Patents by Inventor Pierre-Emmanuel Ettori
Pierre-Emmanuel Ettori has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11870855Abstract: A method for a proxyless protocol includes intercepting, from a client, a first Transmission Control Protocol (TCP) connection request requesting to establish a TCP connection between the client and a proxy for routing data to a destination server. The request includes client information and a first sequence number. The method also includes transmitting, to the destination server, a second TCP connection request to establish a TCP connection between the client and the destination server. The second request includes a second sequence number less than the first sequence number. The method also includes intercepting, from the destination server, an acknowledgment message indicating acknowledgment of the second TCP connection request. The method also includes transmitting, to the destination server, a proxy protocol header message with the client information.Type: GrantFiled: November 22, 2022Date of Patent: January 9, 2024Assignee: Google LLCInventors: Sonny Ben-Shimon, Uri Goren, Daniel Berkovitch, Ittai Balaban, Alok Kumar, Parveen Patel, Pierre-emmanuel Ettori, Anshuman Gupta, Idan Brown, Noam Lampert
-
Publication number: 20230123734Abstract: Establishing proxy-less connectivity from logically isolated virtual private clouds (VPC)within a cloud environment without the use of VPN or VPC peering is provided. Establishing a service attachment in one VPC, related to a service which is to be accessed, and a service endpoint in another VPC allows for private communication between the two networks without exposing the service to other VPCs in the cloud environment.Type: ApplicationFiled: October 20, 2022Publication date: April 20, 2023Inventors: Eli Oxman, Salomon Sonny Ben-Shimon, Anshuman Gupta, Alok Kumar, Ittai Balaban, Benjamin John Benardos, Sameer Adhikari, Mukta Gupta, Anjin Guo, Pierre-Emmanuel Ettori, Noam Lampert, Uday Ramakrishna Naik, Jesse Louis Alpert, Ines Clara Envid Lazaro, Uri Goren, Ariel Waizel
-
Publication number: 20230092318Abstract: A method for a proxyless protocol includes intercepting, from a client, a first Transmission Control Protocol (TCP) connection request requesting to establish a TCP connection between the client and a proxy for routing data to a destination server. The request includes client information and a first sequence number. The method also includes transmitting, to the destination server, a second TCP connection request to establish a TCP connection between the client and the destination server. The second request includes a second sequence number less than the first sequence number. The method also includes intercepting, from the destination server, an acknowledgment message indicating acknowledgment of the second TCP connection request. The method also includes transmitting, to the destination server, a proxy protocol header message with the client information.Type: ApplicationFiled: November 22, 2022Publication date: March 23, 2023Applicant: Google LLCInventors: Sonny Ben-Shimon, Uri Goren, Daniel Berkovitch, Ittai Balaban, Alok Kumar, Parveen Patel, Pierre-emmanuel Ettori, Anshuman Gupta, Idan Brown, Noam Lampert
-
Patent number: 11533372Abstract: A method for a proxyless protocol includes intercepting, from a client, a first Transmission Control Protocol (TCP) connection request requesting to establish a TCP connection between the client and a proxy for routing data to a destination server. The request includes client information and a first sequence number. The method also includes transmitting, to the destination server, a second TCP connection request to establish a TCP connection between the client and the destination server. The second request includes a second sequence number less than the first sequence number. The method also includes intercepting, from the destination server, an acknowledgment message indicating acknowledgment of the second TCP connection request. The method also includes transmitting, to the destination server, a proxy protocol header message with the client information.Type: GrantFiled: March 31, 2021Date of Patent: December 20, 2022Assignee: Google LLCInventors: Sonny Ben-Shimon, Uri Goren, Daniel Berkovitch, Ittai Balaban, Alok Kumar, Parveen Patel, Pierre-emmanuel Ettori, Anshuman Gupta, Idan Brown, Noam Lampert
-
Publication number: 20220329500Abstract: Methods, apparatus, systems and articles of manufacture are disclosed related to policy declarations for cloud management system. An example apparatus includes memory, instructions, and processor circuitry to execute the instructions. The processor circuitry is to convert first network state data in a first format to a first data tuple in a unified format, the first network state data from a first cloud management application that manages a first aspect of a network and convert second network state data in a second format to a second data tuple in the unified format, the second network state data from a second cloud management application that manages a second aspect of the network, the first format different than the second format.Type: ApplicationFiled: April 25, 2022Publication date: October 13, 2022Inventors: Timothy Hinrichs, Peter J. Balland, III, Martin Casado, Pierre-Emmanuel Ettori
-
