Patents by Inventor Gianluca Mardente
Gianluca Mardente has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11863591Abstract: Systems, methods, and computer-readable media for on-demand security provisioning using whitelist and blacklist rules. In some examples, a system in a network including a plurality of pods can configure security policies for a first endpoint group (EPG) in a first pod, the security policies including blacklist and whitelist rules defining traffic security enforcement rules for communications between the first EPG and a second EPG in a second pods in the network. The system can assign respective implicit priorities to the one or more security policies based on a respective specificity of each policy, wherein more specific policies are assigned higher priorities than less specific policies. The system can respond to a detected move of a virtual machine associated with the first EPG to a second pod in the network by dynamically provisioning security policies for the first EPG in the second pod and removing security policies from the first pod.Type: GrantFiled: November 22, 2022Date of Patent: January 2, 2024Assignee: Cisco Technology, Inc.Inventors: Murukanandam Panchalingam, Umamaheswararao Karyampudi, Gianluca Mardente, Aram Aghababyan
-
Publication number: 20230096045Abstract: Systems, methods, and computer-readable media for on-demand security provisioning using whitelist and blacklist rules. In some examples, a system in a network including a plurality of pods can configure security policies for a first endpoint group (EPG) in a first pod, the security policies including blacklist and whitelist rules defining traffic security enforcement rules for communications between the first EPG and a second EPG in a second pods in the network. The system can assign respective implicit priorities to the one or more security policies based on a respective specificity of each policy, wherein more specific policies are assigned higher priorities than less specific policies. The system can respond to a detected move of a virtual machine associated with the first EPG to a second pod in the network by dynamically provisioning security policies for the first EPG in the second pod and removing security policies from the first pod.Type: ApplicationFiled: November 22, 2022Publication date: March 30, 2023Inventors: Murukanandam Panchalingam, Umamaheswararao Karyampudi, Gianluca Mardente, Aram Aghababyan
-
Patent number: 11582100Abstract: Technologies for multi-cloud routing and policy interconnectivity are provided. An example method can include assigning different sets of data plane routers to data plane traffic associated with different address spaces in a cloud site of a multi-cloud fabric to yield a distributed mapping of data plane traffic and data plane routers. The method can further include providing, to an on-premises site in the multi-cloud fabric, routing entries from a control plane router on the cloud site, the routing entries reflecting the distributed mapping and identifying, for each address space, which data plane router handles data plane traffic for that address space; and when a data plane router is deployed at the cloud site, providing, to the on-premises site, updated routing information from the control plane router, the updated routing information identifying the data plane router as a next hop for data plane traffic associated with a respective address space.Type: GrantFiled: April 13, 2022Date of Patent: February 14, 2023Assignee: Cisco Technology, Inc.Inventors: Rajagopalan Janakiraman, Sivakumar Ganapathy, Gianluca Mardente, Giovanni Meo, Patel Amitkumar Valjibhai
-
Patent number: 11533340Abstract: Systems, methods, and computer-readable media for on-demand security provisioning using whitelist and blacklist rules. In some examples, a system in a network including a plurality of pods can configure security policies for a first endpoint group (EPG) in a first pod, the security policies including blacklist and whitelist rules defining traffic security enforcement rules for communications between the first EPG and a second EPG in a second pods in the network. The system can assign respective implicit priorities to the one or more security policies based on a respective specificity of each policy, wherein more specific policies are assigned higher priorities than less specific policies. The system can respond to a detected move of a virtual machine associated with the first EPG to a second pod in the network by dynamically provisioning security policies for the first EPG in the second pod and removing security policies from the first pod.Type: GrantFiled: January 11, 2021Date of Patent: December 20, 2022Assignee: Cisco Technology, Inc.Inventors: Murukanandam Panchalingam, Umamaheswararao Karyampudi, Gianluca Mardente, Aram Aghababyan
-
Patent number: 11509578Abstract: This disclosure describes a method of utilizing network controllers to store mappings between policies, dynamic operating attributes (DOA), and trigger values in a manifest and utilizing software agents in communication to monitor DOAs of respective workloads or workload groupings for trigger values associated with the DOAs to apply a corresponding policy at run-time. The method provides for flexible policy semantics and on-demand policy provisioning. The method includes receiving at a network controller, a definition of a policy, a DOA associated with a workload, and a trigger value associated with the DOA, storing a mapping between the policy, DOA and trigger value, sending the DOA and the trigger value to a datapath agent monitoring respective workloads, receiving an indication that a current value of the DOA of the workload corresponds to the trigger value from the software agent, and sending the policy to the software agent for distribution to the workload.Type: GrantFiled: December 13, 2019Date of Patent: November 22, 2022Assignee: Cisco Technology, Inc.Inventors: Gianluca Mardente, Shrey Ajmera, Cheng Wang, Maithili Narasimha, Aleksandr Oshurkov
-
