Patents by Inventor Victor Manuel Moreno
Victor Manuel Moreno has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Publication number: 20240137314Abstract: Techniques are described herein for service chaining in fabric networks such that hardware resources can be preserved without service nodes needing additional capabilities. The techniques may include storing a first configuration associated with a first VRF instance of a service forwarding node that is connected to a first service of a service chain sequence. The first configuration may indicate an identifier and a type associated with a second service of the service chain sequence where traffic is to be sent after the first service. Additionally, the techniques may also include storing a second configuration associated with a second VRF instance of the service forwarding node that is connected to the second service. The second configuration may indicate that the second service is a last service of the service chain sequence. When traffic is received at the service forwarding node, the service forwarding node can determine whether the traffic is pre-service traffic or post-service traffic.Type: ApplicationFiled: December 19, 2023Publication date: April 25, 2024Inventors: Prakash C. Jain, Sanjay Kumar Hooda, Vinay Saini, Victor Manuel Moreno
-
Patent number: 11924119Abstract: Techniques and architecture are described that utilize switchport protected flags to provide switchport protected functionality across network devices, e.g., switches, routers, etc., in fabric networks. For example, a first port of a first network device of a fabric network receives a packet from a first host destined for a second host. The second host is onboarded to the fabric network via a second port of a second network device. It is determined (i) if a first protected flag associated with the first port of the first network device is set as true and (ii) if a second protected flag associated with the second host is set as true. Based at least in part on (i) the first protected flag associated with the first port being set as true and (ii) the second protected flag being set as true, the first network device drops the packet.Type: GrantFiled: May 20, 2022Date of Patent: March 5, 2024Assignee: CISCO TECHNOLOGY, INC.Inventors: Sanjay Kumar Hooda, Victor Manuel Moreno, Prakash C. Jain
-
Patent number: 11895081Abstract: This disclosure describes techniques for implementing network address translation as a distributed service over the nodes of a logical network fabric, such as a software-defined network fabric. A method includes registering, by an edge node of a network, an IP address of a client device. The method further includes forwarding, by the edge node, the registered IP address to a control plane of the network. The method further includes checking, by the control plane, a network address translation policy. The method further includes recording, by the control plane, translations between the registered IP address and an allocated IP address in a translation table, each of the translations being related to the edge node. The method further includes returning, by the control plane, the translations between the registered IP address and the allocated IP address to the edge node.Type: GrantFiled: February 9, 2022Date of Patent: February 6, 2024Assignee: Cisco Technology, Inc.Inventors: Victor Manuel Moreno, Sanjay Kumar Hooda
-
Patent number: 11888736Abstract: Techniques are described herein for service chaining in fabric networks such that hardware resources can be preserved without service nodes needing additional capabilities. The techniques may include storing a first configuration associated with a first VRF instance of a service forwarding node that is connected to a first service of a service chain sequence. The first configuration may indicate an identifier and a type associated with a second service of the service chain sequence where traffic is to be sent after the first service. Additionally, the techniques may also include storing a second configuration associated with a second VRF instance of the service forwarding node that is connected to the second service. The second configuration may indicate that the second service is a last service of the service chain sequence. When traffic is received at the service forwarding node, the service forwarding node can determine whether the traffic is pre-service traffic or post-service traffic.Type: GrantFiled: July 14, 2021Date of Patent: January 30, 2024Assignee: Cisco Technology, Inc.Inventors: Prakash C. Jain, Sanjay Kumar Hooda, Vinay Saini, Victor Manuel Moreno
-
Publication number: 20230379270Abstract: Techniques and architecture are described that utilize switchport protected flags to provide switchport protected functionality across network devices, e.g., switches, routers, etc., in fabric networks. For example, a first port of a first network device of a fabric network receives a packet from a first host destined for a second host. The second host is onboarded to the fabric network via a second port of a second network device. It is determined (i) if a first protected flag associated with the first port of the first network device is set as true and (ii) if a second protected flag associated with the second host is set as true. Based at least in part on (i) the first protected flag associated with the first port being set as true and (ii) the second protected flag being set as true, the first network device drops the packet.Type: ApplicationFiled: May 20, 2022Publication date: November 23, 2023Inventors: Sanjay Kumar Hooda, Victor Manuel Moreno, Prakash C. Jain
