Patents by Inventor Keyur P. Patel
Keyur P. Patel has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 9912577Abstract: In one embodiment, a controller device in a computer network domain learns border gateway protocol (BGP) egress peering segments from one or more border routers of the domain, and determines a selected flow to segment route via a particular egress peering segment, the selected flow from a given routing device within the domain to a given destination of a remote domain. As such, the controller device may then instruct the given routing device to segment route the selected flow via the particular egress peering segment. In another embodiment, an egress border router shares its BGP egress peering segments, and receives a flow to segment route. The egress border router may determine, from a segment route contained within the flow, to which particular egress peering segment of the border router to segment route the flow, and forwards the flow out of the domain via the particular egress peering segment.Type: GrantFiled: March 4, 2015Date of Patent: March 6, 2018Assignee: Cisco Technology, Inc.Inventors: Clarence Filsfils, Keyur P. Patel, David D. Ward, Pierre Jean Rene François, Stefano B. Previdi
-
Patent number: 9860340Abstract: A system comprising a plurality of service nodes, a controller and a network device in communication with the controller. Each of the plurality of service nodes is configured to support one or more service functions to establish a service function chain that includes a plurality of service functions to be performed by routing traffic among the plurality of service nodes. The controller is configured to generate provisioning information for the service function chain. The provisioning information includes at least one condition upon which a service function reclassification or branching operation is to be performed by at least one service node. The network device is in communication with the controller, and is configured to distribute the provisioning information for the service function chain to the plurality of service nodes using a distributed routing protocol.Type: GrantFiled: May 26, 2017Date of Patent: January 2, 2018Assignee: Cisco Technology, Inc.Inventors: Naiming Shen, Keyur P. Patel, Carlos M. Pignataro, James N. Guichard
-
Patent number: 9781035Abstract: A method is provided in one particular example and may include obtaining routing information for a plurality of Internet Protocol (IP) addresses in a first network that natively supports a first Internet protocol, the routing information for the plurality of IP addresses in the first network further comprising an additional IP address in the first network and an indication that the additional IP address in the first network is to be used as a tunnel endpoint within the first network for receiving data destined to any of the plurality of IP addresses in the first network; and sending data destined to any one of the plurality of IP addresses in the first network to the additional IP address in the first network.Type: GrantFiled: September 1, 2015Date of Patent: October 3, 2017Assignee: Cisco Technology, Inc.Inventors: Gunter Johan Van de Velde, William Mark Townsley, Ole Troan, Keyur P. Patel
-
Publication number: 20170264713Abstract: A system comprising a plurality of service nodes, a controller and a network device in communication with the controller. Each of the plurality of service nodes is configured to support one or more service functions to establish a service function chain that includes a plurality of service functions to be performed by routing traffic among the plurality of service nodes. The controller is configured to generate provisioning information for the service function chain. The provisioning information includes at least one condition upon which a service function reclassification or branching operation is to be performed by at least one service node. The network device is in communication with the controller, and is configured to distribute the provisioning information for the service function chain to the plurality of service nodes using a distributed routing protocol.Type: ApplicationFiled: May 26, 2017Publication date: September 14, 2017Inventors: Naiming Shen, Keyur P. Patel, Carlos M. Pignataro, James N. Guichard
-
Patent number: 9723106Abstract: A system comprising a plurality of service nodes, a controller and a network device in communication with the controller. Each of the plurality of service nodes is configured to support one or more service functions to establish a service function chain that includes a plurality of service functions to be performed by routing traffic among the plurality of service nodes. The controller is configured to generate provisioning information for the service function chain. The provisioning information includes at least one condition upon which a service function reclassification or branching operation is to be performed by at least one service node. The network device is in communication with the controller, and is configured to distribute the provisioning information for the service function chain to the plurality of service nodes using a distributed routing protocol.Type: GrantFiled: August 28, 2015Date of Patent: August 1, 2017Assignee: Cisco Technology, Inc.Inventors: Naiming Shen, Keyur P. Patel, Carlos M. Pignataro, James N. Guichard
