公开(公告)号：US20230069689A1

公开(公告)日：2023-03-02

申请号：US17465699

申请日：2021-09-02

Applicant: Cisco Technology, Inc.

Inventor： Loránd Jakab ,  Alberto Rodriguez-Natal ,  Fabio R. Maino ,  Timothy James Swanson ,  John Joyce

IPC: H04L12/859 ,  H04L12/24 ,  H04L12/725

Abstract: Techniques for using application network requirements and/or telemetry information from a first networking technology to enhance operation of a second networking technology and optimize wide area network traffic are described herein. The techniques may include establishing a communication network for use by applications of a scalable application service platform, the communication network including a first networking technology and a second networking technology. In this way, a request to establish a connection for use by an application may be received by the first networking technology. The request may include an indication of a threshold service level of the connection. In response to the request, the first networking technology may determine whether the second networking technology is capable of hosting the connection. If the second networking technology is capable of hosting the connection, the connection may be established such that application traffic is sent or received using the second networking technology.

公开(公告)号：US11558402B2

公开(公告)日：2023-01-17

申请号：US16666143

申请日：2019-10-28

Applicant: Cisco Technology, Inc.

Inventor： Balaji Sundararajan ,  Alberto Rodriguez Natal ,  Yegappan Lakshmanan ,  Fabio R. Maino ,  Anand Oswal

IPC: H04L9/40 ,  G06F21/56 ,  G06F21/53 ,  G06F21/55

Abstract: Techniques for providing network traffic security in a virtualized environment are described. A threat aware controller uses a threat feed provided by a threat intelligence service to establish a threat detection engine on virtual switches. The threat aware controller and threat detection engine work together to detect any anomalous or malicious behavior of network traffic on the virtual switch and established virtual network functions to quickly detect, verify, and isolate network threats.

公开(公告)号：US20220303285A1

公开(公告)日：2022-09-22

申请号：US17208366

申请日：2021-03-22

Applicant: Cisco Technology, Inc.

Inventor： Nikolaos Sapountzis ,  Fabio R. Maino ,  Madhuri Kolli ,  Daniela Alvim Seabra de Oliveira

IPC: H04L29/06 ,  H04L29/08 ,  G06F40/30

Abstract: In one embodiment, a method comprises training at least one model based at least in part on interactions between one or more users and electronic messages sent to addresses associated with the one or more users, receiving a first electronic message sent to a first address associated with a first user, analyzing the first electronic message to generate first feature data, determining one or more characteristics of the first user to generate second feature data, inputting, to the at least one model, the first feature data and the second feature data, and receiving, as output of the at least one model, data indicating whether to output, to the first user, a warning regarding the first electronic message.

公开(公告)号：US10979875B2

公开(公告)日：2021-04-13

申请号：US16128027

申请日：2018-09-11

Applicant: Cisco Technology, Inc.

Inventor： Lillian Lei Dai ,  Sateesh K. Addepalli ,  Xiaoqing Zhu ,  Preethi Natarajan ,  Rong Pan ,  Fabio R. Maino ,  Flavio Bonomi ,  Alexander Loukissas ,  Vina Ermagan ,  Pere Monclus

IPC: H04W4/40 ,  H04W76/45 ,  H04W52/12 ,  H04W28/06 ,  H04L12/26 ,  H04W12/00 ,  H04W72/04 ,  G06F9/54 ,  H04W48/06 ,  H04W48/18 ,  B60W50/10 ,  G06F3/01 ,  G06F3/16 ,  G06F21/45 ,  H04W28/02 ,  H04W40/20 ,  H04W48/02 ,  H04L29/06 ,  H04L29/08 ,  B60R16/023 ,  H04L12/721 ,  H04L29/12 ,  H04W8/06 ,  H04W8/08 ,  H04W8/26 ,  H04W40/02 ,  H04L1/00 ,  H04W4/00 ,  H04W4/10 ,  H04W80/02 ,  H04Q9/00 ,  H04L12/58 ,  H04W48/16 ,  H04W36/08 ,  H04W52/14 ,  H04W52/22 ,  H04W52/24 ,  H04W52/34 ,  H04W84/00 ,  H04W36/00 ,  H04W84/12 ,  H04W92/18

Abstract: A method in one embodiment includes intercepting a message in an on-board unit (OBU) of a vehicular network environment between a source and a receiver in the vehicular network environment, verifying the message is sent from the source, verifying the message is not altered, evaluating a set of source flow control policies associated with the source, and blocking the message if the set of source flow control policies indicate the message is not permitted. In specific embodiments, the message is not permitted if a level of access assigned to the source in the set of source flow control policies does not match a level of access tagged on the message. In further embodiments, the method includes evaluating a set of receiver flow control policies associated with the receiver, and blocking the message if the set of receiver flow control policies indicates the message is not permitted.

公开(公告)号：US20190268383A1

公开(公告)日：2019-08-29

申请号：US15903820

申请日：2018-02-23

Applicant: Cisco Technology, Inc.