-
Publication number: 20230344898Abstract: This disclosure describes techniques and mechanisms for providing hybrid cloud services for enterprise fabric. The techniques include enhancing an on-demand protocol (e.g., such as LISP) and allowing simplified security and/or firewall service insertion for datacenter servers providing those services. Accordingly, the techniques described herein provide hybrid cloud services that work in disaggregated, distributed, and consistent way, while avoiding complex datacenter network devices (e.g., such running overlay on TOR), replacing and moving the functionality to on demand protocol enabled servers, which intelligently receive the required mappings as well as registers and publishes the service information to intelligently interact with the network.Type: ApplicationFiled: February 6, 2023Publication date: October 26, 2023Inventors: Prakash C. Jain, Sanjay Kumar Hooda, Marc Portoles Comeras, Vinay Saini, Victor Manuel Moreno
-
Publication number: 20230308389Abstract: Methods and devices configure edge nodes of a virtual network overlay to continuously forward data plane traffic flows between client devices of a common subnet over the course of at least some of the edge nodes being EF-configured. TF-configured edge nodes and EF-configured edge nodes both play roles in unilaterally inducing address discovery by sending to client devices address discovery responses that were not prompted by address discovery requests. TF-configured edge nodes then handle ensuing address discovery requests by proxy, and subsequently handle certain traffic flows according to an EF-compatible forwarding mode, while EF-configured edge nodes continue to forward traffic flows by IP routing normally. This averts throughput of data plane traffic over the network overlay being reduced as a side effect of the heterogeneously configured edge nodes, and averts the possibility of client devices broadcasting address discovery protocol requests as a result of remote client devices being unreachable.Type: ApplicationFiled: March 24, 2022Publication date: September 28, 2023Inventors: Victor Manuel Moreno, Sanjay Kumar Hooda, Roberto Mitsuo Kobo, Balaji Pitta Venkatachalapathy
-
Publication number: 20230254250Abstract: Techniques and architecture are described that utilize network address translation (NAT) based on a group tag such that legacy and third-party devices may utilize and apply “subnet” based policies, thereby allowing the subnet based policies to be as effective as “group” based policies. In particular, a subnet may be applied to a group tag where the group tag is not understandable outside an access network such as, for example, a fabric network. Thus, when a packet originates from a fabric network utilizing group tags representing source groups of endpoints and is destined for a legacy or a third-party device-based network that does not utilize and/or understand group tags, then the group is converted into a subnet. Since that subnet is different from the source host within the fabric network, network address translation (NAT) is utilized.Type: ApplicationFiled: February 7, 2022Publication date: August 10, 2023Inventors: Victor Manuel Moreno, Shyamsundar N. Maniyar, Sanjay Kumar Hooda, Prakash C. Jain, Vinay Saini
-
Patent number: 11706303Abstract: The present disclosure provides systems, methods and computer-readable media for maintaining network connectivity, in a LISP based network, when one or more network edge nodes lose connectivity to a LISP control plane of the network, using multicast messaging. In one example, a method includes receiving a connection request from a first endpoint to a second endpoint communicatively coupled to a second edge node; determining, by the first edge node, that a connection session to a control plane for locating the second endpoint has failed; querying one or more available edge nodes for locating the second endpoint using a multicast message; locating the second endpoint based on at least one query response received from the one or more available edge nodes, at least one query response including an identifier of the second endpoint; and establishing the connection request between the first endpoint and the second endpoint upon locating the second endpoint.Type: GrantFiled: April 22, 2021Date of Patent: July 18, 2023Assignee: Cisco Technology, Inc.Inventors: Raja Janardanan, Sanjay Kumar Hooda, Victor Manuel Moreno
-
Publication number: 20230179526Abstract: This disclosure describes techniques for software-defined service insertion. The techniques include a method of configuring a network for service insertion. The techniques include processing a master policy correlating an endpoint group pair, of source endpoint group and destination endpoint group, to a service graph. The service graph indicates a template service chain, and the template service chain indicates an ordering of a plurality of services. Processing the master policy includes disaggregating the master policy into at least one location specific policy, each of the at least one location specific policy corresponding to a separate location in the network and including traffic steering directives corresponding to a portion of the plurality of services associated with the separate location. The techniques further include causing each of the at least one location specific policy to be stored in association with the separate location to which that location specific policy corresponds.Type: ApplicationFiled: January 30, 2023Publication date: June 8, 2023Inventors: Victor Manuel Moreno, Sanjay Kumar Hooda, Anoop Vetteth, Prakash C. Jain
