Patents by Inventor Rajkumar Jalan

Rajkumar Jalan has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Patent number: 10389835
    Abstract: Described herein are methods and systems for application aware fastpath processing over a data network. In some examples, application fastpath operates to facilitate application specific fastpath processing of data packets transferred between a client device and a server device over a network session of a data network.
    Type: Grant
    Filed: January 10, 2017
    Date of Patent: August 20, 2019
    Assignee: A10 Networks, Inc.
    Inventors: Rajkumar Jalan, Rishi Sampat, Swaminathan Sankar
  • Patent number: 10348631
    Abstract: Methods and systems for load balancing are disclosed. An example method for load balancing commences with receiving a data packet from a host device. The method further includes identifying a header field of the data packet. After identifying the header field of the data packet, the method proceeds with matching the data packet to a network service based on the header field. Thereafter, the method generates a header field block for the data packet based on the network service. The method further includes sending the data packet to a processor module. The data packet is processed based on the header field block.
    Type: Grant
    Filed: November 16, 2017
    Date of Patent: July 9, 2019
    Assignee: A10 Networks, Inc.
    Inventors: Gurudeep Kamat, Ian E. Davis, Rajkumar Jalan
  • Patent number: 10341427
    Abstract: In providing packet forwarding policies in a virtual service network that includes a network node and a pool of service load balancers serving a virtual service, the network node: receives a virtual service session request from a client device, the request including a virtual service network address for the virtual service; compares the virtual service network address in the request with the virtual service network address in each at least one packet forwarding policy; in response to finding a match between the virtual service network address in the request and a given virtual service network address in a given packet forwarding policy, determines the given destination in the given packet forwarding policy; and sends the request to a service load balancer in the pool of service load balancers associated with the given destination, where the service load balancer establishes a virtual service session with the client device.
    Type: Grant
    Filed: December 29, 2016
    Date of Patent: July 2, 2019
    Assignee: A10 Networks, Inc.
    Inventors: Rajkumar Jalan, Gurudeep Kamat
  • Patent number: 10318288
    Abstract: Facilitation of processing a chain of network applications by a network controller is provided herein. In some examples, a network controller comprising a fast path module receives a service request data packet from a client side session between a client and the network controller and determines that the service request data packet matches a network application chain order, the network application chain order indicating a configuration to apply a plurality of network applications. The fast path module processes the service request data packet according to the configuration indicated in the network application chain order.
    Type: Grant
    Filed: January 13, 2016
    Date of Patent: June 11, 2019
    Assignee: A10 Networks, Inc.
    Inventors: Rajkumar Jalan, Rishi Sampat, Swaminathan Sankar
  • Patent number: 10305904
    Abstract: Facilitation of secure network traffic by an application delivery controller is provided herein. In some examples, a method includes: (a) receiving a data packet with information from a client indicating that the client is a trusted source; (b) embedding in the data packet a transmission control protocol (TCP) options header, the TCP options header comprising information including at least a sequence number for a protocol connection; and (c) forwarding the embedded data packet to a server.
    Type: Grant
    Filed: December 29, 2017
    Date of Patent: May 28, 2019
    Assignee: A10 Networks, Inc.
    Inventors: Rajkumar Jalan, Gurudeep Kamat
  • Patent number: 10298457
    Abstract: Methods and systems for synchronization of configuration files of a plurality of blades in a virtual application distribution chassis are disclosed. In an exemplary method, a master blade processes a configuration command, updates a first configuration file with the configuration command and generates an updated tag, and sends a configuration message to at least one slave blade of the virtual application distribution chassis informing of the updated configuration file. The configuration message is received by a given slave blade of the one or more slave blades and compared with a second configuration file stored at the given slave blade; and in response to determining that the updated tag in the configuration message is more recent than the tag in the second configuration file stored at the given slave blade, the slave blade sends a request for the updated configuration file to the master blade.
    Type: Grant
    Filed: January 26, 2018
    Date of Patent: May 21, 2019
    Assignee: A10 Networks, Inc.
    Inventors: Rajkumar Jalan, Dennis Oshiba
  • Publication number: 20190098044
    Abstract: Provided are methods and systems for recognizing network devices as trusted. A system for recognizing network devices as trusted may include a network module, a storage device, and a processor. The network module may be configured to receive a request from a network device to establish a data connection between the network device and a server based on a determination that the network device is trusted. The storage device may be configured to store a whitelist associated with a plurality of trusted network devices. The processor may be configured to determine that the network device is trusted. Based on the determination, the processor may associate the network device with the whitelist for a predetermined period of time.
