公开(公告)号：US20240106855A1

公开(公告)日：2024-03-28

申请号：US18106891

申请日：2023-02-07

Applicant: Cisco Technology, Inc.

Inventor： Balaji Sundararajan ,  Vivek Agarwal ,  Vishnuprasad Raghavan ,  Kannan Kumar ,  Chandra Balaji Rajaram

IPC: H04L9/40

CPC classification number: H04L63/1466 ,  H04L63/0227

Abstract: This disclosure describes techniques and mechanisms for improving security within SDWAN fabric and utilizing telemetry data from non-enterprise providers to remediate compromised SDWAN site(s) and/or user(s). The techniques may implement an integration of non-enterprise application(s) and API(s) with an enterprise network, thereby enabling the enterprise network to identify compromised endpoint(s), identify user(s), group(s), site(s) that are impacted, and take a corrective action (by the enterprise network and/or the non-enterprise application(s) or API(s)) on the enterprise fabric.

公开(公告)号：US20230362210A1

公开(公告)日：2023-11-09

申请号：US18353281

申请日：2023-07-17

Applicant: Cisco Technology, Inc.

Inventor： Vivek Agarwal ,  Rajaneesh Sudhakar Shetty ,  Raghavendra Suryanarayanarao Vidyashankar ,  Arun Gunasekaran ,  Filipe Alexandre Da Silva Rodrigues

IPC: H04L65/1016 ,  H04L65/1069 ,  H04L65/1073 ,  H04L65/1104

CPC classification number: H04L65/1016 ,  H04L65/1069 ,  H04L65/1073 ,  H04L65/1104

Abstract: Techniques and mechanisms for Fifth Generation (5G) system (5GS) failure detection monitoring of an application or control function in a network for efficient restoration of service are described. The network may be an Internet Protocol (IP) Multimedia Subsystem (IMS) network, and the voice or data service may be an IMS service that utilizes Session Initiation Protocol (SIP) signaling. The application or control function may be a Proxy-Call Session Control Function (P-CSCF) of the IMS network. In some implementations, the procedure may involve a session management function (SMF) programming of a user plane function (UPF) for UPF monitoring of the P-CSCF, using a ping procedure or health check procedure (e.g. for 3GPP Pre-Release 16). In other implementations, the procedure may involve the SMF monitoring of a P-CSCF via a Network Function (NF) Repository Function (NRF) (e.g. for 3GPP Release 16).

公开(公告)号：US20230188476A1

公开(公告)日：2023-06-15

申请号：US18166786

申请日：2023-02-09

Applicant: Cisco Technology, Inc.

Inventor： Srilatha Tangirala ,  Nithin Bangalore Raju ,  Ananya Raval ,  Prabahar Radhakrishnan ,  Vivek Agarwal ,  Balaji Sundararajan

IPC: H04L47/80 ,  H04L47/70 ,  H04L45/64 ,  H04L47/762 ,  H04L45/02 ,  H04L47/78

CPC classification number: H04L47/805 ,  H04L47/825 ,  H04L45/64 ,  H04L47/762 ,  H04L45/02 ,  H04L47/781

Abstract: Route exchange in a plurality of network controller appliances on a per-tenant basis is disclosed. In one aspect, a method includes receiving, from a network management system and at a first network controller appliance, a designation of at least two tenants to be hosted on the first network controller appliance, the first network controller appliance being one of a plurality of network controller appliances in a SD-WAN; sending, from the first network controller appliance to other network controller appliances of the plurality of network controller appliances, a tenant list query message to obtain a corresponding tenant list of each of the other network controller appliances; and receiving a corresponding response from each of the other network controller appliances indicating the corresponding tenant list of each of the other network controller appliances, the corresponding response being used to update the tenant list on the first network controller appliance.

公开(公告)号：US20220329540A1

公开(公告)日：2022-10-13

申请号：US17389003

申请日：2021-07-29

Applicant: Cisco Technology, Inc.

Inventor： Srilatha Tangirala ,  Nithin Bangalore Raju ,  Ananya Raval ,  Prabahar Radhakrishnan ,  Vivek Agarwal ,  Balaji Sundararajan

IPC: H04L12/927 ,  H04L12/911 ,  H04L12/923 ,  H04L12/751 ,  H04L12/715

Abstract: Route exchange in a plurality of network controller appliances on a per-tenant basis is disclosed. In one aspect, a method includes receiving, from a network management system and at a first network controller appliance, a designation of at least two tenants to be hosted on the first network controller appliance, the first network controller appliance being one of a plurality of network controller appliances in a SD-WAN; sending, from the first network controller appliance to other network controller appliances of the plurality of network controller appliances, a tenant list query message to obtain a corresponding tenant list of each of the other network controller appliances; and receiving a corresponding response from each of the other network controller appliances indicating the corresponding tenant list of each of the other network controller appliances, the corresponding response being used to update the tenant list on the first network controller appliance.

公开(公告)号：US11411765B2

公开(公告)日：2022-08-09

申请号：US16739442

申请日：2020-01-10

Applicant: Cisco Technology, Inc.

