Patents by Inventor Sarvesh K. Batta
Sarvesh K. Batta has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11811817Abstract: A network device may receive a first data packet. The network device may determine that a level of available computing resources satisfies a threshold level. The network device may perform a secure socket layer (SSL) proxy function based on the level of available computing resources satisfying the threshold level. The network device may receive a second data packet. The network device may determine that the level of available computing resources fails to satisfy the threshold level. The network device may determine a security characteristic associated with the second data packet. The network device may determine a security rating associated with the second data packet based on the security characteristic. The network device may selectively perform the SSL proxy function based on the security rating.Type: GrantFiled: October 3, 2022Date of Patent: November 7, 2023Assignee: Juniper Networks, Inc.Inventors: Sarvesh K. Batta, Thyagarajan S. Pasupathy, Mohan Thangavel
-
Publication number: 20230231797Abstract: Techniques are disclosed for management of communication sessions of network traffic between client devices and the use of an up-to-date session state to enable seamless failovers between routers. One example technique may prepare each backup router to resume sessions of the active router in event of a failover and cause a redirection of the network traffic to complete the failover to a backup router. In a hot-switchover example, a network device known as a session controller synchronizes the session state information to backup router prior to failure and then, causes the network traffic to be redirected to backup router in response to the active router failure. In a warm-switchover example, the same session controller selects a backup router dynamically after detecting failure to active router, synchronizes session state information to backup router, and trigger routing updates, causing the network traffic to be redirected to the backup router.Type: ApplicationFiled: January 17, 2022Publication date: July 20, 2023Inventors: Hemachandran Karnam Mohan, Sarvesh K. Batta, Abdul Kadhar Jeelany Habeeb Mohamed
-
Publication number: 20230127468Abstract: A network device may create an encrypted packet and may duplicate the encrypted packet to create a plurality of encrypted packets that includes a first set of encrypted packets that is associated with a first receiving network device and a second set of encrypted packets that is to be associated with a second receiving network device. The network device may modify the second set of encrypted packets by replacing a first virtual destination address in the second set of the plurality of encrypted packets with a second virtual destination address that identifies a virtual tunnel endpoint of the second receiving network device. The network device may encapsulate and may send, based on the first virtual destination address and the second virtual destination address, individual encapsulated encrypted packets to the first receiving network device or the second receiving network device.Type: ApplicationFiled: December 23, 2022Publication date: April 27, 2023Inventors: Goutham KONDAPAVULURU, Sarvesh K. BATTA, Vijay Sai Ram PARUCHURI, Ramesh BIRADAR, Sharanagoud B. DEVARADDI
-
Patent number: 11575653Abstract: A network device may create an encrypted packet and may duplicate the encrypted packet to create a plurality of encrypted packets that includes a first set of encrypted packets that is associated with a first receiving network device and a second set of encrypted packets that is to be associated with a second receiving network device. The network device may modify the second set of encrypted packets by replacing a first virtual destination address in the second set of the plurality of encrypted packets with a second virtual destination address that identifies a virtual tunnel endpoint of the second receiving network device. The network device may encapsulate and may send, based on the first virtual destination address and the second virtual destination address, individual encapsulated encrypted packets to the first receiving network device or the second receiving network device.Type: GrantFiled: June 16, 2020Date of Patent: February 7, 2023Assignee: Juniper Networks, Inc.Inventors: Goutham Kondapavuluru, Sarvesh K. Batta, Vijay Sai Ram Paruchuri, Ramesh Biradar, Sharanagoud B. Devaraddi
-
