Patents by Inventor Joseph R. Mihelich
Joseph R. Mihelich has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Publication number: 20150281007Abstract: Systems and methods for a network flow analysis service that facilitates collection, analysis and sharing of information regarding network flows are provided. According to one embodiment, a network flow analysis service provider collects network traffic information of network flows from a plurality of different network sources, analyzes at least one attribute associating with the network flows based on the network traffic information; and distributes the at least one attribute to subscribers of the network flow analysis service.Type: ApplicationFiled: March 28, 2014Publication date: October 1, 2015Applicant: FORTINET, INC.Inventors: Joseph R. Mihelich, Christian E. Navarrete
-
Publication number: 20150098335Abstract: Methods and systems for selecting among multiple concurrently active paths through a network are provided. According to one embodiment, a method is performed by a network interface of a source node within a loop-free, reverse-path-learning network. The network is divided into multiple virtual networks. A packet destined for a destination node and specifying an address for the destination or including information from which the address can be derived is received from the source. A set of virtual networks that can be used to transport the packet from the source node to the destination node is determined. Each virtual network in the set of virtual networks provides a different path through the network from the source to the destination. A particular virtual network from the set of virtual networks is selected, thereby effectively selecting a particular path from multiple selectable paths between the source and the destination.Type: ApplicationFiled: December 15, 2014Publication date: April 9, 2015Applicant: Fortinet, Inc.Inventors: Bert H. Tanaka, Daniel J. Maltbie, Joseph R. Mihelich
-
Patent number: 8917604Abstract: Methods and systems for performing rate limiting are provided. According to one embodiment, information is maintained regarding a set of virtual networks into which a network has been logically divided. Each virtual network comprises a loop-free switching path, reverse path learning network and provides a path through the network between a first and second network device thereby collectively providing multiple paths between the first and second network devices. Packets are received by the first device that are associated with a flow sent by a source network device. The packets are forwarded by the first device to the second device via a particular path of the multiple paths. A congestion metric is determined for the particular path and based thereon it is determined whether a congestion threshold has been reached. Responsive to an affirmative determination, the source device is instructed to reduce the rate at which the packets are sent.Type: GrantFiled: February 25, 2014Date of Patent: December 23, 2014Assignee: Fortinet, Inc.Inventors: Bert H. Tanaka, Daniel J. Maltbie, Joseph R. Mihelich
-
Patent number: 8873424Abstract: Methods and systems for performing load balancing within an Ethernet network are provided. According to one embodiment, a set of paths is maintained by a first component of multiple components coupled in communication with a network. Each path is a loop-free switching path, reverse path learning network and the first component and a second component of the multiple components are connected through each path. A packet destined for the second component is received by the first component. On a packet-by-packet basis or on a per flow basis, the first component dynamically selects a particular path of the multiple of paths by selecting a virtual network of the set of virtual networks for transporting the received packet that tends to balance traffic load across the set of virtual networks. The first component causes the received packet to be transported through the network to the second component via the particular path.Type: GrantFiled: October 2, 2013Date of Patent: October 28, 2014Assignee: Fortinet, Inc.Inventors: Bert H. Tanaka, Daniel J. Maltbie, Joseph R. Mihelich
-
Publication number: 20140177442Abstract: Methods and systems for performing rate limiting are provided. According to one embodiment, information is maintained regarding a set of virtual networks into which a network has been logically divided. Each virtual network comprises a loop-free switching path, reverse path learning network and provides a path through the network between a first and second network device thereby collectively providing multiple paths between the first and second network devices. Packets are received by the first device that are associated with a flow sent by a source network device. The packets are forwarded by the first device to the second device via a particular path of the multiple paths. A congestion metric is determined for the particular path and based thereon it is determined whether a congestion threshold has been reached. Responsive to an affirmative determination, the source device is instructed to reduce the rate at which the packets are sent.Type: ApplicationFiled: February 25, 2014Publication date: June 26, 2014Applicant: FORTINET, INC.Inventors: Bert H. Tanaka, Daniel J. Maltbie, Joseph R. Mihelich
