Patents by Inventor Kent Leung
Kent Leung has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11777845Abstract: An extended service-function chain (SFC) proxy is hosted on a network node and connected to a service path formed by one or more network nodes hosting a chain of service-functions applied to packets traversing the service path. The packets each include a service header having a service path identifier and a service index. A packet of a traffic flow destined for a service-function is received from the service path and sent to the service-function. An indication to offload the traffic flow is received from the service-function. The indication is stored in a flow table having entries each identifying a respective traffic flow. A subsequent packet of the traffic flow is received from the service path. The flow table is searched for the indication to offload the traffic flow. Upon finding the indication, the service-function is bypassed, and the subsequent packet is forwarded along the service path.Type: GrantFiled: December 28, 2022Date of Patent: October 3, 2023Assignee: CISCO TECHNOLOGY, INC.Inventors: Kent Leung, Jianxin Wang
-
Publication number: 20230171185Abstract: An extended service-function chain (SFC) proxy is hosted on a network node and connected to a service path formed by one or more network nodes hosting a chain of service-functions applied to packets traversing the service path. The packets each include a service header having a service path identifier and a service index. A packet of a traffic flow destined for a service-function is received from the service path and sent to the service-function. An indication to offload the traffic flow is received from the service-function. The indication is stored in a flow table having entries each identifying a respective traffic flow. A subsequent packet of the traffic flow is received from the service path. The flow table is searched for the indication to offload the traffic flow. Upon finding the indication, the service-function is bypassed, and the subsequent packet is forwarded along the service path.Type: ApplicationFiled: December 28, 2022Publication date: June 1, 2023Inventors: Kent Leung, Jianxin Wang
-
Patent number: 11570091Abstract: An extended service-function chain (SFC) proxy is hosted on a network node and connected to a service path formed by one or more network nodes hosting a chain of service-functions applied to packets traversing the service path. The packets each include a service header having a service path identifier and a service index. A packet of a traffic flow destined for a service-function is received from the service path and sent to the service-function. An indication to offload the traffic flow is received from the service-function. The indication is stored in a flow table having entries each identifying a respective traffic flow. A subsequent packet of the traffic flow is received from the service path. The flow table is searched for the indication to offload the traffic flow. Upon finding the indication, the service-function is bypassed, and the subsequent packet is forwarded along the service path.Type: GrantFiled: December 22, 2020Date of Patent: January 31, 2023Assignee: CISCO TECHNOLOGY, INC.Inventors: Kent Leung, Jianxin Wang
-
Patent number: 11159481Abstract: A method is performed by a master network device among network devices of a cluster. The master network device receives cluster configuration information including a set of Internet Protocol (IP) addresses and a pool of port blocks associated with the IP addresses. Each port block includes multiple ports, and the pool of the port blocks is to be shared across the network devices for port address translation. The master network device divides the port blocks in the pool into multiple buckets. The master network device allocates to each network device in the cluster a corresponding one of the buckets, and reserves each bucket that is not allocated for allocation to a potential new network device. When a new network device joins the cluster, the master network device allocates to the new network device the port blocks from a corresponding one of the reserved buckets.Type: GrantFiled: May 28, 2020Date of Patent: October 26, 2021Assignee: CISCO TECHNOLOGY, INC.Inventors: Andrew E. Ossipov, Kent Leung, Zhijun Liu
-
Publication number: 20210111993Abstract: An extended service-function chain (SFC) proxy is hosted on a network node and connected to a service path formed by one or more network nodes hosting a chain of service-functions applied to packets traversing the service path. The packets each include a service header having a service path identifier and a service index. A packet of a traffic flow destined for a service-function is received from the service path and sent to the service-function. An indication to offload the traffic flow is received from the service-function. The indication is stored in a flow table having entries each identifying a respective traffic flow. A subsequent packet of the traffic flow is received from the service path. The flow table is searched for the indication to offload the traffic flow. Upon finding the indication, the service-function is bypassed, and the subsequent packet is forwarded along the service path.Type: ApplicationFiled: December 22, 2020Publication date: April 15, 2021Inventors: Kent Leung, Jianxin Wang
