Patents by Inventor Sridhar Vallepalli
Sridhar Vallepalli has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11949602Abstract: An endpoint group (EPG) can be stretched between the sites so that endpoints at different sites can be assigned to the same stretched EPG. Because the sites can use different bridge domains when establishing the stretched EPGs, the first time a site transmits a packet to an endpoint in a different site, the site learns or discovers a path to the destination endpoint. The site can use BGP to identify the site with the host and use a multicast tunnel to reach the site. A unicast tunnel can be used to transmit future packets to the destination endpoint. Additionally, a stretched EPG can be segmented to form a micro-stretched EPG. Filtering criteria can be used to identify a subset of the endpoints in the stretched EPG that are then assigned to the micro-stretched EPG, which can have different policies than the stretched EPG.Type: GrantFiled: September 21, 2021Date of Patent: April 2, 2024Assignee: Cisco Technology, Inc.Inventors: Javed Asghar, Sridhar Vallepalli, Umamaheswararao Karyampudi, Srinivas Kotamraju
-
Publication number: 20240080309Abstract: A Software-Defined Networking (SDN)-based “upstream” approach is a controller-based solution that provides secure key distribution and management for multi-site data centers. The approach uses an SDN Multi-Site Controller (MSC) that acts as an intermediary between SDN controllers at sites in a multi-site data center and manages the distribution of keys to sites. The approach is not dependent upon any particular routing protocol, such as the Border Gateway Protocol (BGP), and is well suited for multicast stream encryption by allowing the same key to be used for all replicated packets sent to downstream sites from an upstream source site. The approach distributes keys in a secure manner, ensures that data transferred between sites is done in a secure manner, and supports re-keying with error handling.Type: ApplicationFiled: November 14, 2023Publication date: March 7, 2024Inventors: Govind Prasad Sharma, Javed Asghar, Prabhu Balakannan, Sridhar Vallepalli
-
Publication number: 20240048509Abstract: Embodiments herein describe using translation mappings and security contracts to establish interconnects and policies between switching fabrics at different sites to create a unified fabric. In one embodiment, a multi-site controller can stretch endpoint groups (EPGs) between the sites so that a host or application in a first site can communicate with a host or application in a second site which is assigned to the same stretched EPG, despite the two sites have different namespaces. Further, the shadow EPGs can be formed to facilitate security contracts between EPGs in different sites. Each site can store namespace translation mapping that enable the site to convert namespace information in packets received from a different site into its own namespace values. As a result, independent bridging and routing segments in the various sites can be interconnected as well as providing application accessibility across different fabrics with independent and private namespaces.Type: ApplicationFiled: September 11, 2023Publication date: February 8, 2024Inventors: Sridhar VALLEPALLI, Javed ASGHAR, Umamaheswararao KARYAMPUDI, Saad MALIK, Amitkumar V. PATEL
-
Patent number: 11895100Abstract: A Software-Defined Networking (SDN)-based “upstream” approach is a controller-based solution that provides secure key distribution and management for multi-site data centers. The approach uses an SDN Multi-Site Controller (MSC) that acts as an intermediary between SDN controllers at sites in a multi-site data center and manages the distribution of keys to sites. The approach is not dependent upon any particular routing protocol, such as the Border Gateway Protocol (BGP), and is well suited for multicast stream encryption by allowing the same key to be used for all replicated packets sent to downstream sites from an upstream source site. The approach distributes keys in a secure manner, ensures that data transferred between sites is done in a secure manner, and supports re-keying with error handling.Type: GrantFiled: July 27, 2020Date of Patent: February 6, 2024Assignee: Cisco Technology, Inc.Inventors: Govind Prasad Sharma, Javed Asghar, Prabhu Balakannan, Sridhar Vallepalli
-
Patent number: 11757793Abstract: Embodiments herein describe using translation mappings and security contracts to establish interconnects and policies between switching fabrics at different sites to create a unified fabric. In one embodiment, a multi-site controller can stretch endpoint groups (EPGs) between the sites so that a host or application in a first site can communicate with a host or application in a second site which is assigned to the same stretched EPG, despite the two sites have different namespaces. Further, the shadow EPGs can be formed to facilitate security contracts between EPGs in different sites. Each site can store namespace translation mapping that enable the site to convert namespace information in packets received from a different site into its own namespace values. As a result, independent bridging and routing segments in the various sites can be interconnected as well as providing application accessibility across different fabrics with independent and private namespaces.Type: GrantFiled: September 15, 2021Date of Patent: September 12, 2023Assignee: Cisco Technology, Inc.Inventors: Sridhar Vallepalli, Javed Asghar, Umamaheswararao Karyampudi, Saad Malik, Amitkumar V. Patel
