Patents by Inventor Krishna Sankaran

Krishna Sankaran has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Publication number: 20200220873
    Abstract: Example approaches for authenticating a device are described, In an example, a category, from a plurality of categories, is identified for a device, based on data packets exchanged between the device and a network element. The category is indicative of operational capabilities of the device. Based on the category identified for the device, an authentication order for the device is determined. The authentication order is indicative of a sequence in which a set of authentication tests is to be executed for authentication of the device.
    Type: Application
    Filed: January 9, 2019
    Publication date: July 9, 2020
    Inventors: Badrish Havaralu Rama Chandra Adiga, Balaji Sankaran, Vinay Kumar Vishwakarma, Krishna Mohan Elluru, Shantha Kumara
  • Patent number: 10148456
    Abstract: A method and apparatus for connecting multiple customer sites over a wide area network (WAN) using an overlay network is described. In one embodiment of the invention, each one of multiple customer edge (CE) routers establishes a Border Gateway Protocol (BGP) session with one or more BGP route reflectors and announces their private IP network prefixes and one or more transport IP addresses to reach that CE router. The BGP route reflector(s) reflect those IP network prefixes and the one or more transport IP addresses to reach that specific CE router to the other CE routers. The CE routers receive those reflected IP network prefixes and the corresponding transport IP address(es) to reach that CE router in which those IP network prefixes belong and register them in their corresponding routing/forwarding data structures. In this way, the CE routers learn how to reach each other.
    Type: Grant
    Filed: April 10, 2017
    Date of Patent: December 4, 2018
    Assignee: VERSA NETWORKS, INC.
    Inventors: Apurva Mehta, Shivaprakash Shenoy, Ramanarayanan Ramakrishnan, Krishna Sankaran
  • Patent number: 9853937
    Abstract: In general, techniques are described for steering data traffic for a subscriber session from a network interface of a wireless access gateway to an anchoring one of a plurality of forwarding units of the wireless access gateway using a layer 2 (L2) address of the data traffic. For example, a wireless access gateway for a wireless local area network (WLAN) access network is described as having a decentralized data plane that includes multiple forwarding units for implementing subscriber sessions. Each forwarding unit may present a network interface for sending and receiving network packets and includes packet processing capabilities to enable subscriber data packet processing to perform the functionality of the wireless access gateway. The techniques enable steering data traffic for a given subscriber session to a particular one of the forwarding units of the wireless access gateway using an L2 address of the data traffic.
    Type: Grant
    Filed: October 31, 2016
    Date of Patent: December 26, 2017
    Assignee: Juniper Networks, Inc.
    Inventors: Krishna Sankaran, Huiyang Yang, Santosh Gupta, Prasad Chigurupati, Bin William Hong
  • Publication number: 20170214547
    Abstract: A method and apparatus for connecting multiple customer sites over a wide area network (WAN) using an overlay network is described. In one embodiment of the invention, each one of multiple customer edge (CE) routers establishes a Border Gateway Protocol (BGP) session with one or more BGP route reflectors and announces their private IP network prefixes and one or more transport IP addresses to reach that CE router. The BGP route reflector(s) reflect those IP network prefixes and the one or more transport IP addresses to reach that specific CE router to the other CE routers. The CE routers receive those reflected IP network prefixes and the corresponding transport IP address(es) to reach that CE router in which those IP network prefixes belong and register them in their corresponding routing/forwarding data structures. In this way, the CE routers learn how to reach each other.
    Type: Application
    Filed: April 10, 2017
    Publication date: July 27, 2017
    Inventors: Apurva Mehta, Shivaprakash Shenoy, Ramanarayanan Ramakrishnan, Krishna Sankaran
  • Patent number: 9621460
    Abstract: A method and apparatus for connecting multiple customer sites over a wide area network (WAN) using an overlay network is described. In one embodiment of the invention, each one of multiple customer edge (CE) routers establishes a Border Gateway Protocol (BGP) session with one or more BGP route reflectors and announces their private IP network prefixes and one or more transport IP addresses to reach that CE router. The BGP route reflector(s) reflect those IP network prefixes and the one or more transport IP addresses to reach that specific CE router to the other CE routers. The CE routers receive those reflected IP network prefixes and the corresponding transport IP address(es) to reach that CE router in which those IP network prefixes belong and register them in their corresponding routing/forwarding data structures. In this way, the CE routers learn how to reach each other.
    Type: Grant
    Filed: January 8, 2014
    Date of Patent: April 11, 2017
    Assignee: VERSA NETWORKS, INC.
