Patents by Inventor Stefan Olofsson
Stefan Olofsson has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Publication number: 20240129245Abstract: A method for routing is disclosed. The method comprises provisioning an endpoint in a network with a reactive path selection policy; monitoring, by the endpoint, current conditions relating to various paths available to said end point for the transmission of traffic; and selectively applying, by the endpoint, at least a portion of the reactive path selection policy based on the current conditions of the available paths.Type: ApplicationFiled: June 21, 2023Publication date: April 18, 2024Inventor: Lars Olof Stefan Olofsson
-
Patent number: 11924172Abstract: Methods for establishing a stateless extranet in a secure communication network include transmitting a consumer NHOP to a provider CPE from a consumer CPE in a control plane. The consumer NHOP is associated with at least one attribute of an NHOP, including an encryption key available with the consumer CPE, to establish a secure communication tunnel in a data plane. The consumer CPE receives a service definition over the control plane associated with a service available with the provider CPE. A service anchor point is created based on an identifier of the service definition. A network address translation (NAT) IP request is transmitted to the provider CPE. The consumer CPE receives a NAT IP from the provider CPE in response to the NAT IP request. The NAT IP is associated with the service anchor point of the consumer CPE. A stateless service is thereby instantiated on the consumer CPE.Type: GrantFiled: October 27, 2021Date of Patent: March 5, 2024Assignee: GRAPHIANT, INC.Inventors: Stefan Olofsson, Neale Ranns, Mandeep Rohilla, IJsbrand Wijnands, Cameron Ferdinands
-
Publication number: 20230362067Abstract: Systems, methods, and computer-readable media for locally applying endpoint-specific policies to an endpoint in a network environment. A network device local to one or more endpoints in a network environment can receive from a centralized network controller one or more network-wide endpoint policies. A first endpoint of the one or more endpoints can be configured to inject policy metadata into first data traffic. Policy metadata injected into the first traffic data can be received from the first endpoint. The network device can determine one or more first endpoint-specific polices for the first endpoint by evaluation the first policy metadata with respect to the one or more network-wide endpoint policies. As follows, the one or more first endpoint-specific policies can be applied to control data traffic associated with the first endpoint.Type: ApplicationFiled: July 17, 2023Publication date: November 9, 2023Inventors: Alberto Rodriquez Natal, Hendrikus G.P. Bosch, Fabio Maino, Lars Olaf Stefan Olofsson, Jeffrey Napper, Anubhav Gupta
-
Publication number: 20230300134Abstract: In one embodiment, an apparatus includes one or more processors and one or more computer-readable non-transitory storage media coupled to the one or more processors. The one or more computer-readable non-transitory storage media include instructions that, when executed by the one or more processors, cause the apparatus to perform operations including receiving a user credential from a remote access client within a network and communicating the user credential to an authentication, authorization and accounting (AAA) server within the network. The operations also include receiving a user attribute from the AAA server and generating a contextual label based on the user attribute. The contextual label includes routing instructions associated with traffic behavior within the network. The operations further include advertising a control message, which includes the contextual label, to the remote access client.Type: ApplicationFiled: May 24, 2023Publication date: September 21, 2023Inventors: Stefan Olofsson, Ijsbrand Wijnands, Hendrikus G.P. Bosch
-
Patent number: 11743141Abstract: Systems, methods, and computer-readable media for locally applying endpoint-specific policies to an endpoint in a network environment. A network device local to one or more endpoints in a network environment can receive from a centralized network controller one or more network-wide endpoint policies. A first endpoint of the one or more endpoints can be configured to inject policy metadata into first data traffic. Policy metadata injected into the first traffic data can be received from the first endpoint. The network device can determine one or more first endpoint-specific polices for the first endpoint by evaluation the first policy metadata with respect to the one or more network-wide endpoint policies. As follows, the one or more first endpoint-specific policies can be applied to control data traffic associated with the first endpoint.Type: GrantFiled: November 30, 2021Date of Patent: August 29, 2023Assignee: Cisco Technology, Inc.Inventors: Alberto Rodriguez Natal, Hendrikus G. P. Bosch, Fabio Maino, Lars Olaf Stefan Olofsson, Jeffrey Napper, Anubhav Gupta
-
Patent number: 11722420Abstract: A method for routing is disclosed. The method comprises provisioning an endpoint in a network with a reactive path selection policy; monitoring, by the endpoint, current conditions relating to various paths available to said end point for the transmission of traffic; and selectively applying, by the endpoint, at least a portion of the reactive path selection policy based on the current conditions of the available paths.Type: GrantFiled: January 20, 2021Date of Patent: August 8, 2023Assignee: Cisco Technology, Inc.Inventor: Lars Olof Stefan Olofsson
-
Patent number: 11695690Abstract: Embodiments of a method of communicating a packet by a network address translation (NAT) enabled router, are described. In an embodiment, the method includes receiving a return packet to be communicated to a destination. The destination is associated with a first source address in the context of a forward packet. The method further includes determining a return path to transmit the return packet to the destination based on security association data. The security association data is pre-recorded in a routing table of the NAT enabled router when the forward packet is received, prior to receiving the return packet, over a forward path established between the NAT enabled router and an enterprise node. The security association data uniquely identifies the forward path as the return path.Type: GrantFiled: November 8, 2021Date of Patent: July 4, 2023Assignee: GRAPHIANT, INC.Inventors: Ijsbrand Wijnands, Stefan Olofsson, Khalid Raza, Neale Ranns
