Patents by Inventor Mohammed Javed Asghar
Mohammed Javed Asghar has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11757935Abstract: Methods to secure against IP address thefts by rogue devices in a virtualized datacenter are provided. Rogue devices are detected and distinguished from a migration of an endpoint in a virtualized datacenter. A first hop network element in a one or more network fabrics intercepts a request that includes an identity of an endpoint and performs a local lookup for the endpoint entity identifier. Based on the lookup not finding the endpoint entity identifier, the first hop network element broadcasts a message such as a remote media access address (MAC) query to other network elements in the one or more network fabrics. Based on the received response, which may include an IP address associated with the MAC address, the first hop network element performs a theft validation process to determine whether the request originated from a migrated endpoint or a rogue device.Type: GrantFiled: May 4, 2022Date of Patent: September 12, 2023Assignee: CISCO TECHNOLOGY, INC.Inventors: Govind Prasad Sharma, Eshwar Rao Yedavalli, Mohammed Javed Asghar, Ashwath Kumar Chandrasekaran, Swapnil Mankar, Umamaheswararao Karyampudi
-
Publication number: 20220263865Abstract: Methods to secure against IP address thefts by rogue devices in a virtualized datacenter are provided. Rogue devices are detected and distinguished from a migration of an endpoint in a virtualized datacenter. A first hop network element in a one or more network fabrics intercepts a request that includes an identity of an endpoint and performs a local lookup for the endpoint entity identifier. Based on the lookup not finding the endpoint entity identifier, the first hop network element broadcasts a message such as a remote media access address (MAC) query to other network elements in the one or more network fabrics. Based on the received response, which may include an IP address associated with the MAC address, the first hop network element performs a theft validation process to determine whether the request originated from a migrated endpoint or a rogue device.Type: ApplicationFiled: May 4, 2022Publication date: August 18, 2022Inventors: Govind Prasad Sharma, Eshwar Rao Yedavalli, Mohammed Javed Asghar, Ashwath Kumar Chandrasekaran, Swapnil Mankar, Umamaheswararao Karyampudi
-
Patent number: 11405427Abstract: The present technology pertains to a system, method, and non-transitory computer-readable medium for orchestrating policies across multiple networking domains. The technology can receive, at a provider domain from a consumer domain, a data request; receive, at the provider domain from the consumer domain, at least one access policy for the consumer domain; translate, at the provider domain, the at least one access policy for the consumer domain into at least one translated access policy understood by the provider domain; apply, at the provider domain, the at least one translated access policy understood by the provider domain to the data request; and send, at the provider domain to the consumer domain, a response to the data request.Type: GrantFiled: January 23, 2020Date of Patent: August 2, 2022Inventors: Ronak K. Desai, Rajagopalan Janakiraman, Mohammed Javed Asghar, Azeem Suleman, Patel Amitkumar Valjibhai, Sanjay Kumar Hooda, Victor Manuel Moreno
-
Patent number: 11368484Abstract: Methods to secure against IP address thefts by rogue devices in a virtualized datacenter are provided. Rogue devices are detected and distinguished from a migration of an endpoint in a virtualized datacenter. A first hop network element in a one or more network fabrics intercepts a request that includes an identity of an endpoint and performs a local lookup for the endpoint entity identifier. Based on the lookup not finding the endpoint entity identifier, the first hop network element broadcasts a message such as a remote media access address (MAC) query to other network elements in the one or more network fabrics. Based on the received response, which may include an IP address associated with the MAC address, the first hop network element performs a theft validation process to determine whether the request originated from a migrated endpoint or a rogue device.Type: GrantFiled: April 26, 2019Date of Patent: June 21, 2022Assignee: CISCO TECHNOLOGY, INCInventors: Govind Prasad Sharma, Eshwar Rao Yedavalli, Mohammed Javed Asghar, Ashwath Kumar Chandrasekaran, Swapnil Mankar, Umamaheswararao Karyampudi
-
Patent number: 11336515Abstract: Presented herein are systems and methods to enable simultaneous interoperability with policy-aware and policy-unaware data center sites. A multi-site orchestrator (MSO) device can be configured to obtain configuration information for each of a plurality of different data center sites. The data center sites may include one or more on-premises sites and one or more off-premises sites, each of which may include one or more policy-aware sites and/or one or more policy-unaware sites. The MSO can selectively use namespace translations to create a unified fabric across the different data center sites, enabling one or more hosts and/or applications at a first of the data center sites to communicate with one or more hosts and/or applications at a second of the data center sites, regardless of the sites' respective configurations.Type: GrantFiled: February 19, 2021Date of Patent: May 17, 2022Assignee: CISCO TECHNOLOGY, INC.Inventors: Munish Mehta, Sundeep Kumar Singh, Shyam N. Kapadia, Mohammed Javed Asghar, Lukas Krattiger
