Patents by Inventor Joon-Myung Kang
Joon-Myung Kang has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11595289Abstract: Embodiments described herein describe a network tester that is configured to perform packet modification at an egress pipeline of a programmable packet engine. A packet stream is received at an egress pipeline of an output port of the programmable packet engine, wherein the output port includes a packet modifier. Packets of the packet stream are modified at the packet modifier. The packet stream including modified packets is transmitted through an egress pipeline of the output port.Type: GrantFiled: March 27, 2020Date of Patent: February 28, 2023Assignee: Barefoot Networks, Inc.Inventors: Jeongkeun Lee, Georgios Nikolaidis, Andre Lam, Remy Chang, Joon-Myung Kang, Ashkan Nikravesh, Ramkumar Krishnamoorthy, Alain Loge
-
Patent number: 11095518Abstract: Example implementations relate to determining whether network invariants are violated by flow rules to be implemented by the data plane of a network. In an example, a verification module implemented on a device receives a flow rule transmitted from an SDN controller to a switch, the flow rule relating to an event. The module determines whether the flow rule matches any of a plurality of network invariants cached in the device. If determined that the flow rule matches one of the plurality of network invariants, the verification module determines whether the flow rule violates the matched network invariant. If determined that the flow rule does not match any of the plurality of network invariants, the verification module (1) reports the event associated with the flow rule to a policy management module, (2) receives a new network invariant related to the event from the policy management module, and (3) determines whether the flow rule violates the new network invariant.Type: GrantFiled: December 19, 2019Date of Patent: August 17, 2021Assignee: Hewlett Packard Enterprise Development LPInventors: Ying Zhang, Jeongkeun Lee, Puneet Sharma, Joon-Myung Kang
-
Patent number: 10992520Abstract: Example implementations disclosed herein can be used to generate composite network policy graphs based on multiple network policy graphs input by network users that may have different goals for the network. The resulting composite network policy graph can be used to program a network so that it meets the requirements necessary to achieve the goals of at least some of the network users. In one example implementation, a method can include receiving multiple network policy graphs, generating composite endpoint groups based on relationships between endpoint groups and policy graph sources, generating composite paths based on the relationships between the endpoints and the network policy graphs, generating a composite network policy graph based on the composite endpoint groups and the composite paths, and analyzing the composite network policy graph to determine conflicts or errors.Type: GrantFiled: November 6, 2014Date of Patent: April 27, 2021Assignee: Hewlett Packard Enterprise Development LPInventors: Junggun Lee, Chaithan M. Prakash, Charles F. Clark, Dave Lenrow, Yoshio Turner, Sujata Banerjee, Yadi Ma, Joon-Myung Kang, Puneet Sharma
-
Patent number: 10958547Abstract: In some examples, a system can verify a network function by inquiring a model using a query language is described. In some examples, the system can include at least a memory and a processor coupled to the memory. The processor can execute instructions stored in the memory to transmit a plurality of packets into at least one network function that is unverifiable; describe the at least one network function using a model comprising a set of match action rules and a state machine; inquire the model using a query language comprising a temporal logic to obtain a query result indicating an expected behavior of the plurality of packets; and verify the at least one network function based on the query result and the expected behavior of the plurality of packets.Type: GrantFiled: September 9, 2016Date of Patent: March 23, 2021Assignee: Hewlett Packard Enterprise Development LPInventors: Ying Zhang, Sujata Banerjee, Joon-Myung Kang
-
Patent number: 10812342Abstract: Example method includes: receiving, by a network device in a network, a first network policy and a second network policy configured by a network administrator, wherein the first network policy comprises a first metric and the second network policy comprises a second and different metric; detecting, by the network device, a conflict between the first network policy and the second network policy; determining, by the network device, a relationship between the first metric and the second metric; modifying, by the network device, at least one of the first network policy and the second network policy to resolve the conflict based on the relationship between the first metric and the second metric; and combining, by the network device, the first network policy and the second network policy to generate a composite network policy that is represented on a single policy graph.Type: GrantFiled: April 28, 2017Date of Patent: October 20, 2020Assignee: Hewlett Packard Enterprise Development LPInventors: Joon Myung Kang, Anubhavnidhi Abhashkumar, Sujata Banerjee, Ying Zhang, Wenfei Wu