-
Patent number: 10938728Abstract: A method is provided including obtaining at a newly added flow mapper node of a plurality of flow mapper nodes, from a first flow locator node of a plurality of flow locator nodes, a flow owner lookup request for flow state information that includes identification of a particular flow locator that is to handle processing of a packet flow. The newly added flow mapper node determines whether it has stored flow state information. When the newly added flow mapper node does not have stored flow state information, the newly added flow mapper node identifies a particular flow mapper node of the plurality of flow mapper nodes which has stored flow state information for the particular packet flow and services the flow owner lookup request using flow state information stored by the particular flow mapper node.Type: GrantFiled: July 24, 2019Date of Patent: March 2, 2021Assignee: Cisco Technology, Inc.Inventors: Kent Leung, Zhijun Liu, Andrew E. Ossipov
-
Patent number: 10931571Abstract: An extended service-function chain (SFC) proxy is hosted on a network node and connected to a service path formed by one or more network nodes hosting a chain of service-functions applied to packets traversing the service path. The packets each include a service header having a service path identifier and a service index. A packet of a traffic flow destined for a service-function is received from the service path and sent to the service-function. An indication to offload the traffic flow is received from the service-function. The indication is stored in a flow table having entries each identifying a respective traffic flow. A subsequent packet of the traffic flow is received from the service path. The flow table is searched for the indication to offload the traffic flow. Upon finding the indication, the service-function is bypassed, and the subsequent packet is forwarded along the service path.Type: GrantFiled: September 23, 2019Date of Patent: February 23, 2021Assignee: Cisco Technology, Inc.Inventors: Kent Leung, Jianxin Wang
-
Publication number: 20210029047Abstract: A method is provided including obtaining at a newly added flow mapper node of a plurality of flow mapper nodes, from a first flow locator node of a plurality of flow locator nodes, a flow owner lookup request for flow state information that includes identification of a particular flow locator that is to handle processing of a packet flow. The newly added flow mapper node determines whether it has stored flow state information. When the newly added flow mapper node does not have stored flow state information, the newly added flow mapper node identifies a particular flow mapper node of the plurality of flow mapper nodes which has stored flow state information for the particular packet flow and services the flow owner lookup request using flow state information stored by the particular flow mapper node.Type: ApplicationFiled: July 24, 2019Publication date: January 28, 2021Inventors: Kent Leung, Zhijun Liu, Andrew E. Ossipov
-
Publication number: 20200296075Abstract: A method is performed by a master network device among network devices of a cluster. The master network device receives cluster configuration information including a set of Internet Protocol (IP) addresses and a pool of port blocks associated with the IP addresses. Each port block includes multiple ports, and the pool of the port blocks is to be shared across the network devices for port address translation. The master network device divides the port blocks in the pool into multiple buckets. The master network device allocates to each network device in the cluster a corresponding one of the buckets, and reserves each bucket that is not allocated for allocation to a potential new network device. When a new network device joins the cluster, the master network device allocates to the new network device the port blocks from a corresponding one of the reserved buckets.Type: ApplicationFiled: May 28, 2020Publication date: September 17, 2020Inventors: Andrew E. Ossipov, Kent Leung, Zhijun Liu
-
Patent number: 10715486Abstract: A method is performed by a master network device among network devices of a cluster. The master network device receives cluster configuration information including a set of Internet Protocol (IP) addresses and a pool of port blocks associated with the IP addresses. Each port block includes multiple ports, and the pool of the port blocks is to be shared across and used by the network devices for port address translation on network connections with the network devices. The master network device divides the port blocks in the pool into multiple buckets. The master network device first allocates to each network device in the cluster a corresponding one of the buckets, and reserves each bucket that is not allocated for allocation to a potential new network device. When a new network device joins the cluster, the master network device second allocates to the new network device the port blocks from a corresponding one of the reserved buckets.Type: GrantFiled: February 7, 2018Date of Patent: July 14, 2020Assignee: Cisco Technology, Inc.Inventors: Andrew E. Ossipov, Kent Leung, Zhijun Liu
