Patents by Inventor Pirabhu Raman
Pirabhu Raman has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11949589Abstract: Network traffic flows can be processed by routers, switches, or service nodes. Service nodes may be ASICs that can provide the functionality of a switch or a router. Service nodes can be configured in a circular replication chain, thereby providing benefits such as high reliability. The service nodes can implement methods that include receiving a first packet that includes a source address in a source address field and that includes a destination address in a destination address field, routing the first packet to a selected service node that is in a circular replication chain that includes a plurality of service nodes that have local flow tables and are configured for chain replication of the local flow tables, producing a second packet by using a matching flow table entry of the first packet to process the first packet, and sending the second packet toward a destination indicated by the destination address.Type: GrantFiled: June 30, 2021Date of Patent: April 2, 2024Assignee: Pensando Systems Inc.Inventors: Krishna Doddapaneni, Sarat Kamisetty, Balakrishnan Raman, Chandrasekaran Swaminathan, Maruthi Ram Namburu, Vijay Sampath, Akshay Nadahalli, Pirabhu Raman, John Cruz
-
Patent number: 11726957Abstract: Network appliances can record log entries in log objects. An object store can receive the log objects and can use the log objects to create index objects and flow log objects. Each flow log object and index object can be associated with a time period wherein the flow log object includes flow log entries received during that time period. The index object includes shard tables that can be stored in different nonvolatile memories and can thereby be concurrently searched. Shard entries in the shard tables indicate flow entry indicators. The flow entry indicators indicate log entries in the flow log object. An internally indexed searchable object can include the flow log object and the index object. Numerous indexed fields in the flow log entries and can be indexed with each indexed field searchable via the shard entries.Type: GrantFiled: April 7, 2021Date of Patent: August 15, 2023Assignee: Pensando Systems Inc.Inventors: Shrey Ajmera, Vipin Jain, Enrico Schiattarella, Pirabhu Raman
-
Publication number: 20230069844Abstract: Synchronizing the databases maintained by network appliances can support high availability or high throughput topologies, but also consumes the devices' processing resources. To address that resource consumption, the network appliance's packet processing pipeline circuits can process synchronization packets to thereby synchronize the databases. A local data structure can be in a first local state. Processing a network packet can result in changing the local data structure to a second local state. A state sync packet can include state transition data that indicates a state difference between the first local state and the second local state. The state sync packet can be sent to a peer device that is configured to process the state transition data using the peer device's packet processing pipeline circuit. The peer device's packet processing pipeline can use the state transition data to update a peer device data structure that is in the peer device.Type: ApplicationFiled: August 25, 2021Publication date: March 9, 2023Inventors: Varagur Chandrasekaran, Akshaya Nadahalli, Balakrishnan Raman, Chandrasekaran Swaminathan, John Cruz, Maruthi Ram Namburu, Pirabhu Raman, Vijay Sampath, Vipin Jain
-
Publication number: 20220377013Abstract: Network traffic flows can be processed by routers, switches, or service nodes. Service nodes may be ASICs that can provide the functionality of a switch or a router. Service nodes can be configured in a circular replication chain, thereby providing benefits such as high reliability. The service nodes can implement methods that include receiving a first packet that includes a source address in a source address field and that includes a destination address in a destination address field, routing the first packet to a selected service node that is in a circular replication chain that includes a plurality of service nodes that have local flow tables and are configured for chain replication of the local flow tables, producing a second packet by using a matching flow table entry of the first packet to process the first packet, and sending the second packet toward a destination indicated by the destination address.Type: ApplicationFiled: June 30, 2021Publication date: November 24, 2022Inventors: Krishna Doddapaneni, Sarat Kamisetty, Balakrishnan Raman, Chandrasekaran Swaminathan, Maruthi Ram Namburu, Vijay Sampath, Akshay Nadahalli, Pirabhu Raman, John Cruz
-
