Patents by Inventor Sourabh Bhattacharya

Sourabh Bhattacharya has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Patent number: 12113773
    Abstract: Some embodiments provide a method that identifies multiple paths between a first site and a second site. A security association (SA) is established for transmitting encrypted payload from the first site to the second site in a virtual private network (VPN) session. The method selects a path based on metrics that are obtained for the paths. The selected path is defined by a first endpoint address of the first site and a second endpoint address of the second site. The method sends a message from the first site to the second site to update the SA to switch from using an original path to using the selected path. The message indicates the first and second endpoint addresses. The method transmits a packet including a payload that is encrypted according to the updated SA.
    Type: Grant
    Filed: January 6, 2022
    Date of Patent: October 8, 2024
    Assignee: VMware LLC
    Inventors: Deepika Solanki, Awan Kumar Sharma, Yong Wang, Sourabh Bhattacharya, Sarthak Ray
  • Patent number: 12107834
    Abstract: Some embodiments provide a method that collects metrics for one or more paths of a first tunnel implementing a first security association (SA) and for one or more paths of a second tunnel implementing a second SA. The method selects a path based on the collected metrics of the paths of the first and second tunnels. When the selected path belongs to the first tunnel, the method encrypts data transmitted as encrypted payload of the first SA and transmits the encrypted payload in the first tunnel. When the selected path belongs to the second tunnel, the method encrypts data to be transmitted as encrypted payload of the second SA and transmits the encrypted payload in the second tunnel.
    Type: Grant
    Filed: January 6, 2022
    Date of Patent: October 1, 2024
    Assignee: VMware LLC
    Inventors: Yong Wang, Awan Kumar Sharma, Sourabh Bhattacharya, Deepika Solanki, Sarthak Ray
  • Patent number: 12095736
    Abstract: A method for IPSec communication between a source machine and a destination machine is provided. The method includes receiving, at the destination machine, first and second packets from the source machine through first and second VPN tunnels established between a first VTI of the source machine and a second VTI of the destination machine; determining the first packet corresponds to a first SA and the second packet corresponds to a second SA; processing, by a first processing core, the first packet based on the first SA, and processing, by a second processing core, the second packet based on the second SA; and updating, at the second VTI, states of one or more flows based on the first and second packets, the second VTI providing one or more stateful services for the one or more packet flows based on the one or more states.
    Type: Grant
    Filed: March 26, 2021
    Date of Patent: September 17, 2024
    Assignee: VMware LLC
    Inventors: Awan Kumar Sharma, Yong Wang, Sourabh Bhattacharya, Bhargav Puvvada, Sarthak Ray, Mayur Katke
  • Patent number: 11929920
    Abstract: Described herein are systems, methods, and software to manage processing queue allocation based on addressing attributes of an inner packet. In one implementation, a first gateway identifies processing queues at a second gateway and assigns a unique flow label to each of the processing queues. The first gateway further receives a packet from a computing node that is directed toward the second gateway. The first gateway hashes addressing information in the packet to select a flow label, encapsulates the packet with the flow label in the outer encapsulation header for the encapsulated packet, and forwards the packet toward the second gateway.
    Type: Grant
    Filed: September 7, 2021
    Date of Patent: March 12, 2024
    Assignee: VMware LLC
    Inventors: Bhargav Puvvada, Sourabh Bhattacharya, Awan Kumar Sharma
  • Patent number: 11770389
    Abstract: Certain embodiments described herein are relate to a method for dynamically rekeying a security association. The method includes establishing, by a destination tunnel endpoint (TEP), an in-bound security association with a source TEP, with a first security parameter index (SPI) value, for encrypting data packets communicated between the source TEP and the destination TEP. The method further includes rekeying, by the destination TEP, the in-bound security association, the rekeying including generating a second SPI value for replacing the first SPI value based on a trigger event relating to at least one of a real-time security score of the in-bound security association, a number of security associations assigned to a compute resource that the in-bound security resource is assigned to, an amount of load managed by the compute resource that the in-bound security resource is assigned to, and an indication received from an administrator.
    Type: Grant
    Filed: September 4, 2020
    Date of Patent: September 26, 2023
    Assignee: VMWARE, INC.
    Inventors: Sourabh Bhattacharya, Yong Wang, Awan Kumar Sharma, Bhargav Puvvada, Mayur Katke
  • Publication number: 20230020509
    Abstract: Described herein are systems, methods, and software to manage replay windows in multipath connections between gateways. In one implementation, a first gateway may receive a packet directed toward a second gateway and identify a path from a plurality of paths to the second gateway. Once identified, the first gateway may increment a sequence number associated with the path and encapsulate the packet with a unique identifier for the path in the header with the incremented sequence number. The first gateway the communicates the encapsulated packet to the second gateway.
