Patents by Inventor Robert K. Floyd, III
Robert K. Floyd, III has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11218447Abstract: A firewall manager periodically accesses a set of servers to identify the various services currently active on each server. The firewall manager also periodically accesses a set of firewalls configured to protect those servers to identify various firewall rules implemented by those firewalls. The firewall manager then compares the services data with the rules data to identify any obsolete firewall rules that are (i) defined based on an IP address not currently allocated to any of the servers or (ii) defined based on a port of an active server that is not associated with any service running on server. Such rules are considered obsolete. Upon identifying any obsolete firewall rules, the firewall manager accesses the firewalls associated with those rules and then removes the obsolete rules.Type: GrantFiled: March 2, 2018Date of Patent: January 4, 2022Assignee: Disney Enterprises, Inc.Inventors: Mark G. Cloud, Robert K. Floyd, III, Jeffrey Sol Mansukhani
-
Patent number: 10623195Abstract: An approach is provided for protecting a network from a unicast flood. If the destination MAC address of a frame is not included in a table of unknown MAC addresses, the MAC address is added to the table and the frame is forwarded to non-blocked spanning tree links to find the MAC address in the network. If the MAC address is included in the table, and if a timer for suppressing forwarding of frames is active, the frame is discarded, or if the timer is inactive, a counter for counting received frames is incremented and compared to a threshold value. If the counter is greater than the threshold value, the timer is activated and the frame is discarded. If the counter is not greater than the threshold value, the frame is forwarded to the non-blocked spanning tree links to find the MAC address in the network.Type: GrantFiled: March 29, 2019Date of Patent: April 14, 2020Assignee: International Business Machines CorporationInventors: Robert K. Floyd, III, James W. Ling, Roger Hoffmann, Catalin Dumitru Marica
-
Patent number: 10623196Abstract: An approach is provided for protecting a network from a unicast flood. If the destination MAC address of a frame is not included in a table of unknown MAC addresses, the MAC address is added to the table and the frame is forwarded to non-blocked spanning tree links to find the MAC address in the network. If the MAC address is included in the table, and if a timer for suppressing forwarding of frames is active, the frame is discarded, or if the timer is inactive, a counter for counting received frames is incremented and compared to a threshold value. If the counter is greater than the threshold value, the timer is activated and the frame is discarded. If the counter is not greater than the threshold value, the frame is forwarded to the non-blocked spanning tree links to find the MAC address in the network.Type: GrantFiled: March 29, 2019Date of Patent: April 14, 2020Assignee: International Business Machines CorporationInventors: Robert K. Floyd, III, James W. Ling, Roger Hoffmann, Catalin Dumitru Marica
-
Publication number: 20190273720Abstract: A firewall manager periodically accesses a set of servers to identify the various services currently active on each server. The firewall manager also periodically accesses a set of firewalls configured to protect those servers to identify various firewall rules implemented by those firewalls. The firewall manager then compares the services data with the rules data to identify any obsolete firewall rules that are (i) defined based on an IP address not currently allocated to any of the servers or (ii) defined based on a port of an active server that is not associated with any service running on server. Such rules are considered obsolete. Upon identifying any obsolete firewall rules, the firewall manager accesses the firewalls associated with those rules and then removes the obsolete rules.Type: ApplicationFiled: March 2, 2018Publication date: September 5, 2019Inventors: Mark G. CLOUD, Robert K. FLOYD, III, Jeffrey Sol MANSUKHANI
-
Publication number: 20190229941Abstract: An approach is provided for protecting a network from a unicast flood. If the destination MAC address of a frame is not included in a table of unknown MAC addresses, the MAC address is added to the table and the frame is forwarded to non-blocked spanning tree links to find the MAC address in the network. If the MAC address is included in the table, and if a timer for suppressing forwarding of frames is active, the frame is discarded, or if the timer is inactive, a counter for counting received frames is incremented and compared to a threshold value. If the counter is greater than the threshold value, the timer is activated and the frame is discarded. If the counter is not greater than the threshold value, the frame is forwarded to the non-blocked spanning tree links to find the MAC address in the network.Type: ApplicationFiled: March 29, 2019Publication date: July 25, 2019Inventors: Robert K. Floyd, III, James W. Ling, Roger Hoffmann, Catalin Dumitru Marica
