Patents by Inventor Victor M. Moreno
Victor M. Moreno has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 10541919Abstract: A first map request message is sent from a source network device to a mapping network device to determine a destination network device associated with a destination endpoint device and a security association between the source network device and the destination network device. A first response message is received at the source network device that includes data indicating a mapping between the destination network device and the destination endpoint device and data indicating a security association between the source network device and the destination network device. The data is stored at the source network device. A second map request message is sent from the source network device to the mapping network device to update the data indicative of the mapping or the security association. A second response message is received at the source network device from the mapping network device.Type: GrantFiled: September 25, 2018Date of Patent: January 21, 2020Assignee: Cisco Technology, Inc.Inventors: Sanjay K. Hooda, Satish K. Kondalam, Fabio R. Maino, Victor M. Moreno, Reshad Rahman
-
Patent number: 10523563Abstract: In one embodiment, a method generally includes a first edge (E) node in a network receiving an encapsulated data packet, wherein the encapsulated data packet comprises an outer header and a data packet, wherein the outer header comprises a first router locator (RLOC) corresponding to the first E node, wherein the data packet comprises an internet protocol (IP) header, and wherein the IP header comprises a destination endpoint identification (EID) corresponding to a host H. The first E node determines whether the host H is attached to the first E node. And in response to the first E node determining the host is attached to the first E node, the first E node forwards the data packet to the host H. The first E node receives a message from another node after the host H detaches from the first E node and reattaches to another E node, wherein the message comprises the destination EID.Type: GrantFiled: April 10, 2018Date of Patent: December 31, 2019Assignee: Cisco Technology, Inc.Inventors: Sanjay K. Hooda, Victor M. Moreno, Satish Kumar Kondalam
-
Router operating methods and apparatus using virtual VPN instances for hosts of remote extranet VPNs
Patent number: 10484281Abstract: In one illustrative example, a router may be configured to provide a plurality of virtual private network (VPN) instances for a plurality of VPNs associated with a plurality of IDs. Each VPN instance may comprise a forwarding table instance for storing a plurality of host-to-router mappings for the VPN. The router may be further configured to provide a virtual VPN instance for a virtual VPN associated with an ID of a remote extranet VPN. The virtual VPN instance may comprise a map-cache for storing a host-to-router mapping for the remote extranet VPN. The virtual VPN instance has no corresponding forwarding table instance for user plane traffic associated with the remote extranet VPN, but rather serves as part of a control plane interface for control signaling associated with the remote extranet VPN. Accordingly, the router may provide multiple updates to host-to-router mappings in forwarding table instances of the VPNs in accordance with a change in the host-to-router mapping in the virtual VPN instance.Type: GrantFiled: June 25, 2018Date of Patent: November 19, 2019Assignee: Cisco Technology, Inc.Inventors: Brent P. Mucci, Marc Portoles Comeras, Vrushali Ashtaputre, Victor M. Moreno, Hatem Mohammad R.A. Abouzeid -
Publication number: 20190342215Abstract: In accordance with various embodiments, a method is performed including receiving, at a first node associated with a first instance identifier, a packet from a first host addressed to a second host. The method includes sending, from the first node to the second node, the packet. The method includes receiving, from the second node, a solicit map-request for the second host including the first instance identifier of the first node and the second instance identifier of the second node for the second host. The method includes sending, in response to receiving the solicit map-request for the second host, a map-request for the second host. The method includes receiving, in response to sending the map-request for the second host, a map-reply indicating a third node associated with the second instance identifier. The method includes sending, from the first node to the third node, the packet.Type: ApplicationFiled: May 1, 2018Publication date: November 7, 2019Inventors: PRAKASH CHAND JAIN, SANJAY KUMAR HOODA, VICTOR M. MORENO
-
