Patents by Inventor Yuquan Jiang
Yuquan Jiang has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11799822Abstract: Aspects of the disclosure provide for a proxyless NAT infrastructure with dynamic port allocation. A proxyless NAT infrastructure is configured to perform NAT between a network of virtual machines (VMs) and a device external to the network, without a device, such as a NAT server or a router, acting as a proxy. A system can include a control plane for provisioning VMs of a network, including configuring each VM to perform NAT and initially assigning a number of ports for communicating with other devices. The control plane maintains a feedback loop-receiving data characterizing port usage and network traffic at ports allocated to the various VMs and scaling the port allocation for each VM based on the received data. The control plane can allocate additional ports as determined to be needed by a VM, and later retrieve the ports to be reused for other VMs.Type: GrantFiled: January 21, 2022Date of Patent: October 24, 2023Assignee: Google LLCInventors: Mukta Gupta, Alok Kumar, Gargi Adhav, Yuquan Jiang, Aakash Bhushan Arora, Shijeesh Nharappadath Sankaranathan, Marco Leogrande, Salomon Sonny Ben-Shimon
-
Publication number: 20230269229Abstract: Methods, systems, and apparatus include computer programs encoded on a computer-readable storage medium for firewall policies with improved efficiency. A policy can be defined that specifies a set of firewall rules, where the set of firewall rules provides a respective firewall rule for each layer of a plurality of layers within a hierarchical structure of a network, the network including a plurality of elements. Determining, for a first element within the network, a position within a first layer of the hierarchical structure. In response to receiving a data transmission request to or from the first element, applying the set of firewall rules in accordance with the first layer of the hierarchical structure, where applying the set of firewall rules comprises sequentially applying each respective firewall rule at each layer from an upper layer within the network to the first layer within the network.Type: ApplicationFiled: February 24, 2022Publication date: August 24, 2023Inventors: Ujjwal Jain, Yuquan Jiang, Ines Clara Envid Lazaro, Rodney Chu, Uday Ramakrishna Naik
-
Publication number: 20230239266Abstract: Aspects of the disclosure provide for a proxyless NAT infrastructure with dynamic port allocation. A proxyless NAT infrastructure is configured to perform NAT between a network of virtual machines (VMs) and a device external to the network, without a device, such as a NAT server or a router, acting as a proxy. A system can include a control plane for provisioning VMs of a network, including configuring each VM to perform NAT and initially assigning a number of ports for communicating with other devices. The control plane maintains a feedback loop—receiving data characterizing port usage and network traffic at ports allocated to the various VMs and scaling the port allocation for each VM based on the received data. The control plane can allocate additional ports as determined to be needed by a VM, and later retrieve the ports to be reused for other VMs.Type: ApplicationFiled: January 21, 2022Publication date: July 27, 2023Inventors: Mukta Gupta, Alok Kumar, Gargi Adhav, Yuquan Jiang, Aakash Bhushan Arora, Shijeesh Nharappadath Sankaranathan, Marco Leogrande, Salomon Sonny Ben-Shimon
-
Patent number: 10110451Abstract: In an embodiment, a method comprises initiating a monitoring session for a communication path including creating and storing monitoring session state data; sending, to a first responder computer of the communication path, a first request to initiate a first state servlet that is configured to monitor continuously during the monitoring session one or more characteristics of one or more processes that the first responder computer may perform; sending, to the first responder computer, monitoring instructions to monitor the one or more characteristics of the one or more processes; while the monitoring session is active and the first responder computer is in the communication path, receiving and collecting monitored information from the first responder computer; in response to determining that the first responder computer is not in the communication path or that the monitoring session has become inactive, automatically and autonomously ending the monitoring session.Type: GrantFiled: November 30, 2016Date of Patent: October 23, 2018Assignee: Cisco Technology, Inc.Inventors: Alexander Clemm, Yuquan Jiang, Steve Chang, Shyyunn Lin
-
Patent number: 9787593Abstract: A method is disclosed for transmitting system management requests to computer systems along a network path using a network control protocol, such as RSVP. For example, an originating node may send a single system management request along a path to a destination node using a network control protocol. Each computer system along the network path may analyze the network control protocol message to determine whether the message contains a system management request. If a system management request is found in the message, the computer system may perform the system management function identified in the request, and respond to it.Type: GrantFiled: March 30, 2015Date of Patent: October 10, 2017Assignee: Cicsco Technology, Inc.Inventors: L. Alexander Clemm, Yuquan Jiang, Aamer Akhter, Steve Chang, Shyyunn Sheran Lin
-
