Patents by Inventor Jayant JAIN

Jayant JAIN has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Patent number: 12659299
    Abstract: A method comprises: in response to detecting a new expression in a policy rule, updating a global version number to a new value; identifying a particular IP address that corresponds to an FQDN matching on the new expression; storing an entry comprising the particular IP address, the new expression, and an entry version number in a first data structure, the entry version number being assigned the new value; in response to detecting a new connection to a destination IP address: finding a matching entry in the first data structure corresponding to the destination IP address; determining whether the global version number matches the entry version number for the matching entry; and in response to determining that the global version number does not match the entry version number for the matching entry, sending update information to a slowpath process that associates an updated configuration information for the matching entry.
    Type: Grant
    Filed: July 9, 2024
    Date of Patent: June 16, 2026
    Assignee: VMware LLC
    Inventors: Sushruth Gopal, Jayant Jain, Davide Celotto, Josh Swerdlow
  • Publication number: 20260163846
    Abstract: Described herein are systems, methods, and software to enhance network traffic management. In one implementation, a first host identifies a packet to be transferred from a first virtual machine on the first host to a second virtual machine on a second host. In response to identifying the packet, the first host identifies a source logical port for the first virtual machine, and transferring a communication to the second host, wherein the communication encapsulates the data packet and the source logical port. Once the packet is received by the second host, the second host may use the source logical port to determine a forwarding action for the packet.
    Type: Application
    Filed: April 15, 2025
    Publication date: June 11, 2026
    Inventors: Jayant Jain, Ganesan Chandrashekhar, Anirban Sengupta, Pankaj Thakkar, Alexander Tessmer
  • Patent number: 12647388
    Abstract: Anycast IP addressing and policy-based forwarding are implemented so that resources deployed in association with different accounts of a tenant but have overlapping IP addresses appear distinct to the tenant. A service that executes on a network controller configures a DHCP address pool for an account for which associated resources are indicated for deployment. The service also orchestrates instantiation of one or more connectors configured to front the resource(s) and allocates an anycast IP address to the connector(s) that is unique with respect to other connectors that front resources associated with the same account or different accounts. The service then creates a policy-based forwarding rule to forward network traffic originating from an IP address within the account's DHCP address pool and with a destination address that matches the resource(s) IP address to the anycast IP address allocated to the connector(s) that fronts the resources.
    Type: Grant
    Filed: April 17, 2024
    Date of Patent: June 2, 2026
    Assignee: Palo Alto Networks, Inc.
    Inventors: Jayant Jain, Mingfei Peng, Brian Russell Kean, Srivatsan Rajagopal, Uttam Ramesh, Ketan Gunawant Kulkarni
  • Publication number: 20260100933
    Abstract: Techniques for wildcard based private application access are disclosed. In some embodiments, a system, a process, and/or a computer program product for wildcard based private application access includes receiving a request for access to an application over a secure access service edge (SASE) network for a user associated with an enterprise; determining if the request for access to the application matches a wildcard (e.g., the wildcard can be configured by an administrator of the enterprise for matching a fully qualified domain name (FQDN) for the application); and automatically configuring access information (e.g., IP address, protocol, and destination port) for the application that matches the wildcard.
    Type: Application
    Filed: October 17, 2025
    Publication date: April 9, 2026
    Inventors: Jayant Jain, Harieasswar Lakshmidevi, Mingfei Peng, Brian Russell Kean, Srivatsan Rajagopal
  • Publication number: 20260075036
    Abstract: A data packet is received. It is determined whether the data packet is encapsulated. One or more security policies are applied to the data packet based on whether the data packet is encapsulated.
    Type: Application
    Filed: August 26, 2025
    Publication date: March 12, 2026
    Inventors: Uttam Ramesh, Jayant Jain, Brian Russell Kean, Aditya Srinivasa Ivaturi, Srikanth Ramachandran, Nidhi Shah, Srikanth Mulakaluri
  • Publication number: 20260032115
    Abstract: The present application discloses a method, system, and computer system for providing intelligent DNS load balancing using a combination of a dynamic DNAT pool and application providing in a connector-based solution for private application access. The method includes: (a) performing a DNS re-resolution for resolving an application Fully Qualified Domain Name (FQDN) to obtain a plurality of IP addresses for a plurality of application servers, (b) performing periodic application server probing, and (c) dynamically updating a destination network address translation (DNAT) to provide DNS load balancing for application traffic. The DNAT is updated based at least in part on one or more of the DNS re-resolution and the application server probing.