Publication number: 20220239559Abstract: Technologies for multi-cloud routing and policy interconnectivity are provided. An example method can include assigning different sets of data plane routers to data plane traffic associated with different address spaces in a cloud site of a multi-cloud fabric to yield a distributed mapping of data plane traffic and data plane routers. The method can further include providing, to an on-premises site in the multi-cloud fabric, routing entries from a control plane router on the cloud site, the routing entries reflecting the distributed mapping and identifying, for each address space, which data plane router handles data plane traffic for that address space; and when a data plane router is deployed at the cloud site, providing, to the on-premises site, updated routing information from the control plane router, the updated routing information identifying the data plane router as a next hop for data plane traffic associated with a respective address space.Type: ApplicationFiled: April 13, 2022Publication date: July 28, 2022Inventors: Rajagopalan Janakiraman, Sivakumar Ganapathy, Gianluca Mardente, Giovanni Meo, Patel Amitkumar Valjibhai
-
Patent number: 11329876Abstract: Technologies for multi-cloud routing and policy interconnectivity are provided. An example method can include assigning different sets of data plane routers to data plane traffic associated with different address spaces in a cloud site of a multi-cloud fabric to yield a distributed mapping of data plane traffic and data plane routers. The method can further include providing, to an on-premises site in the multi-cloud fabric, routing entries from a control plane router on the cloud site, the routing entries reflecting the distributed mapping and identifying, for each address space, which data plane router handles data plane traffic for that address space; and when a data plane router is deployed at the cloud site, providing, to the on-premises site, updated routing information from the control plane router, the updated routing information identifying the data plane router as a next hop for data plane traffic associated with a respective address space.Type: GrantFiled: April 29, 2021Date of Patent: May 10, 2022Assignee: CISCO TECHNOLOGY, INC.Inventors: Rajagopalan Janakiraman, Sivakumar Ganapathy, Gianluca Mardente, Giovanni Meo, Patel Amitkumar Valjibhai
-
Publication number: 20210258216Abstract: Technologies for multi-cloud routing and policy interconnectivity are provided. An example method can include assigning different sets of data plane routers to data plane traffic associated with different address spaces in a cloud site of a multi-cloud fabric to yield a distributed mapping of data plane traffic and data plane routers. The method can further include providing, to an on-premises site in the multi-cloud fabric, routing entries from a control plane router on the cloud site, the routing entries reflecting the distributed mapping and identifying, for each address space, which data plane router handles data plane traffic for that address space; and when a data plane router is deployed at the cloud site, providing, to the on-premises site, updated routing information from the control plane router, the updated routing information identifying the data plane router as a next hop for data plane traffic associated with a respective address space.Type: ApplicationFiled: April 29, 2021Publication date: August 19, 2021Inventors: Rajagopalan Janakiraman, Sivakumar Ganapathy, Gianluca Mardente, Giovanni Meo, Patel Amitkumar Valjibhai
-
Publication number: 20210182169Abstract: This disclosure describes a method of utilizing network controllers to store mappings between policies, dynamic operating attributes (DOA), and trigger values in a manifest and utilizing software agents in communication to monitor DOAs of respective workloads or workload groupings for trigger values associated with the DOAs to apply a corresponding policy at run-time. The method provides for flexible policy semantics and on-demand policy provisioning. The method includes receiving at a network controller, a definition of a policy, a DOA associated with a workload, and a trigger value associated with the DOA, storing a mapping between the policy, DOA and trigger value, sending the DOA and the trigger value to a datapath agent monitoring respective workloads, receiving an indication that a current value of the DOA of the workload corresponds to the trigger value from the software agent, and sending the policy to the software agent for distribution to the workload.Type: ApplicationFiled: December 13, 2019Publication date: June 17, 2021Inventors: Gianluca Mardente, Shrey Ajmera, Cheng Wang, Maithili Narasimha, Aleksandr Oshurkov
-
Patent number: 11012299Abstract: Technologies for multi-cloud routing and policy interconnectivity are provided. An example method can include assigning different sets of data plane routers to data plane traffic associated with different address spaces in a cloud site of a multi-cloud fabric to yield a distributed mapping of data plane traffic and data plane routers. The method can further include providing, to an on-premises site in the multi-cloud fabric, routing entries from a control plane router on the cloud site, the routing entries reflecting the distributed mapping and identifying, for each address space, which data plane router handles data plane traffic for that address space; and when a data plane router is deployed at the cloud site, providing, to the on-premises site, updated routing information from the control plane router, the updated routing information identifying the data plane router as a next hop for data plane traffic associated with a respective address space.Type: GrantFiled: January 18, 2019Date of Patent: May 18, 2021Assignee: CISCO TECHNOLOGY, INC.Inventors: Rajagopalan Janakiraman, Sivakumar Ganapathy, Gianluca Mardente, Giovanni Meo, Patel Amitkumar Valjibhai
-
