Patents by Inventor Deepak Bansal
Deepak Bansal has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Publication number: 20220337526Abstract: Techniques are disclosed for processing data packets by a hardware-based networking device configured to disaggregate processing of data packets from hosts of a virtualized computing environment. The hardware-based networking device includes a hardware-based component implementing a plurality of behavioral models indicative of packet processing graphs for data flows in the virtualized computing environment. A data packet having a source from or destination to an endpoint in a virtual network of the virtualized computing environment is received. Based on determining that the data packet is a first packet of a data flow to or from the endpoint, one of the behavioral models is mapped to the data flow. The packet is modified in accordance with the mapped behavioral model. A state of the data flow is stored. Subsequent data packets of the data flow are processed based on the stored state.Type: ApplicationFiled: May 31, 2021Publication date: October 20, 2022Inventors: Gerald Roy DEGRACE, Deepak BANSAL, Rishabh TEWARI, Michal Czeslaw ZYGMUNT, Deven JAGASIA, Lihua YUAN
-
Publication number: 20220329520Abstract: Techniques are disclosed for processing data packets and implementing policies in a software defined network (SDN) of a virtual computing environment. At least two SDN appliances are configured to disaggregate enforcement of policies of the SDN from hosts of the virtual computing environment. The hosts are implemented on servers communicatively coupled to network interfaces of the SDN appliance. The servers host a plurality of virtual machines. The servers are communicatively coupled to network interfaces of at least two top-of-rack switches (ToRs). The SDN appliance comprises a plurality of smart network interface cards (sNICs) configured to implement functionality of the SDN appliance. The sNICs have a floating network interface configured to provide a virtual port connection to an endpoint within a virtual network of the virtual computing environment.Type: ApplicationFiled: May 31, 2021Publication date: October 13, 2022Inventors: Gerald Roy DEGRACE, Deepak BANSAL, Rishabh TEWARI, Michal Czeslaw ZYGMUNT, Deven JAGASIA
-
Publication number: 20220329528Abstract: Techniques are disclosed for processing data packets and implementing policies in a software defined network (SDN) of a virtual computing environment. At least two SDN appliances are configured to disaggregate enforcement of policies of the SDN from hosts of the virtual computing environment. The hosts are implemented on servers communicatively coupled to network interfaces of the SDN appliance. The servers host a plurality of virtual machines. The servers are communicatively coupled to network interfaces of at least two top-of-rack switches (ToRs). The SDN appliance comprises a plurality of smart network interface cards (sNICs) configured to implement functionality of the SDN appliance. The sNICs have a floating network interface configured to provide a virtual port connection to an endpoint within a virtual network of the virtual computing environment.Type: ApplicationFiled: May 31, 2021Publication date: October 13, 2022Inventors: Gerald Roy DEGRACE, Deepak BANSAL, Rishabh TEWARI, Michal Czeslaw ZYGMUNT, Deven JAGASIA
-
Publication number: 20220329527Abstract: Techniques are disclosed for processing data packets and implementing policies in a software defined network (SDN) of a virtual computing environment. At least one SDN appliance is configured to disaggregate enforcement of policies of the SDN from hosts of the virtual computing environment. The servers are communicatively coupled to network interfaces of the SDN appliance. The servers host a plurality of virtual machines The SDN appliance comprises a plurality of smart network interface cards (sNICs) configured to implement functionality of the SDN appliance.Type: ApplicationFiled: May 31, 2021Publication date: October 13, 2022Inventors: Gerald Roy DEGRACE, Deepak BANSAL, Rishabh TEWARI, Michal Czeslaw ZYGMUNT, Deven JAGASIA
-
Patent number: 11436053Abstract: A network appliance is configured to receive a packet having an address of a custom device as a source address. Policies are accessed that are applicable to a virtual network associated with the custom device. The policies are applied to the packet. A hairpin layer redirects the packet to a destination address contained in the packet. For subsequent packets, application of the policies is bypassed to the subsequent packets. Application of the policies is offloaded to an acceleration device.Type: GrantFiled: September 6, 2019Date of Patent: September 6, 2022Assignee: MICROSOFT TECHNOLOGY LICENSING, LLCInventors: Rishabh Tewari, Abhijeet Kumar, Neeraj Motwani, Daniel M. Firestone, Vivek Bhanu, Madhan Sivakumar, Michal Czeslaw Zygmunt, Deepak Bansal
-
