公开(公告)号：WO2021045895A1

公开(公告)日：2021-03-11

申请号：PCT/US2020/046676

申请日：2020-08-17

Applicant: CISCO TECHNOLOGY, INC.

Inventor： SUNDARARAJAN, Balaji ,  JABR, Khalil A. ,  OSWAL, Anand ,  AGARWAL, Vivek ,  BALASUBRAMANIAN, Chandramouli

IPC: H04L12/46 ,  H04L12/715 ,  H04L12/723 ,  H04L12/721

Abstract: Systems, methods, and computer-readable media for interconnecting SDWANs through segment routing. A first SDWAN and a second SDWAN of a SDWAN fabric can be identified. A segment routing domain that interconnects the first SDWAN and the second SDWAN can be formed across a WAN underlay of the SDWAN fabric. Data transmission between the first SDWAN and the second SDWAN can be controlled by performing segment routing through the segment routing domain formed between the first SDWAN and the second SDWAN.

公开(公告)号：WO2020252096A1

公开(公告)日：2020-12-17

申请号：PCT/US2020/037124

申请日：2020-06-11

Applicant: CISCO TECHNOLOGY, INC.

Inventor： SUNDARARAJAN, Balaji ,  VALLURI, Vamsidhar ,  BALASUBRAMANIAN, Chandramouli ,  OSWAL, Anand ,  SINGH, Ram, Dular

IPC: H04L12/725 ,  H04L12/717 ,  H04L12/715 ,  H04L12/721 ,  H04L29/08

Abstract: In one embodiment, a method includes providing a first profile to a plurality of edge routers of the SD-WAN, the plurality of edge routers operable to interface a plurality of devices to the SD-WAN. The first profile enables the plurality of edge routers to discover which devices of the plurality of devices support a first application. The method includes receiving, from one or more of the edge routers, information indicating which devices of the plurality of devices support the first application and building a first application fabric based on the information indicating which devices of the plurality of devices support the first application.

公开(公告)号：WO2021091779A1

公开(公告)日：2021-05-14

申请号：PCT/US2020/058127

申请日：2020-10-30

Applicant: CISCO TECHNOLOGY, INC.

Inventor： GUNDAVELLI, Srinath ,  SRIVASTAVA, Vimal ,  GRAYSON, Mark ,  JAIN, Sudhir, Kumar ,  OSWAL, Anand

IPC: H04W12/08 ,  H04W12/033 ,  H04L29/06 ,  H04W88/18

Abstract: Techniques are described to provide open access in a neutral host environment. In one example, a method includes obtaining, by a mobility management node of a neutral host network, a network connectivity request from a user equipment, wherein the network connectivity request comprises an indication of a preferred service provider to which the user equipment is to be connected; determining, by the mobility management node, that the preferred service provider provides non-subscription-based network connectivity for the neutral host network; based on determining that the preferred service provider provides non- subscription-based network connectivity for the neutral host network, establishing secure communications for the user equipment, wherein the secure communications are established for the user equipment without authenticating an identity of user equipment; and providing network connectivity between the user equipment and the preferred service provider upon establishing the secure communications.

公开(公告)号：WO2013070342A1

公开(公告)日：2013-05-16

申请号：PCT/US2012/058593

申请日：2012-10-04

Applicant: CISCO TECHNOLOGY, INC. ,  JOSHI, Kiritkumar, B. ,  MALAVIYA, Viren, K. ,  OSWAL, Anand ,  PRASAD, Chandrodaya ,  GORDE, Sachin, G.

Inventor： JOSHI, Kiritkumar, B. ,  MALAVIYA, Viren, K. ,  OSWAL, Anand ,  PRASAD, Chandrodaya ,  GORDE, Sachin, G.

