Patents by Inventor Jingmin Zhou
Jingmin Zhou has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Publication number: 20210081461Abstract: In some embodiments, a method stores a plurality of identifiers for a plurality of rules. The plurality of rules each include a set of patterns, and a rule and a pattern combination is associated with an identifier in the plurality of identifiers. Information being sent on a network is scanned and the method determines when a pattern in the information matches a pattern for a rule. The method identifies an identifier for the pattern where the identifier identifies a rule and a pattern combination. Then, the method identifies the rule and the pattern combination based on the identifier. The set of patterns for the rule is found in the information based on determining that the rule and the pattern combinations for the rule have been found in the information.Type: ApplicationFiled: September 12, 2019Publication date: March 18, 2021Inventors: Jingmin Zhou, Subrahmanyam Manuguri, Jayant Jain, Anirban Sengupta
-
Publication number: 20200382371Abstract: The technology disclosed herein enables a data plane of a packet handler in a host to be changed while minimizing disruption to the operation of guests that are associated therewith. In a particular embodiment, the method provides, in a control plane of the packet handler, extracting state information about states of the data plane and pausing network traffic to the data plane. After pausing the network traffic to the data plane, the method provides applying changes to components of the data plane. After applying changes to the components of the data plane, the method provides restoring the states to the data plane using the state information and resuming the network traffic to the data plane.Type: ApplicationFiled: August 19, 2020Publication date: December 3, 2020Inventors: Jingmin Zhou, Subrahmanyam Manuguri, Anirban Sengupta
-
Publication number: 20200348983Abstract: Some embodiments provide a method for clustering a set of data compute nodes (DCNs), which communicate with each other more frequently, on one or more host machines. The method groups together guest DCNs (GDCNs) that (1) execute on different host machines and (2) exchange network data among themselves more frequently, in order to reduce interhost network traffic. The more frequently-communicating GDCNs can be a set of GDCNs that implement a distributed application, GDCNs of a particular tier in a multi-tier network architecture (e.g., a web tier in a three-tier architecture), GDCNs that are dedicated to a particular tenant in a hosting system, or any other set of GDCNs that exchange data among each other regularly for a particular purpose.Type: ApplicationFiled: July 21, 2020Publication date: November 5, 2020Inventors: Xin Qi, Fenil Kavathia, Chidambareswaran Raman, Shadab Shah, Raju Koganty, Jingmin Zhou
-
Publication number: 20200296078Abstract: In some embodiments, a method receives a packet at an instance of a distributed firewall associated with one of a plurality of workloads running on a hypervisor. Each of the plurality of workloads has an associated instance of the distributed firewall. An index table is accessed for the workload where the index table includes a set of references to a set of rules in a rules table. Each workload in the plurality of workloads is associated with an index table that references rules that are applicable to each respective workload. The method then accesses at least one rule in a set of rules associated with the set of references from the rules table and compares one or more attributes for the packet to information stored for the at least one rule in the set of rules to determine a rule in the set of rules to apply to the packet.Type: ApplicationFiled: March 13, 2019Publication date: September 17, 2020Inventors: Jingmin Zhou, David Lorenzo, Subrahmanyam Manuguri, Anirban Sengupta
-
Patent number: 10756969Abstract: The technology disclosed herein enables a data plane of a packet handler in a host to be changed while minimizing disruption to the operation of guests that are associated therewith. In a particular embodiment, the method provides, in a control plane of the packet handler, extracting state information about states of the data plane and pausing network traffic to the data plane. After pausing the network traffic to the data plane, the method provides applying changes to components of the data plane. After applying changes to the components of the data plane, the method provides restoring the states to the data plane using the state information and resuming the network traffic to the data plane.Type: GrantFiled: August 15, 2017Date of Patent: August 25, 2020Assignee: NICIRA, INC.Inventors: Jingmin Zhou, Subrahmanyam Manuguri, Anirban Sengupta
-
Patent number: 10725833Abstract: Some embodiments provide a method for clustering a set of data compute nodes (DCNs), which communicate with each other more frequently, on one or more host machines. The method groups together guest DCNs (GDCNs) that (1) execute on different host machines and (2) exchange network data among themselves more frequently, in order to reduce interhost network traffic. The more frequently-communicating GDCNs can be a set of GDCNs that implement a distributed application, GDCNs of a particular tier in a multi-tier network architecture (e.g., a web tier in a three-tier architecture), GDCNs that are dedicated to a particular tenant in a hosting system, or any other set of GDCNs that exchange data among each other regularly for a particular purpose.Type: GrantFiled: October 27, 2017Date of Patent: July 28, 2020Assignee: NICIRA, INC.Inventors: Xin Qi, Fenil Kavathia, Chidambareswaran Raman, Shadab Shah, Raju Koganty, Jingmin Zhou
-
