Patents by Inventor Javed ASGHAR
Javed ASGHAR has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11949602Abstract: An endpoint group (EPG) can be stretched between the sites so that endpoints at different sites can be assigned to the same stretched EPG. Because the sites can use different bridge domains when establishing the stretched EPGs, the first time a site transmits a packet to an endpoint in a different site, the site learns or discovers a path to the destination endpoint. The site can use BGP to identify the site with the host and use a multicast tunnel to reach the site. A unicast tunnel can be used to transmit future packets to the destination endpoint. Additionally, a stretched EPG can be segmented to form a micro-stretched EPG. Filtering criteria can be used to identify a subset of the endpoints in the stretched EPG that are then assigned to the micro-stretched EPG, which can have different policies than the stretched EPG.Type: GrantFiled: September 21, 2021Date of Patent: April 2, 2024Assignee: Cisco Technology, Inc.Inventors: Javed Asghar, Sridhar Vallepalli, Umamaheswararao Karyampudi, Srinivas Kotamraju
-
Patent number: 11929917Abstract: In one embodiment, a method includes identifying a problematic event between a first interest point and a second interest point of a network and activating, in response to identifying the problematic event between the first interest point and the second interest point, a first endpoint associated with the first interest point and a second endpoint associated with the second interest point. The method also includes receiving, from the first endpoint and the second endpoint, telemetry data associated with a problematic path between the first interest point and the second interest point. The method further includes determining the problematic path between the first interest point and the second interest point using the telemetry data received from the first endpoint and the second endpoint.Type: GrantFiled: July 30, 2021Date of Patent: March 12, 2024Assignee: CISCO TECHNOLOGY, INC.Inventors: Vijay Kumar Devendran, Kiran Kumar Meda, Rajagopalan Janakiraman, Shyam N. Kapadia, Javed Asghar
-
Publication number: 20240080309Abstract: A Software-Defined Networking (SDN)-based “upstream” approach is a controller-based solution that provides secure key distribution and management for multi-site data centers. The approach uses an SDN Multi-Site Controller (MSC) that acts as an intermediary between SDN controllers at sites in a multi-site data center and manages the distribution of keys to sites. The approach is not dependent upon any particular routing protocol, such as the Border Gateway Protocol (BGP), and is well suited for multicast stream encryption by allowing the same key to be used for all replicated packets sent to downstream sites from an upstream source site. The approach distributes keys in a secure manner, ensures that data transferred between sites is done in a secure manner, and supports re-keying with error handling.Type: ApplicationFiled: November 14, 2023Publication date: March 7, 2024Inventors: Govind Prasad Sharma, Javed Asghar, Prabhu Balakannan, Sridhar Vallepalli
-
Publication number: 20240048509Abstract: Embodiments herein describe using translation mappings and security contracts to establish interconnects and policies between switching fabrics at different sites to create a unified fabric. In one embodiment, a multi-site controller can stretch endpoint groups (EPGs) between the sites so that a host or application in a first site can communicate with a host or application in a second site which is assigned to the same stretched EPG, despite the two sites have different namespaces. Further, the shadow EPGs can be formed to facilitate security contracts between EPGs in different sites. Each site can store namespace translation mapping that enable the site to convert namespace information in packets received from a different site into its own namespace values. As a result, independent bridging and routing segments in the various sites can be interconnected as well as providing application accessibility across different fabrics with independent and private namespaces.Type: ApplicationFiled: September 11, 2023Publication date: February 8, 2024Inventors: Sridhar VALLEPALLI, Javed ASGHAR, Umamaheswararao KARYAMPUDI, Saad MALIK, Amitkumar V. PATEL
-
Patent number: 11895100Abstract: A Software-Defined Networking (SDN)-based “upstream” approach is a controller-based solution that provides secure key distribution and management for multi-site data centers. The approach uses an SDN Multi-Site Controller (MSC) that acts as an intermediary between SDN controllers at sites in a multi-site data center and manages the distribution of keys to sites. The approach is not dependent upon any particular routing protocol, such as the Border Gateway Protocol (BGP), and is well suited for multicast stream encryption by allowing the same key to be used for all replicated packets sent to downstream sites from an upstream source site. The approach distributes keys in a secure manner, ensures that data transferred between sites is done in a secure manner, and supports re-keying with error handling.Type: GrantFiled: July 27, 2020Date of Patent: February 6, 2024Assignee: Cisco Technology, Inc.Inventors: Govind Prasad Sharma, Javed Asghar, Prabhu Balakannan, Sridhar Vallepalli
-
