Patents by Inventor Alton Lo
Alton Lo has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11956140Abstract: A method for servicing network traffic in a wide area network (WAN) comprising a plurality of network devices is provided. The method is executed by a network device among the plurality of network devices and comprises: receiving a request to transmit the network traffic to a destination network device where the request specifies that the network traffic is to be serviced by a network service; determining, based on the request and using a service-aware virtual topology (SAVT) routing table, a path through the WAN for reaching the network service and a service instance identifier (ID) of the network service; configuring the network traffic to include a service bit indicating whether service is to be performed and instructions specifying the path for reaching the network service; and transmitting, after configuring the network traffic, the network traffic toward the destination device through the at least one network service.Type: GrantFiled: January 14, 2022Date of Patent: April 9, 2024Assignee: Arista Networks, Inc.Inventors: Abhijith Kudupu Narayan, Venkitraman Kasiviswanathan, Alton Lo, Udayakumar Srinivasan, Kumaran Narayanan
-
Patent number: 11863527Abstract: A system and method for provisionally authenticating a host moving from a source port of a switch device to a destination port of the switch device is disclosed. The host is initially authenticated at the source port and blocked from forwarding network traffic at the destination port. During a provisional authentication session, an authentication agent executing on the switch intercepts one or more authentication packets sourced by the host and headed for the destination port of the switch device and redirects the authentication packets to an authentication server for validating the host at the destination port of the switch device. The switch device removes the block at the destination port in response to receiving an acknowledgment of successful authentication at the destination port from the authentication server.Type: GrantFiled: December 29, 2022Date of Patent: January 2, 2024Assignee: ARISTA NETWORKS, INC.Inventors: Alton Lo, Ian Andrew McCloghrie
-
Patent number: 11811720Abstract: Techniques disclosed herein provide a method for efficiently propagating address resolution reply messages. A first router in a first network receives an address resolution request message from a second router in a second network. The first router generates an entry for the address resolution request message and stores the entry in a pending address resolution requests table. When the first router receives a route advertisement, it extracts a network layer address from the route advertisement and determines whether the pending address resolution requests table includes an entry for the network layer address. If so, the router extracts a link layer address from the route advertisement and generates an address resolution reply message comprising the network layer address and the link layer address. The router then transmits the address resolution reply message to the second router.Type: GrantFiled: February 4, 2022Date of Patent: November 7, 2023Assignee: ARISTA NETWORKS, INC.Inventors: Amit Dattatray Ranpise, Kamlesh Raghuvanshi, Kallol Mandal, Rajesh Kumar Semwal, Alton Lo
-
Patent number: 11743229Abstract: In response to receiving an ASR message, a VTEP generates a specially modified control plane message advertising the IP-to-MAC binding of the ASR message. The control plane message may be modified to indicate that it is not to be used for MAC learning. The control plane message is advertised over the network. When an intended recipient receives the message, it uses that message just for the IP-to-MAC binding. When an unintended recipient receives the message, it may drop it as invalid.Type: GrantFiled: April 21, 2022Date of Patent: August 29, 2023Assignee: ARISTA NETWORKS, INC.Inventors: Amit Dattatray Ranpise, Rajesh Kumar Semwal, Alton Lo
-
Patent number: 11652780Abstract: A method for synchronizing a binding process among a group of network devices connected to a server that is multi-homed to the group of network devices in provided. The method is executed by a first network device among the group of network devices and includes: receiving, from the server, network traffic associated with a host executing on the server; configuring, using the network traffic, a binding between the first network device and the host and setting a binding status of the first network device for the host to a first status; and transmitting, in response to the setting and via an out-of-band (OOB) channel to a second network device among the plurality of network devices, first binding instructions for causing the second network device set a binding status of the second network device for the host to a second status different from the first status.Type: GrantFiled: August 10, 2021Date of Patent: May 16, 2023Assignee: ARISTA NETWORKS, INC.Inventors: Alton Lo, Rajesh Semwal, Saurabh Sarpal, Kallol Mandal
-
Publication number: 20230137465Abstract: A system and method for provisionally authenticating a host moving from a source port of a switch device to a destination port of the switch device is disclosed. The host is initially authenticated at the source port and blocked from forwarding network traffic at the destination port. During a provisional authentication session, an authentication agent executing on the switch intercepts one or more authentication packets sourced by the host and headed for the destination port of the switch device and redirects the authentication packets to an authentication server for validating the host at the destination port of the switch device. The switch device removes the block at the destination port in response to receiving an acknowledgment of successful authentication at the destination port from the authentication server.Type: ApplicationFiled: December 29, 2022Publication date: May 4, 2023Inventors: Alton Lo, Ian Andrew McCloghrie
-