-
Patent number: 9722919Abstract: In one embodiment, a router located at an exit edge of an autonomous system (AS) receives a data packet in a data plane, and determines a destination of the data packet and an associated AS-path information to the destination. The router may then insert the AS-path information into the data packet, and forwards the data packet with the AS-path information toward the destination, such that a receiving device in a destination AS can validate whether the data packet was routed through a path that was secure from a control plane perspective based on a collection of one or more insertions of AS-path information.Type: GrantFiled: January 22, 2014Date of Patent: August 1, 2017Assignee: Cisco Technology, Inc.Inventors: Roque Gagliano, Alvaro E. Retana, Keyur P. Patel, Burjiz F. Pithawala, Ed Kern, Carlos M. Pignataro
-
Patent number: 9654482Abstract: In one embodiment, a validation server in a computer network determines that an edge router of the computer network has blocked access to a desired server address based on the edge router not having authentication information for the desired server address. In response, the server creates a white-listing policy to temporarily allow access to the desired server address at the edge router, and sends the white-listing policy to the edge router. The validation server may then proceed with performing server fetching operations to the desired server address from the validation server while the white-listing policy is in effect, and instructs the edge device to remove the white-listing policy once the server fetching operations are completed.Type: GrantFiled: January 22, 2014Date of Patent: May 16, 2017Assignee: Cisco Technology, Inc.Inventors: Roque Gagliano, Alvaro E. Retana, Keyur P. Patel
-
Patent number: 9641430Abstract: In one embodiment, a plurality of packets is sent from an origin device along a communication path toward a destination device. Each packet includes a lifespan indicator which is incrementally increased for each subsequently sent packet. A plurality of response messages are received at the origin device from a plurality of intermediate devices, respectively. A plurality of secure path objects included in the plurality of response messages, respectively, is determined. Additionally, the plurality of secure path objects are validated based on validation information accessible by the origin device. Validation results of the plurality of secure path objects are checked to determine whether a packet that is sent from the origin device and received by the destination device travels along a particular communication path as dictated by control plane information.Type: GrantFiled: January 22, 2014Date of Patent: May 2, 2017Assignee: Cisco Technology, Inc.Inventors: Roque Gagliano, Alvaro E. Retana, Keyur P. Patel, Carlos M. Pignataro
-
Publication number: 20170064039Abstract: A system comprising a plurality of service nodes, a controller and a network device in communication with the controller. Each of the plurality of service nodes is configured to support one or more service functions to establish a service function chain that includes a plurality of service functions to be performed by routing traffic among the plurality of service nodes. The controller is configured to generate provisioning information for the service function chain. The provisioning information includes at least one condition upon which a service function reclassification or branching operation is to be performed by at least one service node. The network device is in communication with the controller, and is configured to distribute the provisioning information for the service function chain to the plurality of service nodes using a distributed routing protocol.Type: ApplicationFiled: August 28, 2015Publication date: March 2, 2017Inventors: Naiming Shen, Keyur P. Patel, Carlos M. Pignataro, James N. Guichard
-
Patent number: 9338080Abstract: In one embodiment, an edge router receives an update message from a neighboring EBGP edge router, creates a modified origin validation state extended community, prepares a modified update message by attaching the modified origin validation state extended community to the update message, and sends the modified update message to a route reflector. The route reflector receives the modified update message, performs a prefix origin validation and a path validation based on the information contained in the modified update message, prepares a validation message based on the prefix origin validation and path validation, and sends the validation message to the edge router and to all other neighboring IBGP edge routers. The edge routers receive the validation message from the route reflector, parse the validation message, and inherit a validation state parsed from the validation message.Type: GrantFiled: September 14, 2012Date of Patent: May 10, 2016Assignee: Cisco Technology, Inc.Inventors: Keyur P. Patel, Burjiz F. Pithawala, Ed Kern
