Patents by Inventor Ly Loi
Ly Loi has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Publication number: 20230362140Abstract: For a network including multiple computers acting as tunnel endpoints in a network, some embodiments provide a method for processing data messages in parallel using multiple processors (e.g., cores) of each computer. Each computer in some embodiments has a set of interfaces configured as tunnel endpoints connecting to multiple tunnels. In some embodiments, the multiple processors encrypt data messages according to a set of encryption parameters or multiple sets of encryption parameters that specify an encryption policy for data messages requiring encryption, an encryption algorithm, an encryption key, a destination network address, and an encryption-parameter-set identifier.Type: ApplicationFiled: July 20, 2023Publication date: November 9, 2023Inventors: Jayant Jain, Ly Loi, Anirban Sengupta, Yong Wang, Mike Parsa
-
Patent number: 11729153Abstract: For a network including multiple computers acting as tunnel endpoints in a network, some embodiments provide a method for processing data messages in parallel using multiple processors (e.g., cores) of each computer. Each computer in some embodiments has a set of interfaces configured as tunnel endpoints connecting to multiple tunnels. In some embodiments, the multiple processors encrypt data messages according to a set of encryption parameters or multiple sets of encryption parameters that specify an encryption policy for data messages requiring encryption, an encryption algorithm, an encryption key, a destination network address, and an encryption-parameter-set identifier.Type: GrantFiled: August 15, 2021Date of Patent: August 15, 2023Assignee: NICIRA, INC.Inventors: Jayant Jain, Ly Loi, Anirban Sengupta, Yong Wang, Mike Parsa
-
Patent number: 11398987Abstract: Some embodiments provide a novel method for collecting and reporting attributes of data flows associated with machines executing on a plurality of host computers to an analysis appliance. Each host computer, in some embodiments, is responsible for collecting and reporting attributes of data flows associated with machines executing on a host computer. In some embodiments, the host computer includes a flow exporter that processes and publishes flow data to the analysis appliance, a set of agents for collecting context data relating to the flows from machines executing on the host, a set of additional modules that provide additional context data, an anomaly detection engine that analyzes flow data and context data and provides additional context data, and a context exporter for processing and publishing context data to the analysis appliance.Type: GrantFiled: July 23, 2019Date of Patent: July 26, 2022Assignee: VMWARE, INC.Inventors: Jayant Jain, Russell Lu, Ly Loi, Rick Lund, Sushruth Gopal
-
Patent number: 11288256Abstract: Some embodiments provide a novel method for collecting and reporting attributes of data flows associated with machines executing on a plurality of host computers to an analysis appliance. The analysis appliance, in some embodiments, receives definitions of keys and provides them to the host computers. In some embodiments, existing keys are modified based on the analysis. Additionally, or alternatively, new keys are provided based on the analysis. In some embodiments, the analysis appliance receives the flow group records (e.g., sets of attributes) based on the keys and the configuration data from each host computer.Type: GrantFiled: July 23, 2019Date of Patent: March 29, 2022Assignee: VMWARE, INC.Inventors: Jayant Jain, Russell Lu, Ly Loi, Rick Lund, Arnold Poon
-
Publication number: 20210377232Abstract: For a network including multiple computers acting as tunnel endpoints in a network, some embodiments provide a method for processing data messages in parallel using multiple processors (e.g., cores) of each computer. Each computer in some embodiments has a set of interfaces configured as tunnel endpoints connecting to multiple tunnels. In some embodiments, the multiple processors encrypt data messages according to a set of encryption parameters or multiple sets of encryption parameters that specify an encryption policy for data messages requiring encryption, an encryption algorithm, an encryption key, a destination network address, and an encryption-parameter-set identifier.Type: ApplicationFiled: August 15, 2021Publication date: December 2, 2021Inventors: Jayant Jain, Ly Loi, Anirban Sengupta, Yong Wang, Mike Parsa
-
Patent number: 11188570Abstract: Some embodiments provide a novel method for collecting and reporting attributes of data flows associated with machines executing on a plurality of host computers to an analysis appliance. Each host computer, in some embodiments, is responsible for collecting and reporting attributes of data flows associated with machines executing on a host computer. The host computer, in some embodiments, first eliminates duplicative flow group records and then aggregates the flow data according to a set of received keys that specify attributes that define the aggregation. For example, a simple key that specifies a set of machine identifiers (e.g., a VM ID) as attribute values will, for each machine identifier, aggregate all flows with that machine identifier into a single aggregated flow group record. In some embodiments, the host computer includes a flow exporter that processes and publishes flow data to the analysis appliance.Type: GrantFiled: July 23, 2019Date of Patent: November 30, 2021Assignee: VMWARE, INC.Inventors: Jayant Jain, Russell Lu, Ly Loi, Rick Lund, Sushruth Gopal
-
