Dynamic templates for virtualized systems
Granted: October 2, 2018
Patent Number:
10089097
Methods, systems and computer readable media for dynamic templates for virtualized systems are described. A method for initially deploying a virtualized can include receiving a selection indicating a dynamic template, and installing a base configuration using base configuration information obtained from the dynamic template. The method can also include traversing a hierarchy within the dynamic template and installing one or more sub-level configurations according to the hierarchy. The…
Enhanced access security gateway
Granted: September 25, 2018
Patent Number:
10084797
A first login request of a user is received from a first login window. The first login request comprises a login name, a user identifier, and a challenge. The challenge is generated and received from a second login request to a product in a second login window. The user copies and pastes the challenge into the first login window. A central control system determines if the login name and the user identifier are valid. If the login name and user identifier are valid, a response to the…
Self adapting driver for controlling datapath hardware elements
Granted: September 25, 2018
Patent Number:
10084613
A self adapting driver for controlling datapath hardware elements uses a generic driver and a configuration library to create a set of data structures and methods to map information provided by applications to physical tables. A set of virtual tables is implemented as an interface between the applications and the generic driver. The generic driver uses the configuration library to determine a mapping from the virtual tables to the physical tables. A virtual table schema definition is…
Automated mirroring and remote switch port analyzer (RSPAN)/ encapsulated remote switch port analyzer (ERSPAN) functions using fabric attach (FA) signaling
Granted: September 11, 2018
Patent Number:
10075522
A method and apparatus for automated mirroring is presented. In a particular embodiment of a method for automated mirroring, a Network Device running as a Fabric Attach (FA) Server receives an FA Type Length Value (TLV) from an Access Device running as a FA proxy or client. The Access Device is configured to mirror traffic to a Remote Switch Port Analyzer (RSPAN) Virtual Local Area Network (VLAN). The TLV includes a request to associate the RSPAN VLAN with a Service Identifier (I-SID)…
Self-testing of services in an access point of a communication network
Granted: September 11, 2018
Patent Number:
10075361
A technique for self-testing of services in an access point of a communication network includes providing a table that has a mapping between a service test, packets to be sent for testing, and packets that should be received in response to the testing, emulating and marking the test packets to be sent, placing the marked test packets in an Rx queue, processing the test packets normally by the access point to provide response packets and marking these response packets, delivering the…
Ruled-based network traffic interception and distribution scheme
Granted: September 4, 2018
Patent Number:
10069764
Using a hash function, an L2/L3 switch can produce an FID for a data packet. The L2/L3 switch can select, from among potentially several stored VLAN flooding tables, a particular VLAN flooding table that is associated with a particular VLAN on which the data packet is to be carried. The rows of the particular VLAN flooding table can specify different combinations of the particular VLAN's egress ports. The L2/L3 switch can locate, in the particular VLAN flooding table, a particular row…
Automatically grouping, authenticating, and provisioning access points using cloud-based management of WLAN infrastructure
Granted: August 28, 2018
Patent Number:
10063417
Disclosed herein are systems and methods for automatically grouping, authenticating, and provisioning access points using cloud-based management of wireless-local-area-network (WLAN) infrastructure. In an embodiment, a given site has a master access point that is manually configured with an organization-and-site-specific master-access-point configuration for providing service in a WLAN. Additional access points installed for operation transmit self-identifying messages to neighboring…
Configuration of a network visibility system
Granted: August 21, 2018
Patent Number:
10057126
A network visibility system provided according to an aspect of the present disclosure forms rules for routing of packets to appropriate analytic server, based on IP addresses discovered while processing packets. Due to such discovery and forming of rules based on discovery, manual configuration of the network visibility system can be avoided. In an embodiment, the network visibility system comprises a packet router and a router controller. The router controller receives the examined…
Multi-device single network sign-on
Granted: August 7, 2018
Patent Number:
10044709
Methods, systems and computer readable media for multi-device single network sign-on are described. For example, a method can include authenticating a first device for network access via a first authentication process, the first device being associated with a user account. The method can also include receiving an access request from a second device associated with the user account, and determining whether the second device is within an access perimeter of the first device. The method can…
Captive portal having dynamic context-based whitelisting
Granted: May 15, 2018
Patent Number:
9973507
Methods, systems and computer readable media for a captive portal having dynamic, context-based whitelisting are described.
