Patents by Inventor Flavio Giovanni Bonomi
Flavio Giovanni Bonomi has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 9300589Abstract: In response to a detected loss of previously transmitted information by an apparatus communicating with a remote device (e.g., using TCP), the rate of transmission of information is increased by the apparatus in response to attributing the detected loss of previously transmitted information as not being caused by congestion. This attribution of the packet loss is typically determined based on roundtrip delays between sent information and received corresponding acknowledgments, which may be used directly or indirectly, such as by estimating network queuing delays based on the measured roundtrip delays.Type: GrantFiled: December 23, 2013Date of Patent: March 29, 2016Assignee: Cisco Technology, Inc.Inventors: Nandita Dukkipati, Sangtae Ha, Vijaynarayanan Subramanian, Flavio Giovanni Bonomi
-
Publication number: 20140201837Abstract: A method and system to detect an evasion attack are provided. The system may include a repository to store signature fragments that together constitute an attack signature, an interceptor to intercept a data packet associated with a network connection, a string-matching module to determine whether the payload of the data packet includes any of the stored signature fragments thereby identifying a match, a responder to perform a prevention action in response to the match, and a detector to detect that a size of the data packet is less than a size threshold. The system may further include a state machine to commence maintaining a state for the network connection in response to the detector determining that the size of the data packet is less than the size threshold.Type: ApplicationFiled: December 16, 2013Publication date: July 17, 2014Applicant: Cisco Technology, Inc.Inventors: George Varghese, Flavio Giovanni Bonomi, John Andrew Fingerhut
-
Publication number: 20140112134Abstract: In response to a detected loss of previously transmitted information by an apparatus communicating with a remote device (e.g., using TCP), the rate of transmission of information is increased by the apparatus in response to attributing the detected loss of previously transmitted information as not being caused by congestion. This attribution of the packet loss is typically determined based on roundtrip delays between sent information and received corresponding acknowledgments, which may be used directly or indirectly, such as by estimating network queuing delays based on the measured roundtrip delays.Type: ApplicationFiled: December 23, 2013Publication date: April 24, 2014Applicant: Cisco Technology, Inc., a corporation of CaliforniInventors: Nandita Dukkipati, Sangtae Ha, Vijaynarayanan Subramanian, Flavio Giovanni Bonomi
-
Patent number: 8625622Abstract: In response to a detected loss of previously transmitted information by an apparatus communicating with a remote device (e.g., using TCP), the rate of transmission of information is increased by the apparatus in response to attributing the detected loss of previously transmitted information as not being caused by congestion. This attribution of the packet loss is typically determined based on roundtrip delays between sent information and received corresponding acknowledgments, which may be used directly or indirectly, such as by estimating network queuing delays based on the measured roundtrip delays.Type: GrantFiled: December 25, 2009Date of Patent: January 7, 2014Assignee: Cisco Technology, Inc.Inventors: Nandita Dukkipati, Sangtae Ha, Vijaynarayanan Subramanian, Flavio Giovanni Bonomi
-
Patent number: 8613088Abstract: A method and system to detect an evasion attack are provided. The system may include a repository to store signature fragments that together constitute an attack signature, an interceptor to intercept a data packet associated with a network connection, a string-matching module to determine whether the payload of the data packet includes any of the stored signature fragments thereby identifying a match, a responder to perform a prevention action in response to the match, and a detector to detect that a size of the data packet is less than a size threshold. The system may further include a state machine to commence maintaining a state for the network connection in response to the detector determining that the size of the data packet is less than the size threshold.Type: GrantFiled: October 23, 2006Date of Patent: December 17, 2013Assignee: Cisco Technology, Inc.Inventors: George Varghese, Flavio Giovanni Bonomi, John Andrew Fingerhut
-
Patent number: 8185745Abstract: A scalable method and apparatus that detects frequent and dispersed invariants is disclosed. More particularly, the application discloses a system that can simultaneously track frequency rates and dispersion criteria of unknown invariants. In other words, the application discloses an invariant detection system implemented in hardware (and/or software) that allows detection of invariants (e.g., byte sequences) that are highly prevalent (e.g., repeating with a high frequency) and dispersed (e.g., originating from many sources and destined to many destinations).Type: GrantFiled: November 30, 2010Date of Patent: May 22, 2012Assignee: Cisco Technology, Inc.Inventors: Sumeet Singh, John David Huber, Flavio Giovanni Bonomi
