Patents by Inventor Gaetano Borgione
Gaetano Borgione has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11863352Abstract: Some embodiments of the invention provide a novel network architecture for deploying guest clusters (GCs) including workload machines for a tenant (or other entity) within an availability zone. The novel network architecture includes a virtual private cloud (VPC) deployed in the availability zone (AZ) that includes a centralized routing element that provides access to a gateway routing element of the AZ. In some embodiments, the centralized routing element provides a set of services for packets traversing a boundary of the VPC. The services, in some embodiments, include load balancing, firewall, quality of service (QoS) and may be stateful or stateless. Guest clusters are deployed within the VPC and use the centralized routing element of the VPC to access the gateway routing element of the AZ.Type: GrantFiled: February 25, 2021Date of Patent: January 2, 2024Assignee: VMWARE, INC.Inventors: Jianjun Shen, Mark Johnson, Gaetano Borgione, Benjamin John Corrie, Derek Beard, Zach James Shepherd, Vinay Reddy
-
Publication number: 20220038311Abstract: Some embodiments of the invention provide a novel network architecture for deploying guest clusters (GCs) including workload machines for a tenant (or other entity) within an availability zone. The novel network architecture includes a virtual private cloud (VPC) deployed in the availability zone (AZ) that includes a centralized routing element that provides access to a gateway routing element of the AZ. In some embodiments, the centralized routing element provides a set of services for packets traversing a boundary of the VPC. The services, in some embodiments, include load balancing, firewall, quality of service (QoS) and may be stateful or stateless. Guest clusters are deployed within the VPC and use the centralized routing element of the VPC to access the gateway routing element of the AZ.Type: ApplicationFiled: February 25, 2021Publication date: February 3, 2022Inventors: Jianjun Shen, Mark Johnson, Gaetano Borgione, Benjamin John Corrie, Derek Beard, Zach James Shepherd, Vinay Reddy
-
Patent number: 10461999Abstract: Example methods and systems for managing interconnection of virtual network functions are disclosed. Example methods disclosed herein include, in response to a trigger event indicating detection of an interface, obtaining a virtual network domain template corresponding to a virtual network domain to be configured, the virtual network domain template identifying one or more virtual network functions and one or more interfaces, at least some of the virtual network functions being connected together through one or more links. Disclosed example methods further include configuring and provisioning the virtual network domain to contain the interface using the virtual network domain template and properties of the interface to enable the interface to send information in the virtual network domain.Type: GrantFiled: September 18, 2017Date of Patent: October 29, 2019Assignee: Nicira, Inc.Inventors: Brenden Blanco, Sushil Singh, Gaetano Borgione, Alexei Starovoitov, Pere Monclus
-
Publication number: 20180004577Abstract: A method and apparatus is disclosed herein for use of a connectivity manager and a network infrastructure including the same. In one embodiment, the network infrastructure comprises one or more physical devices communicably coupled into a physical network infrastructure or via the overlay provided by the physical servers; and a virtual network domain containing a virtual network infrastructure executing on the physical network infrastructure. In one embodiment, the virtual network domain comprises one or more virtual network functions connected together through one or more links and executing on the one or more physical devices, and one or more interfaces coupled to one or more network functions via one or more links to communicate data between the virtual network domain and at least one of the one or more physical devices of the physical network infrastructure while the virtual network domain is isolated from other virtual infrastructures executing on the physical network infrastructure.Type: ApplicationFiled: September 18, 2017Publication date: January 4, 2018Inventors: Brenden Blanco, Sushil Singh, Gaetano Borgione, Alexei Starovoitov, Pere Monclus
-
Patent number: 9766943Abstract: A method and apparatus is disclosed herein for use of a connectivity manager and a network infrastructure including the same. In one embodiment, the network infrastructure comprises one or more physical devices communicably coupled into a physical network infrastructure or via the overlay provided by the physical servers; and a virtual network domain containing a virtual network infrastructure executing on the physical network infrastructure. In one embodiment, the virtual network domain comprises one or more virtual network functions connected together through one or more links and executing on the one or more physical devices, and one or more interfaces coupled to one or more network functions via one or more links to communicate data between the virtual network domain and at least one of the one or more physical devices of the physical network infrastructure while the virtual network domain is isolated from other virtual infrastructures executing on the physical network infrastructure.Type: GrantFiled: April 15, 2014Date of Patent: September 19, 2017Assignee: Nicira, Inc.Inventors: Brenden Blanco, Sushil Singh, Gaetano Borgione, Alexei Starovaitov, Pere Monclus
