Patents by Inventor Nir Ben-Dvora
Nir Ben-Dvora has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 10218596Abstract: A method is described and in one embodiment includes receiving at a first network element of a communications network a first packet corresponding to a first traffic flow from a first end user device to a second end user device at a time T1; receiving at the first network element a second packet corresponding to a second traffic flow from the second end user device to the first end user device at a time T2; calculating by the first network element a difference ?1 between the time T1 and the time T2; creating at the first network element a first record including the calculated difference ?1; and providing the first record to a network collector device, wherein the network collector device compares the first record with a second record received from a second network element to determine a Round Trip Time (“RTT”) delay for the communications network.Type: GrantFiled: February 10, 2017Date of Patent: February 26, 2019Assignee: Cisco Technology, Inc.Inventors: Nir Ben-Dvora, Lior Katzri
-
Publication number: 20180234316Abstract: A method is described and in one embodiment includes receiving at a first network element of a communications network a first packet corresponding to a first traffic flow from a first end user device to a second end user device at a time T1; receiving at the first network element a second packet corresponding to a second traffic flow from the second end user device to the first end user device at a time T2; calculating by the first network element a difference ?1 between the time T1 and the time T2; creating at the first network element a first record including the calculated difference ?1; and providing the first record to a network collector device, wherein the network collector device compares the first record with a second record received from a second network element to determine a Round Trip Time (“RTT”) delay for the communications network.Type: ApplicationFiled: February 10, 2017Publication date: August 16, 2018Applicant: CISCO TECHNOLOGY, INC.Inventors: Nir Ben-Dvora, Lior Katzri
-
Patent number: 9577906Abstract: Techniques for scalable performance monitoring using dynamic flow sampling are described. According to one approach, a method comprises intercepting, at an intermediary network device, one or more packets traveling between a source device and a destination device; identifying, at the intermediary network device, a traffic flow based on the one or more packets; determining, at the intermediary network device, whether to collect one or more metrics from the traffic flow based on one or more performance factors of the intermediary network device; in response to a determination to collect the one or more metrics from the traffic flow, the intermediary network collecting the one or more metrics from subsequently intercepted packets belonging to the traffic flow; wherein the method is performed by one or more computing devices.Type: GrantFiled: September 6, 2013Date of Patent: February 21, 2017Assignee: Cisco Technology, Inc.Inventors: Joao Carlos Leite Ferreira, Harinadh Nagulapalli, Kangwarn Chinthammit, Nir Ben-Dvora
-
Patent number: 9559958Abstract: In one embodiment, accurate packet metrics are recorded despite delayed resolution of one or more traffic monitors that maintain the metrics for the packet flow. One or more metrics related to an initial plurality of packets of a packet flow are stored in a temporary metrics data structure. One or more monitors are subsequently resolved based on information included in packets of at least the initial plurality of packets. For example, an application or Wide Area Application Services (WAAS) segment that is to be monitored may not be identified until after numerous packets have passed. The monitor(s) are updated with metrics related to the packet flow based on said one or more metrics related to the initial plurality of packets from the metrics data structure and packets of the packet stream subsequent to the first one or more packets.Type: GrantFiled: November 28, 2013Date of Patent: January 31, 2017Assignee: Cisco Technology, Inc.Inventors: Nir Ben-Dvora, Sarel Altshuler
-
Publication number: 20160248652Abstract: System and methods for identifying and managing applications over compressed or encrypted traffic in a network are described. The first and second embodiments, which provides a method for managing applications over compressed or encrypted traffic respectively, comprise identifying applications on the traffic, saving the application classification per connection, and propagating the application classification to the network. A method for providing application identification over compressed or encrypted traffic is also disclosed, which includes an application recognition module configured to, among other functions, determine an application classifier for compressed or encrypted traffic without applying an application classification process, and utilize the application classification for previous packets originating from the connection for the current packets from the same connection.Type: ApplicationFiled: April 29, 2016Publication date: August 25, 2016Inventors: Nir Ben-Dvora, Michael Zayats, Chanoh Haim, Ranjana Rao
-
Patent number: 9356876Abstract: System and methods for identifying and managing applications over compressed or encrypted traffic in a network are described. The first and second embodiments, which provides a method for managing applications over compressed or encrypted traffic respectively, comprise identifying applications on the traffic, saving the application classification per connection, and propagating the application classification to the network. A method for providing application identification over compressed or encrypted traffic is also disclosed, which includes an application recognition module configured to, among other functions, determine an application classifier for compressed or encrypted traffic without applying an application classification process, and utilize the application classification for previous packets originating from the connection for the current packets from the same connection.Type: GrantFiled: November 24, 2013Date of Patent: May 31, 2016Assignee: Cisco Technology, Inc.Inventors: Nir Ben-Dvora, Michael Zayats, Chanoh Haim, Ranjana Rao
