Patents by Inventor Ajeet Pal Singh Gill
Ajeet Pal Singh Gill has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Publication number: 20240146565Abstract: Techniques for virtualizing tenant transport interfaces configured to implement per-tenant network routing attribute differentiation in each tenant overlay of a multisite wide area network (WAN) and share the virtual transport interfaces between multi-tenant edge (MTE) devices providing transport services to tenant devices based on a defined tenant tier model. A Software-Defined Networking (SDN) controller may receive a physical transport interface and/or a device type associated with a tenant device. The SDN controller may determine a virtual transport interface for the tenant device based on a tier associated with the tenant. MTE device(s) may utilize the physical transport interface to establish sessions with other MTE device(s) in the WAN. The virtual transport interface may be utilized by MTE devices to implement and/or enforce network routing attributes when forwarding network traffic associated with the tenant via the sessions established between the MTE devices through the WAN.Type: ApplicationFiled: November 2, 2022Publication date: May 2, 2024Inventors: Ajeet Pal Singh Gill, Balaji Sundararajan, Srilatha Tangirala, Nithin Bangalore Raju, Ravi Kiran Chintallapudi, Pradeepan Kannawadi, Ganesh Devendrachar
-
Patent number: 11962429Abstract: Techniques for virtualizing tenant transport interfaces configured to implement per-tenant network routing attribute differentiation in each tenant overlay of a multisite wide area network (WAN) and share the virtual transport interfaces between multi-tenant edge (MTE) devices providing transport services to tenant devices based on a defined tenant tier model. A Software-Defined Networking (SDN) controller may receive a physical transport interface and/or a device type associated with a tenant device. The SDN controller may determine a virtual transport interface for the tenant device based on a tier associated with the tenant. MTE device(s) may utilize the physical transport interface to establish sessions with other MTE device(s) in the WAN. The virtual transport interface may be utilized by MTE devices to implement and/or enforce network routing attributes when forwarding network traffic associated with the tenant via the sessions established between the MTE devices through the WAN.Type: GrantFiled: November 2, 2022Date of Patent: April 16, 2024Assignee: Cisco Technology, Inc.Inventors: Balaji Sundararajan, Srilatha Tangirala, Ajeet Pal Singh Gill, Nithin Bangalore Raju, Ravi Kiran Chintallapudi, Pradeepan Kannawadi, Ganesh Devendrachar
-
Publication number: 20240015225Abstract: In one embodiment, a method includes onboarding, by an edge router, a first tenant from a network management system and determining, by the edge router, a mapping of a tenant identifier associated with the first tenant to a controller identifier associated with a controller. The method also includes reserving, by the edge router, a port number in a kernel for the first tenant and inserting, by the edge router, the tenant identifier into a first control packet. The method further includes communicating, by the edge router, the first control packet to the controller via an encrypted control connection during a first peering session. The first peering session shares the encrypted control connection with a second peering session.Type: ApplicationFiled: September 25, 2023Publication date: January 11, 2024Inventors: Srilatha Tangirala, Rahul Hardikar, Sheikh Qumruzzaman, Ravi Kiran Chintallapudi, Samir Thoria, Ajeet Pal Singh Gill, Vivek Agarwal
-
Publication number: 20230327994Abstract: According to certain embodiments, a method by a network device includes receiving a handshake message for a traffic flow from a Software-Defined Wide-Area Network (SDWAN) and determining, from a traffic policy, whether the traffic flow should be symmetrical. In response to determining from the traffic policy that the traffic flow should be symmetrical, the method further includes performing a flow lookup on the traffic flow to determine if the network device originated the traffic flow. In response to determining that the network device did not originate the traffic flow, the method further includes determining a second network device that originated the traffic flow and sending the handshake message for the traffic flow to the second network device in order to maintain symmetry for the traffic flow.Type: ApplicationFiled: April 12, 2022Publication date: October 12, 2023Inventors: Balaji Sundararajan, Srilatha Tangirala, Ajeet Pal Singh Gill, Vivek Agarwal, Nithin Bangalore Raju
-
Patent number: 11778038Abstract: In one embodiment, a method includes onboarding, by an edge router, a first tenant from a network management system and determining, by the edge router, a mapping of a tenant identifier associated with the first tenant to a controller identifier associated with a controller. The method also includes reserving, by the edge router, a port number in a kernel for the first tenant and inserting, by the edge router, the tenant identifier into a first control packet. The method further includes communicating, by the edge router, the first control packet to the controller via an encrypted control connection during a first peering session. The first peering session shares the encrypted control connection with a second peering session.Type: GrantFiled: March 31, 2022Date of Patent: October 3, 2023Assignee: CISCO TECHNOLOGY, INC.Inventors: Srilatha Tangirala, Rahul Hardikar, Sheikh Qumruzzaman, Ravi Kiran Chintallapudi, Samir Thoria, Ajeet Pal Singh Gill, Vivek Agarwal
-