    Type: Application
    Filed: November 23, 2018
    Publication date: March 28, 2019
    Inventors: Rajkumar Jalan, Gurudeep Kamat, Ronald Wai Lun Szeto
  • Publication number: 20190098083
    Abstract: Provided are methods and systems for distributing application traffic. A method for distributing application traffic may commence with relaying a first service request for a first service session from a service gateway to a server. The first service request may be received from a host and may be associated with a service request time. The method may further include receiving, from the server, a service response. The service response may be associated with a service response time. The method may continue with calculating a service processing time based on the service request time and the service response time and comparing the service processing time with an expected service processing time. The method may further include receiving, from the host, a second service request for a second service session. The method may continue with selectively relaying the second server request to the server based on the service processing time.
    Type: Application
    Filed: November 29, 2018
    Publication date: March 28, 2019
    Inventors: Rajkumar Jalan, Ronald Wai Lun Szeto, Feilong Xu
  • Publication number: 20190089587
    Abstract: Provided are systems and methods for configuring a network servicing node with user-defined instruction scripts. A method for configuring a network servicing node with user-defined instruction scripts may commence with receiving, from a user of the network servicing node, a user loadable program. The user loadable program may include at least the user-defined instruction scripts. The method may continue with receiving a data packet from a data network associated with the user. The method may further include determining a condition associated with the data packet. The method may continue with identifying, in a name table, a program name associated with a program using the condition. The program may be the user loadable program. The method may further include processing the data packet by getting an instruction of the user-defined instruction scripts from a storage module and applying the instruction to the data packet.
    Type: Application
    Filed: October 31, 2018
    Publication date: March 21, 2019
    Inventors: Rishi Sampat, Rajkumar Jalan
  • Publication number: 20190028559
    Abstract: Systems and methods for TCP fast open support in proxy devices are provided. An example system may include at least one circuit and at least one data plane communicatively coupled to the circuit. The circuit may be configured to receive at least one SYN packet. The at least one SYN packet is associated with at least one client device and includes a cookie. The circuit can be configured to validate the cookie. If the result of the validation is positive, the data plane can be configured to initiate, based on the at least one SYN packet, a connection between the at least one client device and at least one server. If the result of the validation is negative, the circuit can be configured to generate, based on the SYN packet, a new cookie and send a SYN-ACK packet to the client, the SYN-ACK packet including the new cookie.
    Type: Application
    Filed: July 18, 2017
    Publication date: January 24, 2019
    Inventors: Rishi Sampat, Rajkumar Jalan
  • Patent number: 10178165
    Abstract: Provided are methods and systems for distributing application traffic. A method for distributing application traffic may commence with receiving, from a host, a first service request for a first service session. The first service request may be associated with a service request time. The method may continue with relaying the first service request from a service gateway to a server. The method may further include receiving, from the server, a service response. The service response may be associated with a service response time. The method may continue with calculating a service processing time for the first service request based on the service request time and the service response time. The method may further include receiving, from the host, a second service request for a second service session. The method may continue with selectively relaying the second server request to the server based on the service processing time.
    Type: Grant
    Filed: January 29, 2018
    Date of Patent: January 8, 2019
    Assignee: A10 Networks, Inc.
    Inventors: Rajkumar Jalan, Ronald Wai Lun Szeto, Feilong Xu
  • Publication number: 20180367567
    Abstract: Provided are methods and systems for network access control. A method for network access control may commence with determining whether a client device is a trusted source or an untrusted source. The determination may be performed using a SYN packet received from the client device. The SYN packet may include identifying information for the client device. When it is determined that the client device is neither the trusted source nor the untrusted source, the method may continue with transmitting a SYN/ACK packet to the client device. The SYN/ACK packet may include a SYN cookie and identifying information for a network device. The method may further include receiving an ACK packet from the client device that may include the identifying information for the client device, identifying information for the network device, and the SYN cookie. The method may continue with establishing a connection with a network for the client device.
    Type: Application
    Filed: August 28, 2018
    Publication date: December 20, 2018
    Inventors: Rajkumar Jalan, Ronald Wai Lun Szeto, Steven Wu
  • Patent number: 10158666
    Abstract: Provided are methods and systems for mitigating a denial of service attack. A system for mitigating a denial of service attack may include a network module, a storage module, and a processor module. The network module may be operable to receive a request from a network device to establish a data connection between the network device and a server based on a determination that the network device is trusted. The storage module may be operable to store a whitelist associated with a plurality of trusted network devices. The processor module may be operable to determine that the network device is trusted. Based on the determination, the processor module may associate the network device with the whitelist for a predetermined period of time.
    Type: Grant
    Filed: July 26, 2016
    Date of Patent: December 18, 2018
    Assignee: A10 Networks, Inc.
