Patents by Inventor Michael E. Lipman
Michael E. Lipman has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 10609042Abstract: Various systems and methods for determining whether to allow or continue to allow access to a protected data asset are disclosed herein. For example, one method involves receiving a request to access a protected data asset, wherein the request is received from a first user device; determining whether to grant access to the protected data asset, wherein the determining comprises evaluating one or more criteria associated with the first user device, and the criteria comprises first information associated with a first policy constraint; and in response to a determination that access to the protected data asset is to be granted, granting access to the protected data asset.Type: GrantFiled: December 21, 2016Date of Patent: March 31, 2020Assignee: Cisco Technology, Inc.Inventors: Paul Quinn, Michael E. Lipman, Mike Milano, David D. Ward, James Guichard, Leonid Sandler, Moshe Kravchik, Alena Lifar, Darrin Miller
-
Patent number: 9992103Abstract: Presented herein are techniques to reduce the number of redirected subscriber packet flows while performing sticky hierarchical load balancing. An Nth head end network element may be activated such that a plurality of N head end network elements are active and capable of receiving and processing one or more packet flows. A primary load balancer may then be directed to overwrite a portion of pointers of a hash table in an evenly distributed manner with pointers to the Nth head end network element such that packet flows are forwarded to the Nth head end network element, wherein the hash table retains a static number of entries as the number of head end network elements is modified.Type: GrantFiled: January 24, 2014Date of Patent: June 5, 2018Assignee: Cisco Technology, Inc.Inventors: Hendrikus G. P. Bosch, Peter Weinberger, Praveen Bhagwatula, Michael E. Lipman, Alessandro Duminuco, Louis Gwyn Samuel
-
Patent number: 9952877Abstract: In one embodiment, a physical device (e.g., packet switching device, computer, server) is booted using custom-created frozen partially-booted virtual machines, avoiding the time required for an end-to-end boot process. In one embodiment while the system is operating under a current version, a partially-booted virtual image of a new operating version for each of multiple processing elements of the device is produced according to static configuration information specific to the device, with each of these partially-booted virtual machines frozen. The device is rebooted to a fully operational device by unfreezing these partially-booted virtual machines, thus removing this portion of a boot process from the real-time booting of the device. The generation of the frozen partially-booted virtual machines is advantageously performed by the device itself based on current static configuration information and the availability of the specific hardware configuration of the device.Type: GrantFiled: April 23, 2014Date of Patent: April 24, 2018Assignee: Cisco Technology, Inc.Inventors: Akash R. Deshpande, Michael E. Lipman, Peter Weinberger
-
Publication number: 20170237747Abstract: Various systems and methods for determining whether to allow or continue to allow access to a protected data asset are disclosed herein. For example, one method involves receiving a request to access a protected data asset, wherein the request is received from a first user device; determining whether to grant access to the protected data asset, wherein the determining comprises evaluating one or more criteria associated with the first user device, and the criteria comprises first information associated with a first policy constraint; and in response to a determination that access to the protected data asset is to be granted, granting access to the protected data asset.Type: ApplicationFiled: December 21, 2016Publication date: August 17, 2017Inventors: Paul Quinn, Michael E. Lipman, Mike Milano, David D. Ward, James Guichard, Leonid Sandler, Moshe Kravchik, Alena Lifar, Darrin Miller
-
Patent number: 9596175Abstract: In one embodiment, a packet switching device creates multiple virtual packet switching devices within the same physical packet switching device using virtual machines and sharing particular physical resources of the packet switching device. One embodiment uses this functionality to change the operating version (e.g., upgrade or downgrade) of the packet switching device by originally operating according to a first operating version, operating according to both a first and second operating version, and then ceasing operating according to the first operating version. Using such a technique, a packet switching device can be upgraded or downgraded while fully operating (e.g., without having to reboot line cards and route processing engines).Type: GrantFiled: October 1, 2015Date of Patent: March 14, 2017Assignee: Cisco Technology, Inc.Inventors: Akash R. Deshpande, John H. W. Bettink, Michael E. Lipman, Pradosh Mohapatra, Kannan Devarajan, Prabhakara R. Yellai, Rajagopalan M. Ammanur, Samir D. Thoria
