Patents by Inventor Syam Sundar Appala
Syam Sundar Appala has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Publication number: 20230261981Abstract: In one embodiment, a method by an edge router configured to operate at a first site of a software-defined wide-area network includes receiving a data packet from a first host located in the first site, where the data packet is destined to a second host located in a second site, determining that an identifier of a second group to which the second host belongs is not available at the edge router, sending a request for an identifier of the second group to a network apparatus, where the request may comprise an address of the second host, receiving a response comprising the identifier of the second group from the network apparatus, determining that the second group is a destination group, applying one or more policies associated with the destination group to the data packet, and causing the data packet to be routed to the second host.Type: ApplicationFiled: April 19, 2023Publication date: August 17, 2023Inventors: Anubhav Gupta, Rex Fernando, Sanjay Kumar Hooda, Syam Sundar Appala, Samir Thoria
-
Patent number: 11683262Abstract: In one embodiment, a method includes receiving a data packet from a first host located in the first site, where the data packet may be destined to a second host located in a second site that may be different from the first site, determining that an identifier of a second group to which the second host belongs is not available at the first network apparatus, sending a request for an identifier of the second group to a second network apparatus, where the request may comprise an address of the second host, receiving a response comprising the identifier of the second group from the second network apparatus, determining that the second group is a destination group, applying one or more policies associated with the destination group to the data packet, and causing the data packet to be routed to the second host.Type: GrantFiled: November 26, 2019Date of Patent: June 20, 2023Assignee: CISCO TECHNOLOGY, INC.Inventors: Anubhav Gupta, Rex Fernando, Sanjay Kumar Hooda, Syam Sundar Appala, Samir Thoria
-
Patent number: 11463429Abstract: Network controls for application access secured by transport layer security (TLS) using single sign on (SSO) flow may be provided. An application access request for authenticating a user may be received in response to the user requesting an access to an application. User credentials associated with the user may be validated. In response to validating the user credentials, user attributes associated with the user may be determined. Network controls for a user session associated with the application access request may be determined based on the user attributes. The application access request may be redirected to a plain text user session. The plain text user session may comprise the network controls for the user session.Type: GrantFiled: October 14, 2020Date of Patent: October 4, 2022Assignee: CISCO TECHNOLOGY, INC.Inventors: Syam Sundar Appala, Sanjay Kumar Hooda, Rex E. Fernando, Vikram Pendharkar
-
Publication number: 20220116382Abstract: Network controls for application access secured by transport layer security (TLS) using single sign on (SSO) flow may be provided. An application access request for authenticating a user may be received in response to the user requesting an access to an application. User credentials associated with the user may be validated. In response to validating the user credentials, user attributes associated with the user may be determined. Network controls for a user session associated with the application access request may be determined based on the user attributes. The application access request may be redirected to a plain text user session. The plain text user session may comprise the network controls for the user session.Type: ApplicationFiled: October 14, 2020Publication date: April 14, 2022Applicant: Cisco Technology, Inc.Inventors: Syam Sundar APPALA, Sanjay Kumar HOODA, Rex E. FERNANDO, Vikram PENDHARKAR
-
Patent number: 11296985Abstract: This technology enables normalized lookup and forwarding for diverse virtual private networks in multi-site network fabric deployments. A source device on a first Layer 2 site transmits a frame to a destination device on the same subnet, but on a second Layer 2 site. The frame is encapsulated and routed to a fabric border node. The fabric border node matches the source subnet to the destination subnet and transmits an address request protocol (“ARP”). In response to not receiving a reply to the ARP, the fabric border node transmits a map request to a Layer 3 transit fabric control plane node. The control plane node extracts a destination identifier from the map request and determines that the destination identifier is a Layer 2 identifier. The control plane node transmits a map reply to the fabric border node, where the frame is re-encapsulated and forwarded to the destination device.Type: GrantFiled: July 27, 2020Date of Patent: April 5, 2022Assignee: Cisco Technology, Inc.Inventors: Victor Moreno, Sanjay Kumar Hooda, Rex Emmanuel Fernando, Syam Sundar Appala
-
Publication number: 20220029915Abstract: This technology enables normalized lookup and forwarding for diverse virtual private networks in multi-site network fabric deployments. A source device on a first Layer 2 site transmits a frame to a destination device on the same subnet, but on a second Layer 2 site. The frame is encapsulated and routed to a fabric border node. The fabric border node matches the source subnet to the destination subnet and transmits an address request protocol (“ARP”). In response to not receiving a reply to the ARP, the fabric border node transmits a map request to a Layer 3 transit fabric control plane node. The control plane node extracts a destination identifier from the map request and determines that the destination identifier is a Layer 2 identifier. The control plane node transmits a map reply to the fabric border node, where the frame is re-encapsulated and forwarded to the destination device.Type: ApplicationFiled: July 27, 2020Publication date: January 27, 2022Inventors: Victor Moreno, Sanjay Kumar Hooda, Rex Emmanuel Fernando, Syam Sundar Appala
-
Publication number: 20210160175Abstract: In one embodiment, a method includes receiving a data packet from a first host located in the first site, where the data packet may be destined to a second host located in a second site that may be different from the first site, determining that an identifier of a second group to which the second host belongs is not available at the first network apparatus, sending a request for an identifier of the second group to a second network apparatus, where the request may comprise an address of the second host, receiving a response comprising the identifier of the second group from the second network apparatus, determining that the second group is a destination group, applying one or more policies associated with the destination group to the data packet, and causing the data packet to be routed to the second host.Type: ApplicationFiled: November 26, 2019Publication date: May 27, 2021Inventors: Anubhav Gupta, Rex Fernando, Sanjay Kumar Hooda, Syam Sundar Appala, Samir Thoria
