Patents by Inventor Srinivas Nimmagadda

Srinivas Nimmagadda has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Patent number: 10305858
    Abstract: Some embodiments of the invention introduce cloud template awareness in the service policy framework. Some embodiments provide one or more service rule processing engines that natively support (1) template-specific dynamic groups and template-specific rules, and (2) dynamic security tag concepts. A service rule processing engine of some embodiments natively supports template-specific dynamic groups and rules as it can directly process service rules that are defined in terms of dynamic component groups, template identifiers, template instance identifiers, and/or template match criteria. Examples of such services can include any kind of middlebox services, such as firewalls, load balancers, network address translators, intrusion detection systems, intrusion prevention systems, etc.
    Type: Grant
    Filed: December 18, 2015
    Date of Patent: May 28, 2019
    Assignee: NICIRA, INC.
    Inventors: Srinivas Nimmagadda, Jayant Jain, Anirban Sengupta, Subrahmanyam Manuguri, Alok S. Tiagi
  • Patent number: 10298619
    Abstract: A method of creating micro-segmentation policy for a network is provided. The method monitors the network packet traffic to identify network traffic types and patterns. The method, based on the network traffic types and patterns, identifies a set of components as an affinity group associated with each application. The method generates an application template that includes a set of application components for each application based on information provided by the vendor of the application. The method creates micro-segmentation policy for the network based on a mapping of the components of each affinity group into the components of the template generated for the associated application.
    Type: Grant
    Filed: December 16, 2016
    Date of Patent: May 21, 2019
    Assignee: NICIRA, INC.
    Inventors: Srinivas Nimmagadda, Jayant Jain, Anirban Sengupta
  • Publication number: 20190007456
    Abstract: A device may receive policy information associated with a first application group and a second application group. The device may receive network topology information associated with a network. The device may generate a first policy based on the policy information and the network topology information, and generate a second policy based on the policy information and the network topology information. The device may provide, to the virtual network device, information associated with the first policy to permit the virtual network device to implement the first policy in association with network traffic transferred between the first application group and the second application group. The device may provide, to the physical network device, information associated with the second policy to permit the physical network device to implement the second policy in association with network traffic transferred between the first application group and the second application group.
    Type: Application
    Filed: June 30, 2017
    Publication date: January 3, 2019
    Inventors: Srinivas NIMMAGADDA, Rakesh Kumar, Prakash T. Seshadri, Sriram Subramanian
  • Publication number: 20190007453
    Abstract: A device may receive first information associated with a set of security rules. The first information may identify a set of security actions a device is to implement when the set of security rules applies to traffic. The device may determine a manner in which the set of security rules is to apply using the first information. The device may determine whether the manner in which the set of security rules is to apply and an intent of a network security policy or a manner in which a set of previously defined security rules is to apply match to determine whether the set of security rules conflicts with the network security policy or whether the set of security rules and the set of previously defined security rules are related. The device may perform an action.
    Type: Application
    Filed: June 29, 2017
    Publication date: January 3, 2019
    Inventors: Srinivas NIMMAGADDA, Rakesh Kumar, Prakash T. Seshadri
  • Publication number: 20190007454
    Abstract: A device may receive information identifying a set of conditions related to controlling implementation of a set of security rules. The set of conditions may be associated with a set of security actions that a device is to perform based on whether the set of conditions is satisfied. The device may determine the set of security rules that is to be controlled by the set of conditions using information related to the set of security rules. The device may modify information related to the set of security rules to cause the implementation of the set of security rules to be controlled by the set of conditions. The modification to cause the device to process the set of security rules to dynamically implement the set of security actions based on satisfaction of the set of conditions. The device may perform an action after modifying the information.
    Type: Application
    Filed: June 29, 2017
    Publication date: January 3, 2019
    Inventors: Srinivas NIMMAGADDA, Rakesh Kumar, Prakash T. Seshadri
  • Patent number: 10148696
    Abstract: Some embodiments of the invention introduce cloud template awareness in the service policy framework. Some embodiments provide one or more service rule processing engines that natively support (1) template-specific dynamic groups and template-specific rules, and (2) dynamic security tag concepts. A service rule processing engine of some embodiments natively supports template-specific dynamic groups and rules as it can directly process service rules that are defined in terms of dynamic component groups, template identifiers, template instance identifiers, and/or template match criteria. Examples of such services can include any kind of middlebox services, such as firewalls, load balancers, network address translators, intrusion detection systems, intrusion prevention systems, etc.
    Type: Grant
    Filed: December 18, 2015
    Date of Patent: December 4, 2018
    Assignee: NICIRA, INC.
    Inventors: Srinivas Nimmagadda, Jayant Jain, Anirban Sengupta, Subrahmanyam Manuguri, Alok S. Tiagi
  • Patent number: 10051002
    Abstract: Some embodiments provide novel methods for processing remote-device data messages in a network based on data-message attributes from a remote device management (RDM) system. For instance, the method of some embodiments identifies a set of RDM attributes associated with a data message, and then performs one or more service operations based on identified RDM attribute set.
