Patents by Inventor Sunil Cherukuri
Sunil Cherukuri has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 10936549Abstract: One embodiment includes identifying a common file associated with a first software container deployed on a host; adding a single copy of the common file to a common file pool maintained by the host, removing the common file from the first container and replacing it with a pointer to the copy of the common file in the shared file pool, and removing the common file from the first container and replacing it with a pointer to the copy of the common file in the shared file pool; identifying at least one unique file associated with the first container; and moving the unique file to the common file pool maintained by the host and removing the unique file from the first container and replacing it with a pointer to the copy of the unique file in the shared file pool.Type: GrantFiled: March 16, 2017Date of Patent: March 2, 2021Assignee: Cisco Technology, Inc.Inventors: Sunil Cherukuri, Xiao Hu Gao, Alexander B. Altman
-
Patent number: 10523568Abstract: Disclosed are systems, methods, and computer-readable storage media for adaptive load balancing for application chains. A load-balancer can receive a data packet for a connection/transaction to be routed through an application chain. The load-balancer can select, based on an application path table, a first end-to-end application path through the application chain. The application path table can identify two or more end-to-end application paths through the application chain along with a corresponding performance status for each end-to-end application path through the application chain. The performance status for an application path can indicate a performance level of the end-to-end application path determined based on performance of previous data packets for previous connections transmitted through the application chain according to the end-to-end application path.Type: GrantFiled: December 9, 2016Date of Patent: December 31, 2019Assignee: CISCO TECHNOLOGY, INC.Inventors: Sunil Cherukuri, Xiao Hu Gao, Alexander B. Altman
-
Publication number: 20180267990Abstract: One embodiment includes identifying a common file associated with a first software container deployed on a host; adding a single copy of the common file to a common file pool maintained by the host, removing the common file from the first container and replacing it with a pointer to the copy of the common file in the shared file pool, and removing the common file from the first container and replacing it with a pointer to the copy of the common file in the shared file pool; identifying at least one unique file associated with the first container; and moving the unique file to the common file pool maintained by the host and removing the unique file from the first container and replacing it with a pointer to the copy of the unique file in the shared file pool.Type: ApplicationFiled: March 16, 2017Publication date: September 20, 2018Applicant: CISCO TECHNOLOGY, INC.Inventors: Sunil Cherukuri, Xiao Hu Gao, Alexander B. Altman
-
Publication number: 20180167450Abstract: Disclosed are systems, methods, and computer-readable storage media for adaptive load balancing for application chains. A load-balancer can receive a data packet for a connection/transaction to be routed through an application chain. The load-balancer can select, based on an application path table, a first end-to-end application path through the application chain. The application path table can identify two or more end-to-end application paths through the application chain along with a corresponding performance status for each end-to-end application path through the application chain. The performance status for an application path can indicate a performance level of the end-to-end application path determined based on performance of previous data packets for previous connections transmitted through the application chain according to the end-to-end application path.Type: ApplicationFiled: December 9, 2016Publication date: June 14, 2018Inventors: Sunil Cherukuri, Xiao Hu Gao, Alexander B. Altman
-
Patent number: 9979622Abstract: In one embodiment, a cloud network provides cloud services to the one or more clients, where data usage of each client is monitored on a per client basis. If the data usage of any client is above a first predetermined threshold, then a WAN optimization platform is automatically implemented within the cloud network for the client having the data usage determined to be above the first predetermined threshold.Type: GrantFiled: July 30, 2013Date of Patent: May 22, 2018Assignee: Cisco Technology, Inc.Inventors: Haseeb Niazi, Sunil Cherukuri, Mohammed Khalid
-
Publication number: 20180062944Abstract: A method is described and in one embodiment includes intercepting an API call destined for an application executing on a host server; accessing a Service Level Agreement (“SLA”) profile for the application, wherein the SLA indicates performance guarantees for the application; determining resource utilization for the host server and resource utilization for the current application and other applications running on that server; comparing the performance guarantees with the host server and application resource utilization to determine whether performance guarantees can be met if the API call is forwarded to the application based on the host server resource utilization; and, if it determined that the performance guarantees cannot be met if the API call is forwarded to the application, refraining from forwarding the API call to the application.Type: ApplicationFiled: September 1, 2016Publication date: March 1, 2018Applicant: CISCO TECHNOLOGY, INC.Inventors: Alexander B. Altman, Sunil Cherukuri, Xiao Hu Gao
-
