Patents by Inventor Lorand Jakab
Lorand Jakab has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Publication number: 20240214319Abstract: Techniques for signaling, to a network controller, a connection state of a proxy for use by the network controller to correlate proxied-connections with application pairs for traffic optimization. In some examples, the techniques may include receiving, at a controller of a network, control plane information associated with a proxy that manages a proxied flow through the network. Based on the control plane information, the controller may determine that application traffic is flowing across the proxied flow between a first application and a second application. In this way, based at least in part on a policy associated with at least one of the first application or the second application, the controller may reconfigure a network element of the network for optimizing the application traffic flowing across the proxied flow.Type: ApplicationFiled: May 25, 2023Publication date: June 27, 2024Inventors: Alberto Rodriguez Natal, John A. Joyce, Saswat Praharaj, Timothy James Swanson, Lorand Jakab, Fabio R. Maino, Pradeep Kumar Kathail
-
Publication number: 20240205094Abstract: An application monitoring system for collecting, utilizing, and/or exchanging state information (e.g., application state and network state), configuration information, and/or other information to make network optimizations for applications orchestrated by an application orchestration system. The application monitoring system may include an application orchestrator discovery component that is configured to determine a presence of an application orchestration system for orchestrating applications. The application monitoring system may also include one or more application watch components for monitoring, among other things, application state, application configuration, and/or application replicas. The application monitoring system may further include a network state propagation component configured to provide network state information to the orchestration system.Type: ApplicationFiled: February 29, 2024Publication date: June 20, 2024Inventors: Alberto Rodriguez-Natal, Saswat Praharaj, Lorand Jakab, Fabio R. Maino, Pradeep Kumar Kathail, Vivek Agarwal, Ram Dular Singh
-
Publication number: 20240163226Abstract: Techniques for tracking compute capacity of a scalable application service platform to perform dynamic bandwidth allocation for data flows associated with applications hosted by the service platform are disclosed. Some of the techniques may include allocating a first amount of bandwidth of a physical underlay of a network for data flows associated with an application. The techniques may also include receiving, from a scalable application service hosting the application, an indication of an amount of computing resources of the scalable application service that are allocated to host the application. Based at least in part on the indications, a second amount of bandwidth of the physical underlay to allocate for the data flows may be determined. The techniques may also include allocating the second amount of bandwidth of the physical underlay of the network for the data flows associated with the application.Type: ApplicationFiled: January 24, 2024Publication date: May 16, 2024Inventors: Lorand Jakab, Alberto Rodriguez-Natal, Fabio R. Maino, John G. Apostolopoulos
-
Patent number: 11943150Abstract: Techniques for tracking compute capacity of a scalable application service platform to perform dynamic bandwidth allocation for data flows associated with applications hosted by the service platform are disclosed. Some of the techniques may include allocating a first amount of bandwidth of a physical underlay of a network for data flows associated with an application. The techniques may also include receiving, from a scalable application service hosting the application, an indication of an amount of computing resources of the scalable application service that are allocated to host the application. Based at least in part on the indications, a second amount of bandwidth of the physical underlay to allocate for the data flows may be determined. The techniques may also include allocating the second amount of bandwidth of the physical underlay of the network for the data flows associated with the application.Type: GrantFiled: January 13, 2021Date of Patent: March 26, 2024Assignee: CISCO TECHNOLOGY, INC.Inventors: Lorand Jakab, Alberto Rodriguez Natal, Fabio R. Maino, John G. Apostolopoulos
-
Patent number: 11888752Abstract: Techniques for using application network requirements and/or telemetry information from a first networking technology to enhance operation of a second networking technology and optimize wide area network traffic are described herein. The techniques may include establishing a communication network for use by applications of a scalable application service platform, the communication network including a first networking technology and a second networking technology. In this way, a request to establish a connection for use by an application may be received by the first networking technology. The request may include an indication of a threshold service level of the connection. In response to the request, the first networking technology may determine whether the second networking technology is capable of hosting the connection.Type: GrantFiled: September 2, 2021Date of Patent: January 30, 2024Assignee: Cisco Technology, Inc.Inventors: Loránd Jakab, Alberto Rodriguez-Natal, Fabio R. Maino, Timothy James Swanson, John Joyce
-