-
Patent number: 8660007Abstract: Methods and systems for performing rate limiting are provided. According to one embodiment, information is maintained regarding a set of virtual networks into which a network has been logically divided. Each virtual network comprises a loop-free switching path, reverse path learning network and provides a path through the network between a first and second component thereby collectively providing multiple paths between the first and second components. Packets are received by the first component that are associated with a flow sent by a source component. The packets are forwarded by the first component to the second component along a particular path defined by the set of virtual networks. A congestion metric is determined for the particular path and based thereon it is determined whether a congestion threshold has been reached. Responsive to an affirmative determination, the source component is instructed to limit the rate at which the packets are sent.Type: GrantFiled: February 7, 2013Date of Patent: February 25, 2014Assignee: Fortinet, Inc.Inventors: Bert H. Tanaka, Daniel J. Maltbie, Joseph R. Mihelich
-
Publication number: 20140029429Abstract: Methods and systems for performing load balancing within an Ethernet network are provided. According to one embodiment, a set of paths is maintained by a first component of multiple components coupled in communication with a network. Each path is a loop-free switching path, reverse path learning network and the first component and a second component of the multiple components are connected through each path. A packet destined for the second component is received by the first component. On a packet-by-packet basis or on a per flow basis, the first component dynamically selects a particular path of the multiple of paths by selecting a virtual network of the set of virtual networks for transporting the received packet that tends to balance traffic load across the set of virtual networks. The first component causes the received packet to be transported through the network to the second component via the particular path.Type: ApplicationFiled: October 2, 2013Publication date: January 30, 2014Applicant: Fortinet, Inc.Inventors: Bert H. Tanaka, Daniel J. Maltbie, Joseph R. Mihelich
-
Publication number: 20130308640Abstract: Methods and systems for shielding layer two host addresses (e.g., MAC addresses) from a network are provided. A border component interposed between a network of switches and multiple local hosts receives from a first local host a first packet destined for a first destination host. The first local host has a first layer 2 (L2) address and a first layer 3 (L3) address associated therewith. The first packet includes the first L2 address as a source L2 address for the first packet, and includes the first L3 address as a source L3 address for the first packet. The border component shields the first L2 address from the network of switches by replacing the source L2 address for the first packet with a substitute L2 address before sending the first packet to the network of switches.Type: ApplicationFiled: July 29, 2013Publication date: November 21, 2013Applicant: Fortinet, Inc.Inventors: Bert H. Tanaka, Joseph R. Mihelich
-
Patent number: 8565115Abstract: Methods and systems for performing load balancing within an Ethernet network are provided. According to one embodiment, a set of virtual networks, into which a network has been logically divided that can be used by a first component is maintained. Each of the virtual networks is a loop-free switching path, reverse path learning network and provides a path through the network between the first component and a second component. A packet destined for the second component is received by the first component. On a packet-by-packet basis or on a per flow basis, the first component dynamically selects a particular path by selecting a virtual network for transporting the received packet that tends to balance traffic load across the virtual networks. The first component causes the received packet to be transported through the network to the second component via the particular path.Type: GrantFiled: December 22, 2012Date of Patent: October 22, 2013Assignee: Fortinet, Inc.Inventors: Bert H. Tanaka, Daniel J. Maltbie, Joseph R. Mihelich
-
Patent number: 8498293Abstract: Methods and systems for shielding layer two host addresses (e.g., MAC addresses) from a network are provided. A border component interposed between a network of switches and multiple local hosts receives from a first local host a first packet destined for a first destination host. The first local host has a first layer 2 (L2) address and a first layer 3 (L3) address associated therewith. The first packet includes the first L2 address as a source L2 address for the first packet, and includes the first L3 address as a source L3 address for the first packet. The border component shields the first L2 address from the network of switches by replacing the source L2 address for the first packet with a substitute L2 address associated with a communication channel of the border component before sending the first packet to the network of switches.Type: GrantFiled: June 7, 2011Date of Patent: July 30, 2013Assignee: Fortinet, Inc.Inventors: Bert H. Tanaka, Joseph R. Mihelich
-
