Patents by Inventor Suraj Nellikar
Suraj Nellikar has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11438236Abstract: Systems, methods, and computer-readable storage media are provided for managing connected data transfer sessions in a computing network. A controller included in the computing network can monitor connected data transfer sessions to determine whether a predetermined threshold has been met or exceeded and, if so, terminate at least one connected data transfer session in the computing network. The threshold can include a threshold number of connected data communication sessions and/or a threshold amount of resources utilized by the connected data communication sessions. The controller can terminate connected data transfer sessions until the total number of connected data communication sessions and/or threshold amount of resources falls below the threshold.Type: GrantFiled: September 9, 2020Date of Patent: September 6, 2022Assignee: Cisco Technology, Inc.Inventors: Joji Thomas Mekkattuparamban, Suraj Nellikar
-
Publication number: 20200412618Abstract: Systems, methods, and computer-readable storage media are provided for managing connected data transfer sessions in a computing network. A controller included in the computing network can monitor connected data transfer sessions to determine whether a predetermined threshold has been met or exceeded and, if so, terminate at least one connected data transfer session in the computing network. The threshold can include a threshold number of connected data communication sessions and/or a threshold amount of resources utilized by the connected data communication sessions. The controller can terminate connected data transfer sessions until the total number of connected data communication sessions and/or threshold amount of resources falls below the threshold.Type: ApplicationFiled: September 9, 2020Publication date: December 31, 2020Inventors: Joji Thomas Mekkattuparamban, Suraj Nellikar
-
Patent number: 10791031Abstract: Systems, methods, and computer-readable storage media are provided for managing connected data transfer sessions in a computing network. A controller included in the computing network can monitor connected data transfer sessions to determine whether a predetermined threshold has been met or exceeded and, if so, terminate at least one connected data transfer session in the computing network. The threshold can include a threshold number of connected data communication sessions and/or a threshold amount of resources utilized by the connected data communication sessions. The controller can terminate connected data transfer sessions until the total number of connected data communication sessions and/or threshold amount of resources falls below the threshold.Type: GrantFiled: July 8, 2015Date of Patent: September 29, 2020Assignee: CISCO TECHNOLOGY, INC.Inventors: Joji Thomas Mekkattuparamban, Suraj Nellikar
-
Patent number: 10659358Abstract: Systems, methods, and computer-readable media provide for collection of statistics relating to network traffic between virtual machines (VMs) in a network. In an example embodiment, a virtual switch hosted on a physical server provides network address information of VMs deployed on the physical server to a virtual switch controller. The controller collects this network address information from each virtual switch under its control, and distributes the aggregate address information to each switch. In this manner, the controller and each switch within the controller's domain can learn the network address information of each VM deployed on physical servers hosting switches under the controller's control. Each virtual switch can determine a classification of a frame passing through the switch (e.g., intra-server, inter-server and intra-domain, or inter-domain traffic), and statistics relating to the traffic.Type: GrantFiled: September 5, 2017Date of Patent: May 19, 2020Assignee: CISCO TECHNOLOGY, INC.Inventors: Suraj Nellikar, Maithili Narasimha
-
Publication number: 20180013675Abstract: Systems, methods, and computer-readable media provide for collection of statistics relating to network traffic between virtual machines (VMs) in a network. In an example embodiment, a virtual switch hosted on a physical server provides network address information of VMs deployed on the physical server to a virtual switch controller. The controller collects this network address information from each virtual switch under its control, and distributes the aggregate address information to each switch. In this manner, the controller and each switch within the controller's domain can learn the network address information of each VM deployed on physical servers hosting switches under the controller's control. Each virtual switch can determine a classification of a frame passing through the switch (e.g., intra-server, inter-server and intra-domain, or inter-domain traffic), and statistics relating to the traffic.Type: ApplicationFiled: September 5, 2017Publication date: January 11, 2018Inventors: Suraj Nellikar, Maithili Narasimha
-
Patent number: 9781037Abstract: Systems, methods, and computer-readable media provide for collection of statistics relating to network traffic between virtual machines (VMs) in a network. In an example embodiment, a virtual switch hosted on a physical server provides network address information of VMs deployed on the physical server to a virtual switch controller. The controller collects this network address information from each virtual switch under its control, and distributes the aggregate address information to each switch. In this manner, the controller and each switch within the controller's domain can learn the network address information of each VM deployed on physical servers hosting switches under the controller's control. Each virtual switch can determine a classification of a frame passing through the switch (e.g., intra-server, inter-server and intra-domain, or inter-domain traffic), and statistics relating to the traffic.Type: GrantFiled: September 15, 2015Date of Patent: October 3, 2017Assignee: Cisco Technology, Inc.Inventors: Suraj Nellikar, Maithili Narasimha
-
