Patents by Inventor Fabio R. Maino
Fabio R. Maino has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Publication number: 20240114041Abstract: In one embodiment, a method comprises training at least one model based at least in part on interactions between one or more users and electronic messages sent to addresses associated with the one or more users, receiving a first electronic message sent to a first address associated with a first user, analyzing the first electronic message to generate first feature data, determining one or more characteristics of the first user to generate second feature data, inputting, to the at least one model, the first feature data and the second feature data, and receiving, as output of the at least one model, data indicating whether to output, to the first user, a warning regarding the first electronic message.Type: ApplicationFiled: November 29, 2023Publication date: April 4, 2024Inventors: Nikolaos Sapountzis, Madhuri Kolli, Fabio R. Maino, Daniela Alvim Seabra de Oliveira
-
Patent number: 11943150Abstract: Techniques for tracking compute capacity of a scalable application service platform to perform dynamic bandwidth allocation for data flows associated with applications hosted by the service platform are disclosed. Some of the techniques may include allocating a first amount of bandwidth of a physical underlay of a network for data flows associated with an application. The techniques may also include receiving, from a scalable application service hosting the application, an indication of an amount of computing resources of the scalable application service that are allocated to host the application. Based at least in part on the indications, a second amount of bandwidth of the physical underlay to allocate for the data flows may be determined. The techniques may also include allocating the second amount of bandwidth of the physical underlay of the network for the data flows associated with the application.Type: GrantFiled: January 13, 2021Date of Patent: March 26, 2024Assignee: CISCO TECHNOLOGY, INC.Inventors: Lorand Jakab, Alberto Rodriguez Natal, Fabio R. Maino, John G. Apostolopoulos
-
Publication number: 20240097998Abstract: Techniques for extending network elements to inspect, extract, and complement tracing information added to L7 flows by application distributed tracing systems. The techniques may include receiving a Layer-7 (L7) message of an L7 flow associated with a distributed application and determining that the L7 message includes tracing information. In some examples, the tracing information may be mapped to a marking that is to be included in a Layer 3 (L3) or Layer-4 (L4) packet carrying the L7 message, and the L3 or L4 packet including the marking may be sent to an L3 or L4 network element. In some examples, the L3 or L4 network element may be configured to utilize the marking to determine a network decision for the L3 or L4 packet.Type: ApplicationFiled: August 15, 2023Publication date: March 21, 2024Inventors: Alberto Rodriguez-Natal, Edward Albert Warnicke, Saswat Praharaj, Fabio R. Maino
-
Publication number: 20240080223Abstract: Techniques are described for extending a cellular quality of service bearer through an enterprise fabric network. In one example, a method obtaining, by a first switch of a network, a packet to be delivered to a client connected to the network via a cellular access point; identifying quality of service (QoS) bearer information associated with the packet, wherein the QoS bearer information is associated with a radio access bearer for the client and the QoS bearer information comprises a bearer indicator and a QoS class identifier; providing a fabric tunnel encapsulation for the packet, wherein the bearer indicator and the QoS class identifier are included within the fabric tunnel encapsulation of the packet; and forwarding the packet within the fabric tunnel encapsulation toward a second switch of the network via a fabric tunnel, wherein the cellular access point is connected to the network via the second switch.Type: ApplicationFiled: October 30, 2023Publication date: March 7, 2024Inventors: Srinath Gundavelli, Sangram Kishore Lakkaraju, Alberto Rodriguez Natal, Fabio R. Maino, Timothy Peter Stammers
-
Patent number: 11924036Abstract: Techniques for enabling a network access provider to make automatic Software as a Service (SaaS) optimization decisions. Among other things, the techniques may include determining a SaaS application that is being accessed by client endpoints via flows through a network access provider. The techniques may also include determining, based at least in part on a policy associated with the network access provider, whether to enable network optimizations for traffic through the network access provider to the SaaS application. Based at least in part on a determination that the network optimizations are to be enabled for the traffic to the SaaS application, the techniques may include installing a service definition associated with the SaaS application in a service policy database of the network access provider.Type: GrantFiled: April 10, 2023Date of Patent: March 5, 2024Assignee: CISCO TECHNOLOGY, INC.Inventors: Darren Russell Dukes, Jeevan Sharma, Fabio R. Maino, Alberto Rodriguez-Natal
