公开(公告)号：WO2021222011A1

公开(公告)日：2021-11-04

申请号：PCT/US2021/028790

申请日：2021-04-23

Applicant: CISCO TECHNOLOGY, INC.

Inventor： JAIN, Prakash C. ,  HOODA, Sanjay Kumar ,  KONDALAM, Satish ,  JANARDANAN, Raja ,  VADNERE, Aaditya ,  SHARMA, Shivangi

IPC: H04L12/46 ,  H04L12/715 ,  H04L12/741

Abstract: Systems, methods, and computer-readable media for communicating policy changes in a Locator/ID Separation Protocol (LISP) based network deployment include receiving, at a first routing device, a first notification from a map server, the first notification indicating a change in a policy for LISP based communication between at least a first endpoint device and at least a second endpoint device, the first endpoint device being connected to a network fabric through the first routing device and the second endpoint device being connected to the network fabric through a second routing device. The first routing device forwards a second notification to the second routing device if one or more entries of a first map cache implemented by the first routing device are affected by the policy change, the second notification indicating a set of one or more endpoints connected to the second routing device that are affected by the policy change.

公开(公告)号：WO2020106475A1

公开(公告)日：2020-05-28

申请号：PCT/US2019/060586

申请日：2019-11-08

Applicant: CISCO TECHNOLOGY, INC.

Inventor： PANSE, Parag M. ,  KEAN, Brian Russell ,  HOODA, Sanjay Kumar

IPC: H04L29/06

Abstract: Present technology is directed to a system and method for implementing an offline scheme to automatically and efficiently transform a set of conventional IP-based Access Control Entries in a supplied configuration into compressed form that can then be represented as Object-Group based Access Control Entries. The compression is performed on contiguous blocks of the supplied Access Control List having a common prescribed filtering access. The compression is performed by iteratively selecting a data field with mismatching data values across the ACEs and merging the data values into a corresponding data field of the output ACE. The common values of other data fields are then imported to the corresponding data fields of the output ACE. The process is repeated in an iterative manner by assigning a different data field as the selected data field for each iteration round.

公开(公告)号：WO2022026208A1

公开(公告)日：2022-02-03

申请号：PCT/US2021/041930

申请日：2021-07-16

Applicant: CISCO TECHNOLOGY, INC.

Inventor： MORENO, Victor ,  HOODA, Sanjay Kumar ,  FERNANDO, Rex Emmanuel ,  APPALA, Syam Sundar

IPC: H04L12/46

Abstract: This technology enables normalized lookup and forwarding for diverse virtual private networks in multi-site network fabric deployments. A source device on a first Layer 2 site transmits a frame to a destination device on the same subnet, but on a second Layer 2 site. The frame is encapsulated and routed to a fabric border node. The fabric border node matches the source subnet to the destination subnet and transmits an address request protocol ("ARP"). In response to not receiving a reply to the ARP, the fabric border node transmits a map request to a Layer 3 transit fabric control plane node. The control plane node extracts a destination identifier from the map request and determines that the destination identifier is a Layer 2 identifier. The control plane node transmits a map reply to the fabric border node, where the frame is re- encapsulated and forwarded to the destination device.

公开(公告)号：WO2020205370A1

公开(公告)日：2020-10-08

申请号：PCT/US2020/024723

申请日：2020-03-25

Applicant: CISCO TECHNOLOGY, INC.

Inventor： JAIN, Prakash C. ,  HOODA, Sanjay Kumar

IPC: H04L29/08

Abstract: The disclosed technology relates to a process for zero touch provisioning to provide cloud enablement of legacy computing devices. Specifically, the disclosed technology provides the ability to automate the process of connecting computing devices that may not originally have the capabilities to connect to the Internet so that the computing devices can be managed by a cloud network or be provided updates by the cloud network. The cloud enablement for computing devices is performed by modifying the computing device with hardware and software that would direct the computing device to establish secure communications with the cloud network without user involvement.

公开(公告)号：WO2021222010A1

公开(公告)日：2021-11-04

申请号：PCT/US2021/028782

申请日：2021-04-23

Applicant: CISCO TECHNOLOGY, INC.

Inventor： KONDALAM, Satish ,  HOODA, Sanjay Kumar ,  JAIN, Prakash C. ,  PENDHARKAR, Vikram Vikas

IPC: H04L12/751 ,  H04L12/761 ,  H04L12/721 ,  H04L12/715

Abstract: Systems, methods, and computer-readable media for discovering silent hosts in a software-defined network and directing traffic to the silent hosts in a scalable and targeted manner include determining interfaces of a fabric device that are connected to respective one or more endpoints, where the fabric device is configured to connect the endpoints to a network fabric of the software-defined network. At least a first interface is identified, where an address of a first endpoint connected to the first interface is not available at the fabric device. A first notification is transmitted to a control plane of the software-defined network based on identifying the first interface, where the control plane may create a flood list which includes the fabric device. Traffic intended for the first endpoint from the network fabric is received by the fabric device can be based on the flood list.