    Inventors: Apurva Mehta, Shivaprakash Shenoy, Ramanarayanan Ramakrishnan, Krishna Sankaran
  • Patent number: 9622143
    Abstract: In general, techniques are described for using virtual local area networks (VLANs) to facilitate packet forwarding between wireless endpoint devices attached to a wireless local area network (WLAN) access network and one or more mobile gateways providing access to packet data network services. For example, a wireless access gateway includes an upstream interface for a mobility tunnel to a mobile gateway of a mobile service provider network and a downstream interface for a WLAN access network. The wireless access gateway receives a packet from the mobile gateway by the upstream interface. The wireless access gateway determines, based at least on the mobility tunnel, a VLAN of the WLAN access network that is uniquely associated in the wireless access gateway with a combination of the APN associated with the mobility tunnel and the mobile gateway. The wireless access gateway then forwards, to a wireless endpoint device, the packet on the VLAN.
    Type: Grant
    Filed: August 1, 2013
    Date of Patent: April 11, 2017
    Assignee: Juniper Networks, Inc.
    Inventors: Krishna Sankaran, Prasad Chigurupati, Pradip De, Santosh Gupta, Rajashekhar Reddy
  • Patent number: 9485196
    Abstract: In general, techniques are described for steering data traffic for a subscriber session from a network interface of a wireless access gateway to an anchoring one of a plurality of forwarding units of the wireless access gateway using a layer 2 (L2) address of the data traffic. For example, a wireless access gateway for a wireless local area network (WLAN) access network is described as having a decentralized data plane that includes multiple forwarding units for implementing subscriber sessions. Each forwarding unit may present a network interface for sending and receiving network packets and includes packet processing capabilities to enable subscriber data packet processing to perform the functionality of the wireless access gateway. The techniques enable steering data traffic for a given subscriber session to a particular one of the forwarding units of the wireless access gateway using an L2 address of the data traffic.
    Type: Grant
    Filed: August 1, 2013
    Date of Patent: November 1, 2016
    Assignee: Juniper Networks, Inc.
    Inventors: Krishna Sankaran, Huiyang Yang, Santosh Gupta, Prasad Chigurupati, Bin W. Hong
  • Patent number: 9166929
    Abstract: In general, techniques are described that facilitate scalable wholesale layer two (L2) connectivity between customers and service providers and a demarcation between the L2 wholesale network and one or more ISPs with which customers communicate L2 PDUs. In one example, a network device receives PDU having both a service identifier identifying a service virtual local area network (SVLAN) and a customer identifier identifying a customer VLAN (CVLAN). A virtual switch determines whether an entry of a L2 learning table is associated with both the service identifier and the customer identifier of the PDU. When no such entry exists, a VLAN learning module updates the L2 learning table to create a new entry that maps to a network device interface and is associated with both the service identifier of the PDU and a plurality of customer identifiers that includes the customer identifier of the PDU.
    Type: Grant
    Filed: March 17, 2014
    Date of Patent: October 20, 2015
    Assignee: Juniper Networks, Inc.
    Inventors: Prakash Kamath, Apurva Mehta, Debi Prasad Sahoo, Jagadish Grandhi, Krishna Sankaran, Moojin Jeong
  • Patent number: 8949413
    Abstract: In general, techniques are described for selectively applying and reusing filters stored in a router. In one example, a method includes receiving a network access request from a first user. The method also includes selecting a candidate rule group associated with the packet flow, wherein the candidate rule group comprises one or more currently deployed rules of an existing rule group on the computing device that are currently installed within a forwarding plane and are being applied by the forwarding plane to network traffic associated with a second user. The method also includes installing a new rule group comprising the one or more currently deployed rules of the existing rule group and one or more new rules associated with the first user and not currently installed within a forwarding plane. The method also includes applying each rule of the new rule group to network traffic associated with the first user.
    Type: Grant
    Filed: June 30, 2011
    Date of Patent: February 3, 2015
    Assignee: Juniper Networks, Inc.
    Inventors: Balamurugan Ramaraj, Gopi Krishna, Ananda Sathyanarayana, Apurva Mehta, Krishna Sankaran, Murtuza Attarwala
  • Patent number: 8855071
    Abstract: In general, techniques are described for handling errors in subscriber session management within mobile networks. A downstream mobile gateway comprising a forwarding unit and a service unit may implement the techniques. The forwarding unit receives a packet that includes a destination address for a subscriber and a tunnel endpoint identifier (TEID). The service unit determines whether the TEID is associated with one of a number of subscriber records that store session data for current sessions associated with subscriber devices to communicate with the mobile network. In response to determining that the TEID is not associated with one of the subscriber records, the service unit generates a message that includes the TEID and the destination address and indicates that the downstream mobile gateway has determined that the TEID is not associated with one of the subscriber records. The forwarding unit then sends the message to the upstream mobile gateway.
    Type: Grant
    Filed: January 4, 2012
    Date of Patent: October 7, 2014
    Assignee: Juniper Networks, Inc.