Publication number: 20220335008Abstract: Network appliances can record log entries in log objects. An object store can receive the log objects and can use the log objects to create index objects and flow log objects. Each flow log object and index object can be associated with a time period wherein the flow log object includes flow log entries received during that time period. The index object includes shard tables that can be stored in different nonvolatile memories and can thereby be concurrently searched. Shard entries in the shard tables indicate flow entry indicators. The flow entry indicators indicate log entries in the flow log object. An internally indexed searchable object can include the flow log object and the index object. Numerous indexed fields in the flow log entries and can be indexed with each indexed field searchable via the shard entries.Type: ApplicationFiled: April 7, 2021Publication date: October 20, 2022Inventors: Shrey Ajmera, Vipin Jain, Enrico Schiattarella, Pirabhu Raman
-
Publication number: 20220327123Abstract: Network appliances can record log entries in log objects. An object store can receive the log objects and can use the log objects to create index objects and flow log objects. Each flow log object and index object can be associated with a time period wherein the flow log object includes flow log entries received during that time period. The index object includes shard tables that can be stored in different nonvolatile memories and can thereby be concurrently searched. Shard entries in the shard tables indicate flow entry indicators. The flow entry indicators indicate log entries in the flow log object. An internally indexed searchable object can include the flow log object and the index object. Numerous indexed fields in the flow log entries and can be indexed with each indexed field searchable via the shard entries.Type: ApplicationFiled: June 2, 2021Publication date: October 13, 2022Inventors: Shrey Ajmera, Enrico Schiattarella, Pirabhu Raman, Vipin Jain
-
Patent number: 11416435Abstract: Described are platforms, systems, and methods for processing a chain of operations through an input output (IO) subsystem without central processing unit (CPU) involvement. In one aspect, a computer-implemented method comprises: providing, via the CPU, the chain of operations to the IO subsystem, wherein the IO subsystem is coupled to the one or more processors over Peripheral Component Interconnect Express (PCIe); processing, with the IO subsystem, the chain of operations by: retrieving, from a memory, data associated with the chain of operations; executing each of the operations in the chain to determine an output based on the data and output determined for any prior executed operation in the chain; and providing the output of each the executed operations for execution of the respective next operation in the chain; and providing, via the IO subsystem, an output for the chain of operations to the CPU.Type: GrantFiled: September 3, 2019Date of Patent: August 16, 2022Assignee: PENSANDO SYSTEMS INC.Inventors: Pirabhu Raman, Tuyen Van Quoc, Paul Mathison, Mohankumar R. Tiruvayapadi
-
Patent number: 11374859Abstract: A network appliance can queue a first packet and a second packet of a network traffic flow in an input queue of a match-action pipeline. The match-action pipeline can be implemented via a packet processing circuit of the network appliance and can be configured to process a plurality of network traffic flows. Submitting the first packet to the match-action pipeline can cause a first flow miss. The second packet can be moved to a burst queue of the network appliance and a match-action configuration can be generated based on the first packet. The second packet can be moved from the burst queue to the input queue after the match-action pipeline is configured with the match-action configuration. The match-action pipeline can then process the second packet.Type: GrantFiled: August 4, 2020Date of Patent: June 28, 2022Assignee: Pensando Systems, Inc.Inventors: Sameer Kittur Subrahmanya, Vijay Sampath, Sarat Kamisetty, Pirabhu Raman, Krishna Doddapaneni, Raghava Kodigenahalli Sivaramu
-
Publication number: 20220045940Abstract: A network appliance can queue a first packet and a second packet of a network traffic flow in an input queue of a match-action pipeline. The match-action pipeline can be implemented via a packet processing circuit of the network appliance and can be configured to process a plurality of network traffic flows. Submitting the first packet to the match-action pipeline can cause a first flow miss. The second packet can be moved to a burst queue of the network appliance and a match-action configuration can be generated based on the first packet. The second packet can be moved from the burst queue to the input queue after the match-action pipeline is configured with the match-action configuration. The match-action pipeline can then process the second packet.Type: ApplicationFiled: August 4, 2020Publication date: February 10, 2022Inventors: Sameer Kittur SUBRAHMANYA, Vijay SAMPATH, Sarat KAMISETTY, Pirabhu RAMAN, Krishna DODDAPANENI, Raghava Kodigenahalli SIVARAMU
-