Publication number: 20210136124Abstract: Systems, methods, and computer-readable media for on-demand security provisioning using whitelist and blacklist rules. In some examples, a system in a network including a plurality of pods can configure security policies for a first endpoint group (EPG) in a first pod, the security policies including blacklist and whitelist rules defining traffic security enforcement rules for communications between the first EPG and a second EPG in a second pods in the network. The system can assign respective implicit priorities to the one or more security policies based on a respective specificity of each policy, wherein more specific policies are assigned higher priorities than less specific policies. The system can respond to a detected move of a virtual machine associated with the first EPG to a second pod in the network by dynamically provisioning security policies for the first EPG in the second pod and removing security policies from the first pod.Type: ApplicationFiled: January 11, 2021Publication date: May 6, 2021Inventors: Murukanandam Panchalingam, Umamaheswararao Karyampudi, Gianluca Mardente, Aram Aghababyan
-
Patent number: 10917436Abstract: Systems, methods, and computer-readable media for on-demand security provisioning using whitelist and blacklist rules. In some examples, a system in a network including a plurality of pods can configure security policies for a first endpoint group (EPG) in a first pod, the security policies including blacklist and whitelist rules defining traffic security enforcement rules for communications between the first EPG and a second EPG in a second pods in the network. The system can assign respective implicit priorities to the one or more security policies based on a respective specificity of each policy, wherein more specific policies are assigned higher priorities than less specific policies. The system can respond to a detected move of a virtual machine associated with the first EPG to a second pod in the network by dynamically provisioning security policies for the first EPG in the second pod and removing security policies from the first pod.Type: GrantFiled: June 21, 2018Date of Patent: February 9, 2021Assignee: CISCO TECHNOLOGY, INC.Inventors: Murukanandam Panchalingam, Umamaheswararao Karyampudi, Gianluca Mardente, Aram Aghababyan
-
Patent number: 10873639Abstract: Systems, methods, and computer-readable media for distributing policies in a SDN environment through chunking. A policy can be chunked into a plurality of policy chunks having corresponding chunk identifications at a controller of a SDN environment. Each of the plurality of policy chunks can be hashed to create corresponding chunk hashes for each of the plurality of policy chunks. Further, the plurality of policy chunks, the chunk identifications of the plurality of policy chunks, and the chunk hashes of the plurality of policy chunks can be distributed from the controller of the SDN environment to an intermediate policy node in a fabric of the SDN environment. The chunk hashes and the chunk identifications of the plurality of policy chunks can be used to control distribution of the plurality of policy chunks to one or more edge nodes in the SDN environment.Type: GrantFiled: April 4, 2019Date of Patent: December 22, 2020Assignee: CISCO TECHNOLOGY, INC.Inventors: Gianluca Mardente, Maithili Narasimha
-
Publication number: 20200322437Abstract: Systems, methods, and computer-readable media for distributing policies in a SDN environment through chunking. A policy can be chunked into a plurality of policy chunks having corresponding chunk identifications at a controller of a SDN environment. Each of the plurality of policy chunks can be hashed to create corresponding chunk hashes for each of the plurality of policy chunks. Further, the plurality of policy chunks, the chunk identifications of the plurality of policy chunks, and the chunk hashes of the plurality of policy chunks can be distributed from the controller of the SDN environment to an intermediate policy node in a fabric of the SDN environment. The chunk hashes and the chunk identifications of the plurality of policy chunks can be used to control distribution of the plurality of policy chunks to one or more edge nodes in the SDN environment.Type: ApplicationFiled: April 4, 2019Publication date: October 8, 2020Inventors: Gianluca Mardente, Maithili Narasimha
-
Publication number: 20200235990Abstract: Technologies for multi-cloud routing and policy interconnectivity are provided. An example method can include assigning different sets of data plane routers to data plane traffic associated with different address spaces in a cloud site of a multi-cloud fabric to yield a distributed mapping of data plane traffic and data plane routers. The method can further include providing, to an on-premises site in the multi-cloud fabric, routing entries from a control plane router on the cloud site, the routing entries reflecting the distributed mapping and identifying, for each address space, which data plane router handles data plane traffic for that address space; and when a data plane router is deployed at the cloud site, providing, to the on-premises site, updated routing information from the control plane router, the updated routing information identifying the data plane router as a next hop for data plane traffic associated with a respective address space.Type: ApplicationFiled: January 18, 2019Publication date: July 23, 2020Inventors: Rajagopalan Janakiraman, Sivakumar Ganapathy, Gianluca Mardente, Giovanni Meo, Patel Amitkumar Valjibhai
-
Publication number: 20190297114Abstract: Systems, methods, and computer-readable media for on-demand security provisioning using whitelist and blacklist rules. In some examples, a system in a network including a plurality of pods can configure security policies for a first endpoint group (EPG) in a first pod, the security policies including blacklist and whitelist rules defining traffic security enforcement rules for communications between the first EPG and a second EPG in a second pods in the network. The system can assign respective implicit priorities to the one or more security policies based on a respective specificity of each policy, wherein more specific policies are assigned higher priorities than less specific policies. The system can respond to a detected move of a virtual machine associated with the first EPG to a second pod in the network by dynamically provisioning security policies for the first EPG in the second pod and removing security policies from the first pod.Type: ApplicationFiled: June 21, 2018Publication date: September 26, 2019Inventors: Murukanandam Panchalingam, Umamaheswararao Karyampudi, Gianluca Mardente, Aram Aghababyan