-
Publication number: 20150295750Abstract: A method and apparatus is disclosed herein for use of a connectivity manager and a network infrastructure including the same. In one embodiment, the network infrastructure comprises one or more physical devices communicably coupled into a physical network infrastructure or via the overlay provided by the physical servers; and a virtual network domain containing a virtual network infrastructure executing on the physical network infrastructure. In one embodiment, the virtual network domain comprises one or more virtual network functions connected together through one or more links and executing on the one or more physical devices, and one or more interfaces coupled to one or more network functions via one or more links to communicate data between the virtual network domain and at least one of the one or more physical devices of the physical network infrastructure while the virtual network domain is isolated from other virtual infrastructures executing on the physical network infrastructure.Type: ApplicationFiled: April 15, 2014Publication date: October 15, 2015Inventors: Brenden Blanco, Sushil Singh, Gaetano Borgione, Alexei Starovoitov, Pere Monclus
-
Patent number: 8902908Abstract: Disclosed are, inter alia, methods, apparatus, data structures, computer-readable media, mechanisms, and means for supporting a large number of virtual local area networks (VLANS) in a bridged network. Packets are received that include 802.1Q Virtual Local Area Network (VLAN) identifiers (VIDs). However, rather than accessing the VLAN forwarding information directly based on the VID as conventionally performed, the VLAN forwarding information to use for a particular packet is determined based on an interface (e.g., virtual or physical interface, port, MPLS label, GRE tunnel or other abstraction of the interface). In other words, the interface associated with the packet identifies a context for determining the VLAN forwarding information based on the VID included in the packet. Therefore, network bridging devices can support more VLANs than that imposed by the 4096 possible values of a VID.Type: GrantFiled: May 2, 2006Date of Patent: December 2, 2014Assignee: Cisco Technology, Inc.Inventors: Michael R. Smith, Gyaneshwar S. Saharia, Gaetano Borgione, Atul Rawat
-
Patent number: 8155125Abstract: A method, system, and apparatus to transmit replicated multicast packets over a plurality of physical network links that are combined into one logical channel or link so that the replicated multicast packets are distributed over more than one network link is disclosed. It is further disclosed that distribution over the network links is accomplished, in part, through analyzing the multicast packet for information other than ethernet addresses. Such information can include a tag header including destination interface information.Type: GrantFiled: September 17, 2004Date of Patent: April 10, 2012Assignee: Cisco Technology, Inc.Inventors: Gaetano Borgione, Kevin C. Wong, David S. Walker, Chickayya Naik
-
Patent number: 8018845Abstract: Out-of-profile rate-limited traffic is sampled to provide data for analysis, such as for, but not limited to, identifying a threat condition such as a denial-of-service or other malicious attack, or a non-malicious attack such as an error in configuration. A rate limiter including at least three states is typically used, with one of these states being an out-of-profile sampling state wherein the packet traffic is sampled to identify one or more sampled packets on which analysis can be performed, with defensive action possibly taken in response to the analysis.Type: GrantFiled: January 25, 2006Date of Patent: September 13, 2011Assignee: Cisco Technology, IncInventors: Natale Ruello, Farrukh Reza Naqvi, Anusankar Elangovan, Gaetano Borgione, Suran De Silva
-
Patent number: 7599367Abstract: A mechanism for a network device to constrain multicast flooding of out-of-profile multicast frames is provided by defining a multicast flood domain that includes a subset of ports that are members of the broadcast domain. Such a multicast flood domain can be user configured or dynamically configured to include device ports that are coupled to network elements that should receive such out-of-profile multicast transmissions and exclude network elements that should not receive such multicast transmissions. In one embodiment of the present invention, such capability is provided by incorporating into a network device a mechanism for performing a multicast flood domain lookup of an address table in the event that an out-of-profile multicast frame is received.Type: GrantFiled: October 25, 2005Date of Patent: October 6, 2009Assignee: Cisco Technology, Inc.Inventors: Chandramouli Radhakrishnan, Gaetano Borgione, Karthikeyan Gurusamy