-
Publication number: 20220006757Abstract: An endpoint group (EPG) can be stretched between the sites so that endpoints at different sites can be assigned to the same stretched EPG. Because the sites can use different bridge domains when establishing the stretched EPGs, the first time a site transmits a packet to an endpoint in a different site, the site learns or discovers a path to the destination endpoint. The site can use BGP to identify the site with the host and use a multicast tunnel to reach the site. A unicast tunnel can be used to transmit future packets to the destination endpoint. Additionally, a stretched EPG can be segmented to form a micro-stretched EPG. Filtering criteria can be used to identify a subset of the endpoints in the stretched EPG that are then assigned to the micro-stretched EPG, which can have different policies than the stretched EPG.Type: ApplicationFiled: September 21, 2021Publication date: January 6, 2022Inventors: Javed ASGHAR, Sridhar VALLEPALLI, Umamaheswararao KARYAMPUDI, Srinivas KOTAMRAJU
-
Publication number: 20220006758Abstract: Embodiments herein describe using translation mappings and security contracts to establish interconnects and policies between switching fabrics at different sites to create a unified fabric. In one embodiment, a multi-site controller can stretch endpoint groups (EPGs) between the sites so that a host or application in a first site can communicate with a host or application in a second site which is assigned to the same stretched EPG, despite the two sites have different namespaces. Further, the shadow EPGs can be formed to facilitate security contracts between EPGs in different sites. Each site can store namespace translation mapping that enable the site to convert namespace information in packets received from a different site into its own namespace values. As a result, independent bridging and routing segments in the various sites can be interconnected as well as providing application accessibility across different fabrics with independent and private namespaces.Type: ApplicationFiled: September 15, 2021Publication date: January 6, 2022Inventors: Sridhar VALLEPALLI, Javed ASGHAR, Umamaheswararao KARYAMPUDI, Saad MALIK, Amitkumar V. PATEL
-
Patent number: 11201859Abstract: A method and apparatus for providing tenant specific encryption is described herein. According to an embodiment, a transmission site receives a data packet for transmission or forwarding. The transmission site determines, based on information in a header of the data packet, that the data packet is to be encrypted before transmission or forwarding. Using the information in the header, the transmission site identifies an encryption key for the data packet. The transmission site generates, for the data packet, an additional header and populates the additional header with a destination port number based on a destination port header value of the data packet. The transmission site overwrites the destination port header value of the packet with data indicating that the data packet is encrypted and then encrypts an encapsulated packet within the data packet using the encryption key prior to transmitting or forwarding the data packet.Type: GrantFiled: October 17, 2018Date of Patent: December 14, 2021Assignee: Cisco Technology, Inc.Inventors: Javed Asghar, Sridhar Vallepalli, Govind Prasad Sharma, Eshwar Rao Yedavalli
-
Patent number: 11178071Abstract: Embodiments herein describe using translation mappings and security contracts to establish interconnects and policies between switching fabrics at different sites to create a unified fabric. In one embodiment, a multi-site controller can stretch endpoint groups (EPGs) between the sites so that a host or application in a first site can communicate with a host or application in a second site which is assigned to the same stretched EPG, despite the two sites have different namespaces. Further, the shadow EPGs can be formed to facilitate security contracts between EPGs in different sites. Each site can store namespace translation mapping that enable the site to convert namespace information in packets received from a different site into its own namespace values. As a result, independent bridging and routing segments in the various sites can be interconnected as well as providing application accessibility across different fabrics with independent and private namespaces.Type: GrantFiled: October 18, 2018Date of Patent: November 16, 2021Assignee: Cisco Technology, Inc.Inventors: Sridhar Vallepalli, Javed Asghar, Umamaheswararao Karyampudi, Saad Malik, Amitkumar V. Patel
-
Patent number: 11159451Abstract: An endpoint group (EPG) can be stretched between the sites so that endpoints at different sites can be assigned to the same stretched EPG. Because the sites can use different bridge domains when establishing the stretched EPGs, the first time a site transmits a packet to an endpoint in a different site, the site learns or discovers a path to the destination endpoint. The site can use BGP to identify the site with the host and use a multicast tunnel to reach the site. A unicast tunnel can be used to transmit future packets to the destination endpoint. Additionally, a stretched EPG can be segmented to form a micro-stretched EPG. Filtering criteria can be used to identify a subset of the endpoints in the stretched EPG that are then assigned to the micro-stretched EPG, which can have different policies than the stretched EPG.Type: GrantFiled: October 16, 2018Date of Patent: October 26, 2021Assignee: Cisco Technology, Inc.Inventors: Javed Asghar, Sridhar Vallepalli, Umamaheswararao Karyampudi, Srinivas Kotamraju
