Techniques for user-defined tagging of traffic in a network visibility system
Granted: January 9, 2018
Patent Number:
9866478
In one embodiment, a data plane component of the network visibility system can receive a data packet tapped from a source network. The data plane component can further match the data packet with an entry in a rule table, where the entry includes one or more match parameters, and in response to the matching can tag the data packet with a zone identifier defined in the entry. The data plane component can then forward the tagged data packet to an analytic server for analysis.
Bandwidth on demand in SDN networks
Granted: January 2, 2018
Patent Number:
9860138
Bandwidth-on-Demand (BoD) as a network service (BoD-as-a-Service) is integrated into applications that end-users can flexibly purchase when and for however long they need it. A centralized Software Defined Networking (SDN) controller and distributed SDN controller agents that may be seen in a Service Provider, Enterprise or distributed computing environment with remote and mobile end-users is provided. The end-user initiates the BoD request using an application via desktop, cloud,…
General user network interface (UNI) multi-homing techniques for shortest path bridging (SPB) networks
Granted: January 2, 2018
Patent Number:
9860081
A method, apparatus and computer program product for providing multi-homing techniques for SPB networks is presented. A set of UNI nodes that receive multicast packets are determined based on Backbone Media Access Control-Destination Address (BMAC-DA)/I-Tag Service Identifier (I-SID) of received multicast packets for multicast packets within a transport network. A separate Egress Port Mask is determined for each Backbone-Virtual Local Area Network (B-VLAN) of the transport network,…
Dynamic routing of authentication requests
Granted: December 5, 2017
Patent Number:
9838493
Methods, systems, and computer readable media for dynamically routing authentication requests are described. An embodiment can include receiving, at one or more computing devices, a network authentication request. An embodiment can also include creating, at the one or more computing devices, an authentication context based on information in the authentication request. An embodiment can also include dynamically routing, using the one or more computing devices, the authentication request…
Method and apparatus providing single-tier routing in a shortest path bridging (SPB) network
Granted: November 28, 2017
Patent Number:
9832124
A method, apparatus and computer program product for providing Virtual Routing and Forwarding (VRF) and gateway Media Access Controller (MAC) distribution is presented. At least one subnet associated with a Layer 2 Virtual Switching Network (L2VSN) is provided on a network device. A message is propagated to a distributed Datapath. Network devices install the message as a routable MAC address on the L2VSN for the Layer 3 Virtual Switching Network/Virtual Routing and Forwarding (L3VSN/VRF)…
Fast designated router transitions in broadcast networks for link state protocols
Granted: November 28, 2017
Patent Number:
9832108
A method, apparatus and computer program product for providing quick designated router transitions in broadcast networks is presented. An Alternate Designated Router (ADR) in a network detects node failure of a Designated Router (DR) prior to other nodes of the network detecting the failure of the DR. In response to the detecting node failure of the DR, the ADR floods the network with a link state packet of a pseudonode within the network. At least one other node of the network detects…
System and method for prevention of denial of service attacks for hosted network address translator
Granted: November 14, 2017
Patent Number:
9819745
To determine the correct media stream to latch onto, the system and method uses a hashing algorithm to uniquely identify a legitimate media stream. A first invite message is received at a Session Border Controller (SBC) to establish a communication session. For example a Session Initiation Protocol (SIP) INVITE is received. The first invite message comprises a first hash of a fingerprint. For example, the hash may be a hashed session key. A media message is received that contains the…
Access network dual path connectivity
Granted: November 7, 2017
Patent Number:
9813257
A transport network employs dual homing to an access network to provide connectivity from multiple network switches. Dual homing is a mechanism by which an access network employs pair of switches in the transport network as if it were connecting to a single device. Conventional arrangements for defining multiple paths from a transport network to an access network suffer from the shortcomings of potential routing loops, increased hops to the access network, and inability or inconsistency…
Device and related method for establishing network policy based on applications
Granted: November 7, 2017
Patent Number:
9813447
A function is provided in a network system for adjusting network policies associated with the operation of network infrastructure devices of the network system. Network policies are established on network devices including packet forwarding devices. The network has a capability to identify computer applications associated with traffic running on the network. A network policy controller of the network is arranged to change one or more policies of one or more network devices based on…
Shortest path bridging (SPB) configuration of networks using client device access of remote
Granted: November 7, 2017
Patent Number:
9813291
Implementations relate to configuration of networks using client device access of a remote server. In some implementations, a method includes requesting a management server from an end device for shortest path bridging (SPB) configuration information for the end device to communicate on an SPB network, where the end device communicates with the management server over a non-SPB connection. The SPB configuration information is received from the management server, and the SPB configuration…
Method of reducing traffic loss when bringing up a switch within a multi chassis switch cluster without using dedicated intra cluster links
Granted: October 31, 2017
Patent Number:
9806998
A method, apparatus and computer readable medium for reducing traffic loss when bringing up a switch within a multi chassis switch cluster without using dedicated intra cluster links is presented. A first network device in a cluster discovers at least one path to a second network device in the cluster, wherein the cluster utilizes at least one virtual IST between the first network device and the second network device. The first network device starts an Inter Switch Trunk (IST)…
Layer 3 (L3) best route selection rule for shortest path bridging multicast (SPBM) networks
Granted: October 31, 2017
Patent Number:
9806989
A method, apparatus and computer program product for providing a best route selection rule is presented. A determination is made at a first edge router, whether a second edge router in a network advertises a first BMAC address and at least one other BMAC address When the second edge router advertises only a first BMAC address, then the first BMAC address is used in a routing table for a Layer 3 (L3) next hop for a route. When the second edge router advertises more than one BMAC address,…
mDNS support in unified access networks
Granted: October 31, 2017
Patent Number:
9806945
Methods, systems and computer readable media for mDNS support in unified access networks are described.
