Patents by Inventor Diheng Qu
Diheng Qu has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11811601Abstract: A controller device includes a memory and one or more processors coupled to the memory. The memory stores instructions that, when executed, cause the one or more processors to receive a query indicating a first time and a network service, determine a first set of configuration elements using telemetry data associated with the first time and the network service, and determine a second set of configuration elements using an intent model. The instructions further cause the one or more processors to determine one or more first metrics that occur at the first time using the first set of configuration elements and the second set of configuration elements, determine one or more second metrics at a second time using telemetry data received from the plurality of network devices, and generate data representing a user interface presenting the one or more first metrics and the one or more second metrics.Type: GrantFiled: November 28, 2022Date of Patent: November 7, 2023Assignee: Juniper Networks, Inc.Inventors: Diheng Qu, Atul Bhaskarrao Patil, Ilia Kharin, JP Senior
-
Publication number: 20230318917Abstract: A controller device includes a memory and one or more processors coupled to the memory. The memory stores instructions that, when executed, cause the one or more processors to receive a query indicating a first time and a network service, determine a first set of configuration elements using telemetry data associated with the first time and the network service, and determine a second set of configuration elements using an intent model. The instructions further cause the one or more processors to determine one or more first metrics that occur at the first time using the first set of configuration elements and the second set of configuration elements, determine one or more second metrics at a second time using telemetry data received from the plurality of network devices, and generate data representing a user interface presenting the one or more first metrics and the one or more second metrics.Type: ApplicationFiled: November 28, 2022Publication date: October 5, 2023Inventors: Diheng Qu, Atul Bhaskarrao Patil, Ilia Kharin, JP Senior
-
Patent number: 11729075Abstract: A controller device includes a memory and one or more processors coupled to the memory. The memory stores instructions that, when executed, cause the one or more processors to receive, from a set of sensor devices, first telemetry data indicating a first set of changes for telemetry parameters that occur during a first time range. The instructions further cause the one or more processors to determine, using the first snapshot and the first telemetry data, a second snapshot that specifies a first complete state at an end of the first time range. The instructions further cause the one or more processors to determine a second complete state of the telemetry parameters for the second time range based on the second snapshot and second telemetry data indicating a second set of changes for the set of telemetry parameters that occur during a second time range.Type: GrantFiled: March 31, 2022Date of Patent: August 15, 2023Assignee: Juniper Networks, Inc.Inventors: Diheng Qu, Atul Bhaskarrao Patil, Rajeev Menon Kadekuzhi
-
Patent number: 11582099Abstract: A controller device includes a memory and one or more processors coupled to the memory. The memory stores instructions that, when executed, cause the one or more processors to receive a query indicating a first time and a network service, determine a first set of configuration elements using telemetry data associated with the first time and the network service, and determine a second set of configuration elements using an intent model. The instructions further cause the one or more processors to determine one or more first metrics that occur at the first time using the first set of configuration elements and the second set of configuration elements, determine one or more second metrics at a second time using telemetry data received from the plurality of network devices, and generate data representing a user interface presenting the one or more first metrics and the one or more second metrics.Type: GrantFiled: March 31, 2022Date of Patent: February 14, 2023Assignee: JUNIPER NETWORKS, INC.Inventors: Diheng Qu, Atul Bhaskarrao Patil, Ilia Kharin, J P Senior
-
Patent number: 11539586Abstract: A controller device includes a memory and one or more processors coupled to the memory. The memory stores instructions that, when executed, cause the one or more processors to receive a query indicating a first time and a network service, determine a first set of configuration elements using telemetry data associated with the first time and the network service, and determine a second set of configuration elements using an intent model. The instructions further cause the one or more processors to determine one or more first metrics that occur at the first time using the first set of configuration elements and the second set of configuration elements, determine one or more second metrics at a second time using telemetry data received from the plurality of network devices, and generate data representing a user interface presenting the one or more first metrics and the one or more second metrics.Type: GrantFiled: March 31, 2022Date of Patent: December 27, 2022Assignee: JUNIPER NETWORKS, INC.Inventors: Diheng Qu, Atul Bhaskarrao Patil, Ilia Kharin, J P Senior
-
Patent number: 10135951Abstract: Methods and apparatus for providing one-arm node clustering using a port channel are provided herein. An example application node may be communicatively connected to at least one application node, and the application node may be connected to a network through a port channel. The application node may include: a link included in the port channel for accommodating the network data being communicated between the remote client and server; and a processor configured to send/receive a cluster control packet to/from the at least one application node through the link included in the port channel.Type: GrantFiled: December 28, 2016Date of Patent: November 20, 2018Assignee: Cisco Technology, Inc.Inventors: Chao Feng, Nitesh G. Soni, Pramod Cherukumilli, Diheng Qu, Suresh Kumar Nalluru, Samar Sharma