公开(公告)号：WO2020101950A1

公开(公告)日：2020-05-22

申请号：PCT/US2019/059879

申请日：2019-11-05

Applicant: CISCO TECHNOLOGY, INC.

Inventor： JAIN, Prakash C. ,  HOODA, Sanjay Kumar

IPC: H04L12/24 ,  H04L12/26

Abstract: Systems and methods provide for algorithmic problem identification and resolution in fabric networks by software defined operation, administration, and maintenance.

公开(公告)号：WO2023086610A1

公开(公告)日：2023-05-19

申请号：PCT/US2022/049768

申请日：2022-11-14

Applicant: CISCO TECHNOLOGY, INC.

Inventor： HOODA, Sanjay Kumar ,  JAIN, Prakash C.

IPC: H04L12/46

Abstract: Techniques and architecture are described for providing a service, e.g., a security service such as a firewall, across different virtual networks/VRFs/VPN IDs. The techniques and architecture provide modifications in enterprise computing fabrics by modifying pull-based overlay protocols such as, for example, locator/identifier separation protocol (LISP), border gateway protocol ethernet virtual private network (BGP EVPN), etc. A map request carries additional information to instruct a map-server that even though mapping (destination prefix and firewall service RLOC for the destination) is known within the map-server's own virtual network/VRF for firewall service insertion, the map-server still should do a lookup across virtual networks/VRFs and discover the final destination's DGT (destination group tag) and include that in the map reply.

公开(公告)号：WO2023287596A1

公开(公告)日：2023-01-19

申请号：PCT/US2022/035929

申请日：2022-07-01

Applicant: CISCO TECHNOLOGY, INC.

Inventor： JAIN, Prakash C. ,  HOODA, Sanjay Kumar ,  SAINI, Vinay ,  MORENO, Victor Manuel

IPC: H04L45/302 ,  H04L45/00 ,  H04L45/64 ,  H04L45/655 ,  H04L45/76

Abstract: Techniques are described herein for service chaining in fabric networks without service nodes needing additional capabilities. The techniques may include storing a first configuration associated with a first VRF instance of a service forwarding node that is connected to a first service of a service chain sequence. The first configuration may indicate an identifier and a type associated with a second service of the service chain sequence where traffic is to be sent after the first service. Additionally, the techniques may also include storing a second configuration associated with a second VRF instance of the service forwarding node that is connected to the second service. The second configuration may indicate that the second service is a last service of the service chain sequence. When traffic is received at the service forwarding nodes, the service forwarding nodes can determine whether the traffic is pre‑service or post‑service traffic.

公开(公告)号：WO2022066653A1

公开(公告)日：2022-03-31

申请号：PCT/US2021/051327

申请日：2021-09-21

Applicant: CISCO TECHNOLOGY, INC.

Inventor： MANIYAR, Shyamsundar N ,  HOODA, Sanjay Kumar ,  MURTHY, Shree N. ,  CHHABRIA, Sonal Prem Kumar ,  DORWAT, Akshay

IPC: G06F9/00 ,  H04L47/00 ,  H04L12/70

Abstract: In one embodiment, dynamic user private networks are virtually segmented within a shared virtual network. A network control system maintains the dynamic logical segmentation of the shared virtual network. User entities (e.g., user devices and/or services) are communicatively coupled to respective personal virtual networks via endpoints of access devices. Each of these endpoints is associated with a corresponding user private network. Responsive in real-time to automated processing of a received electronic particular user request, the network control system automatically modifies the dynamic logical segmentation of the shared virtual network to move a particular user entity on the shared virtual network to newly being on the first dynamic user private network without being disconnected from the shared virtual network. One embodiment uses different user private network identifiers (UPN-IDs) associated with endpoints and received packets to identify their respective user private network.

公开(公告)号：WO2021108143A1

公开(公告)日：2021-06-03

申请号：PCT/US2020/060332

申请日：2020-11-13

Applicant: CISCO TECHNOLOGY, INC.

Inventor： GUPTA, Anubhav ,  FERNANDO, Rex ,  HOODA, Sanjay Kumar ,  APPALA, Syam Sundar ,  THORIA, Samir

IPC: H04L12/751 ,  H04L12/715 ,  H04L12/741

Abstract: In one embodiment, a method includes receiving a data packet from a first host located in the first site, where the data packet may be destined to a second host located in a second site that may be different from the first site, determining that an identity of a second group to which the second host belongs is not available at the first network node, sending a request for an identifier of the second group to a second network node, where the request may comprise an address of the second host, receiving a response comprising the identifier of the second group from the second network node, determining that the second group is a destination group, applying one or more policies associated with the destination group to the data packet, and causing the data packet to be routed to the second host.