-
Patent number: 11601496Abstract: This disclosure describes techniques and mechanisms for providing hybrid cloud services for enterprise fabric. The techniques include enhancing an on-demand protocol (e.g., such as LISP) and allowing simplified security and/or firewall service insertion for datacenter servers providing those services. Accordingly, the techniques described herein provide hybrid cloud services that work in disaggregated, distributed, and consistent way, while avoiding complex datacenter network devices (e.g., such running overlay on TOR), replacing and moving the functionality to on demand protocol enabled servers, which intelligently receive the required mappings as well as registers and publishes the service information to intelligently interact with the network.Type: GrantFiled: April 25, 2022Date of Patent: March 7, 2023Assignee: Cisco Technology, Inc.Inventors: Prakash C. Jain, Sanjay Kumar Hooda, Marc Portoles Comeras, Vinay Saini, Victor Manuel Moreno
-
Patent number: 11570109Abstract: This disclosure describes techniques for software-defined service insertion. The techniques include a method of configuring a network for service insertion. The techniques include processing a master policy correlating an endpoint group pair, of source endpoint group and destination endpoint group, to a service graph. The service graph indicates a template service chain, and the template service chain indicates an ordering of a plurality of services. Processing the master policy includes disaggregating the master policy into at least one location specific policy, each of the at least one location specific policy corresponding to a separate location in the network and including traffic steering directives corresponding to a portion of the plurality of services associated with the separate location. The techniques further include causing each of the at least one location specific policy to be stored in association with the separate location to which that location specific policy corresponds.Type: GrantFiled: April 28, 2021Date of Patent: January 31, 2023Assignee: Cisco Technology, Inc.Inventors: Victor Manuel Moreno, Sanjay Kumar Hooda, Anoop Vetteth, Prakash C. Jain
-
Publication number: 20230017053Abstract: Techniques are described herein for service chaining in fabric networks such that hardware resources can be preserved without service nodes needing additional capabilities. The techniques may include storing a first configuration associated with a first VRF instance of a service forwarding node that is connected to a first service of a service chain sequence. The first configuration may indicate an identifier and a type associated with a second service of the service chain sequence where traffic is to be sent after the first service. Additionally, the techniques may also include storing a second configuration associated with a second VRF instance of the service forwarding node that is connected to the second service. The second configuration may indicate that the second service is a last service of the service chain sequence. When traffic is received at the service forwarding node, the service forwarding node can determine whether the traffic is pre-service traffic or post-service traffic.Type: ApplicationFiled: July 14, 2021Publication date: January 19, 2023Inventors: Prakash C. Jain, Sanjay Kumar Hooda, Vinay Saini, Victor Manuel Moreno
-
Publication number: 20220353186Abstract: This disclosure describes techniques for software-defined service insertion. The techniques include a method of configuring a network for service insertion. The techniques include processing a master policy correlating an endpoint group pair, of source endpoint group and destination endpoint group, to a service graph. The service graph indicates a template service chain, and the template service chain indicates an ordering of a plurality of services. Processing the master policy includes disaggregating the master policy into at least one location specific policy, each of the at least one location specific policy corresponding to a separate location in the network and including traffic steering directives corresponding to a portion of the plurality of services associated with the separate location. The techniques further include causing each of the at least one location specific policy to be stored in association with the separate location to which that location specific policy corresponds.Type: ApplicationFiled: April 28, 2021Publication date: November 3, 2022Inventors: Victor Manuel Moreno, Sanjay Kumar Hooda, Anoop Vetteth, Prakash C. Jain
-
Publication number: 20220345531Abstract: The present disclosure provides systems, methods and computer-readable media for maintaining network connectivity, in a LISP based network, when one or more network edge nodes lose connectivity to a LISP control plane of the network, using multicast messaging. In one example, a method includes receiving a connection request from a first endpoint to a second endpoint communicatively coupled to a second edge node; determining, by the first edge node, that a connection session to a control plane for locating the second endpoint has failed; querying one or more available edge nodes for locating the second endpoint using a multicast message; locating the second endpoint based on at least one query response received from the one or more available edge nodes, at least one query response including an identifier of the second endpoint; and establishing the connection request between the first endpoint and the second endpoint upon locating the second endpoint.Type: ApplicationFiled: April 22, 2021Publication date: October 27, 2022Inventors: Raja Janardanan, Sanjay Kumar Hooda, Victor Manuel Moreno