Patent number: 9444789Abstract: An example method includes receiving a request for a cloud capability set during an Internet Key Exchange negotiation associated with a virtual private network (VPN) tunnel between a subscriber and a cloud, wherein the cloud capability set comprises one or more cloud capabilities, mapping the request to one or more cryptographic modules that can support the cloud capability set, and offloading the VPN tunnel to the one or more cryptographic modules. The request can be an Internet Security Association and Key Management Protocol (ISAKMP) packet listing the one or more cloud capabilities in a private payload. The method may further include splitting the VPN tunnel between the cryptographic modules if no single cryptographic module can support substantially all the cloud capabilities in the cloud capability set. In some embodiments, the request is compared with a service catalog comprising authorized cloud capabilities.Type: GrantFiled: August 27, 2014Date of Patent: September 13, 2016Assignee: CISCO TECHNOLOGY, INC.Inventors: Sunil Cherukuri, Mohamed Khalid, Brian Cinque
-
Patent number: 9313171Abstract: A device and method are provided to provide multi-exit firewall capabilities for cloud server or cloud service deployments without prior knowledge of reachability information of a client device where the client device may belong to one of several networks accessing the cloud server or cloud service. The reachability information may be derived based on flow of data to and from the client device in response to a data transfer initiation request. A firewall connection table may be updated to record routability to the client device comprising the derived reachability information. The recorded reachability information in the connection table may be used for the data transfer with the client device instead of a default route in a routing table.Type: GrantFiled: November 19, 2013Date of Patent: April 12, 2016Assignee: Cisco Technology, Inc.Inventors: Sunil Cherukuri, Xiao Hu Gao, Goran Saradzic
-
Patent number: 9210223Abstract: In one embodiment, a first network device receives a priority message from a second network device, wherein the priority message conforms to a connection establishment protocol and indicates a priority associated with the second network device. The first network device obtains the priority from the priority message and stores the priority. The first network device allocates resources for at least one of control or data plane processing to the second network device in accordance with the priority.Type: GrantFiled: August 23, 2014Date of Patent: December 8, 2015Assignee: Cisco Technology, Inc.Inventors: Mohamed Khalid, Sunil Cherukuri, Haseeb Sarwar Niazi, Muhammad Afaq Khan
-
Publication number: 20150143501Abstract: A device and method are provided to provide multi-exit firewall capabilities for cloud server or cloud service deployments without prior knowledge of reachability information of a client device where the client device may belong to one of several networks accessing the cloud server or cloud service. The reachability information may be derived based on flow of data to and from the client device in response to a data transfer initiation request. A firewall connection table may be updated to record routability to the client device comprising the derived reachability information. The recorded reachability information in the connection table may be used for the data transfer with the client device instead of a default route in a routing table.Type: ApplicationFiled: November 19, 2013Publication date: May 21, 2015Applicant: Cisco Technology, Inc.Inventors: Sunil Cherukuri, Xiao Hu Gao, Goran Saradzic
-
Publication number: 20150039744Abstract: In one embodiment, a cloud network provides cloud services to the one or more clients, where data usage of each client is monitored on a per client basis. If the data usage of any client is above a first predetermined threshold, then a WAN optimization platform is automatically implemented within the cloud network for the client having the data usage determined to be above the first predetermined threshold.Type: ApplicationFiled: July 30, 2013Publication date: February 5, 2015Applicant: Cisco Technology, Inc.Inventors: Haseeb Niazi, Sunil Cherukuri, Mohammed Khalid
-
Publication number: 20140372761Abstract: An example method includes receiving a request for a cloud capability set during an Internet Key Exchange negotiation associated with a virtual private network (VPN) tunnel between a subscriber and a cloud, wherein the cloud capability set comprises one or more cloud capabilities, mapping the request to one or more cryptographic modules that can support the cloud capability set, and offloading the VPN tunnel to the one or more cryptographic modules. The request can be an Internet Security Association and Key Management Protocol (ISAKMP) packet listing the one or more cloud capabilities in a private payload. The method may further include splitting the VPN tunnel between the cryptographic modules if no single cryptographic module can support substantially all the cloud capabilities in the cloud capability set. In some embodiments, the request is compared with a service catalog comprising authorized cloud capabilities.Type: ApplicationFiled: August 27, 2014Publication date: December 18, 2014Applicant: CISCO TECHNOLOGY, INC.Inventors: Sunil Cherukuri, Mohamed Khalid, Brian Cinque
-
Publication number: 20140365672Abstract: In one embodiment, a first network device receives a priority message from a second network device, wherein the priority message conforms to a connection establishment protocol and indicates a priority associated with the second network device. The first network device obtains the priority from the priority message and stores the priority. The first network device allocates resources for at least one of control or data plane processing to the second network device in accordance with the priority.Type: ApplicationFiled: August 23, 2014Publication date: December 11, 2014Inventors: Mohamed KHALID, Sunil CHERUKURI, Haseeb Sarwar NIAZI, Muhammad Afaq Khan
-
