Ravinder S Verma

US Patent:

8514828, Aug 20, 2013

Filed:

Oct 30, 2012

Appl. No.:

13/664330

Inventors:

Ravinder Verma - San Jose CA, US
Ramsundar Janakiraman - Sunnyvale CA, US
Srinivasan Jayarajan - Bangalore, IN

Assignee:

Aruba Networks, Inc. - Sunnyvale CA

International Classification:

H04Q 7/24

US Classification:

370338, 370392, 370401, 4554321, 455433

Abstract:

The present disclosure discloses a method and network device for home VLAN identification for roaming mobile clients. Specifically, the disclosed method and system detects that the mobile client has roamed away from a first network to a second network, maintains a mapping between a virtual local area network (VLAN) corresponding to the mobile client and a tunnel corresponding to a foreign agent in the second network, and forwards packets to or from the mobile client on the VLAN based on the mapping between the VLAN and the tunnel via which the packets are received. Therefore, the disclosed method and system allows for identification of home VLANs for roaming mobile clients without merging VLAN policy configurations at the home agent and the foreign agent.

US Patent:

20080002607, Jan 3, 2008

Filed:

Jun 30, 2006

Appl. No.:

11/479785

Inventors:

Ramakrishnan Nagarajan - Sunnyvale CA, US
Udayan Borkar - Sunnyvale CA, US
Ravinder Verma - Sunnyvale CA, US

International Classification:

H04Q 7/00

US Classification:

370328

Abstract:

In a network including a wireless client device, a home wireless switch of the wireless client device, and a new wireless switch within the same mobility domain as the home wireless switch, the new wireless switch can be configured to become a new home/current wireless switch for the wireless client device, and to transmit a layer 2 (L2) roam message to the home wireless switch, when the new wireless switch determines that the wireless client device has roamed from the home wireless switch to the new wireless switch. The L2 roam message indicates that the wireless client device has roamed within the same VLAN or L3 subnet. The L2 roam message comprises an IP address of the new home wireless switch, and an IP address of the new current wireless switch. The home wireless switch is configured to forward the L2 roam message to peer wireless switches within the mobility domain. As such, the wireless client device remains mapped to the same VLAN ID at the home wireless switch and the new current wireless switch, and maintains the same IP address despite roaming to the new current wireless switch.

US Patent:

20080008088, Jan 10, 2008

Filed:

Jul 7, 2006

Appl. No.:

11/482368

Inventors:

Ramakrishnan Nagarajan - Sunnyvale CA, US
Udayan Borkar - Sunnyvale CA, US
Ravinder Verma - Sunnyvale CA, US

International Classification:

H04J 3/14
H04Q 7/00

US Classification:

370220, 370331

Abstract:

Techniques are provided for configuring wireless switches within a mobility domain. In one implementation, a first designated wireless switch and a first client wireless switch are configured as part of a first mobility area of the mobility domain. An internal peering session is established between the first client wireless switch and the first designated wireless switch in the first mobility area. A second designated wireless switch is configured as part of a second mobility area of the mobility domain, and an external peering session is established between the first designated wireless switch in the first mobility area and the second designated wireless switch in the second mobility area.

US Patent:

20080008128, Jan 10, 2008

Filed:

Jul 7, 2006

Appl. No.:

11/482226

Inventors:

Ramakrishnan Nagarajan - Sunnyvale CA, US
Udayan Borkar - Sunnyvale CA, US
Ravinder Verma - Sunnyvale CA, US

International Classification:

H04Q 7/00

US Classification:

370331, 370338

Abstract:

Techniques and technologies are provided for resolving conflicts among wireless switches associated with a wireless client device regarding a layer 3 (L3) mobility state of the wireless client device at the wireless switches. A conflict regarding the L3 mobility state of the wireless client device between a first wireless switch and a second wireless switch can be detected. For example, in one implementation, a first wireless switch determines that an L3 mobility state of a wireless client device at the first wireless switch is different than the L3 mobility state of the wireless client device at the second wireless switch. The conflict regarding the L3 mobility state of the wireless client device between the first wireless switch and the second wireless switch can then be resolved. For example, in one implementation, the wireless client device can be forced to disassociate from the first wireless switch and the second wireless switch, and then re-associate with either the first wireless switch or the second wireless switch.

