Patents by Inventor Natarajan Manthiramoorthy
Natarajan Manthiramoorthy has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Publication number: 20230403272Abstract: A multi-tenant, cloud-hosted Network Access Control (NAC) system may receive an indicator from a Network Access Server (NAS) device to identify the tenant with which the NAS device is associated. The NAS device may put the identifier in the Transport Layer Security (TLS)/Secure Sockets Layer (SSL) extension Server Name Indication (SNI) field. The NAC system may use the identifier to obtain tenant-specific configuration information for setting up a secure tunnel with the NAS device.Type: ApplicationFiled: September 21, 2022Publication date: December 14, 2023Inventors: Madhava Rao Cheethirala, Pavan Kumar Venkata Satish Bharathapudi, Natarajan Manthiramoorthy, Pavan Basetty, Raja Rao Tadimeti, Viacheslav Dementyev
-
Publication number: 20230403305Abstract: Techniques are described for configuration and application of intent-based network access control (NAC) policies for authentication and authorization of multi-tenant, network access server (NAS) devices to access enterprise networks of organizations. A network management system configures intent-based NAC policies for an organization. A cloud-based NAC system may apply an appropriate intent-based NAC policy in response to an authentication request from a NAS device. The NAC system identifies a vendor of the NAS device, matches incoming attributes in the authentication request to a set of normalized match rules of the intent-based NAC policy, and translates a set of abstracted policy results corresponding to the set of normalized match rules into a vendor-specific set of return attributes based on the vendor of the NAS device. The NAC system sends the vendor-specific set of return attributes to the NAS device to enable the NAS device to access the enterprise network of the organization.Type: ApplicationFiled: September 30, 2022Publication date: December 14, 2023Inventors: Viacheslav Dementyev, Kesavan Kazhiyur Mannar, Madhava Rao Cheethirala, Natarajan Manthiramoorthy, Raja Rao Tadimeti
-
Publication number: 20230291735Abstract: Techniques are described for providing network provisioning by a network management system (NMS) based on fingerprint information determined by a network access control (NAC) system. An example method includes receiving, by the NAC system, a network access request for a client device to access an enterprise network; obtaining, by the NAC system, fingerprint information of the client device associated with the network access request, wherein the fingerprinting information comprises information specifying one or more attributes associated with the client device; authenticating, by the NAC system, the client device to access the enterprise network; sending, by the NAC system and to the NMS, the fingerprint information of the client device; and provisioning, by the NMS, one or more network resources associated with the client device based on the fingerprint information of the client device.Type: ApplicationFiled: June 29, 2022Publication date: September 14, 2023Inventors: Madhava Rao Cheethirala, Raja Rao Tadimeti, Natarajan Manthiramoorthy
-
Patent number: 10951531Abstract: Aspects of the present disclosure are directed to dynamically adjusting control plane policing throughput of low (or lower) priority control plane traffic to permit higher throughput. The drop rate for low or lower priority control plane traffic can be determined to be above a threshold value. The processor utilization can be determined to be operating under normal utilization (or at a utilization within a threshold utilization value). The control plane policing for control plane traffic for the low or lower class of service can be increased (or decreased) to permit lower class of service control traffic to be transmitted using higher class of service resources without adjusting the priority levels for the lower class of service control traffic.Type: GrantFiled: December 10, 2018Date of Patent: March 16, 2021Assignee: CISCO TECHNOLOGY, INC.Inventors: Anand Kumar Singh, Venkatesh Srinivasan, Swaminathan Narayanan, Anulekha Chodey, Ambrish Niranjan Mehta, Natarajan Manthiramoorthy
-
Patent number: 10516598Abstract: Systems, methods, and non-transitory computer-readable storage media for detecting network loops. In some embodiments, a system can identify a network path having multiple hops associated with respective nodes which are configured in a forwarding mode. The system can traverse the network path to identify, for each node from the respective nodes, a respective next hop. Based on the respective next hop for each node, the system can determine whether two or more nodes from the respective nodes have a same respective next hop. When the two or more nodes have the same respective next hop, the system can determine that the network path has a network loop.Type: GrantFiled: August 9, 2016Date of Patent: December 24, 2019Assignee: CISCO TECHNOLOGY, INC.Inventors: Natarajan Manthiramoorthy, Venkatesh Srinivasan, Swaminathan Narayanan, Ambrish Niranjan Mehta, Anand Kumar Singh, Anulekha Chodey
-