Publication number: 20170085451Abstract: In an embodiment, a method comprises initiating a monitoring session for a communication path including creating and storing monitoring session state data; sending, to a first responder computer of the communication path, a first request to initiate a first state servlet that is configured to monitor continuously during the monitoring session one or more characteristics of one or more processes that the first responder computer may perform; sending, to the first responder computer, monitoring instructions to monitor the one or more characteristics of the one or more processes; while the monitoring session is active and the first responder computer is in the communication path, receiving and collecting monitored information from the first responder computer; in response to determining that the first responder computer is not in the communication path or that the monitoring session has become inactive, automatically and autonomously ending the monitoring session.Type: ApplicationFiled: November 30, 2016Publication date: March 23, 2017Inventors: ALEXANDER CLEMM, YUQUAN JIANG, STEVE CHANG, SHYYUNN LIN
-
Patent number: 9565082Abstract: In an embodiment, a method comprises initiating a monitoring session for a communication path including creating and storing monitoring session state data; sending, to a first responder computer of the communication path, a first request to initiate a first state servlet that is configured to monitor continuously during the monitoring session one or more characteristics of one or more processes that the first responder computer may perform; sending, to the first responder computer, monitoring instructions to monitor the one or more characteristics of the one or more processes; while the monitoring session is active and the first responder computer is in the communication path, receiving and collecting monitored information from the first responder computer; in response to determining that the first responder computer is not in the communication path or that the monitoring session has become inactive, automatically and autonomously ending the monitoring session.Type: GrantFiled: September 8, 2014Date of Patent: February 7, 2017Assignee: Cisco Technology, Inc.Inventors: Alexander Clemm, Yuquan Jiang, Steve Chang, Shyyunn Lin
-
Publication number: 20150207746Abstract: A method is disclosed for transmitting system management requests to computer systems along a network path using a network control protocol, such as RSVP. For example, an originating node may send a single system management request along a path to a destination node using a network control protocol. Each computer system along the network path may analyze the network control protocol message to determine whether the message contains a system management request. If a system management request is found in the message, the computer system may perform the system management function identified in the request, and respond to it.Type: ApplicationFiled: March 30, 2015Publication date: July 23, 2015Inventors: L. ALEXANDER CLEMM, YUQUAN JIANG, AAMER AKHTER, STEVE CHANG, SHYYUNN SHERAN LIN
-
Patent number: 8995266Abstract: A method is disclosed for transmitting system management requests to computer systems along a network path using a network control protocol, such as RSVP. For example, an originating node may send a single system management request along a path to a destination node using a network control protocol. Each computer system along the network path may analyze the network control protocol message to determine whether the message contains a system management request. If a system management request is found in the message, the computer system may perform the system management function identified in the request, and respond to it.Type: GrantFiled: July 7, 2010Date of Patent: March 31, 2015Assignee: Cisco Technology, Inc.Inventors: L. Alexander Clemm, Yuquan Jiang, Aamer Akhter, Steve Chang, Shyyunn Sheran Lin
-
Publication number: 20150006721Abstract: In an embodiment, a method comprises initiating a monitoring session for a communication path including creating and storing monitoring session state data; sending, to a first responder computer of the communication path, a first request to initiate a first state servlet that is configured to monitor continuously during the monitoring session one or more characteristics of one or more processes that the first responder computer may perform; sending, to the first responder computer, monitoring instructions to monitor the one or more characteristics of the one or more processes; while the monitoring session is active and the first responder computer is in the communication path, receiving and collecting monitored information from the first responder computer; in response to determining that the first responder computer is not in the communication path or that the monitoring session has become inactive, automatically and autonomously ending the monitoring session.Type: ApplicationFiled: September 8, 2014Publication date: January 1, 2015Inventors: ALEXANDER CLEMM, YUQUAN JIANG, STEVE CHANG, SHYYUNN LIN
-
Patent number: 8838781Abstract: In an embodiment, a method comprises initiating a monitoring session for a communication path including creating and storing monitoring session state data; sending, to a first responder computer of the communication path, a first request to initiate a first state servlet that is configured to monitor continuously during the monitoring session one or more characteristics of one or more processes that the first responder computer may perform; sending, to the first responder computer, monitoring instructions to monitor the one or more characteristics of the one or more processes; while the monitoring session is active and the first responder computer is in the communication path, receiving and collecting monitored information from the first responder computer; in response to determining that the first responder computer is not in the communication path or that the monitoring session has become inactive, automatically and autonomously ending the monitoring session.Type: GrantFiled: July 15, 2010Date of Patent: September 16, 2014Assignee: Cisco Technology, Inc.Inventors: Alexander Clemm, Yuquan Jiang, Steve Chang, Shyyunn Lin
-