-
Patent number: 9240939Abstract: One example method is provided for detecting end-to-end packet loss and retransmission occurring in a connection of a network environment. The method can include monitoring packets transmitted from a sender to a receiver and acknowledgement packets from the receiver to the sender using a probe located in a path between the sender and the receiver in the network environment; identifying, by the probe, a first packet as a possibly-retransmitted packet if the first packet has a fall back sequence number; classifying, by the probe, the first packet as a retransmitted packet using one or more conditions based, at least in part, on one or more of the following: characteristic(s) of the possibly-retransmitted packet, characteristic(s) of sequence numbers observed by the probe, and characteristic(s) of acknowledgements observed by the probe.Type: GrantFiled: October 22, 2013Date of Patent: January 19, 2016Assignee: CISCO TECHNOLOGY, INC.Inventors: Khanh Vinh Nguyen, Nir Ben-Dvora, Harinadh Nagulapalli
-
Publication number: 20150109942Abstract: One example method is provided for detecting end-to-end packet loss and retransmission occurring in a connection of a network environment. The method can include monitoring packets transmitted from a sender to a receiver and acknowledgement packets from the receiver to the sender using a probe located in a path between the sender and the receiver in the network environment; identifying, by the probe, a first packet as a possibly-retransmitted packet if the first packet has a fall back sequence number; classifying, by the probe, the first packet as a retransmitted packet using one or more conditions based, at least in part, on one or more of the following: characteristic(s) of the possibly-retransmitted packet, characteristic(s) of sequence numbers observed by the probe, and characteristic(s) of acknowledgements observed by the probe.Type: ApplicationFiled: October 22, 2013Publication date: April 23, 2015Applicant: CISCO TECHNOLOGY, INC.Inventors: Khanh Vinh Nguyen, Nir Ben-Dvora, Harinadh Nagulapalli
-
Publication number: 20150074258Abstract: Techniques for scalable performance monitoring using dynamic flow sampling are described. According to one approach, a method comprises intercepting, at an intermediary network device, one or more packets traveling between a source device and a destination device; identifying, at the intermediary network device, a traffic flow based on the one or more packets; determining, at the intermediary network device, whether to collect one or more metrics from the traffic flow based on one or more performance factors of the intermediary network device; in response to a determination to collect the one or more metrics from the traffic flow, the intermediary network collecting the one or more metrics from subsequently intercepted packets belonging to the traffic flow; wherein the method is performed by one or more computing devices.Type: ApplicationFiled: September 6, 2013Publication date: March 12, 2015Applicant: Cisco Technology, Inc.,Inventors: JOAO CARLOS LEITE FERREIRA, HARINADH NAGULAPALLI, KANGWARN CHINTHAMMIT, NIR BEN-DVORA
-
Patent number: 8024787Abstract: One or more firewalls are used to perform firewall functionality on packets based on the entry and exit accesses of each of the one or more firewalls being applied to a packet. For example, when firewalls are included in a router, the interfaces of the router are typically mapped to virtual firewalls and access thereof. Based on the determined routing of a particular packet, the firewalls to apply and their corresponding entry and exit accesses are identified. In order to decouple the application by the firewall itself of the security policies from the network topology and routing architecture (e.g., the network routing address information which is typically relied upon by current firewalls), the firewall functionality is defined based on the identified entry and exit accesses of a firewall, rather than based on network defined addresses, for example.Type: GrantFiled: May 2, 2006Date of Patent: September 20, 2011Assignee: Cisco Technology, Inc.Inventors: Doron Oz, Nir Ben-Dvora, Eldad Bar Eli
-
Patent number: 7957279Abstract: In one embodiment, a router receives a call request for establishing a multimedia exchange between two remote endpoints. The router selects a processing entity to manage a subset of connections with the remote endpoints according to an endpoint identification such as a remote address included in the call request. A different processing entity manages the remaining connections with the remote endpoints. Accordingly, the load of managing signaling for establishing the multimedia exchange is balanced between a plurality of processing elements that appear externally as a single entity such that modification of remote endpoint behavior is not required.Type: GrantFiled: May 30, 2007Date of Patent: June 7, 2011Assignee: Cisco Technology, Inc.Inventors: Nir Ben-Dvora, Jisu Bhattacharya, Chandrasekar Krishnamurthy, Doron Oz, David D. Ward
-
Patent number: 7787462Abstract: Disclosed are, inter alia, methods, apparatus, data structures, computer-readable media, mechanisms, and means for applying features to packets in an order specified by a selected feature order template. By providing multiple feature order templates, a network device manufacturer can provide the user of the network device the ability to select among a variety of orders in which features are applied, while limiting the possible selectable orderings such as to those capable by the hardware and software of the network device, and/or to a subset of orderings thereof which has been thoroughly tested. Some devices further allow a user to define new feature order templates via a user interface.Type: GrantFiled: March 6, 2006Date of Patent: August 31, 2010Assignee: Cisco Technology, Inc.Inventors: Sarel Altshuler, Nisim Levi, Nir Ben-Dvora, Doron Oz