Publication number: 20230328038Abstract: Techniques for using proxies with overprovisioned IP addresses to demultiplex data flows, which may otherwise look the same at L7, into multiple subflows for L3 policy enforcement without having to modify an underlying L3 network. The techniques may include establishing a subflow through a network between a first proxy and a second proxy, the subflow associated with a specific policy. In some examples, the first proxy node may receive an encrypted packet that is to be sent through the network and determine, based at least in part on accessing an encrypted application layer of the packet, a specific application to which the packet is to be sent. The first proxy node may then alter an IP address included in the packet to cause the packet to be sent through the network via the subflow such that the packet is handled according to the specific policy.Type: ApplicationFiled: April 12, 2022Publication date: October 12, 2023Inventors: Alberto Rodriguez-Natal, Lorand Jakab, Fabio R. Maino
-
Publication number: 20230300059Abstract: Techniques for automating traffic optimizations for egress traffic of an application orchestration system that is being sent over a network to a remote service. In examples, the techniques may include receiving, at a controller of the network, an egress traffic definition associated with egress traffic of an application hosted on the application orchestration system, the egress traffic definition indicating that the egress traffic is to be sent to the remote service. Based at least in part on the egress traffic definition, the controller may determine a networking path through the network or outside of the network that is optimized for sending the egress traffic to the remote service. The controller may also cause the egress traffic to be sent to the remote service via the optimized networking path.Type: ApplicationFiled: August 18, 2022Publication date: September 21, 2023Inventors: Alberto Rodriguez Natal, Saswat Praharaj, Lorand Jakab, Fabio R. Maino, Pradeep Kumar Kathail
-
Publication number: 20230261999Abstract: In one embodiment, a device of a software-defined wide area network (SD-WAN) receives, from a cloud-native application, contextual data for the cloud-native application that identifies microservices of the cloud-native application. The device translates the contextual data for the cloud-native application into a network policy for traffic in the SD-WAN associated with the cloud-native application. The device applies the network policy to a traffic flow in the SD-WAN between an endpoint and a particular microservice of the cloud-native application.Type: ApplicationFiled: April 26, 2023Publication date: August 17, 2023Inventors: Sridhar Subramanian, Fabio Rodolfo Maino, Alberto Rodriguez Natal, Vijoy Anand Pandey, Edward A. Warnicke, John Andrew Joyce, Timothy James Swanson, Loránd Jakab
-
Patent number: 11665095Abstract: In one embodiment, a device of a software-defined wide area network (SD-WAN) receives, from a cloud-native application, contextual data for the cloud-native application that identifies microservices of the cloud-native application. The device translates the contextual data for the cloud-native application into a network policy for traffic in the SD-WAN associated with the cloud-native application. The device applies the network policy to a traffic flow in the SD-WAN between an endpoint and a particular microservice of the cloud-native application.Type: GrantFiled: August 3, 2020Date of Patent: May 30, 2023Assignee: Cisco Technology, Inc.Inventors: Sridhar Subramanian, Fabio Rodolfo Maino, Alberto Rodriguez Natal, Vijoy Anand Pandey, Edward A. Warnicke, John Andrew Joyce, Timothy James Swanson, Loránd Jakab
-
Patent number: 11647019Abstract: A method includes generating, by an internal segmentation orchestrator, a key to cipher/decipher a cryptographic segmentation tag used by an untrusted device, transmitting the key to an external segmentation orchestrator, transmitting the cryptographic segmentation tag to the external segmentation orchestrator and provisioning a trusted network edge with the key and optionally the cryptographic segmentation tag. The method can also include onboarding, based on the key and the cryptographic segmentation tag, the untrusted device, wherein the untrusted device receives the cryptographic segmentation tag from the external segmentation orchestrator.Type: GrantFiled: October 16, 2019Date of Patent: May 9, 2023Assignee: Cisco Technology, Inc.Inventors: Alberto Rodriguez Natal, Mikhail Davidov, Lorand Jakab, Richard James Smith, Fabio Maino
-
Publication number: 20230069689Abstract: Techniques for using application network requirements and/or telemetry information from a first networking technology to enhance operation of a second networking technology and optimize wide area network traffic are described herein. The techniques may include establishing a communication network for use by applications of a scalable application service platform, the communication network including a first networking technology and a second networking technology. In this way, a request to establish a connection for use by an application may be received by the first networking technology. The request may include an indication of a threshold service level of the connection. In response to the request, the first networking technology may determine whether the second networking technology is capable of hosting the connection.Type: ApplicationFiled: September 2, 2021Publication date: March 2, 2023Inventors: Loránd Jakab, Alberto Rodriguez-Natal, Fabio R. Maino, Timothy James Swanson, John Joyce
-
Publication number: 20220116337Abstract: Techniques for tracking compute capacity of a scalable application service platform to perform dynamic bandwidth allocation for data flows associated with applications hosted by the service platform are disclosed. Some of the techniques may include allocating a first amount of bandwidth of a physical underlay of a network for data flows associated with an application. The techniques may also include receiving, from a scalable application service hosting the application, an indication of an amount of computing resources of the scalable application service that are allocated to host the application. Based at least in part on the indications, a second amount of bandwidth of the physical underlay to allocate for the data flows may be determined. The techniques may also include allocating the second amount of bandwidth of the physical underlay of the network for the data flows associated with the application.Type: ApplicationFiled: January 13, 2021Publication date: April 14, 2022Inventors: Lorand Jakab, Alberto Rodriguez Natal, Fabio R. Maino, John G. Apostolopoulos
