Patents by Inventor Munish Mehta
Munish Mehta has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Publication number: 20230300105Abstract: According to one or more embodiments of this disclosure, a network controller in a data center network establishes a translation table for in-band traffic in a data center network, the translation table resolves ambiguous network addresses based on one or more of a virtual network identifier (VNID), a routable tenant address, or a unique loopback address. The network controller device receives packets originating from applications and/or an endpoints operating in a network segment associated with a VNID. The network controller device translates, using the translation table, unique loopback addresses and/or routable tenant addresses associated with the packets into routable tenant addresses and/or unique loopback addresses, respectively.Type: ApplicationFiled: December 21, 2022Publication date: September 21, 2023Inventors: Vijay Chander, Yibin Yang, Praveen Jain, Munish Mehta
-
Patent number: 11546288Abstract: According to one or more embodiments of this disclosure, a network controller in a data center network establishes a translation table for in-band traffic in a data center network, the translation table resolves ambiguous network addresses based on one or more of a virtual network identifier (VNID), a routable tenant address, or a unique loopback address. The network controller device receives packets originating from applications and/or an endpoints operating in a network segment associated with a VNID. The network controller device translates, using the translation table, unique loopback addresses and/or routable tenant addresses associated with the packets into routable tenant addresses and/or unique loopback addresses, respectively.Type: GrantFiled: February 11, 2021Date of Patent: January 3, 2023Assignee: Cisco Technology, Inc.Inventors: Vijay Chander, Yibin Yang, Praveen Jain, Munish Mehta
-
Patent number: 11336515Abstract: Presented herein are systems and methods to enable simultaneous interoperability with policy-aware and policy-unaware data center sites. A multi-site orchestrator (MSO) device can be configured to obtain configuration information for each of a plurality of different data center sites. The data center sites may include one or more on-premises sites and one or more off-premises sites, each of which may include one or more policy-aware sites and/or one or more policy-unaware sites. The MSO can selectively use namespace translations to create a unified fabric across the different data center sites, enabling one or more hosts and/or applications at a first of the data center sites to communicate with one or more hosts and/or applications at a second of the data center sites, regardless of the sites' respective configurations.Type: GrantFiled: February 19, 2021Date of Patent: May 17, 2022Assignee: CISCO TECHNOLOGY, INC.Inventors: Munish Mehta, Sundeep Kumar Singh, Shyam N. Kapadia, Mohammed Javed Asghar, Lukas Krattiger
-
Patent number: 11303576Abstract: A network device receives a fragmented packet of an internet protocol (IP) packet. The fragmented packet is subsequently received relative to an initial fragmented packet of the IP packet and includes a first set of tuple information. The network device determines an entry of a hash table associated with the IP packet, based on the first set of tuple information and a fragment identifier (ID) within the fragmented packet. The network device retrieves a second set of tuple information associated with the fragmented packet from the hash table entry, and transmits an indication of the first and second sets of tuple information.Type: GrantFiled: October 17, 2019Date of Patent: April 12, 2022Assignee: Cisco Technology, Inc.Inventors: Ajay K. Modi, Atul Garg, Murukanandam K. Panchalingam, Umamaheswararao Karyampudi, Munish Mehta
-
Publication number: 20210168114Abstract: According to one or more embodiments of this disclosure, a network controller in a data center network establishes a translation table for in-band traffic in a data center network, the translation table resolves ambiguous network addresses based on one or more of a virtual network identifier (VNID), a routable tenant address, or a unique loopback address. The network controller device receives packets originating from applications and/or an endpoints operating in a network segment associated with a VNID. The network controller device translates, using the translation table, unique loopback addresses and/or routable tenant addresses associated with the packets into routable tenant addresses and/or unique loopback addresses, respectively.Type: ApplicationFiled: February 11, 2021Publication date: June 3, 2021Inventors: Vijay Chander, Yibin Yang, Praveen Jain, Munish Mehta
-