-
Patent number: 9509614Abstract: An example method for load balancing in a network environment is provided and includes receiving a packet from a first stage load-balancer in a network environment, where the packet is forwarded from the first stage load-balancer to one of a plurality of second stage load-balancers in the network according to a hash based forwarding scheme, and routing the packet from the second stage load-balancer to one of a plurality of servers in the network according to a per-session routing scheme. The per-session routing scheme includes retrieving a session routing state from a distributed hash table in the network. In a specific embodiment, the hash based forwarding scheme includes equal cost multi path routing. The session routing state can include an association between a next hop for the packet and the packet's 5-tuple representing a session to which the packet belongs.Type: GrantFiled: June 20, 2013Date of Patent: November 29, 2016Assignee: CISCO TECHNOLOGY, INC.Inventors: Hendrikus G. P. Bosch, David Richard Barach, Michael E. Lipman, Alessandro Duminuco, James N. Guichard, Humberto J. La Roche
-
Patent number: 9270397Abstract: In one embodiment, an apparatus cascades groups of serialized data streams through devices, and performs operations based on information communicated therein. A received group of serialized data streams is aligned, but not framed, and forwarded to a next device (e.g., a next stage in a linear or tree cascaded formation of devices). Eliminating the framing and subsequent serialization operations performed on the received group of serialized data streams reduces the latency of communications through the cascaded devices, which can be significant when considered in relation to the high-speed communication rates. The received group of serialized data streams is also framed to create a sequence of data frames for processing (e.g., associative memory lookup operations, controlling multiplexing of received downstream serialized data streams, general or other processing) within the device.Type: GrantFiled: October 24, 2012Date of Patent: February 23, 2016Assignee: Cisco Technology, Inc.Inventors: John W. Marshall, Steven Philip Holmes, Jeffrey Nelson Shaw, Michael E. Lipman, Matthew Harper, Mohammed Ismael Tatar, James A. Markevitch
-
Publication number: 20160021002Abstract: In one embodiment, a packet switching device creates multiple virtual packet switching devices within the same physical packet switching device using virtual machines and sharing particular physical resources of the packet switching device. One embodiment uses this functionality to change the operating version (e.g., upgrade or downgrade) of the packet switching device by originally operating according to a first operating version, operating according to both a first and second operating version, and then ceasing operating according to the first operating version. Using such a technique, a packet switching device can be upgraded or downgraded while fully operating (e.g., without having to reboot line cards and route processing engines).Type: ApplicationFiled: October 1, 2015Publication date: January 21, 2016Applicant: Cisco Technology, Inc., a corporation of CaliforniaInventors: Akash R. Deshpande, John H. W. Bettink, Michael E. Lipman, Pradosh Mohapatra, Kannan Devarajan, Prabhakara R. Yellai, Rajagopalan M. Ammanur, Samir D. Thoria
-
Patent number: 9185030Abstract: In one embodiment, a packet switching device creates multiple virtual packet switching devices within the same physical packet switching device using virtual machines and sharing particular physical resources of the packet switching device. One embodiment uses this functionality to change the operating version (e.g., upgrade or downgrade) of the packet switching device by originally operating according to a first operating version, operating according to both a first and second operating version, and then ceasing operating according to the first operating version. Using such a technique, a packet switching device can be upgraded or downgraded while fully operating (e.g., without having to reboot line cards and route processing engines).Type: GrantFiled: December 19, 2011Date of Patent: November 10, 2015Assignee: Cisco Technology, Inc.Inventors: Akash R. Deshpande, John H. W. Bettink, Michael E. Lipman, Pradosh Mohapatra, Kannan Devarajan, Prabhakara R. Yellai, Rajagopalan M. Ammanur, Samir D. Thoria
-
