Patents by Inventor Madhava Rao Cheethirala
Madhava Rao Cheethirala has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Publication number: 20240154970Abstract: An example network access control system includes a memory storing one or more security policies for an enterprise network; and one or more processors coupled to the memory and configured to: receive a request to connect to the enterprise network from a client device of a user, in response to the receipt of the request, determine one or more user attributes associated with the user and one or more endpoint attributes of the client device, identify a security policy of the one or more security policies based on the one or more user attributes and the one or more endpoint attributes, and configure an access control module of a network device of the enterprise network in accordance with the security policy.Type: ApplicationFiled: July 12, 2022Publication date: May 9, 2024Inventors: Madhava Rao Cheethirala, Raja Rao Tadimeti, Praveen Jain, Natarajan Manthiramoorthy
-
Publication number: 20230403272Abstract: A multi-tenant, cloud-hosted Network Access Control (NAC) system may receive an indicator from a Network Access Server (NAS) device to identify the tenant with which the NAS device is associated. The NAS device may put the identifier in the Transport Layer Security (TLS)/Secure Sockets Layer (SSL) extension Server Name Indication (SNI) field. The NAC system may use the identifier to obtain tenant-specific configuration information for setting up a secure tunnel with the NAS device.Type: ApplicationFiled: September 21, 2022Publication date: December 14, 2023Inventors: Madhava Rao Cheethirala, Pavan Kumar Venkata Satish Bharathapudi, Natarajan Manthiramoorthy, Pavan Basetty, Raja Rao Tadimeti, Viacheslav Dementyev
-
Publication number: 20230403305Abstract: Techniques are described for configuration and application of intent-based network access control (NAC) policies for authentication and authorization of multi-tenant, network access server (NAS) devices to access enterprise networks of organizations. A network management system configures intent-based NAC policies for an organization. A cloud-based NAC system may apply an appropriate intent-based NAC policy in response to an authentication request from a NAS device. The NAC system identifies a vendor of the NAS device, matches incoming attributes in the authentication request to a set of normalized match rules of the intent-based NAC policy, and translates a set of abstracted policy results corresponding to the set of normalized match rules into a vendor-specific set of return attributes based on the vendor of the NAS device. The NAC system sends the vendor-specific set of return attributes to the NAS device to enable the NAS device to access the enterprise network of the organization.Type: ApplicationFiled: September 30, 2022Publication date: December 14, 2023Inventors: Viacheslav Dementyev, Kesavan Kazhiyur Mannar, Madhava Rao Cheethirala, Natarajan Manthiramoorthy, Raja Rao Tadimeti
-
Patent number: 11770449Abstract: InfiniBand transport protocol today supports RDMA operations such as read and write with each operation having an opcode defined in the InfiniBand standard. Currently, new RDMA operations require extending the transport protocol by defining a new opcode, its respective header and enhancing InfiniBand implementations to support this new behavior. A more robust way of extending RDMA without requiring an expanding set of opcodes is to register computer code by associating it with a code key similar to a memory key. An InfiniBand channel adapter receiving an RDMA request that includes a code key executes the associated computer code, perhaps compiling it first, in response to receiving the RDMA request. The RDMA response returned to the requester includes an execution result indicating an outcome of executing the executable computer code.Type: GrantFiled: December 30, 2020Date of Patent: September 26, 2023Assignee: PENSANDO SYSTEMS INC.Inventors: Murty Subba Rama Chandra Kotha, Balakrishnan Raman, Harinadh Nagulapalli, Vishwas Danivas, Sanjay Shanbhogue, Raja Rao Tadimeti, Madhava Rao Cheethirala
-