-
Publication number: 20170111479Abstract: Methods and apparatus for providing one-arm node clustering using a port channel are provided herein. An example application node may be communicatively connected to at least one application node, and the application node may be connected to a network through a port channel. The application node may include: a link included in the port channel for accommodating the network data being communicated between the remote client and server; and a processor configured to send/receive a cluster control packet to/from the at least one application node through the link included in the port channel.Type: ApplicationFiled: December 28, 2016Publication date: April 20, 2017Inventors: Chao Feng, Nitesh G. Soni, Pramod Cherukumilli, Diheng Qu, Suresh Kumar Nalluru, Samar Sharma
-
Patent number: 9560168Abstract: Methods and apparatus for providing one-arm node clustering using a port channel are provided herein. An example application node may be communicatively connected to at least one application node, and the application node may be connected to a network through a port channel. The application node may include: a link included in the port channel for accommodating the network data being communicated between the remote client and server; and a processor configured to send/receive a cluster control packet to/from the at least one application node through the link included in the port channel.Type: GrantFiled: May 5, 2015Date of Patent: January 31, 2017Assignee: Cisco Technology, Inc.Inventors: Chao Feng, Nitesh G. Soni, Pramod Cherukumilli, Diheng Qu, Suresh Kumar Nalluru, Samar Sharma
-
Patent number: 9154512Abstract: Methods and apparatus are disclosed for processing data packets using a router and a proxy in order to transparently proxy a connection between a client and a server. One method involves mapping a TCP connection to a connection ID and sending a segment from the TCP connection to a proxy, including the connection ID, a direction value and an identifier of an assigned proxy application, such that the segment appears to be from the connection. The method further involves a proxy creating and reading from an IP socket which corresponds to the segment, the connection ID, direction and assigned proxy application and then spoofing the segment using the connection ID, a second direction value, and an identifier of the assigned proxy application.Type: GrantFiled: March 30, 2006Date of Patent: October 6, 2015Assignee: Cisco Technology, Inc.Inventors: Diheng Qu, Nicholas Leavy
-
Patent number: 9143439Abstract: A method is provided in one example and includes receiving a request message from a first network element using an out-of-band control link. The request message includes a request to bundle a first port associated with the first network element into a channel group associated with a cluster. The cluster includes a plurality of clustered network elements. The method further includes determining a status of the first port with respect to the channel group, and sending a reply message to the first network element using the out-of-band control link. The reply message indicates the determined status of the first port of the first network element.Type: GrantFiled: July 23, 2012Date of Patent: September 22, 2015Assignee: CISCO TECHNOLOGY, INC.Inventors: Xun Wang, Diheng Qu
-
Publication number: 20150237170Abstract: Methods and apparatus for providing one-arm node clustering using a port channel are provided herein. An example application node may be communicatively connected to at least one application node, and the application node may be connected to a network through a port channel. The application node may include: a link included in the port channel for accommodating the network data being communicated between the remote client and server; and a processor configured to send/receive a cluster control packet to/from the at least one application node through the link included in the port channel.Type: ApplicationFiled: May 5, 2015Publication date: August 20, 2015Inventors: Chao Feng, Nitesh G. Soni, Pramod Cherukumilli, Diheng Qu, Suresh Kumar Nalluru, Samar Sharma
-
Patent number: 9088584Abstract: An example method includes disengaging a target node from a cluster, where the disengaging comprises: selecting an inheritor; migrating flows from the target node to the inheritor; informing a migration manager that the target node is disengaged from the cluster; and broadcasting to peer nodes of the target node that the target node is replaced by the inheritor. In particular implementations of the present disclosure, the cluster can include a first layer of a network topology including a forwarding engine that implements hash-based packet forwarding; a second layer of the network topology comprising the target node and the inheritor, where the target node and the inheritor implement flow-based packet forwarding; and a third layer including service nodes configured for packet processing in a network.Type: GrantFiled: December 16, 2011Date of Patent: July 21, 2015Assignee: CISCO TECHNOLOGY, INC.Inventors: Chao Feng, Samar Sharma, Ronak Desai, Diheng Qu
-
Patent number: 9025597Abstract: Methods and apparatus for providing one-arm node clustering using a port channel are provided herein. An example application node may be communicatively connected to at least one application node, and the application node may be connected to a network through a port channel. The application node may include: a link included in the port channel for accommodating the network data being communicated between the remote client and server; and a processor configured to send/receive a cluster control packet to/from the at least one application node through the link included in the port channel.Type: GrantFiled: March 22, 2012Date of Patent: May 5, 2015Assignee: Cisco Technology, Inc.Inventors: Chao Feng, Nitesh G. Soni, Pramod Cherukumilli, Diheng Qu, Suresh Kumar Nalluru, Samar Sharma
-