Publication number: 20150309805Abstract: In one embodiment, a physical device (e.g., packet switching device, computer, server) is booted using custom-created frozen partially-booted virtual machines, avoiding the time required for an end-to-end boot process. In one embodiment while the system is operating under a current version, a partially-booted virtual image of a new operating version for each of multiple processing elements of the device is produced according to static configuration information specific to the device, with each of these partially-booted virtual machines frozen. The device is rebooted to a fully operational device by unfreezing these partially-booted virtual machines, thus removing this portion of a boot process from the real-time booting of the device. The generation of the frozen partially-booted virtual machines is advantageously performed by the device itself based on current static configuration information and the availability of the specific hardware configuration of the device.Type: ApplicationFiled: April 23, 2014Publication date: October 29, 2015Applicant: Cisco Technology, Inc., a corporation of CaliforniaInventors: Akash R. Deshpande, Michael E. Lipman, Peter Weinberger
-
Publication number: 20150215819Abstract: Presented herein are techniques to reduce the number of redirected subscriber packet flows while performing sticky hierarchical load balancing. An Nth head end network element may be activated such that a plurality of N head end network elements are active and capable of receiving and processing one or more packet flows. A primary load balancer may then be directed to overwrite a portion of pointers of a hash table in an evenly distributed manner with pointers to the Nth head end network element such that packet flows are forwarded to the Nth head end network element, wherein the hash table retains a static number of entries as the number of head end network elements is modified.Type: ApplicationFiled: January 24, 2014Publication date: July 30, 2015Applicant: Cisco Technology, Inc.Inventors: Hendrikus G.P. Bosch, Peter Weinberger, Praveen Bhagwatula, Michael E. Lipman, Alessandro Duminuco, Louis Gwyn Samuel
-
Publication number: 20140379938Abstract: An example method for load balancing in a network environment is provided and includes receiving a packet from a first stage load-balancer in a network environment, where the packet is forwarded from the first stage load-balancer to one of a plurality of second stage load-balancers in the network according to a hash based forwarding scheme, and routing the packet from the second stage load-balancer to one of a plurality of servers in the network according to a per-session routing scheme. The per-session routing scheme includes retrieving a session routing state from a distributed hash table in the network. In a specific embodiment, the hash based forwarding scheme includes equal cost multi path routing. The session routing state can include an association between a next hop for the packet and the packet's 5-tuple representing a session to which the packet belongs.Type: ApplicationFiled: June 20, 2013Publication date: December 25, 2014Applicant: CISCO TECHNOLOGY, INC.Inventors: Hendrikus G. P. Bosch, David Richard Barach, Michael E. Lipman, Alessandro Duminuco, James N. Guichard, Humberto J. La Roche
-
Patent number: 8774185Abstract: A service is applied in a packet switching device to both directions of a flow of packets through the packet switching device, with the application of this Layer-4 to layer-7 service to one direction requiring state information shared from the application of the service to packets traversing in the other direction. The service (e.g. firewall, network address translation) can be applied by different processing complexes which do not share memory; thus, state information is communicated between the processing complexes. When the service is applied by a single processing complex, packets can be directed explicitly to the single processing complex. The inline application of services in a packet switching system typically eliminates the need to change a packet's path through the packet switching system to that through a dedicated application server, and may eliminate the need for a dedicated services card or blade server.Type: GrantFiled: July 27, 2010Date of Patent: July 8, 2014Assignee: Cisco Technology, Inc.Inventors: John C. Carney, Timothy P. Donahue, Michael E. Lipman, David Delano Ward, Doron Oz
-
Patent number: 8713575Abstract: A data processing architecture includes multiple processors connected in series between a load balancer and reorder logic. The load balancer is configured to receive data and distribute the data across the processors. Appropriate ones of the processors are configured to process the data. The reorder logic is configured to receive the data processed by the processors, reorder the data, and output the reordered data.Type: GrantFiled: June 29, 2012Date of Patent: April 29, 2014Assignee: Juniper Networks, Inc.Inventors: John C Carney, Michael E Lipman
-
