Patents by Inventor Roberto Mitsuo Kobo

Roberto Mitsuo Kobo has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Publication number: 20240396945
    Abstract: Techniques for analyzing traffic originating from a host device in a wireless network to identify one or more virtual machines (VMs) running on the host device and connected to the network via the host device in bridge mode. When a VM is created in bridge mode behind a host device, the traffic originated by the VM will have the source Media Access Layer (MAC) address of the host device. According to techniques described herein, devices and/or components associated with the network may profile the traffic to identify an address of the VM, such as by analyzing dynamic host configuration protocol (DHCP) packets to determine the Internet Protocol (IP) address of the VM. Once the IP address and the MAC address of the VM is known, the components and/or devices may apply security policies to the VM that may be different than security policies applied to the host device.
    Type: Application
    Filed: July 31, 2024
    Publication date: November 28, 2024
    Inventors: Shree Narasimha Murthy, Sanjay Kumar Hooda, Prakash C. Jain, Roberto Mitsuo Kobo, Rajagopal Venkatraman
  • Publication number: 20240340283
    Abstract: Techniques for authenticating and enforcing differentiated policies for a virtual machine (VM) executing in bridge mode on a host device are described. In an example method a fabric edge device determines a MAC address of the VM executing on the host device. The fabric edge device transmits an access request to create a session for the VM to an authentication server. The fabric edge device receives an indication that the VM is authenticated and a session for the VM has been created from the authentication server. The authentication server determines a policy to apply to packets communicated from the VM and assigns an IP address to the VM to create a MAC-IP binding for the VM. The fabric edge device applies the policy for the VM to packets with a source IP address corresponding to an IP address assigned to the VM.
    Type: Application
    Filed: June 18, 2024
    Publication date: October 10, 2024
    Inventors: Roberto Mitsuo Kobo, Zheng Li, Gopala Krishna Andagunda, Einar Nilsen-Nygaard, Shree Murthy, Parthiv Shah
  • Patent number: 12069051
    Abstract: Techniques for authenticating and enforcing differentiated policies for a virtual machine (VM) executing in bridge mode on a wireless host device in a media access control (MAC)-based authentication network are described. In an example method a wireless host device is authorized to join a fabric enabled wireless network. A VM executes in bridge mode on the wireless host device. At the fabric edge, a source MAC address of the VM is determined. A session is created between the VM and an authentication server. The VM is authenticated. A policy for the VM is determined. A source internet protocol (IP) address is assigned to the VM to create a MAC-IP binding. A data-plane device in the fabric enabled wireless network is programmed to apply the policy to traffic communicated with the VM. Finally, the data-plane device applies the policy for the VM based at least in part on the MAC-IP binding.
    Type: Grant
    Filed: May 13, 2022
    Date of Patent: August 20, 2024
    Assignee: Cisco Technology, Inc.
    Inventors: Roberto Mitsuo Kobo, Zheng Li, Gopala Krishna Andagunda, Einar Nilsen-Nygaard, Shree Murthy, Parthiv Shah
  • Patent number: 11824753
    Abstract: In one embodiment, network node-to-node connectivity verification is performed in a network including data path processing of packets within a packet switching device. In one embodiment, an echo request connectivity test packet, emulating an echo request connectivity test packet received from a first connected network node, is inserted by the packet switching device prior in its data processing path prior to ingress processing performed for packets received from the first connected network node. A correspondingly received echo reply connectivity test packet is intercepted by the packet switching device during data path egress processing performed for packets to be forwarded to the first connected network node.
    Type: Grant
    Filed: September 5, 2021
    Date of Patent: November 21, 2023
    Assignee: Cisco Technology, Inc.
    Inventors: Rajagopal Venkatraman, Rajeev Kumar, Roberto Mitsuo Kobo, Vikash Agarwal
  • Publication number: 20230370453
    Abstract: Techniques for authenticating and enforcing differentiated policies for a virtual machine (VM) executing in bridge mode on a wireless host device in a media access control (MAC)-based authentication network are described. In an example method a wireless host device is authorized to join a fabric enabled wireless network. A VM executes in bridge mode on the wireless host device. At the fabric edge, a source MAC address of the VM is determined. A session is created between the VM and an authentication server. The VM is authenticated. A policy for the VM is determined. A source internet protocol (IP) address is assigned to the VM to create a MAC-IP binding. A data-plane device in the fabric enabled wireless network is programmed to apply the policy to traffic communicated with the VM. Finally, the data-plane device applies the policy for the VM based at least in part on the MAC-IP binding.
    Type: Application
    Filed: May 13, 2022
    Publication date: November 16, 2023
    Inventors: Roberto Mitsuo Kobo, Zheng Li, Gopala Krishna Andagunda, Einar Nilsen-Nygaard, Shree Murthy, Parthiv Shah
  • Publication number: 20230327972
    Abstract: In one embodiment, network node-to-node connectivity verification is performed in a network including data path processing of packets within a packet switching device. In one embodiment, an echo request connectivity test packet, emulating an echo request connectivity test packet received from a first connected network node, is inserted by the packet switching device prior in its data processing path prior to ingress processing performed for packets received from the first connected network node. A correspondingly received echo reply connectivity test packet is intercepted by the packet switching device during data path egress processing performed for packets to be forwarded to the first connected network node.