Publication number: 20240028489Abstract: This disclosure describes techniques for adaptive disaster recovery of applications running on network devices. The techniques include generating an application template and an application template clone that include application attributes usable to deploy an application stack at an application site. The techniques also include sending the application template clone to a disaster recovery site group to await deployment instructions. In some examples, an observer may determine that a health metric of the application site indicates that a disaster recovery process be triggered. A disaster recovery site of the disaster recovery site group may be selected based at least in part on a performance metric. The application stack may be deployed at the disaster recovery site utilizing the application template clone.Type: ApplicationFiled: October 4, 2023Publication date: January 25, 2024Inventors: Javed Asghar, Rajagopalan Janakiraman, Raghu Rajendra Arur
-
Patent number: 11809292Abstract: This disclosure describes techniques for adaptive disaster recovery of applications running on network devices. The techniques include generating an application template and an application template clone that include application attributes usable to deploy an application stack at an application site. The techniques also include sending the application template clone to a disaster recovery site group to await deployment instructions. In some examples, an observer may determine that a health metric of the application site indicates that a disaster recovery process be triggered. A disaster recovery site of the disaster recovery site group may be selected based at least in part on a performance metric. The application stack may be deployed at the disaster recovery site utilizing the application template clone.Type: GrantFiled: December 10, 2021Date of Patent: November 7, 2023Assignee: Cisco Technology, Inc.Inventors: Javed Asghar, Rajagopalan Janakiraman, Raghu Rajendra Arur
-
Patent number: 11757793Abstract: Embodiments herein describe using translation mappings and security contracts to establish interconnects and policies between switching fabrics at different sites to create a unified fabric. In one embodiment, a multi-site controller can stretch endpoint groups (EPGs) between the sites so that a host or application in a first site can communicate with a host or application in a second site which is assigned to the same stretched EPG, despite the two sites have different namespaces. Further, the shadow EPGs can be formed to facilitate security contracts between EPGs in different sites. Each site can store namespace translation mapping that enable the site to convert namespace information in packets received from a different site into its own namespace values. As a result, independent bridging and routing segments in the various sites can be interconnected as well as providing application accessibility across different fabrics with independent and private namespaces.Type: GrantFiled: September 15, 2021Date of Patent: September 12, 2023Assignee: Cisco Technology, Inc.Inventors: Sridhar Vallepalli, Javed Asghar, Umamaheswararao Karyampudi, Saad Malik, Amitkumar V. Patel
-
Patent number: 11757935Abstract: Methods to secure against IP address thefts by rogue devices in a virtualized datacenter are provided. Rogue devices are detected and distinguished from a migration of an endpoint in a virtualized datacenter. A first hop network element in a one or more network fabrics intercepts a request that includes an identity of an endpoint and performs a local lookup for the endpoint entity identifier. Based on the lookup not finding the endpoint entity identifier, the first hop network element broadcasts a message such as a remote media access address (MAC) query to other network elements in the one or more network fabrics. Based on the received response, which may include an IP address associated with the MAC address, the first hop network element performs a theft validation process to determine whether the request originated from a migrated endpoint or a rogue device.Type: GrantFiled: May 4, 2022Date of Patent: September 12, 2023Assignee: CISCO TECHNOLOGY, INC.Inventors: Govind Prasad Sharma, Eshwar Rao Yedavalli, Mohammed Javed Asghar, Ashwath Kumar Chandrasekaran, Swapnil Mankar, Umamaheswararao Karyampudi
-
Publication number: 20230185683Abstract: This disclosure describes techniques for adaptive disaster recovery of applications running on network devices. The techniques include generating an application template and an application template clone that include application attributes usable to deploy an application stack at an application site. The techniques also include sending the application template clone to a disaster recovery site group to await deployment instructions. In some examples, an observer may determine that a health metric of the application site indicates that a disaster recovery process be triggered. A disaster recovery site of the disaster recovery site group may be selected based at least in part on a performance metric. The application stack may be deployed at the disaster recovery site utilizing the application template clone.Type: ApplicationFiled: December 10, 2021Publication date: June 15, 2023Inventors: Javed Asghar, Rajagopalan Janakiraman, Raghu Rajendra Arur
-