Patent number: 11095617Abstract: For a network including multiple computers acting as tunnel endpoints in a network, some embodiments provide a method for processing data messages in parallel using multiple processors (e.g., cores) of each computer. Each computer in some embodiments has a set of interfaces configured as tunnel endpoints connecting to multiple tunnels. In some embodiments, the multiple processors encrypt data messages according to a set of encryption parameters or multiple sets of encryption parameters that specify an encryption policy for data messages requiring encryption, an encryption algorithm, an encryption key, a destination network address, and an encryption-parameter-set identifier.Type: GrantFiled: December 4, 2017Date of Patent: August 17, 2021Assignee: NICIRA, INC.Inventors: Jayant Jain, Ly Loi, Anirban Sengupta, Yong Wang, Mike Parsa
-
Patent number: 11075888Abstract: For a network including multiple computers acting as tunnel endpoints in a network, some embodiments provide a method for distributing data messages among processors of a destination computer that receives encrypted data messages from a source computer. Each computer in some embodiments has a set of interfaces configured as tunnel endpoints connecting to multiple tunnels. The encrypted data messages are received at multiple interfaces of the destination computer and in some embodiments, include an identifier for a set of encryption parameters (e.g., a security parameter index). The encryption-parameter-set identifier is used to distribute encrypted data messages among processors of the destination computer.Type: GrantFiled: December 4, 2017Date of Patent: July 27, 2021Assignee: NICIRA, INC.Inventors: Jayant Jain, Ly Loi, Anirban Sengupta, Yong Wang, Mike Parsa
-
Publication number: 20210029050Abstract: Some embodiments provide a novel method for collecting and reporting attributes of data flows associated with machines executing on a plurality of host computers to an analysis appliance. Each host computer, in some embodiments, is responsible for collecting and reporting attributes of data flows associated with machines executing on a host computer. In some embodiments, the host computer includes a flow exporter that processes and publishes flow data to the analysis appliance, a set of agents for collecting context data relating to the flows from machines executing on the host, a set of additional modules that provide additional context data, an anomaly detection engine that analyzes flow data and context data and provides additional context data, and a context exporter for processing and publishing context data to the analysis appliance.Type: ApplicationFiled: July 23, 2019Publication date: January 28, 2021Inventors: Jayant Jain, Russell Lu, Ly Loi, Rick Lund, Sushruth Gopal
-
Publication number: 20210026830Abstract: Some embodiments provide a novel method for collecting and reporting attributes of data flows associated with machines executing on a plurality of host computers to an analysis appliance. The analysis appliance, in some embodiments, receives definitions of keys and provides them to the host computers. In some embodiments, existing keys are modified based on the analysis. Additionally, or alternatively, new keys are provided based on the analysis. In some embodiments, the analysis appliance receives the flow group records (e.g., sets of attributes) based on the keys and the configuration data from each host computer.Type: ApplicationFiled: July 23, 2019Publication date: January 28, 2021Inventors: Jayant Jain, Russell Lu, Ly Loi, Rick Lund, Arnold Poon
-
Publication number: 20210026870Abstract: Some embodiments provide a novel method for collecting and reporting attributes of data flows associated with machines executing on a plurality of host computers to an analysis appliance. Each host computer, in some embodiments, is responsible for collecting and reporting attributes of data flows associated with machines executing on a host computer. The host computer, in some embodiments, first eliminates duplicative flow group records and then aggregates the flow data according to a set of received keys that specify attributes that define the aggregation. For example, a simple key that specifies a set of machine identifiers (e.g., a VM ID) as attribute values will, for each machine identifier, aggregate all flows with that machine identifier into a single aggregated flow group record. In some embodiments, the host computer includes a flow exporter that processes and publishes flow data to the analysis appliance.Type: ApplicationFiled: July 23, 2019Publication date: January 28, 2021Inventors: Jayant Jain, Russell Lu, Ly Loi, Rick Lund, Sushruth Gopal
-
Patent number: 10701107Abstract: Certain embodiments described herein are generally directed to deterministic load balancing of processing encapsulated encrypted data packets at a destination tunnel endpoint. In some embodiments, an IPSec component residing within a destination tunnel endpoint is configured to select a CPU core ID of a virtual CPU using a CPU selection function. In some embodiments, the IPSec component selects an SPI value corresponding to the CPU core ID. In some embodiments, the IPsec component indicates the SPI value to a source tunnel endpoint for use in establishing an in-bound security association, wherein the in-bound security association is used by the source tunnel endpoint to encrypt a data packet received from the source endpoint and destined for the destination endpoint.Type: GrantFiled: December 6, 2017Date of Patent: June 30, 2020Assignee: Nicira, Inc.Inventors: Sushruth Gopal, Ly Loi, Yong Wang, Michael Parsa
-
Patent number: 10623372Abstract: Certain embodiments described herein are generally directed to load balancing IPSec tunnels at an extended Berkeley Packet Filter (eBPF) module of a destination tunnel endpoint for encapsulated ESP encrypted data packets for encapsulated encrypted data packets based on a security parameter index value of the encapsulated encrypted data packets.Type: GrantFiled: December 6, 2017Date of Patent: April 14, 2020Assignee: Nicira, Inc.Inventors: Yong Wang, Brenden Blanco, Ly Loi
-
