Patents by Inventor Murukanandam Panchalingam
Murukanandam Panchalingam has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11924160Abstract: Techniques for management of traffic in a network. The techniques provide application awareness in a Network Address Translation (NAT) system. In some examples, a first traffic is received at a first switch in a network from a first application hosted behind the first switch. The first switch identifies a first resource tag associated with the application from the first traffic. Further, the first switch identifies a first rule from the first resource tag indicating that the first traffic is to be routed through an intermediate device that performs network address translation. Moreover, the first switch transmits the traffic to an intermediate device, which perform NAT to translate the source IP address of the first traffic to a second IP address. Finally, the intermediate device sends the traffic to a destination device indicated by the first traffic.Type: GrantFiled: February 22, 2022Date of Patent: March 5, 2024Assignee: CISCO TECHNOLOGY, INC.Inventors: Murukanandam Panchalingam, Umamaheswararao Karyampudi, Sudhakar Chunduru, Junyun Li, Ajay Kumar Modi
-
Publication number: 20240056386Abstract: An embodiment of the present disclosure is directed a set of data centers and associated controls in which the data centers include network fabric comprises network routing devices configured to route bi-directional traffic symmetrically through insertable service, e.g., via the associated inter-site and intra-site controls, for a given set of policies or contracts using an ASIC or circuit-assisted arithmetic logic, enforcing such policies at the local network devices, to deterministically select the insertable services.Type: ApplicationFiled: August 11, 2022Publication date: February 15, 2024Inventors: Murukanandam Panchalingam, Rajagopalan Janakiraman, Muralidhar Annabatula, Junyun Li, Hari Hara Prasad Muthulingam
-
Patent number: 11863591Abstract: Systems, methods, and computer-readable media for on-demand security provisioning using whitelist and blacklist rules. In some examples, a system in a network including a plurality of pods can configure security policies for a first endpoint group (EPG) in a first pod, the security policies including blacklist and whitelist rules defining traffic security enforcement rules for communications between the first EPG and a second EPG in a second pods in the network. The system can assign respective implicit priorities to the one or more security policies based on a respective specificity of each policy, wherein more specific policies are assigned higher priorities than less specific policies. The system can respond to a detected move of a virtual machine associated with the first EPG to a second pod in the network by dynamically provisioning security policies for the first EPG in the second pod and removing security policies from the first pod.Type: GrantFiled: November 22, 2022Date of Patent: January 2, 2024Assignee: Cisco Technology, Inc.Inventors: Murukanandam Panchalingam, Umamaheswararao Karyampudi, Gianluca Mardente, Aram Aghababyan
-
Publication number: 20230096045Abstract: Systems, methods, and computer-readable media for on-demand security provisioning using whitelist and blacklist rules. In some examples, a system in a network including a plurality of pods can configure security policies for a first endpoint group (EPG) in a first pod, the security policies including blacklist and whitelist rules defining traffic security enforcement rules for communications between the first EPG and a second EPG in a second pods in the network. The system can assign respective implicit priorities to the one or more security policies based on a respective specificity of each policy, wherein more specific policies are assigned higher priorities than less specific policies. The system can respond to a detected move of a virtual machine associated with the first EPG to a second pod in the network by dynamically provisioning security policies for the first EPG in the second pod and removing security policies from the first pod.Type: ApplicationFiled: November 22, 2022Publication date: March 30, 2023Inventors: Murukanandam Panchalingam, Umamaheswararao Karyampudi, Gianluca Mardente, Aram Aghababyan
-
Publication number: 20230046070Abstract: Techniques for management of traffic in a network. The techniques provide application awareness in a Network Address Translation (NAT) system. In some examples, a first traffic is received at a first switch in a network from a first application hosted behind the first switch. The first switch identifies a first resource tag associated with the application from the first traffic. Further, the first switch identifies a first rule from the first resource tag indicating that the first traffic is to be routed through an intermediate device that performs network address translation. Moreover, the first switch transmits the traffic to an intermediate device, which perform NAT to translate the source IP address of the first traffic to a second IP address. Finally, the intermediate device sends the traffic to a destination device indicated by the first traffic.Type: ApplicationFiled: February 22, 2022Publication date: February 16, 2023Inventors: Murukanandam Panchalingam, Umamaheswararao Karyampudi, Sudhakar Chunduru, Junyun Li, Ajay Kumar Modi
-
