Optimizing IPSec for hierarchical SD-WAN
Granted: January 14, 2025
Patent Number:
12199868
According to some embodiments, a method is performed by a software defined wide area network (SD-WAN) edge router in a hierarchical SD-WAN network comprising a plurality of edge routers and a plurality of border routers. The method comprises: originating a SD-WAN system route for advertising reachability to the edge router, the system route comprising an encryption key associated with the edge router; and transmitting the system route to one or more SD-WAN border routers. The method may…
Liquid cooling distribution in a modular electronic system
Granted: January 14, 2025
Patent Number:
12200906
A network communications device includes a chassis, a plurality of modules removably inserted into a plurality of slots in the chassis. A coolant is delivered to a first group of the plurality of modules with a first flow control valve in a first cooling loop and the coolant is delivered to a second group of the plurality of modules with a second flow control valve in a second cooling loop. The network communication device further includes a plurality of sensors for monitoring a…
Network environment health monitoring
Granted: January 14, 2025
Patent Number:
12200475
Network environment health monitoring is provided by receiving an alert indicating that a first station (STA) is experiencing a connection with a first Access Point (AP) below a quality threshold; identifying a set of APs connected to a shared network with the first AP within one hop of the first AP; aggregating signal metrics for the first STA from the first AP and each AP of the set of APs; identifying a cause for the connection performing below the quality threshold based on the…
Supporting captions for devices without native captions capability
Granted: January 14, 2025
Patent Number:
12200168
A call is conducted with a first device of a user, the first device lacking captions capability. A second device of the user is identified for receiving captions for the call from among a plurality of second devices of the user based on one or more from a group of distances of the second devices to a location of the first device, display quality of the second devices, status of the second devices, and user preferences for the second devices. An identified second device is joined to the…
Next gen zero trust network access (ZTNA) and virtual private network (VPN) including cloud secure access service edge (SASE)
Granted: January 14, 2025
Patent Number:
12200080
Techniques for leveraging the MASQUE protocol to provide remote clients with full application access to private enterprise resources are described herein. One or more network nodes may be configured to execute a MASQUE proxy service to provide a remote client device with full access to an enterprise/private application resource executing on an application node and hosted in an enterprise/application network, behind the MASQUE proxy service. In some examples, the MASQUE proxy service may…
Secure access app connectors
Granted: January 14, 2025
Patent Number:
12200068
Techniques for creating in/out App Connectors for secure access solutions without the need for STUN, TURN, and/or a long-lived control plane component. The techniques may include, among other things, establishing, by an App Connector associated with a workload hosted by an enterprise network, a pool of idle sessions between the App Connector and a termination node associated with the enterprise network. The techniques may also include determining, by the App Connector, that a first idle…
Confidence scoring for detectors used to detect anomalous behavior
Granted: January 14, 2025
Patent Number:
12199996
A computer-implemented method of determining whether to configure a detection comprised within a query is disclosed. The method includes analyzing a query to determine clauses within the query that identify logs relevant to the detection comprised within the query. The method further includes determining a statistical distribution for modeling a likely hit rate of the detection. Additionally, the method includes updating the statistical distribution with information associated with an…
Cryptographic binding of native application and external browser sessions
Granted: January 14, 2025
Patent Number:
12199970
Systems and methods are provided for receiving information associated with a final single sign-on page from a native browser, extracting a public key from the information associated with the final single sign-on page, generating a single sign-on token to bind a browser session and a native application session, associating the single sign-on token with the public key extracted from the information associated with the final single sign-on page, and encrypting the single sign-on token with…
NAT route distribution based on tag information in an SDWAN overlay network
Granted: January 14, 2025
Patent Number:
12199942
A process can include determining a plurality of Network Address Translation (NAT) routes associated with respective edge routers included in a same virtual private network (VPN) for communicating with a software-defined wide area network (SDWAN). A process can include identifying a first subset of the plurality of NAT routes as mapped to a first public NAT address included in a NAT pool associated with the VPN. A process can include tagging each NAT route of the first subset with a tag…
Queue protection using a shared global memory reserve
Granted: January 14, 2025
Patent Number:
12199886
The subject technology relates to the management of a shared buffer memory in a network switch. Systems, methods, and machine readable media are provided for receiving a data packet at a first network queue from among a plurality of network queues, determining if a fill level of a queue in a shared buffer of the network switch exceeds a dynamic queue threshold, and in an event that the fill level of the shared buffer exceeds the dynamic queue threshold, determining if a fill level of the…
Method and apparatus for efficient synchronization of search heads in a cluster using digests