Publication number: 20230262525Abstract: In one embodiment, a method includes receiving one or more 5G software-defined wide area network (SD-WAN) policies, identifying one or more identity-based policies from the one or more 5G SD-WAN policies, communicating the identified one or more identity-based policies to one or more WAN routers, communicating one or more 5G bindings to the one or more WAN routers, and applying the identified one or more identity-based policies to one or more flows between the one or more WAN routers.Type: ApplicationFiled: August 8, 2022Publication date: August 17, 2023Inventors: Gangadharan Byju Pularikkal, Einar Nilsen-Nygaard, Vivek Agarwal, Ajeet Pal Singh Gill, Ravi Sankar Mantha, Saravanan Radhakrishnan
-
Publication number: 20230188607Abstract: In one embodiment, a method includes onboarding, by an edge router, a first tenant from a network management system and determining, by the edge router, a mapping of a tenant identifier associated with the first tenant to a controller identifier associated with a controller. The method also includes reserving, by the edge router, a port number in a kernel for the first tenant and inserting, by the edge router, the tenant identifier into a first control packet. The method further includes communicating, by the edge router, the first control packet to the controller via an encrypted control connection during a first peering session. The first peering session shares the encrypted control connection with a second peering session.Type: ApplicationFiled: March 31, 2022Publication date: June 15, 2023Inventors: Srilatha Tangirala, Rahul Hardikar, Sheikh Qumruzzaman, Ravi Kiran Chintallapudi, Samir Thoria, Ajeet Pal Singh Gill, Vivek Agarwal
-
Publication number: 20230188502Abstract: In one embodiment, a method includes identifying, by a router, a first tenant. The first tenant is associated with a first tenant virtual private network (VPN). The method also includes determining, by the router, a mapping of the first tenant VPN to a first device VPN and generating, by the router, a first label representing the first device VPN. The method further includes adding, by the router, the first label to a first network packet and communicating, by the router, the first network packet with the first label to a controller.Type: ApplicationFiled: March 31, 2022Publication date: June 15, 2023Inventors: Samir Thoria, Ajeet Pal Singh Gill, Srilatha Tangirala, Balaji Sundararajan, Nithin Bangalore Raju, Vivek Agarwal
-
Publication number: 20220326995Abstract: A method for allocating resources of a virtual controller is disclosed. The method comprises: allocating resources of a virtual controller to a first tenant, wherein the first tenant is allocated a first tenant quantity of guaranteed resources of the virtual controller and a second tenant is allocated a second tenant quantity of guaranteed resources of the virtual controller; determining that resources requested by the first tenant are greater than the first tenant quantity of guaranteed resources; determining that the virtual controller has unutilized resources sufficient to at least partially provide additional resources beyond the first tenant quantity of guaranteed resources to the first tenant; and temporarily provisioning the additional resources to the first tenant, wherein the additional resources are greater than the first tenant quantity of guaranteed resources.Type: ApplicationFiled: July 30, 2021Publication date: October 13, 2022Inventors: Xiaohu Wang, Ajeet Pal Singh Gill, Srilatha Tangirala, Nithin Bangalore Raju, Prabahar Radhakrishnan, Vivek Agarwal, Balaji Sundararajan
-
Publication number: 20220066845Abstract: The present technology addresses a need in the art for an automated and scalable mechanism to authorize a containerized process. An aspect of the present technology deals with authorizing an unprivileged process by a privileged process without embedding credentials or network access at the time of validation. The present technology provides the possibility for the privileged process to continuously (dynamically) validate the authenticity of the unprivileged process by performing a plurality of operations to ensure the unprivileged process has maintained its authenticity while having access to sensitive information.Type: ApplicationFiled: August 27, 2020Publication date: March 3, 2022Inventors: Xiaochun Lu, Yiwen Zhang, Alphonse Hansel Anthony Selvanayagam, Ajeet Pal Singh Gill, Ravinandan Govinda Rao Arakali
-
Patent number: 10938727Abstract: In accordance with various implementations, a method is performed at a data plane node with one or more processors, non-transitory memory, and a control interface between a network function module associated with the data plane node and a switch associated with the data plane node. The method includes determining whether an offload capability is available for a data flow received at an ingress network interface of the data plane node. The method also includes determining whether the data flow satisfies offload criteria in response to determining that the offload capability is available. The method includes bypassing the network function module associated with the data plane node and providing the data flow to at least one of the switch associated with the data plane node or an egress network interface associated with the data plane node in response to determining the offload capability is available and the offload criteria is satisfied.Type: GrantFiled: July 1, 2019Date of Patent: March 2, 2021Assignee: Cisco Technology, Inc.Inventors: Prasannakumar Murugesan, Ajeet Pal Singh Gill, Aeneas Sean Dodd-Noble, David A. Johnson, Ian McDowell Campbell
-
Patent number: 10560394Abstract: In one embodiment, a method includes assigning a number of threads for user plane functions to a corresponding number of transmit queues for transmission of packets on a network interface, assigning additional threads exceeding the number of transmit queues to software transmission queues associated with the threads assigned to the transmit queues, identifying a load at each of the threads, dynamically updating assignment of the additional threads to the software transmission queues based on the load at the threads, and transmitting packets from the transmit queues for transmission on a network from a physical interface at a network device. An apparatus and logic are also disclosed herein.Type: GrantFiled: September 22, 2017Date of Patent: February 11, 2020Assignee: CISCO TECHNOLOGY, INC.Inventors: Prasannakumar Murugesan, Ajeet Pal Singh Gill, David A. Johnson, Ian McDowell Campbell, Ravinandan Arakali
