Riverbed Technology Patent Grants

Using secure tokens for stateless software defined networking

Granted: November 28, 2023
Patent Number: 11831775
Systems and techniques are described to facilitate using secure tokens for stateless software defined networking. An initial configuration may be created for deploying a network device at a deployment site. A cryptographically secure certificate may be created that includes the initial configuration for deploying the network device at the deployment site. The cryptographically secure certificate may be stored in a secure token that can be inserted into a secure token reader that is…

Target process injection prior to execution of marker libraries

Granted: November 7, 2023
Patent Number: 11809881
The disclosed embodiments provide a system that modifies execution of a target process in a computer system. During loading of a marker library by a target process, the system modifies import dependency data of the marker library to include an injection library as a dependency of a marker library. After the modified import dependency data is used to load the injection library into the target process by the operating system or loader, the system executes the injection library prior to…

Virtualized data storage system architecture

Granted: February 28, 2023
Patent Number: 11593319
Virtual storage arrays consolidate branch data storage at data centers connected via wide area networks. Virtual storage arrays appear to storage clients as local data storage; however, virtual storage arrays actually store data at the data center. The virtual storage arrays overcomes bandwidth and latency limitations of the wide area network by predicting and prefetching storage blocks, which are then cached at the branch location. Virtual storage arrays leverage an understanding of the…

Using secure tokens for stateless software defined networking

Granted: October 18, 2022
Patent Number: 11477026
Systems and techniques are described to facilitate using secure tokens for stateless software defined networking. An initial configuration may be created for deploying a network device at a deployment site. A cryptographically secure certificate may be created that includes the initial configuration for deploying the network device at the deployment site. The cryptographically secure certificate may be stored in a secure token that can be inserted into a secure token reader that is…

Data leak prevention using content based segmentation scanning

Granted: January 25, 2022
Patent Number: 11232227
Systems and techniques are described for preventing data leaks from a network. A set of sensitive files or sensitive data that includes sensitive information can be received, and a first set of labels can be determined based on the set of sensitive files or sensitive data. An apparatus can then receive data that is to be checked for sensitive information, and determine a second set of labels based on the data. Next, the apparatus can match the second set of labels with the first set of…

Automated problem diagnosis on logs using anomalous telemetry analysis

Granted: December 28, 2021
Patent Number: 11210158
Systems and techniques are described for performing automatic problem diagnosis. Telemetry data of a system can be analyzed to identify a set of time ranges during which the telemetry data exhibits anomalous behavior. Next, a subset of log entries having a timestamp that is in one of the time ranges in set of time ranges can be extracted from a set of log entries generated by the system. The subset of log entries can then be analyzed, by using natural language processing, to identify a…

Network topology generation using traceroute data

Granted: December 14, 2021
Patent Number: 11201809
Embodiments provide systems, methods, and computer program products to generate a network topology. Internet Protocol (IP) addresses may be collected that immediately precede a first IP address in a set of IP-address-sequences to obtain a first set of previous-hop IP addresses, where each IP-address-sequence in the set of IP-address-sequences comprises a sequence of IP addresses traversed by at least one packet. Next, each IP address in the first set of previous-hop IP addresses may be…

Advanced injection rule engine

Granted: November 30, 2021
Patent Number: 11188352
Systems and techniques are described for controlling injection of a library into a process. Specifically, some embodiments provide an Advanced Injection Rule Engine (AIRE), which uses a set of rules to selectively inject a library, e.g., a dynamic-link library (DLL), into a process. Some embodiments implement a Domain Specific Language (DSL), called AIRE Script, to define the injection rules that are used by the AIRE at runtime.

Method and apparatus for path selection

Granted: June 8, 2021
Patent Number: 11032188
Systems and techniques are described for configuring path selection in a network. The network can comprise a first router, a second router, a third router, a fourth router, and an intermediary device. The second router can be configured to use Differentiated Services Code Point (DSCP) while routing packets so that packets with a first DSCP value are routed through the third router, and packets with a second DSCP value are routed through the fourth router. The intermediary device can be…

Preserving policy with path selection

Granted: March 2, 2021
Patent Number: 10938716
Systems and techniques are described for ensuring that policies are consistently applied to traffic across an overlay network. An application identifier associated with a forward traffic flow and a corresponding reverse traffic flow can be determined by a device that routes packets of both the forward traffic flow and the corresponding reverse traffic flow. Next, an overlay header can be added to each packet in the forward traffic flow and to each packet in the corresponding reverse…