-
Patent number: 11165828Abstract: Systems, methods, and computer-readable media for policy splitting in multi-cloud fabrics. In some examples, a method can include discovering a path from a first endpoint in a first cloud to a second endpoint in a second cloud; determining runtime policy table capacities associated with nodes in the path; determining policy distribution and enforcement for traffic from the first endpoint to the second endpoint based on the runtime policy table capacities; based on the policy distribution and enforcement, installing a set of policies for traffic from the first endpoint to the second endpoint across a set of nodes in the path; and applying the set of policies to traffic from the first endpoint in the first cloud to the second endpoint in the second cloud.Type: GrantFiled: February 28, 2019Date of Patent: November 2, 2021Assignee: CISCO TECHNOLOGY, INC.Inventors: Rajagopalan Janakiraman, Ronak K. Desai, Sivakumar Ganapathy, Mohammed Javed Asghar, Azeem Suleman, Patel Amitkumar Valjibhai
-
Publication number: 20210234898Abstract: The present technology pertains to a system, method, and non-transitory computer-readable medium for orchestrating policies across multiple networking domains. The technology can receive, at a provider domain from a consumer domain, a data request; receive, at the provider domain from the consumer domain, at least one access policy for the consumer domain; translate, at the provider domain, the at least one access policy for the consumer domain into at least one translated access policy understood by the provider domain; apply, at the provider domain, the at least one translated access policy understood by the provider domain to the data request; and send, at the provider domain to the consumer domain, a response to the data request.Type: ApplicationFiled: January 23, 2020Publication date: July 29, 2021Inventors: Ronak K. Desai, Rajagopalan Janakiraman, Mohammed Javed Asghar, Azeem Suleman, Patel Amitkumar Valjibhai, Sanjay Kumar Hooda, Victor Manuel Moreno
-
Patent number: 11057350Abstract: Technologies for extending a subnet across on-premises and cloud-based deployments are provided. An example method may include creating a VPC in a cloud for hosting an endpoint being moved from an on-premises site. For the endpoint to retain its IP address, a subnet range assigned to the VPC, based on the smallest subnet mask allowed by the cloud, is selected to include the IP address of the endpoint. The IP addresses from the assigned subnet range corresponding to on-premises endpoints are configured as secondary IP addresses on a Layer 2 (L2) proxy router instantiated in the VPC. The L2 proxy router establishes a tunnel to a cloud overlay router and directs traffic destined to on-premises endpoints, with IP addresses in the VPC subnet range thereto for outbound transmission. The cloud overly router updates the secondary IP addresses on the L2 proxy router based on reachability information for the on-premises site.Type: GrantFiled: May 30, 2019Date of Patent: July 6, 2021Assignee: CISCO TECHNOLOGY, INC.Inventors: Rajagopalan Janakiraman, Sivakumar Ganapathy, Azeem Suleman, Mohammed Javed Asghar, Patel Amitkumar Valjibhai, Ronak K. Desai
-
Publication number: 20200382471Abstract: Technologies for extending a subnet across on-premises and cloud-based deployments are provided. An example method may include creating a VPC in a cloud for hosting an endpoint being moved from an on-premises site. For the endpoint to retain its IP address, a subnet range assigned to the VPC, based on the smallest subnet mask allowed by the cloud, is selected to include the IP address of the endpoint. The IP addresses from the assigned subnet range corresponding to on-premises endpoints are configured as secondary IP addresses on a Layer 2 (L2) proxy router instantiated in the VPC. The L2 proxy router establishes a tunnel to a cloud overlay router and directs traffic destined to on-premises endpoints, with IP addresses in the VPC subnet range thereto for outbound transmission. The cloud overly router updates the secondary IP addresses on the L2 proxy router based on reachability information for the on-premises site.Type: ApplicationFiled: May 30, 2019Publication date: December 3, 2020Inventors: Rajagopalan Janakiraman, Sivakumar Ganapathy, Azeem Suleman, Mohammed Javed Asghar, Patel Amitkumar Valjibhai, Ronak K. Desai
-
Publication number: 20200280587Abstract: Systems, methods, and computer-readable media for policy splitting in multi-cloud fabrics. In some examples, a method can include discovering a path from a first endpoint in a first cloud to a second endpoint in a second cloud; determining runtime policy table capacities associated with nodes in the path; determining policy distribution and enforcement for traffic from the first endpoint to the second endpoint based on the runtime policy table capacities; based on the policy distribution and enforcement, installing a set of policies for traffic from the first endpoint to the second endpoint across a set of nodes in the path; and applying the set of policies to traffic from the first endpoint in the first cloud to the second endpoint in the second cloud.Type: ApplicationFiled: February 28, 2019Publication date: September 3, 2020Inventors: Rajagopalan Janakiraman, Ronak K. Desai, Sivakumar Ganapathy, Mohammed Javed Asghar, Azeem Suleman, Patel Amitkumar Valjibhai