Publication number: 20170078198Abstract: Systems, methods, and computer-readable media provide for collection of statistics relating to network traffic between virtual machines (VMs) in a network. In an example embodiment, a virtual switch hosted on a physical server provides network address information of VMs deployed on the physical server to a virtual switch controller. The controller collects this network address information from each virtual switch under its control, and distributes the aggregate address information to each switch. In this manner, the controller and each switch within the controller's domain can learn the network address information of each VM deployed on physical servers hosting switches under the controller's control. Each virtual switch can determine a classification of a frame passing through the switch (e.g., intra-server, inter-server and intra-domain, or inter-domain traffic), and statistics relating to the traffic.Type: ApplicationFiled: September 15, 2015Publication date: March 16, 2017Inventors: Suraj Nellikar, Maithili Narasimha
-
Publication number: 20160352597Abstract: Systems, methods, and computer-readable storage media are provided for managing connected data transfer sessions in a computing network. A controller included in the computing network can monitor connected data transfer sessions to determine whether a predetermined threshold has been met or exceeded and, if so, terminate at least one connected data transfer session in the computing network. The threshold can include a threshold number of connected data communication sessions and/or a threshold amount of resources utilized by the connected data communication sessions. The controller can terminate connected data transfer sessions until the total number of connected data communication sessions and/or threshold amount of resources falls below the threshold.Type: ApplicationFiled: July 8, 2015Publication date: December 1, 2016Inventors: Joji Thomas Mekkattuparamban, Suraj Nellikar
-
Patent number: 9491094Abstract: An example method for path optimization in distributed service chains in a network environment is provided and includes receiving information about inter-node latency of a distributed service chain in a network environment comprising a distributed virtual switch (DVS), where the inter-node latency is derived at least from packet headers of respective packets traversing a plurality of service nodes comprising the distributed service chain, and modifying locations of the service nodes in the DVS to reduce the inter-node latency. In specific embodiments, the method further includes storing and time-stamping a path history of each packet in a network service header portion of the respective packet header. A virtual Ethernet Module (VEM) of the DVS stores and time-stamps the path history and a last VEM in the distributed service chain calculates runtime traffic latencies from the path history and sends the calculated runtime traffic latencies to a virtual supervisor module.Type: GrantFiled: September 25, 2013Date of Patent: November 8, 2016Assignee: CISCO TECHONOLOGY, INC.Inventors: Sourabh Suresh Patwardhan, Maithili Narasimha, Suraj Nellikar
-
Patent number: 9380025Abstract: An example method is provided and, in an example embodiment, includes receiving a data packet at an ingress switch function, the data packet associated with a data packet flow; obtaining access control information associated with a destination of the data packet flow from a centralized service engine; and performing access filtering on the data packet flow at the ingress switch function using the access control information.Type: GrantFiled: July 3, 2013Date of Patent: June 28, 2016Assignee: CISCO TECHNOLOGY, INC.Inventors: Suraj Nellikar, Maithili Narasimha
-
Patent number: 9288162Abstract: In one embodiment, a method includes identifying at a network device, characteristics of a distributed virtual switch comprising a control plane component and a plurality of data plane components, grouping the data plane components, and adapting operation of the distributed virtual switch for one or more groups of the data plane components based on the characteristics. An apparatus and logic are also disclosed herein.Type: GrantFiled: August 3, 2012Date of Patent: March 15, 2016Assignee: Cisco Technology, Inc.Inventors: Suraj Nellikar, Maithili Narasimha, Anuraag Mittal
-
Patent number: 9122507Abstract: A method is provided in one example embodiment that includes detecting a migration of a virtual machine from an origination host to a destination host and comparing a first root bridge to a second root bridge to verify data link layer continuity of the virtual network on the destination host. The virtual machine is connected to a virtual network, the first root bridge is associated with the virtual network on the origination host and the second root bridge is associated with the virtual network on the destination host. The method may further include blocking the migration if the first root bridge and the second root bridge are not the same.Type: GrantFiled: February 18, 2012Date of Patent: September 1, 2015Assignee: CISCO TECHNOLOGY, INC.Inventors: Udayakumar Srinivasan, Anuraag Mittal, Sudarshana Kandachar Sridhara Rao, Suraj Nellikar
-
Publication number: 20150085870Abstract: An example method for co-operative load sharing and redundancy in distributed service chains is provided and includes deriving a service chain comprising a plurality of services in a distributed virtual switch (DVS) network environment, where a first service node provides a first portion of a specific service in the plurality of services to a packet traversing the network, and a second service node provides a second portion of the specific service to the packet, and configuring service forwarding tables at virtual Ethernet Modules associated with respective service nodes in the service chain. In a specific embodiment, the first service node and the second service node provide substantially identical service functions to the packet, wherein the specific service comprises the service functions. In various embodiments, each service node tags each packet to indicate a service completion history of service functions performed on the packet at the service node.Type: ApplicationFiled: September 25, 2013Publication date: March 26, 2015Applicant: CISCO TECHNOLOGY, INC.Inventors: Maithili Narasimha, Suraj Nellikar, Sourabh Suresh Patwardhan, Srinivas Sardar
-