-
Publication number: 20240069995Abstract: Techniques for providing a standardized interface that is configured to provide application developers with ways for interacting with different wide area network controllers. A standardized interface may include an application programming interface (API) server that can receive a connectivity request associated with an application that is to be hosted on an application orchestration system. The API server may determine, based at least in part on the connectivity request, a vendor network to be used by the application to send traffic to a remote service. Based at least in part on determining the vendor network, the API server may translate the connectivity request into a first format that is understandable by a controller of the vendor network. The API server may also provide the connectivity request in the first format to the controller of the vendor network such that a path through the vendor network can be determined.Type: ApplicationFiled: August 31, 2022Publication date: February 29, 2024Inventors: Saswat Praharaj, Fabio R. Maino, Alberto Rodriguez Natal, Ram Dular Singh, Vivek Agarwal
-
Patent number: 11888752Abstract: Techniques for using application network requirements and/or telemetry information from a first networking technology to enhance operation of a second networking technology and optimize wide area network traffic are described herein. The techniques may include establishing a communication network for use by applications of a scalable application service platform, the communication network including a first networking technology and a second networking technology. In this way, a request to establish a connection for use by an application may be received by the first networking technology. The request may include an indication of a threshold service level of the connection. In response to the request, the first networking technology may determine whether the second networking technology is capable of hosting the connection.Type: GrantFiled: September 2, 2021Date of Patent: January 30, 2024Assignee: Cisco Technology, Inc.Inventors: Loránd Jakab, Alberto Rodriguez-Natal, Fabio R. Maino, Timothy James Swanson, John Joyce
-
Patent number: 11863568Abstract: In one embodiment, a method comprises training at least one model based at least in part on interactions between one or more users and electronic messages sent to addresses associated with the one or more users, receiving a first electronic message sent to a first address associated with a first user, analyzing the first electronic message to generate first feature data, determining one or more characteristics of the first user to generate second feature data, inputting, to the at least one model, the first feature data and the second feature data, and receiving, as output of the at least one model, data indicating whether to output, to the first user, a warning regarding the first electronic message.Type: GrantFiled: March 22, 2021Date of Patent: January 2, 2024Assignees: Cisco Technology, Inc., University of Florida Research Foundation, Inc.Inventors: Nikolaos Sapountzis, Fabio R. Maino, Madhuri Kolli, Daniela Alvim Seabra De Oliveira
-
Patent number: 11811557Abstract: Techniques are described for extending a cellular quality of service bearer through an enterprise fabric network. In one example, a method obtaining, by a first switch of a network, a packet to be delivered to a client connected to the network via a cellular access point; identifying quality of service (QoS) bearer information associated with the packet, wherein the QoS bearer information is associated with a radio access bearer for the client and the QoS bearer information comprises a bearer indicator and a QoS class identifier; providing a fabric tunnel encapsulation for the packet, wherein the bearer indicator and the QoS class identifier are included within the fabric tunnel encapsulation of the packet; and forwarding the packet within the fabric tunnel encapsulation toward a second switch of the network via a fabric tunnel, wherein the cellular access point is connected to the network via the second switch.Type: GrantFiled: September 21, 2022Date of Patent: November 7, 2023Assignee: CISCO TECHNOLOGY, INC.Inventors: Srinath Gundavelli, Sangram Kishore Lakkaraju, Alberto Rodriguez Natal, Fabio R. Maino, Timothy Peter Stammers
-
Publication number: 20230328038Abstract: Techniques for using proxies with overprovisioned IP addresses to demultiplex data flows, which may otherwise look the same at L7, into multiple subflows for L3 policy enforcement without having to modify an underlying L3 network. The techniques may include establishing a subflow through a network between a first proxy and a second proxy, the subflow associated with a specific policy. In some examples, the first proxy node may receive an encrypted packet that is to be sent through the network and determine, based at least in part on accessing an encrypted application layer of the packet, a specific application to which the packet is to be sent. The first proxy node may then alter an IP address included in the packet to cause the packet to be sent through the network via the subflow such that the packet is handled according to the specific policy.Type: ApplicationFiled: April 12, 2022Publication date: October 12, 2023Inventors: Alberto Rodriguez-Natal, Lorand Jakab, Fabio R. Maino