-
Publication number: 20200358750Abstract: A Software-Defined Networking (SDN)-based “upstream” approach is a controller-based solution that provides secure key distribution and management for multi-site data centers. The approach uses an SDN Multi-Site Controller (MSC) that acts as an intermediary between SDN controllers at sites in a multi-site data center and manages the distribution of keys to sites. The approach is not dependent upon any particular routing protocol, such as the Border Gateway Protocol (BGP), and is well suited for multicast stream encryption by allowing the same key to be used for all replicated packets sent to downstream sites from an upstream source site. The approach distributes keys in a secure manner, ensures that data transferred between sites is done in a secure manner, and supports re-keying with error handling.Type: ApplicationFiled: July 27, 2020Publication date: November 12, 2020Inventors: Govind Prasad Sharma, Javed Asghar, Prabhu Balakannan, Sridhar Vallepalli
-
Patent number: 10778662Abstract: A Software-Defined Networking (SDN)-based “upstream” approach is a controller-based solution that provides secure key distribution and management for multi-site data centers. The approach uses an SDN Multi-Site Controller (MSC) that acts as an intermediary between SDN controllers at sites in a multi-site data center and manages the distribution of keys to sites. The approach is not dependent upon any particular routing protocol, such as the Border Gateway Protocol (BGP), and is well suited for multicast stream encryption by allowing the same key to be used for all replicated packets sent to downstream sites from an upstream source site. The approach distributes keys in a secure manner, ensures that data transferred between sites is done in a secure manner, and supports re-keying with error handling.Type: GrantFiled: October 22, 2018Date of Patent: September 15, 2020Assignee: Cisco Technology, Inc.Inventors: Govind Prasad Sharma, Javed Asghar, Prabhu Balakannan, Sridhar Vallepalli
-
Publication number: 20200127987Abstract: A Software-Defined Networking (SDN)-based “upstream” approach is a controller-based solution that provides secure key distribution and management for multi-site data centers. The approach uses an SDN Multi-Site Controller (MSC) that acts as an intermediary between SDN controllers at sites in a multi-site data center and manages the distribution of keys to sites. The approach is not dependent upon any particular routing protocol, such as the Border Gateway Protocol (BGP), and is well suited for multicast stream encryption by allowing the same key to be used for all replicated packets sent to downstream sites from an upstream source site. The approach distributes keys in a secure manner, ensures that data transferred between sites is done in a secure manner, and supports re-keying with error handling.Type: ApplicationFiled: October 22, 2018Publication date: April 23, 2020Inventors: Govind Prasad Sharma, Javed Asghar, Prabhu Balakannan, Sridhar Vallepalli
-
Publication number: 20200127983Abstract: A method and apparatus for providing tenant specific encryption is described herein. According to an embodiment, a transmission site receives a data packet for transmission or forwarding. The transmission site determines, based on information in a header of the data packet, that the data packet is to be encrypted before transmission or forwarding. Using the information in the header, the transmission site identifies an encryption key for the data packet. The transmission site generates, for the data packet, an additional header and populates the additional header with a destination port number based on a destination port header value of the data packet. The transmission site overwrites the destination port header value of the packet with data indicating that the data packet is encrypted and then encrypts an encapsulated packet within the data packet using the encryption key prior to transmitting or forwarding the data packet.Type: ApplicationFiled: October 17, 2018Publication date: April 23, 2020Inventors: Javed Asghar, Sridhar Vallepalli, Govind Prasad Sharma, Eshwar Rao Yedavalli
-
Patent number: 10623421Abstract: Theft detection in data center networks may be provided. First, a first leaf switch may create an entry in a first distributed secure cache in response to an endpoint appearing on the first leaf switch. The entry may correspond to the endpoint and may be marked as having a tentative state. Then a request message may be sent to a plurality of leaf switches. The request message may comprise data identifying the endpoint. Next, a reply message may be received in response to the request message from a second leaf switch within the plurality of leaf switches. The tentative state may then be removed from the entry in response to the reply message indicating that the endpoint is valid.Type: GrantFiled: October 20, 2017Date of Patent: April 14, 2020Assignee: Cisco Technology, Inc.Inventors: Govind P. Sharma, Gilles Rhéal Roy, Eric Levy-Abegnoli, Ajay Kumar Modi, Sridhar Vallepalli