-
Patent number: 8170045Abstract: Class-based bandwidth partitioning of a sequence of packets of varying packet classes is performed, such as, but not limited to determining whether or not to admit a packet to a queue based on a probability corresponding to a class of packets associated with the packet, with this probability being based on measured arrival traffic and a fair share based on the length of the queue. Data path processing is performed on each packet to determine whether to admit or drop the packet, and to record the measured received traffic. Control path processing is periodically performed to update these probabilities based on determined arrival rates and fair shares for each class of packets. In this manner, a relatively small amount of processing and resources are required to partition bandwidth for a scalable number of classes of packets.Type: GrantFiled: October 24, 2005Date of Patent: May 1, 2012Assignee: Cisco Technology, Inc.Inventors: Rong Pan, Stanley Arthur Trimble, Flavio Giovanni Bonomi
-
Patent number: 8139586Abstract: A method for classifying a data packet containing a header is provided. The method may comprise parsing the header of a data packet into header elements. Rules in secondary lookup tables generated from a primary lookup table may be accessed. The respective header elements of the data packet may be compared to the respective fields of each of the secondary lookup tables, and rule results for each of the secondary lookup tables in a combinable format may be generated. In another embodiment, a method for generating secondary lookup tables from a primary lookup table is provided. The method may comprise accessing a primary lookup table defining packet classification rules and generating multiple secondary lookup tables from the primary lookup table. For each secondary lookup table, a selection of classification rules and a selection of fields of the multiple fields based on a rule set identifying predefined entries may be extracted.Type: GrantFiled: August 20, 2010Date of Patent: March 20, 2012Assignee: Cisco Technology, Inc.Inventors: Ming Zhang, Ram Krisnan, Jonathan J. Chang, Flavio Giovanni Bonomi
-
Publication number: 20110158253Abstract: In response to a detected loss of previously transmitted information by an apparatus communicating with a remote device (e.g., using TCP), the rate of transmission of information is increased by the apparatus in response to attributing the detected loss of previously transmitted information as not being caused by congestion. This attribution of the packet loss is typically determined based on roundtrip delays between sent information and received corresponding acknowledgments, which may be used directly or indirectly, such as by estimating network queuing delays based on the measured roundtrip delays.Type: ApplicationFiled: December 25, 2009Publication date: June 30, 2011Applicant: Cisco Technology, Inc., a corporation of CaliforniaInventors: Nandita Dukkipati, Sangtae Ha, Vijaynarayanan Subramanian, Flavio Giovanni Bonomi
-
Publication number: 20100309917Abstract: A method for classifying a data packet containing a header is provided. The method may comprise parsing the header of a data packet into header elements. Rules in secondary lookup tables generated from a primary lookup table may be accessed. The respective header elements of the data packet may be compared to the respective fields of each of the secondary lookup tables, and rule results for each of the secondary lookup tables in a combinable format may be generated. In another embodiment, a method for generating secondary lookup tables from a primary lookup table is provided. The method may comprise accessing a primary lookup table defining packet classification rules and generating multiple secondary lookup tables from the primary lookup table. For each secondary lookup table, a selection of classification rules and a selection of fields of the multiple fields based on a rule set identifying predefined entries may be extracted.Type: ApplicationFiled: August 20, 2010Publication date: December 9, 2010Applicant: Cisco Technology, Inc.Inventors: Ming Zhang, Ram Krisnan, Jonathan J. Chang, Flavio Giovanni Bonomi
-