Patent number: 10997106Abstract: Described are programmable IO devices installed on a host device and configured to execute instructions that cause the programmable IO device to perform operations to establish a virtual link between another programmable IO device installed on the host device and provide a data plane using the virtual link. These operations comprise: establishing the virtual link with the other programmable IO device installed on the host device, wherein the virtual link provides a communication channel between the programmable IO devices; providing the data plane by establishing, with the other programmable IO device via the virtual link, a data path associated with the data plane; receiving a packet in the data plane destined for the other programmable IO device; and forwarding the packet to the other programmable IO device via the virtual link.Type: GrantFiled: September 22, 2020Date of Patent: May 4, 2021Assignee: PENSANDO SYTEMS INC.Inventors: Bharat Bandaru, Pirabhu Raman, J. Bradley Smith
-
Publication number: 20210064561Abstract: Described are platforms, systems, and methods for processing a chain of operations through an input output (IO) subsystem without central processing unit (CPU) involvement. In one aspect, a computer-implemented method comprises: providing, via the CPU, the chain of operations to the IO subsystem, wherein the IO subsystem is coupled to the one or more processors over Peripheral Component Interconnect Express (PCIe); processing, with the IO subsystem, the chain of operations by: retrieving, from a memory, data associated with the chain of operations; executing each of the operations in the chain to determine an output based on the data and output determined for any prior executed operation in the chain; and providing the output of each the executed operations for execution of the respective next operation in the chain; and providing, via the IO subsystem, an output for the chain of operations to the CPU.Type: ApplicationFiled: September 3, 2019Publication date: March 4, 2021Inventors: Pirabhu RAMAN, Tuyen Van QUOC, Paul MATHISON, Mohankumar R. TIRUVAYAPADI
-
Publication number: 20210044625Abstract: Disclosed are systems, methods, and computer-readable storage media for guaranteeing symmetric bi-directional policy based redirect of traffic flows. A first switch connected to a first endpoint can receive a first data packet transmitted by the first endpoint to a second endpoint connected to a second switch. The first switch can enforce an ingress data policy to the first data packet by applying a hashing algorithm to a Source Internet Protocol (SIP) value and a Destination Internet Protocol (DIP) value of the first data packet, resulting in a hash value of the first data packet. The first switch can then route the first data packet to a first service node based on the hash value of the first data packet.Type: ApplicationFiled: October 23, 2020Publication date: February 11, 2021Inventors: Murukanandam Panchalingam, Umamaheswararao Karyampudi, Pirabhu Raman, Sameer Merchant
-
Patent number: 10819753Abstract: Disclosed are systems, methods, and computer-readable storage media for guaranteeing symmetric bi-directional policy based redirect of traffic flows. A first switch connected to a first endpoint can receive a first data packet transmitted by the first endpoint to a second endpoint connected to a second switch. The first switch can enforce an ingress data policy to the first data packet by applying a hashing algorithm to a Source Internet Protocol (SIP) value and a Destination Internet Protocol (DIP) value of the first data packet, resulting in a hash value of the first data packet. The first switch can then route the first data packet to a first service node based on the hash value of the first data packet.Type: GrantFiled: September 11, 2019Date of Patent: October 27, 2020Assignee: CISCO TECHNOLOGY, INC.Inventors: Murukanandam Panchalingam, Umamaheswararao Karyampudi, Pirabhu Raman, Sameer Merchant
-
Publication number: 20200007591Abstract: Disclosed are systems, methods, and computer-readable storage media for guaranteeing symmetric bi-directional policy based redirect of traffic flows. A first switch connected to a first endpoint can receive a first data packet transmitted by the first endpoint to a second endpoint connected to a second switch. The first switch can enforce an ingress data policy to the first data packet by applying a hashing algorithm to a Source Internet Protocol (SIP) value and a Destination Internet Protocol (DIP) value of the first data packet, resulting in a hash value of the first data packet. The first switch can then route the first data packet to a first service node based on the hash value of the first data packet.Type: ApplicationFiled: September 11, 2019Publication date: January 2, 2020Inventors: Murukanandam Panchalingam, Umamaheswararao Karyampudi, Pirabhu Raman, Sameer Merchant
-
Patent number: 10419496Abstract: Disclosed are systems, methods, and computer-readable storage media for guaranteeing symmetric bi-directional policy based redirect of traffic flows. A first switch connected to a first endpoint can receive a first data packet transmitted by the first endpoint to a second endpoint connected to a second switch. The first switch can enforce an ingress data policy to the first data packet by applying a hashing algorithm to a Source Internet Protocol (SIP) value and a Destination Internet Protocol (DIP) value of the first data packet, resulting in a hash value of the first data packet. The first switch can then route the first data packet to a first service node based on the hash value of the first data packet.Type: GrantFiled: June 17, 2016Date of Patent: September 17, 2019Assignee: CISCO TECHNOLOGY, INC.Inventors: Murukanandam Panchalingam, Umamaheswararao Karyampudi, Pirabhu Raman, Sameer Merchant
