Javed M Asghar

US Patent:

20230031921, Feb 2, 2023

Filed:

Jul 30, 2021

Appl. No.:

17/390511

Inventors:

- San Jose CA, US
Kiran Kumar Meda - Milpitas CA, US
Rajagopalan Janakiraman - Cupertino CA, US
Shyam N. Kapadia - San Jose CA, US
Javed Asghar - Dublin CA, US

International Classification:

H04L 12/707
H04L 12/26

Abstract:

In one embodiment, a method includes identifying a problematic event between a first interest point and a second interest point of a network and activating, in response to identifying the problematic event between the first interest point and the second interest point, a first endpoint associated with the first interest point and a second endpoint associated with the second interest point. The method also includes receiving, from the first endpoint and the second endpoint, telemetry data associated with a problematic path between the first interest point and the second interest point. The method further includes determining the problematic path between the first interest point and the second interest point using the telemetry data received from the first endpoint and the second endpoint.

US Patent:

20210266256, Aug 26, 2021

Filed:

Feb 26, 2020

Appl. No.:

16/801500

Inventors:

- San Jose CA, US
Sivakumar Ganapathy - Fremont CA, US
Javed Asghar - Dublin CA, US
Azeem Muhammad Suleman - San Jose CA, US

International Classification:

H04L 12/741
H04L 29/08
H04L 12/26
H04L 29/12

Abstract:

Techniques for routing data packets through service chains within and between public cloud networks of multi-cloud fabrics. A router in a network, e.g., a public cloud network, receives data packets from nodes in the network through segments of the network. Based at least in part on (i) a source address of the data packet, (ii) a destination address of the data packet, and (iii) an identity of the segments of the network from which the data packets are received, the router determines a next node in the network to which the data packet is to be forwarded. The router may then forward the data packet through another segment of the network to the next node and then receive the data packet from the next node through the another segment.

US Patent:

20210037057, Feb 4, 2021

Filed:

Jul 29, 2019

Appl. No.:

16/525362

Inventors:

- San Jose CA, US
Rajagopalan JANAKIRAMAN - Cupertino CA, US
Pramila Deshraj SINGH - Fremont CA, US
Sree Balaji VARADHARAJAN - San Jose CA, US
Javed ASGHAR - Dublin CA, US
Sachin GUPTA - Santa Clara CA, US

International Classification:

H04L 29/06
H04L 12/46

Abstract:

The present disclosure provides for system resource management in self-healing networks by grouping End Point Groups (EPGs) into a plurality of policy groups based on shared security policies; identifying a first policy group with a highest resource demand; assigning a first security policy corresponding to the first policy group to a first switch of a plurality of switches; identifying a second plurality of EPGs from the remaining EPGs that were not included in the first policy group; grouping the second plurality of EPGs into a second plurality of policy groups based on shared security policies; identifying a second policy group with a highest resource demand of the second plurality of policy groups; and assigning a second security policy corresponding to the second policy group to a second switch of the plurality of switches.

US Patent:

20200358750, Nov 12, 2020

Filed:

Jul 27, 2020

Appl. No.:

16/940114

Inventors:

- San Jose CA, US
Javed Asghar - Dublin CA, US
Prabhu Balakannan - Milpitas CA, US
Sridhar Vallepalli - Fremont CA, US

International Classification:

H04L 29/06
H04L 9/08
H04L 12/46

Abstract:

A Software-Defined Networking (SDN)-based “upstream” approach is a controller-based solution that provides secure key distribution and management for multi-site data centers. The approach uses an SDN Multi-Site Controller (MSC) that acts as an intermediary between SDN controllers at sites in a multi-site data center and manages the distribution of keys to sites. The approach is not dependent upon any particular routing protocol, such as the Border Gateway Protocol (BGP), and is well suited for multicast stream encryption by allowing the same key to be used for all replicated packets sent to downstream sites from an upstream source site. The approach distributes keys in a secure manner, ensures that data transferred between sites is done in a secure manner, and supports re-keying with error handling.