Patent number: 10516600Abstract: Systems, methods, and non-transitory computer-readable storage media for detecting network loops. In some embodiments, a system can identify a port that is in a blocking state. The blocking state can be for dropping one or more types of packets and preventing the port from forwarding the one or more types of packets. The system can determine a number of packets transmitted through the port by a hardware layer on the system and a number of control packets transmitted through the port by a software layer on the system. The system can determine whether the number of packets is greater than the number of control packets. When the number of packets is greater than the number of control packets, the system can determine that the blocking state has failed to prevent the port from forwarding the one or more types of packets.Type: GrantFiled: September 19, 2018Date of Patent: December 24, 2019Assignee: CISCO TECHNOLOGY, INC.Inventors: Natarajan Manthiramoorthy, Venkatesh Srinivasan, Swaminathan Narayanan, Ambrish Niranjan Mehta, Anand Kumar Singh, Anulekha Chodey
-
Patent number: 10491508Abstract: Systems, methods, and computer-readable storage media for detecting network loops. A system can identify, for each virtual tunnel endpoint (VTEP) from multiple VTEPs in a network, respective media access control address data including the respective local interface media access control addresses of the respective VTEP and respective media access control addresses learned by the respective VTEP. The system can determine whether the VTEPs are running spanning tree protocol (STP), and whether a media access control address learned by a first VTEP matches a respective local interface media access control address of a second VTEP. The system can detect a loop when the media access control address learned by the first VTEP matches the respective local interface media access control address of the second VTEP. The system can also detect a loop when the VTEPs are running STP and the first and second VTEPs see the same STP root bridge.Type: GrantFiled: September 17, 2018Date of Patent: November 26, 2019Assignee: CISCO TECHNOLOGY, INC.Inventors: Natarajan Manthiramoorthy, Venkatesh Srinivasan, Swaminathan Narayanan, Ambrish Niranjan Mehta, Anand Kumar Singh, Anulekha Chodey
-
Patent number: 10333836Abstract: Methods for assisting data forwarding during convergence in a multi-homed network are disclosed. In one aspect, a first leaf node is configured to detect when a second leaf node advertises a set of Ethernet segments which are local to the first leaf and advertise reachability information for the second leaf, indicating itself as a backup for the second leaf during convergence. A spine node that receives advertisement messages from such first and second leaf nodes programs its routing table to indicate the direct route to the second leaf as the primary path and the route to the second leaf via the first leaf as a backup path to forward encapsulated packets destined to the second leaf. Upon failure of the second leaf, when the spine node receives data packets destined to the second leaf, the spine node sends the packets to the first leaf instead of the second leaf.Type: GrantFiled: April 13, 2017Date of Patent: June 25, 2019Assignee: Cisco Technology, Inc.Inventors: Natarajan Manthiramoorthy, Venkatesh Srinivasan, Rajesh Sharma
-
Patent number: 10320838Abstract: Systems, methods, and computer-readable media for preventing man-in-the-middle attacks within network, without the need to maintain trusted/un-trusted port listings on each network device. The solutions disclosed herein leverage a host database which can be present on controllers, thereby providing a centralized database instead of a per-node DHCP binding database. Systems configured according to this disclosure (1) use a flood list only for ARP packets received from the controller 116; and (2) unicast ARP packets to the controller before communicating the packets to other VTEPs.Type: GrantFiled: July 20, 2016Date of Patent: June 11, 2019Assignee: CISCO TECHNOLOGY, INC.Inventors: Venkatesh Srinivasan, Ambrish Niranjan Mehta, Anand Kumar Singh, Anulekha Chodey, Natarajan Manthiramoorthy, Swaminathan Narayanan
-
Publication number: 20190116125Abstract: Aspects of the present disclosure are directed to dynamically adjusting control plane policing throughput of low (or lower) priority control plane traffic to permit higher throughput. The drop rate for low or lower priority control plane traffic can be determined to be above a threshold value. The processor utilization can be determined to be operating under normal utilization (or at a utilization within a threshold utilization value). The control plane policing for control plane traffic for the low or lower class of service can be increased (or decreased) to permit lower class of service control traffic to be transmitted using higher class of service resources without adjusting the priority levels for the lower class of service control traffic.Type: ApplicationFiled: December 10, 2018Publication date: April 18, 2019Inventors: Anand Kumar Singh, Venkatesh Srinivasan, Swaminathan Narayanan, Anulekha Chodey, Ambrish Niranjan Mehta, Natarajan Manthiramoorthy
-