-
Publication number: 20190327177Abstract: In accordance with various implementations, a method is performed at a data plane node with one or more processors, non-transitory memory, and a control interface between a network function module associated with the data plane node and a switch associated with the data plane node. The method includes determining whether an offload capability is available for a data flow received at an ingress network interface of the data plane node. The method also includes determining whether the data flow satisfies offload criteria in response to determining that the offload capability is available. The method includes bypassing the network function module associated with the data plane node and providing the data flow to at least one of the switch associated with the data plane node or an egress network interface associated with the data plane node in response to determining the offload capability is available and the offload criteria is satisfied.Type: ApplicationFiled: July 1, 2019Publication date: October 24, 2019Inventors: Prasannakumar Murugesan, Ajeet Pal Singh Gill, Aeneas Sean Dodd-Noble, David A. Johnson, Ian McDowell Campbell
-
Patent number: 10382346Abstract: In accordance with various implementations, a method is performed at a data plane node with one or more processors, non-transitory memory, and a control interface between a network function module associated with the data plane node and a switch associated with the data plane node. The method includes determining whether an offload capability is available for a data flow received at an ingress network interface of the data plane node. The method also includes determining whether the data flow satisfies offload criteria in response to determining that the offload capability is available. The method includes bypassing the network function module associated with the data plane node and providing the data flow to at least one of the switch associated with the data plane node or an egress network interface associated with the data plane node in response to determining the offload capability is available and the offload criteria is satisfied.Type: GrantFiled: October 24, 2017Date of Patent: August 13, 2019Assignee: Cisco Technology, Inc.Inventors: Prasannakumar Murugesan, Ajeet Pal Singh Gill, Aeneas Sean Dodd-Noble, David A. Johnson, Ian McDowell Campbell
-
Publication number: 20190124013Abstract: In accordance with various implementations, a method is performed at a data plane node with one or more processors, non-transitory memory, and a control interface between a network function module associated with the data plane node and a switch associated with the data plane node. The method includes determining whether an offload capability is available for a data flow received at an ingress network interface of the data plane node. The method also includes determining whether the data flow satisfies offload criteria in response to determining that the offload capability is available. The method includes bypassing the network function module associated with the data plane node and providing the data flow to at least one of the switch associated with the data plane node or an egress network interface associated with the data plane node in response to determining the offload capability is available and the offload criteria is satisfied.Type: ApplicationFiled: October 24, 2017Publication date: April 25, 2019Inventors: Prasannakumar MURUGESAN, Ajeet Pal Singh GILL, Aeneas Sean DODD-NOBLE, David A. JOHNSON, Ian McDowell CAMPBELL
-
Publication number: 20190114206Abstract: Disclosed is a method that includes periodically observing packets in a user plane according to at least one key performance indicator in a configuration file to yield an observation, wherein the observation represents a closed-loop demand of resources within the user plane. The method includes adjusting, via a scheduler in the user plane and based on the observation, a binding of cores to work items. The binding between cores and work items is dynamic and changeable to improve performance. The at least one key performance indicator can include one or more of a CPU utilization, latency and packet drops. The workload allocations can include work items that are individually scheduleable functions that operate on a queue of packets within the user plane.Type: ApplicationFiled: October 18, 2017Publication date: April 18, 2019Inventors: Prasannakumar Murugesan, Ajeet Pal Singh Gill, Aeneas Sean Dodd-Noble, David A. Johnson, Ian McDowell Campbell, Tejas Birajdar
-
Publication number: 20190097939Abstract: In one embodiment, a method includes assigning a number of threads for user plane functions to a corresponding number of transmit queues for transmission of packets on a network interface, assigning additional threads exceeding the number of transmit queues to software transmission queues associated with the threads assigned to the transmit queues, identifying a load at each of the threads, dynamically updating assignment of the additional threads to the software transmission queues based on the load at the threads, and transmitting packets from the transmit queues for transmission on a network from a physical interface at a network device. An apparatus and logic are also disclosed herein.Type: ApplicationFiled: September 22, 2017Publication date: March 28, 2019Applicant: CISCO TECHNOLOGY, INC.Inventors: Prasannakumar Murugesan, Ajeet Pal Singh Gill, David A. Johnson, Ian McDowell Campbell, Ravinandan Arakali