Publication number: 20150089082Abstract: An example method for path optimization in distributed service chains in a network environment is provided and includes receiving information about inter-node latency of a distributed service chain in a network environment comprising a distributed virtual switch (DVS), where the inter-node latency is derived at least from packet headers of respective packets traversing a plurality of service nodes comprising the distributed service chain, and modifying locations of the service nodes in the DVS to reduce the inter-node latency. In specific embodiments, the method further includes storing and time-stamping a path history of each packet in a network service header portion of the respective packet header. A virtual Ethernet Module (VEM) of the DVS stores and time-stamps the path history and a last VEM in the distributed service chain calculates runtime traffic latencies from the path history and sends the calculated runtime traffic latencies to a virtual supervisor module.Type: ApplicationFiled: September 25, 2013Publication date: March 26, 2015Applicant: CISCO TECHNOLOGY, INC.Inventors: Sourabh Suresh Patwardhan, Maithili Narasimha, Suraj Nellikar
-
Patent number: 8948054Abstract: An example method is provided and may include multicasting a discovery packet in an overlay network, which includes a Layer 2 scheme over a Layer 3 network; and identifying endpoints based on their respective responses to the discovery packet, where the endpoints are coupled across a multicast backbone. In more specific embodiments, the method may include identifying disconnected endpoints in the overlay network based on a lack of responses from the disconnected endpoints.Type: GrantFiled: December 30, 2011Date of Patent: February 3, 2015Assignee: Cisco Technology, Inc.Inventors: Lawrence Kreeger, Suraj Nellikar, Sudarshana Kandachar Sridhara Rao, Udayakumar Srinivasan, Anuraag Mittal, Lilian Sylvia Fernandes
-
Patent number: 8949931Abstract: A method includes determining an application role in a distributed application in a network environment, generating a role profile for the application role from an interaction pattern, mapping the role profile to a virtual machine (VM), and detecting a security breach of the VM. Determining the application role includes obtaining network traces from the distributed application, and analyzing the network traces to extract the application role. In one embodiment, detection of the security breach includes generating an access control policy for the VM from the role profile, and determining an anomaly in traffic based thereon. In another embodiment, detection of the security breach includes inserting the role profile in a port profile of the VM, generating a small state machine from the role profile, running the small state machine on a port associated with the VM, and inspecting, by the small state machine, an application level traffic at the port.Type: GrantFiled: May 2, 2012Date of Patent: February 3, 2015Assignee: Cisco Technology, Inc.Inventors: Vina Ermagan, Suraj Nellikar, Sudarshana Kandachar Sridhara Rao, Fabio R. Maino, Massimiliano Menarini
-
Publication number: 20150012998Abstract: An example method is provided and, in an example embodiment, includes receiving a data packet at an ingress switch function, the data packet associated with a data packet flow; obtaining access control information associated with a destination of the data packet flow from a centralized service engine; and performing access filtering on the data packet flow at the ingress switch function using the access control information.Type: ApplicationFiled: July 3, 2013Publication date: January 8, 2015Applicant: CISCO TECHNOLOGY, INC.Inventors: Suraj Nellikar, Maithili Narasimha
-
Publication number: 20140036730Abstract: In one embodiment, a method includes identifying at a network device, characteristics of a distributed virtual switch comprising a control plane component and a plurality of data plane components, grouping the data plane components, and adapting operation of the distributed virtual switch for one or more groups of the data plane components based on the characteristics. An apparatus and logic are also disclosed herein.Type: ApplicationFiled: August 3, 2012Publication date: February 6, 2014Applicant: CISCO TECHNOLOGY, INC.Inventors: Suraj Nellikar, Maithili Narasimha, Anuraag Mittal
-
Patent number: 8584215Abstract: A method is provided in one example implementation and includes identifying a plurality of exporters that are authorized to communicate data to a collector on behalf of a secure domain; generating secure credentials for the secure domain; communicating the secure credentials to the collector; and authenticating the exporters using the secure credentials. In more particular implementations, the method can include receiving the secure credentials; receiving certain data that includes identifying information, which further includes an Internet protocol (IP) address of a source associated with the certain data; accepting the certain data if the secure credentials validate the identifying information; and rejecting the certain data if the secure credentials do not validate the identifying information.Type: GrantFiled: February 7, 2012Date of Patent: November 12, 2013Assignee: Cisco Technology, Inc.Inventors: Maithili Narasimha, Suraj Nellikar, Srinivas Sardar
-
Publication number: 20130298184Abstract: A method includes determining an application role in a distributed application in a network environment, generating a role profile for the application role from an interaction pattern, mapping the role profile to a virtual machine (VM), and detecting a security breach of the VM. Determining the application role includes obtaining network traces from the distributed application, and analyzing the network traces to extract the application role. In one embodiment, detection of the security breach includes generating an access control policy for the VM from the role profile, and determining an anomaly in traffic based thereon. In another embodiment, detection of the security breach includes inserting the role profile in a port profile of the VM, generating a small state machine from the role profile, running the small state machine on a port associated with the VM, and inspecting, by the small state machine, an application level traffic at the port.Type: ApplicationFiled: May 2, 2012Publication date: November 7, 2013Inventors: Vina Ermagan, Suraj Nellikar, Sudarshana Kandachar Sridhara Rao, Fabio R. Maino, Massimiliano Menarini