Patent number: 8613056Abstract: User credentials are validated within a network infrastructure element such as a packet data router or switch. The network element has authentication and authorization logic for receiving one or more packets representing an input application message logically associated with OSI network model Layer 5 or above; extracting user credentials from the one or more packets; authenticating an identity associated with the user credentials; authorizing privileges to the identity; and forwarding the application message to an intended destination if the identity is successfully authenticated and/or authorized. The authentication and authorization logic in the network element can invoke extension authentication and authorization methods that may be provisioned after the network element is deployed in a networked system.Type: GrantFiled: May 26, 2006Date of Patent: December 17, 2013Assignee: Cisco Technology, Inc.Inventors: Sandeep Kumar, Vinod K. Dashora, Subramanian N. Iyer, Yuquan Jiang
-
Publication number: 20120016981Abstract: In an embodiment, a method comprises initiating a monitoring session for a communication path including creating and storing monitoring session state data; sending, to a first responder computer of the communication path, a first request to initiate a first state servlet that is configured to monitor continuously during the monitoring session one or more characteristics of one or more processes that the first responder computer may perform; sending, to the first responder computer, monitoring instructions to monitor the one or more characteristics of the one or more processes; while the monitoring session is active and the first responder computer is in the communication path, receiving and collecting monitored information from the first responder computer; in response to determining that the first responder computer is not in the communication path or that the monitoring session has become inactive, automatically and autonomously ending the monitoring session.Type: ApplicationFiled: July 15, 2010Publication date: January 19, 2012Inventors: Alexander Clemm, Yuquan Jiang, Steve Chang, Shyyunn Lin
-
Publication number: 20120008498Abstract: A method is disclosed for transmitting system management requests to computer systems along a network path using a network control protocol, such as RSVP. For example, an originating node may send a single system management request along a path to a destination node using a network control protocol. Each computer system along the network path may analyze the network control protocol message to determine whether the message contains a system management request. If a system management request is found in the message, the computer system may perform the system management function identified in the request, and respond to it.Type: ApplicationFiled: July 7, 2010Publication date: January 12, 2012Inventors: L. Alexander Clemm, Yuquan Jiang, Aamer Akhter, Steve Chang, Shyyunn Sheran Lin
-
Patent number: 8090839Abstract: A network infrastructure element such as a router or switch performs transparent and optimized validation of XML schemas of XML payloads received in the network element. The network element comprises logic for receiving and storing one or more validation scope rules that define a portion of an extensible markup language (XML) schema for validation; receiving and storing the XML schema; receiving over the network an application-layer message comprising one or more of the packets; identifying a particular XML element in an XML payload of the application-layer message, wherein the particular XML element is within the portion of the XML schema defined in the one or more validation scope rules; determining whether the particular XML element conforms to the XML schema; and performing a responsive action based on whether the particular XML element conforms to the XML schema.Type: GrantFiled: June 21, 2006Date of Patent: January 3, 2012Assignee: Cisco Technology, Inc.Inventors: Sandeep Kumar, Karempudi Ramarao, Yuquan Jiang, Yi Jin, Tefcros Anthias
-
Publication number: 20070289005Abstract: User credentials are validated within a network infrastructure element such as a packet data router or switch. The network element has authentication and authorization logic for receiving one or more packets representing an input application message logically associated with OSI network model Layer 5 or above; extracting user credentials from the one or more packets; authenticating an identity associated with the user credentials; authorizing privileges to the identity; and forwarding the application message to an intended destination if the identity is successfully authenticated and/or authorized. The authentication and authorization logic in the network element can invoke extension authentication and authorization methods that may be provisioned after the network element is deployed in a networked system.Type: ApplicationFiled: May 26, 2006Publication date: December 13, 2007Inventors: Sandeep Kumar, Vinod K. Dashora, Subramanian N. Iyer, Yuquan Jiang
-
Publication number: 20070005786Abstract: A network infrastructure element such as a router or switch performs transparent and optimized validation of XML schemas of XML payloads received in the network element. The network element comprises logic for receiving and storing one or more validation scope rules that define a portion of an extensible markup language (XML) schema for validation; receiving and storing the XML schema; receiving over the network an application-layer message comprising one or more of the packets; identifying a particular XML element in an XML payload of the application-layer message, wherein the particular XML element is within the portion of the XML schema defined in the one or more validation scope rules; determining whether the particular XML element conforms to the XML schema; and performing a responsive action based on whether the particular XML element conforms to the XML schema.Type: ApplicationFiled: June 21, 2006Publication date: January 4, 2007Inventors: Sandeep Kumar, Karempudi Ramarao, Yuquan Jiang, Yi Jin, Tefcros Anthias