-
Patent number: 9270536Abstract: In one embodiment, a router selects a particular peer from an original update group used with an Exterior Gateway Protocol (EGP) such as Border Gateway Protocol (BGP). The original update group includes a plurality of peers of the router that share a same outbound policy and that receive common update messages, from the router, of routing table information. The router determines that the particular peer is a potential slow peer based on a first type of indicia, wherein a slow peer is a peer that cannot keep up with a rate at which the router generates update messages over a prolonged period of time. The router confirms that one or more second types of indicia are consistent with the particular peer being a slow peer. In response to the confirmation, the router determines that the particular peer is a slow peer.Type: GrantFiled: March 31, 2014Date of Patent: February 23, 2016Assignee: CISCO TECHNOLOGY, INC.Inventors: Balaji Pitta Venkatachalapathy, Isidor Kouvelas, Keyur P. Patel, Anantha Ramaiah
-
Publication number: 20150372913Abstract: A method is provided in one particular example and may include obtaining routing information for a plurality of Internet Protocol (IP) addresses in a first network that natively supports a first Internet protocol, the routing information for the plurality of IP addresses in the first network further comprising an additional IP address in the first network and an indication that the additional IP address in the first network is to be used as a tunnel endpoint within the first network for receiving data destined to any of the plurality of IP addresses in the first network; and sending data destined to any one of the plurality of IP addresses in the first network to the additional IP address in the first network.Type: ApplicationFiled: September 1, 2015Publication date: December 24, 2015Applicant: CISCO TECHNOLOGY, INC.Inventors: Gunter Johan Van de Velde, William Mark Townsley, Ole Troan, Keyur P. Patel
-
Patent number: 9191318Abstract: A method is provided in one particular example and may include obtaining routing information for a natively supported Internet protocol of a first network that uses a first routing policy; identifying a route with a tunnel endpoint using the routing information, where the tunnel endpoint supports transitioning between a plurality of Internet protocols; generating tunnel information for the route; and sending the route and the tunnel information to a network element in a second network that uses a second routing policy.Type: GrantFiled: April 29, 2013Date of Patent: November 17, 2015Assignee: CISCO TECHNOLOGY, INC.Inventors: Gunter Johan Van de Velde, William Mark Townsley, Ole Troan, Keyur P. Patel
-
Publication number: 20150304206Abstract: In one embodiment, a controller device in a computer network domain learns border gateway protocol (BGP) egress peering segments from one or more border routers of the domain, and determines a selected flow to segment route via a particular egress peering segment, the selected flow from a given routing device within the domain to a given destination of a remote domain. As such, the controller device may then instruct the given routing device to segment route the selected flow via the particular egress peering segment. In another embodiment, an egress border router shares its BGP egress peering segments, and receives a flow to segment route. The egress border router may determine, from a segment route contained within the flow, to which particular egress peering segment of the border router to segment route the flow, and forwards the flow out of the domain via the particular egress peering segment.Type: ApplicationFiled: March 4, 2015Publication date: October 22, 2015Applicant: CISCO TECHNOLOGY, INC.Inventors: Clarence Filsfils, Keyur P. Patel, David D. Ward, Pierre Jean Rene François, Stefano B. Previdi
-
Publication number: 20150207818Abstract: In one embodiment, a validation server in a computer network determines that an edge router of the computer network has blocked access to a desired server address based on the edge router not having authentication information for the desired server address. In response, the server creates a white-listing policy to temporarily allow access to the desired server address at the edge router, and sends the white-listing policy to the edge router. The validation server may then proceed with performing server fetching operations to the desired server address from the validation server while the white-listing policy is in effect, and instructs the edge device to remove the white-listing policy once the server fetching operations are completed.Type: ApplicationFiled: January 22, 2014Publication date: July 23, 2015Applicant: CISCO TECHNOLOGY, INC.Inventors: Roque Gagliano, Alvaro E. Retana, Keyur P. Patel