-
Publication number: 20200021520Abstract: An extended service-function chain (SFC) proxy is hosted on a network node and connected to a service path formed by one or more network nodes hosting a chain of service-functions applied to packets traversing the service path. The packets each include a service header having a service path identifier and a service index. A packet of a traffic flow destined for a service-function is received from the service path and sent to the service-function. An indication to offload the traffic flow is received from the service-function. The indication is stored in a flow table having entries each identifying a respective traffic flow. A subsequent packet of the traffic flow is received from the service path. The flow table is searched for the indication to offload the traffic flow. Upon finding the indication, the service-function is bypassed, and the subsequent packet is forwarded along the service path.Type: ApplicationFiled: September 23, 2019Publication date: January 16, 2020Inventors: Kent Leung, Jianxin Wang
-
Patent number: 10462047Abstract: An extended service-function chain (SFC) proxy is hosted on a network node and connected to a service path formed by one or more network nodes hosting a chain of service-functions applied to packets traversing the service path. The packets each include a service header having a service path identifier and a service index. A packet of a traffic flow destined for a service-function is received from the service path and sent to the service-function. An indication to offload the traffic flow is received from the service-function. The indication is stored in a flow table having entries each identifying a respective traffic flow. A subsequent packet of the traffic flow is received from the service path. The flow table is searched for the indication to offload the traffic flow. Upon finding the indication, the service-function is bypassed, and the subsequent packet is forwarded along the service path.Type: GrantFiled: April 10, 2017Date of Patent: October 29, 2019Assignee: Cisco Technology, Inc.Inventors: Kent Leung, Jianxin Wang
-
Publication number: 20190245828Abstract: A method is performed by a master network device among network devices of a cluster. The master network device receives cluster configuration information including a set of Internet Protocol (IP) addresses and a pool of port blocks associated with the IP addresses. Each port block includes multiple ports, and the pool of the port blocks is to be shared across and used by the network devices for port address translation on network connections with the network devices. The master network device divides the port blocks in the pool into multiple buckets. The master network device first allocates to each network device in the cluster a corresponding one of the buckets, and reserves each bucket that is not allocated for allocation to a potential new network device. When a new network device joins the cluster, the master network device second allocates to the new network device the port blocks from a corresponding one of the reserved buckets.Type: ApplicationFiled: February 7, 2018Publication date: August 8, 2019Inventors: Andrew E. Ossipov, Kent Leung, Zhijun Liu
-
Publication number: 20180295053Abstract: An extended service-function chain (SFC) proxy is hosted on a network node and connected to a service path formed by one or more network nodes hosting a chain of service-functions applied to packets traversing the service path. The packets each include a service header having a service path identifier and a service index. A packet of a traffic flow destined for a service-function is received from the service path and sent to the service-function. An indication to offload the traffic flow is received from the service-function. The indication is stored in a flow table having entries each identifying a respective traffic flow. A subsequent packet of the traffic flow is received from the service path. The flow table is searched for the indication to offload the traffic flow. Upon finding the indication, the service-function is bypassed, and the subsequent packet is forwarded along the service path.Type: ApplicationFiled: April 10, 2017Publication date: October 11, 2018Inventors: Kent Leung, Jianxin Wang
-