-
Publication number: 20230300059Abstract: Techniques for automating traffic optimizations for egress traffic of an application orchestration system that is being sent over a network to a remote service. In examples, the techniques may include receiving, at a controller of the network, an egress traffic definition associated with egress traffic of an application hosted on the application orchestration system, the egress traffic definition indicating that the egress traffic is to be sent to the remote service. Based at least in part on the egress traffic definition, the controller may determine a networking path through the network or outside of the network that is optimized for sending the egress traffic to the remote service. The controller may also cause the egress traffic to be sent to the remote service via the optimized networking path.Type: ApplicationFiled: August 18, 2022Publication date: September 21, 2023Inventors: Alberto Rodriguez Natal, Saswat Praharaj, Lorand Jakab, Fabio R. Maino, Pradeep Kumar Kathail
-
Publication number: 20230116947Abstract: Techniques for providing network traffic security in a virtualized environment are described. A threat aware controller uses a threat feed provided by a threat intelligence service to establish a threat detection engine on virtual switches. The threat aware controller and threat detection engine work together to detect any anomalous or malicious behavior of network traffic on the virtual switch and established virtual network functions to quickly detect, verify, and isolate network threats.Type: ApplicationFiled: December 15, 2022Publication date: April 20, 2023Inventors: Balaji SUNDARARAJAN, Alberto RODRIGUEZ NATAL, Yegappan LAKSHMANAN, Fabio R. MAINO, Anand OSWAL
-
Publication number: 20230069689Abstract: Techniques for using application network requirements and/or telemetry information from a first networking technology to enhance operation of a second networking technology and optimize wide area network traffic are described herein. The techniques may include establishing a communication network for use by applications of a scalable application service platform, the communication network including a first networking technology and a second networking technology. In this way, a request to establish a connection for use by an application may be received by the first networking technology. The request may include an indication of a threshold service level of the connection. In response to the request, the first networking technology may determine whether the second networking technology is capable of hosting the connection.Type: ApplicationFiled: September 2, 2021Publication date: March 2, 2023Inventors: Loránd Jakab, Alberto Rodriguez-Natal, Fabio R. Maino, Timothy James Swanson, John Joyce
-
Patent number: 11582066Abstract: Techniques are described for extending a cellular quality of service bearer through an enterprise fabric network. In one example, a method obtaining, by a first switch of a network, a packet to be delivered to a client connected to the network via a cellular access point; identifying quality of service (QoS) bearer information associated with the packet, wherein the QoS bearer information is associated with a radio access bearer for the client and the QoS bearer information comprises a bearer indicator and a QoS class identifier; providing a fabric tunnel encapsulation for the packet, wherein the bearer indicator and the QoS class identifier are included within the fabric tunnel encapsulation of the packet; and forwarding the packet within the fabric tunnel encapsulation toward a second switch of the network via a fabric tunnel, wherein the cellular access point is connected to the network via the second switch.Type: GrantFiled: December 19, 2019Date of Patent: February 14, 2023Assignee: CISCO TECHNOLOGY, INC.Inventors: Srinath Gundavelli, Sangram Kishore Lakkaraju, Alberto Rodriguez Natal, Fabio R. Maino, Timothy Peter Stammers
-
Publication number: 20230026450Abstract: Techniques are described for extending a cellular quality of service bearer through an enterprise fabric network. In one example, a method obtaining, by a first switch of a network, a packet to be delivered to a client connected to the network via a cellular access point; identifying quality of service (QoS) bearer information associated with the packet, wherein the QoS bearer information is associated with a radio access bearer for the client and the QoS bearer information comprises a bearer indicator and a QoS class identifier; providing a fabric tunnel encapsulation for the packet, wherein the bearer indicator and the QoS class identifier are included within the fabric tunnel encapsulation of the packet; and forwarding the packet within the fabric tunnel encapsulation toward a second switch of the network via a fabric tunnel, wherein the cellular access point is connected to the network via the second switch.Type: ApplicationFiled: September 21, 2022Publication date: January 26, 2023Inventors: Srinath Gundavelli, Sangram Kishore Lakkaraju, Alberto Rodriguez Natal, Fabio R. Maino, Timothy Peter Stammers
