Patents by Inventor Edward A. Warnicke
Edward A. Warnicke has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Publication number: 20230385120Abstract: A method, computer system, and computer program product are provided for performing admission control tasks. A universal reference for an executing application is obtained, wherein the universal reference identifies one or more components of the executing application by additional universal references assigned to the one or more components. A description of the executing application is determined by enumerating each additional universal reference of the one or more components and additional sub-components, wherein the description exhaustively identifies components and sub-components of the executing application. The identified one or more components and sub-components are assessed to perform an admission control operation between the executing application and a second application.Type: ApplicationFiled: May 27, 2022Publication date: November 30, 2023Inventors: Eric A. Voit, Edward A. Warnicke, Jeffrey G. Schutt
-
Patent number: 11824765Abstract: Systems, methods, and devices are disclosed for re-routing network traffic directed to a pod device. Traffic is routed from an ingress device towards a first node in communication with multiple pods. In response to the detection of a failure event associated with the first pod, a network device address of the first pod is removed from a routing table. If a packet is received from the ingress device that is destined for a service, the routing table is used to look up a pod for handling a service request associated with the service. A network device address of a second pod is determined based on not finding the network device address of the first pod in the routing table. The packet is then forwarded to the second pod using the second device address before the ingress device knows that the first pod has failed.Type: GrantFiled: December 19, 2018Date of Patent: November 21, 2023Assignee: Cisco Technology, Inc.Inventors: Giles Douglas Yorke Heron, Edward A. Warnicke
-
Publication number: 20230319044Abstract: A method, computer system, and computer program product are provided for performing logging, securing communications, and performing digital forensics tasks based on universal references for hardware and/or software configurations. A universal reference, obtained by a first entity, is included in a request of a second entity, wherein the universal reference identifies one or more components of the second entity using additional universal references assigned to each of the one or more components. It is determined whether the first entity is authorized to receive data from the second entity based on the universal reference. Based on the determining, data is received from the second entity.Type: ApplicationFiled: July 8, 2022Publication date: October 5, 2023Inventors: Edward A. Warnicke, Jeffrey G. Schutt, Eric A. Voit
-
Publication number: 20230261999Abstract: In one embodiment, a device of a software-defined wide area network (SD-WAN) receives, from a cloud-native application, contextual data for the cloud-native application that identifies microservices of the cloud-native application. The device translates the contextual data for the cloud-native application into a network policy for traffic in the SD-WAN associated with the cloud-native application. The device applies the network policy to a traffic flow in the SD-WAN between an endpoint and a particular microservice of the cloud-native application.Type: ApplicationFiled: April 26, 2023Publication date: August 17, 2023Inventors: Sridhar Subramanian, Fabio Rodolfo Maino, Alberto Rodriguez Natal, Vijoy Anand Pandey, Edward A. Warnicke, John Andrew Joyce, Timothy James Swanson, Loránd Jakab
-
Patent number: 11665095Abstract: In one embodiment, a device of a software-defined wide area network (SD-WAN) receives, from a cloud-native application, contextual data for the cloud-native application that identifies microservices of the cloud-native application. The device translates the contextual data for the cloud-native application into a network policy for traffic in the SD-WAN associated with the cloud-native application. The device applies the network policy to a traffic flow in the SD-WAN between an endpoint and a particular microservice of the cloud-native application.Type: GrantFiled: August 3, 2020Date of Patent: May 30, 2023Assignee: Cisco Technology, Inc.Inventors: Sridhar Subramanian, Fabio Rodolfo Maino, Alberto Rodriguez Natal, Vijoy Anand Pandey, Edward A. Warnicke, John Andrew Joyce, Timothy James Swanson, Loránd Jakab
-
Publication number: 20230126959Abstract: A method, computer system, and computer program product are provided for performing policy enforcement, attestation, and network forensics. A universal reference for a computing entity is obtained, wherein the universal reference identifies one or more components of the computing entity by additional universal references assigned to the one or more components. A hierarchical description of the computing entity is determined by enumerating each additional universal reference of the one or more components and additional sub-components, wherein the hierarchical description exhaustively identifies the components and sub-components of the computing entity. The hierarchical description is analyzed by accessing a database to identify mappings of the one or more additional universal references to the one or more components and sub-components.Type: ApplicationFiled: October 21, 2021Publication date: April 27, 2023Inventors: Jeffrey G. Schutt, Edward A. Warnicke