    Type: Application
    Filed: October 4, 2021
    Publication date: January 19, 2023
    Inventors: AWAN KUMAR SHARMA, YONG WANG, SOURABH BHATTACHARYA, DEEPIKA KUNAL SOLANKI, SARTHAK RAY, JOCHEN BEHRENS
  • Patent number: 11552878
    Abstract: Described herein are systems, methods, and software to manage replay windows in multipath connections between gateways. In one implementation, a first gateway may receive a packet directed toward a second gateway and identify a path from a plurality of paths to the second gateway. Once identified, the first gateway may increment a sequence number associated with the path and encapsulate the packet with a unique identifier for the path in the header with the incremented sequence number. The first gateway the communicates the encapsulated packet to the second gateway.
    Type: Grant
    Filed: October 4, 2021
    Date of Patent: January 10, 2023
    Assignee: VMware, Inc.
    Inventors: Awan Kumar Sharma, Yong Wang, Sourabh Bhattacharya, Deepika Kunal Solanki, Sarthak Ray, Jochen Behrens
  • Publication number: 20220394017
    Abstract: Some embodiments provide a method that receives an encapsulated packet for a virtual private network (VPN) session. The encapsulated packet incluides (i) a set of flow identifiers of a network traffic flow that includes a user datagram protocol (UDP) port number and (ii) a payload encrypted according to a security association (SA). The method hashes the set of flow identifiers of the network traffic flow to select a processor core from a plurality of processor cores. The method uses the selected processor core to decrypt the payload in the encapsulated packet according to the SA.
    Type: Application
    Filed: January 6, 2022
    Publication date: December 8, 2022
    Inventors: Deepika Solanki, Awan Kumar Sharma, Yong Wang, Sarthak Ray, Sourabh Bhattacharya
  • Publication number: 20220394014
    Abstract: Some embodiments provide a method that collects metrics for one or more paths of a first tunnel implementing a first security association (SA) and for one or more paths of a second tunnel implementing a second SA. The method selects a path based on the collected metrics of the paths of the first and second tunnels. When the selected path belongs to the first tunnel, the method encrypts data transmitted as encrypted payload of the first SA and transmits the encrypted payload in the first tunnel. When the selected path belongs to the second tunnel, the method encrypts data to be transmitted as encrypted payload of the second SA and transmits the encrypted payload in the second tunnel.
    Type: Application
    Filed: January 6, 2022
    Publication date: December 8, 2022
    Inventors: Yong Wang, Awan Kumar Sharma, Sourabh Bhattacharya, Deepika Solanki, Sarthak Ray
  • Publication number: 20220393981
    Abstract: Some embodiments provide a method that assigns, at a VPN client, a QoS class to each path of multiple paths based on performance metrics for paths. The paths are available for use by a VPN client to reach a VPN server. The method identifies a QoS class for a packet. The method selects a path based on the identified QoS class of the packet and the QoS class assigned to each path. The method transmits the packet using the selected path.
    Type: Application
    Filed: January 6, 2022
    Publication date: December 8, 2022
    Inventors: Deepika Solanki, Awan Kumar Sharma, Yong Wang, Sarthak Ray, Sourabh Bhattacharya
  • Publication number: 20220394016
    Abstract: Some embodiments provide a method that identifies multiple paths between a first site and a second site. A security association (SA) is established for transmitting encrypted payload from the first site to the second site in a virtual private network (VPN) session. The method selects a path based on metrics that are obtained for the paths. The selected path is defined by a first endpoint address of the first site and a second endpoint address of the second site. The method sends a message from the first site to the second site to update the SA to switch from using an original path to using the selected path. The message indicates the first and second endpoint addresses. The method transmits a packet including a payload that is encrypted according to the updated SA.
    Type: Application
    Filed: January 6, 2022
    Publication date: December 8, 2022
    Inventors: Deepika Solanki, Awan Kumar Sharma, Yong Wang, Sourabh Bhattacharya, Sarthak Ray
  • Publication number: 20220393967
    Abstract: Some embodiments provide a method that establishes multiple active uplinks for a VPN session with a VPN peer using a first uplink interface to access a first set of paths and a second uplink interface to access a second set of paths. The method selects a path from a pool of paths by using a hash value derived from data to be transmitted to a peer in the VPN session. The paths in the pool are identified from the first and second sets of paths based on performance metrics. When the selected path is accessible by the first uplink interface, the method transmits the data as an IPsec packet over the first uplink interface. When the selected path is accessible by the second uplink interface, the method transmits the data as an IPsec packet over the second uplink interface, wherein the data is encrypted according to a security association.
