Patents by Inventor Sandeep Hebbani
Sandeep Hebbani has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 10291533Abstract: A packet forwarding network may include switches that forward network traffic between end hosts and network tap devices that forward copied network traffic to an analysis network formed from client switches that are controlled by a controller. Network analysis devices and network service devices may be coupled to the client switches at interfaces of the analysis network. The controller may receive one or more network policies from a network administrator. A network policy may identify ingress interfaces, egress interfaces, matching rules, packet manipulation services to be performed. The controller may control the client switches to generate network paths that forward network packets that match the matching rules from the ingress interfaces to the egress interfaces through service devices that perform the services of the list. The controller may generate network paths for network policies based on network topology information and/or current network conditions maintained at the controller.Type: GrantFiled: March 18, 2015Date of Patent: May 14, 2019Assignee: Big Switch Networks, Inc.Inventors: Munish Mehta, Robert Edward Adams, Rao Sandeep Hebbani Raghavendra, Srinivasan Ramasubramanian
-
Patent number: 9787567Abstract: A packet forwarding network may include switches that forward network traffic between end hosts and network tap devices that forward copied network traffic to an analysis network formed from client switches that are controlled by a controller. Network analysis devices and network service devices may be coupled to the client switches at interfaces of the analysis network. The controller may receive one or more network policies from a network administrator. A network policy may identify ingress interfaces, egress interfaces, matching rules, packet manipulation services to be performed. The controller may control the client switches to generate network paths that forward network packets that match the matching rules from the ingress interfaces to the egress interfaces through service devices that perform the services of the list. The controller may generate network paths for network policies based on network topology information and/or current network conditions maintained at the controller.Type: GrantFiled: January 30, 2013Date of Patent: October 10, 2017Assignee: Big Switch Networks, Inc.Inventors: Munish Mehta, Robert Edward Adams, Rao Sandeep Hebbani Raghavendra, Srinivasan Ramasubramanian
-
Patent number: 8856317Abstract: In one embodiment, a method includes receiving at one of a plurality of servers, a request from a client for a secure communication session, storing context information associated with the secure communication session at a virtual context server in communication with the servers, and establishing the secure communication session between one of the servers and the client. The context information includes a session identifier, a secret, and a session state. The stored context information is available to the servers to allow the secure communication session to move between the servers. An apparatus for secure data transfer in a virtual environment is also disclosed.Type: GrantFiled: July 15, 2010Date of Patent: October 7, 2014Assignee: Cisco Technology, Inc.Inventors: Matthew Robertson, Rao Sandeep Hebbani Raghavendra, Qingqing Li
-
Patent number: 8271775Abstract: Systems, methods, and other embodiments associated with layer two (L2) encryption for data center interconnectivity are described. One example system includes a receive logic to receive an unencrypted L2 switched frame (UL2SF). The UL2SF may include a payload and an L2 header. The example system may also include an encryption logic to selectively encrypt the UL2SF into an encrypted frame if the UL2SF is to be sent through an L2 virtual private network (L2VPN) requiring encryption. The example system may also include a delivery logic that adds a header to the encrypted frame. The header may include data to identify a decryption function to decrypt the encrypted frame and routing information for the encrypted frame. The delivery logic may also provide the encrypted frame to the L2VPN, where the providing includes selectively sending the encrypted frame as one of, a point to point packet, and a multipoint packet.Type: GrantFiled: December 17, 2008Date of Patent: September 18, 2012Assignee: Cisco Technology, Inc.Inventors: Sudhakar Shenoy, Khalil Jabr, Sridar Kandaswamy, Madhusudanan Manohar, Sandeep Hebbani
-
Publication number: 20120016977Abstract: In one embodiment, a method includes receiving at one of a plurality of servers, a request from a client for a secure communication session, storing context information associated with the secure communication session at a virtual context server in communication with the servers, and establishing the secure communication session between one of the servers and the client. The context information includes a session identifier, a secret, and a session state. The stored context information is available to the servers to allow the secure communication session to move between the servers. An apparatus for secure data transfer in a virtual environment is also disclosed.Type: ApplicationFiled: July 15, 2010Publication date: January 19, 2012Applicant: CISCO TECHNOLOGY, INC.Inventors: Matthew Robertson, Rao Sandeep Hebbani Raghavendra, Qingqing Li
-
Patent number: 7940765Abstract: Disclosed are, inter alia, methods, apparatus, data structures, computer-readable media, and mechanisms for limiting unauthorized multicast sources. One or more access control lists are typically configured in a switching device to a state that denies forwarding of multicast packets with a particular host as its source. In response to a received multicast application admission-control message identifying the particular host, the one or more access control lists in the switching device are updated to allow multicast messages sent from the particular host to be forwarded. In one system, the received multicast application admission-control message is an Internet Group Management Protocol (IGMP) message.Type: GrantFiled: November 14, 2004Date of Patent: May 10, 2011Assignee: Cisco Technology, Inc.Inventors: Sandeep Hebbani Raghavendra Rao, Shyamasundar S. Kaluve, Senthilkumar Krishnamurthy, Venkateshwar Rao Pullela, Ashwin Sampath
-
Publication number: 20100153701Abstract: Systems, methods, and other embodiments associated with layer two (L2) encryption for data center interconnectivity are described. One example system includes a receive logic to receive an unencrypted L2 switched frame (UL2SF). The UL2SF may include a payload and an L2 header. The example system may also include an encryption logic to selectively encrypt the UL2SF into an encrypted frame if the UL2SF is to be sent through an L2 virtual private network (L2VPN) requiring encryption. The example system may also include a delivery logic that adds a header to the encrypted frame. The header may include data to identify a decryption function to decrypt the encrypted frame and routing information for the encrypted frame. The delivery logic may also provide the encrypted frame to the L2VPN, where the providing includes selectively sending the encrypted frame as one of, a point to point packet, and a multipoint packet.Type: ApplicationFiled: December 17, 2008Publication date: June 17, 2010Inventors: Sudhakar Shenoy, Khalil Jabr, Sridar Kandaswamy, Madhusudanan Manohar, Sandeep Hebbani
-
Publication number: 20060164984Abstract: Disclosed are, inter alia, methods, apparatus, data structures, computer-readable media, and mechanisms for limiting unauthorized multicast sources. One or more access control lists are typically configured in a switching device to a state that denies forwarding of multicast packets with a particular host as its source. In response to a received multicast application admission-control message identifying the particular host, the one or more access control lists in the switching device are updated to allow multicast messages sent from the particular host to be forwarded. In one system, the received multicast application admission-control message is an Internet Group Management Protocol (IGMP) message.Type: ApplicationFiled: November 14, 2004Publication date: July 27, 2006Applicant: CISCO TECHNOLOGY, INC.Inventors: Sandeep Hebbani Rao, Shyamasundar Kaluve, Senthilkumar Krishnamurthy, Venkateshwar Pullela, Ashwin Sampath