Publication number: 20220150156Abstract: Described herein are systems and methods for supporting multicast for virtual networks. In some embodiments, a native multicast approach can utilized in which packet replication is performed on a host node of a virtual machine (VM) with a multicast data packet encapsulated in uniquely address unicast packets. In some embodiments, a network virtual appliance can be utilized. A multicast packet sent from the VM can be unicasted to the network virtual appliance. The multicast appliance can then replicate the packet into multiple copies and send the packets to the receivers in the virtual network as unicast data packets encapsulating the multicast packet.Type: ApplicationFiled: October 21, 2021Publication date: May 12, 2022Inventors: Harish Kumar CHANDRAPPA, Adarsh Kirnelli RANGAIAH, Milan DASGUPTA, Daniel Max FIRESTONE, Michal Czeslaw ZYGMUNT, Xinyan ZAN, Rishabh TEWARI, Eric Lawrence Albert LANTZ, Deepak BANSAL, Young LEE
-
Publication number: 20220086025Abstract: A virtual network comprising virtual machines executing at a computing environment is implemented. A floating network interface is attached to a software defined networking (SDN) appliance. The floating network interface is configured to provide a connection to computing resources via a virtual network of a virtual computing environment, and the floating network interface is attachable to and detachable from the SDN appliance. The SDN appliance is configured to apply policies of the virtual computing environment to data traffic on the virtual network.Type: ApplicationFiled: December 1, 2020Publication date: March 17, 2022Inventors: Rishabh TEWARI, Sumit Sharad DHOBLE, James Allen GRANTHAM, Avijit GUPTA, Daniel Max FIRESTONE, Deepak BANSAL, Manasi DEVAL, Anupam PANDEY, Gabriel SILVA, Narayan ANNAMALAI, Madhan SIVAKUMAR, Ezzeldin HAMED, David Aaron MALTZ
-
Publication number: 20220058046Abstract: Described herein is a system and method of connectivity migration of an executing virtual application and/or guest operating system. State associated with a first instance of an application and/or a guest operating system executing on a first virtual machine is captured. Information regarding connectivity state associated with a plurality of running connections between the first virtual machine and client device(s) is also captured (e.g., layers 2, 3 and 4). The captured state information can be provided to a second virtual machine which utilizes the captured station information to establish state for a second instance of the application, a second instance of the guest operating system, and/or connectivity of the plurality of running connections between the second virtual machine and client device(s). The state of the second instance of the application can be synchronized with the state of the second instance of the guest operating system.Type: ApplicationFiled: July 22, 2021Publication date: February 24, 2022Inventors: Deepak Bansal, Sameer Arun Verkhedkar, Sudheer Vaddi, Praveen Balasubramanian
-
Publication number: 20220038308Abstract: Systems and methods for enabling access to dedicated resources in a virtual network using top of rack switches are disclosed. A method includes a virtual filtering platform encapsulating at least one packet, received from a virtual machine, to generate at least one encapsulated packet comprising a virtual network identifier (VNI). The method further includes a TOR switch: (1) receiving the at least one encapsulated packet and decapsulating the at least one encapsulated packet to create at least one decapsulated packet, (2) using the VNI to identify a virtual routing and forwarding artifact to determine a virtual local area network interface associated with the dedicated hardware portion, and (3) transmitting the at least one decapsulated packet to the dedicated hardware portion based on at least one policy provided by a controller, where the at least one policy comprises information related to a customer of the service provider.Type: ApplicationFiled: August 20, 2021Publication date: February 3, 2022Inventors: Neeraj Motwani, Rishabh Tewari, Pranjal Shrivastava, Deepak Bansal, Vaibhav Kumar, Nisheeth Srivastava, Abhishek Shukla, Rangaprasad Narasimhan, Vinayak Uppunda Padiyar, James Boerner, Avijit Gupta
-
Patent number: 11190406Abstract: A virtual network comprising virtual machines executing at a computing environment is implemented. A flexibly extensible NIC (eNIC) is executed at a software defined networking (SDN) appliance. A data packet is received that is addressed to a host that is connected to the virtual network. Based on a layer 2 address and a network identifier, the virtual switch identifies the host represented by the eNIC that is associated with the data packet. A policy associated with the host is determined and applied to the data packet. The policy is dynamically adjustable based on the host.Type: GrantFiled: December 1, 2020Date of Patent: November 30, 2021Assignee: MICROSOFT TECHNOLOGY LICENSING, LLCInventors: Rishabh Tewari, Sumit Sharad Dhoble, Madhan Sivakumar, Manasi Deval, Avijit Gupta, Pranjal Shrivastava, Zexuan Zhao, Jun Tse Chen, Sirshak Das, Sahil Aggarwal, Weixi Chen, Bhushan Vinayak Bhise, Devan Harikumar, Arun Jeedigunta Venkata Satya, Deepak Bansal
-