Publication number: 20230291735Abstract: Techniques are described for providing network provisioning by a network management system (NMS) based on fingerprint information determined by a network access control (NAC) system. An example method includes receiving, by the NAC system, a network access request for a client device to access an enterprise network; obtaining, by the NAC system, fingerprint information of the client device associated with the network access request, wherein the fingerprinting information comprises information specifying one or more attributes associated with the client device; authenticating, by the NAC system, the client device to access the enterprise network; sending, by the NAC system and to the NMS, the fingerprint information of the client device; and provisioning, by the NMS, one or more network resources associated with the client device based on the fingerprint information of the client device.Type: ApplicationFiled: June 29, 2022Publication date: September 14, 2023Inventors: Madhava Rao Cheethirala, Raja Rao Tadimeti, Natarajan Manthiramoorthy
-
Publication number: 20220210224Abstract: InfiniBand transport protocol today supports RDMA operations such as read and write with each operation having an opcode defined in the InfiniBand standard. Currently, new RDMA operations require extending the transport protocol by defining a new opcode, its respective header and enhancing InfiniBand implementations to support this new behavior. A more robust way of extending RDMA without requiring an expanding set of opcodes is to register computer code by associating it with a code key similar to a memory key. An InfiniBand channel adapter receiving an RDMA request that includes a code key executes the associated computer code, perhaps compiling it first, in response to receiving the RDMA request. The RDMA response returned to the requester includes an execution result indicating an outcome of executing the executable computer code.Type: ApplicationFiled: December 30, 2020Publication date: June 30, 2022Inventors: Murty Subba Rama Chandra KOTHA, Balakrishnan RAMAN, Harinadh NAGULAPALLI, Vishwas DANIVAS, Sanjay SHANBHOGUE, Raja Rao TADIMETI, Madhava Rao CHEETHIRALA
-
Patent number: 11252088Abstract: A method for managing network congestion is provided. The method comprises: receiving, at a receiver, a packet comprising a timestamp provided by a first clock of a sender; deriving, by the receiver, a latency value based at least in part on the timestamp provided by the first clock and a receipt time provided by a second clock of the receiver; determining a latency change by comparing the latency value with a previous latency value; and determining a state of network congestion based at least in part on the latency change.Type: GrantFiled: August 30, 2018Date of Patent: February 15, 2022Assignee: PENSANDO SYSTEMS INC.Inventors: Raja Rao Tadimeti, Vijay K. Chander, Diego Crupnicoff, Vishal Jain, Madhava Rao Cheethirala
-
Publication number: 20200336426Abstract: A method for managing network congestion is provided. The method comprises: receiving, at a receiver, a packet comprising a timestamp provided by a first clock of a sender; deriving, by the receiver, a latency value based at least in part on the timestamp provided by the first clock and a receipt time provided by a second clock of the receiver; determining a latency change by comparing the latency value with a previous latency value; and determining a state of network congestion based at least in part on the latency change.Type: ApplicationFiled: August 30, 2018Publication date: October 22, 2020Inventors: Raja Rao TADIMETI, Vijay K. CHANDER, Diego CRUPNICOFF, Vishal JAIN, Madhava Rao CHEETHIRALA
-
Patent number: 9742673Abstract: A plurality of line cards with each line card having a respective network forwarding engine and a respective outgoing interface (OIF) list and at least one fabric module communicatively coupled with each line card with each fabric module can have a respective network forwarding engine. The local OIF list can be asymmetrically programmed. The network forwarding engine of a line card can be configured to receive a multicast packet, compare a multicast address associate with the received multicast packet with entries in the local OIF list of the line card and forward the received multicast packet to at least one interface associated with the multicast address in response to the comparison resulting in a match.Type: GrantFiled: September 4, 2014Date of Patent: August 22, 2017Assignee: Cisco Technology, Inc.Inventors: Ayan Banerjee, Srinivasan Ramabadran, Mehak Mahajan, Raghava Sivaramu, Nataraj Bacthu, Raja Rao Tadimeti, Madhava Rao Cheethirala, Ramana Mellacheruvu
-
