Patents by Inventor Hasan Alkhatib
Hasan Alkhatib has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 9876717Abstract: Computerized methods, systems, and computer-readable media are provided for distributing virtualized gateway functionality to multiple nodes within a physical network. Initially, drivers that carry out the gateway functionality are provisioned to cooperate with endpoints instantiated on the network nodes, while a directory service is implemented to maintain a mapping between virtual internet protocol (IP) addresses and location-dependent addresses, as well as a table enumerating transformation actions according to known pathways connecting the endpoints within a network. In operation, the directory service replies to requests from the driver (carrying source and destination IP addresses of data packets) with the appropriate location-dependent addresses (utilizing the mapping) and the appropriate transformation action(s) (utilizing the table).Type: GrantFiled: March 13, 2015Date of Patent: January 23, 2018Assignee: Microsoft Technology Licensing, LLCInventors: Hasan Alkhatib, Geoff Outhred
-
Patent number: 9582652Abstract: Computerized methods, systems, and computer-readable media for promoting cooperation between a first and second virtual network overlay (“overlay”) are provided. The first overlay is governed by a first authority domain and includes members assigned virtual IP addresses from a first address range. The second overlay is governed by a second authority domain, which is associated with a second federation mechanism, for negotiating on behalf of the second overlay. The second federation mechanism is capable of negotiating with, or soliciting delegation of authority from, a first federation mechanism that is associated with the first authority domain. When negotiations are successful or authority is delegated, the second federation mechanism establishes a communication link between the second overlay and the first overlay or joins a member of the second overlay to the first overlay. Joining involves allocating a guest IP address from the first address range to the member.Type: GrantFiled: March 10, 2014Date of Patent: February 28, 2017Assignee: Microsoft Technology Licensing, LLCInventors: Hasan Alkhatib, Geoffrey Outhred, Deepak Bansal, Anatoliy Panasyuk, Dharshan Rangegowda
-
Publication number: 20150188818Abstract: Computerized methods, systems, and computer-readable media are provided for distributing virtualized gateway functionality to multiple nodes within a physical network. Initially, drivers that carry out the gateway functionality are provisioned to cooperate with endpoints instantiated on the network nodes, while a directory service is implemented to maintain a mapping between virtual internet protocol (IP) addresses and location-dependent addresses, as well as a table enumerating transformation actions according to known pathways connecting the endpoints within a network. In operation, the directory service replies to requests from the driver (carrying source and destination IP addresses of data packets) with the appropriate location-dependent addresses (utilizing the mapping) and the appropriate transformation action(s) (utilizing the table).Type: ApplicationFiled: March 13, 2015Publication date: July 2, 2015Inventors: HASAN ALKHATIB, GEOFF OUTHRED
-
Patent number: 8982890Abstract: Computerized methods, systems, and computer-readable media are provided for distributing virtualized gateway functionality to multiple nodes within a physical network. Initially, drivers that carry out the gateway functionality are provisioned to cooperate with endpoints instantiated on the network nodes, while a directory service is implemented to maintain a mapping between virtual internet protocol (IP) addresses and location-dependent addresses, as well as a table enumerating transformation actions according to known pathways connecting the endpoints within a network. In operation, the directory service replies to requests from the driver (carrying source and destination IP addresses of data packets) with the appropriate location-dependent addresses (utilizing the mapping) and the appropriate transformation action(s) (utilizing the table).Type: GrantFiled: January 25, 2013Date of Patent: March 17, 2015Assignee: Microsoft Technology Licensing, LLCInventors: Hasan Alkhatib, Geoff Outhred
-
Publication number: 20140196121Abstract: Computerized methods, systems, and computer-readable media for promoting cooperation between a first and second virtual network overlay (“overlay”) are provided. The first overlay is governed by a first authority domain and includes members assigned virtual IP addresses from a first address range. The second overlay is governed by a second authority domain, which is associated with a second federation mechanism, for negotiating on behalf of the second overlay. The second federation mechanism is capable of negotiating with, or soliciting delegation of authority from, a first federation mechanism that is associated with the first authority domain. When negotiations are successful or authority is delegated, the second federation mechanism establishes a communication link between the second overlay and the first overlay or joins a member of the second overlay to the first overlay. Joining involves allocating a guest IP address from the first address range to the member.Type: ApplicationFiled: March 10, 2014Publication date: July 10, 2014Applicant: MICROSOFT CORPORATIONInventors: HASAN ALKHATIB, GEOFFREY OUTHRED, DEEPAK BANSAL, ANATOLIY PANASYUK, DHARSHAN RANGEGOWDA