Patent number: 9955344Abstract: The disclosed embodiments support mobility internal and external to enterprise networks. Service providers provide mobility by providing Home Agent functionality corresponding to each Enterprise network. In this manner, mobility may be provided to Mobile Nodes both internal and external to their enterprise networks. Moreover, data packets may be transmitted by Mobile Nodes to Correspondent Nodes, whether they are within their enterprise network, the Service Provider network, or the Internet.Type: GrantFiled: July 16, 2015Date of Patent: April 24, 2018Assignee: CISCO TECHNOLOGY, INC.Inventors: Kent Leung, Alpesh Patel, Naveen Paulkandasamy, Stefan Raab
-
Patent number: 9860209Abstract: A method operable in a security device cluster having a plurality of security devices each configured to receive respective data flows. The method includes receiving a first segment of a flow at a first security device of the plurality of security devices, sending the first segment of the flow toward a destination node without the first security device of the plurality of security devices asserting ownership over the flow, receiving, from the destination node, a second segment of the flow at a second security device of the plurality of security devices, the second segment of the flow being responsive to the first segment, asserting, by the second security device of the plurality of security devices, ownership over the flow, and forwarding, from the first security device, packets of the flow subsequently received by the first security device to the second security device.Type: GrantFiled: May 12, 2015Date of Patent: January 2, 2018Assignee: Cisco Technology, Inc.Inventors: Kevin A. Buchanan, Andrew E. Ossipov, Kent Leung, Xun Wang, Zhijun Liu, Weiwei Kang
-
Publication number: 20160337312Abstract: A method operable in a security device cluster having a plurality of security devices each configured to receive respective data flows. The method includes receiving a first segment of a flow at a first security device of the plurality of security devices, sending the first segment of the flow toward a destination node without the first security device of the plurality of security devices asserting ownership over the flow, receiving, from the destination node, a second segment of the flow at a second security device of the plurality of security devices, the second segment of the flow being responsive to the first segment, asserting, by the second security device of the plurality of security devices, ownership over the flow, and forwarding, from the first security device, packets of the flow subsequently received by the first security device to the second security device.Type: ApplicationFiled: May 12, 2015Publication date: November 17, 2016Inventors: Kevin A. Buchanan, Andrew E. Ossipov, Kent Leung, Xun Wang, Zhijun Liu, Weiwei Kang
-
Patent number: 9426262Abstract: Techniques are presented herein for optimizing network traffic exchanged between devices in a network. A firewall device in a network detects a firewall failure event. In response to detecting the firewall failure event, the firewall device changes from a standby state to an active state in managing a network connection between a source device and a destination device in the network. The firewall device generates a synchronization message and sends the synchronization message to the destination device. The firewall device receives from the destination device a response message that includes synchronization information.Type: GrantFiled: April 7, 2014Date of Patent: August 23, 2016Assignee: Cisco Technology, Inc.Inventors: Andrew E. Ossipov, Kent Leung
-
Patent number: 9203753Abstract: Techniques are presented herein for optimizing and load balancing network traffic exchanged between devices in a network environment. At a first device in a cluster of devices in a network, a packet is received from a second device in the cluster. The packet comprises identifier information that is assigned to the first device. The identifier information is reassigned to the second device in the cluster such that subsequent packets with the identifier information are sent directly to the second device. A mapping table is updated to indicate that the identifier information is reassigned to the second device.Type: GrantFiled: November 25, 2013Date of Patent: December 1, 2015Assignee: Cisco Technology, Inc.Inventors: Kent Leung, Hy Quoc Pham, Jayaraman Iyer, Xun Wang, Andrew E. Ossipov
-
Publication number: 20150327058Abstract: The disclosed embodiments support mobility internal and external to enterprise networks. Service providers provide mobility by providing Home Agent functionality corresponding to each Enterprise network. In this manner, mobility may be provided to Mobile Nodes both internal and external to their enterprise networks. Moreover, data packets may be transmitted by Mobile Nodes to Correspondent Nodes, whether they are within their enterprise network, the Service Provider network, or the Internet.Type: ApplicationFiled: July 16, 2015Publication date: November 12, 2015Inventors: Kent Leung, Alpesh Patel, Naveen Paulkandasamy, Stefan Raab