-
Publication number: 20200313999Abstract: Embodiments described herein describe a network tester that is configured to perform packet modification at an egress pipeline of a programmable packet engine. A packet stream is received at an egress pipeline of an output port of the programmable packet engine, wherein the output port includes a packet modifier. Packets of the packet stream are modified at the packet modifier. The packet stream including modified packets is transmitted through an egress pipeline of the output port.Type: ApplicationFiled: March 27, 2020Publication date: October 1, 2020Inventors: Jeongkeun LEE, Georgios NIKOLAIDIS, Andre LAM, Remy CHANG, Joon-Myung KANG, Ashkan NIKRAVESH, Ramkumar KRISHNAMOORTHY, Alain LOGE
-
Patent number: 10771342Abstract: Example method includes: identifying three relationships about a network function in an intent-based stateful network—(1) the network function forwarding a network packet implies that at least one previous network packet was received by the network function in the same direction prior to the network packet is forwarded, (2) an established state in the network function implies that at least one previous network packet was received at the network function, (3) the network function receiving the network packet as a downward network function implies the network packet was previously sent by a second network function acting as an upward network function; encoding the network function using a combination of at least one of the three identified relationships; and verifying a plurality of network intents in the intent-based stateful network based at least in part on the encoding of the network function.Type: GrantFiled: October 31, 2018Date of Patent: September 8, 2020Assignee: Hewlett Packard Enterprises Development LPInventors: Joon-Myung Kang, Huazhe Wang, Puneet Sharma
-
Publication number: 20200186429Abstract: Example implementations relate to determining whether network invariants are violated by flow rules to be implemented by the data plane of a network. In an example, a verification module implemented on a device receives a flow rule transmitted from an SDN controller to a switch, the flow rule relating to an event. The module determines whether the flow rule matches any of a plurality of network invariants cached in the device. If determined that the flow rule matches one of the plurality of network invariants, the verification module determines whether the flow rule violates the matched network invariant. If determined that the flow rule does not match any of the plurality of network invariants, the verification module (1) reports the event associated with the flow rule to a policy management module, (2) receives a new network invariant related to the event from the policy management module, and (3) determines whether the flow rule violates the new network invariant.Type: ApplicationFiled: December 19, 2019Publication date: June 11, 2020Inventors: Ying Zhang, Jeongkeun Lee, Puneet Sharma, Joon-Myung Kang
-
Publication number: 20200136917Abstract: Example method includes: identifying three relationships about a network function in an intent-based stateful network—(1) the network function forwarding a network packet implies that at least one previous network packet was received by the network function in the same direction prior to the network packet is forwarded, (2) an established state in the network function implies that at least one previous network packet was received at the network function, (3) the network function receiving the network packet as a downward network function implies the network packet was previously sent by a second network function acting as an upward network function; encoding the network function using a combination of at least one of the three identified relationships; and verifying a plurality of network intents in the intent-based stateful network based at least in part on the encoding of the network function.Type: ApplicationFiled: October 31, 2018Publication date: April 30, 2020Inventors: Joon-Myung Kang, Huazhe Wang, Puneet Sharma
-
Patent number: 10567384Abstract: Example method includes: receiving, by a network device, a plurality of input policy graphs and a composed policy graph associated with the input policy graphs; dividing the composed policy graph into a plurality of sub-graphs, each sub-graph comprising a plurality of edges and a plurality of source nodes and destination nodes that the edges are connected to; selecting a first subset of sub-graphs that include, as a source node, a disjoint part of an original source EPG for each input policy graph; identifying a second subset within the first subset of sub-graphs that include, as a destination node, a disjoint part of an original destination EPG for the each input policy graph; and verifying whether connectivity in the composed policy graph reflects a corresponding policy in the plurality of input policy graphs for each sub-graph in the second subset.Type: GrantFiled: August 25, 2017Date of Patent: February 18, 2020Assignee: Hewlett Packard Enterprise Development LPInventors: Joon-Myung Kang, Mario Antonio Sanchez, Ying Zhang, Anu Mercian, Raphael Amorim Dantas Leite, Sujata Banerjee
-
