Patents by Inventor Alberto Rodriguez Natal
Alberto Rodriguez Natal has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 12155556Abstract: Techniques for automating traffic optimizations for egress traffic of an application orchestration system that is being sent over a network to a remote service. In examples, the techniques may include receiving, at a controller of the network, an egress traffic definition associated with egress traffic of an application hosted on the application orchestration system, the egress traffic definition indicating that the egress traffic is to be sent to the remote service. Based at least in part on the egress traffic definition, the controller may determine a networking path through the network or outside of the network that is optimized for sending the egress traffic to the remote service. The controller may also cause the egress traffic to be sent to the remote service via the optimized networking path.Type: GrantFiled: August 18, 2022Date of Patent: November 26, 2024Assignee: Cisco Technology, Inc.Inventors: Alberto Rodriguez Natal, Saswat Praharaj, Lorand Jakab, Fabio R. Maino, Pradeep Kumar Kathail
-
Publication number: 20240380699Abstract: Techniques for obtaining application network metadata from a service registry so that a network routing policy may be derived for traffic associated with the application are described herein. The techniques may include receiving, at a service registry, network metadata associated with traffic of an application hosted by a scalable application service platform. The techniques may also include obtaining, by a controller of a network and from the service registry, the network metadata associated with the traffic of the application. Based at least in part on the network metadata, the controller may determine a routing policy that is optimized for sending the traffic through the network. Additionally, the controller may send an indication of the routing policy to a node of the network or otherwise provision the network such that the traffic of the application is sent through the network according to the routing policy.Type: ApplicationFiled: June 20, 2024Publication date: November 14, 2024Inventors: Alberto Rodriguez-Natal, Steven William Wood, Ding Bai, Fabio R. Maino, Ramanathan Lakshmikanthan
-
Publication number: 20240380697Abstract: Techniques for steering overlay network traffic along specific paths through an underlay network. The techniques may include determining a path through an underlay network that is optimized for sending a packet from a first node of an overlay network to a second node of the overlay network. The techniques may also include determining a destination address for sending the packet along the path from the first node to the second node, the destination address including a micro segment identifier (uSID) corresponding with an underlay node that is disposed along the path through the underlay network and trailing bits representing a portion of an address that corresponds with the second node. The techniques may also include causing the packet to be modified to include the destination address such that the packet is sent from the first node to the second node along the path.Type: ApplicationFiled: July 25, 2024Publication date: November 14, 2024Inventors: Bruce McDougall, Jeff Byzek, Alberto Rodriguez-Natal, Saswat Praharaj, Fabio R. Maino, Steven William Wood
-
Patent number: 12137093Abstract: In one embodiment, an apparatus of a LISP environment includes one or more processors and computer-readable non-transitory storage media coupled to the one or more processors. The computer-readable non-transitory storage media include instructions that, when executed by the one or more processors, cause the one or more processors to perform operations including receiving an attestation token from a first component of the LISP environment. The operations also include encoding the attestation token using a LISP message format. The operations further include distributing the encoded attestation token with a LISP signaling message to a third component of the LISP environment.Type: GrantFiled: July 22, 2022Date of Patent: November 5, 2024Assignee: CISCO TECHNOLOGY, INC.Inventors: Clarence Filsfils, Marc Portoles Comeras, David Delano Ward, Alberto Rodriguez Natal
-
Publication number: 20240364602Abstract: Provided is an infrastructure for enforcing target service level parameters in a network. In one example, a network service level agreement (SLA) registry obtains one or more input service level parameters for at least one service offered by an application. Based on the one or more input service level parameters, the network SLA registry provides one or more target service level parameters to a plurality of network controllers. Each network controller of the plurality of network controllers is configured to enforce the one or more target service level parameters in a respective network domain configured to carry network traffic associated with the application.Type: ApplicationFiled: July 10, 2024Publication date: October 31, 2024Inventors: Fabio R. Maino, Saswat Praharaj, Alberto Rodriguez-Natal, Pradeep K. Kathail
-
