公开(公告)号：US20240015225A1

公开(公告)日：2024-01-11

申请号：US18473422

申请日：2023-09-25

Applicant: Cisco Technology, Inc.

Inventor： Srilatha Tangirala ,  Rahul Hardikar ,  Sheikh Qumruzzaman ,  Ravi Kiran Chintallapudi ,  Samir Thoria ,  Ajeet Pal Singh Gill ,  Vivek Agarwal

IPC: H04L67/141 ,  H04L12/46 ,  H04L9/40

CPC classification number: H04L67/141 ,  H04L12/4641 ,  H04L63/0428 ,  H04L63/166

Abstract: In one embodiment, a method includes onboarding, by an edge router, a first tenant from a network management system and determining, by the edge router, a mapping of a tenant identifier associated with the first tenant to a controller identifier associated with a controller. The method also includes reserving, by the edge router, a port number in a kernel for the first tenant and inserting, by the edge router, the tenant identifier into a first control packet. The method further includes communicating, by the edge router, the first control packet to the controller via an encrypted control connection during a first peering session. The first peering session shares the encrypted control connection with a second peering session.

公开(公告)号：US20230327994A1

公开(公告)日：2023-10-12

申请号：US17718775

申请日：2022-04-12

Applicant: Cisco Technology, Inc.

Inventor： Balaji Sundararajan ,  Srilatha Tangirala ,  Ajeet Pal Singh Gill ,  Vivek Agarwal ,  Nithin Bangalore Raju

IPC: H04L47/20 ,  H04L69/16

CPC classification number: H04L47/20 ,  H04L69/16

Abstract: According to certain embodiments, a method by a network device includes receiving a handshake message for a traffic flow from a Software-Defined Wide-Area Network (SDWAN) and determining, from a traffic policy, whether the traffic flow should be symmetrical. In response to determining from the traffic policy that the traffic flow should be symmetrical, the method further includes performing a flow lookup on the traffic flow to determine if the network device originated the traffic flow. In response to determining that the network device did not originate the traffic flow, the method further includes determining a second network device that originated the traffic flow and sending the handshake message for the traffic flow to the second network device in order to maintain symmetry for the traffic flow.

公开(公告)号：US20250030638A1

公开(公告)日：2025-01-23

申请号：US18908162

申请日：2024-10-07

Applicant: Cisco Technology, Inc.

Inventor： Balaji Sundararajan ,  Srilatha Tangirala ,  Ajeet Pal Singh Gill ,  Vivek Agarwal ,  Nithin Bangalore Raju

IPC: H04L47/20 ,  H04L69/16

Abstract: According to certain embodiments, a method by a network device includes receiving a handshake message for a traffic flow from a Software-Defined Wide-Area Network (SDWAN) and determining, from a traffic policy, whether the traffic flow should be symmetrical. In response to determining from the traffic policy that the traffic flow should be symmetrical, the method further includes performing a flow lookup on the traffic flow to determine if the network device originated the traffic flow. In response to determining that the network device did not originate the traffic flow, the method further includes determining a second network device that originated the traffic flow and sending the handshake message for the traffic flow to the second network device in order to maintain symmetry for the traffic flow.

公开(公告)号：US11962429B1

公开(公告)日：2024-04-16

申请号：US17979255

申请日：2022-11-02

Applicant: Cisco Technology, Inc.

Inventor： Balaji Sundararajan ,  Srilatha Tangirala ,  Ajeet Pal Singh Gill ,  Nithin Bangalore Raju ,  Ravi Kiran Chintallapudi ,  Pradeepan Kannawadi ,  Ganesh Devendrachar

IPC: H04L12/28 ,  H04L67/10

CPC classification number: H04L12/28 ,  H04L67/10

Abstract: Techniques for virtualizing tenant transport interfaces configured to implement per-tenant network routing attribute differentiation in each tenant overlay of a multisite wide area network (WAN) and share the virtual transport interfaces between multi-tenant edge (MTE) devices providing transport services to tenant devices based on a defined tenant tier model. A Software-Defined Networking (SDN) controller may receive a physical transport interface and/or a device type associated with a tenant device. The SDN controller may determine a virtual transport interface for the tenant device based on a tier associated with the tenant. MTE device(s) may utilize the physical transport interface to establish sessions with other MTE device(s) in the WAN. The virtual transport interface may be utilized by MTE devices to implement and/or enforce network routing attributes when forwarding network traffic associated with the tenant via the sessions established between the MTE devices through the WAN.

公开(公告)号：US11778038B2

公开(公告)日：2023-10-03

申请号：US17709877

申请日：2022-03-31

Applicant: Cisco Technology, Inc.

Inventor： Srilatha Tangirala ,  Rahul Hardikar ,  Sheikh Qumruzzaman ,  Ravi Kiran Chintallapudi ,  Samir Thoria ,  Ajeet Pal Singh Gill ,  Vivek Agarwal

IPC: H04L67/141 ,  H04L9/40 ,  H04L45/76 ,  H04L41/122

CPC classification number: H04L67/141 ,  H04L41/122 ,  H04L45/76 ,  H04L63/0428

Abstract: In one embodiment, a method includes onboarding, by an edge router, a first tenant from a network management system and determining, by the edge router, a mapping of a tenant identifier associated with the first tenant to a controller identifier associated with a controller. The method also includes reserving, by the edge router, a port number in a kernel for the first tenant and inserting, by the edge router, the tenant identifier into a first control packet. The method further includes communicating, by the edge router, the first control packet to the controller via an encrypted control connection during a first peering session. The first peering session shares the encrypted control connection with a second peering session.

公开(公告)号：US11588752B2

公开(公告)日：2023-02-21

申请号：US17389003

申请日：2021-07-29

Applicant: Cisco Technology, Inc.