Patent number: 11184274Abstract: Described herein are systems and methods for supporting multicast for virtual networks. In some embodiments, a native multicast approach can utilized in which packet replication is performed on a host node of a virtual machine (VM) with a multicast data packet encapsulated in uniquely address unicast packets. In some embodiments, a network virtual appliance can be utilized. A multicast packet sent from the VM can be unicasted to the network virtual appliance. The multicast appliance can then replicate the packet into multiple copies and send the packets to the receivers in the virtual network as unicast data packets encapsulating the multicast packet.Type: GrantFiled: May 31, 2019Date of Patent: November 23, 2021Assignee: Microsoft Technology Licensing, LLCInventors: Harish Kumar Chandrappa, Adarsh Kirnelli Rangaiah, Milan Dasgupta, Daniel Max Firestone, Michal Czeslaw Zygmunt, Xinyan Zan, Rishabh Tewari, Eric Lawrence Albert Lantz, Deepak Bansal, Young Lee
-
Publication number: 20210349759Abstract: Techniques are disclosed for dynamically adjusting a throttling threshold in a multi-tenant virtualized computing environment. System health parameters are collected during a predetermined time interval. A system health status of the multi-tenant virtualized computing environment is determined. Based on the system health status, a throttling threshold for service requests for the multi-tenant virtualized computing environment is determined. The throttling threshold is applied for further service requests. During a subsequent time interval, an updated system health status of the multi-tenant virtualized computing environment is determined based on system health parameters received during the subsequent time interval. The throttling threshold is updated based on the updated system health status. The updated throttling threshold is applied for further service requests.Type: ApplicationFiled: May 8, 2020Publication date: November 11, 2021Inventors: Deepak BANSAL, Vaibhav KUMAR, Xin YAN
-
Publication number: 20210326160Abstract: A virtual network comprising virtual machines executing at a computing environment remote from the virtualized computing service provider is implemented. A control plane management functions is configured to provide and implement the virtual machines of the virtual network and executed at the virtualized computing service provider. Data plane management functions are configured to manage data traffic to and from the virtual machines of the virtual network and executed at the remote computing environment. A secure network connection between the virtualized computing service provider and the remote computing environment is established. The control plane management functions cause instantiation of the virtual machines of the virtual network at the remote computing environment. Using the control plane management functions executing at the virtualized computing service provider, operation of the virtual machines of the virtual network is managed.Type: ApplicationFiled: April 20, 2020Publication date: October 21, 2021Inventors: Deepak BANSAL, Qi Zhang
-
Publication number: 20210306313Abstract: The disclosed system implements techniques to secure communications for injecting a workload (e.g., a container) into a virtual network hosted by a cloud-based platform. Based on a delegation instruction received from a tenant, a virtual network of the tenant can connect to and execute a workload via a virtual machine that is part of a virtual network that belongs to a resource provider. To secure calls and authorize access to the tenant's virtual network, authentication information provided with a call from the virtual network of the resource provider may need to match authorization information made available via a publication service of the cloud-based platform. Additionally or alternatively, an identifier of a NIC used to make a call may need to correspond to a registered name of the resource provider for the call to be authorized. These checks provide increased security by preventing unauthorized calls to the tenant's virtual network.Type: ApplicationFiled: June 10, 2021Publication date: September 30, 2021Inventors: Abhijeet Kumar, Aanand RAMACHANDRAN, Jayesh KUMARAN, David Michael BRUMLEY, Rishabh TEWARI, Nisheeth SRIVASTAVA, Sushant SHARMA, Deepak BANSAL, Abhishek Ellore SREENATH, Parag SHARMA, Abhishek SHUKLA, Avijit GUPTA
-
Patent number: 11128490Abstract: Systems and methods for enabling access to dedicated resources in a virtual network using top of rack switches are disclosed. A method includes a virtual filtering platform encapsulating at least one packet, received from a virtual machine, to generate at least one encapsulated packet comprising a virtual network identifier (VNI). The method further includes a TOR switch: (1) receiving the at least one encapsulated packet and decapsulating the at least one encapsulated packet to create at least one decapsulated packet, (2) using the VNI to identify a virtual routing and forwarding artifact to determine a virtual local area network interface associated with the dedicated hardware portion, and (3) transmitting the at least one decapsulated packet to the dedicated hardware portion based on at least one policy provided by a controller, where the at least one policy comprises information related to a customer of the service provider.Type: GrantFiled: July 15, 2019Date of Patent: September 21, 2021Assignee: Microsoft Technology Licensing, LLCInventors: Neeraj Motwani, Rishabh Tewari, Pranjal Shrivastava, Deepak Bansal, Vaibhav Kumar, Nisheeth Srivastava, Abhishek Shukla, Rangaprasad Narasimhan, Vinayak Uppunda Padiyar, James Boerner, Avijit Gupta
-