    Type: Grant
    Filed: November 1, 2015
    Date of Patent: August 14, 2018
    Assignee: NICIRA, INC.
    Inventors: Jayant Jain, Anirban Sengupta, Srinivas Nimmagadda, Alok S. Tiagi, Kausum Kumar
  • Publication number: 20180176102
    Abstract: A method for visualizing network flows of a network is provided. The method monitors network flows between a group of machines in a network. The method associates identifiers with the monitored network flows. The method aggregates the monitored network flows into a set of groups based on the associated identifiers. The method displays a set of flow records for the each group of the set of groups.
    Type: Application
    Filed: September 25, 2017
    Publication date: June 21, 2018
    Inventors: Kaushal Bansal, Uday Masurekar, Srinivas Nimmagadda, Jingmin Zhou, Abhishek Goliya, Amit Chopra, Kausum Kumar
  • Publication number: 20180176252
    Abstract: A method of creating micro-segmentation policy for a network is provided. The method monitors the network packet traffic to identify network traffic types and patterns. The method, based on the network traffic types and patterns, identifies a set of components as an affinity group associated with each application. The method generates an application template that includes a set of application components for each application based on information provided by the vendor of the application. The method creates micro-segmentation policy for the network based on a mapping of the components of each affinity group into the components of the template generated for the associated application.
    Type: Application
    Filed: December 16, 2016
    Publication date: June 21, 2018
    Inventors: Srinivas Nimmagadda, Jayant Jain, Anirban Sengupta
  • Publication number: 20180063195
    Abstract: Some embodiments provide a method for defining an adaptable monitoring profile for a network. The defined network monitoring profile is independent of the security policy defined for the network and includes one or more log generation rules, each of which defines a logging policy for a set of data compute nodes (DCNs) that share a common attribute. A log generation rule specifies whether the network activities of a set of DCNs that share a common attribute should be logged or not. A log generation rule can also specify other logging parameters such as priority level of the logs and the required logging protocol for transmission of the logs. The logging policy of a log generation rule is associated with a set of service rules (e.g., firewall rules) through a dynamic service group, and is applied to the service rules when any of these rules is triggered.
    Type: Application
    Filed: April 18, 2017
    Publication date: March 1, 2018
    Inventors: Srinivas Nimmagadda, Jayant Jain, Anirban Sengupta
  • Patent number: 9906560
    Abstract: Some embodiments provide novel methods for processing remote-device data messages in a network based on data-message attributes from a remote device management (RDM) system. For instance, the method of some embodiments identifies a set of RDM attributes associated with a data message, and then performs one or more service operations based on identified RDM attribute set.
    Type: Grant
    Filed: November 1, 2015
    Date of Patent: February 27, 2018
    Assignee: NICIRA, INC.
    Inventors: Jayant Jain, Anirban Sengupta, Srinivas Nimmagadda, Alok S. Tiagi, Kausum Kumar
  • Patent number: 9906562
    Abstract: Some embodiments provide novel methods for processing remote-device data messages in a network based on data-message attributes from a remote device management (RDM) system. For instance, the method of some embodiments identifies a set of RDM attributes associated with a data message, and then performs one or more service operations based on identified RDM attribute set.
    Type: Grant
    Filed: November 1, 2015
    Date of Patent: February 27, 2018
    Assignee: NICIRA, INC.
    Inventors: Jayant Jain, Anirban Sengupta, Srinivas Nimmagadda, Alok S. Tiagi, Kausum Kumar
  • Patent number: 9906561
    Abstract: Some embodiments provide novel methods for processing remote-device data messages in a network based on data-message attributes from a remote device management (RDM) system. For instance, the method of some embodiments identifies a set of RDM attributes associated with a data message, and then performs one or more service operations based on identified RDM attribute set.
    Type: Grant
    Filed: November 1, 2015
    Date of Patent: February 27, 2018
    Assignee: NICIRA, INC.
    Inventors: Jayant Jain, Anirban Sengupta, Srinivas Nimmagadda, Alok S. Tiagi, Kausum Kumar
  • Patent number: 9894103
    Abstract: Some embodiments provide novel methods for processing remote-device data messages in a network based on data-message attributes from a remote device management (RDM) system. For instance, the method of some embodiments identifies a set of RDM attributes associated with a data message, and then performs one or more service operations based on identified RDM attribute set.
    Type: Grant
    Filed: November 1, 2015
    Date of Patent: February 13, 2018
    Assignee: NICIRA, INC.