IPC: H04W88/16 ,  H04L29/12 ,  H04L29/06

CPC classification number: H04W8/005 ,  H04L61/1511 ,  H04L61/2007 ,  H04L61/2076 ,  H04L61/6086 ,  H04L63/101 ,  H04L65/1006 ,  H04L65/1016 ,  H04L65/102 ,  H04W12/08

Abstract: In one implementation, a method for managing access to mobile endpoints leverages the always-on nature of a first internet layer protocol to expand the reach of a second internet layer protocol. A network device receives a request originating from a remote host. The request includes a domain name of a mobile endpoint. The network device queries a database using the domain name for a first address of the mobile endpoint as designated according to the first internet layer protocol. The network device transmits a wake up message to the mobile endpoint using the first address. A data bearer for communication with the second internet layer protocol is established based on the wake up message, and a second address is assigned to the mobile endpoint. The second address is forwarded to the remote host, allowing communication between the remote host and the mobile endpoint.

Abstract translation: 在一个实现中，用于管理对移动端点的访问的方法利用第一互联网层协议的始终性质来扩展第二互联网层协议的覆盖范围。 网络设备接收来自远程主机的请求。 该请求包括移动端点的域名。 网络设备使用根据第一互联网层协议指定的移动终端的第一地址的域名查询数据库。 网络设备使用第一地址向移动端点发送唤醒消息。 基于唤醒消息建立用于与第二互联网层协议进行通信的数据载体，并将第二地址分配给移动终端。 第二个地址被转发到远程主机，允许远程主机和移动端点之间的通信。

公开(公告)号：WO2021141772A1

公开(公告)日：2021-07-15

申请号：PCT/US2020/066587

申请日：2020-12-22

Applicant: CISCO TECHNOLOGY, INC.

Inventor： SUNDARARAJAN, Balaji ,  AGARWAL, Vivek ,  OSWAL, Anand ,  CHANNAPPA, Chethan ,  KODNAD, Subhash ,  SHARMA, Jeevan

IPC: H04L12/24 ,  H04W4/70 ,  H04L29/06 ,  G06F2009/45595 ,  G06F9/45558 ,  G16Y30/10 ,  H04L12/2856 ,  H04L12/66 ,  H04L41/0806 ,  H04L41/0853 ,  H04L41/0893 ,  H04L41/145 ,  H04L41/5032 ,  H04L49/70 ,  H04L63/0272 ,  H04L63/20 ,  H04W92/02

Abstract: The present disclosure is directed to managing industrial internet of things end points and includes one or more processors and one or more computer-readable non-transitory storage media coupled to the one or more processors and comprising instructions that, when executed by the one or more processors, cause one or more switches to perform operations comprising: identifying a first end point using a protocol associated with the first end point, determining a classification for the identified first end point based on one or more attributes of the first end point, identifying one or more related end points having the classification in common with the first end point, segmenting the first end point with the identified one or more related end points, and applying one or more policies to the segmented first end point and the one or more related end points.

公开(公告)号：WO2021080800A1

公开(公告)日：2021-04-29

申请号：PCT/US2020/055097

申请日：2020-10-09

Applicant: CISCO TECHNOLOGY, INC.

Inventor： RADHAKRISHNAN, Saravanan ,  OSWAL, Anand ,  KUMAR, Ashwin ,  BIGBEE, Paul Wayne ,  MILLER, Darrin Joseph

IPC: H04L29/06

Abstract: Systems and methods are provided for receiving, at a network device, a first set of rules from a security controller of an enterprise network, the first set of rules being different from a second set of rules provided to a firewall by the security controller, implementing, at the network device, the first set of rules received from the security controller, generating, at the network device, a first log including metadata based on the first set of rules, the first log being generated on a per flow basis, notifying, at the network device, a NetFlow of the first log including the metadata of the first set of rules, and providing, from the network device, the first log to a cloud-log store by the NetFlow of the network device, the cloud-log store receiving the first log from the network device and a second log from the firewall.

公开(公告)号：WO2020112448A1

公开(公告)日：2020-06-04

申请号：PCT/US2019/062292

申请日：2019-11-19

Applicant: CISCO TECHNOLOGY, INC.