Publication number: 20140025736Abstract: A method is provided in one example and includes receiving a request message from a first network element using an out-of-band control link. The request message includes a request to bundle a first port associated with the first network element into a channel group associated with a cluster. The cluster includes a plurality of clustered network elements. The method further includes determining a status of the first port with respect to the channel group, and sending a reply message to the first network element using the out-of-band control link. The reply message indicates the determined status of the first port of the first network element.Type: ApplicationFiled: July 23, 2012Publication date: January 23, 2014Inventors: Xun Wang, Diheng Qu
-
Publication number: 20130250952Abstract: Methods and apparatus for providing one-arm node clustering using a port channel are provided herein. An example application node may be communicatively connected to at least one application node, and the application node may be connected to a network through a port channel. The application node may include: a link included in the port channel for accommodating the network data being communicated between the remote client and server; and a processor configured to send/receive a cluster control packet to/from the at least one application node through the link included in the port channel.Type: ApplicationFiled: March 22, 2012Publication date: September 26, 2013Applicant: CISCO TECHNOLOGY, INC.Inventors: Chao Feng, Nitesh G. Soni, Pramod Cherukumilli, Diheng Qu, Suresh Kumar Nalluru, Samar Sharma
-
Publication number: 20130155902Abstract: An example method includes disengaging a target node from a cluster, where the disengaging comprises: selecting an inheritor; migrating flows from the target node to the inheritor; informing a migration manager that the target node is disengaged from the cluster; and broadcasting to peer nodes of the target node that the target node is replaced by the inheritor. In particular implementations of the present disclosure, the cluster can include a first layer of a network topology including a forwarding engine that implements hash-based packet forwarding; a second layer of the network topology comprising the target node and the inheritor, where the target node and the inheritor implement flow-based packet forwarding; and a third layer including service nodes configured for packet processing in a network.Type: ApplicationFiled: December 16, 2011Publication date: June 20, 2013Inventors: Chao Feng, Samar Sharma, Ronak Desai, Diheng Qu
-
Patent number: 7506054Abstract: A method and apparatus that provide network access control are disclosed. In one embodiment, a network device is configured to intercept network traffic initiated from a client and directed toward a network resource, and to locally authenticate the client. Authentication is carried out by comparing information identifying the client to authentication information stored in the network device. In one embodiment, an authentication cache in the network device stores the authentication information. If the client identifying information is authenticated successfully against the stored authentication information, the network device is dynamically re-configured to allow network traffic initiated by the client to reach the network resource. If local authentication fails, new stored authentication is created for the client, and the network device attempts to authenticate the client using a remote authentication server.Type: GrantFiled: June 30, 2003Date of Patent: March 17, 2009Assignee: Cisco Technology, Inc.Inventors: Tzong-Fen Fuh, Serene H. Fan, Diheng Qu
-
Publication number: 20070233877Abstract: Methods and apparatus are disclosed for processing data packets using a router and a proxy in order to transparently proxy a connection between a client and a server. One method involves mapping a TCP connection to a connection ID and sending a segment from the TCP connection to a proxy, including the connection ID, a direction value and an identifier of an assigned proxy application, such that the segment appears to be from the connection. The method further involves a proxy creating and reading from an IP socket which corresponds to the segment, the connection ID, direction and assigned proxy application and then spoofing the segment using the connection ID, a second direction value, and an identifier of the assigned proxy application.Type: ApplicationFiled: March 30, 2006Publication date: October 4, 2007Inventors: Diheng Qu, Nicholas Leavy, Richard Fox
-
Patent number: 6854063Abstract: A firewall system and method which optimizes the performance of the firewall process by reducing overhead associated with ACL verification and firewall application-level authorization. The firewall system comprises a session manager operating in the firewall services component and a firewall module operating in the switching process component. In one embodiment, the firewall module is configured to provide certain “non-application” level inspection of data packets and update the context of “sessions” associated with the data packets without sending the packets to the firewall services component using session information provided by the session manager.Type: GrantFiled: March 3, 2000Date of Patent: February 8, 2005Assignee: Cisco Technology, Inc.Inventors: Diheng Qu, Kevin Li, Sami Boutros, Seren Fan, Steve Truong
-
Patent number: 6609154Abstract: A method and apparatus that provide network access control are disclosed. In one embodiment, a network device is configured to intercept network traffic initiated from a client and directed toward a network resource, and to locally authenticate the client. Authentication is carried out by comparing information identifying the client to authentication information stored in the network device. In one embodiment, an authentication cache in the network device stores the authentication information. If the client identifying information is authenticated successfully against the stored authentication information, the network device is dynamically re-configured to allow network traffic initiated by the client to reach the network resource. If local authentication fails, new stored authentication is created for the client, and the network device attempts to authenticate the client using a remote authentication server.Type: GrantFiled: October 3, 2002Date of Patent: August 19, 2003Assignee: Cisco Technology, Inc.Inventors: Tzong-Fen Fuh, Serene H. Fan, Diheng Qu