    Type: Application
    Filed: July 26, 2024
    Publication date: January 29, 2026
    Inventors: Brian Russell Kean, Ketan Kulkarni, Jayant Jain, Mingfei Peng
  • Publication number: 20260005949
    Abstract: Anycast addressing is utilized to support the connection of multiple application connectors fronting an application(s) to a network element and anycast routing of network traffic destined for the application(s). When an application is indicated for onboarding in a tenant's network fabric, a network controller allocates virtual and anycast addresses to the application. Allocation of anycast addresses is per domain name and port/protocol combination. Upon determining that the application is available, the application connector(s) advertises reachability of the application via the anycast address. The network controller orchestrates configuration of a domain name system entry that resolves the application name to its virtual Internet Protocol (IP) address and destination network address translation rules that translate the virtual IP address to the anycast address and the anycast address to the application's private IP address.
    Type: Application
    Filed: September 4, 2025
    Publication date: January 1, 2026
    Inventors: Jacob Rameen Chitsaz, Jayant Jain, Brian Russell Kean, Uttam Ramesh, Mingfei Peng
  • Publication number: 20250371092
    Abstract: The present application discloses a method, system, and computer system for providing secure access to links embedded in an email. The method includes (i) parsing an email, (ii) identifying a URL link in the email, and (iii) rewriting the URL link for execution in an isolation context based at least in part on a policy.
    Type: Application
    Filed: May 31, 2024
    Publication date: December 4, 2025
    Inventors: Jayant Jain, Yanggui Chen, Fred Philip Stanley, Priyanka Tiwari, Shyam Prasad Nukala, Nitish Kishore Khadke
  • Patent number: 12470520
    Abstract: Techniques for wildcard based private application access are disclosed. In some embodiments, a system, a process, and/or a computer program product for wildcard based private application access includes receiving a request for access to an application over a secure access service edge (SASE) network for a user associated with an enterprise; determining if the request for access to the application matches a wildcard (e.g., the wildcard can be configured by an administrator of the enterprise for matching a fully qualified domain name (FQDN) for the application); and automatically configuring access information (e.g., IP address, protocol, and destination port) for the application that matches the wildcard.
    Type: Grant
    Filed: July 28, 2023
    Date of Patent: November 11, 2025
    Assignee: Palo Alto Networks, Inc.
    Inventors: Jayant Jain, Harieasswar Lakshmidevi, Mingfei Peng, Brian Russell Kean, Srivatsan Rajagopal
  • Publication number: 20250330442
    Abstract: Anycast IP addressing and policy-based forwarding are implemented so that resources deployed in association with different accounts of a tenant but have overlapping IP addresses appear distinct to the tenant. A service that executes on a network controller configures a DHCP address pool for an account for which associated resources are indicated for deployment. The service also orchestrates instantiation of one or more connectors configured to front the resource(s) and allocates an anycast IP address to the connector(s) that is unique with respect to other connectors that front resources associated with the same account or different accounts. The service then creates a policy-based forwarding rule to forward network traffic originating from an IP address within the account's DHCP address pool and with a destination address that matches the resource(s) IP address to the anycast IP address allocated to the connector(s) that fronts the resources.
    Type: Application
    Filed: April 17, 2024
    Publication date: October 23, 2025
    Inventors: Jayant Jain, Mingfei Peng, Brian Russell Kean, Srivatsan Rajagopal, Uttam Ramesh, Ketan Gunawant Kulkarni
  • Publication number: 20250323892
    Abstract: A network controller communicates a wildcard domain name defined by a tenant and IP addresses of data centers for which a tenant has configured that wildcard to network elements of a network fabric through which the data centers are accessible. Each network element creates a rule to forward DNS requests with FQDNs that match the wildcard to each data center IP address. When a network element receives a DNS request indicating a FQDN that matches the wildcard, the network element forwards the DNS request to each data center IP address. Each data center element associated with one of the IP addresses receives the DNS request and determines if the FQDN can be resolved to an IP address in that data center. Data center elements for which domain name resolution is successful notify the network controller, which onboards the resource corresponding to the FQDN in that data center.