-
Publication number: 20150207728Abstract: In one embodiment, a plurality of packets is sent from an origin device along a communication path toward a destination device. Each packet includes a lifespan indicator which is incrementally increased for each subsequently sent packet. A plurality of response messages are received at the origin device from a plurality of intermediate devices, respectively. A plurality of secure path objects included in the plurality of response messages, respectively, is determined. Additionally, the plurality of secure path objects are validated based on validation information accessible by the origin device. Validation results of the plurality of secure path objects are checked to determine whether a packet that is sent from the origin device and received by the destination device travels along a particular communication path as dictated by control plane information.Type: ApplicationFiled: January 22, 2014Publication date: July 23, 2015Applicant: CISCO TECHNOLOGY, INC.Inventors: Roque Gagliano, Alvaro E. Retana, Keyur P. Patel, Carlos M. Pignataro
-
Publication number: 20150207729Abstract: In one embodiment, a router located at an exit edge of an autonomous system (AS) receives a data packet in a data plane, and determines a destination of the data packet and an associated AS-path information to the destination. The router may then insert the AS-path information into the data packet, and forwards the data packet with the AS-path information toward the destination, such that a receiving device in a destination AS can validate whether the data packet was routed through a path that was secure from a control plane perspective based on a collection of one or more insertions of AS-path information.Type: ApplicationFiled: January 22, 2014Publication date: July 23, 2015Applicant: CISCO TECHNOLOGY, INC.Inventors: Roque Gagliano, Alvaro E. Retana, Keyur P. Patel, Burjiz F. Pithawala, Ed Kern, Carlos M. Pignataro
-
Patent number: 8995446Abstract: In one embodiment, a router may store a “neighbor table” for storing the router's Border Gateway Protocol (BGP) neighbors. Each neighbor corresponds to a virtual routing and forwarding (VRF) instance and associated VRF identifier (ID), and the neighbor table indexes the BGP neighbors according to their respective VRF ID. In response to initiating a BGP update generation for a BGP table having BGP network entries, each entry having an associated VRF ID that indicates to which VRF instance the BGP entry is to be advertised, a single lookup operation for each BGP entry is performed into the neighbor table based on the corresponding VRF ID of each BGP entry to determine a corresponding VRF update group of indexed BGP neighbors to which each BGP entry is to be advertised. Accordingly, a shared BGP update may be generated for each VRF update group for the initiated BGP update generation.Type: GrantFiled: December 21, 2009Date of Patent: March 31, 2015Assignee: Cisco Technology, Inc.Inventors: Keyur P. Patel, Nitin Kumar
-
Patent number: 8897311Abstract: In an embodiment, a method is provided at which it is used in a device. In this method, a logical identifier assigned to the device is identified and additionally, a mesh group identifier identifying a mesh group is identified. The logical identifier and the mesh group identifier are encoded in a routing message, which is used in an inter-domain routing protocol, and this routing message is transmitted to a reflector device in communication with the device. The reflector device is configured to transmit the routing message to a remote device included in the computer network.Type: GrantFiled: February 3, 2012Date of Patent: November 25, 2014Assignee: Cisco Technology, Inc.Inventors: Rajiv Asati, David Delano Ward, Russell I. White, Keyur P. Patel
-
Publication number: 20140211651Abstract: In one embodiment, a router selects a particular peer from an original update group used with an Exterior Gateway Protocol (EGP) such as Border Gateway Protocol (BGP). The original update group includes a plurality of peers of the router that share a same outbound policy and that receive common update messages, from the router, of routing table information. The router determines that the particular peer is a potential slow peer based on a first type of indicia, wherein a slow peer is a peer that cannot keep up with a rate at which the router generates update messages over a prolonged period of time. The router confirms that one or more second types of indicia are consistent with the particular peer being a slow peer. In response to the confirmation, the router determines that the particular peer is a slow peer.Type: ApplicationFiled: March 31, 2014Publication date: July 31, 2014Applicant: Cisco Technology, Inc.Inventors: Balaji Pitta Venkatachalapathy, Isidor Kouvelas, Keyur P. Patel, Anantha Ramaiah