    Inventors: Leung Tao Kwok, Sulay Shah, Craig Newell, Adam Rykowski, Sridhar Kommireddy, Utkarsh Singh, Sagar Date, Kausum Kumar, Anirban Sengupta, Srinivas Nimmagadda, Jayant Jain, Uday Masurekar, Ravishankar Chamarajnagar
  • Patent number: 9860279
    Abstract: Some embodiments provide novel methods for processing remote-device data messages in a network based on data-message attributes from a remote device management (RDM) system. For instance, the method of some embodiments identifies a set of RDM attributes associated with a data message, and then performs one or more service operations based on identified RDM attribute set.
    Type: Grant
    Filed: November 1, 2015
    Date of Patent: January 2, 2018
    Assignee: NICIRA, INC.
    Inventors: Jayant Jain, Anirban Sengupta, Srinivas Nimmagadda, Alok S. Tiagi, Kausum Kumar
  • Publication number: 20170180321
    Abstract: Some embodiments of the invention introduce cloud template awareness in the service policy framework. Some embodiments provide one or more service rule processing engines that natively support (1) template-specific dynamic groups and template-specific rules, and (2) dynamic security tag concepts. A service rule processing engine of some embodiments natively supports template-specific dynamic groups and rules as it can directly process service rules that are defined in terms of dynamic component groups, template identifiers, template instance identifiers, and/or template match criteria. Examples of such services can include any kind of middlebox services, such as firewalls, load balancers, network address translators, intrusion detection systems, intrusion prevention systems, etc.
    Type: Application
    Filed: December 18, 2015
    Publication date: June 22, 2017
    Inventors: Srinivas Nimmagadda, Jayant Jain, Anirban Sengupta, Subrahmanyam Manuguri, Alok S. Tiagi
  • Publication number: 20170180319
    Abstract: Some embodiments of the invention introduce cloud template awareness in the service policy framework. Some embodiments provide one or more service rule processing engines that natively support (1) template-specific dynamic groups and template-specific rules, and (2) dynamic security tag concepts. A service rule processing engine of some embodiments natively supports template-specific dynamic groups and rules as it can directly process service rules that are defined in terms of dynamic component groups, template identifiers, template instance identifiers, and/or template match criteria. Examples of such services can include any kind of middlebox services, such as firewalls, load balancers, network address translators, intrusion detection systems, intrusion prevention systems, etc.
    Type: Application
    Filed: December 18, 2015
    Publication date: June 22, 2017
    Inventors: Srinivas Nimmagadda, Jayant Jain, Anirban Sengupta, Subrahmanyam Manuguri, Alok S. Tiagi
  • Publication number: 20170180423
    Abstract: Some embodiments of the invention introduce cloud template awareness in the service policy framework. Some embodiments provide one or more service rule processing engines that natively support (1) template-specific dynamic groups and template-specific rules, and (2) dynamic security tag concepts. A service rule processing engine of some embodiments natively supports template-specific dynamic groups and rules as it can directly process service rules that are defined in terms of dynamic component groups, template identifiers, template instance identifiers, and/or template match criteria. Examples of such services can include any kind of middlebox services, such as firewalls, load balancers, network address translators, intrusion detection systems, intrusion prevention systems, etc.
    Type: Application
    Filed: December 18, 2015
    Publication date: June 22, 2017
    Inventors: Srinivas Nimmagadda, Jayant Jain, Anirban Sengupta, Subrahmanyam Manuguri, Alok S. Tiagi
  • Publication number: 20170180320
    Abstract: Some embodiments of the invention introduce cloud template awareness in the service policy framework. Some embodiments provide one or more service rule processing engines that natively support (1) template-specific dynamic groups and template-specific rules, and (2) dynamic security tag concepts. A service rule processing engine of some embodiments natively supports template-specific dynamic groups and rules as it can directly process service rules that are defined in terms of dynamic component groups, template identifiers, template instance identifiers, and/or template match criteria. Examples of such services can include any kind of middlebox services, such as firewalls, load balancers, network address translators, intrusion detection systems, intrusion prevention systems, etc.
    Type: Application
    Filed: December 18, 2015
    Publication date: June 22, 2017
    Inventors: Srinivas Nimmagadda, Jayant Jain, Anirban Sengupta, Subrahmanyam Manuguri, Alok S. Tiagi
  • Publication number: 20170126516
    Abstract: A method of collecting health check metrics for a network is provided. The method, at a deep packet inspector on a physical host in a datacenter, receives a copy of a network packet from a load balancer. The packet includes a plurality of layers. Each layer corresponds to a communication protocol in a plurality of communication protocols. The method identifies an application referenced in the packet. The method analyzes the information in one or more layers of the packet to determine metrics for the source application. The method sends the determined metrics to the load balancer.
    Type: Application
    Filed: January 13, 2016
    Publication date: May 4, 2017
    Inventors: Alok Tiagi, Jayant Jain, Anirban Sengupta, Srinivas Nimmagadda, Rick Lund