-
Patent number: 8688994Abstract: Computerized methods, systems, and computer-readable media for promoting cooperation between a first and second virtual network overlay (“overlay”) are provided. The first overlay is governed by a first authority domain and includes members assigned virtual IP addresses from a first address range. The second overlay is governed by a second authority domain, which is associated with a second federation mechanism, for negotiating on behalf of the second overlay. The second federation mechanism is capable of negotiating with, or soliciting delegation of authority from, a first federation mechanism that is associated with the first authority domain. When negotiations are successful or authority is delegated, the second federation mechanism establishes a communication link between the second overlay and the first overlay or joins a member of the second overlay to the first overlay. Joining involves allocating a guest IP address from the first address range to the member.Type: GrantFiled: June 25, 2010Date of Patent: April 1, 2014Assignee: Microsoft CorporationInventors: Hasan Alkhatib, Geoffrey Outhred, Deepak Bansal, Anatoliy Panasyuk, Dharshan Rangegowda, Anthony Chavez
-
Patent number: 8407366Abstract: Computerized methods, systems, and computer-readable media are provided for establishing and managing a virtual network (V-net) and virtual machine (VM) switches that enable protected and isolated interconnections between members of the V-net. The V-net members include an originating network adapter that generates data packets addressed to a destination network adapter. Upon detecting data-packet generation, a source-side VM switch accesses a forwarding table associated with the V-net, ascertains a destination-side, VM-switch locator that corresponds to an identifier of the destination network adapter, and modifies the data packets to include the identifier. The forwarding table represents a mapping between the members of the V-net and VM switches located on respective nodes within the data center. In operation, the mapping enforces communication policies that govern data-packet traffic.Type: GrantFiled: May 14, 2010Date of Patent: March 26, 2013Assignee: Microsoft CorporationInventors: Hasan Alkhatib, Changhoon Kim, Geoff Outhred, Deepak Bansal, Albert Greenberg, Dave Maltz, Parveen Patel
-
Patent number: 8406232Abstract: Systems, methods and computer storage media for utilizing IPv6 addressing for globally unique identification of network endpoints when communications from or to an IPv4 compatible application. An IPv4 packet of data that is from and/or directed to an IPv4 endpoint is encapsulated in an IPv6 packet of data. An IPv6 compatible address is identified for a destination of the IPv6 packet of data. The IPv6 address is a globally unique identifier that is comprised of an IPv4 identifier that represents an IPv4 address of the encapsulated IPv4 packet. The IPv6 packet of data is communicated to the destination identified by the IPv6 address. A 4 to 6 stack may intercept the incoming IPv6 packet of data before the destination to strip the IPv6 header information revealing the IPv4 packet of data.Type: GrantFiled: June 17, 2010Date of Patent: March 26, 2013Assignee: Microsoft CorporationInventor: Hasan Alkhatib
-
Patent number: 8379651Abstract: Computerized methods, systems, and computer-storage media for establishing and managing a transmission control protocol (TCP)-based tunnel (“tunnel”) are provided. The tunnel spans between a data center and a private enterprise network and connects endpoints, of a service application, that reside in each location. During communication, the endpoints transmit data packets over one or more channels (e.g., higher-level channel and lower-level channel) that comprise the tunnel. Each of the channels supports reliability mechanisms (e.g., congestion-control mechanism and loss-recovery mechanism) integrally running thereon, for ensuring complete data-packet delivery. To prevent unwarranted performance degradation caused by duplicative efforts of reliability mechanisms, a fabric controller is employed to selectively disable one or more of the reliability mechanisms individually.Type: GrantFiled: July 18, 2012Date of Patent: February 19, 2013Assignee: Microsoft CorporationInventors: Deepak Bansal, Hasan Alkhatib
-