-
Patent number: 11683308Abstract: In one embodiment, an apparatus includes one or more processors and one or more computer-readable non-transitory storage media coupled to the one or more processors. The one or more computer-readable non-transitory storage media include instructions that, when executed by the one or more processors, cause the apparatus to perform operations including receiving a user credential from a remote access client within a network and communicating the user credential to an authentication, authorization and accounting (AAA) server within the network. The operations also include receiving a user attribute from the AAA server and generating a contextual label based on the user attribute. The contextual label includes routing instructions associated with traffic behavior within the network. The operations further include advertising a control message, which includes the contextual label, to the remote access client.Type: GrantFiled: September 6, 2019Date of Patent: June 20, 2023Assignee: CISCO TECHNOLOGY, INC.Inventors: Stefan Olofsson, Ijsbrand Wijnands, Hendrikus G. P. Bosch
-
Publication number: 20230007620Abstract: According to certain embodiments, a system comprises one or more processors and one or more computer-readable non-transitory storage media comprising instructions that, when executed by the one or more processors, cause one or more components of the system to perform operations comprising: receiving location data associated with a plurality of remote users accessing one or more existing remote access gateways that are located at one or more network locations; building a heatmap of user locations based at least in part on the received location data; and identifying, from the heatmap of user locations, at least one new network location in which to generate at least one new remote access gateway, or at least one existing network location in which to remove at least one of the existing remote access gateways.Type: ApplicationFiled: September 12, 2022Publication date: January 5, 2023Inventors: Anubhav Gupta, Hendrikus G.P. Bosch, Vamsidhar Valluri, Stefan Olofsson
-
Patent number: 11546312Abstract: A method may include determining, by a first network device, a type of control channel to open across a transport in a software-defined network (SDN). The method may also include establishing the control channel with a control device via a control plane that is separate from a data plane. The method may further include advertising first security association parameters to the control device via the control channel. The method may include receiving, from the control device via the control channel, second security association parameters associated with a second network device. The method may also include establishing a data plane connection with the second network device using the second security association parameters.Type: GrantFiled: September 21, 2020Date of Patent: January 3, 2023Assignee: Cisco Technology, Inc.Inventors: Syed Khalid Raza, Mosaddaq Hussain Turabi, Lars Olaf Stefan Olofsson, Atif Khan, Praveen Raju Kariyanahalli
-
Patent number: 11483796Abstract: According to certain embodiments, a system comprises one or more processors and one or more computer-readable non-transitory storage media comprising instructions that, when executed by the one or more processors, cause one or more components of the system to perform operations comprising: receiving location data associated with a plurality of remote users accessing one or more existing remote access gateways that are located at one or more network locations; building a heatmap of user locations based at least in part on the received location data; and identifying, from the heatmap of user locations, at least one new network location in which to generate at least one new remote access gateway, or at least one existing network location in which to remove at least one of the existing remote access gateways.Type: GrantFiled: November 25, 2019Date of Patent: October 25, 2022Assignee: CISCO TECHNOLOGY, INC.Inventors: Anubhav Gupta, Hendrikus G. P. Bosch, Vamsidhar Valluri, Stefan Olofsson
-
Publication number: 20220086061Abstract: Systems, methods, and computer-readable media for locally applying endpoint-specific policies to an endpoint in a network environment. A network device local to one or more endpoints in a network environment can receive from a centralized network controller one or more network-wide endpoint policies. A first endpoint of the one or more endpoints can be configured to inject policy metadata into first data traffic. Policy metadata injected into the first traffic data can be received from the first endpoint. The network device can determine one or more first endpoint-specific polices for the first endpoint by evaluation the first policy metadata with respect to the one or more network-wide endpoint policies. As follows, the one or more first endpoint-specific policies can be applied to control data traffic associated with the first endpoint.Type: ApplicationFiled: November 30, 2021Publication date: March 17, 2022Inventors: Alberto Rodriguez Natal, Hendrikus G.P. Bosch, Fabio Maino, Lars Olaf Stefan Olofsson, Jeffrey Napper, Anubhav Gupta
-
Patent number: 11277337Abstract: In one embodiment, a method includes detecting a request to route traffic to a service associated with an application. The method also includes identifying an application identifier associated with the application and selecting, using the application identifier, a label from a plurality of labels included in a routing table. The label includes one or more routes. The method further includes routing the traffic to the service associated with the application using the label.Type: GrantFiled: January 23, 2020Date of Patent: March 15, 2022Assignee: CISCO TECHNOLOGY, INC.Inventors: Hendrikus G. P. Bosch, Stefan Olofsson, Ijsbrand Wijnands, Anubhav Gupta, Jeffrey Napper, Sape Jurriƫn Mullender
-