Patent number: 10469381Abstract: A first network device may receive a frame from a first client device that may be destined for a second client device. Then a request may be sent to a network control plane of a network by the first network device in response to receiving the frame. The request may be for information on reachability for the second client device and may comprise an identifier of the second client device and first metadata corresponding to the first client device. The first network device may receive, from the network control plane, in response to sending the request, a policy rule-set for a flow corresponding to the frame and for a location of the second client device. The network control plane may use the identifier of the second client device and the first metadata as keys to lookup the location of the second client device and the policy rule-set.Type: GrantFiled: July 27, 2016Date of Patent: November 5, 2019Assignee: Cisco Technology, Inc.Inventors: Victor M. Moreno, Sanjay Kumar Hooda
-
Publication number: 20190312809Abstract: In one embodiment, a method generally includes a first edge (E) node in a network receiving an encapsulated data packet, wherein the encapsulated data packet comprises an outer header and a data packet, wherein the outer header comprises a first router locator (RLOC) corresponding to the first E node, wherein the data packet comprises an internet protocol (IP) header, and wherein the IP header comprises a destination endpoint identification (EID) corresponding to a host H. The first E node determines whether the host H is attached to the first E node. And in response to the first E node determining the host is attached to the first E node, the first E node forwards the data packet to the host H. The first E node receives a message from another node after the host H detaches from the first E node and reattaches to another E node, wherein the message comprises the destination EID.Type: ApplicationFiled: April 10, 2018Publication date: October 10, 2019Inventors: Sanjay K. Hooda, Victor M. Moreno, Satish Kumar Kondalam
-
Publication number: 20190215381Abstract: Techniques are disclosed for maintaining reachability of an application moving between a central cloud network and a fog network using duplicate endpoint identifiers. Network characteristics of a cloud environment are monitored. The cloud environment includes a central cloud network and a fog network. A server in the central cloud network hosts an application that serves a client device. The application is assigned an endpoint identifier that is mapped to a locator identifier associated with the central cloud network. It is determined that a condition for moving the application to the fog network is satisfied based on the monitored network characteristics. An instance of the application is installed on a server in the fog network. The endpoint identifier is assigned to the application instance and mapped to a locator identifier associated with the fog network.Type: ApplicationFiled: January 10, 2018Publication date: July 11, 2019Inventors: Laxmi MUKUND, Victor M. MORENO
-
Publication number: 20180367302Abstract: In accordance with various implementations, a method is performed at a source node of a fabric network coupled to a plurality of hosts respectively associated with a plurality of group identifiers. The method includes generating a source public key based on a source private key, a source group identifier of the plurality of group identifiers, and a destination group identifier of the plurality of group identifiers. The method includes sending, from the source node coupled to at least one host associated with the source group identifier to a destination node coupled to at least one host associated with the destination group identifier, the source public key. The method includes receiving, at the source node from the destination node, a destination public key based on a destination private key, the source group identifier, and the destination group identifier. The method further includes generating a shared secret based on the destination public key and the source private key.Type: ApplicationFiled: May 1, 2018Publication date: December 20, 2018Inventors: Satish Kondalam, Victor M. Moreno, Sanjay Kumar Hooda, Muhammad Ahmad Imam
-
Publication number: 20180367337Abstract: In one embodiment, a method is performed at a first node. The method may include receiving, at a first node, a request from a source host associated with a network to communicate with a destination host. The first node may determine whether the destination host is associated with the network. If the destination host is not associated with the network, the first node may determine an instance identifier (IID) and a proxy egress tunnel router (PETR) locator address used to communicate with the destination host. The first node may send an indicator to an ingress tunnel router (ITR) to encapsulate a packet with the IID and the PETR locator address before sending the packet from the source host to the destination host.Type: ApplicationFiled: June 16, 2018Publication date: December 20, 2018Inventors: Prakash Chand JAIN, Sanjay Kumar HOODA, Victor M. Moreno, Satish Kumar KONDALAM
-
