Patents by Inventor Christian Elsen
Christian Elsen has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11991211Abstract: Systems and methods are provided for enforcing symmetric flows of cross-region network traffic through firewalls in multi-region network environments. Enforcement may be configured automatically by analyzing network policy data to identify cross-region traffic that is to be firewalled, and configuring gateway nodes in the various regions to implement symmetric bidirectional flows through any firewalls in the communication path. Beneficially, by enforcing symmetric bi-directional flows of traffic through any firewalls in a communication path, the firewalls may maintain the state of a given communication session even when the communication session is between endpoints in different regions that have different architectures.Type: GrantFiled: December 10, 2021Date of Patent: May 21, 2024Assignee: Amazon Technologies, Inc.Inventors: Hrushikesh Jaibheem Gangur, Tomasz Jozef Adamski, Christian Elsen, Baihu Qian, Nick Matthews, Omer Hashmi, Bashuman Deb, Thomas Nguyen Spendley
-
Patent number: 9100350Abstract: There is provided a router for use in a datacenter, the router including a frame receiving module operative to receive a traffic frame and a frame forwarding module operative to forward the traffic frame to a second router in a second datacenter if a Destination Media Access Control (DMAC) address included in the traffic frame is different from all of the following: a Burned in Address of the router; a Burned in Address of at least one server associated with the router; a Media Access Control (MAC) address of one of a Hot Standby Routing Protocol (HSRP) group and a Virtual Router Redundancy Protocol (VRRP) group of the router; and a MAC address of one of a HSRP group and a VRRP group of a subnet hosted by the router.Type: GrantFiled: September 9, 2013Date of Patent: August 4, 2015Assignee: Cisco Technology, Inc.Inventors: Maurizio Portolani, Christian Elsen
-
Patent number: 8832052Abstract: A method includes monitoring data packets exchanged in a computer network over which documents having respective location identifiers are distributed, so as to detect a request to access a given document. A location identifier of the given document is extracted from the request. The location identifier is provided to a search engine that searches for data in a set of the documents, so as to cause the search engine to add the given document to the set.Type: GrantFiled: June 16, 2008Date of Patent: September 9, 2014Assignee: Cisco Technologies, Inc.Inventor: Christian Elsen
-
Patent number: 8665747Abstract: A method and apparatus is disclosed for preventing loops on a network topology which includes virtual switches and virtual machines. For example, a virtualization management application may prevent loops from being introduced into a network topology where a virtual machine forwards traffic between any two (or more) virtual network interface cards (vNICs). A method to prevent loops may include receiving a request to create a virtual network interface (vNIC) for a virtual machine (VM) instance on a computing system, and in response to determining that the requested vNIC is to be connected to the same network segment as an existing vNIC of the VM instance, failing the request to generate the requested vNIC.Type: GrantFiled: December 3, 2009Date of Patent: March 4, 2014Assignee: Cisco Technology, Inc.Inventors: Christian Elsen, Maurizio Portolani
-
Publication number: 20140016642Abstract: There is provided a router for use in a datacenter, the router including a frame receiving module operative to receive a traffic frame and a frame forwarding module operative to forward the traffic frame to a second router in a second datacenter if a Destination Media Access Control (DMAC) address included in the traffic frame is different from all of the following: a Burned in Address of the router; a Burned in Address of at least one server associated with the router; a Media Access Control (MAC) address of one of a Hot Standby Routing Protocol (HSRP) group and a Virtual Router Redundancy Protocol (VRRP) group of the router; and a MAC address of one of a HSRP group and a VRRP group of a subnet hosted by the router.Type: ApplicationFiled: September 9, 2013Publication date: January 16, 2014Inventors: Maurizio Portolani, Christian Elsen
-
Patent number: 8619627Abstract: A particular networked machine broadcasts packets from its interfaces resulting in patterns of returned copies of the sent broadcast packets received on its interfaces. Based on these patterns, a determination is made to identify groupings of one or more of the interfaces that are considered by remote devices as being grouped together, as a broadcast packet transmitted from an interface belonging to a grouping will be received on, and only on, a single interface in each of the other groupings, with a grouping being one or more interfaces. In one implementation, a grouping is defined as a single independent interface, or an aggregation of two or more interfaces combined into a single logical interface, such as, but not limited to that of a PortChannel.Type: GrantFiled: February 24, 2010Date of Patent: December 31, 2013Assignee: Cisco Technology, Inc.Inventors: Christian Elsen, Pierre-Emmanuel Ettori