-
Publication number: 20200014636Abstract: Embodiments herein describe using translation mappings and security contracts to establish interconnects and policies between switching fabrics at different sites to create a unified fabric. In one embodiment, a multi-site controller can stretch endpoint groups (EPGs) between the sites so that a host or application in a first site can communicate with a host or application in a second site which is assigned to the same stretched EPG, despite the two sites have different namespaces. Further, the shadow EPGs can be formed to facilitate security contracts between EPGs in different sites. Each site can store namespace translation mapping that enable the site to convert namespace information in packets received from a different site into its own namespace values. As a result, independent bridging and routing segments in the various sites can be interconnected as well as providing application accessibility across different fabrics with independent and private namespaces.Type: ApplicationFiled: October 18, 2018Publication date: January 9, 2020Inventors: Sridhar VALLEPALLI, Javed ASGHAR, Umamaheswararao KARYAMPUDI, Saad MALIK, Amitkumar V. PATEL
-
Publication number: 20200014634Abstract: An endpoint group (EPG) can be stretched between the sites so that endpoints at different sites can be assigned to the same stretched EPG. Because the sites can use different bridge domains when establishing the stretched EPGs, the first time a site transmits a packet to an endpoint in a different site, the site learns or discovers a path to the destination endpoint. The site can use BGP to identify the site with the host and use a multicast tunnel to reach the site. A unicast tunnel can be used to transmit future packets to the destination endpoint. Additionally, a stretched EPG can be segmented to form a micro-stretched EPG. Filtering criteria can be used to identify a subset of the endpoints in the stretched EPG that are then assigned to the micro-stretched EPG, which can have different policies than the stretched EPG.Type: ApplicationFiled: October 16, 2018Publication date: January 9, 2020Inventors: Javed ASGHAR, Sridhar VALLEPALLI, Umamaheswararao KARYAMPUDI, Srinivas KOTAMRAJU
-
Patent number: 10389618Abstract: Methods for distributing multicast network path information to various network nodes in a network environment are disclosed. An exemplary method includes a downstream node transmitting a first message including a network path indicating a specific desired route that is to be used when delivering multicast traffic from a given multicast source to a given host, as well as an identifier assigned to the network path in order to uniquely identify that network path in the network. The method also includes the downstream node transmitting a second message for announcing that the multicast source is to be reached via the network path announced in the first message. The second message identifies the network path to be used by including the identifier of the path announced in the first message, but not the network path itself.Type: GrantFiled: January 23, 2017Date of Patent: August 20, 2019Assignee: Cisco Technology, Inc.Inventors: Heidi Ou, Sridhar Vallepalli
-
Publication number: 20190124093Abstract: Theft detection in data center networks may be provided. First, a first leaf switch may create an entry in a first distributed secure cache in response to an endpoint appearing on the first leaf switch. The entry may correspond to the endpoint and may be marked as having a tentative state. Then a request message may be sent to a plurality of leaf switches. The request message may comprise data identifying the endpoint. Next, a reply message may be received in response to the request message from a second leaf switch within the plurality of leaf switches. The tentative state may then be removed from the entry in response to the reply message indicating that the endpoint is valid.Type: ApplicationFiled: October 20, 2017Publication date: April 25, 2019Applicant: Cisco Technology, Inc.Inventors: Govind P. Sharma, Gilles Rhéal Roy, Eric Levy-Abegnoli, Ajay Kumar Modi, Sridhar Vallepalli
-
Publication number: 20180212861Abstract: Methods for distributing multicast network path information to various network nodes in a network environment are disclosed. An exemplary method includes a downstream node transmitting a first message including a network path indicating a specific desired route that is to be used when delivering multicast traffic from a given multicast source to a given host, as well as an identifier assigned to the network path in order to uniquely identify that network path in the network. The method also includes the downstream node transmitting a second message for announcing that the multicast source is to be reached via the network path announced in the first message. The second message identifies the network path to be used by including the identifier of the path announced in the first message, but not the network path itself.Type: ApplicationFiled: January 23, 2017Publication date: July 26, 2018Applicant: CISCO TECHNOLOGY, INC.Inventors: Heidi Ou, Sridhar Vallepalli