-
Patent number: 11283707Abstract: Systems and methods provide for segment routing (SR) with fast reroute in a container network. An SR ingress can receive a packet from a first container destined for a container service. The ingress can generate an SR packet including a segment list comprising a first segment to a first container service host, a second segment to a second service host, and a third segment to the service. The ingress can forward the SR packet to a first SR egress corresponding to the first host using the first segment. The first egress can determine whether the first service and/or host is reachable. If so, the first egress can forward the SR packet to the first host or the packet to the service. If not, the first egress can perform a fast reroute and forward the SR packet to a second SR egress corresponding to the second host using the second segment.Type: GrantFiled: October 15, 2020Date of Patent: March 22, 2022Assignee: CISCO TECHNOLOGY, INC.Inventors: Giles Douglas Yorke Heron, Edward A. Warnicke, William Mark Townsley, Yoann Desmouceaux
-
Patent number: 11228651Abstract: Techniques for network validation are provided. A first request is received at a first manager component, from a first client. The first client and the first manager component are on a first node of a plurality of nodes, and the first request specifies a desired network service. A first network service endpoint that is capable of providing the desired network service is identified, where the first network service endpoint is on a second node of the plurality of nodes. A connection is established between a first validation agent on the first node and a second validation agent on the second node. Finally, upon determining that the connection between the first and second validation agents satisfies predefined criteria, a connection is established between the first client and the first network service endpoint.Type: GrantFiled: September 3, 2019Date of Patent: January 18, 2022Assignee: Cisco Technology, Inc.Inventors: Edward A. Warnicke, Nagendra Kumar Nainar, Carlos M. Pignataro, Rajiv Asati
-
Patent number: 11223567Abstract: A first node in a service mesh is configured to perform one or more services on network traffic obtained from an upstream network element via a pre-existing Transmission Control Protocol (TCP) session and provide the network traffic obtained from the upstream network element via the pre-existing TCP session to a downstream network element. The first node determines that the first node should no longer obtain the network traffic from the upstream network element via the pre-existing TCP session. In response, the first node provides state information for the pre-existing TCP session to the downstream network element. The downstream network element is configured to establish a new TCP session having the state information for the pre-existing TCP session with the upstream network element and to obtain further network traffic from the upstream network element via the new TCP session. The first node terminates the pre-existing TCP session.Type: GrantFiled: January 18, 2019Date of Patent: January 11, 2022Assignee: CISCO TECHNOLOGY, INC.Inventors: Edward A. Warnicke, William Mark Townsley
-
Publication number: 20210266262Abstract: In one embodiment, a device of a software-defined wide area network (SD-WAN) receives, from a cloud-native application, contextual data for the cloud-native application that identifies microservices of the cloud-native application. The device translates the contextual data for the cloud-native application into a network policy for traffic in the SD-WAN associated with the cloud-native application. The device applies the network policy to a traffic flow in the SD-WAN between an endpoint and a particular microservice of the cloud-native application.Type: ApplicationFiled: August 3, 2020Publication date: August 26, 2021Inventors: Sridhar Subramanian, Fabio Rodolfo Maino, Alberto Rodriguez Natal, Vijoy Anand Pandey, Edward A. Warnicke, John Andrew Joyce, Timothy James Swanson, Loránd Jakab
-
Publication number: 20210067592Abstract: Techniques for network validation are provided. A first request is received at a first manager component, from a first client. The first client and the first manager component are on a first node of a plurality of nodes, and the first request specifies a desired network service. A first network service endpoint that is capable of providing the desired network service is identified, where the first network service endpoint is on a second node of the plurality of nodes. A connection is established between a first validation agent on the first node and a second validation agent on the second node. Finally, upon determining that the connection between the first and second validation agents satisfies predefined criteria, a connection is established between the first client and the first network service endpoint.Type: ApplicationFiled: September 3, 2019Publication date: March 4, 2021Inventors: Edward A. WARNICKE, Nagendra Kumar NAINAR, Carlos M. PIGNATARO, Rajiv ASATI