Patent number: 9444742Abstract: Techniques are provided for mitigating the effects of slow or no drain devices on a fabric. One or more of the described embodiments can be used alone or in combination to address problems associated with inter-switch link blocking and to address the situation where flows which are not associated with slow/no drain devices suffer the negative impacts of slow or no drain devices on a fabric.Type: GrantFiled: September 30, 2013Date of Patent: September 13, 2016Assignee: Cisco Technology, Inc.Inventors: Arpan Rongong, Madhava Rao Cheethirala, Nagasree Ravindra, Pralhad Katti, Ranganathan Rajagopalan, Subrata Banerjee, Venkataraman Swaminathan
-
Publication number: 20150124684Abstract: A plurality of line cards with each line card having a respective network forwarding engine and a respective outgoing interface (OIF) list and at least one fabric module communicatively coupled with each line card with each fabric module can have a respective network forwarding engine. The local OIF list can be asymmetrically programmed. The network forwarding engine of a line card can be configured to receive a multicast packet, compare a multicast address associate with the received multicast packet with entries in the local OIF list of the line card and forward the received multicast packet to at least one interface associated with the multicast address in response to the comparison resulting in a match.Type: ApplicationFiled: September 4, 2014Publication date: May 7, 2015Inventors: Ayan Banerjee, Srinivasan Ramabadran, Mehak Mahajan, Raghava Sivaramu, Nataraj Bacthu, Raja Rao Tadimeti, Madhava Rao Cheethirala, Ramana Mellacheruvu
-
Patent number: 8775580Abstract: Techniques are disclosed for zoning information to be shared with an NPIV proxy device or an NPV device such as a blade switch in a blade chassis. Doing so allows the NPV device to enforce zoning locally for the attached server blades and virtualized systems. The NPV device may learn zoning rules using Fiber Channel name server queries and registered state change notifications. Additionally, the NPV device may snoop name server queries to retrieve zoning information (or state change messages) without using the zoning change protocols and without consuming a Fiber Channel domain from the Fiber Channel fabric.Type: GrantFiled: July 22, 2009Date of Patent: July 8, 2014Assignee: Cisco Technology, Inc.Inventors: Madhava Rao Cheethirala, Subrata Banerjee, Raja Rao Tadimeti
-
Publication number: 20140086054Abstract: Techniques are provided for mitigating the effects of slow or no drain devices on a fabric. One or more of the described embodiments can be used alone or in combination to address problems associated with inter-switch link blocking and to address the situation where flows which are not associated with slow/no drain devices suffer the negative impacts of slow or no drain devices on a fabric.Type: ApplicationFiled: September 30, 2013Publication date: March 27, 2014Applicant: Cisco Technology, Inc.Inventors: Arpan Rongong, Madhava Rao Cheethirala, Nagasree Ravindra, Pralhad Katti, Ranganathan Rajagopalan, Subrata Banerjee, Venkataraman Swaminathan
-
Patent number: 8593965Abstract: Techniques are provided for mitigating the effects of slow or no drain devices on a fabric. One or more of the described embodiments can be used alone or in combination to address problems associated with inter-switch link blocking and to address the situation where flows which are not associated with slow/no drain devices suffer the negative impacts of slow or no drain devices on a fabric.Type: GrantFiled: October 13, 2010Date of Patent: November 26, 2013Assignee: Cisco Technology, Inc.Inventors: Arpan Rongong, Madhava Rao Cheethirala, Nagasree Ravindra, Pralhad Katti, Ranganathan Rajagopalan, Subrata Banerjee, Venkataraman Swaminathan
-
Publication number: 20120014253Abstract: Techniques are provided for mitigating the effects of slow or no drain devices on a fabric. One or more of the described embodiments can be used alone or in combination to address problems associated with inter-switch link blocking and to address the situation where flows which are not associated with slow/no drain devices suffer the negative impacts of slow or no drain devices on a fabric.Type: ApplicationFiled: October 13, 2010Publication date: January 19, 2012Applicant: CISCO TECHNOLOGY, INC.Inventors: Arpan Rongong, Madhava Rao Cheethirala, Nagasree Ravindra, Pralhad Katti, Ranganathan Rajagopalan, Subrata Banerjee, Venkataraman Swaminathan
-