Patent number: 11106482Abstract: Described herein is a system and method of connectivity migration of an executing virtual application and/or guest operating system. State associated with a first instance of an application and/or a guest operating system executing on a first virtual machine is captured. Information regarding connectivity state associated with a plurality of running connections between the first virtual machine and client device(s) is also captured (e.g., layers 2, 3 and 4). The captured state information can be provided to a second virtual machine which utilizes the captured station information to establish state for a second instance of the application, a second instance of the guest operating system, and/or connectivity of the plurality of running connections between the second virtual machine and client device(s). The state of the second instance of the application can be synchronized with the state of the second instance of the guest operating system.Type: GrantFiled: May 31, 2019Date of Patent: August 31, 2021Assignee: Microsoft Technology Licensing, LLCInventors: Deepak Bansal, Sameer Arun Verkhedkar, Sudheer Vaddi, Praveen Balasubramanian
-
Patent number: 11102079Abstract: Virtual networks located in different regions of cloud provider are peered using unique regional identifiers for the virtual networks. The regional identifiers and other information are pushed down a network management stack to implement the peering.Type: GrantFiled: April 17, 2018Date of Patent: August 24, 2021Assignee: Microsoft Technology Licensing, LLCInventors: Anavi Arun Nahar, David M. Brumley, Harish Kumar Chandrappa, Neeraj Motwani, Nisheeth Srivastava, Rishabh Tewari, Vaibhav Kumar, Vishal Taneja, Vladimir Serov, Xinyan Zan, Deepak Bansal, Narayan Annamalai, Milan Dasgupta
-
Patent number: 11102164Abstract: A virtual network comprising virtual machines executing at a computing environment is implemented. A software defined networking (SDN) appliance is configured to provide a connection to computing resources via a virtual network of a virtual computing environment. The SDN appliance is configured to apply policies of the virtual computing environment to data traffic on the virtual network. The SDN appliance is operable to interact with multiple network devices that are configured to act as a hardware acceleration device for processing data traffic. Virtual addresses are assigned to the network devices. The SDN appliance executes a virtual switch configured to identify data traffic sent to or received from a host and act as a proxy for the network devices and respond on their behalf.Type: GrantFiled: December 1, 2020Date of Patent: August 24, 2021Assignee: Microsoft Technology Licensing, LLCInventors: Avijit Gupta, Anish Sagar Narsian, Hang Kwong Lee, Sumit Sharad Dhoble, Manasi Deval, James Wesley Boerner, Rishabh Tewari, Pranjal Shrivastava, Sonia Sharma, Deepak Bansal
-
Patent number: 11063857Abstract: Techniques are described herein that are capable of monitoring connectivity and latency of network links in virtual networks. For instance, a ping agent injects first ping packets into network traffic on behalf of hosts in the virtual network. The ping agent monitors incoming packets to identify first ping response packets, which are in response to the first ping packets, among the incoming packets. A ping responder rule that is included in inbound packet filter rules for a port in a virtual switch intercepts second ping packets in the network traffic. The ping responder rule converts the second ping packets into second ping response packets and injects the second ping response packets into outbound packet filter rules to be transferred to sources from which the second ping packets are received.Type: GrantFiled: November 21, 2018Date of Patent: July 13, 2021Assignee: Microsoft Technology Licensing, LLCInventors: Rishabh Tewari, Daniel Firestone, Harish Kumar Chandrappa, Anitha Adusumilli, David Michael Brumley, Deepak Bansal, Albert Gordon Greenberg, Parag Sharma, Arjun Roy
-
Patent number: 11038866Abstract: The disclosed system implements techniques to secure communications for injecting a workload (e.g., a container) into a virtual network hosted by a cloud-based platform. Based on a delegation instruction received from a tenant, a virtual network of the tenant can connect to and execute a workload via a virtual machine that is part of a virtual network that belongs to a resource provider. To secure calls and authorize access to the tenant's virtual network, authentication information provided in association with a call from the virtual network of the resource provider may need to match authorization information made available via a publication service of the cloud-based platform. Moreover, an identifier of a NIC used to make a call may need to correspond to a registered name of the resource provider for the call to be authorized. These checks provide increased security by preventing unauthorized calls from accessing the tenant's virtual network.Type: GrantFiled: December 27, 2018Date of Patent: June 15, 2021Assignee: Microsoft Technology Licensing, LLCInventors: Abhijeet Kumar, Aanand Ramachandran, Jayesh Kumaran, David Michael Brumley, Rishabh Tewari, Nisheeth Srivastava, Sushant Sharma, Deepak Bansal, Abhishek Ellore Sreenath, Parag Sharma, Abhishek Shukla, Avijit Gupta