Patent number: 7813350Abstract: A method and device to process a packet received by a network device is described. The method may comprise analyzing the packet to identify at least one set of a plurality of sets, mapping the at least one set to at least one functional unit, and performing functionality associated with the at least one functional unit. Analyzing the packet to identify at least one of a plurality of sets may comprise determining when the packet includes at least one set identifier, and identifying the at least one set based on the at least one set identifier. A set status identifier may be defined for each set, the set status identifier indicating when set identifiers associated with a corresponding set are detected in the packet. The device may be a router, switch or any other device that processes digital data e.g., packet data including packets headers, payload or the like.Type: GrantFiled: October 23, 2006Date of Patent: October 12, 2010Assignee: Cisco Technology, Inc.Inventors: Sumeet Singh, George Varghese, Flavio Giovanni Bonomi, Jonathan J. Chang
-
Patent number: 7782859Abstract: A method for classifying a data packet containing a header is provided. The method may comprise parsing the header of a data packet into header elements. Rules in secondary lookup tables generated from a primary lookup table may be accessed. The respective header elements of the data packet may be compared to the respective fields of each of the secondary lookup tables, and rule results for each of the secondary lookup tables in a combinable format may be generated. In another embodiment, a method for generating secondary lookup tables from a primary lookup table is provided. The method may comprise accessing a primary lookup table defining packet classification rules and generating multiple secondary lookup tables from the primary lookup table. For each secondary lookup table, a selection of classification rules and a selection of fields of the multiple fields based on a rule set identifying predefined entries may be extracted.Type: GrantFiled: May 7, 2007Date of Patent: August 24, 2010Assignee: Cisco Technology, Inc.Inventors: Ming Zhang, Ram Krisnan, Jonathan J. Chang, Flavio Giovanni Bonomi
-
Patent number: 7453898Abstract: Methods and apparatus are disclosed for simultaneously scheduling multiple priorities of packets, such as in systems having a non-blocking switching fabric. In one implementation, the maximum bandwidth which a particular input can send is identified. During a scheduling cycle, a current bandwidth desired for a first priority of traffic is identified, which leaves the remaining bandwidth available for a second priority of traffic without affecting the bandwidth allocated to the first priority of traffic. By determining these bandwidth amounts at each iteration of a scheduling cycle, multiple priorities of traffic can be simultaneously scheduled. This approach may be used by a wide variety of scheduling approaches, such as, but not limited to using a SLIP algorithm or variant thereof. When used in conjunction with a SLIP algorithm, the current desired bandwidths typically correspond to high and low priority requests.Type: GrantFiled: January 9, 2003Date of Patent: November 18, 2008Assignee: Cisco Technology, Inc.Inventors: Earl T. Cohen, Flavio Giovanni Bonomi
-
Publication number: 20080279185Abstract: A method for classifying a data packet containing a header is provided. The method may comprise parsing the header of a data packet into header elements. Rules in secondary lookup tables generated from a primary lookup table may be accessed. The respective header elements of the data packet may be compared to the respective fields of each of the secondary lookup tables, and rule results for each of the secondary lookup tables in a combinable format may be generated. In another embodiment, a method for generating secondary lookup tables from a primary lookup table is provided. The method may comprise accessing a primary lookup table defining packet classification rules and generating multiple secondary lookup tables from the primary lookup table. For each secondary lookup table, a selection of classification rules and a selection of fields of the multiple fields based on a rule set identifying predefined entries may be extracted.Type: ApplicationFiled: May 7, 2007Publication date: November 13, 2008Inventors: Ming Zhang, Ram Krisnan, Jonathan J. Chang, Flavio Giovanni Bonomi
-
Publication number: 20080186974Abstract: A method and device to process a packet received by a network device is described. The method may comprise analyzing the packet to identify at least one set of a plurality of sets, mapping the at least one set to at least one functional unit, and performing functionality associated with the at least one functional unit. Analyzing the packet to identify at least one of a plurality of sets may comprise determining when the packet includes at least one set identifier, and identifying the at least one set based on the at least one set identifier. A set status identifier may be defined for each set, the set status identifier indicating when set identifiers associated with a corresponding set are detected in the packet. The device may be a router, switch or any other device that processes digital data e.g., packet data including packets headers, payload or the like.Type: ApplicationFiled: October 23, 2006Publication date: August 7, 2008Inventors: Sumeet Singh, George Varghese, Flavio Giovanni Bonomi, Jonathan J. Chang
-
