Patents Assigned to Cisco Technologies, Inc.
-
Patent number: 12244640Abstract: In one embodiment, a device in a network receives an attack mitigation request regarding traffic in the network. The device causes an assessment of the traffic, in response to the attack mitigation request. The device determines that an attack detector associated with the attack mitigation request incorrectly assessed the traffic, based on the assessment of the traffic. The device causes an update to an attack detection model of the attack detector, in response to determining that the attack detector incorrectly assessed the traffic.Type: GrantFiled: December 11, 2023Date of Patent: March 4, 2025Assignee: Cisco Technology, Inc.Inventors: K. Tirumaleswar Reddy, Daniel G. Wing, Blake Harrell Anderson, David McGrew
-
Publication number: 20250071044Abstract: This disclosure describes techniques for enabling distributed path computation and centralized path enforcement in a computer network used to implement a software application. In some cases, the disclosed techniques include using a central controller that initializes and coordinates monitoring agents deployed to network regions. The monitoring agents may collect monitoring data associated with application segments in their respective regions and share this data with each other. Using the aggregated data, the agents can compute optimal paths between application segment pairs spanning multiple regions. The optimal inter-region paths may be sent to the controller, which can program the paths into the routing application programming interfaces (APIs) of the various network environments like public cloud and on-premises networks.Type: ApplicationFiled: August 23, 2023Publication date: February 27, 2025Applicant: Cisco Technology, Inc.Inventors: Vijay Kumar Devendran, Rajagopalan Janakiraman, Sathiskumar Segamalai Murugesan, Kirankumar Meda
-
Publication number: 20250071051Abstract: Various implementations disclosed herein enable malleable routing for data packets. For example, in various implementations, a method of routing a type of data packets is performed by a device. In some implementations, the device includes a non-transitory memory and one or more processors coupled with the non-transitory memory. In some implementations, the method includes determining a routing criterion to transmit a set of data packets across a network. In some implementations, the method includes identifying network nodes and communication links in the network that satisfy the routing criterion. In some implementations, the method includes determining a route for the set of data packets through the network nodes and the communication links that satisfy the routing criterion. In some implementations, the method includes configuring the network nodes that are on the route with configuration information that allows the set of data packets to propagate along the route.Type: ApplicationFiled: May 1, 2024Publication date: February 27, 2025Applicant: Cisco Technology, Inc.Inventors: Clarence Filsfils, Peter Psenak, Francois Clad, Jose Antonio Liste
-
Publication number: 20250071831Abstract: A client device identifier for dual-Wi-Fi connections may be provided. First, it may be determined that a client device has associated over a first link having a first Media Access Control (MAC) address. Next, from the client device over the first link, a first management frame may be received that identifies a MAC address of a second link associated with the client device. Then, based on information in the first management frame, it may be determined that the first link and the second link are associated with the client device.Type: ApplicationFiled: August 27, 2024Publication date: February 27, 2025Applicant: Cisco Technology, Inc.Inventors: Jerome Henry, Bart A. Brinckman, Shree Narasimha Murthy
-
Publication number: 20250068598Abstract: A method for file system destinations includes obtaining events for storage on one or more of the storage systems. For each event, the method includes extracting at least one field value from the event, comparing the at least one field value to configurations of the storage systems to identify at least one storage system of the plurality of storage systems having a matching configuration, transmitting the event to an ingest module queue for the at least one storage system, selecting a partition for the event based on the at least one field value to obtain a selected partition, mapping the selected partition to a file using a partition mapping, and appending the event to the file on the at least one storage system.Type: ApplicationFiled: November 11, 2024Publication date: February 27, 2025Applicant: Cisco Technology, Inc.Inventors: Amritpal Singh Bath, Sarah Harun, Samat Jain, Felix Jiang, Shanmugam Kailasam, Li-Jen Liu, Jiahan Wang, Tingjin Xu