-
Publication number: 20190229940Abstract: An approach is provided for protecting a network from a unicast flood. If the destination MAC address of a frame is not included in a table of unknown MAC addresses, the MAC address is added to the table and the frame is forwarded to non-blocked spanning tree links to find the MAC address in the network. If the MAC address is included in the table, and if a timer for suppressing forwarding of frames is active, the frame is discarded, or if the timer is inactive, a counter for counting received frames is incremented and compared to a threshold value. If the counter is greater than the threshold value, the timer is activated and the frame is discarded. If the counter is not greater than the threshold value, the frame is forwarded to the non-blocked spanning tree links to find the MAC address in the network.Type: ApplicationFiled: March 29, 2019Publication date: July 25, 2019Inventors: Robert K. Floyd, III, James W. Ling, Roger Hoffmann, Catalin Dumitru Marica
-
Patent number: 10348553Abstract: Techniques for dampening an interface flapping rate between switches in a network environment. An interface of a first switch is designated as being in an active mode in which forwarding activity of the interface is permitted. The interface is determined to exhibit flapping behavior satisfying one or more dampening criteria when in the active mode. An indication is sent to a second switch to isolate the interface. A reply to the indication is received from the second switch. The interface is designated as being in an isolated mode in which health monitoring of the interface is permitted but forwarding activity of the interface is prohibited. The interface is determined to satisfy one or more reinstatement criteria when in the isolated mode. The interface is redesignated as being in the active mode.Type: GrantFiled: July 1, 2016Date of Patent: July 9, 2019Assignee: International Business Machines CorporationInventors: Robert K Floyd, III, Catalin Marica, Marian Tudosoiu
-
Patent number: 10333729Abstract: An approach is provided for protecting a network from a unicast flood. If the destination MAC address of a frame is not included in a table of unknown MAC addresses, the MAC address is added to the table and the frame is forwarded to non-blocked spanning tree links to find the MAC address in the network. If the MAC address is included in the table, and if a timer for suppressing forwarding of frames is active, the frame is discarded, or if the timer is inactive, a counter for counting received frames is incremented and compared to a threshold value. If the counter is greater than the threshold value, the timer is activated and the frame is discarded. If the counter is not greater than the threshold value, the frame is forwarded to the non-blocked spanning tree links to find the MAC address in the network.Type: GrantFiled: December 7, 2017Date of Patent: June 25, 2019Assignee: International Business Machines CorporationInventors: Robert K. Floyd, III, James W. Ling, Roger Hoffmann, Catalin Dumitru Marica
-
Patent number: 10333730Abstract: An approach is provided for protecting a network from a unicast flood. If the destination MAC address of a frame is not included in a table of unknown MAC addresses, the MAC address is added to the table and the frame is forwarded to non-blocked spanning tree links to find the MAC address in the network. If the MAC address is included in the table, and if a timer for suppressing forwarding of frames is active, the frame is discarded, or if the timer is inactive, a counter for counting received frames is incremented and compared to a threshold value. If the counter is greater than the threshold value, the timer is activated and the frame is discarded. If the counter is not greater than the threshold value, the frame is forwarded to the non-blocked spanning tree links to find the MAC address in the network.Type: GrantFiled: December 18, 2017Date of Patent: June 25, 2019Assignee: International Business Machines CorporationInventors: Robert K. Floyd, III, James W. Ling, Roger Hoffmann, Catalin Dumitru Marica
-
Publication number: 20190182066Abstract: An approach is provided for protecting a network from a unicast flood. If the destination MAC address of a frame is not included in a table of unknown MAC addresses, the MAC address is added to the table and the frame is forwarded to non-blocked spanning tree links to find the MAC address in the network. If the MAC address is included in the table, and if a timer for suppressing forwarding of frames is active, the frame is discarded, or if the timer is inactive, a counter for counting received frames is incremented and compared to a threshold value. If the counter is greater than the threshold value, the timer is activated and the frame is discarded. If the counter is not greater than the threshold value, the frame is forwarded to the non-blocked spanning tree links to find the MAC address in the network.Type: ApplicationFiled: December 18, 2017Publication date: June 13, 2019Inventors: Robert K. Floyd, III, James W. Ling, Roger Hoffmann, Catalin Dumitru Marica