Inventor： Srilatha Tangirala ,  Nithin Bangalore Raju ,  Ananya Raval ,  Prabahar Radhakrishnan ,  Vivek Agarwal ,  Balaji Sundararajan

IPC: H04L47/80 ,  H04L47/70 ,  H04L45/64 ,  H04L45/02 ,  H04L47/762 ,  H04L47/78

Abstract: Route exchange in a plurality of network controller appliances on a per-tenant basis is disclosed. In one aspect, a method includes receiving, from a network management system and at a first network controller appliance, a designation of at least two tenants to be hosted on the first network controller appliance, the first network controller appliance being one of a plurality of network controller appliances in a SD-WAN; sending, from the first network controller appliance to other network controller appliances of the plurality of network controller appliances, a tenant list query message to obtain a corresponding tenant list of each of the other network controller appliances; and receiving a corresponding response from each of the other network controller appliances indicating the corresponding tenant list of each of the other network controller appliances, the corresponding response being used to update the tenant list on the first network controller appliance.

公开(公告)号：US20250038957A1

公开(公告)日：2025-01-30

申请号：US18360338

申请日：2023-07-27

Applicant: Cisco Technology, Inc.

Inventor： Ajeet Pal Singh Gill ,  Srilatha Tangirala

IPC: H04L9/08 ,  H04L9/14 ,  H04L9/40

Abstract: Disclosed are systems, apparatuses, methods, computer readable medium, and circuits for managing encryption keys in a multi-tenant network edge device. According to at least one example, a method includes: receiving tenant resource information at the multi-tenant network edge device; generating at least one parent encryption key; generating a plurality of child encryption keys; creating a routing connection to a network controller for each tenant in the plurality of tenants; transmitting the at least one parent encryption key and the plurality of child encryption keys to the network controller for distribution to the plurality of tenants; receiving a plurality of advertisements of transport locators from the network controller, wherein each advertisement includes a parent encryption key or a child encryption key; selecting a set of encryption keys from the plurality of advertisements; and forming a secure tunnel.

公开(公告)号：US12068959B1

公开(公告)日：2024-08-20

申请号：US18225487

申请日：2023-07-24

Applicant: Cisco Technology, Inc.

Inventor： Ganesh Devendrachar ,  Ajeet Pal Singh Gill ,  Balaji Sundararajan ,  Srilatha Tangirala ,  Satish Varadarajula ,  Satyajit Das

IPC: H04L45/76 ,  H04L45/24 ,  H04L47/125

CPC classification number: H04L45/76 ,  H04L45/24 ,  H04L47/125

Abstract: Techniques for automatically providing per tenant weighted DCMP over shared transport interfaces and automated flow has load balancing are described. The techniques may include onboarding the tenant to the local multi-tenant edge device associated with a tenant, where the resource profile defines a traffic allowance per transport interface for the tenant. Local weight per transport interface is applied. Information including local weight per transport interface is transmitted to a remote device via an SD-WAN controller. Information including a remote weight per transport interface of the remote device is received via the SD-WAN controller. Traffic is routed from the tenant based on local weight per transport interface of the local device and remote weight per transport interface of the remote device.

公开(公告)号：US20240223397A1

公开(公告)日：2024-07-04

申请号：US18608677

申请日：2024-03-18

Applicant: Cisco Technology, Inc.

Inventor： Balaji Sundararajan ,  Ajeet Pal Singh Gill ,  Srilatha Tangirala ,  Nithin Bangalore Raju ,  Ravi Kiran Chintallapudi ,  Pradeepan Kannawadi ,  Ganesh Devendrachar

IPC: H04L12/28 ,  H04L67/10

CPC classification number: H04L12/28 ,  H04L67/10

Abstract: Techniques for virtualizing tenant transport interfaces configured to implement pertenant network routing attribute differentiation in each tenant overlay of a multisite wide area network (WAN) and share the virtual transport interfaces between multi-tenant edge (MTE) devices providing transport services to tenant devices based on a defined tenant tier model. A Software-Defined Networking (SDN) controller may receive a physical transport interface and/or a device type associated with a tenant device. The SDN controller may determine a virtual transport interface for the tenant device based on a tier associated with the tenant. MTE device(s) may utilize the physical transport interface to establish sessions with other MTE device(s) in the WAN. The virtual transport interface may be utilized by MTE devices to implement and/or enforce network routing attributes when forwarding network traffic associated with the tenant via the sessions established between the MTE devices through the WAN.

公开(公告)号：US20240073084A1

公开(公告)日：2024-02-29

申请号：US18122931

申请日：2023-03-17

Applicant: Cisco Technology, Inc.

Inventor： Bhairav Dutia ,  Manish Jiwansingh Mehra ,  Upendar Surabhi ,  Sharmishtha Upadhyay ,  Sanjeev Pandurang Tondale ,  Yanbo Zhang ,  Yogesh Mittal ,  Nithin Bangalore Raju ,  Srilatha Tangirala ,  Balaji Sundararajan

IPC: H04L41/0681 ,  H04L41/0686 ,  H04L41/0894

CPC classification number: H04L41/0681 ,  H04L41/0686 ,  H04L41/0894

Abstract: Techniques and architecture are described for a pull model for obtaining and implementing config changes on network devices are described herein. A user submits intent configuration to the network controller that needs to be delivered to several network sites. The network controller generates a config file. The network controller sends a pull notification message to all network devices that need to retrieve the config file. This pull notification message only contains a corresponding transaction ID for each network device and a location for the network device to use to pull the config file. The network devices may utilize a HTTP REST API exposed by the network controller to obtain the config file from the network controller. The network devices may utilize a REST API exposed by the network controller to reply with statuses of the configuration transaction. The techniques and architecture may be applied to multi-tenant network devices.