Patent number: 12120027Abstract: Techniques for steering overlay network traffic along specific paths through an underlay network. The techniques may include determining a path through an underlay network that is optimized for sending a packet from a first node of an overlay network to a second node of the overlay network. The techniques may also include determining a destination address for sending the packet along the path from the first node to the second node, the destination address including a micro segment identifier (uSID) corresponding with an underlay node that is disposed along the path through the underlay network and trailing bits representing a portion of an address that corresponds with the second node. The techniques may also include causing the packet to be modified to include the destination address such that the packet is sent from the first node to the second node along the path.Type: GrantFiled: November 22, 2022Date of Patent: October 15, 2024Assignee: Cisco Technology, Inc.Inventors: Bruce Mcdougall, Jeff Byzek, Alberto Rodriguez-Natal, Saswat Praharaj, Fabio R. Maino, Steven William Wood
-
Publication number: 20240340220Abstract: Techniques for enabling a network access provider to make automatic Software as a Service (SaaS) optimization decisions. Among other things, the techniques may include determining a SaaS application that is being accessed by client endpoints via flows through a network access provider. The techniques may also include determining, based at least in part on a policy associated with the network access provider, whether to enable network optimizations for traffic through the network access provider to the SaaS application. Based at least in part on a determination that the network optimizations are to be enabled for the traffic to the SaaS application, the techniques may include installing a service definition associated with the SaaS application in a service policy database of the network access provider.Type: ApplicationFiled: January 25, 2024Publication date: October 10, 2024Inventors: Darren Russell Dukes, Jeevan Sharma, Fabio R. Maino, Alberto Rodriguez-Natal
-
Patent number: 12107740Abstract: Provided is an infrastructure for enforcing target service level parameters in a network. In one example, a network service level agreement (SLA) registry obtains one or more input service level parameters for at least one service offered by an application. Based on the one or more input service level parameters, the network SLA registry provides one or more target service level parameters to a plurality of network controllers. Each network controller of the plurality of network controllers is configured to enforce the one or more target service level parameters in a respective network domain configured to carry network traffic associated with the application.Type: GrantFiled: January 30, 2023Date of Patent: October 1, 2024Assignee: CISCO TECHNOLOGY, INC.Inventors: Fabio R. Maino, Saswat Praharaj, Alberto Rodriguez-Natal, Pradeep K. Kathail
-
Publication number: 20240291734Abstract: Systems, methods, and computer-readable media for locally applying endpoint-specific policies to an endpoint in a network environment. A network device local to one or more endpoints in a network environment can receive from a centralized network controller one or more network-wide endpoint policies. A first endpoint of the one or more endpoints can be configured to inject policy metadata into first data traffic. Policy metadata injected into the first traffic data can be received from the first endpoint. The network device can determine one or more first endpoint-specific polices for the first endpoint by evaluation the first policy metadata with respect to the one or more network-wide endpoint policies. As follows, the one or more first endpoint-specific policies can be applied to control data traffic associated with the first endpoint.Type: ApplicationFiled: April 29, 2024Publication date: August 29, 2024Inventors: Alberto Rodriguez Natal, Hendrikus G.P. Bosch, Fabio Maino, Lars Olaf Stefan Olofsson, Jeffrey Napper, Anubhav Gupta
-
Patent number: 12068965Abstract: Techniques for obtaining application network metadata from a service registry so that a network routing policy may be derived for traffic associated with the application are described herein. The techniques may include receiving, at a service registry, network metadata associated with traffic of an application hosted by a scalable application service platform. The techniques may also include obtaining, by a controller of a network and from the service registry, the network metadata associated with the traffic of the application. Based at least in part on the network metadata, the controller may determine a routing policy that is optimized for sending the traffic through the network. Additionally, the controller may send an indication of the routing policy to a node of the network or otherwise provision the network such that the traffic of the application is sent through the network according to the routing policy.Type: GrantFiled: October 5, 2021Date of Patent: August 20, 2024Assignee: Cisco Technology, Inc.Inventors: Alberto Rodriguez-Natal, Steven William Wood, Ding Bai, Fabio R. Maino, Ramanathan Lakshmikanthan