    Type: Application
    Filed: June 26, 2025
    Publication date: October 16, 2025
    Inventors: Jayant Jain, Brian Russell Kean, Mingfei Peng, Harieasswar Lakshmidevi, Harish Kumar Lohar
  • Patent number: 12425370
    Abstract: A data packet is received. It is determined whether the data packet is encapsulated. One or more security policies are applied to the data packet based on whether the data packet is encapsulated.
    Type: Grant
    Filed: September 12, 2024
    Date of Patent: September 23, 2025
    Assignee: Palo Alto Networks, Inc.
    Inventors: Uttam Ramesh, Jayant Jain, Brian Russell Kean, Aditya Srinivasa Ivaturi, Srikanth Ramachandran, Nidhi Shah, Srikanth Mulakaluri
  • Patent number: 12425327
    Abstract: Anycast addressing is utilized to support the connection of multiple application connectors fronting an application(s) to a network element and anycast routing of network traffic destined for the application(s). When an application is indicated for onboarding in a tenant's network fabric, a network controller allocates virtual and anycast addresses to the application. Allocation of anycast addresses is per domain name and port/protocol combination. Upon determining that the application is available, the application connector(s) advertises reachability of the application via the anycast address. The network controller orchestrates configuration of a domain name system entry that resolves the application name to its virtual Internet Protocol (IP) address and destination network address translation rules that translate the virtual IP address to the anycast address and the anycast address to the application's private IP address.
    Type: Grant
    Filed: October 31, 2023
    Date of Patent: September 23, 2025
    Assignee: Palo Alto Networks, Inc.
    Inventors: Jacob Rameen Chitsaz, Jayant Jain, Brian Russell Kean, Uttam Ramesh, Mingfei Peng
  • Patent number: 12401616
    Abstract: A network controller communicates a wildcard domain name defined by a tenant and IP addresses of data centers for which a tenant has configured that wildcard to network elements of a network fabric through which the data centers are accessible. Each network element creates a rule to forward DNS requests with FQDNs that match the wildcard to each data center IP address. When a network element receives a DNS request indicating a FQDN that matches the wildcard, the network element forwards the DNS request to each data center IP address. Each data center element associated with one of the IP addresses receives the DNS request and determines if the FQDN can be resolved to an IP address in that data center. Data center elements for which domain name resolution is successful notify the network controller, which onboards the resource corresponding to the FQDN in that data center.
    Type: Grant
    Filed: December 8, 2023
    Date of Patent: August 26, 2025
    Assignee: Palo Alto Networks, Inc.
    Inventors: Jayant Jain, Brian Russell Kean, Mingfei Peng, Harieasswar Lakshmidevi, Harish Kumar Lohar
  • Publication number: 20250254132
    Abstract: A novel method for dynamic network service allocation that maps generic services into specific configurations of service resources in a network is provided. An application that is assigned to be performed by computing resources in the network is associated with a set of generic services, and the method maps the set of generic services to the service resources based on the assignment of the application to the computing resources. The mapping of generic services is further based on a level of service that is chosen for the application, where the set of generic services are mapped to different sets of network resources according to different levels of services.
    Type: Application
    Filed: April 22, 2025
    Publication date: August 7, 2025
    Inventors: Jayant Jain, Raju Koganty, Anirban Sengupta
  • Patent number: 12375533
    Abstract: Some embodiments provide a method for forwarding data messages at multiple edge gateways of a logical network that process data messages between the logical network and an external network. At a first edge gateway, the method receives a data message, having an external address as a destination address, from the logical network. Based on the destination address, the method applies a default route to the data message that routes the data message to a second edge gateway and specifies a first output interface of the first edge gateway for the data message. After routing the data message, the method applies a stored NAT entry that (i) modifies a source address of the data message to be a public NAT address associated with the first edge gateway and (ii) redirects the modified data message to a second output interface of the first edge gateway instead of the first output interface.