    Type: Application
    Filed: January 6, 2022
    Publication date: December 8, 2022
    Inventors: Deepika Solanki, Awan Kumar Sharma, Sourabh Bhattacharya, Yong Wang, Sarthak Ray
  • Patent number: 11424958
    Abstract: Described herein are systems, methods, and software to manage maximum segment size (MSS) values associated with multiple tunnels according to an implementation. In one implementation, a gateway may obtain a Transmission Control Protocol (TCP) synchronize (SYN) packet from a computing node. The gateway may identify a tunnel associated with the TCP SYN packet, determine a maximum segment size (MSS) value based on the overhead associated with the tunnel, and replace a first MSS value in the TCP SYN packet with the MSS value determined by the gateway. Once added, the gateway may encapsulate the TCP SYN packet and communicate the packet to a second gateway.
    Type: Grant
    Filed: May 5, 2020
    Date of Patent: August 23, 2022
    Assignee: VMware, Inc.
    Inventors: Sarthak Ray, Sourabh Bhattacharya, Awan Kumar Sharma, Yong Wang
  • Publication number: 20220231993
    Abstract: A method for IPSec communication between a source machine and a destination machine is provided. The method includes receiving, at the destination machine, first and second packets from the source machine through first and second VPN tunnels established between a first VTI of the source machine and a second VTI of the destination machine; determining the first packet corresponds to a first SA and the second packet corresponds to a second SA; processing, by a first processing core, the first packet based on the first SA, and processing, by a second processing core, the second packet based on the second SA; and updating, at the second VTI, states of one or more flows based on the first and second packets, the second VTI providing one or more stateful services for the one or more packet flows based on the one or more states.
    Type: Application
    Filed: March 26, 2021
    Publication date: July 21, 2022
    Inventors: AWAN KUMAR SHARMA, YONG WANG, SOURABH BHATTACHARYA, BHARGAV PUVVADA, SARTHAK RAY, MAYUR KATKE
  • Patent number: 11336629
    Abstract: Certain embodiments described herein are generally directed to systems and methods for deterministic load balancing of processing encapsulated encrypted data packets at a destination tunnel endpoint. For example, certain embodiments described herein relate to configuring a destination tunnel endpoint (TEP) with an encapsulating security payload (ESP) receive side scaling (RSS) mode to assign each incoming packet, received from a certain source endpoint (EP), to a certain RSS queue based on an identifier that is encoded in an SPI value included the packet.
    Type: Grant
    Filed: February 27, 2020
    Date of Patent: May 17, 2022
    Assignee: VMWARE, INC.
    Inventors: Yong Wang, Awan Kumar Sharma, Manmeet Khurana, Shailesh Urhekar, Sourabh Bhattacharya
  • Publication number: 20220021687
    Abstract: Certain embodiments described herein are relate to a method for dynamically rekeying a security association. The method includes establishing, by a destination tunnel endpoint (TEP), an in-bound security association with a source TEP, with a first security parameter index (SPI) value, for encrypting data packets communicated between the source TEP and the destination TEP. The method further includes rekeying, by the destination TEP, the in-bound security association, the rekeying including generating a second SPI value for replacing the first SPI value based on a trigger event relating to at least one of a real-time security score of the in-bound security association, a number of security associations assigned to a compute resource that the in-bound security resource is assigned to, an amount of load managed by the compute resource that the in-bound security resource is assigned to, and an indication received from an administrator.
    Type: Application
    Filed: September 4, 2020
    Publication date: January 20, 2022
    Inventors: SOURABH BHATTACHARYA, YONG WANG, AWAN KUMAR SHARMA, BHARGAV PUVVADA, MAYUR KATKE
  • Publication number: 20210281442
    Abstract: Described herein are systems, methods, and software to manage maximum segment size (MSS) values associated with multiple tunnels according to an implementation. In one implementation, a gateway may obtain a Transmission Control Protocol (TCP) synchronize (SYN) packet from a computing node. The gateway may identify a tunnel associated with the TCP SYN packet, determine a maximum segment size (MSS) value based on the overhead associated with the tunnel, and replace a first MSS value in the TCP SYN packet with the MSS value determined by the gateway. Once added, the gateway may encapsulate the TCP SYN packet and communicate the packet to a second gateway.
    Type: Application
    Filed: May 5, 2020
    Publication date: September 9, 2021
    Inventors: Sarthak Ray, Sourabh Bhattacharya, Awan Kumar Sharma, Yong Wang
  • Publication number: 20210136049
    Abstract: Certain embodiments described herein are generally directed to systems and methods for deterministic load balancing of processing encapsulated encrypted data packets at a destination tunnel endpoint. For example, certain embodiments described herein relate to configuring a destination tunnel endpoint (TEP) with an encapsulating security payload (ESP) receive side scaling (RSS) mode to assign each incoming packet, received from a certain source endpoint (EP), to a certain RSS queue based on an identifier that is encoded in an SPI value included the packet.
    Type: Application
    Filed: February 27, 2020
    Publication date: May 6, 2021
    Inventors: Yong Wang, Awan Kumar Sharma, Manmeet Khurana, Shailesh Urhekar, Sourabh Bhattacharya