-
Patent number: 11233743Abstract: The present technology pertains to a system and method for extending enterprise networks' trusted policy frameworks to cloud-native applications. The present technology comprises sending, by an enterprise network controller, a first communication to a service mesh orchestrator for a service mesh, wherein the first communication informs the service mesh orchestrator of traffic segmentation policies to be applied to traffic originating at an enterprise network and of layer 7 extension headers which correspond to the enterprise network traffic segmentation policies.Type: GrantFiled: April 3, 2020Date of Patent: January 25, 2022Assignee: CISCO TECHNOLOGY, INC.Inventors: Alberto Rodriguez Natal, Fabio Maino, Bradford Pielech, Richard James Smith, Mikhail Davidov, Lorand Jakab
-
Publication number: 20210266262Abstract: In one embodiment, a device of a software-defined wide area network (SD-WAN) receives, from a cloud-native application, contextual data for the cloud-native application that identifies microservices of the cloud-native application. The device translates the contextual data for the cloud-native application into a network policy for traffic in the SD-WAN associated with the cloud-native application. The device applies the network policy to a traffic flow in the SD-WAN between an endpoint and a particular microservice of the cloud-native application.Type: ApplicationFiled: August 3, 2020Publication date: August 26, 2021Inventors: Sridhar Subramanian, Fabio Rodolfo Maino, Alberto Rodriguez Natal, Vijoy Anand Pandey, Edward A. Warnicke, John Andrew Joyce, Timothy James Swanson, Loránd Jakab
-
Publication number: 20210119993Abstract: A method includes generating, by an internal segmentation orchestrator, a key to cipher/decipher a cryptographic segmentation tag used by an untrusted device, transmitting the key to an external segmentation orchestrator, transmitting the cryptographic segmentation tag to the external segmentation orchestrator and provisioning a trusted network edge with the key and optionally the cryptographic segmentation tag. The method can also include onboarding, based on the key and the cryptographic segmentation tag, the untrusted device, wherein the untrusted device receives the cryptographic segmentation tag from the external segmentation orchestrator.Type: ApplicationFiled: October 16, 2019Publication date: April 22, 2021Inventors: Alberto Rodriguez Natal, Mikhail Davidov, Lorand Jakab, Richard James Smith, Fabio Maino
-
Publication number: 20200322273Abstract: The present technology pertains to a system and method for extending enterprise networks' trusted policy frameworks to cloud-native applications. The present technology comprises sending, by an enterprise network controller, a first communication to a service mesh orchestrator for a service mesh, wherein the first communication informs the service mesh orchestrator of traffic segmentation policies to be applied to traffic originating at an enterprise network and of layer 7 extension headers which correspond to the enterprise network traffic segmentation policies.Type: ApplicationFiled: April 3, 2020Publication date: October 8, 2020Inventors: Alberto Rodriguez Natal, Fabio Maino, Bradford Pielech, Richard James Smith, Mikhail Davidov, Lorand Jakab
-
Patent number: 10284438Abstract: Techniques are provided for a network mapping server device in a network to receive a connection upgrade message comprising information to establish a first data flow from a first endpoint that does not support multiple subflows for the first data flow according to a multipath protocol, where multiple subflows subdivide the first data flow across two or more network paths. The information in the connection upgrade message is analyzed in order to resolve network connectivity to determine potential network connections for at least two subflows of the first data flow to a second endpoint. A response message is sent comprising information configured to establish at least two subflows for the first data flow between the first endpoint and the second endpoint.Type: GrantFiled: February 3, 2015Date of Patent: May 7, 2019Assignee: Cisco Technology, Inc.Inventors: Marc Portoles Comeras, Preethi Natarajan, Alberto Rodriguez Natal, Fabio Rodolfo Maino, Alberto Cabellos Aparicio, Vasileios Lakafosis, Lorand Jakab
-
Publication number: 20160119196Abstract: Techniques are provided for a network mapping server device in a network to receive a connection upgrade message comprising information to establish a first data flow from a first endpoint that does not support multiple subflows for the first data flow according to a multipath protocol, where multiple subflows subdivide the first data flow across two or more network paths. The information in the connection upgrade message is analyzed in order to resolve network connectivity to determine potential network connections for at least two subflows of the first data flow to a second endpoint. A response message is sent comprising information configured to establish at least two subflows for the first data flow between the first endpoint and the second endpoint.Type: ApplicationFiled: February 3, 2015Publication date: April 28, 2016Inventors: Marc Portoles Comeras, Preethi Natarajan, Alberto Rodriguez Natal, Fabio Rodolfo Maino, Alberto Cabellos Aparicio, Vasileios Lakafosis, Lorand Jakab