-
Patent number: 10230628Abstract: Systems, methods, and computer-readable storage media for executing a copy service. A copy service engine can monitoring network data flow in a network, detect packet data containing a contract defining copy parameters for the execution of a copy service, and determine, based on the contract, when the particular data flow hits a particular network node specified in the contract parameters. When the data flow hits the specified node, the copy service engine can execute the copy service which copies the particular data flow, determines one or more endpoints for sending the copied data flow, and deploys the copies to the one or more endpoints.Type: GrantFiled: July 22, 2016Date of Patent: March 12, 2019Assignee: Cisco Technology, Inc.Inventors: Pavithra Ramaswamy, Umamaheswararao Karyampudi, Murukanandam Panchalingam, Harish Manoharan, Santosh Golecha, Pirabhu Raman
-
Patent number: 10020989Abstract: An administrator can define or modify one or more service graphs. Next, the administrator can register service appliances along with their device package files with a controller. Then, the controller can establish the capabilities of the service devices, and classify the service devices as legacy or service tag switching (STS) capable devices. Then, the controller can create one or more instances of the service graph, by populating the service nodes into the service graph. Then, the application owner can attach their endpoint groups (EPGs) to the service graphs created by the administrator. Then, a service in the network can be automatically provisioned using the service graph to configure one or more nodes in an associated service chain of the service according to information in the service graph.Type: GrantFiled: June 30, 2016Date of Patent: July 10, 2018Assignee: CISCO TECHNOLOGY, INC.Inventors: Navindra Yadav, Sameer Merchant, Pirabhu Raman, Amit Jain
-
Publication number: 20170366506Abstract: Disclosed are systems, methods, and computer-readable storage media for guaranteeing symmetric bi-directional policy based redirect of traffic flows. A first switch connected to a first endpoint can receive a first data packet transmitted by the first endpoint to a second endpoint connected to a second switch. The first switch can enforce an ingress data policy to the first data packet by applying a hashing algorithm to a Source Internet Protocol (SIP) value and a Destination Internet Protocol (DIP) value of the first data packet, resulting in a hash value of the first data packet. The first switch can then route the first data packet to a first service node based on the hash value of the first data packet.Type: ApplicationFiled: June 17, 2016Publication date: December 21, 2017Inventors: Murukanandam Panchalingam, Umamaheswararao Karyampudi, Pirabhu Raman, Sameer Merchant
-
Publication number: 20170302569Abstract: Systems, methods, and computer-readable storage media for executing a copy service. A copy service engine can monitoring network data flow in a network, detect packet data containing a contract defining copy parameters for the execution of a copy service, and determine, based on the contract, when the particular data flow hits a particular network node specified in the contract parameters. When the data flow hits the specified node, the copy service engine can execute the copy service which copies the particular data flow, determines one or more endpoints for sending the copied data flow, and deploys the copies to the one or more endpoints.Type: ApplicationFiled: July 22, 2016Publication date: October 19, 2017Inventors: Pavithra Ramaswamy, Umamaheswararao Karyampudi, Murukanandam Panchalingam, Harish Manoharan, Santosh Golecha, Pirabhu Raman
-
Publication number: 20160315811Abstract: An administrator can define or modify one or more service graphs. Next, the administrator can register service appliances along with their device package files with a controller. Then, the controller can establish the capabilities of the service devices, and classify the service devices as legacy or service tag switching (STS) capable devices. Then, the controller can create one or more instances of the service graph, by populating the service nodes into the service graph. Then, the application owner can attach their endpoint groups (EPGs) to the service graphs created by the administrator. Then, a service in the network can be automatically provisioned using the service graph to configure one or more nodes in an associated service chain of the service according to information in the service graph.Type: ApplicationFiled: June 30, 2016Publication date: October 27, 2016Inventors: Navindra Yadav, Sameer Merchant, Pirabhu Raman, Amit Jain