-
Patent number: 8532116Abstract: There is provided a router for use in a datacenter, the router including a frame receiving module operative to receive a traffic frame and a frame forwarding module operative to forward the traffic frame to a second router in a second datacenter if a Destination Media Access Control (DMAC) address included in the traffic frame is different from all of the following: a Burned in Address of the router; a Burned in Address of at least one server associated with the router; a Media Access Control (MAC) address of one of a Hot Standby Routing Protocol (HSRP) group and a Virtual Router Redundancy Protocol (VRRP) group of the router; and a MAC address of one of a HSRP group and a VRRP group of a subnet hosted by the router.Type: GrantFiled: July 21, 2009Date of Patent: September 10, 2013Assignee: Cisco Technology, Inc.Inventors: Maurizio Portolani, Christian Elsen
-
Patent number: 8027354Abstract: Techniques are disclosed for virtualized server kernel and virtual networks consolidation. The network consolidation allows a data center to migrate from an infrastructure that uses multiple dedicated gigabit Ethernet Network Adapters to manage system virtualization and migration to an infrastructure using consolidated, redundant, 10 gigabit Ethernet adapters. Different priority classes may be defined for different classes of network traffic such as hypervisor management traffic, inter-host virtual machine migration traffic, virtual machine production traffic, virtualized switching control plane traffic, etc. Further, an enhanced transmission standard may be used to specify a minimum bandwidth guarantee for certain traffic classes. Thus, the hypervisor management and inter-host virtual machine migration traffic may be transmitted, even the presence of congestion.Type: GrantFiled: April 29, 2009Date of Patent: September 27, 2011Assignee: Cisco Technology, Inc.Inventors: Maurizio Portolani, Christian Elsen
-
Publication number: 20110206058Abstract: A particular networked machine broadcasts packets from its interfaces resulting in patterns of returned copies of the sent broadcast packets received on its interfaces. Based on these patterns, a determination is made to identify groupings of one or more of the interfaces that are considered by remote devices as being grouped together, as a broadcast packet transmitted from an interface belonging to a grouping will be received on, and only on, a single interface in each of the other groupings, with a grouping being one or more interfaces. In one implementation, a grouping is defined as a single independent interface, or an aggregation of two or more interfaces combined into a single logical interface, such as, but not limited to that of a PortChannel.Type: ApplicationFiled: February 24, 2010Publication date: August 25, 2011Applicant: Cisco Technology, Inc., a corporation of CaliforniaInventors: Christian Elsen, Pierre-Emmanuel Ettori
-
Publication number: 20110134793Abstract: A method and apparatus is disclosed for preventing loops on a network topology which includes virtual switches and virtual machines. For example, a virtualization management application may prevent loops from being introduced into a network topology where a virtual machine forwards traffic between any two (or more) virtual network interface cards (vNICs). A method to prevent loops may include receiving a request to create a virtual network interface (vNIC) for a virtual machine (VM) instance on a computing system, and in response to determining that the requested vNIC is to be connected to the same network segment as an existing vNIC of the VM instance, failing the request to generate the requested vNIC.Type: ApplicationFiled: December 3, 2009Publication date: June 9, 2011Inventors: CHRISTIAN ELSEN, Maurizio Portolani
-
Publication number: 20110019676Abstract: There is provided a router for use in a datacenter, the router including a frame receiving module operative to receive a traffic frame and a frame forwarding module operative to forward the traffic frame to a second router in a second datacenter if a Destination Media Access Control (DMAC) address included in the traffic frame is different from all of the following: a Burned in Address of the router; a Burned in Address of at least one server associated with the router; a Media Access Control (MAC) address of one of a Hot Standby Routing Protocol (HSRP) group and a Virtual Router Redundancy Protocol (VRRP) group of the router; and a MAC address of one of a HSRP group and a VRRP group of a subnet hosted by the router.Type: ApplicationFiled: July 21, 2009Publication date: January 27, 2011Inventors: Maurizio Portolani, Christian Elsen
-
Publication number: 20090313241Abstract: A method includes monitoring data packets exchanged in a computer network over which documents having respective location identifiers are distributed, so as to detect a request to access a given document. A location identifier of the given document is extracted from the request. The location identifier is provided to a search engine that searches for data in a set of the documents, so as to cause the search engine to add the given document to the set.Type: ApplicationFiled: June 16, 2008Publication date: December 17, 2009Inventor: Christian Elsen