-
Publication number: 20190182065Abstract: An approach is provided for protecting a network from a unicast flood. If the destination MAC address of a frame is not included in a table of unknown MAC addresses, the MAC address is added to the table and the frame is forwarded to non-blocked spanning tree links to find the MAC address in the network. If the MAC address is included in the table, and if a timer for suppressing forwarding of frames is active, the frame is discarded, or if the timer is inactive, a counter for counting received frames is incremented and compared to a threshold value. If the counter is greater than the threshold value, the timer is activated and the frame is discarded. If the counter is not greater than the threshold value, the frame is forwarded to the non-blocked spanning tree links to find the MAC address in the network.Type: ApplicationFiled: December 7, 2017Publication date: June 13, 2019Inventors: Robert K. Floyd, III, James W. Ling, Roger Hoffmann, Catalin Dumitru Marica
-
Patent number: 10305789Abstract: Embodiments of the present invention include methods, systems, and computer program products for packet forwarding. Aspects of the invention include receiving, from a source node, a first network queue in a set of network queues, wherein the first network queue includes one or more minimum network traffic performance requirements. A set of network paths is analyzed to determine a performance level for each network path and identify a first network path and a second network path with a performance level above the one or more minimum performance requirements of the first network queue. A determination is made that the first network path has a higher performance level than the second network path. Based at least in part on determining that the first network path has a higher performance level than the second network path, the first network queue is mapped to the first network path.Type: GrantFiled: March 6, 2017Date of Patent: May 28, 2019Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Robert K. Floyd, III, Richard E. Harper, Ruchi Mahindru
-
Patent number: 10237238Abstract: An approach for regional firewall clustering for optimal state-sharing of different sites in a virtualized/networked (e.g., cloud) computing environment is provided. In a typical embodiment, each firewall in a given region is informed of its peer firewalls via a registration process with a centralized server. Each firewall opens up an Internet protocol (IP)-based communication channel to each of its peers in the region to share state table information. This allows for asymmetrical firewall flows through the network and allows routing protocols to ascertain the best path to a given destination without having to take firewall placement into consideration.Type: GrantFiled: November 9, 2017Date of Patent: March 19, 2019Assignee: International Business Machines CorporationInventors: Robert K. Floyd, III, Baiju D. Mandalia, Robert P. Monaco, Mahesh Viswanathan
-
Patent number: 10171349Abstract: Embodiments of the present invention include methods, systems, and computer program products for packet forwarding. Aspects of the invention include receiving, from a source node, a first network queue in a set of network queues, wherein the first network queue includes one or more minimum network traffic performance requirements. A set of network paths is analyzed to determine a performance level for each network path and identify a first network path and a second network path with a performance level above the one or more minimum performance requirements of the first network queue. A determination is made that the first network path has a higher performance level than the second network path. Based at least in part on determining that the first network path has a higher performance level than the second network path, the first network queue is mapped to the first network path.Type: GrantFiled: November 13, 2017Date of Patent: January 1, 2019Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Robert K. Floyd, III, Richard E. Harper, Ruchi Mahindru
-
Publication number: 20180254984Abstract: Embodiments of the present invention include methods, systems, and computer program products for packet forwarding. Aspects of the invention include receiving, from a source node, a first network queue in a set of network queues, wherein the first network queue includes one or more minimum network traffic performance requirements. A set of network paths is analyzed to determine a performance level for each network path and identify a first network path and a second network path with a performance level above the one or more minimum performance requirements of the first network queue. A determination is made that the first network path has a higher performance level than the second network path. Based at least in part on determining that the first network path has a higher performance level than the second network path, the first network queue is mapped to the first network path.Type: ApplicationFiled: November 13, 2017Publication date: September 6, 2018Inventors: Robert K. Floyd, III, Richard E. Harper, Ruchi Mahindru