Publication number: 20230036527Abstract: A network device may receive a first data packet. The network device may determine that a level of available computing resources satisfies a threshold level. The network device may perform a secure socket layer (SSL) proxy function based on the level of available computing resources satisfying the threshold level. The network device may receive a second data packet. The network device may determine that the level of available computing resources fails to satisfy the threshold level. The network device may determine a security characteristic associated with the second data packet. The network device may determine a security rating associated with the second data packet based on the security characteristic. The network device may selectively perform the SSL proxy function based on the security rating.Type: ApplicationFiled: October 3, 2022Publication date: February 2, 2023Inventors: Sarvesh K. BATTA, Thyagarajan S. PASUPATHY, Mohan THANGAVEL
-
Patent number: 11496504Abstract: A network device may receive a first data packet. The network device may determine that a level of available computing resources satisfies a threshold level. The network device may perform a secure socket layer (SSL) proxy function based on the level of available computing resources satisfying the threshold level. The network device may receive a second data packet. The network device may determine that the level of available computing resources fails to satisfy the threshold level. The network device may determine a security characteristic associated with the second data packet. The network device may determine a security rating associated with the second data packet based on the security characteristic. The network device may selectively perform the SSL proxy function based on the security rating.Type: GrantFiled: May 27, 2020Date of Patent: November 8, 2022Assignee: Juniper Networks, Inc.Inventors: Sarvesh K. Batta, Thyagarajan S. Pasupathy, Mohan Thangavel
-
Patent number: 11405422Abstract: A network device may receive, from a transmitting network device, a packet, wherein the packet includes a first outer internet protocol (IP) header, a Generic Routing Encapsulation (GRE) header, a second outer IP header, an Encapsulating Security Payload (ESP) header, and an inner packet, wherein the inner packet is encapsulated by the ESP header, the ESP header is encapsulated by the second outer IP header, the second outer IP header is encapsulated by the GRE header, and the GRE header is encapsulated by the first outer IP header. The network device may decapsulate the packet to remove the first outer IP header and the GRE header from the packet. The network device may decrypt, after decapsulating the packet, the packet to identify the inner packet. The network device may cause one or more actions associated with the inner packet to be performed.Type: GrantFiled: February 19, 2020Date of Patent: August 2, 2022Assignee: Juniper Networks, Inc.Inventors: Sarvesh K. Batta, Goutham Kondapavuluru, Rajesh S, Ranjan Sinha
-
Publication number: 20210344650Abstract: A network device may create an encrypted packet and may duplicate the encrypted packet to create a plurality of encrypted packets that includes a first set of encrypted packets that is associated with a first receiving network device and a second set of encrypted packets that is to be associated with a second receiving network device. The network device may modify the second set of encrypted packets by replacing a first virtual destination address in the second set of the plurality of encrypted packets with a second virtual destination address that identifies a virtual tunnel endpoint of the second receiving network device. The network device may encapsulate and may send, based on the first virtual destination address and the second virtual destination address, individual encapsulated encrypted packets to the first receiving network device or the second receiving network device.Type: ApplicationFiled: June 16, 2020Publication date: November 4, 2021Inventors: Goutham KONDAPAVULURU, Sarvesh K. BATTA, Vijay Sai Ram PARUCHURI, Ramesh BIRADAR, Sharanagoud B. DEVARADDI
-
Publication number: 20210320940Abstract: A network device may receive a first data packet. The network device may determine that a level of available computing resources satisfies a threshold level. The network device may perform a secure socket layer (SSL) proxy function based on the level of available computing resources satisfying the threshold level. The network device may receive a second data packet. The network device may determine that the level of available computing resources fails to satisfy the threshold level. The network device may determine a security characteristic associated with the second data packet. The network device may determine a security rating associated with the second data packet based on the security characteristic. The network device may selectively perform the SSL proxy function based on the security rating.Type: ApplicationFiled: May 27, 2020Publication date: October 14, 2021Inventors: Sarvesh K. BATTA, Thyagarajan S. PASUPATHY, Mohan THANGAVEL
-
