公开(公告)号：US20190141141A1

公开(公告)日：2019-05-09

申请号：US16240726

申请日：2019-01-05

Applicant: Hewlett Packard Enterprise Development LP

Inventor： Raghunandan Prabhakar ,  Abhishek Kumar ,  Sridhar Pasupula Chandrasekaran

IPC: H04L29/08 ,  H04L29/06

Abstract: The present disclosure discloses a method and network device for dynamic detection of inactive virtual private network clients. Specifically, a network device receives periodic messages from a first device at a first interval, and determines a timeout value for the first device based at least on the first interval, at which the periodic messages are received from the first device. Subsequent to determining the timeout value, the network device detects that a message has not been received from the first device for a period of time corresponding to the timeout value for the first device. The network device then terminates at least one connection with the first device responsive to determining that no message has been received from the first device for the period of time corresponding to the timeout value for the first device.

公开(公告)号：US20250119436A1

公开(公告)日：2025-04-10

申请号：US18539735

申请日：2023-12-14

Applicant: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP

Inventor： Santhana Krishnan Narayanan ,  Raghunandan Prabhakar

IPC: H04L9/40

Abstract: Systems and methods are provided for customized grouping of end user devices using a new group identifier tag (GIT) in addition to role-based access (e.g., administrator or guest) and device identifier access (e.g., IP or MAC address). Two components may be implemented at a network access device, including a data plane component and a control plane component. For example, the control plane component may authenticate an end user device, store the MAC and IP addresses for authenticated end user devices, and define access roles for the end user device in the datapath. The data plane component may perform packet processing (e.g., forwarding and policy enforcement) pursuant to previously-defined rules. Whenever a packet arrives at the Network Access Device, the packet is forwarded according to the rules specified by the “role” and GIT present in the entry, allowing for improved processing and scalability of network traffic processing.

公开(公告)号：US20240364635A1

公开(公告)日：2024-10-31

申请号：US18139819

申请日：2023-04-26

Applicant: Hewlett Packard Enterprise Development LP

Inventor： Raghunandan Prabhakar ,  Sumanth Mithra

IPC: H04L47/24 ,  H04L47/122

CPC classification number: H04L47/24 ,  H04L47/122

Abstract: A system for facilitating the dynamic selection of a gateway at an access node is provided. During operation, the system can select primary and standby gateways for a client device coupling the access node from a list of gateways associated with a gateway cluster based on an identifier of the client device. The gateway cluster can include a plurality of gateways coupled to the access node. The system can then forward traffic from the client device to the primary gateway. If there is a change in a set of parameters associated with the gateway cluster, the system can receive a policy indicating a change of gateway for the client device. The set of parameters indicates performance associated with the plurality of gateways. The system can select a new primary gateway for the client device based on the policy and redirect traffic from the client device to the new primary gateway.

公开(公告)号：US12113703B2

公开(公告)日：2024-10-08

申请号：US17587143

申请日：2022-01-28

Applicant: Hewlett Packard Enterprise Development LP

Inventor： Shravan Kumar Vuggrala ,  Raghunandan Prabhakar

IPC: H04L45/28 ,  H04L45/00 ,  H04L45/021 ,  H04L61/103

CPC classification number: H04L45/28 ,  H04L45/021 ,  H04L45/66 ,  H04L61/103

Abstract: Data transfer for access points or switches in a cluster upon data tunnel failure is described. An example includes receiving uniform mapping information for a cluster including a bucket map mapping an active gateway and a standby gateway for each of multiple entries, the bucket map including mapping a first gateway node as a standby gateway and a second gateway node as an active gateway for an entry. Synchronized user information is received from the second gateway node including identification of a user indexed to the first entry. A message is received from a first AP or switch requesting activation of the user on the first gateway node as a standby gateway upon failure of a data tunnel between the first AP or switch and the second gateway node. The user is activated on the first gateway node.

公开(公告)号：US11985004B2

公开(公告)日：2024-05-14

申请号：US17573919

申请日：2022-01-12

Applicant: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP

Inventor： Shravan Kumar Vuggrala ,  Raghunandan Prabhakar ,  Shankar Kambat Ananthanarayanan

IPC: H04L12/28 ,  H04L12/18 ,  H04L12/46 ,  H04L12/66

CPC classification number: H04L12/2863 ,  H04L12/1822 ,  H04L12/185 ,  H04L12/4641 ,  H04L12/66

Abstract: Systems and methods are provided for reducing WAN bandwidth consumption used by multicast for large scale software-defined branch deployments. In particular, a cloud-based multicast orchestrator may be implemented as part of an SD-WAN service. This cloud-based multicast orchestrator may orchestrate routes for multicast traffic between a multicast source and the various branches of the large scale software-defined branch deployment. This cloud-based multicast orchestrator may orchestrate routes for multicast traffic which reduce/optimize WAN bandwidth consumption. In combination with the cloud-based multicast orchestrator, examples may utilize a branch gateway hierarchy which designates one branch gateway a “leader” for a given multicast stream to further reduce WAN bandwidth consumption used by multicast.