US Patent:

20220217121, Jul 7, 2022

Filed:

Jan 26, 2022

Appl. No.:

17/584467

Inventors:

- San Jose CA, US
Sushil Pangeni - Fremont CA, US
Vladimir Stepanenko - Sunnyvale CA, US
Ravinder Verma - San Jose CA, US

International Classification:

H04L 9/40
H04L 67/141
H04L 67/10
H04L 43/028
H04L 67/146

Abstract:

A method implemented by a cloud-based system includes steps of, responsive to connecting to a user device with a user associated with a first tenant of a plurality of tenants, obtaining security policies for the user that are configured for the tenant, wherein the security policies for the user are the same regardless of connection type, location of the user, and device type and operating system of the user device; stream scanning traffic between the user device and the Internet based on the security policies, wherein the security policies are for firewall and intrusion prevention functions; and one of allowing and blocking the traffic based on the stream scanning.

US Patent:

20200259792, Aug 13, 2020

Filed:

Apr 27, 2020

Appl. No.:

16/858892

Inventors:

- San Jose CA, US
Sushil Pangeni - Fremont CA, US
Vladimir Stepanenko - Sunnyvale CA, US
Ravinder Verma - San Jose CA, US

International Classification:

H04L 29/06
H04L 29/08
H04L 12/26

Abstract:

Cloud-based Intrusion Prevention Systems (IPS) include receiving traffic associated with a user of a plurality of users, wherein each user is associated with a customer of a plurality of customers for a cloud-based security system, and wherein the traffic is between the user and the Internet; analyzing the traffic based on a set of signatures including stream-based signatures and security patterns; blocking the traffic responsive to a match of a signature of the set of signatures; and performing one or more of providing an alert based on the blocking and updating a log based on the blocking.

US Patent:

20200177548, Jun 4, 2020

Filed:

Feb 4, 2020

Appl. No.:

16/781505

Inventors:

- San Jose CA, US
Vladimir Stepanenko - Sunnyvale CA, US
Ravinder Verma - San Jose CA, US
James Kawamoto - San Jose CA, US

International Classification:

H04L 29/06
H04L 29/08
H04L 12/26

Abstract:

Multi-tenant cloud-based firewall systems and methods are described. The firewall systems and methods can operate overlaid with existing branch office firewalls or routers as well as eliminate the need for physical firewalls. The firewall systems and methods can protect users at user level control, regardless of location, device, etc., over all ports and protocols (not only ports 80/443) while providing administrators a single unified policy for Internet access and integrated reporting and visibility. The firewall systems and methods can eliminate dedicated hardware at user locations, providing a software-based cloud solution. The firewall systems and methods support application awareness to identify application; user awareness to identify users, groups, and locations regardless of physical address; visibility and policy management providing unified administration, policy management, and reporting; threat protection and compliance to block threats and data leaks in real-time; high performance through an in-line cloud-based, scalable system; etc.

US Patent:

20170142068, May 18, 2017

Filed:

Nov 17, 2015

Appl. No.:

14/943579

Inventors:

Srikanth DEVARAJAN - San Jose CA, US
Vladimir STEPANENKO - Sunnyvale CA, US
Ravinder VERMA - San Jose CA, US
James KAWAMOTO - San Jose CA, US

Assignee:

Zscaler, Inc. - San Jose CA

International Classification:

H04L 29/06
H04L 12/26
H04L 29/08

Abstract:

A multi-tenant cloud-based firewall method from a client, performed by a cloud node, includes receiving a packet from the client, wherein the client is located externally from the cloud node; checking if a firewall session exists for the packet, and if so, processing the packet on a fast path where a lookup is performed to find the firewall session; if no firewall session exists, creating the firewall session; and processing the packet according to the firewall session and one or more rules. The cloud node can perform the method without a corresponding appliance or hardware on premises, at a location associated with the client, for providing a firewall.