Publication number: 20230031921Abstract: In one embodiment, a method includes identifying a problematic event between a first interest point and a second interest point of a network and activating, in response to identifying the problematic event between the first interest point and the second interest point, a first endpoint associated with the first interest point and a second endpoint associated with the second interest point. The method also includes receiving, from the first endpoint and the second endpoint, telemetry data associated with a problematic path between the first interest point and the second interest point. The method further includes determining the problematic path between the first interest point and the second interest point using the telemetry data received from the first endpoint and the second endpoint.Type: ApplicationFiled: July 30, 2021Publication date: February 2, 2023Inventors: Vijay Kumar Devendran, Kiran Kumar Meda, Rajagopalan Janakiraman, Shyam N. Kapadia, Javed Asghar
-
Publication number: 20220263865Abstract: Methods to secure against IP address thefts by rogue devices in a virtualized datacenter are provided. Rogue devices are detected and distinguished from a migration of an endpoint in a virtualized datacenter. A first hop network element in a one or more network fabrics intercepts a request that includes an identity of an endpoint and performs a local lookup for the endpoint entity identifier. Based on the lookup not finding the endpoint entity identifier, the first hop network element broadcasts a message such as a remote media access address (MAC) query to other network elements in the one or more network fabrics. Based on the received response, which may include an IP address associated with the MAC address, the first hop network element performs a theft validation process to determine whether the request originated from a migrated endpoint or a rogue device.Type: ApplicationFiled: May 4, 2022Publication date: August 18, 2022Inventors: Govind Prasad Sharma, Eshwar Rao Yedavalli, Mohammed Javed Asghar, Ashwath Kumar Chandrasekaran, Swapnil Mankar, Umamaheswararao Karyampudi
-
Patent number: 11405427Abstract: The present technology pertains to a system, method, and non-transitory computer-readable medium for orchestrating policies across multiple networking domains. The technology can receive, at a provider domain from a consumer domain, a data request; receive, at the provider domain from the consumer domain, at least one access policy for the consumer domain; translate, at the provider domain, the at least one access policy for the consumer domain into at least one translated access policy understood by the provider domain; apply, at the provider domain, the at least one translated access policy understood by the provider domain to the data request; and send, at the provider domain to the consumer domain, a response to the data request.Type: GrantFiled: January 23, 2020Date of Patent: August 2, 2022Inventors: Ronak K. Desai, Rajagopalan Janakiraman, Mohammed Javed Asghar, Azeem Suleman, Patel Amitkumar Valjibhai, Sanjay Kumar Hooda, Victor Manuel Moreno
-
Patent number: 11368484Abstract: Methods to secure against IP address thefts by rogue devices in a virtualized datacenter are provided. Rogue devices are detected and distinguished from a migration of an endpoint in a virtualized datacenter. A first hop network element in a one or more network fabrics intercepts a request that includes an identity of an endpoint and performs a local lookup for the endpoint entity identifier. Based on the lookup not finding the endpoint entity identifier, the first hop network element broadcasts a message such as a remote media access address (MAC) query to other network elements in the one or more network fabrics. Based on the received response, which may include an IP address associated with the MAC address, the first hop network element performs a theft validation process to determine whether the request originated from a migrated endpoint or a rogue device.Type: GrantFiled: April 26, 2019Date of Patent: June 21, 2022Assignee: CISCO TECHNOLOGY, INCInventors: Govind Prasad Sharma, Eshwar Rao Yedavalli, Mohammed Javed Asghar, Ashwath Kumar Chandrasekaran, Swapnil Mankar, Umamaheswararao Karyampudi
-
Patent number: 11336573Abstract: Techniques for routing data packets through service chains within and between public cloud networks of multi-cloud fabrics. A router in a network, e.g., a public cloud network, receives data packets from nodes in the network through segments of the network. Based at least in part on (i) a source address of the data packet, (ii) a destination address of the data packet, and (iii) an identity of the segments of the network from which the data packets are received, the router determines a next node in the network to which the data packet is to be forwarded. The router may then forward the data packet through another segment of the network to the next node and then receive the data packet from the next node through the another segment.Type: GrantFiled: February 26, 2020Date of Patent: May 17, 2022Assignee: Cisco Technology, Inc.Inventors: Rajagopalan Janakiraman, Sivakumar Ganapathy, Javed Asghar, Azeem Muhammad Suleman
-
