公开(公告)号：US20240348681A1

公开(公告)日：2024-10-17

申请号：US18754465

申请日：2024-06-26

Applicant: Cisco Technology, Inc.

Inventor： Prakash C. Jain ,  Sanjay Kumar Hooda ,  Marc Portoles Comeras ,  Vinay Saini ,  Victor Manuel Moreno

IPC: H04L67/1001 ,  H04L41/0893 ,  H04L41/122 ,  H04L45/76 ,  H04L67/51

CPC classification number: H04L67/10015 ,  H04L41/0893 ,  H04L41/122 ,  H04L45/76 ,  H04L67/51

Abstract: This disclosure describes techniques and mechanisms for providing hybrid cloud services for enterprise fabric. The techniques include enhancing an on-demand protocol (e.g., such as LISP) and allowing simplified security and/or firewall service insertion for datacenter servers providing those services. Accordingly, the techniques described herein provide hybrid cloud services that work in disaggregated, distributed, and consistent way, while avoiding complex datacenter network devices (e.g., such running overlay on TOR), replacing and moving the functionality to on demand protocol enabled servers, which intelligently receive the required mappings as well as registers and publishes the service information to intelligently interact with the network.

公开(公告)号：US11108690B2

公开(公告)日：2021-08-31

申请号：US16118709

申请日：2018-08-31

Applicant: Cisco Technology, Inc.

Inventor： Marc Portoles Comeras ,  Alberto Rodriguez Natal ,  Vina Ermagan ,  Reshad Rahman ,  Johnson Leong

IPC: H04L12/715 ,  H04L12/46 ,  H04L12/707 ,  H04L12/743 ,  H04L12/747

Abstract: A method and a router device for managing memory for network overlay routes with fallback route support prioritization may be provided. A network overlay route as a candidate network overlay route may be obtained at a router for storage in a memory. The memory may store a plurality of network overlay routes for forwarding user plane traffic in a network. An assessment for storage of the candidate network overlay route based on a priority level indicator of the candidate network overlay route may be performed. The priority level indicator may be indicative of a fallback route support level of the candidate network overlay route in the router. Based on the assessment, at least one of the following may be performed: adding the candidate network overlay route to the memory and refraining from adding the candidate network overlay route to the memory.

公开(公告)号：US20240406183A1

公开(公告)日：2024-12-05

申请号：US18223344

申请日：2023-07-18

Applicant: Cisco Technology, Inc.

Inventor： Marc Portoles Comeras ,  Sanjay Kumar Hooda ,  Balaji Pitta Venkatachalapathy ,  Kedar Sudhir Karmarkar ,  Prakash C. Jain

IPC: H04L9/40 ,  H04L45/02 ,  H04L45/745

Abstract: Techniques for propagating security group tag mapping between external interconnected sites that are not capable of carrying the SGT mappings. A system is disclosed that includes operations of subscribing at a first border of a first site, by a control plane, a first SGT mapping associated with a first data packet at the first site for storing the SGT mapping of the first data packet at the control plane. Then transmitting, the first data packet from the first border of the first site to a second border of the second site without attaching the first SGT mapping with the first data packet. Further, in response to a determination by the control plane that the first data packet has lost the associated first SGT mapping at the second border, identifying the SGT mapping with the first data packet at the second border to be re-associated with the first data packet.

公开(公告)号：US11652791B2

公开(公告)日：2023-05-16

申请号：US16534783

申请日：2019-08-07

Applicant: Cisco Technology, Inc.

Inventor： Victor Moreno ,  Sanjay Kumar Hooda ,  Marc Portoles Comeras

IPC: H04L9/40 ,  H04L45/586 ,  H04L45/745

CPC classification number: H04L63/0236 ,  H04L45/586 ,  H04L45/745 ,  H04L63/029 ,  H04L63/0263 ,  H04L63/0272

Abstract: Systems, methods, and computer-readable media for implementing an extranet policy include receiving a request from a source to perform a lookup for a destination address. A lookup for the destination address is performed in a consolidated routing table, the consolidated routing table including a consolidated mapping of address prefixes associated with two or more virtual networks. If the lookup results in a match for the destination address with a matching address prefix, a matching virtual network associated with the matching address prefix is determined. An access policy for the request corresponding to the matching virtual network is obtained, and based on the access policy the request is allowed to access the destination address in the matching virtual network or disallowed. The consolidated routing table can be implemented in a mapping server using a Locator/ID Separation Protocol (LISP).

公开(公告)号：US10284438B2

公开(公告)日：2019-05-07

申请号：US14612691

申请日：2015-02-03

Applicant: Cisco Technology, Inc.

Inventor： Marc Portoles Comeras ,  Preethi Natarajan ,  Alberto Rodriguez Natal ,  Fabio Rodolfo Maino ,  Alberto Cabellos Aparicio ,  Vasileios Lakafosis ,  Lorand Jakab

IPC: H04L12/24 ,  H04L29/06 ,  H04L12/707 ,  H04L12/801 ,  H04L12/803

Abstract: Techniques are provided for a network mapping server device in a network to receive a connection upgrade message comprising information to establish a first data flow from a first endpoint that does not support multiple subflows for the first data flow according to a multipath protocol, where multiple subflows subdivide the first data flow across two or more network paths. The information in the connection upgrade message is analyzed in order to resolve network connectivity to determine potential network connections for at least two subflows of the first data flow to a second endpoint. A response message is sent comprising information configured to establish at least two subflows for the first data flow between the first endpoint and the second endpoint.