Patent number: 7403526Abstract: Disclosed are, inter alia, methods, apparatus, data structures, computer readable media, mechanisms, and means for partitioning and filtering a search space of particular use for determining a longest prefix match thereon, such as for routing packets. One implementation uses one or more filtering mechanisms to filter portions of a lookup word against a first set of lookup values, such as, but not limited to the value of any corresponding portion of any entry in the search space. A set of possible matching prefixes defined by consecutive matching portions of the lookup word from the highest-order position are determined, and lookup operations are typically performed in parallel on each of these possible matching prefixes to generate a set of matching results (if any), which is typically used to identify the longest matching prefix.Type: GrantFiled: May 17, 2004Date of Patent: July 22, 2008Assignee: Cisco Technology, Inc.Inventors: Xu Zou, Flavio Giovanni Bonomi
-
Publication number: 20070192861Abstract: A method and system to detect an evasion attack are provided. The system may include a repository to store signature fragments that together constitute an attack signature, an interceptor to intercept a data packet associated with a network connection, a string-matching module to determine whether the payload of the data packet includes any of the stored signature fragments thereby identifying a match, a responder to perform a prevention action in response to the match, and a detector to detect that a size of the data packet is less than a size threshold. The system may further include a state machine to commence maintaining a state for the network connection in response to the detector determining that the size of the data packet is less than the size threshold.Type: ApplicationFiled: October 23, 2006Publication date: August 16, 2007Inventors: George Varghese, Flavio Giovanni Bonomi, John Andrew Fingerhut
-
Patent number: 7184443Abstract: Methods and apparatus are disclosed for scheduling packets, such as in systems having a non-blocking switching fabric and homogeneous or heterogeneous line card interfaces. In one implementation, multiple request generators, grant arbiters, and acceptance arbiters work in conjunction to determine this scheduling. A set of requests for sending packets from a particular input is generated. From a grant starting position, a first n requests in a predetermined sequence are identified, where n is less than or equal to the maximum number of connections that can be used in a single packet time to the particular output. The grant starting position is updated in response to the first n grants including a particular grant corresponding to a grant advancement position. In one embodiment, the set of grants generated based on the set of requests is similarly determined using an acceptance starting position and an acceptance advancement position.Type: GrantFiled: March 30, 2002Date of Patent: February 27, 2007Assignee: Cisco Technology, Inc.Inventors: Flavio Giovanni Bonomi, Patrick A. Costello, Robert E. Brandt
-
Patent number: 7177317Abstract: A flexible scheduler in an ATM switch. The scheduler enables each connection to be served fairly according to associated quality of service parameters, while enabling several other features. A connection can be shaped while minimizing additional memory and processing requirements. Specifically, the conformance time of cells of a connections need not be stored when significant backlog exists in the transmission of the cells. The shaping rate can be dynamically varied. Sequence of cells forming a frame are buffered in the ATM switch until the end of frame cell is received. All the cells of a frame are then sent in quick succession.Type: GrantFiled: March 25, 2002Date of Patent: February 13, 2007Assignee: Lucent Technologies Inc.Inventors: Flavio Giovanni Bonomi, Kannan Devarajan
-
Publication number: 20030193941Abstract: Methods and apparatus are disclosed for scheduling packets, such as in systems having a non-blocking switching fabric and homogeneous or heterogeneous line card interfaces. In one implementation, multiple request generators, grant arbiters, and acceptance arbiters work in conjunction to determine this scheduling. A set of requests for sending packets from a particular input is generated. From a grant starting position, a first n requests in a predetermined sequence are identified, where n is less than or equal to the maximum number of connections that can be used in a single packet time to the particular output. The grant starting position is updated in response to the first n grants including a particular grant corresponding to a grant advancement position. In one embodiment, the set of grants generated based on the set of requests is similarly determined using an acceptance starting position and an acceptance advancement position.Type: ApplicationFiled: March 30, 2002Publication date: October 16, 2003Inventors: Flavio Giovanni Bonomi, Patrick A. Costello, Robert E. Brandt