-
Patent number: 12063149Abstract: Systems, methods, and computer-readable media for locally applying endpoint-specific policies to an endpoint in a network environment. A network device local to one or more endpoints in a network environment can receive from a centralized network controller one or more network-wide endpoint policies. A first endpoint of the one or more endpoints can be configured to inject policy metadata into first data traffic. Policy metadata injected into the first traffic data can be received from the first endpoint. The network device can determine one or more first endpoint-specific polices for the first endpoint by evaluation the first policy metadata with respect to the one or more network-wide endpoint policies. As follows, the one or more first endpoint-specific policies can be applied to control data traffic associated with the first endpoint.Type: GrantFiled: July 17, 2023Date of Patent: August 13, 2024Assignee: Cisco Technology, Inc.Inventors: Alberto Rodriguez Natal, Hendrikus G. P. Bosch, Fabio Maino, Lars Olaf Stefan Olofsson, Jeffrey Napper, Anubhav Gupta
-
Publication number: 20240259278Abstract: Provided is an infrastructure for enforcing target service level parameters in a network. In one example, a network service level agreement (SLA) registry obtains one or more input service level parameters for at least one service offered by an application. Based on the one or more input service level parameters, the network SLA registry provides one or more target service level parameters to a plurality of network controllers. Each network controller of the plurality of network controllers is configured to enforce the one or more target service level parameters in a respective network domain configured to carry network traffic associated with the application.Type: ApplicationFiled: January 30, 2023Publication date: August 1, 2024Inventors: Fabio R. Maino, Saswat Praharaj, Alberto Rodriguez-Natal, Pradeep K. Kathail
-
Patent number: 12052273Abstract: Techniques for providing network traffic security in a virtualized environment are described. A threat aware controller uses a threat feed provided by a threat intelligence service to establish a threat detection engine on virtual switches. The threat aware controller and threat detection engine work together to detect any anomalous or malicious behavior of network traffic on the virtual switch and established virtual network functions to quickly detect, verify, and isolate network threats.Type: GrantFiled: December 15, 2022Date of Patent: July 30, 2024Assignee: Cisco Technology, Inc.Inventors: Balaji Sundararajan, Alberto Rodriguez Natal, Yegappan Lakshmanan, Fabio R. Maino, Anand Oswal
-
Publication number: 20240214319Abstract: Techniques for signaling, to a network controller, a connection state of a proxy for use by the network controller to correlate proxied-connections with application pairs for traffic optimization. In some examples, the techniques may include receiving, at a controller of a network, control plane information associated with a proxy that manages a proxied flow through the network. Based on the control plane information, the controller may determine that application traffic is flowing across the proxied flow between a first application and a second application. In this way, based at least in part on a policy associated with at least one of the first application or the second application, the controller may reconfigure a network element of the network for optimizing the application traffic flowing across the proxied flow.Type: ApplicationFiled: May 25, 2023Publication date: June 27, 2024Inventors: Alberto Rodriguez Natal, John A. Joyce, Saswat Praharaj, Timothy James Swanson, Lorand Jakab, Fabio R. Maino, Pradeep Kumar Kathail
-
Patent number: 12021654Abstract: Techniques are described for extending a cellular quality of service bearer through an enterprise fabric network. In one example, a method obtaining, by a first switch of a network, a packet to be delivered to a client connected to the network via a cellular access point; identifying quality of service (QoS) bearer information associated with the packet, wherein the QoS bearer information is associated with a radio access bearer for the client and the QoS bearer information comprises a bearer indicator and a QoS class identifier; providing a fabric tunnel encapsulation for the packet, wherein the bearer indicator and the QoS class identifier are included within the fabric tunnel encapsulation of the packet; and forwarding the packet within the fabric tunnel encapsulation toward a second switch of the network via a fabric tunnel, wherein the cellular access point is connected to the network via the second switch.Type: GrantFiled: October 30, 2023Date of Patent: June 25, 2024Assignee: CISCO TECHNOLOGY, INC.Inventors: Srinath Gundavelli, Sangram Kishore Lakkaraju, Alberto Rodriguez Natal, Fabio R. Maino, Timothy Peter Stammers
-
