公开(公告)号：US20230254289A1

公开(公告)日：2023-08-10

申请号：US17667987

申请日：2022-02-09

Applicant: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP

Inventor： Shreekanth Chandranna ,  Bhagvan Cheeyandira ,  Gopalakrishnan Gunasekaran

IPC: H04L9/40

CPC classification number: H04L63/029 ,  H04L63/0236 ,  H04L63/0272 ,  H04L63/0435 ,  H04L63/061

Abstract: Systems and methods are provided for effectuating overlay tunnels between software-defined wide area network (SD-WAN) end-point devices despite the use of IPSec passthrough in one or more network devices, such as modems or routers that exist between the end-point devices. In particular, the Internet Key Exchange (IKE) protocol can be allowed to progress until a modem/router is able to establish an IKE tunnel, after which overlay packets using cloud-managed keys can be allowed to pass through the modem/router. An overlay tunnel may then be established between the end-point devices, and the IKE tunnel can be taken down.

公开(公告)号：US11856063B2

公开(公告)日：2023-12-26

申请号：US17220812

申请日：2021-04-01

Applicant: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP

Inventor： Gopalakrishnan Gunasekaran ,  Shreekanth Chandranna ,  Bhagvan Cheeyandira

IPC: H04L29/08 ,  H04L67/141 ,  H04L9/40

CPC classification number: H04L67/141 ,  H04L63/0272 ,  H04L63/0823 ,  H04L63/164

Abstract: Systems are methods are provided for implementing cloud survivability which mitigates the loss of secure communication via a cloud orchestrated IPsec tunnel, due to a loss of connectivity to a cloud service. For example, devices can establish IPsec tunnels which are orchestrated by a cloud service, such as SD-WAN Tunnel Orchestration. Then, according to the disclosed cloud survivability techniques, if the connection to the cloud service fails, a cloud survivability phase can be triggered which fails-over from IPsec tunnel to a survivability tunnel. In some implementations, a method includes: determining, by an initiator device, whether there is a loss of connectivity of the initiator device or the responder device with a cloud service. Further, in response to determining that there is a loss of connectivity, automatically establishing a survivability communication link between the initiator device and the responder device.

公开(公告)号：US20220224563A1

公开(公告)日：2022-07-14

申请号：US17147089

申请日：2021-01-12

Applicant: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP

Inventor： Hari Krishna Kurmala ,  Shreekanth Chandranna

IPC: H04L12/46 ,  H04L12/24

Abstract: Systems, methods, and computer-readable media are described for establishing an optimized geo-location based hub mesh network for a group of network controllers spanning multiple regions, where the optimized mesh network includes substantially fewer connections between network controllers than conventional hub mesh networks. Geo-location information is obtained for the group of network controllers, and the network controllers are categorized into various physical regions based on the geo-location information. Then, within each region, a particular network controller is selected to serve as a primary regional hub for that region. Tunnel connections are then established between each non-hub network controller in each region and the primary regional hub for that region. In addition, tunnel connections are established between each non-hub network controller in a region and each other non-hub network controller within the same region. Moreover, connections are established between the regional hub network controllers.

公开(公告)号：US11108851B1

公开(公告)日：2021-08-31

申请号：US16845326

申请日：2020-04-10

Applicant: Hewlett Packard Enterprise Development LP

Inventor： Hari Krishna Kurmala ,  Shreekanth Chandranna

IPC: G06F15/16 ,  H04L29/08

Abstract: Disclosed is a network infrastructure device including processing circuitry and a non-transitory, computer-readable medium including instructions that, when executed by the processing circuitry, cause the network infrastructure device to perform certain actions. The actions include receiving first information indicating resource utilization of headend gateways for forwarding data of a first application, receiving second information indicating resource utilization of branch gateways for forwarding data of a second application, forwarding data of the first application across a WAN link to a first headend gateway best suited to forward data of the first application, and forwarding data of the second application across a WAN link to a second headend gateway best suited to forward data of the second application.

公开(公告)号：US11528166B2

公开(公告)日：2022-12-13

申请号：US17147089

申请日：2021-01-12

Applicant: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP

Inventor： Hari Krishna Kurmala ,  Shreekanth Chandranna

IPC: H04L12/46 ,  H04L41/12 ,  H04L41/40 ,  H04L41/044 ,  H04L45/64 ,  H04L41/00 ,  H04L41/045

Abstract: Systems, methods, and computer-readable media are described for establishing an optimized geo-location based hub mesh network for a group of network controllers spanning multiple regions, where the optimized mesh network includes substantially fewer connections between network controllers than conventional hub mesh networks. Geo-location information is obtained for the group of network controllers, and the network controllers are categorized into various physical regions based on the geo-location information. Then, within each region, a particular network controller is selected to serve as a primary regional hub for that region. Tunnel connections are then established between each non-hub network controller in each region and the primary regional hub for that region. In addition, tunnel connections are established between each non-hub network controller in a region and each other non-hub network controller within the same region. Moreover, connections are established between the regional hub network controllers.