-
Patent number: 10826775Abstract: Systems, methods, and computer-readable media for providing cross-domain policy enforcement. In some examples, transit VRFs for a destination network domain and a source network domain are created. Route advertisements for nodes coupled to source VRFs in the source network domain are created that include identifications of the source VRFs. The route advertisements can be transmitted from a source transit VRF in the source network domain to a destination transit VRF in the destination network domain. The route advertisements can then be filtered at the destination transit VRF based on a cross-domain policy using the identifications of the source VRFs to export routes to destination VRFs in the destination network domain according to the cross-domain policy.Type: GrantFiled: June 19, 2019Date of Patent: November 3, 2020Assignee: CISCO TECHNOLOGY, INC.Inventors: Victor Moreno, Anand Oswal, Rex Emmanuel Fernando, Syam Sundar Appala, Sanjay Kumar Hooda
-
Patent number: 9578007Abstract: In an embodiment a method is performed by a network access device (NAD). The NAD transfers a first HTTPS request from a client computer (UE) to an identity provider computer (IdP). The NAD transfers, from the IdP, a preceding redirected URL in response to the first HTTPS request, to the UE and configured to cause the UE to redirect to said preceding redirected URL. Over a secure network link, the NAD receives a particular request specifying said preceding redirected URL, from the UE. Responsive to receiving the particular request, the NAD generates a response, comprising a subsequent redirected URL and a session identifier, and configured to cause the UE to redirect to the IdP over an HTTPS connection. The NAD transfers said subsequent redirected URL over the secure network link to the UE. The NAD transfers a second HTTPS request, comprising the session identifier, from the UE to the IdP.Type: GrantFiled: March 31, 2015Date of Patent: February 21, 2017Assignee: Cisco Technology, Inc.Inventors: Antonio Martin, Syam Sundar Appala, Joseph Salowey
-
Publication number: 20160294797Abstract: In an embodiment a method is performed by a network access device (NAD). The NAD transfers a first HTTPS request from a client computer (UE) to an identity provider computer (IdP). The NAD transfers, from the IdP, a preceding redirected URL in response to the first HTTPS request, to the UE and configured to cause the UE to redirect to said preceding redirected URL. Over a secure network link, the NAD receives a particular request specifying said preceding redirected URL, from the UE. Responsive to receiving the particular request, the NAD generates a response, comprising a subsequent redirected URL and a session identifier, and configured to cause the UE to redirect to the IdP over an HTTPS connection. The NAD transfers said subsequent redirected URL over the secure network link to the UE. The NAD transfers a second HTTPS request, comprising the session identifier, from the UE to the IdP.Type: ApplicationFiled: March 31, 2015Publication date: October 6, 2016Inventors: Antonio Martin, Syam Sundar Appala, Joseph Salowey
-
Patent number: 7991864Abstract: A data processing apparatus comprises instructions to perform sending and receiving one or more messages conforming to a network routing protocol, such as Open Shortest Path First (OSPF); obtaining one or more information elements that specify one or more capabilities of the apparatus; creating a particular routing protocol message comprising an opaque advertisement that includes the one or more information elements; and sending the particular message on one of the network interfaces. For example, a router or switch that implements a network routing protocol can use OSPF Opaque Link State Advertisements to advertise and discover services and capabilities of other routers or switches.Type: GrantFiled: May 4, 2006Date of Patent: August 2, 2011Assignee: Cisco Technology, Inc.Inventors: Alpesh Patel, Abhay Roy, Rajeev Koripalli, Kui Zhang, Praveen Joshi, Syam Sundar Appala
-
Patent number: 7593331Abstract: In one embodiment, an apparatus comprises logic encoded in one or more tangible media for enhancing transmission reliability of monitored data. The logic is operable to receive a plurality of segments for transmission over a TCP connection to a network node, where the TCP connection is associated with a transmit queue and a retransmit queue. The logic is also operable to detect a transmission anomaly on the TCP connection to the network node, and in response to detecting the transmission anomaly, is operable to perform any one of: store segments into a persistent buffer prior to transferring the segments into the transmit queue; copy segments from the retransmit queue into the persistent buffer, where the segments have been transmitted but not yet acknowledged by the network node; and copy segments from the transmit queue into the persistent buffer, where the segments have not yet been transmitted to the network node.Type: GrantFiled: January 17, 2007Date of Patent: September 22, 2009Assignee: Cisco Technology, Inc.Inventors: Alpesh Patel, Anantha Ramaiah, Syam Sundar Appala, Praveen Joshi
-
Publication number: 20080170501Abstract: In one embodiment, an apparatus comprises logic encoded in one or more tangible media for enhancing transmission reliability of monitored data. The logic is operable to receive a plurality of segments for transmission over a TCP connection to a network node, where the TCP connection is associated with a transmit queue and a retransmit queue. The logic is also operable to detect a transmission anomaly on the TCP connection to the network node, and in response to detecting the transmission anomaly, is operable to perform any one of: store segments into a persistent buffer prior to transferring the segments into the transmit queue; copy segments from the retransmit queue into the persistent buffer, where the segments have been transmitted but not yet acknowledged by the network node; and copy segments from the transmit queue into the persistent buffer, where the segments have not yet been transmitted to the network node.Type: ApplicationFiled: January 17, 2007Publication date: July 17, 2008Inventors: Alpesh Patel, Anantha Ramaiah, Syam Sundar Appala, Praveen Joshi