Patent number: 10541873Abstract: Example implementations relate to determining whether network invariants are violated by flow rules to be implemented by the data plane of a network. In an example, a verification module implemented on a device receives a flow rule transmitted from an SDN controller to a switch, the flow rule relating to an event. The module determines whether the flow rule matches any of a plurality of network invariants cached in the device. If determined that the flow rule matches one of the plurality of network invariants, the verification module determines whether the flow rule violates the matched network invariant. If determined that the flow rule does not match any of the plurality of network invariants, the verification module (1) reports the event associated with the flow rule to a policy management module, (2) receives a new network invariant related to the event from the policy management module, and (3) determines whether the flow rule violates the new network invariant.Type: GrantFiled: November 20, 2015Date of Patent: January 21, 2020Assignee: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LPInventors: Ying Zhang, Jeongkeun Lee, Puneet Sharma, Joon-Myung Kang
-
Publication number: 20190238410Abstract: A method for verifying network intents may include decomposing at least one network intent into a plurality of sub-verification tasks, generating a set of normalized configurations for a plurality of network devices in a target network based on a set of current configurations for the plurality of network devices and generating a network graph based on the set of normalized configurations and a topology of the target network. The method may further include analyzing the plurality of sub-verification tasks and the network graph to determine if the set of current configurations for the plurality of network devices satisfies the at least one network intent. If the at least one network intent is not satisfied, a report may be generated indicating that the target network is not in compliance. If the at least one network intent is satisfied, information may be provided indicating that target network is in compliance.Type: ApplicationFiled: January 31, 2018Publication date: August 1, 2019Inventors: Joon Myung Kang, Huazhe WANG, Puneet SHARMA
-
Publication number: 20190068598Abstract: Example method includes: receiving, by a network device, a plurality of input policy graphs and a composed policy graph associated with the input policy graphs; dividing the composed policy graph into a plurality of sub-graphs, each sub-graph comprising a plurality of edges and a plurality of source nodes and destination nodes that the edges are connected to; selecting a first subset of sub-graphs that include, as a source node, a disjoint part of an original source EPG for each input policy graph; identifying a second subset within the first subset of sub-graphs that include, as a destination node, a disjoint part of an original destination EPG for the each input policy graph; and verifying whether connectivity in the composed policy graph reflects a corresponding policy in the plurality of input policy graphs for each sub-graph in the second subset.Type: ApplicationFiled: August 25, 2017Publication date: February 28, 2019Inventors: Joon-Myung Kang, Mario Antonio Sanchez, Ying Zhang, Anu Mercian, Raphael Amorim Dantas Leite, Sujata Banerjee
-
Publication number: 20180331909Abstract: Example implementations relate to determining whether network invariants are violated by flow rules to be implemented by the data plane of a network. In an example, a verification module implemented on a device receives a flow rule transmitted from an SDN controller to a switch, the flow rule relating to an event. The module determines whether the flow rule matches any of a plurality of network invariants cached in the device. If determined that the flow rule matches one of the plurality of network invariants, the verification module determines whether the flow rule violates the matched network invariant. If determined that the flow rule does not match any of the plurality of network invariants, the verification module (1) reports the event associated with the flow rule to a policy management module, (2) receives a new network invariant related to the event from the policy management module, and (3) determines whether the flow rule violates the new network invariant.Type: ApplicationFiled: November 20, 2015Publication date: November 15, 2018Inventors: Ying ZHANG, Jeongkeun LEE, Puneet SHARMA, Joon-Myung KANG
-
Publication number: 20180316576Abstract: Example method includes: receiving, by a network device in a network, a first network policy and a second network policy configured by a network administrator, wherein the first network policy comprises a first metric and the second network policy comprises a second and different metric; detecting, by the network device, a conflict between the first network policy and the second network policy; determining, by the network device, a relationship between the first metric and the second metric; modifying, by the network device, at least one of the first network policy and the second network policy to resolve the conflict based on the relationship between the first metric and the second metric; and combining, by the network device, the first network policy and the second network policy to generate a composite network policy that is represented on a single policy graph.Type: ApplicationFiled: April 28, 2017Publication date: November 1, 2018Inventors: Joon Myung Kang, Anubhavnidhi Abhashkumar, Sujata Banerjee, Ying Zhang, Wenfei Wu