Patent number: 10999197Abstract: Systems and methods provide for end-to-end identity-aware routing across multiple administrative domains. A first ingress edge device of a second overlay network can receive a first encapsulated packet from a first egress edge device of a first overlay network. The first ingress edge device can de-encapsulate the first encapsulated packet to obtain an original packet and a user or group identifier. The first ingress edge device can apply a user or group policy matching the user or group identifier to determine a next hop for the original packet. The first ingress edge device can encapsulate the original packet and the user or group identifier to generate a second encapsulated packet. The first ingress edge device can forward the second encapsulated packet to the next hop.Type: GrantFiled: August 8, 2019Date of Patent: May 4, 2021Assignee: CISCO TECHNOLOGY, INC.Inventors: Sanjay Kumar Hooda, Anand Oswal, Nehal Bhau, Anil Edathara, Munish Mehta
-
Publication number: 20210119925Abstract: A network device receives a fragmented packet of an internet protocol (IP) packet. The fragmented packet is subsequently received relative to an initial fragmented packet of the IP packet and includes a first set of tuple information. The network device determines an entry of a hash table associated with the IP packet, based on the first set of tuple information and a fragment identifier (ID) within the fragmented packet. The network device retrieves a second set of tuple information associated with the fragmented packet from the hash table entry, and transmits an indication of the first and second sets of tuple information.Type: ApplicationFiled: October 17, 2019Publication date: April 22, 2021Inventors: Ajay K. MODI, Atul GARG, Murukanandam K. PANCHALINGAM, Umamaheswararao KARYAMPUDI, Munish MEHTA
-
Patent number: 10931629Abstract: According to one or more embodiments of this disclosure, a network controller in a data center network establishes a translation table for in-band traffic in a data center network, the translation table resolves ambiguous network addresses based on one or more of a virtual network identifier (VNID), a routable tenant address, or a unique loopback address. The network controller device receives packets originating from applications and/or an endpoints operating in a network segment associated with a VNID. The network controller device translates, using the translation table, unique loopback addresses and/or routable tenant addresses associated with the packets into routable tenant addresses and/or unique loopback addresses, respectively.Type: GrantFiled: December 31, 2018Date of Patent: February 23, 2021Assignee: CISCO TECHNOLOGY, INC.Inventors: Vijay Chander, Yibin Yang, Praveen Jain, Munish Mehta
-
Patent number: 10891147Abstract: Aspects of the embodiments are directed to forming a virtual machine management (VMM) domain in a heterogeneous datacenter. Aspects can include mapping an endpoint group to multiple VMM domains, each VMM domain associated with one or more virtual machine management systems of a single type that each share one or more management system characteristics; instantiating a virtual switch instance, the virtual switch instance associated with a the VMM domain; and instantiating the endpoint group mapped to the VMM domain as a network component associated with the virtual switch instance.Type: GrantFiled: December 12, 2016Date of Patent: January 12, 2021Assignee: Cisco Technology, Inc.Inventors: Vijayan Ramakrishnan, Saurabh Jain, Vijay Chander, Ronak K. Desai, Praveen Jain, Munish Mehta, Yibin Yang
-
Publication number: 20200177503Abstract: Systems and methods provide for end-to-end identity-aware routing across multiple administrative domains. A first ingress edge device of a second overlay network can receive a first encapsulated packet from a first egress edge device of a first overlay network. The first ingress edge device can de-encapsulate the first encapsulated packet to obtain an original packet and a user or group identifier. The first ingress edge device can apply a user or group policy matching the user or group identifier to determine a next hop for the original packet. The first ingress edge device can encapsulate the original packet and the user or group identifier to generate a second encapsulated packet. The first ingress edge device can forward the second encapsulated packet to the next hop.Type: ApplicationFiled: August 8, 2019Publication date: June 4, 2020Inventors: Sanjay Kumar Hooda, Anand Oswal, Nehal Bhau, Anil Edathara, Munish Mehta
-
Patent number: 10581744Abstract: Presented herein are traffic pruning techniques that define the pruning at the group level. A software defined network (SDN) controller determines first and second endpoint groups (EPGs) of an SDN associated with the SDN controller. The SDN runs on a plurality of networking devices that interconnect a plurality of endpoints that are each attached to one or more host devices. The SDN controller determines a host-EPG mapping for the SDN, as well as a networking device-host mapping for the SDN. The SDN controller then uses the host-EPG mapping, the networking device-host mapping, and one or more group-based policies associated with traffic sent from the first EPG to the second EPG to compute hardware pruning policies defining how to prune multi-destination traffic sent from the first EPG to the second EPG. The hardware pruning policies are then installed in one or more of the networking devices or the host devices.Type: GrantFiled: December 2, 2016Date of Patent: March 3, 2020Assignee: Cisco Technology, Inc.Inventors: Munish Mehta, Saurabh Jain, Praveen Jain, Ronak K. Desai, Yibin Yang