-
Patent number: 7586895Abstract: A method, system, and computer program product are presented to optimize OSI Level 2 switch forwarding of frames comprising IP addresses, 802.1 QinQ VLAN identifiers, multi-protocol label switching labels, and any other usable information meaningful to derive an L2 forwarding result on frames. In one embodiment, a 16-bit key is included as a prefix to a 48-bit OSI Level 2 address entry, thereby allowing the inclusion of a 32-bit OSI Level 3 address in the lookup table (e.g., a complete IP version 4 address). Implementations of such a solution are presented to resolve address aliasing issues experienced with multicast group destination addresses, including single source multicast. Solutions to optimizing forwarding of frames in an IEEE 802.1 QinQ environment are also presented. A result of these implementations can be reduction of the amount of unnecessary network traffic generated by a network switch incorporating such an OSI Level 2 address lookup table.Type: GrantFiled: April 1, 2005Date of Patent: September 8, 2009Assignee: Cisco Technology, Inc.Inventor: Gaetano Borgione
-
Publication number: 20070258446Abstract: Disclosed are, inter alia, methods, apparatus, data structures, computer-readable media, mechanisms, and means for supporting a large number of virtual local area networks (VLANS) in a bridged network. Packets are received that include 802.1Q Virtual Local Area Network (VLAN) identifiers (VIDs). However, rather than accessing the VLAN forwarding information directly based on the VID as conventionally performed, the VLAN forwarding information to use for a particular packet is determined based on an interface (e.g., virtual or physical interface, port, MPLS label, GRE tunnel or other abstraction of the interface). In other words, the interface associated with the packet identifies a context for determining the VLAN forwarding information based on the VID included in the packet. Therefore, network bridging devices can support more VLANs than that imposed by the 4096 possible values of a VID.Type: ApplicationFiled: May 2, 2006Publication date: November 8, 2007Applicant: CISCO TECHNOLOGY, INC., A CALIFORNIA CORPORATIONInventors: Michael Smith, Gyaneshwar Saharia, Gaetano Borgione, Atul Rawat
-
Publication number: 20070171824Abstract: Out-of-profile rate-limited traffic is sampled to provide data for analysis, such as for, but not limited to, identifying a threat condition such as a denial-of-service or other malicious attack, or a non-malicious attack such as an error in configuration. A rate limiter including at least three states is typically used, with one of these states being an out-of-profile sampling state wherein the packet traffic is sampled to identify one or more sampled packets on which analysis can be performed, with defensive action possibly taken in response to the analysis.Type: ApplicationFiled: January 25, 2006Publication date: July 26, 2007Applicant: CISCO TECHNOLOGY, INC. A CALIFORNIA CORPORATIONInventors: Natale Ruello, Farrukh Naqvi, Anusankar Elangovan, Gaetano Borgione, Suran De Silva
-
Publication number: 20070091890Abstract: A mechanism for a network device to constrain multicast flooding of out-of-profile multicast frames is provided by defining a multicast flood domain that includes a subset of ports that are members of the broadcast domain. Such a multicast flood domain can be user configured or dynamically configured to include device ports that are coupled to network elements that should receive such out-of-profile multicast transmissions and exclude network elements that should not receive such multicast transmissions. In one embodiment of the present invention, such capability is provided by incorporating into a network device a mechanism for performing a multicast flood domain lookup of an address table in the event that an out-of-profile multicast frame is received.Type: ApplicationFiled: October 25, 2005Publication date: April 26, 2007Inventors: Chandramouli Radhakrishnan, Gaetano Borgione, Karthikeyan Gurusamy
-
Publication number: 20060221960Abstract: A method, system, and computer program product are presented to optimize OSI Level 2 switch forwarding of frames comprising IP addresses, 802.1 QinQ VLAN identifiers, multi-protocol label switching labels, and any other usable information meaningful to derive an L2 forwarding result on frames. In one embodiment, a 16-bit key is included as a prefix to a 48-bit OSI Level 2 address entry, thereby allowing the inclusion of a 32-bit OSI Level 3 address in the lookup table (e.g., a complete IP version 4 address). Implementations of such a solution are presented to resolve address aliasing issues experienced with multicast group destination addresses, including single source multicast. Solutions to optimizing forwarding of frames in an IEEE 802.1 QinQ environment are also presented. A result of these implementations can be reduction of the amount of unnecessary network traffic generated by a network switch incorporating such an OSI Level 2 address lookup table.Type: ApplicationFiled: April 1, 2005Publication date: October 5, 2006Inventor: Gaetano Borgione