-
Patent number: 11558402Abstract: Techniques for providing network traffic security in a virtualized environment are described. A threat aware controller uses a threat feed provided by a threat intelligence service to establish a threat detection engine on virtual switches. The threat aware controller and threat detection engine work together to detect any anomalous or malicious behavior of network traffic on the virtual switch and established virtual network functions to quickly detect, verify, and isolate network threats.Type: GrantFiled: October 28, 2019Date of Patent: January 17, 2023Assignee: Cisco Technology, Inc.Inventors: Balaji Sundararajan, Alberto Rodriguez Natal, Yegappan Lakshmanan, Fabio R. Maino, Anand Oswal
-
Patent number: 11533669Abstract: In one illustrative example, network fabric policy data associated with an application, subscriber, and/or device may be received. Mobile network policy data that corresponds to the received network fabric policy data may be selected, based on stored policy mappings between a set of network fabric policy profiles of a fabric network and a set of mobile network policy profiles of a mobile network. A bearer or Quality of Service (QoS) flow of the mobile network may be established in satisfaction of the selected mobile network policy data. In addition, a packet filter of a traffic flow template (TFT) or a packet detection rule (PDR) may be generated and applied in order to direct IP traffic flows associated with the application to the established bearer or QoS flow for communication in the mobile network.Type: GrantFiled: April 26, 2019Date of Patent: December 20, 2022Assignee: CISCO TECHNOLOGY, INC.Inventors: Fabio R. Maino, Vina Ermagan, Marc Portoles Comeras, John Martin Graybeal, Alberto Rodriguez Natal
-
Publication number: 20220303285Abstract: In one embodiment, a method comprises training at least one model based at least in part on interactions between one or more users and electronic messages sent to addresses associated with the one or more users, receiving a first electronic message sent to a first address associated with a first user, analyzing the first electronic message to generate first feature data, determining one or more characteristics of the first user to generate second feature data, inputting, to the at least one model, the first feature data and the second feature data, and receiving, as output of the at least one model, data indicating whether to output, to the first user, a warning regarding the first electronic message.Type: ApplicationFiled: March 22, 2021Publication date: September 22, 2022Inventors: Nikolaos Sapountzis, Fabio R. Maino, Madhuri Kolli, Daniela Alvim Seabra de Oliveira
-
Publication number: 20220286517Abstract: Techniques for dynamic routing based on application load are described herein. The techniques may include receiving load information associated with resources of an application orchestration system that are allocated to host an application, the resources associated with different geographical regions. Based at least in part on the load information, a network controller may determine that first resources of the application orchestration system are less constrained than second resources of the application orchestration system, the first resources associated with a first geographical region and the second resources associated with a second geographical region. Based at least in part on the first resources being less constrained than the second resources, application traffic may be routed through the network to the application hosted by the first resources in the first geographical region.Type: ApplicationFiled: October 18, 2021Publication date: September 8, 2022Inventors: Steven William Wood, Ding Bai, Ramanathan Lakshmikanthan, Alberto Rodriguez-Natal, Fabio R. Maino
-
Patent number: 11363073Abstract: An ingress network element obtains data from a source endpoint associated with the ingress network element. The data identifies a destination endpoint remote from the ingress network element. The ingress network element provides a map request identifying the destination endpoint to a mapping server. The ingress network element obtains a map reply including a network address of an egress network element associated with the destination endpoint and a security association. The ingress network element encrypts the data for the destination endpoint with the security association according to a cryptographic policy based on the source endpoint, the destination endpoint, and the availability of cryptographic resources on the network. The ingress network element provides the encrypted data to the egress network element.Type: GrantFiled: September 28, 2020Date of Patent: June 14, 2022Assignee: CISCO TECHNOLOGY, INC.Inventors: Fabio R. Maino, Vina Ermagan, Alberto Rodriguez Natal