Virtualized host ID key sharing
Granted: May 1, 2018
Patent Number:
9961052
In virtualized environments a method of determining authorization to a resource cannot use a hardware specific identifier, such as a MAC address. As a result upgrading a virtual host may cause licenses associated with that host to be invalid, even though the upgraded virtual host should be authorized. Authentication methods and systems are disclosed such that a key may be shared with a second host along with a license file and, provided at least the second host has a key associated with…
Performing MAC-in-MAC encapsulation using shortest path bridging configuration information
Granted: April 24, 2018
Patent Number:
9954764
Embodiments generally relate to enabling encapsulation in networks. In one embodiment, a method includes receiving a message from an edge configuration device, wherein the message contains shortest path bridging (SPB) configuration information. The method also includes performing provider backbone bridge (MAC-in-MAC) encapsulation in response to receiving the message.
Debugging auto-attach entities (client and proxy) using connectivity fault management (CFM) and shortest path bridging MAC (SPBM) cloud
Granted: April 24, 2018
Patent Number:
9954750
A computer-implemented method, apparatus and software for debugging auto-attach entities is presented. A Continuity Fault Management (CFM) request for a service is received over a network at an Auto-Attach (AA) server. The AA server responds with a first response regarding the AA server on the service. The AA server also responds to the CFM request with a second response regarding any AA clients and any AA proxies on the service.
Session manager anti-looping
Granted: April 10, 2018
Patent Number:
9942330
Session Manager anti-looping creates a model that is an effective barrier to looping, efficiently identifying a loop condition by maintaining temporary individual call counters for header sets within temporal parameters and terminating the loop condition upon detection. The system provides an administrator with adjustable parameters for loop detection count and loop detection interval, thereby allowing protection against loop conditions, both inadvertent and intentional.
Forwarding inter-switch connection (ISC) frames in a network-to-network interconnect topology
Granted: January 30, 2018
Patent Number:
9882838
Systems, mechanisms, apparatuses, and methods are disclosed for forwarding Inter-Switch Connection (ISC) frames in a Network-to-Network Interconnect (NNI) topology, for example, via a network switch which includes a first physical switch port to receive a physical switch link from a second network switch; logic to implement a first logical ISC and a second logical ISC? connection to the second network switch via the physical switch link; a second physical switch port to receive an…
Providing network services based on service mode and service type
Granted: January 30, 2018
Patent Number:
9882788
Implementations generally relate to network services. In some implementations, a method includes providing a network service having a service mode and a service type. The method further includes generating a network service advertisement message including a service identifier, a service mode portion, and a service type portion. The method further includes-forwarding the network service advertisement message from a first system to one or more other systems via a network. The method…
Efficient state change support for hierarchical data models in a virtualized system
Granted: January 23, 2018
Patent Number:
9875275
Methods, systems and computer readable media for efficient state change support for hierarchical data models in a virtualized system are described. In some implementations, the method can include determining a system status including a system-level bit masked word having a plurality of bits, each bit corresponding to a status of a different hierarchical level of the system, and receiving a change notification. The method can also include querying an entity at a lower hierarchy level if a…
Techniques for user-defined tagging of traffic in a network visibility system
Granted: January 9, 2018
Patent Number:
9866478
In one embodiment, a data plane component of the network visibility system can receive a data packet tapped from a source network. The data plane component can further match the data packet with an entry in a rule table, where the entry includes one or more match parameters, and in response to the matching can tag the data packet with a zone identifier defined in the entry. The data plane component can then forward the tagged data packet to an analytic server for analysis.
General user network interface (UNI) multi-homing techniques for shortest path bridging (SPB) networks
Granted: January 2, 2018
Patent Number:
9860081
A method, apparatus and computer program product for providing multi-homing techniques for SPB networks is presented. A set of UNI nodes that receive multicast packets are determined based on Backbone Media Access Control-Destination Address (BMAC-DA)/I-Tag Service Identifier (I-SID) of received multicast packets for multicast packets within a transport network. A separate Egress Port Mask is determined for each Backbone-Virtual Local Area Network (B-VLAN) of the transport network,…
Bandwidth on demand in SDN networks
Granted: January 2, 2018
Patent Number:
9860138
Bandwidth-on-Demand (BoD) as a network service (BoD-as-a-Service) is integrated into applications that end-users can flexibly purchase when and for however long they need it. A centralized Software Defined Networking (SDN) controller and distributed SDN controller agents that may be seen in a Service Provider, Enterprise or distributed computing environment with remote and mobile end-users is provided. The end-user initiates the BoD request using an application via desktop, cloud,…