Patent number: 7881325Abstract: A technique is disclosed for managing load balancing operations in a storage area network. A frame is received at a switch in the fibre channel fabric. According to a specific implementation, the frame includes header information including a source device identity and a destination device identity. Zone and/or flow information relating to the identity of the zone/flow which is associated with the frame is identified. Using the identified information, a load balancing mechanism to be used for handling the frame is selected. According to a specific implementation, the selection of the load balancing mechanism is based at least in part upon the identity of the zone and/or flow which is associated with the frame.Type: GrantFiled: April 27, 2005Date of Patent: February 1, 2011Assignee: Cisco Technology, Inc.Inventors: Madhava Rao Cheethirala, Raja Rao Tadimeti
-
Publication number: 20110022693Abstract: Techniques are disclosed for zoning information to be shared with an NPIV proxy device or an NPV device such as a blade switch in a blade chassis. Doing so allows the NPV device to enforce zoning locally for the attached server blades and virtualized systems. The NPV device may learn zoning rules using Fibre Channel name server queries and registered state change notifications. Additionally, the NPV device may snoop name server queries to retrieve zoning information (or state change messages) without using the zoning change protocols and without consuming a Fibre Channel domain from the Fibre Channel fabric.Type: ApplicationFiled: July 22, 2009Publication date: January 27, 2011Inventors: MADHAVA RAO CHEETHIRALA, SUBRATA BANERJEE, RAJA RAO TADIMETI
-
Patent number: 7656812Abstract: A method of monitoring network traffic in a fabric and a Fibre Channel network are provided. The method includes: transmitting a monitoring configuration message to a plurality of fabric elements in a Fibre Channel network, said monitoring configuration message including classification criteria identifying packets to be monitored; receiving copies of identified packets from the plurality of fabric elements; and analyzing the copies of identified packets to determine data transmission status in the Fibre Channel network.Type: GrantFiled: July 27, 2006Date of Patent: February 2, 2010Assignee: Cisco Technology, Inc.Inventors: Raja Rao Tadimeti, Madhava Rao Cheethirala
-
Patent number: 7647434Abstract: A technique is disclosed for managing in-order-delivery of data traffic in a storage area network which includes at least one host device adapted to communicate with at least one storage device via a fiber channel fabric. When a change in at least one route in the fiber channel fabric is detected, a first zone, flow and/or device in the network which is affected by the route change is identified, and frames associated with the first zone/flow/device are temporarily dropped for a temporary time period T. In one embodiment, the first zone/flow/device includes at least one device which is sensitive to the order in which data traffic is received. According to a specific implementation, a second zone/flow/device in the network which is affected by the route change, and which is not sensitive to the order in which data traffic is received may also be identified, and frames associated with the second zone/flow/device forwarded to their destination address during the temporary time period T.Type: GrantFiled: May 19, 2005Date of Patent: January 12, 2010Assignee: Cisco Technology, Inc.Inventors: Madhava Rao Cheethirala, Raja Rao Tadimeti
-
Patent number: 7644179Abstract: Disclosed are apparatus and methods for facilitating communication between two devices from two different VSANs by propagating each device's presence from a first VSAN to the other device's different VSAN using a network address translation (NAT) mechanism. For instance, a first device, such as a host H1, from VSAN_A is allowed to access data from a second device, such as disk D1, of VSAN_B by propagating D1's presence into VSAN_A and H1's presence into VSAN_B. This awareness is accomplished by propagating an identifier for each device into the edge VSAN of the other device, as well as into any transit VSAN. So as to not duplicate identifiers in any one of the VSANs, a device's presence is propagated into a particular VSAN by assigning an unused domain for use by such device in the particular VSAN.Type: GrantFiled: December 1, 2005Date of Patent: January 5, 2010Assignee: Cisco Technology, Inc.Inventors: Ankur Jain, Thomas J. Edsall, Subrata Banerjee, Vinay Gaonkar, Madhava Rao Cheethirala, Badrinarayanan Ramaswamy