-
Patent number: 10469402Abstract: The techniques presented herein use dynamic endpoint group (EPG) binding changes to facilitate cross-tenant resource sharing. A first node of a multi-tenant software defined network determines that an application on a first endpoint has initiated operation and needs temporary access to resources located at a second endpoint. The first and second endpoints are associated with first and second tenants, respectively, that are logically segregated from one another by the software defined network. The first node dynamically changes an initial EPG binding associated with the first endpoint to a second EPG binding that enables the first endpoint to temporarily directly access the resources at the second endpoint. The first node subsequently determines that the application on the first endpoint no longer needs access to the resources located at a second endpoint and, as such, changes the second EPG binding associated with the first endpoint back to the initial EPG binding.Type: GrantFiled: November 16, 2016Date of Patent: November 5, 2019Assignee: Cisco Technology, Inc.Inventors: Saurabh Jain, Vijay K. Chander, Vijayan Ramakrishnan, Ronak K. Desai, Praveen Jain, Munish Mehta, Yibin Yang
-
Patent number: 10291533Abstract: A packet forwarding network may include switches that forward network traffic between end hosts and network tap devices that forward copied network traffic to an analysis network formed from client switches that are controlled by a controller. Network analysis devices and network service devices may be coupled to the client switches at interfaces of the analysis network. The controller may receive one or more network policies from a network administrator. A network policy may identify ingress interfaces, egress interfaces, matching rules, packet manipulation services to be performed. The controller may control the client switches to generate network paths that forward network packets that match the matching rules from the ingress interfaces to the egress interfaces through service devices that perform the services of the list. The controller may generate network paths for network policies based on network topology information and/or current network conditions maintained at the controller.Type: GrantFiled: March 18, 2015Date of Patent: May 14, 2019Assignee: Big Switch Networks, Inc.Inventors: Munish Mehta, Robert Edward Adams, Rao Sandeep Hebbani Raghavendra, Srinivasan Ramasubramanian
-
Publication number: 20190141010Abstract: According to one or more embodiments of this disclosure, a network controller in a data center network establishes a translation table for in-band traffic in a data center network, the translation table resolves ambiguous network addresses based on one or more of a virtual network identifier (VNID), a routable tenant address, or a unique loopback address. The network controller device receives packets originating from applications and/or an endpoints operating in a network segment associated with a VNID. The network controller device translates, using the translation table, unique loopback addresses and/or routable tenant addresses associated with the packets into routable tenant addresses and/or unique loopback addresses, respectively.Type: ApplicationFiled: December 31, 2018Publication date: May 9, 2019Inventors: Vijay Chander, Yibin Yang, Praveen Jain, Munish Mehta
-
Patent number: 10171357Abstract: According to one or more embodiments of this disclosure, a network controller in a data center network establishes a translation table for in-band traffic in a data center network, the translation table resolves ambiguous network addresses based on one or more of a virtual network identifier (VNID), a routable tenant address, or a unique loopback address. The network controller device receives packets originating from applications and/or an endpoints operating in a network segment associated with a VNID. The network controller device translates, using the translation table, unique loopback addresses and/or routable tenant addresses associated with the packets into routable tenant addresses and/or unique loopback addresses, respectively.Type: GrantFiled: July 12, 2016Date of Patent: January 1, 2019Assignee: CISCO TECHNOLOGY, INC.Inventors: Vijay Chander, Yibin Yang, Praveen Jain, Munish Mehta
-