-
Publication number: 20250071111Abstract: This disclosure describes techniques for enforcing conditional access to network services. In an example method, a first computing device detects a second device operating in a per-flow authorization mode. The first device receives a first request from a second computing device to communicate with a third computing device using a first network flow and determines that the first flow is authorized (e.g., because of an active past authentication and/or the third device's authentication exemption). Data associated with the first request is transmitted to the third device. The first device then receives a second request to communicate with a fourth computing device using a second network flow and determines that the second flow is not authorized (e.g., because it is not associated with an active past authentication and/or the fourth device is not exempt from authentication). Data associated with the second request is not transmitted to the fourth device.Type: ApplicationFiled: August 22, 2023Publication date: February 27, 2025Applicant: Cisco Technology, Inc.Inventor: Vincent E. Parla
-
Publication number: 20250071180Abstract: Profile-based association method for enterprise networks may be provided. A computing device may configure a first profile and a second profile. Next, the client device may be configured with a set of network profiles associated with a plurality of networks. A user of the client device may be queried for a profile choice for one of the plurality of networks. Then the client device may associate with the one of the plurality of networks according to the profile choice provide by the user.Type: ApplicationFiled: August 27, 2024Publication date: February 27, 2025Applicant: Cisco Technology, Inc.Inventors: Jerome Henry, Bart A. Brinckman, Vincent E. Parla, Srinath Gundavelli, Shree N. Murthy, Matthew S. MacPherson
-
Publication number: 20250071086Abstract: Address Resolution Protocol (ARP)-proxy update for roaming client devices may be provided. A client device may query for a list of active Internet Protocol (IP) addresses used by the client device. Next, the client device may determine that an Access Point (AP) supports a collaborative IP exchange function. Then the client device may send, in response to determining that the AP supports the collaborative IP exchange function, the list of active Internet Protocol (IP) addresses to the AP.Type: ApplicationFiled: August 23, 2024Publication date: February 27, 2025Applicant: Cisco Technology, Inc.Inventors: Pascal Thubert, Jerome Henry
-
Patent number: 12237643Abstract: Heatsinking in laser devices may be improved via a device, including: a header disk having a first face with a circumference; a header post that is thermally conductive, and having: a second face connected to the first face coterminously with the circumference; a third face opposite to the second face; and a fourth face perpendicular to the second face and the third face; a lens holder, having a fifth face connected to the third face; and an optical subassembly connected to the fourth face and optically aligned with the lens holder. The device may also be understood to comprise: a header disk having a circumference; a header post that is thermally conductive, the header post having: an arc coterminous to a portion of the circumference; a mounting face, perpendicular to a plane in which the arc and the circumference are defined; and a bonding face perpendicular to the mounting face.Type: GrantFiled: May 17, 2021Date of Patent: February 25, 2025Assignee: Cisco Technology, Inc.Inventors: Norbert Schlepple, Jock T. Bovington, Mary Nadeau, Mittu Pannala, Jarrett S. Neiman
-
Patent number: 12236229Abstract: This disclosure describes techniques and mechanisms for using a domain-specific language (DSL) to express and compile serverless network functions, and optimizing the deployment location for the serverless network functions on network devices. In some examples, the serverless network functions may be expressed entirely in the DSL (e.g., via a text-based editor, a graphics-based editor, etc.), where the DSL is a computer language specialized to a particular domain, such as a network function domain. In additional examples, the serverless network functions may be expressed and compiled using a DSL in combination with a general-purpose language (GSL). Once the serverless network function have been expressed and/or compiled, the techniques of this disclosure further include determining an optimized network component on which the serverless network function is to execute, and deploying the serverless function to the optimized network component.Type: GrantFiled: February 27, 2023Date of Patent: February 25, 2025Assignee: Cisco Technology, Inc.Inventors: Kyle Andrew Donald Mestery, Ian James Wells, Grzegorz Boguslaw Duraj