Patent number: 8374089Abstract: Methods and systems for performing rate limiting are provided. According to one embodiment, multiple paths are provided between each pair of multi-path load balancing (MPLB) components within a Layer 2 network by establishing overlapping loop-free topologies in which each MPLB component is reachable by any other via each overlapping topology. A first MPLB component receives packets associated with a flow sent by a source component at a particular rate. The first MPLB component forwards the packets to a second MPLB component along a particular path in a network. A congestion metric for the particular path is determined. Based upon the congestion metric for the particular path, it is determined whether the particular path has reached a congestion threshold. In response to an affirmative determination, the source component is instructed to limit the rate at which it sends packets associated with the flow.Type: GrantFiled: July 31, 2010Date of Patent: February 12, 2013Assignee: Fortinet, Inc.Inventors: Bert H. Tanaka, Daniel J. Maltbie, Joseph R. Mihelich
-
Patent number: 8339987Abstract: Methods and systems for determining a congestion metric for a path in a network are provided. According to one embodiment, multiple paths are provided between each pair of multi-path load balancing (MPLB) components within a Layer 2 network by establishing overlapping loop-free topologies in which each MPLB component is reachable by any other via each of the overlapping topologies. A first MPLB component associated with a first network device sends a latency request packet, including a first timestamp provided by a first clock associated with the first MPLB component, to a second MPLB component associated with a second network device via the path. Responsive thereto, the first MPLB component receives, from the second MPLB component, a latency response packet, including a second timestamp provided by a second clock associated with the second MPLB component. The first MPLB component derives a one-way latency value for the path based upon the timestamps.Type: GrantFiled: July 31, 2010Date of Patent: December 25, 2012Assignee: Fortinet, Inc.Inventors: Bert H. Tanaka, Daniel J. Maltbie, Joseph R. Mihelich
-
Patent number: 8331227Abstract: Methods and systems for determining link failure in a network are provided. According to one embodiment, multiple paths are provided between each pair of multi-path load balancing (MPLB) components within a Layer 2 network by establishing overlapping loop-free topologies in which each MPLB component is reachable by any other via each loop-free topology. A first MPLB component sends latency requests to a second MPLB component via a particular path. Responsive thereto, the first MPLB component receives latency responses. Based on timestamp information in the latency responses, an estimated latency between the first and second MPLB components is determined. A link failure timeout period is derived based upon the estimated latency. An additional latency request is sent. If an additional latency response is not received by the first MPLB component prior to expiration of the link failure timeout period, then it is concluded that a link failure has occurred.Type: GrantFiled: July 31, 2010Date of Patent: December 11, 2012Assignee: Fortinet, Inc.Inventors: Bert H. Tanaka, Daniel J. Maltbie, Joseph R. Mihelich
-
Patent number: 8223634Abstract: A mechanism is disclosed for enabling load balancing to be achieved in a network. In one implementation, load balancing is implemented on a “per flow” basis. At the time that a new flow starts, a path is selected. Packets associated with the flow are thereafter sent along that particular path. As the packets associated with the flow are forwarded along the particular path, a congestion metric is determined for the particular path as well as for a set of one or more other paths. Based at least partially upon the congestion metrics, a determination is made as to whether the flow should be moved. If so, then the flow is moved to an alternate path. By determining the congestion metrics for the multiple paths, and by moving the flow in response, it is possible to adapt to changing traffic conditions to keep the loads on the paths relatively balanced.Type: GrantFiled: April 3, 2007Date of Patent: July 17, 2012Assignee: Fortinet, Inc.Inventors: Bert H. Tanaka, Daniel J. Maltbie, Joseph R. Mihelich
-
Patent number: 8130644Abstract: A mechanism is disclosed for enabling load balancing to be achieved in a loop-free switching path, reverse path learning network, such as an Ethernet network. The network is divided into a plurality of virtual networks, with each virtual network providing a different path through the network. When it comes time to send a set of information through the network, one of the plurality of virtual networks, and hence, one of the plurality of paths, is selected. The set of information is then updated to indicate the selected virtual network, and sent into the network to be transported along the selected path. With multiple paths, and with the ability to select between the multiple paths, it is possible to balance the load imposed on the multiple paths.Type: GrantFiled: June 24, 2009Date of Patent: March 6, 2012Assignee: Fortinet, Inc.Inventors: Bert H. Tanaka, Daniel J. Maltbie, Joseph R. Mihelich
