Patents by Inventor Chandramouli Radhakrishnan
Chandramouli Radhakrishnan has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 8966058Abstract: Techniques and a network appliance apparatus are provided herein to extend local area networks (LANs) and storage area networks (SANs) beyond a data center while converging the associated local area network and storage area network host layers. A service flow is received at a device in a network. It is determined if the service flow is associated with storage area network or with local area network traffic. In response to determining that the service flow is storage area network traffic, storage area network extension services are performed with respect to the service flow in order to extend the storage area network on behalf of a remote location. In response to determining that the service flow is local area network traffic, local area network extension services are performed with respect to the service flow in order to extend the local area network on behalf of the remote location.Type: GrantFiled: March 4, 2011Date of Patent: February 24, 2015Assignee: Cisco Technology, Inc.Inventors: Shriram Velaga, Samar Sharma, Chandramouli Radhakrishnan, Gopinath Durairaj, Bala Nagesh, Umesh Mahajan
-
Publication number: 20140282532Abstract: Embodiments of the invention relate to scalable policy assignment in an edge virtual bridging (EVB) environment. One embodiment includes fetching virtual machine (VM) information for one or more VMs from a virtual station interface (VSI) database (DB). The VM information includes a VSI type identification (ID) associated with each VM. A policy discriminator (PD) value is associated for each VSI type ID. A VSI DB table is generated with at least a portion of the VM information from the VSI DB and the PD for each VSI type ID. A message is received including virtual machine (VM) information for a created VM. One or more rules and bandwidth filter information associated with a VSI type ID are retrieved from the VSI DB table. The associated rules and filter information are applied based on the PD.Type: ApplicationFiled: November 12, 2013Publication date: September 18, 2014Applicant: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Vasmi M. Abidi, Chandramouli Radhakrishnan
-
Publication number: 20140269290Abstract: Techniques are provided for providing access control lists in a distributed network switch. The distributed network switch made of switch units is divided into logical switch partitions, or logical networks. Physical ports of the switch units are partitioned into logical ports, where each logical port is associated with a logical switch partition. A control point of the distributed network switch manages and assigns a service tag (S-Tag) used to identify which logical port ingress and egress frames are associated with. To generate metrics and other forwarding actions for a given logical switch partition, the control point sets up access control list (ACLs) targeting the logical port associated with the S-Tags associated with the given logical switch partition.Type: ApplicationFiled: March 13, 2013Publication date: September 18, 2014Inventors: Josep CORS, Ward R. NELSON, Daniel E. PRADILLA, Chandramouli RADHAKRISHNAN
-
Publication number: 20140269418Abstract: In one embodiment, a method for providing virtual link aggregation (vLAG) in a transparent interconnection of lots of links (TRILL)-enabled network, includes creating a virtual routing bridge logically connected to a first physical routing bridge and a second physical routing bridge to form a vLAG group at an edge of the TRILL-enabled network; determining a first distribution tree linking the first physical routing bridge to every other routing bridge in the TRILL-enabled network in a non-repeating fashion, ending with the second physical routing bridge; determining a second distribution tree linking the second physical routing bridge to every other routing bridge in the TRILL-enabled network in a non-repeating fashion, ending with the first physical routing bridge; receiving a multicast packet at the virtual routing bridge from one of the physical routing bridges; and distributing the multicast packet according to either the first or the second distribution tree thereby preventing looping.Type: ApplicationFiled: October 25, 2013Publication date: September 18, 2014Applicant: International Business Machines CorporationInventors: Meenakshi R. Kaushik, Chandramouli Radhakrishnan, Venkatesan Selvaraj, Daljeet Singh
-
Publication number: 20140269273Abstract: Techniques are provided for providing access control lists in a distributed network switch. The distributed network switch made of switch units is divided into logical switch partitions, or logical networks. Physical ports of the switch units are partitioned into logical ports, where each logical port is associated with a logical switch partition. A control point of the distributed network switch manages and assigns a service tag (S-Tag) used to identify which logical port ingress and egress frames are associated with. To generate metrics and other forwarding actions for a given logical switch partition, the control point sets up access control list (ACLs) targeting the logical port associated with the S-Tags associated with the given logical switch partition.Type: ApplicationFiled: March 14, 2013Publication date: September 18, 2014Applicant: International Business Machines CorporationInventors: Josep CORS, Ward R. Nelson, Daniel E. Pradilla, Chandramouli Radhakrishnan
-