-
Patent number: 12238079Abstract: A Software-Defined Networking (SDN)-based “upstream” approach is a controller-based solution that provides secure key distribution and management for multi-site data centers. The approach uses an SDN Multi-Site Controller (MSC) that acts as an intermediary between SDN controllers at sites in a multi-site data center and manages the distribution of keys to sites. The approach is not dependent upon any particular routing protocol, such as the Border Gateway Protocol (BGP), and is well suited for multicast stream encryption by allowing the same key to be used for all replicated packets sent to downstream sites from an upstream source site. The approach distributes keys in a secure manner, ensures that data transferred between sites is done in a secure manner, and supports re-keying with error handling.Type: GrantFiled: May 23, 2024Date of Patent: February 25, 2025Assignee: Cisco Technology, Inc.Inventors: Govind Prasad Sharma, Javed Asghar, Prabhu Balakannan, Sridhar Vallepalli
-
Patent number: 12238014Abstract: Techniques and mechanisms for identifying unmanaged cloud resources with endpoint and network logs and attributing the identified cloud resources to an entity of an enterprise that owns the cloud resources. The process collects data from sources, e.g., endpoint and network logs, with respect to traffic in a computer network and based at least in part on the data, extracts relationships related to the traffic. The process applies rules to the relationships to extract destinations in the computer network that provide cloud resources in a cloud environment, wherein the cloud resources are owned by an enterprise. One or more users or business entities of the enterprise are identified as accessing the cloud resources.Type: GrantFiled: January 4, 2024Date of Patent: February 25, 2025Assignee: Cisco Technology, Inc.Inventors: Blake Harrell Anderson, Andrew Chi, David Arthur McGrew, Saran Singh Ahluwalia
-
Patent number: 12238005Abstract: Embodiments for handling multidestination traffic in a network are described. It is determined that a destination of a packet, received at a network device, is a multihomed destination. In response to determining that the destination of the packet is a multihomed destination, a hash value is determined from a selection of header values of the packet using a hash function. The packet is forwarded to the destination using a shadow hash forwarding table based at least in part on determining, based on the hash value and a hash forwarding table, that the network device is a designated forwarder for the packet.Type: GrantFiled: November 30, 2023Date of Patent: February 25, 2025Assignee: Cisco Technology, Inc.Inventors: Putu H. Subagio, Ravikanth Nasika, Saikat Bhattacharya, Chih-Tsung Huang
-
Patent number: 12238578Abstract: Load balancing for saturated wireless may be provided. A computing device may determine that an Access Point (AP) has reached a saturation point. A first Service Device (SD) having a first SD coverage area that overlaps an AP coverage area associated with the AP may be identified. Then a license to operate within a frequency spectrum segment for the first SD coverage area may be obtained. A plurality of user devices may be moved from the AP to the first SD. The first SD may then service the plurality of user devices using at least a portion of the frequency spectrum segment.Type: GrantFiled: February 20, 2023Date of Patent: February 25, 2025Assignee: Cisco Technology, Inc.Inventors: Jerome Henry, Vinay Saini, Sowbhagya Hanumaiah Sowmya
-
Patent number: 12238006Abstract: Systems and methods are provided for re-balancing and healing of an SD-WAN in an unbalanced state and/or experiencing one or more failure states. In response to a request to connect to a new controller resulting from OMP load shedding from a first controller, the system can identify other controllers capable of handling the load requirements of the edge router. The system can incorporate the controller group preference of the edge router and select a second controller based on the identified other controllers and within the preferred controller group. If not possible, the system can temporarily assign the edge router to non-preferred controller groups and move them back to controllers in the preferred controller group once it becomes viable. The system further enhances OMP graceful restart (GR) logic to incorporate the load shedding effect and avoid unnecessary route retention that GR entails.Type: GrantFiled: August 25, 2023Date of Patent: February 25, 2025Assignee: Cisco Technology, Inc.Inventors: Satish Kumar Mahadevan, Sheikh M Qumruzzaman, Ravi Kiran Chintallapudi, Prosenjit Sarkar, Sourav Sen, Balaji Sundararajan, Rahul P Hardikar