-
Publication number: 20180314957Abstract: Example method includes: negotiating, by a network device, a location of a data source for a particular network infrastructure manager; inferring, by the network device, a meta label namespace by analyzing the data source, wherein the meta label namespaces comprises at least a relationship between a plurality of meta labels; inferring, by the network device, a label namespace that is specific to the particular network infrastructure manager from the meta label namespace; converting, by the network device, the label namespace to an abstract label namespace; and aggregating, by the network device, the abstract label namespace into a global label namespace that is applicable across diverse network infrastructures.Type: ApplicationFiled: April 28, 2017Publication date: November 1, 2018Inventors: Joon Myung Kang, Kshiteej S. Mahajan, Sujata Banerjee
-
Publication number: 20180205790Abstract: Distributed data structures in a software defined networking (SDN) environment is disclosed. One example is a system including at least one processor and a memory storing instructions executable by the at least one processor to access a tree data structure located at a central node in the SDN environment, retrieve, at a local node of the network, a sub-tree of the data structure, the sub-tree determined based on a management policy associated with the local node or the central node, and cache sub-trees of the data structure at respective local nodes to generate a distributed data structure in the environment.Type: ApplicationFiled: January 13, 2017Publication date: July 19, 2018Inventors: Anu Mercian, Raphael Amorim Dantas Leite, Mario Antonio Sanchez, Joon-Myung Kang, Sujata Banerjee
-
Publication number: 20180077037Abstract: In some examples, a system can verify a network function by inquiring a model using a query language is described. In some examples, the system can include at least a memory and a processor coupled to the memory. The processor can execute instructions stored in the memory to transmit a plurality of packets into at least one network function that is unverifiable; describe the at least one network function using a model comprising a set of match action rules and a state machine; inquire the model using a query language comprising a temporal logic to obtain a query result indicating an expected behavior of the plurality of packets; and verify the at least one network function based on the query result and the expected behavior of the plurality of packets.Type: ApplicationFiled: September 9, 2016Publication date: March 15, 2018Inventors: Ying Zhang, Sujata Banerjee, Joon-Myung Kang
-
Publication number: 20170222873Abstract: Example implementations disclosed herein can be used to generate composite network policy graphs based on multiple network policy graphs input by network users that may have different goals for the network. The resulting composite network policy graph can be used to program a network so that it meets the requirements necessary to achieve the goals of at least some of the network users. In one example implementation, a method can include receiving multiple network policy graphs, generating composite endpoint groups based on relationships between endpoint groups and policy graph sources, generating composite paths based on the relationships between the endpoints and the network policy graphs, generating a composite network policy graph based on the composite endpoint groups and the composite paths, and analyzing the composite network policy graph to determine conflicts or errors.Type: ApplicationFiled: November 6, 2014Publication date: August 3, 2017Inventors: Jung Gun Lee, Chaithan M. Prakash, Charles F. Clark, Dave Lenrow, Yoshio Turner, Sujata Banerjee, Yadi Ma, Joon-Myung Kang, Puneet Sharma
-
Publication number: 20140067746Abstract: Disclosed are an apparatus and method for managing user-centered context, the apparatus including a sensor level unit including a plurality of sensors to transmit respective pieces of first context collected from the plurality of sensors, a domain level unit including a plurality of domain context management modules (domain_U-CoUDE) to produce a first inferred context by aggregating and inferring a corresponding second context among the respective pieces of first context by use of a context model and transmit the produced first inferred context, and a user level unit including a plurality of user context management modules (user_U-CoUDE) to produce and transmit a second inferred context by aggregating and inferring the first inferred context by use of the context model, so that different forms of context generated from various domains are converted into a standardized from, thereby providing and using the context in a more efficient manner.Type: ApplicationFiled: August 20, 2013Publication date: March 6, 2014Applicant: POSTECH ACADEMY - INDUSTRY FOUNDATIONInventors: Won Ki Hong, Sin Seok Seo, Joon Myung Kang, Yoon Seon Han