-
Publication number: 20210036951Abstract: Systems and methods provide for segment routing (SR) with fast reroute in a container network. An SR ingress can receive a packet from a first container destined for a container service. The ingress can generate an SR packet including a segment list comprising a first segment to a first container service host, a second segment to a second service host, and a third segment to the service. The ingress can forward the SR packet to a first SR egress corresponding to the first host using the first segment. The first egress can determine whether the first service and/or host is reachable. If so, the first egress can forward the SR packet to the first host or the packet to the service. If not, the first egress can perform a fast reroute and forward the SR packet to a second SR egress corresponding to the second host using the second segment.Type: ApplicationFiled: October 15, 2020Publication date: February 4, 2021Inventors: Giles Douglas Yorke Heron, Edward A. Warnicke, William Mark Townsley, Yoann Desmouceaux
-
Patent number: 10812374Abstract: Systems and methods provide for segment routing (SR) with fast reroute in a container network. An SR ingress can receive a packet from a first container destined for a container service. The ingress can generate an SR packet including a segment list comprising a first segment to a first container service host, a second segment to a second service host, and a third segment to the service. The ingress can forward the SR packet to a first SR egress corresponding to the first host using the first segment. The first egress can determine whether the first service and/or host is reachable. If so, the first egress can forward the SR packet to the first host or the packet to the service. If not, the first egress can perform a fast reroute and forward the SR packet to a second SR egress corresponding to the second host using the second segment.Type: GrantFiled: September 21, 2018Date of Patent: October 20, 2020Assignee: CISCO TECHNOLOGY, INC.Inventors: Giles Douglas Yorke Heron, Edward A. Warnicke, William Mark Townsley, Yoann Desmouceaux
-
Publication number: 20200236055Abstract: A first node in a service mesh is configured to perform one or more services on network traffic obtained from an upstream network element via a pre-existing Transmission Control Protocol (TCP) session and provide the network traffic obtained from the upstream network element via the pre-existing TCP session to a downstream network element. The first node determines that the first node should no longer obtain the network traffic from the upstream network element via the pre-existing TCP session. In response, the first node provides state information for the pre-existing TCP session to the downstream network element. The downstream network element is configured to establish a new TCP session having the state information for the pre-existing TCP session with the upstream network element and to obtain further network traffic from the upstream network element via the new TCP session. The first node terminates the pre-existing TCP session.Type: ApplicationFiled: January 18, 2019Publication date: July 23, 2020Inventors: Edward A. Warnicke, William Mark Townsley
-
Publication number: 20200204481Abstract: Systems, methods, and devices are disclosed for re-routing network traffic directed to a pod device. Traffic is routed from an ingress device towards a first node in communication with multiple pods. In response to the detection of a failure event associated with the first pod, a network device address of the first pod is removed from a routing table. If a packet is received from the ingress device that is destined for a service, the routing table is used to look up a pod for handling a service request associated with the service. A network device address of a second pod is determined based on not finding the network device address of the first pod in the routing table. The packet is then forwarded to the second pod using the second device address before the ingress device knows that the first pod has failed.Type: ApplicationFiled: December 19, 2018Publication date: June 25, 2020Inventors: Giles Douglas Yorke Heron, Edward A. Warnicke
-
Publication number: 20200099610Abstract: Systems and methods provide for segment routing (SR) with fast reroute in a container network. An SR ingress can receive a packet from a first container destined for a container service. The ingress can generate an SR packet including a segment list comprising a first segment to a first container service host, a second segment to a second service host, and a third segment to the service. The ingress can forward the SR packet to a first SR egress corresponding to the first host using the first segment. The first egress can determine whether the first service and/or host is reachable. If so, the first egress can forward the SR packet to the first host or the packet to the service. If not, the first egress can perform a fast reroute and forward the SR packet to a second SR egress corresponding to the second host using the second segment.Type: ApplicationFiled: September 21, 2018Publication date: March 26, 2020Inventors: Giles Douglas Yorke Heron, Edward A. Warnicke, William Mark Townsley, Yoann Desmouceaux