Publication number: 20200120069Abstract: The technology disclosed herein enables the enforcement of firewall policies based on high level identification strings. In a particular embodiment, a method provides receiving a first reply from a first identification system directed to a requestor system. In response to determining that the first identification system comprises an identification system trusted by the firewall, the method provides inspecting at least one packet included in the first reply to identify a first network address therein associated with a first high level identification string. The method further provides updating a data structure comprising allowed network addresses with the first network address and, after updating the data structure with the first network address, allowing at least one packet from the requestor system directed to a first destination at the first network address to traverse the firewall system based on the data structure.Type: ApplicationFiled: December 13, 2019Publication date: April 16, 2020Inventors: Jayant Jain, Kausum Kumar, Anirban Sengupta, Rick Lund, Jingmin Zhou
-
Publication number: 20200081638Abstract: Example methods and systems are provided for a computer system to transfer runtime information between a first kernel module and a second kernel module. In one example, the method may comprise assigning ownership of a memory pool to the first kernel module; and the first kernel module accessing the memory pool to store runtime information associated with one or more operations performed by the first kernel module. The method may also comprise releasing ownership of the memory pool from the first kernel module while maintaining the runtime information in the memory pool; and assigning ownership of the memory pool to the second kernel module. The second kernel module may then access the memory pool to obtain the runtime information stored by the first kernel module.Type: ApplicationFiled: September 7, 2018Publication date: March 12, 2020Applicant: VMware, Inc.Inventors: Jingmin ZHOU, Subrahmanyam MANUGURI, Anirban SENGUPTA
-
Patent number: 10581801Abstract: A context-aware distributed firewall scheme is provided. A firewall engine tasked to provide firewall protection for a set of network addresses applies a reduced set of firewall rules that are relevant to the set of addresses associated with the machine. A hypervisor implements a search structure that allows each virtual machine's filter to quickly identify relevant rules from all of the received rules. The search structure is constructed as a binary prefix tree, each node corresponding to an IP CIDR (Classless Inter-Domain Routing) block. A query for relevant rules traverses nodes of the search structure according to a queried IP address and collect all rules that are associated with the traversed nodes.Type: GrantFiled: January 15, 2019Date of Patent: March 3, 2020Assignee: NICIRA, INC.Inventors: Jingmin Zhou, Anirban Sengupta
-
Patent number: 10530750Abstract: The technology disclosed herein enables the enforcement of firewall policies based on high level identification strings. In a particular embodiment, a method provides receiving a first reply from a first identification system directed to a requestor system. In response to determining that the first identification system comprises an identification system trusted by the firewall, the method provides inspecting at least one packet included in the first reply to identify a first network address therein associated with a first high level identification string. The method further provides updating a data structure comprising allowed network addresses with the first network address and, after updating the data structure with the first network address, allowing at least one packet from the requestor system directed to a first destination at the first network address to traverse the firewall system based on the data structure.Type: GrantFiled: December 14, 2016Date of Patent: January 7, 2020Assignee: NICIRA, INC.Inventors: Jayant Jain, Kausum Kumar, Anirban Sengupta, Rick Lund, Jingmin Zhou
-
Patent number: 10397275Abstract: Some embodiments provide novel methods for processing remote-device data messages in a network based on data-message attributes from a remote device management (RDM) system. For instance, the method of some embodiments identifies a set of RDM attributes associated with a data message, and then performs one or more service operations based on identified RDM attribute set.Type: GrantFiled: November 1, 2015Date of Patent: August 27, 2019Assignee: NICIRA, INC.Inventors: Jayant Jain, Anirban Sengupta, Rick Lund, Alok S. Tiagi, Jingmin Zhou, Nishant Jain
-
Publication number: 20190166096Abstract: A context-aware distributed firewall scheme is provided. A firewall engine tasked to provide firewall protection for a set of network addresses applies a reduced set of firewall rules that are relevant to the set of addresses associated with the machine. A hypervisor implements a search structure that allows each virtual machine's filter to quickly identify relevant rules from all of the received rules. The search structure is constructed as a binary prefix tree, each node corresponding to an IP CIDR (Classless Inter-Domain Routing) block. A query for relevant rules traverses nodes of the search structure according to a queried IP address and collect all rules that are associated with the traversed nodes.Type: ApplicationFiled: January 15, 2019Publication date: May 30, 2019Inventors: Jingmin Zhou, Anirban Sengupta
-
Publication number: 20190078099Abstract: Cells and cell lines are disclosed that are able to produce therapeutic proteins, antibodies, vectors, and viral vectors such as lentiviral vectors and adeno-associated viral (AAV) vectors. The cells and/or cell lines can have mutations or deletions in either one or both of the endogenous di-hydrofolate reductase (DHFR?/?) or glutamine synthetase (GS?/?) genes such that DHFR and/or GS expression or function is substantially reduced or eliminated.Type: ApplicationFiled: March 30, 2017Publication date: March 14, 2019Applicant: SPARK THERAPEUTICS, INC.Inventors: Jingmin ZHOU, Guang QU, John Fraser WRIGHT
-
Publication number: 20190058631Abstract: The technology disclosed herein enables a data plane of a packet handler in a host to be changed while minimizing disruption to the operation of guests that are associated therewith. In a particular embodiment, the method provides, in a control plane of the packet handler, extracting state information about states of the data plane and pausing network traffic to the data plane. After pausing the network traffic to the data plane, the method provides applying changes to components of the data plane. After applying changes to the components of the data plane, the method provides restoring the states to the data plane using the state information and resuming the network traffic to the data plane.Type: ApplicationFiled: August 15, 2017Publication date: February 21, 2019Inventors: Jingmin Zhou, Subrahmanyam Manuguri, Anirban Sengupta