Publication number: 20180367627Abstract: The embodiments herein push notifications to network devices used by a shared service to which a roaming host in a network fabric is subscribed. For example, a network fabric controller can access a VN policy table which stores the relationships between the virtual networks in the network fabric. Using this table, the controller can identify what shared service VNs (i.e., extranets) can communicate with the host's VN. The controller can push out notifications to the network devices used by the shared service VNs to store the new location of the host. That is, the network devices that locally store a location of the host can update their routing caches to point to the new location of the host. In this manner, the network fabric can reduce the time needed to reconverge on the new location of the host by updating the network devices used by the shared service VNs.Type: ApplicationFiled: December 7, 2017Publication date: December 20, 2018Inventors: Sanjay K. HOODA, Prakash JAIN, Marc P. COMERAS, Victor M. MORENO, Atri INDIRESAN
-
Publication number: 20180255002Abstract: Group based multicasts may be provided. First, a request may be received. The request may comprise a receiver tag, a request source identifier, and a request multicast group identifier. Next, a source tag corresponding to the request source identifier may be obtained and then it may be determined that a group corresponding to the receiver tag is allowed to access content from a source corresponding to the obtained source tag. In response to determining that the group corresponding to the receiver tag is allowed to access content from the source corresponding to the obtained source tag, content may be received from the source at a multicast group corresponding to the request multicast group identifier. The content may then be forwarded to a receiver corresponding to the request.Type: ApplicationFiled: March 1, 2017Publication date: September 6, 2018Applicant: Cisco Technology, Inc.Inventors: Sanjay Kumar Hooda, Kaushik Kumar Dam, Sandesh Kumar Narappa Bheemanakone, Victor M. Moreno, Shivangi Sharma
-
Patent number: 10069762Abstract: Group based multicasts may be provided. First, a request may be received. The request may comprise a receiver tag, a request source identifier, and a request multicast group identifier. Next, a source tag corresponding to the request source identifier may be obtained and then it may be determined that a group corresponding to the receiver tag is allowed to access content from a source corresponding to the obtained source tag. In response to determining that the group corresponding to the receiver tag is allowed to access content from the source corresponding to the obtained source tag, content may be received from the source at a multicast group corresponding to the request multicast group identifier. The content may then be forwarded to a receiver corresponding to the request.Type: GrantFiled: March 1, 2017Date of Patent: September 4, 2018Assignee: Cisco Technology, Inc.Inventors: Sanjay Kumar Hooda, Kaushik Kumar Dam, Sandesh Kumar Narappa Bheemanakone, Victor M. Moreno, Shivangi Sharma
-
Publication number: 20180034732Abstract: A first network device may receive a frame from a first client device that may be destined for a second client device. Then a request may be sent to a network control plane of a network by the first network device in response to receiving the frame. The request may be for information on reachability for the second client device and may comprise an identifier of the second client device and first metadata corresponding to the first client device. The first network device may receive, from the network control plane, in response to sending the request, a policy rule-set for a flow corresponding to the frame and for a location of the second client device. The network control plane may use the identifier of the second client device and the first metadata as keys to lookup the location of the second client device and the policy rule-set.Type: ApplicationFiled: July 27, 2016Publication date: February 1, 2018Inventors: Victor M. Moreno, Sanjay Kumar Hooda
-
Patent number: 9858163Abstract: Devices, methods and instructions encoded on computer readable medium for implementation of a dual-adjacency between edge devices of a network site. A first edge device comprises one or more local interfaces configured for communication, via a local network, with one or more network devices co-located in a first network site. The first edge device also comprises one or more overlay interfaces configured for communication, via a core network, with one or more network devices located in one or more other network sites connected to the core network. The first edge device comprises a processor configured to establish, via at least one of the local interfaces, a site communication channel with a second edge device co-located in the first network site. The processor is further configured to establish an overlay communication channel, via at least one of the overlay interfaces, with the second edge device.Type: GrantFiled: May 26, 2015Date of Patent: January 2, 2018Assignee: Cisco Technology, Inc.Inventors: Dhananjaya Rao, Victor M. Moreno, Hasmit Grover, Gaurav Badoni
-
Publication number: 20170339053Abstract: According to one embodiment, a method includes receiving, by a first edge device at a first site, a first site overlay control plane message including control plane information. The first edge device translates the first site overlay control plane message into a core overlay control plane message. The first edge device sends the core overlay control plane message over a core network to a second edge device at a second site.Type: ApplicationFiled: November 6, 2015Publication date: November 23, 2017Inventors: Dhananjaya Rao, Victor M. Moreno, Sameer D. Merchant, Hasmit S. Grover