Publication number: 20140112342Abstract: In one embodiment, an apparatus cascades groups of serialized data streams through devices, and performs operations based on information communicated therein. A received group of serialized data streams is aligned, but not framed, and forwarded to a next device (e.g., a next stage in a linear or tree cascaded formation of devices). Eliminating the framing and subsequent serialization operations performed on the received group of serialized data streams reduces the latency of communications through the cascaded devices, which can be significant when considered in relation to the high-speed communication rates. The received group of serialized data streams is also framed to create a sequence of data frames for processing (e.g., associative memory lookup operations, controlling multiplexing of received downstream serialized data streams, general or other processing) within the device.Type: ApplicationFiled: October 24, 2012Publication date: April 24, 2014Inventors: John W. Marshall, Steven Philip Holmes, Jeffrey Nelson Shaw, Michael E. Lipman, Matthew Harper, Mohammed Ismael Tatar, James A. Markevitch
-
Publication number: 20130114613Abstract: In one embodiment, a packet switching device creates multiple virtual packet switching devices within the same physical packet switching device using virtual machines and sharing particular physical resources of the packet switching device. One embodiment uses this functionality to change the operating version (e.g., upgrade or downgrade) of the packet switching device by originally operating according to a first operating version, operating according to both a first and second operating version, and then ceasing operating according to the first operating version. Using such a technique, a packet switching device can be upgraded or downgraded while fully operating (e.g., without having to reboot line cards and route processing engines).Type: ApplicationFiled: December 19, 2011Publication date: May 9, 2013Applicant: Cisco Technology, Inc., a corporation of CaliforniaInventors: Akash R. Deshpande, John H. W. Bettink, Michael E. Lipman, Pradosh Mohapatra, Kannan Devarajan, Prabhakara R. Yellai, Rajagopalan M. Ammanur, Samir D. Thoria
-
Publication number: 20120266181Abstract: A data processing architecture includes multiple processors connected in series between a load balancer and reorder logic. The load balancer is configured to receive data and distribute the data across the processors. Appropriate ones of the processors are configured to process the data. The reorder logic is configured to receive the data processed by the processors, reorder the data, and output the reordered data.Type: ApplicationFiled: June 29, 2012Publication date: October 18, 2012Applicant: Juniper Networks, Inc.Inventors: John C. Carney, Michael E. Lipman
-
Patent number: 8234653Abstract: A data processing architecture includes multiple processors connected in series between a load balancer and reorder logic. The load balancer is configured to receive data and distribute the data across the processors. Appropriate ones of the processors are configured to process the data. The reorder logic is configured to receive the data processed by the processors, reorder the data, and output the reordered data.Type: GrantFiled: May 30, 2008Date of Patent: July 31, 2012Assignee: Juniper Networks, Inc.Inventors: John C Carney, Michael E Lipman
-
Publication number: 20120027015Abstract: A service is applied in a packet switching device to both directions of a flow of packets through the packet switching device, with the application of this Layer-4 to layer-7 service to one direction requiring state information shared from the application of the service to packets traversing in the other direction. The service (e.g. firewall, network address translation) can be applied by different processing complexes which do not share memory; thus, state information is communicated between the processing complexes. When the service is applied by a single processing complex, packets can be directed explicitly to the single processing complex. The inline application of services in a packet switching system typically eliminates the need to change a packet's path through the packet switching system to that through a dedicated application server, and may eliminate the need for a dedicated services card or blade server.Type: ApplicationFiled: July 27, 2010Publication date: February 2, 2012Applicant: Cisco Technology, Inc., a corporation of CaliforniaInventors: John C. Carney, Timothy P. Donahue, Michael E. Lipman, David Delano Ward, Doron Oz
-
Patent number: 7990868Abstract: A buffer memory may be configured to temporarily store data in a number of queues. A processor may be configured to measure a fullness of the buffer memory. The processor may also be configured to assign sizes to the number of queues based on the fullness of the buffer memory. The processor may also adjust thresholds of drop profiles associated with the number of queues based on the sizes assigned to the number of queues.Type: GrantFiled: March 24, 2008Date of Patent: August 2, 2011Assignee: Juniper Networks, Inc.Inventors: Shawn Gallagher, Stephen Branam, Thomas A LeMaire, Michael E Lipman, Ryan Ross