Publication number: 20230132016Abstract: A method for supporting virtual machine (VM) mobility between network devices connected to a network includes: selecting a first type of route for interconnecting VMs that are connected to the network devices; and adding a feature of a second type of route to the first type of route to enable the network devices to execute proxy address resolution protocol (ARP) for transmitting network traffic between the VMs without requiring each of the network devices to store a physical address of each of the VMs in respective ones of a network address table.Type: ApplicationFiled: October 21, 2021Publication date: April 27, 2023Inventors: Alton Lo, Ian McCloghrie, Navdeep Bhatia
-
Publication number: 20230127962Abstract: A method for transmitting network traffic across a wide area network (WAN) from a first site to a second site is provided. The method is executed by a first edge network device at the first site that further includes a second edge network device, and the method includes: receiving the network traffic from a client device at the first site; determining, using ipath characteristics and a classification of the network traffic, that the network traffic should be transmitted by the second edge network device to the second site; forwarding in response to the determination, the network traffic to the second edge network device using a local tunnel over a local area network (LAN) of the first site such that the network traffic is transmitted to the second site by the second edge network device.Type: ApplicationFiled: January 26, 2022Publication date: April 27, 2023Inventors: Abhijith Kudupu Narayan, Venkitraman Kasiviswanathan, Alton Lo, Udayakumar Srinivasan, Kumaran Narayanan, Tarun Soin
-
Publication number: 20230124930Abstract: In general, embodiments relates to a method for creating an on-demand tunnel (ODT) in a network between a first network device and a second network device, the method comprising: storing by the first network device, a a potentially suboptimal path to the second network device, determining that a trigger condition to create the ODT between the first network device and the second network device is satisfied, in response to the determination: transmitting, by the first network device, an ODT signaling packet to the second network device via the potentially suboptimal path, receiving, from the second network device and in response to transmitting the ODT signaling packet, an ODT keepalive by first network device via the ODT, and transmitting, after receiving the ODT keepalive, a second packet to the second network device via the ODT.Type: ApplicationFiled: October 20, 2021Publication date: April 20, 2023Inventors: Abhijith Kudupu Narayan, Sreedhar Ganjikunta, Venkitraman Kasiviswanathan, Alton Lo, Udayakumar Srinivasan, Kumaran Narayanan
-
Publication number: 20230105873Abstract: A method for servicing network traffic in a wide area network (WAN) comprising a plurality of network devices is provided. The method is executed by a network device among the plurality of network devices and comprises: receiving a request to transmit the network traffic to a destination network device where the request specifies that the network traffic is to be serviced by a network service; determining, based on the request and using a service-aware virtual topology (SAVT) routing table, a path through the WAN for reaching the network service and a service instance identifier (ID) of the network service; configuring the network traffic to include a service bit indicating whether service is to be performed and instructions specifying the path for reaching the network service; and transmitting, after configuring the network traffic, the network traffic toward the destination device through the at least one network service.Type: ApplicationFiled: January 14, 2022Publication date: April 6, 2023Inventors: Abhijith Kudupu Narayan, Venkitraman Kasiviswanathan, Alton Lo, Udayakumar Srinivasan, Kumaran Narayanan
-
Publication number: 20230050404Abstract: A method for synchronizing a binding process among a group of network devices connected to a server that is multi-homed to the group of network devices in provided. The method is executed by a first network device among the group of network devices and includes: receiving, from the server, network traffic associated with a host executing on the server; configuring, using the network traffic, a binding between the first network device and the host and setting a binding status of the first network device for the host to a first status; and transmitting, in response to the setting and via an out-of-band (OOB) channel to a second network device among the plurality of network devices, first binding instructions for causing the second network device set a binding status of the second network device for the host to a second status different from the first status.Type: ApplicationFiled: August 10, 2021Publication date: February 16, 2023Inventors: Alton Lo, Rajesh Semwal, Saurabh Sarpal, Kallol Mandal
-
Patent number: 11582095Abstract: Systems and methods are provided herein for a mechanism for faster convergence of network traffic after a network device's link is interrupted by leveraging the withdrawal of the ethernet virtual private network (EVPN) auto discovery (AD) route. This may be accomplished by a first device checking an ethernet segment identifier (ESI) status flag before generating an entry in the first device's forwarding table, where the entry is based on an IP route for a host received by a second network device. In response to receiving a withdrawal of an EVPN AD route from the second device, the first device may update the ESI status flag to indicate that the host on the ethernet segment (ES) is reachable only via the third device and update the entry that was based on the IP route for the host received by the second network device to prevent sending traffic to the host via the second device.Type: GrantFiled: December 1, 2020Date of Patent: February 14, 2023Assignee: Arista Networks, Inc.Inventors: Alton Lo, Rajesh Semwal, Isidoros Kouvelas, Amit Ranpise
-
Publication number: 20230038643Abstract: A method for generating an application-aware virtual topology (AAVT) routing table for a network device among network devices connected via a wide area network is provided. The method is executed by a network controller connected to the network and includes: receiving, from the network devices, path information of the network devices; generating, using the path information, an underlay graph specifying a path topology of the network device; generating, based on the path topology specified in the underlay graph, the AAVT routing table for the network device where the AAVT routing table includes a set of paths; and transmitting, in response to generating the AAVT routing table, the AAVT routing table to the network device to cause the network device to program the set of paths.Type: ApplicationFiled: November 24, 2021Publication date: February 9, 2023Inventors: Abhijith Kudupu Narayan, Venkitraman Kasiviswanathan, Alton Lo, Udayakumar Srinivasan, Kumaran Narayanan