-
Patent number: 9461965Abstract: Techniques are presented herein for redirection between any number of network devices that are distributed to any number of sites. A first message of a flow is received from a network endpoint at a first network device. A relationship between the endpoint and the first network device is registered in a directory that maps endpoints for network devices. A state for the flow is stored at the first network device. A second message is received for the flow which is indicative of the first endpoint at a second network device. It is determined that the second network device does not store the flow state for the flow. Querying is performed to receive information indicative of the relationship between the endpoint and the first network device. The received information is stored in a cache at the second network device. Services are applied to the second message according to the stored information.Type: GrantFiled: October 5, 2012Date of Patent: October 4, 2016Assignee: Cisco Technology, Inc.Inventors: Khalil A. Jabr, Ray Blair, Victor M. Moreno, Massimiliano Ardica
-
Patent number: 9191310Abstract: According to one embodiment, a method includes receiving, by a first edge device at a first site, a first site overlay control plane message including control plane information. The first edge device translates the first site overlay control plane message into a core overlay control plane message. The first edge device sends the core overlay control plane message over a core network to a second edge device at a second site.Type: GrantFiled: February 11, 2013Date of Patent: November 17, 2015Assignee: Cisco Technology, Inc.Inventors: Dhananjaya Rao, Victor M. Moreno, Sameer D. Merchant, Hasmit S. Grover
-
Publication number: 20150254149Abstract: Devices, methods and instructions encoded on computer readable medium for implementation of a dual-adjacency between edge devices of a network site. A first edge device comprises one or more local interfaces configured for communication, via a local network, with one or more network devices co-located in a first network site. The first edge device also comprises one or more overlay interfaces configured for communication, via a core network, with one or more network devices located in one or more other network sites connected to the core network. The first edge device comprises a processor configured to establish, via at least one of the local interfaces, a site communication channel with a second edge device co-located in the first network site. The processor is further configured to establish an overlay communication channel, via at least one of the overlay interfaces, with the second edge device.Type: ApplicationFiled: May 26, 2015Publication date: September 10, 2015Inventors: Dhananjaya Rao, Victor M. Moreno, Hasmit Grover, Gaurav Badoni
-
Patent number: 9071458Abstract: Devices, methods and instructions encoded on computer readable medium for implementation of a dual-adjacency between edge devices of a network site. A first edge device comprises one or more local interfaces configured for communication, via a local network, with one or more network devices co-located in a first network site. The first edge device also comprises one or more overlay interfaces configured for communication, via a core network, with one or more network devices located in one or more other network sites connected to the core network. The first edge device comprises a processor configured to establish, via at least one of the local interfaces, a site communication channel with a second edge device co-located in the first network site. The processor is further configured to establish an overlay communication channel, via at least one of the overlay interfaces, with the second edge device.Type: GrantFiled: January 30, 2012Date of Patent: June 30, 2015Assignee: Cisco Technology, Inc.Inventors: Dhananjaya Rao, Victor M. Moreno, Hasmit Grover, Gaurav Badoni
-
Patent number: 8848508Abstract: A method and apparatus is disclosed for providing gateway anycast virtual MAC reachability in extended subnets. When an extended L2 subnet spans more than one geographical location, it is desirable that the gateway MAC addresses learned in each location be the same across all IP hosts. Accordingly, the gateway MAC address may be preserved (i.e., programmed) in more than one port on a bridge, such as both a local port and a LAN extension port. The bridge may forward traffic having the anycast MAC address to the closest instance of the MAC address, rather than replicating the traffic to the multiple ports on which the anycast MAC address is programmed. If the gateway reachable on the local port goes down, the frame may be forwarded to the local gateway in the second layer 2 subnet over the LAN extension port.Type: GrantFiled: November 16, 2009Date of Patent: September 30, 2014Assignee: Cisco Technology, Inc.Inventors: Victor M. Moreno, Robert Starmer, Sanjay Sane