Patent number: 8862883Abstract: An example method includes receiving a request for a cloud capability set during an Internet Key Exchange negotiation associated with a virtual private network (VPN) tunnel between a subscriber and a cloud, wherein the cloud capability set comprises one or more cloud capabilities, mapping the request to one or more cryptographic modules that can support the cloud capability set, and offloading the VPN tunnel to the one or more cryptographic modules. The request can be an Internet Security Association and Key Management Protocol (ISAKMP) packet listing the one or more cloud capabilities in a private payload. The method may further include splitting the VPN tunnel between the cryptographic modules if no single cryptographic module can support substantially all the cloud capabilities in the cloud capability set. In some embodiments, the request is compared with a service catalog comprising authorized cloud capabilities.Type: GrantFiled: May 16, 2012Date of Patent: October 14, 2014Assignee: Cisco Technology, Inc.Inventors: Sunil Cherukuri, Mohamed Khalid, Brian Cinque
-
Patent number: 8850521Abstract: In one embodiment, a first network device receives a priority message from a second network device, wherein the priority message conforms to a connection establishment protocol and indicates a priority associated with the second network device. The first network device obtains the priority from the priority message and stores the priority. The first network device allocates resources for at least one of control or data plane processing to the second network device in accordance with the priority.Type: GrantFiled: August 4, 2009Date of Patent: September 30, 2014Assignee: Cisco Technology, Inc.Inventors: Mohamed Khalid, Sunil Cherukuri, Haseeb Sarwar Niazi, Muhammad Afaq Khan
-
Patent number: 8650618Abstract: Apparatus, methods, and other embodiments associated with providing service insertion architecture (SIA) differentiated services in a virtual private network (VPN) environment are described. Embodiments may provision an authentication, authorization, and accounting (AAA) server with user-to-SIA service-context mapping information. With the AAA server provisioned, embodiments may acquire, in an IPSec VPN hub, during IPSec tunnel user authentication, from the AAA server, the user-to-SIA service-context mapping information. With the mapping information available, embodiments may dynamically map an SIA service to an IPSec VPN tunnel user based on the service information acquired from the Service Broker or Pseudo-Service Broker.Type: GrantFiled: July 22, 2009Date of Patent: February 11, 2014Assignee: Cisco Technology, Inc.Inventors: Rajiv Asati, Mohamed Khalid, Sunil Cherukuri, Kenneth A. Durazzo, Shree Murthy
-
Publication number: 20130311778Abstract: An example method includes receiving a request for a cloud capability set during an Internet Key Exchange negotiation associated with a virtual private network (VPN) tunnel between a subscriber and a cloud, wherein the cloud capability set comprises one or more cloud capabilities, mapping the request to one or more cryptographic modules that can support the cloud capability set, and offloading the VPN tunnel to the one or more cryptographic modules. The request can be an Internet Security Association and Key Management Protocol (ISAKMP) packet listing the one or more cloud capabilities in a private payload. The method may further include splitting the VPN tunnel between the cryptographic modules if no single cryptographic module can support substantially all the cloud capabilities in the cloud capability set. In some embodiments, the request is compared with a service catalog comprising authorized cloud capabilities.Type: ApplicationFiled: May 16, 2012Publication date: November 21, 2013Inventors: Sunil Cherukuri, Mohamed Khalid, Brian Cinque
-
Patent number: 7976346Abstract: An interface comprising a docking site having a first electrical connector adapted to interconnect a bus, and having at least one first retainer portion; and an adapter comprising: at least one second retainer portion, wherein the at least one second retainer portion and the at least one first retainer portion are adapted to releasably engage; a second electrical connector, wherein the second electrical connector and the first electrical connector are adapted to engage and interconnect; at least one port adapted to accept at least one modular connector having at least one electrical contact; and at least one electrical interconnect adapted to interconnect the at least one electrical contact with the second electrical connector.Type: GrantFiled: March 6, 2009Date of Patent: July 12, 2011Assignee: Cisco Technology, Inc.Inventors: Jason Guy, Aamer Akhter, Sunil Cherukuri, Haseeb Niazi, Robert Payment
-
Publication number: 20110035796Abstract: In one embodiment, a first network device receives a priority message from a second network device, wherein the priority message conforms to a connection establishment protocol and indicates a priority associated with the second network device. The first network device obtains the priority from the priority message and stores the priority. The first network device allocates resources for at least one of control or data plane processing to the second network device in accordance with the priority.Type: ApplicationFiled: August 4, 2009Publication date: February 10, 2011Inventors: Mohamed Khalid, Sunil Cherukuri, Haseeb Sarwar Niazi, Muhammad Afaq Khan
-
Publication number: 20110023090Abstract: Apparatus, methods, and other embodiments associated with providing service insertion architecture (SIA) differentiated services in a virtual private network (VPN) environment are described. Embodiments may provision an authentication, authorization, and accounting (AAA) server with user-to-SIA service-context mapping information. With the AAA server provisioned, embodiments may acquire, in an IPSec VPN hub, during IPSec tunnel user authentication, from the AAA server, the user-to-SIA service-context mapping information. With the mapping information available, embodiments may dynamically map an SIA service to an IPSec VPN tunnel user based on the service information acquired from the Service Broker or Pseudo-Service Broker.Type: ApplicationFiled: July 22, 2009Publication date: January 27, 2011Applicant: CISCO TECHNOLOGY, INCInventors: Rajiv ASATI, Mohamed KHALID, Sunil CHERUKURI, Kenneth A. DURAZZO, Shree MURTHY