Publication number: 20140282531Abstract: Embodiments of the invention relate to scalable policy management in an edge virtual bridging (EVB) environment. One embodiment includes fetching information from a virtual station interface (VSI) database. A first table is generated with at least a portion of the information from the VSI database. A message is received including virtual machine (VM) information for a created VM. A second table is generated including at least a portion of the VM information. A VM identification (ID) is retrieved based on VM type from the first table. Rules associated with the retrieved VM ID are retrieved from the second table. The associated rules for the VM are applied.Type: ApplicationFiled: November 12, 2013Publication date: September 18, 2014Applicant: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Vasmi M. Abidi, Chandramouli Radhakrishnan
-
Publication number: 20140282524Abstract: Embodiments of the invention relate to scalable policy assignment in an edge virtual bridging (EVB) environment. One embodiment includes a system including a physical end station includes a hypervisor. The physical end station creates at least one virtual machine (VM). A virtual station interface (VSI) database (DB) is coupled to a VM manager server. The VSI DB stores policy information and bandwidth filter information. A policy assignment module is coupled to a switch adjacent to the physical end station. The policy assignment module generates a VSI DB table with at least a portion of the VSI DB information from the VSI DB and a policy discriminator (PD) value for each VSI type ID.Type: ApplicationFiled: March 18, 2013Publication date: September 18, 2014Applicant: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Vasmi M. Abidi, Chandramouli Radhakrishnan
-
Publication number: 20140269701Abstract: In one embodiment, a system includes a TRILL-enabled network that includes a first physical routing bridge (RB) and a second physical RB, logic adapted for creating a virtual RB logically connected to the first and second physical RBs to form a vLAG group at an edge of the network, logic adapted for determining a first distribution tree linking the first physical RB to every other RB in the network in a non-repeating fashion, ending with the second physical RB, and logic adapted for determining a second distribution tree linking the second physical RB to every other RB in the network in a non-repeating fashion, ending with the first physical RB, wherein when a multicast packet is received by the virtual RB from one of the physical RBs, the multicast packet is distributed according to either the first or the second distribution tree thereby preventing looping.Type: ApplicationFiled: March 12, 2013Publication date: September 18, 2014Inventors: Meenakshi R. Kaushik, Chandramouli Radhakrishnan, Venkatesan Selvaraj, Daljeet Singh
-
Patent number: 8719567Abstract: Embodiments associated with enabling Quality of Service (QoS) for MACsec protected frames are described. One example method includes identifying a security indicator in an encrypted network communication and selectively forwarding the encrypted network communication according to a QoS policy. The example method may also include selectively storing a control packet security indicator sniffed from a control packet network communication in response to determining that a match exists between a control packet identification field and a QoS database entry.Type: GrantFiled: October 14, 2009Date of Patent: May 6, 2014Assignee: Cisco Technology, Inc.Inventors: Brian Weis, Saurabh Mohan, Chandramouli Radhakrishnan
-
Patent number: 8595479Abstract: Systems, methods, and other embodiments associated with aggregation of cryptography engines are described. One example method includes receiving an outbound data packet on an outbound side of a data connection. The example method may also include analyzing the outbound data packet to determine a distribution value. The example method may also include selectively distributing the outbound data packet to one of a plurality of outbound processors based, at least in part, on the distribution value. The example method may also include receiving an inbound data packet on an inbound side of the data connection. The example method may also include examining the inbound data packet for an identifier. The example method may also include selectively distributing the inbound data packet to one of a plurality of inbound processors based, at least in part, on the identifier.Type: GrantFiled: February 25, 2009Date of Patent: November 26, 2013Assignee: Cisco Technology, Inc.Inventors: Chandramouli Radhakrishnan, Timothy Andre, Immanuel Rahardja, Saurabh Mohan, Xiaoyi Liu
-
Publication number: 20130301642Abstract: A method and system for static routing in a TRILL network is disclosed. Routing bridges in the TRILL network use LLDP discovery to identify their next hop routing bridges. A data packet, with an inner header specifying a MAC address of a destination host, is sent by a source host and received by an ingress routing bridge. The ingress routing bridge encapsulates the data packet with a TRILL header and an outer header and sends the data packet to a next hop routing bridge on path to the destination host. The next hop routing bridge determines it is not the egress routing bridge for the data packet and sends the data packet onward to the egress routing bridge. The egress routing bridge decapsulates the data packet and forwards the data packet to the destination host specified in the inner header.Type: ApplicationFiled: May 9, 2012Publication date: November 14, 2013Applicant: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Chandramouli Radhakrishnan, Daljeet Singh
-