Patent number: 11336515Abstract: Presented herein are systems and methods to enable simultaneous interoperability with policy-aware and policy-unaware data center sites. A multi-site orchestrator (MSO) device can be configured to obtain configuration information for each of a plurality of different data center sites. The data center sites may include one or more on-premises sites and one or more off-premises sites, each of which may include one or more policy-aware sites and/or one or more policy-unaware sites. The MSO can selectively use namespace translations to create a unified fabric across the different data center sites, enabling one or more hosts and/or applications at a first of the data center sites to communicate with one or more hosts and/or applications at a second of the data center sites, regardless of the sites' respective configurations.Type: GrantFiled: February 19, 2021Date of Patent: May 17, 2022Assignee: CISCO TECHNOLOGY, INC.Inventors: Munish Mehta, Sundeep Kumar Singh, Shyam N. Kapadia, Mohammed Javed Asghar, Lukas Krattiger
-
Publication number: 20220006758Abstract: Embodiments herein describe using translation mappings and security contracts to establish interconnects and policies between switching fabrics at different sites to create a unified fabric. In one embodiment, a multi-site controller can stretch endpoint groups (EPGs) between the sites so that a host or application in a first site can communicate with a host or application in a second site which is assigned to the same stretched EPG, despite the two sites have different namespaces. Further, the shadow EPGs can be formed to facilitate security contracts between EPGs in different sites. Each site can store namespace translation mapping that enable the site to convert namespace information in packets received from a different site into its own namespace values. As a result, independent bridging and routing segments in the various sites can be interconnected as well as providing application accessibility across different fabrics with independent and private namespaces.Type: ApplicationFiled: September 15, 2021Publication date: January 6, 2022Inventors: Sridhar VALLEPALLI, Javed ASGHAR, Umamaheswararao KARYAMPUDI, Saad MALIK, Amitkumar V. PATEL
-
Publication number: 20220006757Abstract: An endpoint group (EPG) can be stretched between the sites so that endpoints at different sites can be assigned to the same stretched EPG. Because the sites can use different bridge domains when establishing the stretched EPGs, the first time a site transmits a packet to an endpoint in a different site, the site learns or discovers a path to the destination endpoint. The site can use BGP to identify the site with the host and use a multicast tunnel to reach the site. A unicast tunnel can be used to transmit future packets to the destination endpoint. Additionally, a stretched EPG can be segmented to form a micro-stretched EPG. Filtering criteria can be used to identify a subset of the endpoints in the stretched EPG that are then assigned to the micro-stretched EPG, which can have different policies than the stretched EPG.Type: ApplicationFiled: September 21, 2021Publication date: January 6, 2022Inventors: Javed ASGHAR, Sridhar VALLEPALLI, Umamaheswararao KARYAMPUDI, Srinivas KOTAMRAJU
-
Patent number: 11201859Abstract: A method and apparatus for providing tenant specific encryption is described herein. According to an embodiment, a transmission site receives a data packet for transmission or forwarding. The transmission site determines, based on information in a header of the data packet, that the data packet is to be encrypted before transmission or forwarding. Using the information in the header, the transmission site identifies an encryption key for the data packet. The transmission site generates, for the data packet, an additional header and populates the additional header with a destination port number based on a destination port header value of the data packet. The transmission site overwrites the destination port header value of the packet with data indicating that the data packet is encrypted and then encrypts an encapsulated packet within the data packet using the encryption key prior to transmitting or forwarding the data packet.Type: GrantFiled: October 17, 2018Date of Patent: December 14, 2021Assignee: Cisco Technology, Inc.Inventors: Javed Asghar, Sridhar Vallepalli, Govind Prasad Sharma, Eshwar Rao Yedavalli
-
Patent number: 11178071Abstract: Embodiments herein describe using translation mappings and security contracts to establish interconnects and policies between switching fabrics at different sites to create a unified fabric. In one embodiment, a multi-site controller can stretch endpoint groups (EPGs) between the sites so that a host or application in a first site can communicate with a host or application in a second site which is assigned to the same stretched EPG, despite the two sites have different namespaces. Further, the shadow EPGs can be formed to facilitate security contracts between EPGs in different sites. Each site can store namespace translation mapping that enable the site to convert namespace information in packets received from a different site into its own namespace values. As a result, independent bridging and routing segments in the various sites can be interconnected as well as providing application accessibility across different fabrics with independent and private namespaces.Type: GrantFiled: October 18, 2018Date of Patent: November 16, 2021Assignee: Cisco Technology, Inc.Inventors: Sridhar Vallepalli, Javed Asghar, Umamaheswararao Karyampudi, Saad Malik, Amitkumar V. Patel