Inventor： HOODA, Sanjay Kumar ,  OSWAL, Anand ,  BHAU, Nehal ,  EDATHARA, Anil ,  MEHTA, Munish

IPC: H04L12/46 ,  H04L12/66 ,  H04L12/715

Abstract: Systems and methods provide for end-to-end identity-aware routing across multiple administrative domains. A first ingress edge device of a second overlay network can receive a first encapsulated packet from a first egress edge device of a first overlay network. The first ingress edge device can de-encapsulate the first encapsulated packet to obtain an original packet and a user or group identifier. The first ingress edge device can apply a user or group policy matching the user or group identifier to determine a next hop for the original packet. The first ingress edge device can encapsulate the original packet and the user or group identifier to generate a second encapsulated packet. The first ingress edge device can forward the second encapsulated packet to the next hop.

公开(公告)号：WO2021173355A1

公开(公告)日：2021-09-02

申请号：PCT/US2021/017522

申请日：2021-02-11

Applicant: CISCO TECHNOLOGY, INC.

Inventor： SUNDARARAJAN, Balaji ,  GOTA BR, Venkatesh ,  YERUVA, Sireesha ,  BALASUBRAMANIAN, Chandramouli ,  OSWAL, Anand

IPC: H04L29/06 ,  H04L12/46

Abstract: The present disclosure is directed to systems and methods for dynamic firewall discovery on a service plane. The method includes the steps of identifying a source data packet for transmission from a source machine at a source site to a destination machine at a destination site, wherein the source data packet corresponds to a request for connection between the source machine and the destination machine over a WAN, inspecting the source data packet at a first firewall associated with the source site, marking the source data packet with a marker to indicate inspection by the first firewall, transmitting the marked source data packet to the destination site, determining at the destination site that the source data packet has been inspected based on the marker, and forwarding the source data packet to the destination machine at the destination site, without inspection of the source data packet by a second firewall associated with the destination site.

公开(公告)号：WO2020112345A1

公开(公告)日：2020-06-04

申请号：PCT/US2019/060910

申请日：2019-11-12

Applicant: CISCO TECHNOLOGY, INC.

Inventor： VALLURI, Vamsidhar ,  RADHAKRISHNAN, Saravanan ,  OSWAL, Anand ,  PRABHU, Vinay ,  EVANS, Sarah Adelaide ,  RANGASWAMY, Suraj

IPC: H04L29/06 ,  H04L12/24

Abstract: Systems and methods provide for provisioning a dynamic intent-based firewall. A network controller can generate a master route table for network segments reachable from edge network devices managed by the controller. The controller can receive zone definition information mapping the network segments into zones and Zone-based Firewall (ZFW) policies to apply to traffic between a source and destination zone specified by each ZFW policy. The controller can evaluate a ZFW policy to determine first edge network devices that can reach first network segments mapped to the source zone specified by the ZFW policy, second edge network devices that can reach second network segments mapped to the destination zone specified by the ZFW policy, and routing information (from the route table) between the first network segments, the first and second edge network devices, and the second network segments. The controller can transmit the routing information to the edge network devices.

公开(公告)号：WO2015175072A3

公开(公告)日：2015-11-19

申请号：PCT/US2015/016533

申请日：2015-02-19

Applicant: CISCO TECHNOLOGY, INC.

Inventor： VALLURI, Vamsidhar ,  KUMARASAMY, Parameswaran ,  WING, Daniel, G. ,  THAKORE, Parag, Pritam ,  OSWAL, Anand ,  SHARMA, Shivangi

IPC: H04L1/00 ,  H04L1/20 ,  H04L12/24 ,  H04L29/06

Abstract: In one embodiment, a method comprises obtaining, by a client device via a wireless data link with a wireless access point, information from a network device within a data network reachable via the wireless access point, the information describing network conditions associated with a service provided to the client device via the data network; and the client device optimizing a transmission control protocol (TCP) communication, via the wireless data link, for optimization of the service provided by the client device.