Patent number: 11201800Abstract: Systems, methods, and computer-readable media for locally applying endpoint-specific policies to an endpoint in a network environment. A network device local to one or more endpoints in a network environment can receive from a centralized network controller one or more network-wide endpoint policies. A first endpoint of the one or more endpoints can be configured to inject policy metadata into first data traffic. Policy metadata injected into the first traffic data can be received from the first endpoint. The network device can determine one or more first endpoint-specific polices for the first endpoint by evaluation the first policy metadata with respect to the one or more network-wide endpoint policies. As follows, the one or more first endpoint-specific policies can be applied to control data traffic associated with the first endpoint.Type: GrantFiled: February 5, 2020Date of Patent: December 14, 2021Assignee: CISCO TECHNOLOGY, INC.Inventors: Alberto Rodriguez Natal, Hendrikus G. P. Bosch, Fabio Maino, Lars Olaf Stefan Olofsson, Jeffrey Napper, Anubhav Gupta
-
Publication number: 20210369309Abstract: In one embodiment, a router includes one or more processors and one or more computer-readable non-transitory storage media coupled to the one or more processors. The one or more computer-readable non-transitory storage media include instructions that, when executed by the one or more processors, cause the router to perform operations including receiving software-defined networking in a wide area network (SD-WAN) policies from a component of an SD-WAN network. The operations also include establishing a session with a mobile device and receiving information associated with the mobile device in response to establishing the session with the mobile device. The operations further include filtering the SD-WAN policies based on the information associated with the mobile device to generate SD-WAN device-specific policies and communicating the SD-WAN device-specific policies to the mobile device.Type: ApplicationFiled: August 16, 2021Publication date: December 2, 2021Inventors: Stefan Olofsson, Ijsbrand Wijnands, Hendrikus G.P. Bosch, Jeffrey Napper, Anubhav Gupta
-
Patent number: 11129023Abstract: In one embodiment, a router includes one or more processors and one or more computer-readable non-transitory storage media coupled to the one or more processors. The one or more computer-readable non-transitory storage media include instructions that, when executed by the one or more processors, cause the router to perform operations including receiving software-defined networking in a wide area network (SD-WAN) policies from a component of an SD-WAN network. The operations also include establishing a session with a mobile device and receiving information associated with the mobile device in response to establishing the session with the mobile device. The operations further include filtering the SD-WAN policies based on the information associated with the mobile device to generate SD-WAN device-specific policies and communicating the SD-WAN device-specific policies to the mobile device.Type: GrantFiled: September 18, 2019Date of Patent: September 21, 2021Assignee: Cisco Technology, Inc.Inventors: Stefan Olofsson, Ijsbrand Wijnands, Hendrikus G. P. Bosch, Jeffrey Napper, Anubhav Gupta
-
Patent number: 11088992Abstract: A method for operating a network is provided. The method comprises segmenting the network into a plurality of virtual private networks, wherein each virtual private network runs on an underlying physical network; and wherein each virtual private network represents a particular context; and configuring at least some nodes within the network to send and receive traffic based on context.Type: GrantFiled: August 9, 2019Date of Patent: August 10, 2021Assignee: CISCO TECHNOLOGY, INC.Inventors: Lars Olof Stefan Olofsson, Atif Khan, Syed Khalid Raza, Himanshu H. Shah, Amir Khan, Nehal Bhau
-
Publication number: 20210243095Abstract: A method may include receiving a domain name system (DNS) query at a network device, where the DNS query may be associated with a traffic flow identified for rerouting through an alternative path utilizing an alternative network device instead of a default path. The method may also include rewriting the DNS query such that the DNS query is routed through the alternative network device along the alternative path and to a DNS server associated with the alternative path. The method may additionally include receiving a DNS response from the DNS server, where a resource identified in the DNS response may be based on the DNS query coming through the alternative network device.Type: ApplicationFiled: April 23, 2021Publication date: August 5, 2021Inventors: Murtuza Attarwala, Lars Olof Stefan Olofsson, Himanshu Shah
-
Publication number: 20210218683Abstract: A method for routing is disclosed. The method comprises provisioning an endpoint in a network with a reactive path selection policy; monitoring, by the endpoint, current conditions relating to various paths available to said end point for the transmission of traffic; and selectively applying, by the endpoint, at least a portion of the reactive path selection policy based on the current conditions of the available paths.Type: ApplicationFiled: January 20, 2021Publication date: July 15, 2021Inventor: Lars Olof Stefan Olofsson
-
Publication number: 20210160813Abstract: According to certain embodiments, a system comprises one or more processors and one or more computer-readable non-transitory storage media comprising instructions that, when executed by the one or more processors, cause one or more components of the system to perform operations comprising: receiving location data associated with a plurality of remote users accessing one or more existing remote access gateways that are located at one or more network locations; building a heatmap of user locations based at least in part on the received location data; and identifying, from the heatmap of user locations, at least one new network location in which to generate at least one new remote access gateway, or at least one existing network location in which to remove at least one of the existing remote access gateways.Type: ApplicationFiled: November 25, 2019Publication date: May 27, 2021Inventors: Anubhav Gupta, Hendrikus G.P. Bosch, Vamsidhar Valluri, Stefan Olofsson