    Type: Grant
    Filed: March 14, 2024
    Date of Patent: July 29, 2025
    Assignee: VMware LLC
    Inventors: Yong Wang, Jayant Jain, Ganesh Sadasivan, Abhishek Goliya
  • Publication number: 20250233843
    Abstract: Some embodiments of the invention provide novel methods for facilitating a distributed SNAT (dSNAT) middlebox service operation for a first network at a host computer in the first network on which the dSNAT middlebox service operation is performed and a gateway device between the first network and a second network. The novel methods enable dSNAT that provides stateful SNAT at multiple host computers, thus avoiding the bottleneck problem associated with providing stateful SNAT at gateways and also significantly reduces the need to redirect packets received at the wrong host by using a capacity of off-the-shelf gateway devices to perform 1Pv6 encapsulation for 1Pv4 packets and assigning locally unique 1Pv6 addresses to each host executing a dSNAT middlebox service instance that are used by the gateway device.
    Type: Application
    Filed: February 7, 2025
    Publication date: July 17, 2025
    Inventors: Sami Boutros, Mani Kancherla, Jayant Jain, Anirban Sengupta
  • Patent number: 12355728
    Abstract: A novel method for stateful packet classification that uses hardware resources for performing stateless lookups and software resources for performing stateful connection flow handshaking is provided. To classify an incoming packet from a network, some embodiments perform stateless look up operations for the incoming packet in hardware and forward the result of the stateless look up to the software. The software in turn uses the result of the stateless look up to perform the stateful connection flow handshaking and to determine the result of the stateful packet classification.
    Type: Grant
    Filed: July 27, 2023
    Date of Patent: July 8, 2025
    Assignee: VMware LLC
    Inventors: Jayant Jain, Anirban Sengupta, Mohan Parthasarathy, Xinhua Hong
  • Publication number: 20250208916
    Abstract: A method includes receiving a request to provision a plurality of containers including a resource requirement representing an amount of resources the respective container requires. The method also includes provisioning a machine that includes a first amount of resources. The method includes determining a second amount of resources based on a sum of each resource requirement of each respective container. The second amount of resources is less than the first amount of resources. The second amount of resources is greater than the resource requirement of each respective container. The method includes restricting each respective container of the plurality of containers to the second amount of resources that prohibits each respective container from utilizing more resources than the second amount of resources. After restricting each respective container of the plurality of contains to the second amount of resources, the method includes executing the plurality of containers on the machine.
    Type: Application
    Filed: December 18, 2024
    Publication date: June 26, 2025
    Applicant: Google LLC
    Inventors: Alexander Ray Curtis, Pawel Tadeusz Kepka, Vyacheslav Vladimirovich Malyugin, Adin Matthew Scannell, David G. Porter, Pawel Jacob Mendelski, Jayant Jain, Marian Kedzierski, William Mcguffin Wright Denniss, Jeremy Olmsted-Thompson
  • Publication number: 20250199843
    Abstract: Some embodiments provide novel methods for performing services for machines operating in one or more datacenters. For instance, for a group of related guest machines (e.g., a group of tenant machines), some embodiments define two different forwarding planes: (I) a guest forwarding plane and (2) a service forwarding plane. The guest forwarding plane connects to the machines in the group and performs L2 and/or L3 forwarding for these machines. The service forwarding plane (1) connects to the service nodes that perform services on data messages sent to and from these machines, and (2) forwards these data messages to the service nodes. In some embodiments, the guest machines do not connect directly with the service forwarding plane.
    Type: Application
    Filed: February 17, 2025
    Publication date: June 19, 2025
    Inventors: Fenil Kavathia, Anuprem Chalvadi, Yang Ping, Akhila Naveen, Yong Feng, Kantesh Mundaragi, Rahul Mishra, Pierluigi Rolando, Jayant Jain, Raju Koganty