-
Publication number: 20180254983Abstract: Embodiments of the present invention include methods, systems, and computer program products for packet forwarding. Aspects of the invention include receiving, from a source node, a first network queue in a set of network queues, wherein the first network queue includes one or more minimum network traffic performance requirements. A set of network paths is analyzed to determine a performance level for each network path and identify a first network path and a second network path with a performance level above the one or more minimum performance requirements of the first network queue. A determination is made that the first network path has a higher performance level than the second network path. Based at least in part on determining that the first network path has a higher performance level than the second network path, the first network queue is mapped to the first network path.Type: ApplicationFiled: March 6, 2017Publication date: September 6, 2018Inventors: Robert K. Floyd, III, Richard E. Harper, Ruchi Mahindru
-
Publication number: 20180069833Abstract: An approach for regional firewall clustering for optimal state-sharing of different sites in a virtualized/networked (e.g., cloud) computing environment is provided. In a typical embodiment, each firewall in a given region is informed of its peer firewalls via a registration process with a centralized server. Each firewall opens up an Internet protocol (IP)-based communication channel to each of its peers in the region to share state table information. This allows for asymmetrical firewall flows through the network and allows routing protocols to ascertain the best path to a given destination without having to take firewall placement into consideration.Type: ApplicationFiled: November 9, 2017Publication date: March 8, 2018Inventors: Robert K. Floyd, III, Baiju D. Mandalia, Robert P. Monaco, Mahesh Viswanathan
-
Patent number: 9882875Abstract: An approach for regional firewall clustering for optimal state-sharing of different sites in a virtualized/networked (e.g., cloud) computing environment is provided. In a typical embodiment, each firewall in a given region is informed of its peer firewalls via a registration process with a centralized server. Each firewall opens up an Internet protocol (IP)-based communication channel to each of its peers in the region to share state table information. This allows for asymmetrical firewall flows through the network and allows routing protocols to ascertain the best path to a given destination without having to take firewall placement into consideration.Type: GrantFiled: September 2, 2016Date of Patent: January 30, 2018Assignee: International Business Machines CorporationInventors: Robert K. Floyd, III, Baiju D. Mandalia, Robert P. Monaco, Mahesh Viswanathan
-
Publication number: 20180006875Abstract: Techniques for dampening an interface flapping rate between switches in a network environment. An interface of a first switch is designated as being in an active mode in which forwarding activity of the interface is permitted. The interface is determined to exhibit flapping behavior satisfying one or more dampening criteria when in the active mode. An indication is sent to a second switch to isolate the interface. A reply to the indication is received from the second switch. The interface is designated as being in an isolated mode in which health monitoring of the interface is permitted but forwarding activity of the interface is prohibited. The interface is determined to satisfy one or more reinstatement criteria when in the isolated mode. The interface is redesignated as being in the active mode.Type: ApplicationFiled: July 1, 2016Publication date: January 4, 2018Inventors: Robert K Floyd, III, Catalin MARICA, Marian TUDOSOIU
-
Patent number: 9787531Abstract: A method and associated systems of automatic notification of isolation of a first networked device. In response to detecting that it is not being properly managed by a network-management means, the first networked device creates a notification message that identifies the problem and requests proper network management. The device then transmits this message to any other device or networked node that it can communicate with, along with a request that recipients try to forward the message to the network-management means. If a device that receives the message is able to forward the message successfully, the network-management means takes appropriate steps to begin properly managing the first networked device.Type: GrantFiled: October 11, 2013Date of Patent: October 10, 2017Assignee: International Business Machines CorporationInventors: Robert K. Floyd, III, Baiju D. Mandalia, Robert P. Monaco, Mahesh Viswanathan