Software defined wide area network (SD WAN) enabled network fabric for containers

Granted: February 2, 2021
Patent Number: 10911374
Systems and techniques are described for creating a software-defined wide-area-network (SD-WAN) enabled network fabric for containers. Embodiments can configure one or more virtual networks on a network node, wherein the one or more virtual networks are used for creating the SD-WAN enabled network fabric for containers. Next, the embodiments can deploy a virtual gateway on the network node by executing the virtual gateway image. The embodiments can then create a container network…

High availability (HA) network device

Granted: January 5, 2021
Patent Number: 10887131
Some embodiments described herein provide a combination of a layer 3 (L3) hop with layer 2 (L2) bypass/fail-to-wire in a network device. Specifically, some embodiments place the network device between two routers, thereby becoming a L3 hop between the two routers. The existing route between the two routers is preserved by using L2 bypass through the network device. If the network device fails, then the physical fail-to-wire will be engaged, removing its L3 hop, but preserving the L2…

Estimating data transfer performance improvement that is expected to be achieved by a network optimization device

Granted: November 17, 2020
Patent Number: 10841192
Systems and techniques are described for calculating performance improvement achieved and/or expected to be achieved by optimizing a network connection. Network characteristics can be measured for non-optimized network connections. Next, the network characteristics can be analyzed to obtain a set of non-optimized connection groups, wherein each non-optimized connection group corresponds to non-optimized network connections that have similar network characteristics. Network…

Virtualized data storage system architecture

Granted: November 10, 2020
Patent Number: 10831721
Virtual storage arrays consolidate branch data storage at data centers connected via wide area networks. Virtual storage arrays appear to storage clients as local data storage; however, virtual storage arrays actually store data at the data center. The virtual storage arrays overcomes bandwidth and latency limitations of the wide area network by predicting and prefetching storage blocks, which are then cached at the branch location. Virtual storage arrays leverage an understanding of the…

Prefix compression for keyed values

Granted: September 1, 2020
Patent Number: 10762281
Systems and techniques are described for compressing strings by using a tree data structure. Specifically, for each string in a sequence of strings, the embodiments can traverse the tree data structure by matching characters of the string with characters associated with nodes of the tree data structure until either (1) all characters in the string have been processed, or (2) a current character in the string does not match a corresponding character in a current node of the tree data…

Hierarchical policies in a network

Granted: July 28, 2020
Patent Number: 10728097
Systems and techniques are described for applying a set of policy rules to network traffic. During operation, conditions specified in the set of policy rules can be evaluated, wherein each condition is a logical expression defined over a set of variables, and is evaluated by substituting values of the set of variables associated with the network traffic into the logical expression. Next, a subset of policy rules can be selected whose conditions evaluated as true. A highest precedence…

Displaying adaptive content in heterogeneous performance monitoring and troubleshooting environments

Granted: June 9, 2020
Patent Number: 10680926
Systems, methods, and computer program embodiments are disclosed for adaptively displaying application performance data. In an embodiment, a plurality of performance monitoring data sources may be identified based on an application model that defines the topological structure of a software application. A request may be received for performance data associated with the application. One or more content options may then be determined based on the received request, and each content option…

Virtualization planning system

Granted: October 22, 2019
Patent Number: 10452416
An interactive virtualization management system provides an assessment of proposed or existing virtualization schemes. A Virtual Technology Overhead Profile (VTOP) is created for each of a variety of configurations of host computer systems and virtualization technologies by measuring the overhead experienced under a variety of conditions. The multi-variate overhead profile corresponding to each target configuration being evaluated is used by the virtualization management system to…

Node fault identification in wireless LAN access points

Granted: September 24, 2019
Patent Number: 10425305
A wireless access point array having a plurality of access point radios, a monitor radio and an array controller. The array controller includes processes, methods and functions for verifying the operation of the access point radios. The access point radios may be verified by attempting to establish a data connection between the monitor radio and each of the access point radios.

Methods and systems for distribution and retrieval of network traffic records

Granted: August 27, 2019
Patent Number: 10397329
A method includes transmitting, by a distribution server, to each of a plurality of worker computers, a request for an enumeration of Internet Protocol (IP) addresses ranked according to a criterion. The method includes receiving, by the distribution computer, from a first of the plurality of worker computers, a first partial enumeration of the requested IP addresses ranked according to the criterion, the first partial enumeration stored in a hash table. The method includes receiving, by…