Inventor： Balaji Sundararajan ,  Vivek Agarwal ,  Anand Oswal ,  Chethan Channappa ,  Subhash Kodnad ,  Jeevan Sharma

IPC: H04L12/28 ,  G16Y30/10 ,  G06F9/455 ,  H04L12/66 ,  H04L41/14 ,  H04L41/50 ,  H04L49/00 ,  H04L9/40 ,  H04W92/02

Abstract: The present disclosure is directed to managing industrial internet of things end points and includes one or more processors and one or more computer-readable non-transitory storage media coupled to the one or more processors and comprising instructions that, when executed by the one or more processors, cause one or more switches to perform operations comprising: identifying a first end point using a protocol associated with the first end point, determining a classification for the identified first end point based on one or more attributes of the first end point, identifying one or more related end points having the classification in common with the first end point, segmenting the first end point with the identified one or more related end points, and applying one or more policies to the segmented first end point and the one or more related end points.

公开(公告)号：US11258656B2

公开(公告)日：2022-02-22

申请号：US16278787

申请日：2019-02-19

Applicant: Cisco Technology, Inc.

Inventor： Raghavendra Suryanarayanarao ,  Om Prakash Suthar ,  Aeneas Sean Dodd-Noble ,  Vivek Agarwal ,  Rajiv Asati ,  Carlos M. Pignataro

IPC: H04L12/24 ,  H04W76/10 ,  H04L12/803 ,  H04W72/10 ,  H04W88/08 ,  H04W88/16 ,  H04L41/0668 ,  H04L47/125 ,  H04L41/0893

Abstract: Techniques are presented in which a new information element signaling priority of a management entity is included in a setup (e.g., S1-Setup) response or configuration update message sent by a management entity to a base station entity. The base station entity interprets this priority information along with the relative capacity information in an appropriate way to load-distribute the traffic/calls to highly preferable management entity instances (at a local site) when they are available, and switchover/failover to lower preference management entity instances (at a remote site) when there is a local site outage/failure or insufficient capacity in a geo-resilient pooled network.

公开(公告)号：US11153119B2

公开(公告)日：2021-10-19

申请号：US16653735

申请日：2019-10-15

Applicant: Cisco Technology, Inc.

Inventor： Balaji Sundararajan ,  Vivek Agarwal ,  Harish A. Kapadia

IPC: H04L12/46 ,  H04L12/24 ,  H04L29/06 ,  H04L12/947 ,  H04L12/707 ,  H04L12/813

Abstract: A network controller can register WAN edge routers and WAN optimizers distributed across a WAN. The controller can receive a request to establish a WAN optimized connection between first and second hosts. The controller can identify a first WAN optimizer to perform first services (e.g., de-duplication, compression, application acceleration, caching, etc.) for first traffic from the first host to the second host and first complementary services for second traffic from the second host to the first host, and a second WAN optimizer for the second traffic and second complementary services for the first traffic. The controller can establish the optimized connection comprising a first path including the first host, WAN optimizer, and router; a second path including the first router and a second router, and a third path including the second router, WAN optimizer, and host. The controller can route the first and second traffic through the optimized connection.

公开(公告)号：US20210297429A1

公开(公告)日：2021-09-23

申请号：US16826082

申请日：2020-03-20

Applicant: Cisco Technology, Inc.

Inventor： Balaji Sundararajan ,  Gaurang Rajeev Mokashi ,  Preety Mordani ,  Vivek Agarwal

IPC: H04L29/06 ,  H04L12/26 ,  H04L12/947 ,  H04L12/813 ,  G06F9/455

Abstract: Systems, methods, and computer-readable media for performing threat remediation through a switch fabric of a virtualized network environment. Data traffic passing into a virtualized network environment including a plurality of virtual machines running on a switch fabric is monitored. A network threat introduced through at a least a portion of the data traffic is identified at the switch fabric. One or more remedial measures are performed in the network environment based on the identification of the network threat in the virtualized network environment.

公开(公告)号：US11108763B2

公开(公告)日：2021-08-31

申请号：US16738954

申请日：2020-01-09

Applicant: Cisco Technology, Inc.

Inventor： Balaji Sundararajan ,  Vivek Agarwal ,  Darrin Joseph Miller ,  Anand Oswal ,  Chandramouli Balasubramanian

IPC: H04L29/06 ,  H04L29/08

Abstract: In one embodiment, a method by a first network apparatus includes receiving a request to access a resource from a client device associated with a user, determining that the request does not comprise a session cookie, sending an authorization request to a second network apparatus, receiving an authorization response including a resource authorization token from the second network apparatus, determining that the user is authorized to access the resource using the client device based on the received resource authorization token, establishing a first communication session with the client device by sending a message to the client device, and establishing a second communication session with a resource server that provides the resource, where the first network apparatus relays traffic between the client device and the resource server.

公开(公告)号：US12231444B2

公开(公告)日：2025-02-18

申请号：US18415423

申请日：2024-01-17

Applicant: Cisco Technology, Inc.

Inventor： Balaji Sundararajan ,  Gaurang Rajeev Mokashi ,  Preety Mordani ,  Vivek Agarwal

IPC: H04L9/40 ,  G06F9/455 ,  H04L43/08 ,  H04L47/20 ,  H04L49/25

Abstract: Systems, methods, and computer-readable media for performing threat remediation through a switch fabric of a virtualized network environment. Data traffic passing into a virtualized network environment including a plurality of virtual machines running on a switch fabric is monitored. A network threat introduced through at a least a portion of the data traffic is identified at the switch fabric. One or more remedial measures are performed in the network environment based on the identification of the network threat in the virtualized network environment.