Patent number: 8374183Abstract: Computerized methods, systems, and computer-readable media are provided for distributing virtualized gateway functionality to multiple nodes within a physical network. Initially, drivers that carry out the gateway functionality are provisioned to cooperate with endpoints instantiated on the network nodes, while a directory service is implemented to maintain a mapping between virtual internet protocol (IP) addresses and location-dependent addresses, as well as a table enumerating transformation actions according to known pathways connecting the endpoints within a network. In operation, the directory service replies to requests from the driver (carrying source and destination IP addresses of data packets) with the appropriate location-dependent addresses (utilizing the mapping) and the appropriate transformation action(s) (utilizing the table).Type: GrantFiled: June 22, 2010Date of Patent: February 12, 2013Assignee: Microsoft CorporationInventors: Hasan Alkhatib, Geoff Outhred
-
Publication number: 20120284403Abstract: Computerized methods, systems, and computer-storage media for establishing and managing a transmission control protocol (TCP)-based tunnel (“tunnel”) are provided. The tunnel spans between a data center and a private enterprise network and connects endpoints, of a service application, that reside in each location. During communication, the endpoints transmit data packets over one or more channels (e.g., higher-level channel and lower-level channel) that comprise the tunnel. Each of the channels supports reliability mechanisms (e.g., congestion-control mechanism and loss-recovery mechanism) integrally running thereon, for ensuring complete data-packet delivery. To prevent unwarranted performance degradation caused by duplicative efforts of reliability mechanisms, a fabric controller is employed to selectively disable one or more of the reliability mechanisms individually.Type: ApplicationFiled: July 18, 2012Publication date: November 8, 2012Applicant: MICROSOFT CORPORATIONInventors: Deepak Bansal, Hasan Alkhatib
-
Patent number: 8248944Abstract: Computerized methods, systems, and computer-storage media for establishing and managing a transmission control protocol (TCP)-based tunnel (“tunnel”) are provided. The tunnel spans between a data center and a private enterprise network and connects endpoints, of a service application, that reside in each location. During communication, the endpoints transmit data packets over one or more channels (e.g., higher-level channel and lower-level channel) that comprise the tunnel. Each of the channels supports reliability mechanisms (e.g., congestion-control mechanism and loss-recovery mechanism) integrally running thereon, for ensuring complete data-packet delivery. To prevent unwarranted performance degradation caused by duplicative efforts of reliability mechanisms, a fabric controller is employed to selectively disable one or more of the reliability mechanisms individually.Type: GrantFiled: March 4, 2010Date of Patent: August 21, 2012Assignee: Microsoft CorporationInventors: Deepak Bansal, Hasan Alkhatib
-
Publication number: 20110320821Abstract: Computerized methods, systems, and computer-readable media for promoting cooperation between a first and second virtual network overlay (“overlay”) are provided. The first overlay is governed by a first authority domain and includes members assigned virtual IP addresses from a first address range. The second overlay is governed by a second authority domain, which is associated with a second federation mechanism, for negotiating on behalf of the second overlay. The second federation mechanism is capable of negotiating with, or soliciting delegation of authority from, a first federation mechanism that is associated with the first authority domain. When negotiations are successful or authority is delegated, the second federation mechanism establishes a communication link between the second overlay and the first overlay or joins a member of the second overlay to the first overlay. Joining involves allocating a guest IP address from the first address range to the member.Type: ApplicationFiled: June 25, 2010Publication date: December 29, 2011Applicant: MICROSOFT CORPORATIONInventors: HASAN ALKHATIB, GEOFFREY OUTHRED, DEEPAK BANSAL, ANATOLIY PANASYUK, DHARSHAN RANGEGOWDA, ANTHONY CHAVEZ
-
Publication number: 20110310898Abstract: Systems, methods and computer storage media for utilizing IPv6 addressing for globally unique identification of network endpoints when communications from or to an IPv4 compatible application. An IPv4 packet of data that is from and/or directed to an IPv4 endpoint is encapsulated in an IPv6 packet of data. An IPv6 compatible address is identified for a destination of the IPv6 packet of data. The IPv6 address is a globally unique identifier that is comprised of an IPv4 identifier that represents an IPv4 address of the encapsulated IPv4 packet. The IPv6 packet of data is communicated to the destination identified by the IPv6 address. A 4 to 6 stack may intercept the incoming IPv6 packet of data before the destination to strip the IPv6 header information revealing the IPv4 packet of data.Type: ApplicationFiled: June 17, 2010Publication date: December 22, 2011Applicant: MICROSOFT CORPORATIONInventor: HASAN ALKHATIB
-