Patent number: 11533340Abstract: Systems, methods, and computer-readable media for on-demand security provisioning using whitelist and blacklist rules. In some examples, a system in a network including a plurality of pods can configure security policies for a first endpoint group (EPG) in a first pod, the security policies including blacklist and whitelist rules defining traffic security enforcement rules for communications between the first EPG and a second EPG in a second pods in the network. The system can assign respective implicit priorities to the one or more security policies based on a respective specificity of each policy, wherein more specific policies are assigned higher priorities than less specific policies. The system can respond to a detected move of a virtual machine associated with the first EPG to a second pod in the network by dynamically provisioning security policies for the first EPG in the second pod and removing security policies from the first pod.Type: GrantFiled: January 11, 2021Date of Patent: December 20, 2022Assignee: Cisco Technology, Inc.Inventors: Murukanandam Panchalingam, Umamaheswararao Karyampudi, Gianluca Mardente, Aram Aghababyan
-
Publication number: 20210136124Abstract: Systems, methods, and computer-readable media for on-demand security provisioning using whitelist and blacklist rules. In some examples, a system in a network including a plurality of pods can configure security policies for a first endpoint group (EPG) in a first pod, the security policies including blacklist and whitelist rules defining traffic security enforcement rules for communications between the first EPG and a second EPG in a second pods in the network. The system can assign respective implicit priorities to the one or more security policies based on a respective specificity of each policy, wherein more specific policies are assigned higher priorities than less specific policies. The system can respond to a detected move of a virtual machine associated with the first EPG to a second pod in the network by dynamically provisioning security policies for the first EPG in the second pod and removing security policies from the first pod.Type: ApplicationFiled: January 11, 2021Publication date: May 6, 2021Inventors: Murukanandam Panchalingam, Umamaheswararao Karyampudi, Gianluca Mardente, Aram Aghababyan
-
Publication number: 20210044625Abstract: Disclosed are systems, methods, and computer-readable storage media for guaranteeing symmetric bi-directional policy based redirect of traffic flows. A first switch connected to a first endpoint can receive a first data packet transmitted by the first endpoint to a second endpoint connected to a second switch. The first switch can enforce an ingress data policy to the first data packet by applying a hashing algorithm to a Source Internet Protocol (SIP) value and a Destination Internet Protocol (DIP) value of the first data packet, resulting in a hash value of the first data packet. The first switch can then route the first data packet to a first service node based on the hash value of the first data packet.Type: ApplicationFiled: October 23, 2020Publication date: February 11, 2021Inventors: Murukanandam Panchalingam, Umamaheswararao Karyampudi, Pirabhu Raman, Sameer Merchant
-
Patent number: 10917436Abstract: Systems, methods, and computer-readable media for on-demand security provisioning using whitelist and blacklist rules. In some examples, a system in a network including a plurality of pods can configure security policies for a first endpoint group (EPG) in a first pod, the security policies including blacklist and whitelist rules defining traffic security enforcement rules for communications between the first EPG and a second EPG in a second pods in the network. The system can assign respective implicit priorities to the one or more security policies based on a respective specificity of each policy, wherein more specific policies are assigned higher priorities than less specific policies. The system can respond to a detected move of a virtual machine associated with the first EPG to a second pod in the network by dynamically provisioning security policies for the first EPG in the second pod and removing security policies from the first pod.Type: GrantFiled: June 21, 2018Date of Patent: February 9, 2021Assignee: CISCO TECHNOLOGY, INC.Inventors: Murukanandam Panchalingam, Umamaheswararao Karyampudi, Gianluca Mardente, Aram Aghababyan
-
Patent number: 10819753Abstract: Disclosed are systems, methods, and computer-readable storage media for guaranteeing symmetric bi-directional policy based redirect of traffic flows. A first switch connected to a first endpoint can receive a first data packet transmitted by the first endpoint to a second endpoint connected to a second switch. The first switch can enforce an ingress data policy to the first data packet by applying a hashing algorithm to a Source Internet Protocol (SIP) value and a Destination Internet Protocol (DIP) value of the first data packet, resulting in a hash value of the first data packet. The first switch can then route the first data packet to a first service node based on the hash value of the first data packet.Type: GrantFiled: September 11, 2019Date of Patent: October 27, 2020Assignee: CISCO TECHNOLOGY, INC.Inventors: Murukanandam Panchalingam, Umamaheswararao Karyampudi, Pirabhu Raman, Sameer Merchant
-