US Patent:

20200127987, Apr 23, 2020

Filed:

Oct 22, 2018

Appl. No.:

16/166973

Inventors:

- San Jose CA, US
Javed Asghar - Dublin CA, US
Prabhu Balakannan - Milpitas CA, US
Sridhar Vallepalli - Fremont CA, US

International Classification:

H04L 29/06
H04L 9/08
H04L 12/46

Abstract:

A Software-Defined Networking (SDN)-based “upstream” approach is a controller-based solution that provides secure key distribution and management for multi-site data centers. The approach uses an SDN Multi-Site Controller (MSC) that acts as an intermediary between SDN controllers at sites in a multi-site data center and manages the distribution of keys to sites. The approach is not dependent upon any particular routing protocol, such as the Border Gateway Protocol (BGP), and is well suited for multicast stream encryption by allowing the same key to be used for all replicated packets sent to downstream sites from an upstream source site. The approach distributes keys in a secure manner, ensures that data transferred between sites is done in a secure manner, and supports re-keying with error handling.

US Patent:

20200014636, Jan 9, 2020

Filed:

Oct 18, 2018

Appl. No.:

16/164607

Inventors:

- San Jose CA, US
Javed ASGHAR - Dublin CA, US
Umamaheswararao KARYAMPUDI - Fremont CA, US
Saad MALIK - Milpitas CA, US
Amitkumar V. PATEL - Fremont CA, US

International Classification:

H04L 12/933
H04L 12/813
H04L 12/741
H04L 12/721
H04L 12/707
H04L 29/08
H04L 12/715

Abstract:

Embodiments herein describe using translation mappings and security contracts to establish interconnects and policies between switching fabrics at different sites to create a unified fabric. In one embodiment, a multi-site controller can stretch endpoint groups (EPGs) between the sites so that a host or application in a first site can communicate with a host or application in a second site which is assigned to the same stretched EPG, despite the two sites have different namespaces. Further, the shadow EPGs can be formed to facilitate security contracts between EPGs in different sites. Each site can store namespace translation mapping that enable the site to convert namespace information in packets received from a different site into its own namespace values. As a result, independent bridging and routing segments in the various sites can be interconnected as well as providing application accessibility across different fabrics with independent and private namespaces.

US Patent:

20180041362, Feb 8, 2018

Filed:

Oct 16, 2017

Appl. No.:

15/784218

Inventors:

James N. GUICHARD - New Boston NH, US
Paul QUINN - Wellesley MA, US
Javed ASGHAR - Dublin CA, US
Reinaldo PENNO - San Ramon CA, US
Yixing RUAN - San Jose CA, US
Carlos M. PIGNATARO - Cary NC, US

Assignee:

Cisco Technology, Inc. - San Jose CA

International Classification:

H04L 12/46
H04L 29/06

Abstract:

A method for applying network services to data traffic forwarded between virtual private network (VPN) sites includes: receiving a data packet addressed to a target site associated with the VPN, determining services to be applied to the data packet according to a service chain, where the determining is a function of at least one of the VPN, the origin site or the target site, adding an indication of a VPN forwarding context onto the data packet, encapsulating the data packet with Network Service Header encapsulation, where a header for the encapsulated data packet indicates at least the service chain; forwarding the encapsulated data packet in accordance with the service chain, receiving the encapsulated data packet at the end of the service chain, terminating the service chain, removing the encapsulation, and forwarding the data packet to a target destination per the indication of a VPN forwarding context.

US Patent:

20170353382, Dec 7, 2017

Filed:

Jun 6, 2016

Appl. No.:

15/173951

Inventors:

- San Jose CA, US
Dharmarajan Subramanian - Bangalore, IN
Javed Asghar - Dublin CA, US

Assignee:

CISCO TECHNOLOGY, INC. - San Jose CA

International Classification:

H04L 12/703
H04L 12/707
H04L 12/761
H04L 12/801
H04L 12/18

Abstract:

In one embodiment, a method includes computing at a controller, a primary path and a backup path for transmittal of multicast data from service nodes in communication with the controller and a multicast source to access nodes in communication with multicast receivers, and transmitting from the controller, information for the primary path and the backup path to the access nodes for use by the access nodes in receiving the multicast data on the primary path and the backup path, and switching transmittal of the multicast data to the multicast receivers from the primary path to the backup path upon identifying a failure in the primary path to provide fast reroute at the access nodes. A multicast control plane runs in the controller without operating in the access nodes. An apparatus is also disclosed herein.