Publication number: 20110310899Abstract: Computerized methods, systems, and computer-readable media are provided for distributing virtualized gateway functionality to multiple nodes within a physical network. Initially, drivers that carry out the gateway functionality are provisioned to cooperate with endpoints instantiated on the network nodes, while a directory service is implemented to maintain a mapping between virtual internet protocol (IP) addresses and location-dependent addresses, as well as a table enumerating transformation actions according to known pathways connecting the endpoints within a network. In operation, the directory service replies to requests from the driver (carrying source and destination IP addresses of data packets) with the appropriate location-dependent addresses (utilizing the mapping) and the appropriate transformation action(s) (utilizing the table).Type: ApplicationFiled: June 22, 2010Publication date: December 22, 2011Applicant: MICROSOFT CORPORATIONInventors: Hasan Alkhatib, Geoff Outhred
-
Publication number: 20110283017Abstract: Computerized methods, systems, and computer-readable media are provided for establishing and managing a virtual network (V-net) and virtual machine (VM) switches that enable protected and isolated interconnections between members of the V-net. The V-net members include an originating network adapter that generates data packets addressed to a destination network adapter. Upon detecting data-packet generation, a source-side VM switch accesses a forwarding table associated with the V-net, ascertains a destination-side, VM-switch locator that corresponds to an identifier of the destination network adapter, and modifies the data packets to include the identifier. The forwarding table represents a mapping between the members of the V-net and VM switches located on respective nodes within the data center. In operation, the mapping enforces communication policies that govern data-packet traffic.Type: ApplicationFiled: May 14, 2010Publication date: November 17, 2011Applicant: MICROSOFT CORPORATIONInventors: Hasan Alkhatib, Changhoon Kim, Geoff Outhred, Deepak Bansal, Albert Greenberg, Dave Maltz, Parveen Patel
-
Publication number: 20110216651Abstract: Computerized methods, systems, and computer-storage media for establishing and managing a transmission control protocol (TCP)-based tunnel (“tunnel”) are provided. The tunnel spans between a data center and a private enterprise network and connects endpoints, of a service application, that reside in each location. During communication, the endpoints transmit data packets over one or more channels (e.g., higher-level channel and lower-level channel) that comprise the tunnel. Each of the channels supports reliability mechanisms (e.g., congestion-control mechanism and loss-recovery mechanism) integrally running thereon, for ensuring complete data-packet delivery. To prevent unwarranted performance degradation caused by duplicative efforts of reliability mechanisms, a fabric controller is employed to selectively disable one or more of the reliability mechanisms individually.Type: ApplicationFiled: March 4, 2010Publication date: September 8, 2011Applicant: MICROSOFT CORPORATIONInventors: Deepak Bansal, Hasan Alkhatib
-
Publication number: 20110110377Abstract: Computerized methods, systems, and computer-storage media for establishing and managing a virtual network overlay (“overlay”) are provided. The overlay spans between a data center and a private enterprise network and includes endpoints, of a service application, that reside in each location. The service-application endpoints residing in the data center and in the enterprise private network are reachable by data packets at physical IP addresses. Virtual presences of the service-application endpoints are instantiated within the overlay by assigning the service-application endpoints respective virtual IP addresses and maintaining an association between the virtual IP addresses and the physical IP addresses. This association facilitates routing the data packets between the service-application endpoints, based on communications exchanged between their virtual presences within the overlay.Type: ApplicationFiled: November 6, 2009Publication date: May 12, 2011Applicant: MICROSOFT CORPORATIONInventors: Hasan Alkhatib, Deepak Bansal
-
Patent number: RE41024Abstract: The present invention provides for a system This document describes embodiments for communicating with a host using a global address and a local address. The present invention allows These embodiments allow for the communication to be initiated by an entity outside the host's network. The entity initiating the communication resolves the destination host's domain name into a global address and a local address. Messages are sent to the destination host using both the global address and the local address. In one embodiment, both the global and local address are included in the message by encapsulating IP packets. Some embodiments of the present invention also use pseudo addressing.Type: GrantFiled: November 7, 2008Date of Patent: December 1, 2009Inventors: Hasan Alkhatib, Fouad Tobagi, Bruce C Wootton