Publication number: 20130182708Abstract: Techniques and a network edge device are provided herein to extend local area networks (LANs) and storage area networks (SANs) beyond a data center while converging the associated local area network and storage area network host layers. A packet is received at a device in a network. It is determined if the packet is routed to a local or remote storage area network or local area network. In response to determining that the packet routed to a remote storage area network, storage area network extension services are performed with respect to the packet in order to extend the storage area network on behalf of a remote location. In response to determining that the packet is routed to a local local area network traffic, local area network extension services are performed with respect to the packet in order to extend the local area network on behalf of the remote location.Type: ApplicationFiled: January 17, 2012Publication date: July 18, 2013Applicant: Cisco Technology, Inc.Inventors: Samar Sharma, Chandramouli Radhakrishnan, Sameer Merchant, Anand Parthasarathy, Murali Basavaiah
-
Publication number: 20120226801Abstract: Techniques and a network appliance apparatus are provided herein to extend local area networks (LANs) and storage area networks (SANs) beyond a data center while converging the associated local area network and storage area network host layers. A service flow is received at a device in a network. It is determined if the service flow is associated with storage area network or with local area network traffic. In response to determining that the service flow is storage area network traffic, storage area network extension services are performed with respect to the service flow in order to extend the storage area network on behalf of a remote location. In response to determining that the service flow is local area network traffic, local area network extension services are performed with respect to the service flow in order to extend the local area network on behalf of the remote location.Type: ApplicationFiled: March 4, 2011Publication date: September 6, 2012Applicant: CISCO TECHNOLOGY, INC.Inventors: Shriram Velaga, Samar Sharma, Chandramouli Radhakrishnan, Gopinath Durairaj, Bala Nagesh, Umesh Mahajan
-
Publication number: 20110087878Abstract: Embodiments associated with enabling Quality of Service (QoS) for MACsec protected frames are described. One example method includes identifying a security indicator in an encrypted network communication and selectively forwarding the encrypted network communication according to a QoS policy. The example method may also include selectively storing a control packet security indicator sniffed from a control packet network communication in response to determining that a match exists between a control packet identification field and a QoS database entry.Type: ApplicationFiled: October 14, 2009Publication date: April 14, 2011Inventors: Brian Weis, Saurabh Mohan, Chandramouli Radhakrishnan
-
Publication number: 20100217971Abstract: Systems, methods, and other embodiments associated with aggregation of cryptography engines are described. One example method includes receiving an outbound data packet on an outbound side of a data connection. The example method may also include analyzing the outbound data packet to determine a distribution value. The example method may also include selectively distributing the outbound data packet to one of a plurality of outbound processors based, at least in part, on the distribution value. The example method may also include receiving an inbound data packet on an inbound side of the data connection. The example method may also include examining the inbound data packet for an identifier. The example method may also include selectively distributing the inbound data packet to one of a plurality of inbound processors based, at least in part, on the identifier.Type: ApplicationFiled: February 25, 2009Publication date: August 26, 2010Applicant: CISCO TECHNOLOGY, INC.Inventors: Chandramouli RADHAKRISHNAN, Timothy ANDRE, Immanuel RAHARDJA, Saurabh MOHAN, Xiaoyi LIU
-
Patent number: 7599367Abstract: A mechanism for a network device to constrain multicast flooding of out-of-profile multicast frames is provided by defining a multicast flood domain that includes a subset of ports that are members of the broadcast domain. Such a multicast flood domain can be user configured or dynamically configured to include device ports that are coupled to network elements that should receive such out-of-profile multicast transmissions and exclude network elements that should not receive such multicast transmissions. In one embodiment of the present invention, such capability is provided by incorporating into a network device a mechanism for performing a multicast flood domain lookup of an address table in the event that an out-of-profile multicast frame is received.Type: GrantFiled: October 25, 2005Date of Patent: October 6, 2009Assignee: Cisco Technology, Inc.Inventors: Chandramouli Radhakrishnan, Gaetano Borgione, Karthikeyan Gurusamy
-
Publication number: 20070091890Abstract: A mechanism for a network device to constrain multicast flooding of out-of-profile multicast frames is provided by defining a multicast flood domain that includes a subset of ports that are members of the broadcast domain. Such a multicast flood domain can be user configured or dynamically configured to include device ports that are coupled to network elements that should receive such out-of-profile multicast transmissions and exclude network elements that should not receive such multicast transmissions. In one embodiment of the present invention, such capability is provided by incorporating into a network device a mechanism for performing a multicast flood domain lookup of an address table in the event that an out-of-profile multicast frame is received.Type: ApplicationFiled: October 25, 2005Publication date: April 26, 2007Inventors: Chandramouli Radhakrishnan, Gaetano Borgione, Karthikeyan Gurusamy