Publication number: 20220321667Abstract: A method for a proxyless protocol includes intercepting, from a client, a first Transmission Control Protocol (TCP) connection request requesting to establish a TCP connection between the client and a proxy for routing data to a destination server. The request includes client information and a first sequence number. The method also includes transmitting, to the destination server, a second TCP connection request to establish a TCP connection between the client and the destination server. The second request includes a second sequence number less than the first sequence number. The method also includes intercepting, from the destination server, an acknowledgment message indicating acknowledgment of the second TCP connection request. The method also includes transmitting, to the destination server, a proxy protocol header message with the client information.Type: ApplicationFiled: March 31, 2021Publication date: October 6, 2022Applicant: Google LLCInventors: Sonny Ben-Shimon, Uri Goren, Daniel Berkovitch, Ittai Balaban, Alok Kumar, Parveen Patel, Pierre-Emmanuel Ettori, Anshu Gupta, Idan Brown, Noam Lampert
-
Patent number: 11343159Abstract: Methods, apparatus, systems and articles of manufacture are disclosed related to policy declarations for cloud management system. An example computer readable storage device includes instructions that, when executed, cause processor circuitry to at least identify a proposed change to a state of a network. The example instructions, when executed, also cause the processor circuitry to, in response to identifying the proposed change, determine whether the proposed change will cause the state of the network to violate a policy, the policy including a query plan describing characteristics to evaluate the proposed change. In some examples, the instructions, when executed, cause the processor circuitry to, when the proposed change will cause the state of the network to violate the policy, execute an application programming interface call to a cloud service provider to cause the cloud service provider to prevent violation of the policy by executing an action associated with the proposed change.Type: GrantFiled: May 3, 2019Date of Patent: May 24, 2022Assignee: VMWARE, INC.Inventors: Timothy Hinrichs, Peter J. Balland, III, Martin Casado, Pierre-Emmanuel Ettori
-
Publication number: 20190312790Abstract: Methods, apparatus, systems and articles of manufacture are disclosed related to policy declarations for cloud management system. A computer readable storage device comprising instructions that, when executed, cause a processor to at least: identify a proposed change to a state of a network; in response to identifying the proposed change, determine whether the proposed change will cause the state of the network to violate a policy, the policy including a query plan describing characteristics to evaluate the proposed change; and when the proposed change will cause the state of the network to violate the policy, execute an application programming interface call to a cloud service provider to cause the cloud service provider to prevent violation of the policy by executing an action associated with the proposed change.Type: ApplicationFiled: May 3, 2019Publication date: October 10, 2019Inventors: Timothy Hinrichs, Peter J. Balland, III, Martin Casado, Pierre-Emmanuel Ettori
-
Patent number: 10320622Abstract: Some embodiments provide a method for a system that monitors a network to prevent violations of declared policies. The method stores network state data received from a plurality of data sources as a set of tables. The method receives a declaration of a policy that specifies a set of conditions for a particular set of network state entities received from at least two of the data sources. The set of conditions is specified as an existence of a set of data tuples involving the set of network state entities in the stored set of tables. The method monitors the network state data according to the declared policy.Type: GrantFiled: September 30, 2014Date of Patent: June 11, 2019Assignee: VMware, Inc.Inventors: Timothy Hinrichs, Peter J. Balland, III, Martin Casado, Pierre-Emmanuel Ettori
-
Patent number: 10129100Abstract: Some embodiments provide a method for a system that enforces policy for a network. The method receives (i) a first set of network state data from a first cloud management application that manages a first aspect of the network and stores its network state data in a first format and (ii) a second set of network state data from a second cloud management application that manages a second aspect of the network and stores its network state data in a second format. The method stores the first and second sets of network state data in a single, unified data format. The method monitors the stored sets of network state data to determine whether the network state violates one or more network policies that constrain the network state received from the first and second cloud management applications.Type: GrantFiled: September 30, 2014Date of Patent: November 13, 2018Assignee: VMware, Inc.Inventors: Timothy Hinrichs, Peter J. Balland, III, Martin Casado, Pierre-Emmanuel Ettori
-