Publication number: 20190036809Abstract: Systems, methods, and non-transitory computer-readable storage media for detecting network loops. In some embodiments, a system can identify a port that is in a blocking state. The blocking state can be for dropping one or more types of packets and preventing the port from forwarding the one or more types of packets. The system can determine a number of packets transmitted through the port by a hardware layer on the system and a number of control packets transmitted through the port by a software layer on the system. The system can determine whether the number of packets is greater than the number of control packets. When the number of packets is greater than the number of control packets, the system can determine that the blocking state has failed to prevent the port from forwarding the one or more types of packets.Type: ApplicationFiled: September 19, 2018Publication date: January 31, 2019Inventors: Natarajan Manthiramoorthy, Venkatesh Srinivasan, Swaminathan Narayanan, Ambrish Niranjan Mehta, Anand Kumar Singh, Anulekha Chodey
-
Publication number: 20190020575Abstract: Systems, methods, and computer-readable storage media for detecting network loops. A system can identify, for each virtual tunnel endpoint (VTEP) from multiple VTEPs in a network, respective media access control address data including the respective local interface media access control addresses of the respective VTEP and respective media access control addresses learned by the respective VTEP. The system can determine whether the VTEPs are running spanning tree protocol (STP), and whether a media access control address learned by a first VTEP matches a respective local interface media access control address of a second VTEP. The system can detect a loop when the media access control address learned by the first VTEP matches the respective local interface media access control address of the second VTEP. The system can also detect a loop when the VTEPs are running STP and the first and second VTEPs see the same STP root bridge.Type: ApplicationFiled: September 17, 2018Publication date: January 17, 2019Inventors: Natarajan Manthiramoorthy, Venkatesh Srinivasan, Swaminathan Narayanan, Ambrish Niranjan Mehta, Anand Kumar Singh, Anulekha Chodey
-
Patent number: 10153977Abstract: Aspects of the present disclosure are directed to dynamically adjusting control plane policing throughput of low (or lower) priority control plane traffic to permit higher throughput. The drop rate for low or lower priority control plane traffic can be determined to be above a threshold value. The processor utilization can be determined to be operating under normal utilization (or at a utilization within a threshold utilization value). The control plane policing for control plane traffic for the low or lower class of service can be increased (or decreased) to permit lower class of service control traffic to be transmitted using higher class of service resources without adjusting the priority levels for the lower class of service control traffic.Type: GrantFiled: May 12, 2016Date of Patent: December 11, 2018Assignee: CISCO TECHNOLOGY, INC.Inventors: Anand Kumar Singh, Venkatesh Srinivasan, Swaminathan Narayanan, Anulekha Chodey, Ambrish Niranjan Mehta, Natarajan Manthiramoorthy
-
Patent number: 10110469Abstract: Systems, methods, and non-transitory computer-readable storage media for detecting network loops. In some embodiments, a system can identify a port that is in a blocking state. The blocking state can be for dropping one or more types of packets and preventing the port from forwarding the one or more types of packets. The system can determine a number of packets transmitted through the port by a hardware layer on the system and a number of control packets transmitted through the port by a software layer on the system. The system can determine whether the number of packets is greater than the number of control packets. When the number of packets is greater than the number of control packets, the system can determine that the blocking state has failed to prevent the port from forwarding the one or more types of packets.Type: GrantFiled: July 21, 2016Date of Patent: October 23, 2018Assignee: CISCO TECHNOLOGY, INC.Inventors: Natarajan Manthiramoorthy, Venkatesh Srinivasan, Swaminathan Narayanan, Ambrish Niranjan Mehta, Anand Kumar Singh, Anulekha Chodey
-
Publication number: 20180302321Abstract: Methods for assisting data forwarding during convergence in a multi-homed network are disclosed. In one aspect, a first leaf node is configured to detect when a second leaf node advertises a set of Ethernet segments which are local to the first leaf and advertise reachability information for the second leaf, indicating itself as a backup for the second leaf during convergence. A spine node that receives advertisement messages from such first and second leaf nodes programs its routing table to indicate the direct route to the second leaf as the primary path and the route to the second leaf via the first leaf as a backup path to forward encapsulated packets destined to the second leaf. Upon failure of the second leaf, when the spine node receives data packets destined to the second leaf, the spine node sends the packets to the first leaf instead of the second leaf.Type: ApplicationFiled: April 13, 2017Publication date: October 18, 2018Applicant: CISCO TECHNOLOGY, INC.Inventors: Natarajan Manthiramoorthy, Venkatesh Srinivasan, Rajesh Sharma