公开(公告)号：US11595231B2

公开(公告)日：2023-02-28

申请号：US17237256

申请日：2021-04-22

Applicant: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP

Inventor： Shravan Kumar Vuggrala ,  Raghunandan Prabhakar

IPC: H04L12/46 ,  H04L43/08 ,  H04L41/5019 ,  H04L47/12

Abstract: Example implementation relates to a method for establishing a dynamic VPN tunnel between branch gateway devices based on metric data. A branch orchestrator receives metric data from VPNC device. The metric data includes data center bandwidth and processor utilization of the VPNC device. The metric data is derived from the traffic being routed via the VPNC device. When the metric data associated with traffic between a first branch gateway device and a second branch gateway device is above a Service Level Agreement (SLA), a dynamic branch to branch VPN tunnel is established to route the traffic between the first branch gateway device and the second branch gateway device. The VPN tunnel between the branch gateways can be teared when the load at the VPNC device reduces.

公开(公告)号：US20220321401A1

公开(公告)日：2022-10-06

申请号：US17333381

申请日：2021-05-28

Applicant: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP

Inventor： Shravan Kumar Vuggrala ,  Raghunandan Prabhakar

IPC: H04L12/24 ,  H04L12/46 ,  H04L29/12

Abstract: A system and a method of establishing seamless remote access VPN connections are described. For establishment of a VPN connection for a user device, a cluster leader of a cluster of controllers identifies an active controller and a standby controller, based on network load of each controller of the cluster of controllers. An active VPN connection is established between the user device and the active controller and a standby VPN connection is established between the user device and the standby controller. The standby VPN connection is utilized in place of the active VPN connection during failover of the active controller. Because information of an active session is regularly shared by the active controller to the standby controller, the standby controller can seamlessly resume the active session during failover of the active controller.

公开(公告)号：US12113775B2

公开(公告)日：2024-10-08

申请号：US18059137

申请日：2022-11-28

Applicant: Hewlett Packard Enterprise Development LP

Inventor： Sreenatha Balaganoor ,  Raghunandan Prabhakar ,  Amit Agrawal

IPC: H04L29/06 ,  H04L9/08 ,  H04L9/30 ,  H04L9/40

CPC classification number: H04L63/0272 ,  H04L9/0838 ,  H04L9/3073

Abstract: Some examples relate to a pre-shared key based virtual private network. In an example, a VPN server generates a unique pre-shared key (PSK) corresponding to an identity of a VPN client. The VPN server creates a mapping between the identity and the unique PSK of the VPN client, and stores it in a database. The VPN server shares the unique PSK with the VPN client. In response to receiving an IKE packet comprising an encrypted identity of the VPN client, the VPN server decrypts the encrypted identity of the VPN client from the IKE packet to determine the identity of the VPN client associated with the IKE packet. The VPN server retrieves the unique PSK corresponding to the identity of the VPN client associated with the IKE packet from the mapping stored in the database. The VPN server establishes a VPN connection with the VPN client.

公开(公告)号：US11985027B2

公开(公告)日：2024-05-14

申请号：US17192510

申请日：2021-03-04

Applicant: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP

Inventor： Raghunandan Prabhakar ,  Piyush Agarwal ,  Shravan Kumar Vuggrala

IPC: H04L41/0654 ,  H04L12/46 ,  H04L12/66 ,  H04L45/28 ,  H04L45/586 ,  H04L69/40

CPC classification number: H04L41/0654 ,  H04L12/4641 ,  H04L12/66 ,  H04L45/28 ,  H04L45/586 ,  H04L69/40

Abstract: Systems and methods are provided for providing a clustering solution and a Virtual Router Redundancy Protocol (VRRP) platform for a branch deployment of at least a first gateway and a second gateway. The VRRP platform can be associated with a VRRP Internet Protocol (IP) address and the first gateway configured as a VRRP master. A change in an operational status of the first gateway can be determined with the clustering solution. The second gateway can be caused to be configured, with the clustering solution, as a new VRRP master. Network traffic associated with the VRRP Internet Protocol (IP) address can be received. The second gateway can be caused to forward the network traffic.

公开(公告)号：US11778467B2

公开(公告)日：2023-10-03

申请号：US17513868

申请日：2021-10-28

Applicant: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP

Inventor： Shravan Kumar Vuggrala ,  Raghunandan Prabhakar

IPC: G06F21/00 ,  H04W12/069 ,  H04W12/088 ,  H04W8/12

CPC classification number: H04W12/069 ,  H04W8/12 ,  H04W12/088

Abstract: Examples relate to seamless roaming across subnets. In an example, a system receives an indication that a client device has been authenticated at a first network device of a network. The system receives precursor keys and identification information of the client device, as generated from the authentication of the client device. The system determines second clusters, which are within a roaming domain of the cluster or the client device. The system receives one or more second precursor keys corresponding to the second clusters and distributes the second precursor keys to the corresponding second clusters. The system determines to create one or more tunnels among the second clusters and the cluster and provisions the tunnels to transmit data through the tunnels.