Patent number: 10044570Abstract: Some embodiments provide a method for a system that monitors a network to prevent violations of network policies. The method stores network state data that describes the network. The method identifies that a first set of stored network state data violates a particular policy declared for the network. The method issues a command to a first cloud management application to modify the network state data such that the modified network state data does not violate the particular policy. The method determines whether a requested action that modifies a second set of network state data, received from a second cloud management application, violates any policies. The method responds to the second cloud management application to permit the requested change when the modified second set of network state data does not violate any policies and deny the requested change when the modified second set of network state data violates the particular policy.Type: GrantFiled: September 30, 2014Date of Patent: August 7, 2018Assignee: VMware, Inc.Inventors: Timothy Hinrichs, Peter J. Balland, III, Martin Casado, Pierre-Emmanuel Ettori
-
Publication number: 20160057026Abstract: Some embodiments provide a method for a system that monitors a network to prevent violations of network policies. The method stores network state data that describes the network. The method identifies that a first set of stored network state data violates a particular policy declared for the network. The method issues a command to a first cloud management application to modify the network state data such that the modified network state data does not violate the particular policy. The method determines whether a requested action that modifies a second set of network state data, received from a second cloud management application, violates any policies. The method responds to the second cloud management application to permit the requested change when the modified second set of network state data does not violate any policies and deny the requested change when the modified second set of network state data violates the particular policy.Type: ApplicationFiled: September 30, 2014Publication date: February 25, 2016Inventors: Timothy Hinrichs, Peter J. Balland, III, Martin Casado, Pierre-Emmanuel Ettori
-
Publication number: 20160057027Abstract: Some embodiments provide a method for a system that enforces policy for a network. The method receives (i) a first set of network state data from a first cloud management application that manages a first aspect of the network and stores its network state data in a first format and (ii) a second set of network state data from a second cloud management application that manages a second aspect of the network and stores its network state data in a second format. The method stores the first and second sets of network state data in a single, unified data format. The method monitors the stored sets of network state data to determine whether the network state violates one or more network policies that constrain the network state received from the first and second cloud management applications.Type: ApplicationFiled: September 30, 2014Publication date: February 25, 2016Inventors: Timothy Hinrichs, Peter J. Balland, III, Martin Casado, Pierre-Emmanuel Ettori
-
Publication number: 20160057025Abstract: Some embodiments provide a method for a system that monitors a network to prevent violations of declared policies. The method stores network state data received from a plurality of data sources as a set of tables. The method receives a declaration of a policy that specifies a set of conditions for a particular set of network state entities received from at least two of the data sources. The set of conditions is specified as an existence of a set of data tuples involving the set of network state entities in the stored set of tables. The method monitors the network state data according to the declared policy.Type: ApplicationFiled: September 30, 2014Publication date: February 25, 2016Inventors: Timothy Hinrichs, Peter J. Balland, III, Martin Casado, Pierre-Emmanuel Ettori
-
Patent number: 8619627Abstract: A particular networked machine broadcasts packets from its interfaces resulting in patterns of returned copies of the sent broadcast packets received on its interfaces. Based on these patterns, a determination is made to identify groupings of one or more of the interfaces that are considered by remote devices as being grouped together, as a broadcast packet transmitted from an interface belonging to a grouping will be received on, and only on, a single interface in each of the other groupings, with a grouping being one or more interfaces. In one implementation, a grouping is defined as a single independent interface, or an aggregation of two or more interfaces combined into a single logical interface, such as, but not limited to that of a PortChannel.Type: GrantFiled: February 24, 2010Date of Patent: December 31, 2013Assignee: Cisco Technology, Inc.Inventors: Christian Elsen, Pierre-Emmanuel Ettori
-
Publication number: 20110206058Abstract: A particular networked machine broadcasts packets from its interfaces resulting in patterns of returned copies of the sent broadcast packets received on its interfaces. Based on these patterns, a determination is made to identify groupings of one or more of the interfaces that are considered by remote devices as being grouped together, as a broadcast packet transmitted from an interface belonging to a grouping will be received on, and only on, a single interface in each of the other groupings, with a grouping being one or more interfaces. In one implementation, a grouping is defined as a single independent interface, or an aggregation of two or more interfaces combined into a single logical interface, such as, but not limited to that of a PortChannel.Type: ApplicationFiled: February 24, 2010Publication date: August 25, 2011Applicant: Cisco Technology, Inc., a corporation of CaliforniaInventors: Christian Elsen, Pierre-Emmanuel Ettori