公开(公告)号：WO2021126590A1

公开(公告)日：2021-06-24

申请号：PCT/US2020/063722

申请日：2020-12-08

Applicant: CISCO TECHNOLOGY, INC.

Inventor： WARD, David Delano ,  CAM-WINGET, Nancy ,  VOIT, Eric ,  BACKMAN, Jesse Daniel

IPC: H04L29/06 ,  G06F21/57 ,  G06F21/74 ,  H04L63/029 ,  H04L63/105 ,  H04L63/1433

Abstract: Systems, methods, and computer-readable media for assessing reliability and trustworthiness of devices across domains. Attestation information for an attester node in a first domain is received at a verifier gateway in the first domain. The attestation information is translated at the verifier gateway into translated attestation information for a second domain. Specifically, the attestation information is translated into translated attested information for a second domain that is a different administrative domain from the first domain. The translated attestation information can be provided to a verifier in the second domain. The verifier can be configured to verify the trustworthiness of the attester node for a relying node in the second domain by identifying a level of trust of the attester node based on the translated attestation information.

公开(公告)号：WO2019199615A1

公开(公告)日：2019-10-17

申请号：PCT/US2019/026153

申请日：2019-04-05

Applicant: CISCO TECHNOLOGY, INC.

Inventor： HASANI, Naader ,  GUPTA, Shishir ,  WARD, David Delano ,  TATAR, Mohammed Ismael ,  HABIBI, Shahin ,  RAVIPALLI, Sreedhar ,  BARACH, David Richard

IPC: H04L12/743 ,  H04L12/745

Abstract: One embodiment performs longest prefix matching operations in one or more different manners that provides packet processing and/or memory efficiencies in the processing of packets. In one embodiment, a packet switching device determines a set of one or more mask lengths of a particular conforming entry of a multibit trie or other data structure that matches a particular address of a packet via a lookup operation in a mask length data structure. A conforming entry refers to an entry which has less than or equal to a maximum number of different prefix lengths, with this maximum number corresponding to the maximum number of prefix lengths which can be searched in parallel in the address space for a longest matching prefix by the implementing hardware. The packet switching device then performs corresponding hash table lookup operation(s) in parallel in determining an overall longest matching prefix for the particular address.

公开(公告)号：WO2019060228A1

公开(公告)日：2019-03-28

申请号：PCT/US2018/051225

申请日：2018-09-14

Applicant: CISCO TECHNOLOGY, INC.

Inventor： BOSCH, Peter ,  NAPPER, Jeffrey ,  DUMINUCO, Alessandro ,  O'GORMAN, Michael Francis ,  CHANDLER, Sean ,  SOROKIN, Roman ,  WARD, David Delano ,  DAULLXHI, Baton ,  BALUS, Florin Stelian

IPC: G06F8/35 ,  G06F8/60 ,  G06F8/71

CPC classification number: H04L67/10 ,  G06F8/35 ,  G06F8/60 ,  G06F8/71 ,  G06F9/5055 ,  G06F2209/5015

Abstract: The present disclosure involves systems and methods for (a) model distributed applications for multi-cloud deployments, (b) derive, by way of policy, executable orchestrator descriptors, (c) model underlying (cloud) services (private, public, server-less and virtual-private) as distributed applications themselves, (d) dynamically create such cloud services if these are unavailable for the distributed application, (e) manage those resources equivalent to the way distributed applications are managed; and (f) present how these techniques are stackable. As applications may be built on top of cloud services, which themselves can be built on top of other cloud services (e.g., virtual private clouds on public cloud, etc.) even cloud services themselves may be considered applications in their own right, thus supporting putting cloud services on top of other cloud services.

公开(公告)号：WO2011041442A1

公开(公告)日：2011-04-07

申请号：PCT/US2010/050760

申请日：2010-09-29

Applicant: CISCO TECHNOLOGY, INC.

Inventor： SUN, Fan ,  WARD, David Delano ,  MANIYAR, Shyamsundar Nandkishor ,  FILSFILS, Clarence

IPC: H04L12/56

CPC classification number: H04L45/00 ,  H04L45/02 ,  H04L45/54

Abstract: A filtered Forwarding Information Base (FIB) (the "complete local FIB") is used to determine how to forward packets, typically on line cards. The complete local FIB is generated by filtering (i.e., dropping or removing) extraneous entries in the standard global FIB of a router. This smaller FIB is then installed within the memory of a forwarding engine, possibly implemented as a single application-specific integrated circuit (ASIC), for use in determining how to forward packets, with the router forwarding packets accordingly.

Abstract translation: 过滤的转发信息库（FIB）（“完整本地FIB”）用于确定如何转发数据包，通常在线路卡上。 完整的本地FIB通过过滤（即，丢弃或删除）路由器的标准全局FIB中的无关条目来生成。 然后将较小的FIB安装在转发引擎的存储器内，可能实现为单个专用集成电路（ASIC），用于确定如何转发数据包，路由器会相应地转发数据包。

公开(公告)号：WO2020086276A1

公开(公告)日：2020-04-30

申请号：PCT/US2019/055433

申请日：2019-10-09

Applicant: CISCO TECHNOLOGY, INC.