    Inventors: Rajkumar Jalan, Gurudeep Kamat, Ronald Wai Lun Szeto
  • Patent number: 10129122
    Abstract: Systems and methods are provided herein. An exemplary servicing node may include: an interface to a data network, the interface coupled to an object machine; and the object machine, the object machine: receiving a data packet from the data network using the network interface, the data packet comprising at least one of a destination address, a destination port number, and an application protocol; determining a condition associated with the at least one of the destination address, the destination port number, and the application protocol; identifying a program name using the condition; executing a program using a name table, the name table linking each of a plurality of program names to a respective program, the executing comprising getting an instruction of the program, the instruction including object information.
    Type: Grant
    Filed: June 24, 2015
    Date of Patent: November 13, 2018
    Assignee: A10 Networks, Inc.
    Inventors: Rishi Sampat, Rajkumar Jalan
  • Publication number: 20180316767
    Abstract: Facilitation of secure network traffic over an application session by an application delivery controller is provided herein. A method for secure network traffic transmission over an application session may include receiving, from a client device, a SYN data packet intended for an application server. The method may continue with determining, based on the SYN data packet, that the client device is a trusted source. The method may further include transmitting, based on the determination that the client device is the trusted source, a SYN/ACK packet to the client device. The SYN/ACK packet may include information for the client device to authenticate the client device to the application server directly as the trusted source.
    Type: Application
    Filed: July 3, 2018
    Publication date: November 1, 2018
    Inventors: Rajkumar Jalan, Gurudeep Kamat
  • Publication number: 20180295182
    Abstract: Provided are methods and systems for dynamically distributing a service session from a client device. The method may commence with receiving a packet associated with the service session from the client device by a gateway node. The method may include determining that the packet matches a service address in a forwarding policy. The method may continue with selecting one of a plurality of forwarding nodes for sending the packet to the one of the plurality of forwarding nodes. The method may include receiving the packet of the service session by the one of the plurality of forwarding nodes. The method may continue with determining that the packet matches the service address serviced by a servicing node of a plurality of servicing nodes. The method may further include sending the packet to the servicing node for forwarding the packet to a server by the servicing node.
    Type: Application
    Filed: June 8, 2018
    Publication date: October 11, 2018
    Inventors: Swaminathan Sankar, Hasnain Karampurwala, Rahul Gupta, Gurudeep Kamat, Rajkumar Jalan
  • Publication number: 20180285373
    Abstract: Decreasing a volume of data transfer over a network may commence with collecting a plurality of datasets having subscriber data. The method may continue with classifying data fields of each dataset of the plurality of datasets into low frequency change data and high frequency change data based on predetermined criteria. The method may further include combining a plurality of consecutive datasets of the plurality of datasets into a combination dataset. The combination dataset may include the low frequency change data and aggregated high frequency change data from the plurality of consecutive datasets. The method may continue with providing the combination dataset to a data processing node.
    Type: Application
    Filed: March 28, 2017
    Publication date: October 4, 2018
    Inventors: Gennady Dosovitsky, Rajkumar Jalan, Kishore Inampudi
  • Publication number: 20180287937
    Abstract: Provided are methods and systems for processing data packets in a data network using a policy-based network path. The method may commence with receiving the data packet associated with a service session from a client. The method may continue with determining data packet information associated with the data packet. The method may further include determining the policy-based network path for the data packet based on the data packet information and one or more packet processing criteria. The method may continue with routing, based on the determination of the policy-based network path, the data packet along the policy-based network path.
    Type: Application
    Filed: June 4, 2018
    Publication date: October 4, 2018
    Inventors: Rajkumar Jalan, Gurudeep Kamat
  • Publication number: 20180285372
    Abstract: Decreasing data transfer over a network may commence with collecting subscriber data. The method may continue with classifying the subscriber data into low frequency change data and high frequency change data based on predetermined criteria. The method may include storing the low frequency change data to a data storage. The method may continue with generating reporting data. The reporting data may include the high frequency change data and at least one data index pointer to the low frequency change data in the data storage. The method may further include providing the reporting data to a data processing node. The low frequency change data may include subscriber identifying data. The data reporting node may be further configured to obfuscate the subscriber identifying data. The at least one data index pointer may include a secure data identifier associated with the obfuscated subscriber identifying data.
    Type: Application
    Filed: March 28, 2017
    Publication date: October 4, 2018
    Inventors: Gennady Dosovitsky, Rajkumar Jalan
  • Patent number: 10091237
    Abstract: Network access control systems and methods are provided herein. A method includes receiving at a network device a SYN packet from a client device over a network, determining if the client device is a trusted source for the network using the SYN packet, if the client device is a trusted resource, receiving an acknowledgement (ACK) packet from the client device that includes identifying information for the client device plus an additional value, and identifying information for the network device, and establishing a connection with the network for the client device.
    Type: Grant
    Filed: October 31, 2017
    Date of Patent: October 2, 2018
    Assignee: A10 NETWORKS, INC.
    Inventors: Rajkumar Jalan, Ronald Wai Lun Szeto, Steven Wu