-
Patent number: 8125996Abstract: Methods and systems for shielding layer two host addresses (e.g., MAC addresses) from a network are provided. According to one embodiment, a border component of a network of switches receives a first packet intended for a first host having a first L2 address and a first L3 address associated therewith. The first packet includes the first L3 address and a substitute L2 address as destination addresses. The substitute L2 address is associated with a communication channel of the border component. A data structure including information regarding an association between the first L3 address and the first L2 address is accessed by the border component. A determination is made that the destination L2 address for the first packet should be the first L2 address. A first updated packet is derived from the first packet by replacing the substitute L2 address with the first L2 address and sent to the first host.Type: GrantFiled: December 5, 2010Date of Patent: February 28, 2012Assignee: Fortinet, Inc.Inventors: Bert H. Tanaka, Joseph R. Mihelich
-
Publication number: 20110235639Abstract: Methods and systems for shielding layer two host addresses (e.g., MAC addresses) from a network are provided. A border component interposed between a network of switches and multiple local hosts receives from a first local host a first packet destined for a first destination host. The first local host has a first layer 2 (L2) address and a first layer 3 (L3) address associated therewith. The first packet includes the first L2 address as a source L2 address for the first packet, and includes the first L3 address as a source L3 address for the first packet. The border component shields the first L2 address from the network of switches by replacing the source L2 address for the first packet with a substitute L2 address associated with a communication channel of the border component before sending the first packet to the network of switches.Type: ApplicationFiled: June 7, 2011Publication date: September 29, 2011Applicant: FORTINET, INC.Inventors: Bert H. Tanaka, Joseph R. Mihelich
-
Patent number: 7957374Abstract: A mechanism is disclosed that enables layer two host addresses (e.g. a MAC addresses) to be shielded from a network. In one implementation, the mechanism updates each packet sent by the hosts into the network to indicate that the source layer two (L2) address for that packet is a shared L2 address instead of the actual L2 address of the sending host. By doing so, the mechanism exposes only the shared L2 address to the network, and shields the actual L2 addresses of the hosts from the network. The effect of this is that the switches in the network will need to store only the shared L2 address in their forwarding tables, not the actual L2 addresses of the hosts. By reducing the number of L2 addresses that need to be stored in the forwarding tables of the switches, the mechanism improves the scalability of the network.Type: GrantFiled: October 22, 2008Date of Patent: June 7, 2011Assignee: Fortinet, Inc.Inventors: Bert H. Tanaka, Joseph R. Mihelich
-
Publication number: 20110078331Abstract: Methods and systems for shielding layer two host addresses (e.g., MAC addresses) from a network are provided. According to one embodiment, a border component of a network of switches receives a first packet intended for a first host having a first L2 address and a first L3 address associated therewith. The first packet includes the first L3 address and a substitute L2 address as destination addresses. The substitute L2 address is associated with a communication channel of the border component. A data structure including information regarding an association between the first L3 address and the first L2 address is accessed by the border component. A determination is made that the destination L2 address for the first packet should be the first L2 address. A first updated packet is derived from the first packet by replacing the substitute L2 address with the first L2 address and sent to the first host.Type: ApplicationFiled: December 5, 2010Publication date: March 31, 2011Applicant: FORTINET, INC.Inventors: BERT H. TANAKA, JOSEPH R. MIHELICH
-
Publication number: 20100309811Abstract: Methods and systems for determining a congestion metric for a path in a network are provided. According to one embodiment, multiple paths are provided between each pair of multi-path load balancing (MPLB) components within a Layer 2 network by establishing overlapping loop-free topologies in which each MPLB component is reachable by any other via each of the overlapping topologies. A first MPLB component associated with a first network device sends a latency request packet, including a first timestamp provided by a first clock associated with the first MPLB component, to a second MPLB component associated with a second network device via the path. Responsive thereto, the first MPLB component receives, from the second MPLB component, a latency response packet, including a second timestamp provided by a second clock associated with the second MPLB component. The first MPLB component derives a one-way latency value for the path based upon the timestamps.Type: ApplicationFiled: July 31, 2010Publication date: December 9, 2010Applicant: FORTINET, INC.Inventors: Bert H. Tanaka, Daniel J. Maltbie, Joseph R. Mihelich