-
Publication number: 20230032240Abstract: Network identifiers are extracted from route advertisements. A table associates virtual network identifiers with provider edge devices. When a virtual network identifier extracted from a route advertisement matches a virtual network identifier in the table, the route advertisement is propagated to the provider edge devices associated with that virtual network identifier in the table. The route advertisement is not propagated to provider edge devices not associated with that virtual network identifier in the table.Type: ApplicationFiled: October 10, 2022Publication date: February 2, 2023Inventors: Amit Dattatray Ranpise, Alton Lo, Nitin Singh
-
Patent number: 11558349Abstract: A system and method for provisionally authenticating a host moving from one router to another router in a network using border gateway protocol (BGP) is disclosed. A host is initially authenticated at a first BGP router, this discovery is advertised to a second BGP router pursuant to BGP with a new extended community indicating successful authentication (or pre-authentication) of the host at the first BGP router. An indication for re-authentication of the host at the second BGP router is then received, which blocks network traffic from the host to the second BGP router. Due to the notification of a previous authentication of the host, the second BGP router begins a provisional authentication session. In response to a successful completion of the provisional authentication session, the host is authorized to transmit network traffic on the second BGP router and subsequently blocked from doing the same at the first BGP router.Type: GrantFiled: August 10, 2020Date of Patent: January 17, 2023Assignee: ARISTA NETWORKS, INC.Inventors: Alton Lo, Ian Andrew McCloghrie
-
Patent number: 11552821Abstract: Systems and methods are provided herein for supporting Spanning Tree Protocol (STP) in networks that use Ethernet Virtual Private Network (EVPN) All-Active (A-A) multihoming. This may be accomplished by a network administrator defining a super root group comprising a plurality of network devices, wherein each network device provides A-A multihoming to a multihomed device. All network devices in the super root group use a common bridge ID when generating BPDU messages for STP. All network devices in the super root group will send BPDU messages comprising the common bridge ID to the multihomed device. Because the BPDU messages comprise a common bridge ID, the multihomed device treats the network devices in the super root group as a single local bridge, thus STP is enabled without causing STP flapping.Type: GrantFiled: December 15, 2020Date of Patent: January 10, 2023Assignee: ARISTA NETWORKS, INC.Inventors: Jeevan Kamisetty, Alton Lo, Adam Sweeney
-
Publication number: 20220385628Abstract: Embodiments of the disclosure include a method comprising storing a first identifier of a first host device in an Address Resolution Protocol (ARP) cache of a first VXLAN Tunnel Endpoint (VTEP); making a first determination that an age of the first identifier exceeds a defined age threshold; sending, as a result of the first determination, a first request to the first host device to confirm liveness of the first identifier; and removing the first identifier from the ARP cache as a result of failing to receive a first response from the first host device within a defined time period.Type: ApplicationFiled: August 9, 2022Publication date: December 1, 2022Inventors: Kallol Mandal, May Louie, Karthikeyan Kathiresan, Alton Lo
-
Patent number: 11509627Abstract: A system and method for provisionally authenticating a host moving from a source port of a switch device to a destination port of the switch device is disclosed. The host is initially authenticated at the source port and blocked from forwarding network traffic at the destination port. During a provisional authentication session, an authentication agent executing on the switch intercepts one or more authentication packets sourced by the host and headed for the destination port of the switch device and redirects the authentication packets to an authentication server for validating the host at the destination port of the switch device. The switch device removes the block at the destination port in response to receiving an acknowledgment of successful authentication at the destination port from the authentication server.Type: GrantFiled: August 10, 2020Date of Patent: November 22, 2022Assignee: ARISTA NETWORKS, INC.Inventors: Alton Lo, Ian Andrew McCloghrie
-
Patent number: 11502874Abstract: Network identifiers are extracted from route advertisements. A table associates virtual network identifiers with provider edge devices. When a virtual network identifier extracted from a route advertisement matches a virtual network identifier in the table, the route advertisement is propagated to the provider edge devices associated with that virtual network identifier in the table. The route advertisement is not propagated to provider edge devices not associated with that virtual network identifier in the table.Type: GrantFiled: October 16, 2019Date of Patent: November 15, 2022Assignee: Arista Networks, Inc.Inventors: Amit Dattatray Ranpise, Alton Lo, Nitin Singh
-
Publication number: 20220247710Abstract: In response to receiving an ASR message, a VTEP generates a specially modified control plane message advertising the IP-to-MAC binding of the ASR message. The control plane message may be modified to indicate that it is not to be used for MAC learning. The control plane message is advertised over the network. When an intended recipient receives the message, it uses that message just for the IP-to-MAC binding. When an unintended recipient receives the message, it may drop it as invalid.Type: ApplicationFiled: April 21, 2022Publication date: August 4, 2022Inventors: Amit Dattatray Ranpise, Rajesh Kumar Semwal, Alton Lo