Visible light communications personal area network controller and access point systems and methods
Granted: October 31, 2017
Patent Number:
9806811
A network, a Visible Light Communications controller (120), and a method relate to a network architecture splitting frame processing functionality between Light Fidelity Access Points (130) and the Visible Light Communications controller or a virtualized controller. In such configurations, the Light Fidelity Access Points are so-called thin devices that may be widely deployed through an infrastructure to concurrently provide illumination and network access via Visible Light…
Captive portal systems, methods, and devices
Granted: October 10, 2017
Patent Number:
9787502
Embodiments of the present technology provide out-of-band captive portal devices, networks, and methods. An example of a method includes executing a redirection of a client request for network access to a captive portal login, initiating an association between the wireless controller and the client, receiving authentication credentials of client from the captive portal login, negotiating a change of authorization with a wireless controller in accordance with RFC 5176 protocol, wherein…
Secure management of host connections
Granted: October 3, 2017
Patent Number:
9779222
An access gateway monitors a communication session to a first host for commands entered by a user. For example, commands entered in a command line terminal by the user. When a command is received, the access gateway receives information about an effect caused by the command on the first host. The access gateway determines if the effect results in an attempt to establish a communication session between the first host and a second host. For example, to copy files from the second host. In…
Power controlled network devices for security and power conservation
Granted: August 29, 2017
Patent Number:
9749959
The present invention provides method and systems for activating or deactivating network devices by managing the power of the network device. By controlling the power for network devices, the size and coverage of the network can be adjusted to meet the needs for the current usage. This can be particularly advantageous in wireless networks where multiple wireless access points may be provided to provide coverage during peak usage but present the additional security concern of the network…
Methods and systems for selectively processing virtual local area network (VLAN) traffic from different networks while allowing flexible VLAN identifier assignment
Granted: August 22, 2017
Patent Number:
9742588
Methods and systems for selectively processing VLAN traffic from different networks while allowing flexible VLAN identifier assignment are disclosed. According to one aspect, a layer 2 switch includes a virtual switch identifier data structure that associates a VLAN identifier extracted from a layer 2 frame and a port identifier corresponding to a port on which a frame is received with a virtual switch identifier. The virtual switch identifier is used to select a per-virtual-switch data…
Apparatus and method for network ring resiliency, availability and performance
Granted: July 25, 2017
Patent Number:
9716615
A network comprises a plurality of switches coupled in a ring topology, wherein each adjacent pair of switches in the plurality of switches forms a multiple link aggregation group interswitch connection therebetween and forms a ring resiliency protocol logical node. A first switch in a first adjacent pair of the plurality of switches is coupled via a first link to a second switch in a second adjacent pair of the plurality of switches, and a third switch in the first adjacent pair is…
Systems and methods for visible light communications personal area network and wireless local area network interworking
Granted: July 11, 2017
Patent Number:
9706426
A method, a controller, and a network provide Visible Light Communications Personal Area Network (VPAN) and Wireless Local Area Network (WLAN) interworking and mobility management systems and methods. The method includes receiving data traffic from both a Wireless Local Area Networking (WLAN) domain and a Visible Light Communications (VLC) domain, uniquely identifying, in a controller, a device in both the WLAN domain and the VLC domain as a same device using an addressing scheme…