公开(公告)号：US10680965B1

公开(公告)日：2020-06-09

申请号：US16250447

申请日：2019-01-17

Applicant: Hewlett Packard Enterprise Development LP

Inventor： Amit Pingale ,  Shreekanth Chandranna ,  Sushil Regmi

IPC: G06F15/173 ,  H04L12/863 ,  H04L12/46 ,  H04L12/707 ,  H04L12/761 ,  H04L12/24

Abstract: Systems and methods are provided for redistributing virtual private network tunnels among a plurality of virtual private network concentrators. The method includes receiving, from each of the virtual private network concentrators, a respective utilization indicator; selecting a source one of the virtual private network concentrators according to the utilization indicators; selecting a destination one of the virtual private network concentrators according to the utilization indicators; selecting one of the virtual private network tunnels connected to the source one of the virtual private network concentrators; and transferring the selected one of the virtual private network tunnels from the source one of the virtual private network concentrators to the destination one of the virtual private network concentrators.

公开(公告)号：US20240236048A1

公开(公告)日：2024-07-11

申请号：US18612642

申请日：2024-03-21

Applicant: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP

Inventor： Shreekanth Chandranna ,  Bhagvan Cheeyandira ,  Gopalakrishnan Gunasekaran

IPC: H04L9/40

CPC classification number: H04L63/029 ,  H04L63/0236 ,  H04L63/0272 ,  H04L63/0435 ,  H04L63/061

Abstract: Systems and methods are provided for effectuating overlay tunnels between software-defined wide area network (SD-WAN) end-point devices despite the use of IPSec passthrough in one or more network devices, such as modems or routers that exist between the end-point devices. In particular, the Internet Key Exchange (IKE) protocol can be allowed to progress until a modem/router is able to establish an IKE tunnel, after which overlay packets using cloud-managed keys can be allowed to pass through the modem/router. An overlay tunnel may then be established between the end-point devices, and the IKE tunnel can be taken down.

公开(公告)号：US11991152B2

公开(公告)日：2024-05-21

申请号：US17667987

申请日：2022-02-09

Applicant: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP

Inventor： Shreekanth Chandranna ,  Bhagvan Cheeyandira ,  Gopalakrishnan Gunasekaran

IPC: H04L9/40

CPC classification number: H04L63/029 ,  H04L63/0236 ,  H04L63/0272 ,  H04L63/0435 ,  H04L63/061

Abstract: Systems and methods are provided for effectuating overlay tunnels between software-defined wide area network (SD-WAN) end-point devices despite the use of IPSec passthrough in one or more network devices, such as modems or routers that exist between the end-point devices. In particular, the Internet Key Exchange (IKE) protocol can be allowed to progress until a modem/router is able to establish an IKE tunnel, after which overlay packets using cloud-managed keys can be allowed to pass through the modem/router. An overlay tunnel may then be established between the end-point devices, and the IKE tunnel can be taken down.

公开(公告)号：US20240121668A1

公开(公告)日：2024-04-11

申请号：US17961347

申请日：2022-10-06

Applicant: Hewlett Packard Enterprise Development LP

Inventor： Gopalakrishnan Gunasekaran ,  Shreekanth Chandranna ,  Naveed M. Shaik ,  Bhagvan B. Cheeyandira

IPC: H04W28/20 ,  H04W28/02

CPC classification number: H04W28/20 ,  H04W28/0236

Abstract: One aspect can provide a system and method for configuring a plurality of branch gateway (BGW) devices coupled to a virtual private network concentrator (VPNC). The VPNC negotiates with a respective BGW device a transmission-bandwidth contract; receives, from the BGW device, a request for additional transmission bandwidth; analyzes traffic patterns to identify one or more BGW devices with unused bandwidth; allocates the requested additional transmission bandwidth to the respective BGW device by reducing transmission bandwidth allocated to the identified one or more BGW devices; and transmits contract-update notifications to the BGW devices to allow each BGW device to update a corresponding transmission-bandwidth contract, which comprises increasing the upper bandwidth limit at the respective BGW device while reducing the upper bandwidth limit at the identified BGW devices. In response to expiration of a timer, the VPNC revokes the additional transmission bandwidth allocated to the respective branch gateway device.

公开(公告)号：US11336563B1

公开(公告)日：2022-05-17

申请号：US17242524

申请日：2021-04-28

Applicant: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP

Inventor： Hari Krishna Kurmala ,  Shreekanth Chandranna

IPC: H04L45/24 ,  H04L101/622 ,  H04L45/12 ,  H04L45/741 ,  H04L101/668 ,  H04L61/5061

Abstract: Examples relates to a method for selecting headend gateway for routing subnets of branch gateways of a geographic region in a software defined wide area network (SD-WAN). In some examples, an analyzer issues a subnet to each branch gateway of a first geographic region from a pool of contiguous IP addresses, selects a first set of headend gateways suited to be assigned to the branch gateways, ranks each of the first set of headend gateways based on a parameter that includes dynamic loading of each headend gateway or link health information between each of the headend gateways and the branch gateways, and forwards the information including the ranking of headend gateways of the first set to a network orchestrator of the SD-WAN to cause the network orchestrator to assign the branch gateways to the highest ranking gateway based on information including the ranking of the first set of headend gateways.