    Inventors: Krishna Sankaran, Sureshkannan Duraisamy, Himanshu Shah, Venkatesh Gota, Venkatesan Natarajan
  • Publication number: 20140198794
    Abstract: A method and apparatus for connecting multiple customer sites over a wide area network (WAN) using an overlay network is described. In one embodiment of the invention, each one of multiple customer edge (CE) routers establishes a Border Gateway Protocol (BGP) session with one or more BGP route reflectors and announces their private IP network prefixes and one or more transport IP addresses to reach that CE router. The BGP route reflector(s) reflect those IP network prefixes and the one or more transport IP addresses to reach that specific CE router to the other CE routers. The CE routers receive those reflected IP network prefixes and the corresponding transport IP address(es) to reach that CE router in which those IP network prefixes belong and register them in their corresponding routing/forwarding data structures. In this way, the CE routers learn how to reach each other.
    Type: Application
    Filed: January 8, 2014
    Publication date: July 17, 2014
    Inventors: Apurva Mehta, Shivaprakash Shenoy, Ramanarayanan Ramakrishnan, Krishna Sankaran
  • Patent number: 8675664
    Abstract: In general, techniques are described that facilitate scalable wholesale layer two (L2) connectivity between customers and service providers and a demarcation between the L2 wholesale network and one or more ISPs with which customers communicate L2 PDUs. In one example, a network device receives PDU having both a service identifier identifying a service virtual local area network (SVLAN) and a customer identifier identifying a customer VLAN (CVLAN). A virtual switch determines whether an entry of a L2 learning table is associated with both the service identifier and the customer identifier of the PDU. When no such entry exists, a VLAN learning module updates the L2 learning table to create a new entry that maps to a network device interface and is associated with both the service identifier of the PDU and a plurality of customer identifiers that includes the customer identifier of the PDU.
    Type: Grant
    Filed: August 3, 2011
    Date of Patent: March 18, 2014
    Assignee: Juniper Networks, Inc.
    Inventors: Prakash Kamath, Apurva Mehta, Debi Prasad Sahoo, Jagadish Grandhi, Krishna Sankaran, Moojin Jeong
  • Patent number: 8650279
    Abstract: In general, techniques are described for decentralizing handling of subscriber sessions within a gateway device of a mobile network. A mobile network gateway comprises a data plane having a plurality of forwarding components to receive session requests from a mobile service provider network in which the mobile network gateway resides. A control plane comprises a plurality of distributed subscriber management service units coupled by a switch fabric to the data plane. Each of the subscriber management service units serve as anchors for communication sessions for mobile devices that are accessing one or more packet data network by the mobile service provider network. A request delegation module within each of the forwarding components directs the session requests to the subscriber management service units unit to provide management services for the sessions requested by the mobile device.
    Type: Grant
    Filed: June 29, 2011
    Date of Patent: February 11, 2014
    Assignee: Juniper Networks, Inc.
    Inventors: Apurva Mehta, Srinivasa Chaganti, Gopi Krishna, Krishna Sankaran, Sanjiv Doshi
  • Patent number: 8619788
    Abstract: In general, techniques are described for performing scalable layer two (L2) learning in computer networks. A network device that includes interfaces and a control unit may implement these techniques. The control unit stores a L2 learning table having entries that are each associated with a service tag identifying a service virtual local area network. In response to receiving a packet that includes a service tag, the interfaces access the L2 learning table using the service tag to determine whether any of the entries of the L2 learning table are associated with the service tag. When none of the entries are associated with the service tag, the L2 learning module updates the L2 learning table to create a new entry defining an association between the one of the interfaces that received the packet and the service tag.
    Type: Grant
    Filed: October 11, 2010
    Date of Patent: December 31, 2013
    Assignee: Juniper Networks, Inc.
    Inventors: Krishna Sankaran, Sanjiv Doshi, Jagadish Grandhi, Apurva Mehta, Prakash Kamath, Huaxiang Sun, Shivaprakash Shenoy
  • Patent number: 8520615
    Abstract: In general, the invention is directed to techniques for breaking out mobile data traffic from a mobile service provider network to a packet data network. For example, as described herein, a breakout gateway device (BGW) receives a first service request and data traffic for a data session associated with the requested service from a mobile device in a radio access network, wherein the first service request is addressed to a serving node of a mobile core network of the mobile service provider network, and wherein the data traffic is destined for the PDN. A control packet analysis module forwards the first service request from the breakout gateway device to the serving node. A breakout module of the BGW bypasses the serving node by sending the data traffic from the breakout gateway device to the PDN on a data path from the radio access network to the PDN.
    Type: Grant
    Filed: August 10, 2010
    Date of Patent: August 27, 2013
    Assignee: Juniper Networks, Inc.