    Type: Application
    Filed: June 14, 2023
    Publication date: October 12, 2023
    Inventors: Rajagopal Venkatraman, Rajeev Kumar, Roberto Mitsuo Kobo, Vikash Agarwal
  • Publication number: 20230308389
    Abstract: Methods and devices configure edge nodes of a virtual network overlay to continuously forward data plane traffic flows between client devices of a common subnet over the course of at least some of the edge nodes being EF-configured. TF-configured edge nodes and EF-configured edge nodes both play roles in unilaterally inducing address discovery by sending to client devices address discovery responses that were not prompted by address discovery requests. TF-configured edge nodes then handle ensuing address discovery requests by proxy, and subsequently handle certain traffic flows according to an EF-compatible forwarding mode, while EF-configured edge nodes continue to forward traffic flows by IP routing normally. This averts throughput of data plane traffic over the network overlay being reduced as a side effect of the heterogeneously configured edge nodes, and averts the possibility of client devices broadcasting address discovery protocol requests as a result of remote client devices being unreachable.
    Type: Application
    Filed: March 24, 2022
    Publication date: September 28, 2023
    Inventors: Victor Manuel Moreno, Sanjay Kumar Hooda, Roberto Mitsuo Kobo, Balaji Pitta Venkatachalapathy
  • Patent number: 11729139
    Abstract: A system and method for onboarding a virtual machine in a bridge host extension mode are provided. The method includes: creating a virtual machine on a host computing device, wherein the host computing device is associated with a first MAC address and a first IP address; assigning the virtual machine a second MAC address by the host computing device; receiving a first DHCP packet from the virtual machine by the host computing device, wherein the first DHCP packet comprises a first field that includes the second MAC address; replacing the second MAC address in the first field with the first MAC address by the host computing device; adding the second MAC address to a second field of the first DHCP packet by the host computing device; and providing the first DHCP packet to a DHCP server through a network by the host computing device.
    Type: Grant
    Filed: July 21, 2021
    Date of Patent: August 15, 2023
    Assignee: Cisco Technology, Inc.
    Inventors: Roberto Mitsuo Kobo, Parthiv Shah, Ramesh Yeevani-Srinivas
  • Publication number: 20230077101
    Abstract: In one embodiment, network node-to-node connectivity verification is performed in a network including data path processing of packets within a packet switching device. In one embodiment, an echo request connectivity test packet, emulating an echo request connectivity test packet received from a first connected network node, is inserted by the packet switching device prior in its data processing path prior to ingress processing performed for packets received from the first connected network node. A correspondingly received echo reply connectivity test packet is intercepted by the packet switching device during data path egress processing performed for packets to be forwarded to the first connected network node.
    Type: Application
    Filed: September 5, 2021
    Publication date: March 9, 2023
    Applicant: Cisco Technology, Inc., a California corporation
    Inventors: Rajagopal VENKATRAMAN, Rajeev KUMAR, Roberto Mitsuo KOBO, Vikash AGARWAL
  • Publication number: 20230034148
    Abstract: A system and method for onboarding a virtual machine in a bridge host extension mode are provided. The method includes: creating a virtual machine on a host computing device, wherein the host computing device is associated with a first MAC address and a first IP address; assigning the virtual machine a second MAC address by the host computing device; receiving a first DHCP packet from the virtual machine by the host computing device, wherein the first DHCP packet comprises a first field that includes the second MAC address; replacing the second MAC address in the first field with the first MAC address by the host computing device; adding the second MAC address to a second field of the first DHCP packet by the host computing device; and providing the first DHCP packet to a DHCP server through a network by the host computing device.
    Type: Application
    Filed: July 21, 2021
    Publication date: February 2, 2023
    Inventors: Roberto Mitsuo Kobo, Parthiv Shah, Ramesh Yeevani-Srinivas
  • Patent number: 11223564
    Abstract: In one embodiment, a method comprises receiving traffic to send from a router to a host in the fabric edge network, wherein the fabric edge network comprises a plurality of switches and an inter-switch link (ISL); and sending the traffic from the router to the host via at least one of the switches based on the downlink connectivity of the host. Sending the traffic from the router to the host is performed without sending the traffic through the ISL. Sending the traffic from the router to the host comprises sending the traffic through the ISL when there is a link failure on a path between the router and the host.
    Type: Grant
    Filed: September 11, 2019
    Date of Patent: January 11, 2022
    Assignee: Cisco Technology, Inc.
    Inventors: Atri Indiresan, Roberto Mitsuo Kobo, Sanjay Kumar Hooda, Anton Smirnov
  • Publication number: 20210075728
    Abstract: In one embodiment, a method comprises receiving traffic to send from a router to a host in the fabric edge network, wherein the fabric edge network comprises a plurality of switches and an inter-switch link (ISL); and sending the traffic from the router to the host via at least one of the switches based on the downlink connectivity of the host. Sending the traffic from the router to the host is performed without sending the traffic through the ISL. Sending the traffic from the router to the host comprises sending the traffic through the ISL when there is a link failure on a path between the router and the host.
    Type: Application
    Filed: September 11, 2019
    Publication date: March 11, 2021
    Inventors: Atri Indiresan, Roberto Mitsuo Kobo, Sanjay Kumar Hooda, Anton Smirnov