Granted: January 14, 2025
Patent Number:
12197394
Embodiments of the present disclosure provide techniques for efficiently and accurately performing propagation of search-head specific configuration customizations across multiple individual configuration files of search heads of a cluster for a consistent user experience. The cluster of search heads may be synchronized such that the search heads operate to receive the configuration or knowledge object customizations from one or more clients from a central or lead search head. To reduce…
Encoding end-to-end tenant reachability information in border gateway protocol (BGP) communities
Granted: January 14, 2025
Patent Number:
12199866
Techniques for using global virtual network instance (VNI) labels in a multi-domain network to route network data with a multi-tenant network overlay are described herein. A routing device provisioned in a network domain of the multi-domain network may register with a service discovery system of the network domain for use of network configuration data to establish routes through the multi-domain network with network nodes. Each network domain of the multi-domain network may include an…
Data network duplicate flow detection in hardware with line rate throughput
Granted: January 14, 2025
Patent Number:
12199859
Techniques for detecting duplicate data flows. A data packet of a data flow is received by computer hardware the data packet having a first five tuple, an ingress interface and a VLAN tag. Data is sent to a central processing unit. The central processing unit installs policy tiles into a policy tile database of the computer hardware, the policy tiles including the first five tuple, the first ingress interface and the first VLAN tag. A second data packet is received and compared with the…
Detecting application performance breaking points based on uncertainty and active learning
Granted: January 14, 2025
Patent Number:
12199839
In one embodiment, a device obtains path metrics for a network path via which traffic for an online application is conveyed. The device models uncertainty of an application experience metric predicted for the online application based on the path metrics. The device identifies, based on the uncertainty of the application experience metric modeled by the device, a breaking point in the path metrics at which the application experience metric predicted for the online application is expected…
Automatic generation of data analysis queries
Granted: January 14, 2025
Patent Number:
12198021
Disclosed herein is a computer-implemented tool that facilitates data analysis by use of machine learning (ML) techniques. The tool cooperates with a data intake and query system and provides a graphical user interface (GUI) that enables a user to train and apply a variety of different ML models on user-selected datasets of stored machine data. The tool can provide active guidance to the user, to help the user choose data analysis paths that are likely to produce useful results and to…
Ingest preview of events in a network computing environment
Granted: January 14, 2025
Patent Number:
12197968
A computing device receives an ingest preview request to preview events to be stored by at least one indexer. Responsive to the ingest preview request, the computing device sends a subscription request to the forwarders. The forwarders receive the subscription request and intercept the events that are being sent to at least one of the indexers. The forwarders then clone matching events to the subscription request and responds to the computing device with the matching events. When the…
Audio watermarking to prevent meeting howl
Granted: January 14, 2025
Patent Number:
12197810
Presented herein are techniques in which a first device connects to a communication session in which a plurality of devices communicates. The plurality of devices includes the first device and a second device. The first device outputs first audio that includes a first audio watermark associated with the communication session and the second device outputs second audio that includes a second audio watermark associated with the communication session. The first device detects the second…
Integration of cloud-based and non-cloud-based data in a data intake and query system
Granted: January 14, 2025
Patent Number:
12197442
A software module ingests data into a data intake and query system. At least a portion of the data is cloud data. The software module includes an event type definition that specifies a type of data to be ingested by the software module, a first tag that associates ingested data of the event type with a data model, and a second tag that designates ingested data of the event type as cloud data. The ingested data is stored in a data repository, and subsequently a search query that includes…
Distributed alert and suppression management in a cluster computing system
Granted: January 14, 2025
Patent Number:
12197431
A first processing node of a cluster of processing nodes issues a first alert when first event data satisfies a trigger condition, and sends, to an alert data store external to the cluster, a first alert record of the first alert and suppression information based at least in part on the first alert. A second processing node of the cluster determines that second event data satisfies the trigger condition, obtains, from the alert data store, the suppression information indicating that an…
Using persistent memory to enable restartability of bulk load transactions in cloud databases
Granted: January 14, 2025
Patent Number:
12197396
Systems, methods, and computer-readable media for managing storing of data in a data storage system using a client tag. In some examples, a first portion of a data load as part of a transaction and a client identifier that uniquely identifies a client is received from the client at a data storage system. The transaction can be tagged with a client tag including the client identifier and the first portion of the data load can be stored in storage at the data storage system. A first log…