Inventor： Fabio R. Maino ,  Vina Ermagan ,  Alberto Rodriguez Natal

IPC: H04L29/06 ,  H04L12/46

Abstract: A mapping server provisions network elements to optimize the cryptographic resources of a computer network. The mapping server obtains from a source network element, a request for a source endpoint to communicate with a destination endpoint across the computer network. The mapping server determines a cryptographic policy based on the source endpoint, the destination endpoint, and an availability of cryptographic resources on the network elements. The mapping server identifies a destination network element based on the cryptographic policy. The destination network element is associated with the destination endpoint. The mapping server selects a security association based on the cryptographic policy to secure a communication from the source endpoint to the destination endpoint. The security association secures the communication between the source network element and the destination network element. The mapping server provides the security association to the source network element along with a network address of the destination network element.

公开(公告)号：US10298595B2

公开(公告)日：2019-05-21

申请号：US14570902

申请日：2014-12-15

Applicant: Cisco Technology, Inc.

Inventor： Fabio R. Maino ,  Marco Di Benedetto ,  Claudio Desanti

IPC: H04L29/06 ,  H04L9/08 ,  H04L9/32

Abstract: Methods and apparatus are provided for improving both node-based and message-based security in a fiber channel network. Entity to entity authentication and key exchange services can be included in existing initialization messages used for introducing fiber channel network entities into a fiber channel fabric, or with specific messages exchanged over an already initialized communication channel. Both per-message authentication and encryption mechanisms can be activated using the authentication and key exchange services. Messages passed between fiber channel network entities can be encrypted and authenticated using information provided during the authentication sequence. Security services such as per-message authentication, confidentiality, integrity protection, and anti-replay protection can be implemented.

公开(公告)号：US10187321B2

公开(公告)日：2019-01-22

申请号：US15058447

申请日：2016-03-02

Applicant: Cisco Technology, Inc.

Inventor： Fabio R. Maino ,  Horia Miclea ,  John Evans ,  Brian Eliot Weis ,  Vina Ermagan

IPC: H04L29/06 ,  H04L12/911 ,  H04L12/24 ,  H04L12/715 ,  H04L12/26

Abstract: High-level network policies that represent a virtual private network (VPN) as a high-level policy model are received. The VPN is to provide secure connectivity between connection sites of the VPN based on the high-level network policies. The high-level network policies are translated into low-level device configuration information represented in a network overlay and used for configuring a network underlay that provides the connections sites to the VPN. The network underlay is configured with the device configuration information so that the network underlay implements the VPN in accordance with the high-level policies. It is determined whether the network underlay is operating to direct traffic flows between the connection sites in compliance with the high-level network policies. If it is determined that the network underlay is not operating in compliance, the network underlay is reconfigured with new low-level device configuration information so that the network underlay operates in compliance.

公开(公告)号：US12301418B2

公开(公告)日：2025-05-13

申请号：US18422708

申请日：2024-01-25

Applicant: Cisco Technology, Inc.

Inventor： Darren Russell Dukes ,  Jeevan Sharma ,  Fabio R. Maino ,  Alberto Rodriguez-Natal

IPC: H04L41/0823 ,  H04L67/10

Abstract: Techniques for enabling a network access provider to make automatic Software as a Service (SaaS) optimization decisions. Among other things, the techniques may include determining a SaaS application that is being accessed by client endpoints via flows through a network access provider. The techniques may also include determining, based at least in part on a policy associated with the network access provider, whether to enable network optimizations for traffic through the network access provider to the SaaS application. Based at least in part on a determination that the network optimizations are to be enabled for the traffic to the SaaS application, the techniques may include installing a service definition associated with the SaaS application in a service policy database of the network access provider.

公开(公告)号：US20240380699A1

公开(公告)日：2024-11-14

申请号：US18748415

申请日：2024-06-20

Applicant: Cisco Technology, Inc.

Inventor： Alberto Rodriguez-Natal ,  Steven William Wood ,  Ding Bai ,  Fabio R. Maino ,  Ramanathan Lakshmikanthan

IPC: H04L47/20 ,  H04L47/24

Abstract: Techniques for obtaining application network metadata from a service registry so that a network routing policy may be derived for traffic associated with the application are described herein. The techniques may include receiving, at a service registry, network metadata associated with traffic of an application hosted by a scalable application service platform. The techniques may also include obtaining, by a controller of a network and from the service registry, the network metadata associated with the traffic of the application. Based at least in part on the network metadata, the controller may determine a routing policy that is optimized for sending the traffic through the network. Additionally, the controller may send an indication of the routing policy to a node of the network or otherwise provision the network such that the traffic of the application is sent through the network according to the routing policy.

公开(公告)号：US12120027B2

公开(公告)日：2024-10-15

申请号：US17992140

申请日：2022-11-22

Applicant: Cisco Technology, Inc.

Inventor： Bruce Mcdougall ,  Jeff Byzek ,  Alberto Rodriguez-Natal ,  Saswat Praharaj ,  Fabio R. Maino ,  Steven William Wood

IPC: H04L45/74 ,  H04L45/00 ,  H04L45/24

CPC classification number: H04L45/74 ,  H04L45/24 ,  H04L45/566

Abstract: Techniques for steering overlay network traffic along specific paths through an underlay network. The techniques may include determining a path through an underlay network that is optimized for sending a packet from a first node of an overlay network to a second node of the overlay network. The techniques may also include determining a destination address for sending the packet along the path from the first node to the second node, the destination address including a micro segment identifier (uSID) corresponding with an underlay node that is disposed along the path through the underlay network and trailing bits representing a portion of an address that corresponds with the second node. The techniques may also include causing the packet to be modified to include the destination address such that the packet is sent from the first node to the second node along the path.