    Inventors: Apurva Mehta, Kumar Mehta, Krishna Sankaran, Sanjiv Doshi, Srinivasa Chaganti, Bin Hong
  • Publication number: 20130007237
    Abstract: In general, techniques are described for decentralizing handling of subscriber sessions within a gateway device of a mobile network. A mobile network gateway comprises a data plane having a plurality of forwarding components to receive session requests from a mobile service provider network in which the mobile network gateway resides. A control plane comprises a plurality of distributed subscriber management service units coupled by a switch fabric to the data plane. Each of the subscriber management service units serve as anchors for communication sessions for mobile devices that are accessing one or more packet data network by the mobile service provider network. A request delegation module within each of the forwarding components directs the session requests to the subscriber management service units unit to provide management services for the sessions requested by the mobile device.
    Type: Application
    Filed: June 29, 2011
    Publication date: January 3, 2013
    Applicant: JUNIPER NETWORKS, INC.
    Inventors: Apurva Mehta, Srinivasa Chaganti, Gopi Krishna, Krishna Sankaran, Sanjiv Doshi
  • Publication number: 20130007286
    Abstract: In general, techniques are described for dynamically redirecting session requests received with a mobile network gateway to another gateway of the mobile network. Heterogeneous static and dynamic capabilities among gateways of the mobile network lead some gateways unable to service a particular session requested by a wireless device attached to the mobile network. A set of policies configured within the gateways by a mobile network operator and applied by the gateway enable the gateway to identify and offload session requests to another gateway of the mobile network that has the present capability to service the session. The policies may define conditions and actions to provide flexible routing of the user session to an appropriate gateway.
    Type: Application
    Filed: June 29, 2011
    Publication date: January 3, 2013
    Applicant: JUNIPER NETWORKS, INC.
    Inventors: Apurva Mehta, Bart Brinckman, Bin W. Hong, Huiyang Yang, Krishna Sankaran, Kumar Mehta
  • Publication number: 20130007257
    Abstract: In general, techniques are described for selectively applying and reusing filters stored in a router. In one example, a method includes receiving a network access request from a first user. The method also includes selecting a candidate rule group associated with the packet flow, wherein the candidate rule group comprises one or more currently deployed rules of an existing rule group on the computing device that are currently installed within a forwarding plane and are being applied by the forwarding plane to network traffic associated with a second user. The method also includes installing a new rule group comprising the one or more currently deployed rules of the existing rule group and one or more new rules associated with the first user and not currently installed within a forwarding plane. The method also includes applying each rule of the new rule group to network traffic associated with the first user.
    Type: Application
    Filed: June 30, 2011
    Publication date: January 3, 2013
    Applicant: JUNIPER NETWORKS, INC.
    Inventors: Balamurugan Ramaraj, Gopi Krishna, Ananda Sathyanarayana, Apurva Mehta, Krishna Sankaran, Murtuza Attarwala
  • Patent number: 8295291
    Abstract: A device includes one or more network interfaces to receive layer two (L2) communications from an L2 network having a plurality of L2 devices; and a control unit to forward the L2 communications in accordance with forwarding information defining a plurality of flooding next hops. Each of the flooding next hops stored by the control unit specifies a set of the L2 devices within the L2 network to which to forward L2 communications in accordance with a plurality of trees, where each of the trees has a different one of the plurality of L2 devices as a root node. The control unit of the device computes a corresponding one of flooding next hops for each of the trees using only a subset of the trees without computing all of the trees having all of the different L2 network devices as root nodes.
    Type: Grant
    Filed: December 21, 2009
    Date of Patent: October 23, 2012
    Assignee: Juniper Networks, Inc.
    Inventors: Ramasamy Ramanathan, Apurva Mehta, Rama Ramakrishnan, Gopi Krishna, Srinivasa Chaganti, Krishna Sankaran, Jagadish Grandhi
  • Patent number: 8199753
    Abstract: Methods, apparatus, and products are disclosed for forwarding frames in a computer network using shortest path bridging (‘SPB’). The network includes multiple bridges, and each edge bridge is assigned a unique service virtual local area network (‘VLAN’) identifier. One of the bridges receives a frame for transmission to a destination node. The received frame includes a service VLAN identifier for the ingress bridge through which the frame entered the network and a customer VLAN identifier. The one bridge identifies an SPB forwarding tree in dependence upon the service VLAN identifier. The SPB forwarding tree specifies a shortest route in the network from the ingress bridge through the one bridge to the other bridges in the network. The one bridge then forwards the received frame to the egress bridge without MAC-in-MAC encapsulation in dependence upon the SPB forwarding tree and the customer VLAN identifier.
    Type: Grant
    Filed: June 5, 2009
    Date of Patent: June 12, 2012
    Assignee: Juniper Networks, Inc.
    Inventors: Apurva Mehta, Kumar Mehta, Krishna Sankaran, Rajagopalan Subbiah, Ramanarayanan Ramakrishnan, Bin William Hong, Ananda Sathyanarayana