公开(公告)号：WO2021040905A1

公开(公告)日：2021-03-04

申请号：PCT/US2020/042593

申请日：2020-07-17

Applicant: CISCO TECHNOLOGY, INC.

Inventor： ESMAILY, Kamran ,  LAM, Mandy, Hin ,  EDA, Ravi ,  TWISS, Robert, Gregory ,  GOERGEN, Joel, Richard

IPC: G06F1/18 ,  H05K1/14 ,  H01R12/73 ,  H01R13/52

Abstract: In one embodiment, an apparatus includes a frame for attaching to a module with contacts of the module exposed for mating with a connector operable to couple the module to a printed circuit board, the frame comprising a seal for positioning on opposing faces of the module adjacent to the contacts to protect a module to connector interface from contaminants passing through a network device with the module installed in the network device.

公开(公告)号：WO2021034668A1

公开(公告)日：2021-02-25

申请号：PCT/US2020/046376

申请日：2020-08-14

Applicant: CISCO TECHNOLOGY, INC.

Inventor： KUIK, Timothy J. ,  KALA, Sumit ,  YANG, Yibin ,  BASAPPA MAILLIKARJUNASWAMY, Hemanth

IPC: G06F9/50

Abstract: This disclosure describes techniques for providing virtual resources (e.g., containers, virtual machines, etc.) of a clustered application with information regarding a cluster of physical servers on which the distributed clustered application is running. A virtual resource that supports the clustered application is executed on a physical server of the cluster of physical servers. The virtual resource may receive an indication of a database instance (or other application) running on a particular physical server of the cluster of physical servers that is nearest the physical server. The database instance may be included in a group of database instances that are maintaining a common data set on respective physical servers of the group of physical servers. The virtual resource may then access the database instance on the particular physical server based at least in part on the database instance running on the particular server that is nearest the physical server.

公开(公告)号：WO2021021395A1

公开(公告)日：2021-02-04

申请号：PCT/US2020/041034

申请日：2020-07-07

Applicant: CISCO TECHNOLOGY, INC.

Inventor： PRABHU, Vinay ,  EVANS, Sarah, Adelaide ,  PAREKH, Jigar, Dinesh ,  RANGASWAMY, Suraj

IPC: H04L29/08 ,  G06F11/07 ,  H04L12/24 ,  H04L12/26

Abstract: The present disclosure is directed to a peer node discovery process whereby a network management node can discover peers of inaccessible nodes that have lost connectivity to the network management node over the control plane and receive health report of the inaccessible nodes via the discovered peers. In one example, a method includes detecting a loss of connectivity to a network node; based on a type of the network node, performing one of a first process or a second process to obtain a health report of the network node, the first process and the second process including identification of at least one corresponding peer node from which the health report of the network node is to be received; and analyzing the health report to determine root cause of the loss of connectivity.

公开(公告)号：WO2020252096A1

公开(公告)日：2020-12-17

申请号：PCT/US2020/037124

申请日：2020-06-11

Applicant: CISCO TECHNOLOGY, INC.

Inventor： SUNDARARAJAN, Balaji ,  VALLURI, Vamsidhar ,  BALASUBRAMANIAN, Chandramouli ,  OSWAL, Anand ,  SINGH, Ram, Dular

IPC: H04L12/725 ,  H04L12/717 ,  H04L12/715 ,  H04L12/721 ,  H04L29/08

Abstract: In one embodiment, a method includes providing a first profile to a plurality of edge routers of the SD-WAN, the plurality of edge routers operable to interface a plurality of devices to the SD-WAN. The first profile enables the plurality of edge routers to discover which devices of the plurality of devices support a first application. The method includes receiving, from one or more of the edge routers, information indicating which devices of the plurality of devices support the first application and building a first application fabric based on the information indicating which devices of the plurality of devices support the first application.

公开(公告)号：WO2020251828A1

公开(公告)日：2020-12-17

申请号：PCT/US2020/036072

申请日：2020-06-04

Applicant: CISCO TECHNOLOGY, INC.

Inventor： MESTERY, Kyle Andrew Donald ,  TOLLET, Jerome ,  WELLS, Ian ,  AUGUSTIN, Aloÿs Christophe

IPC: H04L29/12 ,  H04L12/24 ,  H04L29/06 ,  H04L29/08 ,  G06F9/445 ,  H04L12/46 ,  G06F9/455

Abstract: A method includes, in a constellation of clients including a first client and a second client, receiving, at the first client, a connection request from the second client, retrieving endpoint reachability data associated with the second client and transmitting, to a server, a connection request based on the endpoint reachability data. The first client receives, from the server and based on the connection request, endpoint reachability information associated with the second client and starts a bidirectional connection with the second client. A direct or indirect tunnel is established between the first client and the second client. The tunnel is set up based on a table which maps a first connectivity option associated with the first client to a second connectivity option associated with the second client to determine whether to establish the direct tunnel or the indirect tunnel between the first client and the second client.