Publication number: 20200007591Abstract: Disclosed are systems, methods, and computer-readable storage media for guaranteeing symmetric bi-directional policy based redirect of traffic flows. A first switch connected to a first endpoint can receive a first data packet transmitted by the first endpoint to a second endpoint connected to a second switch. The first switch can enforce an ingress data policy to the first data packet by applying a hashing algorithm to a Source Internet Protocol (SIP) value and a Destination Internet Protocol (DIP) value of the first data packet, resulting in a hash value of the first data packet. The first switch can then route the first data packet to a first service node based on the hash value of the first data packet.Type: ApplicationFiled: September 11, 2019Publication date: January 2, 2020Inventors: Murukanandam Panchalingam, Umamaheswararao Karyampudi, Pirabhu Raman, Sameer Merchant
-
Publication number: 20190297114Abstract: Systems, methods, and computer-readable media for on-demand security provisioning using whitelist and blacklist rules. In some examples, a system in a network including a plurality of pods can configure security policies for a first endpoint group (EPG) in a first pod, the security policies including blacklist and whitelist rules defining traffic security enforcement rules for communications between the first EPG and a second EPG in a second pods in the network. The system can assign respective implicit priorities to the one or more security policies based on a respective specificity of each policy, wherein more specific policies are assigned higher priorities than less specific policies. The system can respond to a detected move of a virtual machine associated with the first EPG to a second pod in the network by dynamically provisioning security policies for the first EPG in the second pod and removing security policies from the first pod.Type: ApplicationFiled: June 21, 2018Publication date: September 26, 2019Inventors: Murukanandam Panchalingam, Umamaheswararao Karyampudi, Gianluca Mardente, Aram Aghababyan
-
Patent number: 10419496Abstract: Disclosed are systems, methods, and computer-readable storage media for guaranteeing symmetric bi-directional policy based redirect of traffic flows. A first switch connected to a first endpoint can receive a first data packet transmitted by the first endpoint to a second endpoint connected to a second switch. The first switch can enforce an ingress data policy to the first data packet by applying a hashing algorithm to a Source Internet Protocol (SIP) value and a Destination Internet Protocol (DIP) value of the first data packet, resulting in a hash value of the first data packet. The first switch can then route the first data packet to a first service node based on the hash value of the first data packet.Type: GrantFiled: June 17, 2016Date of Patent: September 17, 2019Assignee: CISCO TECHNOLOGY, INC.Inventors: Murukanandam Panchalingam, Umamaheswararao Karyampudi, Pirabhu Raman, Sameer Merchant
-
Patent number: 10230628Abstract: Systems, methods, and computer-readable storage media for executing a copy service. A copy service engine can monitoring network data flow in a network, detect packet data containing a contract defining copy parameters for the execution of a copy service, and determine, based on the contract, when the particular data flow hits a particular network node specified in the contract parameters. When the data flow hits the specified node, the copy service engine can execute the copy service which copies the particular data flow, determines one or more endpoints for sending the copied data flow, and deploys the copies to the one or more endpoints.Type: GrantFiled: July 22, 2016Date of Patent: March 12, 2019Assignee: Cisco Technology, Inc.Inventors: Pavithra Ramaswamy, Umamaheswararao Karyampudi, Murukanandam Panchalingam, Harish Manoharan, Santosh Golecha, Pirabhu Raman
-
Publication number: 20170366506Abstract: Disclosed are systems, methods, and computer-readable storage media for guaranteeing symmetric bi-directional policy based redirect of traffic flows. A first switch connected to a first endpoint can receive a first data packet transmitted by the first endpoint to a second endpoint connected to a second switch. The first switch can enforce an ingress data policy to the first data packet by applying a hashing algorithm to a Source Internet Protocol (SIP) value and a Destination Internet Protocol (DIP) value of the first data packet, resulting in a hash value of the first data packet. The first switch can then route the first data packet to a first service node based on the hash value of the first data packet.Type: ApplicationFiled: June 17, 2016Publication date: December 21, 2017Inventors: Murukanandam Panchalingam, Umamaheswararao Karyampudi, Pirabhu Raman, Sameer Merchant
-
Publication number: 20170302569Abstract: Systems, methods, and computer-readable storage media for executing a copy service. A copy service engine can monitoring network data flow in a network, detect packet data containing a contract defining copy parameters for the execution of a copy service, and determine, based on the contract, when the particular data flow hits a particular network node specified in the contract parameters. When the data flow hits the specified node, the copy service engine can execute the copy service which copies the particular data flow, determines one or more endpoints for sending the copied data flow, and deploys the copies to the one or more endpoints.Type: ApplicationFiled: July 22, 2016Publication date: October 19, 2017Inventors: Pavithra Ramaswamy, Umamaheswararao Karyampudi, Murukanandam Panchalingam, Harish Manoharan, Santosh Golecha, Pirabhu Raman