Patent number: 10171507Abstract: Microsegmentation in a heterogeneous software-defined network can be performed by classifying endpoints associated with a first virtualized environment into respective endpoint groups based on respective attributes, and classifying endpoints associated with a second virtualized environment into respective security groups based on respective attributes. Each respective endpoint group can correspond to a respective security group having the same attribute. Each respective endpoint group and corresponding security group can be associated with a respective policy model defining rules for processing associated traffic. Each of the respective security groups can be used to generate a respective network attribute endpoint group, which can include the network addresses of those endpoints in the respective security group. Each respective network attribute endpoint group can inherit the policy model of the respective endpoint group corresponding to the respective security group.Type: GrantFiled: May 19, 2016Date of Patent: January 1, 2019Assignee: CISCO TECHNOLOGY, INC.Inventors: Praveen Jain, Munish Mehta, Saurabh Jain, Yibin Yang
-
Publication number: 20180159781Abstract: Presented herein are traffic pruning techniques that define the pruning at the group level. A software defined network (SDN) controller determines first and second endpoint groups (EPGs) of an SDN associated with the SDN controller. The SDN runs on a plurality of networking devices that interconnect a plurality of endpoints that are each attached to one or more host devices. The SDN controller determines a host-EPG mapping for the SDN, as well as a networking device-host mapping for the SDN. The SDN controller then uses the host-EPG mapping, the networking device-host mapping, and one or more group-based policies associated with traffic sent from the first EPG to the second EPG to compute hardware pruning policies defining how to prune multi-destination traffic sent from the first EPG to the second EPG. The hardware pruning policies are then installed in one or more of the networking devices or the host devices.Type: ApplicationFiled: December 2, 2016Publication date: June 7, 2018Inventors: Munish Mehta, Saurabh Jain, Praveen Jain, Ronak K. Desai, Yibin Yang
-
Publication number: 20180139150Abstract: The techniques presented herein use dynamic endpoint group (EPG) binding changes to facilitate cross-tenant resource sharing. A first node of a multi-tenant software defined network determines that an application on a first endpoint has initiated operation and needs temporary access to resources located at a second endpoint. The first and second endpoints are associated with first and second tenants, respectively, that are logically segregated from one another by the software defined network. The first node dynamically changes an initial EPG binding associated with the first endpoint to a second EPG binding that enables the first endpoint to temporarily directly access the resources at the second endpoint. The first node subsequently determines that the application on the first endpoint no longer needs access to the resources located at a second endpoint and, as such, changes the second EPG binding associated with the first endpoint back to the initial EPG binding.Type: ApplicationFiled: November 16, 2016Publication date: May 17, 2018Inventors: Saurabh Jain, Vijay K. Chander, Vijayan Ramakrishnan, Ronak K. Desai, Praveen Jain, Munish Mehta, Yibin Yang
-
Publication number: 20170346736Abstract: According to one or more embodiments of this disclosure, a network controller in a data center network establishes a translation table for in-band traffic in a data center network, the translation table resolves ambiguous network addresses based on one or more of a virtual network identifier (VNID), a routable tenant address, or a unique loopback address. The network controller device receives packets originating from applications and/or an endpoints operating in a network segment associated with a VNID. The network controller device translates, using the translation table, unique loopback addresses and/or routable tenant addresses associated with the packets into routable tenant addresses and/or unique loopback addresses, respectively.Type: ApplicationFiled: July 12, 2016Publication date: November 30, 2017Inventors: Vijay Chander, Yibin Yang, Praveen Jain, Munish Mehta
-
Publication number: 20170339188Abstract: Microsegmentation in a heterogeneous software-defined network can be performed by classifying endpoints associated with a first virtualized environment into respective endpoint groups based on respective attributes, and classifying endpoints associated with a second virtualized environment into respective security groups based on respective attributes. Each respective endpoint group can correspond to a respective security group having the same attribute. Each respective endpoint group and corresponding security group can be associated with a respective policy model defining rules for processing associated traffic. Each of the respective security groups can be used to generate a respective network attribute endpoint group, which can include the network addresses of those endpoints in the respective security group. Each respective network attribute endpoint group can inherit the policy model of the respective endpoint group corresponding to the respective security group.Type: ApplicationFiled: May 19, 2016Publication date: November 23, 2017Inventors: Praveen Jain, Munish Mehta, Saurabh Jain, Yibin Yang