-
Patent number: 7522595Abstract: Packets are communicated between forwarding contexts (e.g., virtual routers, logical routers, and/or private networks) using virtual interfaces in communications and computing systems, especially routers, packet switching systems, and other devices. A virtual interface refers to the interface infrastructure (e.g., buffers, memory locations, other data structures), but does not connect to an external cable or other communications mechanism such as is a physical interface. Packets are moved between forwarding contexts by automatically moving a packet placed in a first virtual interface associated with a first forwarding context to a second virtual interface associated with a second forwarding context (assuming the packet is not dropped by a feature applied to the packet at the first virtual interface).Type: GrantFiled: June 16, 2006Date of Patent: April 21, 2009Assignee: Cisco Technology, Inc.Inventors: Nir Ben-Dvora, Doron Oz, Sarel Altshuler, Warren Scott Wainner
-
Publication number: 20080298362Abstract: In one embodiment, a router receives a call request for establishing a multimedia exchange between two remote endpoints. The router selects a processing entity to manage a subset of connections with the remote endpoints according to an endpoint identification such as a remote address included in the call request. A different processing entity manages the remaining connections with the remote endpoints. Accordingly, the load of managing signaling for establishing the multimedia exchange is balanced between a plurality of processing elements that appear externally as a single entity such that modification of remote endpoint behavior is not required.Type: ApplicationFiled: May 30, 2007Publication date: December 4, 2008Applicant: CISCO TECHNOLOGY, INC.Inventors: Nir Ben-Dvora, Jisu Bhattacharya, Chandrasekar Krishnamurthy, Doron Oz, David D. Ward
-
Patent number: 7317681Abstract: A novel and useful mechanism for optical ring networks providing concentrator redundancy in the event of a failure of a concentrator. The nodes in a network are connected to dual concentrators to form bi-directional dual counter-rotating optical rings. The failure of one of the concentrators is detected and the internal connections of the surviving concentrator are reconfigured to form a single ring that provides an alternate communication path thus preventing the collapse of the ring. Reliability of optical rings is improved by enabling the ring to continue to function in the event of a concentrator failure.Type: GrantFiled: January 11, 2002Date of Patent: January 8, 2008Assignee: Cisco Systems O.I.A. (1988)Ltd.Inventors: Nir Ben-Dvora, Doron Oz, Roni Luxenberg, Assaf Ben-Amitai
-
Publication number: 20070291752Abstract: Packets are communicated between forwarding contexts (e.g., virtual routers, logical routers, and/or private networks) using virtual interfaces in communications and computing systems, especially routers, packet switching systems, and other devices. A virtual interface refers to the interface infrastructure (e.g., buffers, memory locations, other data structures), but does not connect to an external cable or other communications mechanism such as is a physical interface. Packets are moved between forwarding contexts by automatically moving a packet placed in a first virtual interface associated with a first forwarding context to a second virtual interface associated with a second forwarding context (assuming the packet is not dropped by a feature applied to the packet at the first virtual interface).Type: ApplicationFiled: June 16, 2006Publication date: December 20, 2007Applicant: Cisco Technology, Inc.Inventors: Nir Ben-Dvora, Doron Oz, Sarel Altshuler, Warren Scott Wainner
-
Publication number: 20070261110Abstract: One or more firewalls are used to perform firewall functionality on packets based on the entry and exit accesses of each of the one or more firewalls being applied to a packet. For example, when firewalls are included in a router, the interfaces of the router are typically mapped to virtual firewalls and access thereof. Based on the determined routing of a particular packet, the firewalls to apply and their corresponding entry and exit accesses are identified. In order to decouple the application by the firewall itself of the security policies from the network topology and routing architecture (e.g., the network routing address information which is typically relied upon by current firewalls), the firewall functionality is defined based on the identified entry and exit accesses of a firewall, rather than based on network defined addresses, for example.Type: ApplicationFiled: May 2, 2006Publication date: November 8, 2007Applicant: CISCO TECHNOLOGY, INC., A CALIFORNIA CORPORATIONInventors: Doron Oz, Nir Ben-Dvora, Eldad Eli
-
Publication number: 20070206490Abstract: Disclosed are, inter alia, methods, apparatus, data structures, computer-readable media, mechanisms, and means for applying features to packets in an order specified by a selected feature order template. By providing multiple feature order templates, a network device manufacturer can provide the user of the network device the ability to select among a variety of orders in which features are applied, while limiting the possible selectable orderings such as to those capable by the hardware and software of the network device, and/or to a subset of orderings thereof which has been thoroughly tested. Some devices further allow a user to define new feature order templates via a user interface.Type: ApplicationFiled: March 6, 2006Publication date: September 6, 2007Applicant: CISCO TECHNOLOGY, INC., A CALIFORNIA CORPORATIONInventors: Sarel Altshuler, Nisim Levi, Nir Ben-Dvora, Doron Oz