公开(公告)号：US12137093B2

公开(公告)日：2024-11-05

申请号：US17814410

申请日：2022-07-22

Applicant: Cisco Technology, Inc.

Inventor： Clarence Filsfils ,  Marc Portoles Comeras ,  David Delano Ward ,  Alberto Rodriguez Natal

IPC: H04L9/40

Abstract: In one embodiment, an apparatus of a LISP environment includes one or more processors and computer-readable non-transitory storage media coupled to the one or more processors. The computer-readable non-transitory storage media include instructions that, when executed by the one or more processors, cause the one or more processors to perform operations including receiving an attestation token from a first component of the LISP environment. The operations also include encoding the attestation token using a LISP message format. The operations further include distributing the encoded attestation token with a LISP signaling message to a third component of the LISP environment.

公开(公告)号：US11601496B1

公开(公告)日：2023-03-07

申请号：US17728657

申请日：2022-04-25

Applicant: Cisco Technology, Inc.

Inventor： Prakash C. Jain ,  Sanjay Kumar Hooda ,  Marc Portoles Comeras ,  Vinay Saini ,  Victor Manuel Moreno

IPC: G06F15/16 ,  H04L67/1001 ,  H04L41/122 ,  H04L67/51 ,  H04L45/76 ,  H04L41/0893

Abstract: This disclosure describes techniques and mechanisms for providing hybrid cloud services for enterprise fabric. The techniques include enhancing an on-demand protocol (e.g., such as LISP) and allowing simplified security and/or firewall service insertion for datacenter servers providing those services. Accordingly, the techniques described herein provide hybrid cloud services that work in disaggregated, distributed, and consistent way, while avoiding complex datacenter network devices (e.g., such running overlay on TOR), replacing and moving the functionality to on demand protocol enabled servers, which intelligently receive the required mappings as well as registers and publishes the service information to intelligently interact with the network.

公开(公告)号：US11533669B2

公开(公告)日：2022-12-20

申请号：US16395817

申请日：2019-04-26

Applicant: Cisco Technology, Inc.

Inventor： Fabio R. Maino ,  Vina Ermagan ,  Marc Portoles Comeras ,  John Martin Graybeal ,  Alberto Rodriguez Natal

IPC: H04W76/12 ,  H04W28/02 ,  H04W40/02 ,  H04L43/028

Abstract: In one illustrative example, network fabric policy data associated with an application, subscriber, and/or device may be received. Mobile network policy data that corresponds to the received network fabric policy data may be selected, based on stored policy mappings between a set of network fabric policy profiles of a fabric network and a set of mobile network policy profiles of a mobile network. A bearer or Quality of Service (QoS) flow of the mobile network may be established in satisfaction of the selected mobile network policy data. In addition, a packet filter of a traffic flow template (TFT) or a packet detection rule (PDR) may be generated and applied in order to direct IP traffic flows associated with the application to the established bearer or QoS flow for communication in the mobile network.

公开(公告)号：US11411948B2

公开(公告)日：2022-08-09

申请号：US16574771

申请日：2019-09-18

Applicant: Cisco Technology Inc.

Inventor： Clarence Filsfils ,  Marc Portoles Comeras ,  David Delano Ward ,  Alberto Rodriguez Natal

IPC: H04L9/40

Abstract: In one embodiment, an apparatus of a LISP environment includes one or more processors and computer-readable non-transitory storage media coupled to the one or more processors. The computer-readable non-transitory storage media include instructions that, when executed by the one or more processors, cause the one or more processors to perform operations including receiving an attestation token from a first component of the LISP environment. The operations also include encoding the attestation token using a LISP message format. The operations further include distributing the encoded attestation token with a LISP signaling message to a third component of the LISP environment.

公开(公告)号：US20210044565A1

公开(公告)日：2021-02-11

申请号：US16534783

申请日：2019-08-07

Applicant: Cisco Technology, Inc.

Inventor： Victor Moreno ,  Sanjay Kumar Hooda ,  Marc Portoles Comeras

IPC: H04L29/06 ,  H04L12/713 ,  H04L12/741

Abstract: Systems, methods, and computer-readable media for implementing an extranet policy include receiving a request from a source to perform a lookup for a destination address. A lookup for the destination address is performed in a consolidated routing table, the consolidated routing table including a consolidated mapping of address prefixes associated with two or more virtual networks. If the lookup results in a match for the destination address with a matching address prefix, a matching virtual network associated with the matching address prefix is determined. An access policy for the request corresponding to the matching virtual network is obtained, and based on the access policy the request is allowed to access the destination address in the matching virtual network or disallowed. The consolidated routing table can be implemented in a mapping server using a Locator/ID Separation Protocol (LISP).