Patent number: 10331973Abstract: Techniques disclosed herein provide an approach for automatically importing graphical topologies and deploying the same. In one embodiment, a topology importer tool uses a trained machine learning model to detect and classify objects in an image depicting a topology. The topology importer distinguishes between software (or hardware) components in the detected objects and properties of those components. In particular, the topology importer may determine a property is associated with a component based on an overlap between objects representing the property and the component, a distance between the objects representing the property and the component, or a learned model. The topology importer determines relationships between components in a similar manner, as well as based on detected links represented by objects between components indicating those components are connected. The topology importer further converts the topology to a format understood by an application which may then deploy the topology.Type: GrantFiled: June 26, 2017Date of Patent: June 25, 2019Assignee: Nicira, Inc.Inventors: Yong Wang, Jayant Jain, Ly Loi
-
Publication number: 20190173850Abstract: For a network including multiple computers acting as tunnel endpoints in a network, some embodiments provide a method for processing data messages in parallel using multiple processors (e.g., cores) of each computer. Each computer in some embodiments has a set of interfaces configured as tunnel endpoints connecting to multiple tunnels. In some embodiments, the multiple processors encrypt data messages according to a set of encryption parameters or multiple sets of encryption parameters that specify an encryption policy for data messages requiring encryption, an encryption algorithm, an encryption key, a destination network address, and an encryption-parameter-set identifier.Type: ApplicationFiled: December 4, 2017Publication date: June 6, 2019Inventors: Jayant Jain, Ly Loi, Anirban Sengupta, Yong Wang, Mike Parsa
-
Publication number: 20190173920Abstract: Certain embodiments described herein are generally directed to deterministic load balancing of processing encapsulated encrypted data packets at a destination tunnel endpoint. In some embodiments, an IPSec component residing within a destination tunnel endpoint is configured to select a CPU core ID of a virtual CPU using a CPU selection function. In some embodiments, the IPSec component selects an SPI value corresponding to the CPU core ID.Type: ApplicationFiled: December 6, 2017Publication date: June 6, 2019Inventors: Sushruth GOPAL, Ly LOI, Yong WANG, Michael PARSA
-
Publication number: 20190173841Abstract: Certain embodiments described herein are generally directed to load balancing IPSec tunnels at an extended Berkeley Packet Filter (eBPF) module of a destination tunnel endpoint for encapsulated ESP encrypted data packets for encapsulated encrypted data packets based on a security parameter index value of the encapsulated encrypted data packets.Type: ApplicationFiled: December 6, 2017Publication date: June 6, 2019Inventors: Yong WANG, Brenden BLANCO, Ly LOI
-
Publication number: 20190173851Abstract: For a network including multiple computers acting as tunnel endpoints in a network, some embodiments provide a method for distributing data messages among processors of a destination computer that receives encrypted data messages from a source computer. Each computer in some embodiments has a set of interfaces configured as tunnel endpoints connecting to multiple tunnels. The encrypted data messages are received at multiple interfaces of the destination computer and in some embodiments, include an identifier for a set of encryption parameters (e.g., a security parameter index). The encryption-parameter-set identifier is used to distribute encrypted data messages among processors of the destination computer.Type: ApplicationFiled: December 4, 2017Publication date: June 6, 2019Inventors: Jayant Jain, Ly Loi, Anirban Sengupta, Yong Wang, Mike Parsa
-
Publication number: 20180373961Abstract: Techniques disclosed herein provide an approach for automatically importing graphical topologies and deploying the same. In one embodiment, a topology importer tool uses a trained machine learning model to detect and classify objects in an image depicting a topology. The topology importer distinguishes between software (or hardware) components in the detected objects and properties of those components. In particular, the topology importer may determine a property is associated with a component based on an overlap between objects representing the property and the component, a distance between the objects representing the property and the component, or a learned model. The topology importer determines relationships between components in a similar manner, as well as based on detected links represented by objects between components indicating those components are connected. The topology importer further converts the topology to a format understood by an application which may then deploy the topology.Type: ApplicationFiled: June 26, 2017Publication date: December 27, 2018Inventors: Yong WANG, Jayant JAIN, Ly LOI
-
Patent number: 9124564Abstract: Techniques are presented for establishing context awareness during first negotiation of secure key exchange. These techniques may be embodied as a method, apparatus or instructions in a computer-readable storage media. At a first network device, a message is received from a second network device as part of an initial exchange of information of a secure key exchange, the message containing information indicating one or more secure key exchange policies acceptable to the second network device and defining one or more associated security parameters. The message further contains context-specific information identifying a context of the second network device. The first network device selects a secure key exchange policy for communicating with the second network device based upon the context-specific information and sends a response message to the second network device containing the selected secure key exchange policy. If the context was understood, the response message also includes context-specific information.Type: GrantFiled: August 22, 2013Date of Patent: September 1, 2015Assignee: Cisco Technology, Inc.Inventors: Thamilarasu Kandasamy, Ly Loi, Rajeshwar Singh Jenwar