 ,  H04L43/0829 ,  H04L43/0858 ,  H04L43/087

Abstract: Systems, methods, and computer-readable media are provided for performing secure frame encryption as a service. For instance, a network edge device can determine at least a first path and a second path for routing a data packet. The network edge device can obtain a first plurality of values for at least one network metric, wherein the first plurality of values corresponds to the first path and at least a first backup path associated with the first path. The network edge device can obtain a second plurality of values for the at least one network metric, wherein the second plurality of values corresponds to the second path and at least a second backup path associated with the second path. The network edge device can select a path for routing the data packet based on a comparison of the first plurality of values and the second plurality of values.

公开(公告)号：US20240235991A9

公开(公告)日：2024-07-11

申请号：US17972119

申请日：2022-10-24

Applicant: Cisco Technology, Inc.

Inventor： Prakash C. Jain ,  Vinay Saini ,  Sanjay Kumar Hooda

IPC: H04L45/30 ,  H04L45/302

CPC classification number: H04L45/30 ,  H04L45/302

Abstract: This disclosure describes techniques for employing an adaptive mechanism in communications among network devices. Adaptive mechanism techniques may include adapting network operations relative to characteristics of devices and/or network access technologies or mechanisms used in the network. Adaptation may help to accommodate a wider variety of types of devices. For instance, adaptive mechanism techniques may include determining, based on characteristics of a device in the network, a forwarding mechanism to be used at an access device to forward data traffic from the device to another device via the network. As such, adaptive mechanism techniques may provide more efficient integration of devices within a complex network, thereby improving network operations.

公开(公告)号：US20240137314A1

公开(公告)日：2024-04-25

申请号：US18545931

申请日：2023-12-19

Applicant: Cisco Technology, Inc.

Inventor： Prakash C. Jain ,  Sanjay Kumar Hooda ,  Vinay Saini ,  Victor Manuel Moreno

IPC: H04L45/586 ,  H04L45/00 ,  H04L45/02 ,  H04L45/302

CPC classification number: H04L45/586 ,  H04L45/04 ,  H04L45/306 ,  H04L45/54 ,  H04L12/4633

Abstract: Techniques are described herein for service chaining in fabric networks such that hardware resources can be preserved without service nodes needing additional capabilities. The techniques may include storing a first configuration associated with a first VRF instance of a service forwarding node that is connected to a first service of a service chain sequence. The first configuration may indicate an identifier and a type associated with a second service of the service chain sequence where traffic is to be sent after the first service. Additionally, the techniques may also include storing a second configuration associated with a second VRF instance of the service forwarding node that is connected to the second service. The second configuration may indicate that the second service is a last service of the service chain sequence. When traffic is received at the service forwarding node, the service forwarding node can determine whether the traffic is pre-service traffic or post-service traffic.

公开(公告)号：US20240098535A1

公开(公告)日：2024-03-21

申请号：US18524474

申请日：2023-11-30

Applicant: Cisco Technology, Inc.

Inventor： Balaji Sundararajan ,  Sanjay Kumar Hooda ,  Venkatesh Ramachandra Gota ,  Chandramouli Balasubramanian ,  Anand Oswal

IPC: H04W24/08 ,  H04W28/02 ,  H04W28/24 ,  H04W36/22 ,  H04W48/06

CPC classification number: H04W24/08 ,  H04W28/0221 ,  H04W28/0284 ,  H04W28/0289 ,  H04W28/24 ,  H04W36/22 ,  H04W48/06

Abstract: Systems and methods for managing traffic in a hybrid environment include monitoring traffic load of a local network to determine whether the traffic load exceeds or is likely to exceed a maximum traffic load, where the maximum traffic load is a traffic load for which a service can be provided by the local network, based on a license. An excess traffic load is determined if the traffic load exceeds or is likely to exceed the maximum traffic load. One or more external networks which have a capacity to provide the service to the excess traffic load are determined, to which the excess traffic load is migrated. The local network includes one or more service instances for providing the service for up to the maximum traffic load, and the service to the excess traffic load is provided by one or more additional service instances in the one or more external networks.