Inventor： BOSCH, Hendrikus G.P. ,  DUMINUCO, Alessandro ,  NAPPER, Jeffrey ,  WARD, David Delano ,  RAZA, Syed Khalid ,  MULLENDER, Sape Jurrien

IPC: H04L12/725 ,  H04L29/06

Abstract: Disclosed are concepts for provided for managing application traffic. A method includes receiving a request to access a service from an application, confirming an entity of a user of the application and, based on the confirmation, generating, via an authentication service, a routing policy for data flows between the application and the service. The routing policy defines a mandated path between the application and the service. The method also can include storing proof-of-transit data in the traffic flow for tracking an actual path from the application to the service and determining whether the data path complies with the mandated path defined in the policy. When the determination indicates that the actual path followed the mandated path defined in the routing policy, the method includes granting access to the user for the service. When the actual path differs from the mandated path, the method includes denying access to the user.

公开(公告)号：WO2019005956A1

公开(公告)日：2019-01-03

申请号：PCT/US2018/039739

申请日：2018-06-27

Applicant: CISCO TECHNOLOGY, INC.

Inventor： FILSFILS, Clarence ,  CLAD, Francois ,  CAMARILLO GARVIA, Pablo ,  WARD, David Delano

IPC: H04L12/721 ,  H04L12/723 ,  H04L12/751 ,  H04L12/715 ,  H04L12/707 ,  H04L12/725 ,  H04L12/741

Abstract: In one embodiment, new Segment Routing capabilities are used in the steering of packets through Segment Routing nodes in a network. A Segment List includes a set of one or more Segment List (SL) Groups, each of which identifies one or more Segments contiguously or non-contiguously stored in the Segment List (or stored across multiple Segment Lists) of a Segment Routing packet. Each SL Group typically includes one Segment that is encoded as a Segment Identifier, and may include Segments that are Extended Values. The steering order of SL Groups is not required to be the same order as they are listed in the Segment List, as the value of Segments Left may be increased, remain the same, or decreased (possibly to skip a next SL Group) and possibly based on the result of an evaluation of a conditional expression.

公开(公告)号：WO2009102919A3

公开(公告)日：2009-08-20

申请号：PCT/US2009/034006

申请日：2009-02-13

Applicant: CISCO TECHNOLOGY, INC.

Inventor： DROMS, Ralph ,  VINOKOUR, Vitali ,  WARD, David Delano

IPC: H04L29/12

Abstract: Disclosed are, inter alia, methods, apparatus, computer-storage media, mechanisms, and means associated with loss of network layer connectivity triggering Dynamic Host Configuration Protocol (DHCP) initialization. According to one embodiment, a network device connected to a network initializes one or more network communication values of the network device using DHCP. The network device monitors Network Layer (Layer 3) connectivity with a remote network device; and in response to detecting a loss of said monitored Network Layer connectivity, DHCP initialization of the network device is performed.

公开(公告)号：EP3334101B1

公开(公告)日：2020-12-02

申请号：EP17183114.2

申请日：2017-07-25

Applicant: Cisco Technology, Inc.

Inventor： WILLIAMS JR., John J. ,  TATAR, Mohammed Ismael ,  WARD, David Delano

IPC: H04L12/863 ,  H04L12/823 ,  H04L12/813 ,  H04L12/803 ,  H04L12/707

公开(公告)号：EP3157210A3

公开(公告)日：2017-05-24

申请号：EP16175949.3

申请日：2016-06-23

Applicant: Cisco Technology, Inc.

Inventor： THUBERT, Pascal ,  ANTEUNIS, Dirk ,  BELLAGAMBA, Patrice ,  WARD, David Delano

IPC: H04L12/743 ,  H04L12/801 ,  H04L12/751 ,  H04W28/08 ,  H04L12/803

CPC classification number: H04L47/11 ,  H04L47/125

Abstract: In one embodiment, a method comprises detecting a traffic condition by a network device in a loop-free routing topology comprising routing arcs for reaching a destination device, each routing arc comprising a first edge, a second edge, and at least a third network device configured for routing any network traffic along the routing arc toward the destination device and exiting via any one of the first or second edges of the routing arc, the traffic condition proximate to the first edge of at least one of the routing arcs in which the network device is positioned; and the network device initiating load balancing based on sending a management frame over a data plane of the at least one routing arc toward the corresponding second edge, the management frame requesting a change in load balancing for at least one of an identified traffic class based on the detected traffic condition.

Abstract translation: 在一个实施例中，一种方法包括通过包括用于到达目的地设备的路由弧的无环路由拓扑中的网络设备检测交通情况，每个路由弧包括第一边缘，第二边缘和至少第三网络设备 ，其被配置用于沿着所述路由弧向所述目的地设备路由任何网络流量并且经由所述路由弧的所述第一或第二边缘中的任一个退出所述交通状况，所述交通状况接近所述网络中的至少一个路由弧的所述第一边缘 设备定位; 以及所述网络设备基于在所述至少一个路由弧的数据平面上向对应的第二边发送管理帧来发起负载平衡，所述管理帧基于以下内容请求对所识别的流量类中的至少一个的负载平衡的改变： 检测到的交通状况。

公开(公告)号：EP3777055A1

公开(公告)日：2021-02-17

申请号：EP19720230.2

申请日：2019-04-05

Applicant: Cisco Technology, Inc.

Inventor： HASANI, Naader ,  GUPTA, Shishir ,  WARD, David Delano ,  TATAR, Mohammed Ismael ,  HABIBI, Shahin ,  RAVIPALLI, Sreedhar ,  BARACH, David Richard

IPC: H04L12/743 ,  H04L12/745