Publication number: 20210258347Abstract: A network device may receive, from a transmitting network device, a packet, wherein the packet includes a first outer internet protocol (IP) header, a Generic Routing Encapsulation (GRE) header, a second outer IP header, an Encapsulating Security Payload (ESP) header, and an inner packet, wherein the inner packet is encapsulated by the ESP header, the ESP header is encapsulated by the second outer IP header, the second outer IP header is encapsulated by the GRE header, and the GRE header is encapsulated by the first outer IP header. The network device may decapsulate the packet to remove the first outer IP header and the GRE header from the packet. The network device may decrypt, after decapsulating the packet, the packet to identify the inner packet. The network device may cause one or more actions associated with the inner packet to be performed.Type: ApplicationFiled: February 19, 2020Publication date: August 19, 2021Inventors: Sarvesh K. BATTA, Goutham KONDAPAVULURU, Rajesh S, Ranjan SINHA
-
Patent number: 10091692Abstract: An example gateway device determines that a first policy, applicable to a subscriber device when the subscriber device is coupled to a first access network, indicates that packets from the subscriber device are to be sent to a service device, and forwards a first set of packets from the subscriber device to the service device while the subscriber device is coupled to the first access network. After determining that the subscriber device has become coupled to a second access network of the plurality of access networks, the gateway device determines that a second policy, for the subscriber device when the subscriber device is coupled to the second access network, does not indicate that packets should be sent to the service device, but nevertheless forwards a second set of packets from the subscriber device to the service device while the subscriber device is coupled to the second access network.Type: GrantFiled: June 14, 2016Date of Patent: October 2, 2018Assignee: Juniper Networks, Inc.Inventors: Prasad Chigurupati, Venkatesh Badakere, Sarvesh K. Batta
-
Patent number: 10042722Abstract: In some examples, techniques are directed to applying one or more corrective actions that cause the network device to bypass the failed service node of the service chain. In some examples, method includes determining that a failure has occurred at a service node included in a plurality of service nodes, the plurality of service nodes configured to apply one or more stateful services of a primary service chain to packet flows from a plurality of subscriber devices; in response to determining that the failure has occurred, configuring forwarding state of the network device to process the packet flows from the plurality of subscriber devices based on a corrective action that bypasses the service node of the primary service chain; and in response to receiving a subscriber packet in the packet flows, processing the packet flows from the plurality of subscriber devices based on the corrective action.Type: GrantFiled: June 23, 2015Date of Patent: August 7, 2018Assignee: Juniper Networks, Inc.Inventors: Prasad Chigurupati, Sarvesh K. Batta, Venkatesh Br Gota
-
Patent number: 10033589Abstract: In general, techniques are described for managing group policies in a network. In some examples, a policy enforcement device comprising a plurality of service planes, each having one or more processors operably coupled to a memory, receives a policy enforcement request that includes data identifying a subscriber from a policy control server for a network. The plurality of service planes are further configured to assign, in response to determining that the subscriber is a member of a subscriber group that includes a plurality of subscribers, the subscriber to a selected service plane of the plurality of service planes. The selected service plane applies a group policy for the subscriber group to subscriber data traffic associated with the subscriber.Type: GrantFiled: September 30, 2015Date of Patent: July 24, 2018Assignee: Juniper Networks, Inc.Inventors: Sarvesh K. Batta, Venkatesh Badakere, Prasad Chigurupati
-
Publication number: 20170359758Abstract: An example gateway device determines that a first policy, applicable to a subscriber device when the subscriber device is coupled to a first access network, indicates that packets from the subscriber device are to be sent to a service device, and forwards a first set of packets from the subscriber device to the service device while the subscriber device is coupled to the first access network. After determining that the subscriber device has become coupled to a second access network of the plurality of access networks, the gateway device determines that a second policy, for the subscriber device when the subscriber device is coupled to the second access network, does not indicate that packets should be sent to the service device, but nevertheless forwards a second set of packets from the subscriber device to the service device while the subscriber device is coupled to the second access network.Type: ApplicationFiled: June 14, 2016Publication date: December 14, 2017Inventors: Prasad Chigurupati, Venkatesh Badakere, Sarvesh K. Batta