-
Patent number: 11405427Abstract: The present technology pertains to a system, method, and non-transitory computer-readable medium for orchestrating policies across multiple networking domains. The technology can receive, at a provider domain from a consumer domain, a data request; receive, at the provider domain from the consumer domain, at least one access policy for the consumer domain; translate, at the provider domain, the at least one access policy for the consumer domain into at least one translated access policy understood by the provider domain; apply, at the provider domain, the at least one translated access policy understood by the provider domain to the data request; and send, at the provider domain to the consumer domain, a response to the data request.Type: GrantFiled: January 23, 2020Date of Patent: August 2, 2022Inventors: Ronak K. Desai, Rajagopalan Janakiraman, Mohammed Javed Asghar, Azeem Suleman, Patel Amitkumar Valjibhai, Sanjay Kumar Hooda, Victor Manuel Moreno
-
Publication number: 20220174037Abstract: This disclosure describes techniques for implementing network address translation as a distributed service over the nodes of a logical network fabric, such as a software-defined network fabric. A method includes registering, by an edge node of a network, an IP address of a client device. The method further includes forwarding, by the edge node, the registered IP address to a control plane of the network. The method further includes checking, by the control plane, a network address translation policy. The method further includes recording, by the control plane, translations between the registered IP address and an allocated IP address in a translation table, each of the translations being related to the edge node. The method further includes returning, by the control plane, the translations between the registered IP address and the allocated IP address to the edge node.Type: ApplicationFiled: February 9, 2022Publication date: June 2, 2022Inventors: Victor Manuel Moreno, Sanjay Kumar Hooda
-
Patent number: 11265289Abstract: This disclosure describes techniques for implementing network address translation as a distributed service over the nodes of a logical network fabric, such as a software-defined network fabric. A method includes registering, by an edge node of a network, an IP address of a client device. The method further includes forwarding, by the edge node, the registered IP address to a control plane of the network. The method further includes checking, by the control plane, a network address translation policy. The method further includes recording, by the control plane, translations between the registered IP address and an allocated IP address in a translation table, each of the translations being related to the edge node. The method further includes returning, by the control plane, the translations between the registered IP address and the allocated IP address to the edge node.Type: GrantFiled: November 15, 2019Date of Patent: March 1, 2022Assignee: Cisco Technology, Inc.Inventors: Victor Manuel Moreno, Sanjay Kumar Hooda
-
Patent number: 11115375Abstract: A system and a method are disclosed for enabling interoperability between data plane learning endpoints and control plane learning endpoints in an overlay network environment. An exemplary method for managing network traffic in the overlay network environment includes receiving network packets in an overlay network from data plane learning endpoints and control plane learning endpoints, wherein the overlay network extends Layer 2 network traffic over a Layer 3 network; operating in a data plane learning mode when a network packet is received from a data plane learning endpoint; and operating in a control plane learning mode when the network packet is received from a control plane learning endpoint. Where the overlay network includes more than one overlay segment, the method further includes operating as an anchor node for routing inter-overlay segment traffic to and from hosts that operate behind the data plane learning endpoints.Type: GrantFiled: September 20, 2019Date of Patent: September 7, 2021Assignee: Cisco Technology, Inc.Inventors: Rex Emmauel Fernando, Victor Manuel Moreno, Shyam Kapadia, Liqin Dong, Murali Venkateshaiah
-
Publication number: 20210234898Abstract: The present technology pertains to a system, method, and non-transitory computer-readable medium for orchestrating policies across multiple networking domains. The technology can receive, at a provider domain from a consumer domain, a data request; receive, at the provider domain from the consumer domain, at least one access policy for the consumer domain; translate, at the provider domain, the at least one access policy for the consumer domain into at least one translated access policy understood by the provider domain; apply, at the provider domain, the at least one translated access policy understood by the provider domain to the data request; and send, at the provider domain to the consumer domain, a response to the data request.Type: ApplicationFiled: January 23, 2020Publication date: July 29, 2021Inventors: Ronak K. Desai, Rajagopalan Janakiraman, Mohammed Javed Asghar, Azeem Suleman, Patel Amitkumar Valjibhai, Sanjay Kumar Hooda, Victor Manuel Moreno