Publication number: 20240205094Abstract: An application monitoring system for collecting, utilizing, and/or exchanging state information (e.g., application state and network state), configuration information, and/or other information to make network optimizations for applications orchestrated by an application orchestration system. The application monitoring system may include an application orchestrator discovery component that is configured to determine a presence of an application orchestration system for orchestrating applications. The application monitoring system may also include one or more application watch components for monitoring, among other things, application state, application configuration, and/or application replicas. The application monitoring system may further include a network state propagation component configured to provide network state information to the orchestration system.Type: ApplicationFiled: February 29, 2024Publication date: June 20, 2024Inventors: Alberto Rodriguez-Natal, Saswat Praharaj, Lorand Jakab, Fabio R. Maino, Pradeep Kumar Kathail, Vivek Agarwal, Ram Dular Singh
-
Patent number: 12009998Abstract: Techniques for informing a network of an application's service-level agreement (SLA) objective(s) so the network can ensure the SLA is met end-to-end, thereby allowing core network support of deterministic SLA and application-based routing without using network-based application recognition (NBAR) and/or compromising user privacy. The techniques may include receiving a first connection request to establish a network-domain connection between different network domains that meets or exceeds a service level objective. Based on the first connection request, the network-domain connection may be established between the different network domains to meet or exceed the service-level objective. In some examples, a second connection request may be received to establish a tunnel between a source application and a destination application, which are disposed in the different network domains.Type: GrantFiled: May 25, 2023Date of Patent: June 11, 2024Assignee: Cisco Technology, Inc.Inventors: Saswat Praharaj, Fabio R. Maino, Alberto Rodriguez Natal, Pradeep Kumar Kathail, Bruce McDougall
-
Patent number: 12010001Abstract: Techniques for extending network elements to inspect, extract, and complement tracing information added to L7 flows by application distributed tracing systems. The techniques may include receiving a Layer-7 (L7) message of an L7 flow associated with a distributed application and determining that the L7 message includes tracing information. In some examples, the tracing information may be mapped to a marking that is to be included in a Layer 3 (L3) or Layer-4 (L4) packet carrying the L7 message, and the L3 or L4 packet including the marking may be sent to an L3 or L4 network element. In some examples, the L3 or L4 network element may be configured to utilize the marking to determine a network decision for the L3 or L4 packet.Type: GrantFiled: August 15, 2023Date of Patent: June 11, 2024Assignee: Cisco Technology, Inc.Inventors: Alberto Rodriguez-Natal, Edward Albert Warnicke, Saswat Praharaj, Fabio R. Maino
-
Patent number: 12003385Abstract: Techniques for dynamic routing based on application load are described herein. The techniques may include receiving load information associated with resources of an application orchestration system that are allocated to host an application, the resources associated with different geographical regions. Based at least in part on the load information, a network controller may determine that first resources of the application orchestration system are less constrained than second resources of the application orchestration system, the first resources associated with a first geographical region and the second resources associated with a second geographical region. Based at least in part on the first resources being less constrained than the second resources, application traffic may be routed through the network to the application hosted by the first resources in the first geographical region.Type: GrantFiled: October 18, 2021Date of Patent: June 4, 2024Assignee: Cisco Technology, Inc.Inventors: Steven William Wood, Ding Bai, Ramanathan Lakshmikanthan, Alberto Rodriguez-Natal, Fabio R. Maino
-
Publication number: 20240171512Abstract: Techniques for steering overlay network traffic along specific paths through an underlay network. The techniques may include determining a path through an underlay network that is optimized for sending a packet from a first node of an overlay network to a second node of the overlay network. The techniques may also include determining a destination address for sending the packet along the path from the first node to the second node, the destination address including a micro segment identifier (uSID) corresponding with an underlay node that is disposed along the path through the underlay network and trailing bits representing a portion of an address that corresponds with the second node. The techniques may also include causing the packet to be modified to include the destination address such that the packet is sent from the first node to the second node along the path.Type: ApplicationFiled: November 22, 2022Publication date: May 23, 2024Inventors: Bruce Mcdougall, Jeff Byzek, Alberto Rodriguez-Natal, Saswat Praharaj, Fabio R. Maino, Steven William Wood