-
Patent number: 10205703Abstract: A context-aware distributed firewall scheme is provided. A firewall engine tasked to provide firewall protection for a set of network addresses applies a reduced set of firewall rules that are relevant to the set of addresses associated with the machine. A hypervisor implements a search structure that allows each virtual machine's filter to quickly identify relevant rules from all of the received rules. The search structure is constructed as a binary prefix tree, each node corresponding to an IP CIDR (Classless Inter-Domain Routing) block. A query for relevant rules traverses nodes of the search structure according to a queried IP address and collect all rules that are associated with the traversed nodes.Type: GrantFiled: June 26, 2017Date of Patent: February 12, 2019Assignee: NICIRA, INC.Inventors: Jingmin Zhou, Anirban Sengupta
-
Patent number: 10193862Abstract: A computer system provides a method for identifying firewall rules to apply to a virtual machine based on detecting initiation of a new network connection from the virtual machine. An example method generally includes detecting initiation of communications on a network port by a virtual machine, identifying one or more applications executing on the virtual machine that initiated communications on the network port, identifying one or more firewall rules to apply to the virtual machine based, at least in part, on the identification of the one or more applications, determining a deviation between firewall rules applied to the virtual machine and the identified one or more firewall rules, and upon determining that a deviation exists between the firewall rules applied to the virtual machine and the identified one or more firewall rules, applying one or more rules corresponding to the determined deviation to the virtual machine.Type: GrantFiled: November 29, 2016Date of Patent: January 29, 2019Assignee: VMware, Inc.Inventors: Jayant Jain, Anirban Sengupta, Alok Tiagi, Jingmin Zhou, Russell Lu
-
Publication number: 20180176102Abstract: A method for visualizing network flows of a network is provided. The method monitors network flows between a group of machines in a network. The method associates identifiers with the monitored network flows. The method aggregates the monitored network flows into a set of groups based on the associated identifiers. The method displays a set of flow records for the each group of the set of groups.Type: ApplicationFiled: September 25, 2017Publication date: June 21, 2018Inventors: Kaushal Bansal, Uday Masurekar, Srinivas Nimmagadda, Jingmin Zhou, Abhishek Goliya, Amit Chopra, Kausum Kumar
-
Publication number: 20180167363Abstract: The technology disclosed herein enables the enforcement of firewall policies based on high level identification strings. In a particular embodiment, a method provides receiving a first reply from a first identification system directed to a requestor system. In response to determining that the first identification system comprises an identification system trusted by the firewall, the method provides inspecting at least one packet included in the first reply to identify a first network address therein associated with a first high level identification string. The method further provides updating a data structure comprising allowed network addresses with the first network address and, after updating the data structure with the first network address, allowing at least one packet from the requestor system directed to a first destination at the first network address to traverse the firewall system based on the data structure.Type: ApplicationFiled: December 14, 2016Publication date: June 14, 2018Inventors: Jayant Jain, Kausum Kumar, Anirban Sengupta, Rick Lund, Jingmin Zhou
-
Publication number: 20180152417Abstract: A computer system provides a method for identifying firewall rules to apply to a virtual machine based on detecting initiation of a new network connection from the virtual machine. An example method generally includes detecting initiation of communications on a network port by a virtual machine, identifying one or more applications executing on the virtual machine that initiated communications on the network port, identifying one or more firewall rules to apply to the virtual machine based, at least in part, on the identification of the one or more applications, determining a deviation between firewall rules applied to the virtual machine and the identified one or more firewall rules, and upon determining that a deviation exists between the firewall rules applied to the virtual machine and the identified one or more firewall rules, applying one or more rules corresponding to the determined deviation to the virtual machine.Type: ApplicationFiled: November 29, 2016Publication date: May 31, 2018Inventors: Jayant JAIN, Anirban SENGUPTA, Alok TIAGI, Jingmin ZHOU, Russell LU
-
Publication number: 20180121250Abstract: Some embodiments provide a method for clustering a set of data compute nodes (DCNs), which communicate with each other more frequently, on one or more host machines. The method groups together guest DCNs (GDCNs) that (1) execute on different host machines and (2) exchange network data among themselves more frequently, in order to reduce interhost network traffic. The more frequently-communicating GDCNs can be a set of GDCNs that implement a distributed application, GDCNs of a particular tier in a multi-tier network architecture (e.g., a web tier in a three-tier architecture), GDCNs that are dedicated to a particular tenant in a hosting system, or any other set of GDCNs that exchange data among each other regularly for a particular purpose.Type: ApplicationFiled: October 27, 2017Publication date: May 3, 2018Inventors: Xin Qi, Fenil Kavathia, Chidambareswaran Raman, Shadab Shah, Raju Koganty, Jingmin Zhou