-
Patent number: 12238054Abstract: Techniques for an email-security system to detect multi-stage email scam attacks, and engage an attacker to obtain additional information. The system may analyze emails for users and identify scam emails by analyzing metadata of the emails. The system may then classify the scam emails into particular classes from among a group of scam-email classes. The system may then engage the attacker that sent the scam email. In some instances, the scam emails may be multi-stage attacks, and the system may automatically engage the attacker to move to the next stage of the scam attack. For instance, the system may send a lure email that is responsive to the particular scam class to prompt or provoke the attacker to send more sensitive information, such as a phone number, a bank account, etc. The system may then harvest this sensitive information of the attacker, and use that information for various remedial actions.Type: GrantFiled: March 21, 2022Date of Patent: February 25, 2025Assignee: Cisco Technology, Inc.Inventors: Fahim Abbasi, Abhishek Singh, Muhammad Sachedina
-
Publication number: 20250062838Abstract: Real-time radio self-calibration may be provided. The self-calibration may begin by sampling a Transmission (TX) signal. An achievable Error Vector Magnitude (EVM) for one or more frames may be determined based on the TX signal. Link budgets for clients may be determined using a TX power and a supported Modulation and Coding Scheme (MCS). A per packet TX power is adjusted based on the achievable EVM and a TX retry rate. The PA linearity of the radio may also be adjusted based on the achievable EVM and the link budget. The client may be regrouped into a new MCS based on the link budget.Type: ApplicationFiled: November 4, 2024Publication date: February 20, 2025Applicant: Cisco Technology, Inc.Inventors: Sivadeep KALAVAKURU, Fred ANDERSON, Xiangxiang FANG, Ardalan ALIZADEH
-
Patent number: 12231963Abstract: Time Sensitive Networking (TSN) Quality of Service (QoS) in overlapped administrative domains may be provided. A first Access Point (AP) may detect at least a second AP in a Co-Channel Interference (CCI) range. A micro-transaction auction between the first AP and at least the second AP may be established, and the first AP may provide compensation to second AP to acquire an agreement, from the second AP, to forgo transmitting during an upcoming service period. Next, the first AP may schedule transmissions for the service period and then transmit in the service period without interference from the second AP.Type: GrantFiled: August 19, 2022Date of Patent: February 18, 2025Assignee: Cisco Technology, Inc.Inventors: Brian D. Hart, Pooya Monajemi, Malcolm Muir Smith
-
Patent number: 12231421Abstract: The disclosed technology relates to a process of evaluating any number of different identity providers (IDPs) and their respective set of credentials that are used to authenticate corresponding users to assist with the onboarding of the different IDPs in connection with Wi-Fi identity federations. In particular, the process allows a person's electronic identity and attributes (stored across one or more IDPs) to be determined once using a standard. Once trust has been established for the user, that trust can then be utilized across a number of different systems (e.g., Single-sign on). The same trust determination can be used without the need for the authenticity of the user identity to be re-evaluated with each new access request.Type: GrantFiled: August 8, 2023Date of Patent: February 18, 2025Assignee: Cisco Technology, Inc.Inventors: Malcolm Muir Smith, Bart Brinckman, Mark Grayson, Jerome Henry, Matthew Stephen MacPherson
-
Patent number: 12231312Abstract: In one embodiment, a supervisory service for a network obtains quality of experience metrics for application sessions of an online application. The supervisory service maps the application sessions to paths that traverse a plurality of autonomous systems. The supervisory service identifies, based in part on the quality of experience metrics, a particular autonomous system from the plurality of autonomous systems associated with a decreased quality of experience for the online application. The supervisory service causes application traffic for the online application to avoid the particular autonomous system.Type: GrantFiled: May 24, 2021Date of Patent: February 18, 2025Assignee: Cisco Technology, Inc.Inventors: Jean-Philippe Vasseur, Vinay Kumar Kolar, Grégory Mermoud, Pierre-André Savalle