-
Patent number: 10079752Abstract: Systems, methods, and computer-readable storage media for detecting network loops. A system can identify, for each virtual tunnel endpoint (VTEP) from multiple VTEPs in a network, respective media access control address data including the respective local interface media access control addresses of the respective VTEP and respective media access control addresses learned by the respective VTEP. The system can determine whether the VTEPs are running spanning tree protocol (STP), and whether a media access control address learned by a first VTEP matches a respective local interface media access control address of a second VTEP. The system can detect a loop when the media access control address learned by the first VTEP matches the respective local interface media access control address of the second VTEP. The system can also detect a loop when the VTEPs are running STP and the first and second VTEPs see the same STP root bridge.Type: GrantFiled: August 9, 2016Date of Patent: September 18, 2018Assignee: CISCO TECHNOLOGY, INC.Inventors: Natarajan Manthiramoorthy, Venkatesh Srinivasan, Swaminathan Narayanan, Ambrish Niranjan Mehta, Anand Kumar Singh, Anulekha Chodey
-
Publication number: 20180026871Abstract: Systems, methods, and non-transitory computer-readable storage media for detecting network loops. In some embodiments, a system can identify a port that is in a blocking state. The blocking state can be for dropping one or more types of packets and preventing the port from forwarding the one or more types of packets. The system can determine a number of packets transmitted through the port by a hardware layer on the system and a number of control packets transmitted through the port by a software layer on the system. The system can determine whether the number of packets is greater than the number of control packets. When the number of packets is greater than the number of control packets, the system can determine that the blocking state has failed to prevent the port from forwarding the one or more types of packets.Type: ApplicationFiled: July 21, 2016Publication date: January 25, 2018Inventors: Natarajan Manthiramoorthy, Venkatesh Srinivasan, Swaminathan Narayanan, Ambrish Niranjan Mehta, Anand Kumar Singh, Anulekha Chodey
-
Publication number: 20180026872Abstract: Systems, methods, and computer-readable storage media for detecting network loops. A system can identify, for each virtual tunnel endpoint (VTEP) from multiple VTEPs in a network, respective media access control address data including the respective local interface media access control addresses of the respective VTEP and respective media access control addresses learned by the respective VTEP. The system can determine whether the VTEPs are running spanning tree protocol (STP), and whether a media access control address learned by a first VTEP matches a respective local interface media access control address of a second VTEP. The system can detect a loop when the media access control address learned by the first VTEP matches the respective local interface media access control address of the second VTEP. The system can also detect a loop when the VTEPs are running STP and the first and second VTEPs see the same STP root bridge.Type: ApplicationFiled: August 9, 2016Publication date: January 25, 2018Inventors: Natarajan Manthiramoorthy, Venkatesh Srinivasan, Swaminathan Narayanan, Ambrish Niranjan Mehta, Anand Kumar Singh, Anulekha Chodey
-
Publication number: 20180026810Abstract: Systems, methods, and non-transitory computer-readable storage media for detecting network loops. In some embodiments, a system can identify a network path having multiple hops associated with respective nodes which are configured in a forwarding mode. The system can traverse the network path to identify, for each node from the respective nodes, a respective next hop. Based on the respective next hop for each node, the system can determine whether two or more nodes from the respective nodes have a same respective next hop. When the two or more nodes have the same respective next hop, the system can determine that the network path has a network loop.Type: ApplicationFiled: August 9, 2016Publication date: January 25, 2018Inventors: Natarajan Manthiramoorthy, Venkatesh Srinivasan, Swaminathan Narayanan, Ambrish Niranjan Mehta, Anand Kumar Singh, Anulekha Chodey
-
Publication number: 20180027012Abstract: Systems, methods, and computer-readable media for preventing man-in-the-middle attacks within network, without the need to maintain trusted/un-trusted port listings on each network device. The solutions disclosed herein leverage a host database which can be present on controllers, thereby providing a centralized database instead of a per-node DHCP binding database. Systems configured according to this disclosure (1) use a flood list only for ARP packets received from the controller 116; and (2) unicast ARP packets to the controller before communicating the packets to other VTEPs.Type: ApplicationFiled: July 20, 2016Publication date: January 25, 2018Inventors: Venkatesh Srinivasan, Ambrish Niranjan Mehta, Anand Kumar Singh, Anulekha Chodey, Natarajan Manthiramoorthy, Swaminathan Narayanan