公开(公告)号：WO2020247331A1

公开(公告)日：2020-12-10

申请号：PCT/US2020/035638

申请日：2020-06-02

Applicant: CISCO TECHNOLOGY, INC.

Inventor： PANCHALINGAM, Murukanandam K. ,  KARYAMPUDI, Umamaheswararao ,  ANNABATULA, Muralidhar ,  KATHOKE, Darpan R. ,  LI, Junyun

IPC: H04L12/46 ,  H04L29/06

Abstract: The present disclosure provides for application-centric enforcement for multi- tenant workloads with multi-site data center fabrics by: receiving, at a local switch at a first site, a packet from a first host at the first site intended for a second host located at a second site; identifying class identifiers (ID) for the hosts; determining, based on the class IDs, a security policy for transmitting data between the hosts; in response to determining that the security policy indicates that the second site exclusively manages security policies for the hosts' network: setting a policy applied indicator on the packet indicating that enforcement of the security policy is delegated from the first switch to a second switch connected to the second host; including the class IDs in the packet; and transmitting the packet to the second site.

公开(公告)号：WO2020247252A1

公开(公告)日：2020-12-10

申请号：PCT/US2020/035064

申请日：2020-05-29

Applicant: CISCO TECHNOLOGY, INC.

Inventor： CAM-WINGET, Nancy ,  WANG, Jianxin ,  WEBER, Dieter, Derek ,  ZARGAR, Saman Taghavi ,  ALBACH, Robert Frederick

IPC: H04L12/24

Abstract: Presented herein is a system, device and method that involve creating a policy model and policy rule structure for a policy enforcement point to support policies adapt to rapid changing external conditions in addition to traditional policies that are static. The system facilitates the use of attributes that are either or both dynamically (at run-time) created and/or defined as ephemeral. A new policy attribute may be created dynamically (at run-time). The policy attribute may be mapped as being static or ephemeral. The methodology further involves facilitating evaluation of an attribute as an atomic or programmed set of functions.

公开(公告)号：WO2020247201A1

公开(公告)日：2020-12-10

申请号：PCT/US2020/034496

申请日：2020-05-26

Applicant: CISCO TECHNOLOGY, INC.

Inventor： NAINAR, Nagendra Kumar ,  PIGNATARO, Carlos M. ,  WIJNANDS, IJsbrand

IPC: H04L12/761 ,  H04L12/703 ,  H04L12/707

Abstract: In one embodiment, a method includes identifying a number of target network apparatuses within a network to which a first network apparatus belongs, generating a first message including a reply-required indication and encoded identities for the plurality of target network apparatuses, sending the first message through the network, where the network is configured to deliver a copy of the first message to each of the target network apparatuses using a point-to-multipoint packet-forwarding architecture, receiving one or more second messages from one or more of the target network apparatuses, respectively, where each of the one or more second messages is generated as a reply to the first message by one of the one or more target network apparatuses, and identifying which of the plurality of target network apparatuses failed to respond to the first message based on the received one or more second messages.

公开(公告)号：WO2020206376A1

公开(公告)日：2020-10-08

申请号：PCT/US2020/026748

申请日：2020-04-03

Applicant: CISCO TECHNOLOGY, INC.

Inventor： NATAL, Alberto Rodriguez ,  MAINO, Fabio ,  PIELECH, Bradford ,  SMITH, Richard James ,  DAVIDOV, Mikhail ,  JAKAB, Lorand

IPC: H04L12/24

Abstract: The present technology pertains to a system and method for extending enterprise networks' trusted policy frameworks to cloud-native applications. The present technology comprises sending, by an enterprise network controller, a first communication to a service mesh orchestrator for a service mesh, wherein the first communication informs the service mesh orchestrator of traffic segmentation policies to be applied to traffic originating at an enterprise network and of layer 7 extension headers which correspond to the enterprise network traffic segmentation policies.

公开(公告)号：WO2020206106A1

公开(公告)日：2020-10-08

申请号：PCT/US2020/026367

申请日：2020-04-02

Applicant: CISCO TECHNOLOGY, INC.

Inventor： KATHAIL, Pradeep Kumar ,  VOIT, Eric

IPC: H04L29/06

Abstract: Systems, methods, and computer-readable media for evaluation of trustworthiness of network devices are proposed. In one aspect, a first network device can determine a first determine a first probability of a security compromise of a second network device based on visible indicators. The first network device can also determine a second probability of the security compromise of the second device based on invisible indicators. The first network device also determines a trust degradation score for the second network device and establishes, based on the trust degradation score, a specified type of communication session with the second network device.