Network interface card rate limiting
Granted: May 16, 2017
Patent Number:
9652417
Systems and methods for limiting the rate of packet transmission from a NIC to a host CPU are provided. According to one embodiment, data packets are received from a network by the NIC. The NIC is coupled to a host central processing unit (CPU) of a network appliance through a bus system. A status of the host CPU is monitored by the NIC. A rate limiting mode indicator is set by the NIC based on the status. When the rate limiting mode indicator indicates rate limiting is inactive, then…
Policy-based configuration of internet protocol security for a virtual private network
Granted: May 9, 2017
Patent Number:
9647988
A method for performing policy-based configuration of Internet Protocol Security (IPSec) for a Virtual Private Network (VPN) is provided. According to one embodiment, a network device displays a policy page via a user interface of the network device through which a policy, including multiple VPN settings for establishing the VPN connection, is viewed and configured, the VPN settings including a type of IPSec tunnel to be established between the network device and a peer network device.…
Directed station roaming in cloud managed Wi-Fi network
Granted: April 25, 2017
Patent Number:
9635597
Directing station roaming in a cloud-managed Wi-Fi network. Management messages are received from a controller that is located remotely from the Wi-Fi communication network by an access point. When an RSSI (received signal strength indication) value between the station and the access point falls below a threshold, the access point (i.e., controller access point) determines which neighboring access point would be a best fit for a hand-off, with limited real-time input form the cloud-based…
Optimizing multimedia streaming in WLANS (wireless local access networks)
Granted: April 25, 2017
Patent Number:
9635085
An SDN controller to provision network resources at a data plane to keep progressive downloads of multimedia files proportional to encoding rates is disclosed. Packets from a new or unknown flow being downloaded at a default rate are forwarded from an access point, or other device, to an SDN controller for analysis. If a progressive download of a multimedia file (e.g., a video file) in progress is detected, an encoding rate of frames for the multimedia file is determined. A target…
Detecting and preventing flooding attacks in a network environment
Granted: April 25, 2017
Patent Number:
9635051
A method for processing network traffic data includes receiving a packet, and determining whether the packet is a previously dropped packet that is being retransmitted. A method for processing network traffic content includes receiving a plurality of headers, the plurality of headers having respective first field values, and determining whether the first field values of the respective headers form a first prescribed pattern. A method for processing network traffic content includes…
Systems and methods for detecting undesirable network traffic content
Granted: April 25, 2017
Patent Number:
9634989
A method of detecting a content desired to be detected includes receiving electronic data at a first host, determining a checksum value using the received electronic data, sending the checksum value to a processing station, the processing station being a second host that is different from the first host, and receiving a result from the processing station, the result indicating whether the electronic data is associated with a content desired to be detected. A method of detecting a content…
Intelligent bridging of Wi-Fi flows in a software-defined network (SDN)
Granted: April 18, 2017
Patent Number:
9628292
Wi-Fi flows are intelligently bridged in a software-defined network (SDN) controller of a wireless communication network that centrally coordinates data plane behavior. A default mode tunnels packets received at an access point to the SDN controller for layer 2 routing decisions. A bridging policy concerning bridging of specific types of traffic flows for the wireless communication network is received at the SDN. Data plane traffic flow for each of a plurality of access points…
Emulating virtual port control of airtime fairness using per station enhanced distributed channel access (EDCA) parameters
Granted: April 11, 2017
Patent Number:
9622263
A technique for emulating virtual port control of airtime fairness for wireless stations using per station Enhanced Distributed Channel Access (EDCA) parameters. Specific parameters are received for each of a plurality of stations connected to the access point. An EDCA field of a beacon that stores a general EDCA parameter is set to an empty state. The beacon is broadcast to a plurality stations on the wireless communication network and within range of an access point. The beacon…
HTTP proxy
Granted: March 28, 2017
Patent Number:
9609078
Systems and methods are described for translating an HTTP/2 message into an HTTP/1 message by an HTTP proxy that connects HTTP/2 enabled clients with HTTP/1 only servers. According to an embodiment, an HTTP/2-HTTP/1 proxy receives an HTTP/2 request message from an HTTP/2-enabled client and directed to an HTTP/1-only server. The HTTP/2-HTTP/1 proxy translates the HTTP/2 request message into an HTTP/1 request message and sends the HTTP/1 request message to the HTTP/1-only server. The…
Optimizing multimedia streaming in WLANs (wireless local access networks) with a remote SDN (software-defined networking) controller
Granted: March 28, 2017
Patent Number:
9609084
An SDN controller to provision network resources at a data plane to keep progressive downloads of multimedia files proportional to encoding rates is disclosed. Packets from a new or unknown flow being downloaded at a default rate are forwarded from an access point, or other device, to an SDN controller for analysis. If a progressive download of a multimedia file (e.g., a video file) in progress is detected, an encoding rate of frames for the multimedia file is determined. A target…
System and method for securing virtualized networks
Granted: March 28, 2017
Patent Number:
9609021
A method and apparatus that secures a dynamic virtualized network is described. In an exemplary embodiment, a device receives a current network policy of the dynamic virtualized network. In addition, the current network policy includes multiple network policy elements, where each of the multiple network policy elements identifies an authorized endpoint in the dynamic virtualized network. The device further determines a network security policy for the dynamic virtualized network from the…
Firewall policy management
Granted: March 28, 2017
Patent Number:
9608961
Methods and systems are provided for creation and implementation of firewall policies. According to one embodiment, a firewall maintains a log of observed network traffic flows. An administrator may request the firewall to generate a customized report based on the logged network traffic by extracting information from the log based on specified report parameters. The report includes aggregated network traffic items and one or more corresponding action objects. Responsive to receipt of a…
Policy-based selection of remediation
Granted: March 21, 2017
Patent Number:
9602550
Methods and systems for remediating a security policy violation on a computer system are provided. According to one embodiment, information regarding a program-code-based operational state of a host asset is collected by a light weight sensor (LWS) running on the host asset via a survey tool. The information is transmitted by the LWS to a remote server via an external network. Multiple security policies are enforced by the remote server with respect to the host asset based on the…
System and method for software defined behavioral DDoS attack mitigation
Granted: March 21, 2017
Patent Number:
9602535
Systems and methods for software defined behavioral DDoS attack mitigation are provided. According to one embodiment, a method is provided for controlling multiple distributed denial of service (DDoS) mitigation appliances. A DDoS attack mitigation central controller configures attack mitigation policies for the DDoS attack mitigation appliances. The DDoS attack mitigation policies are sent to the DDoS attack mitigation appliances through a network connecting the DDoS attack mitigation…
Security threat detection
Granted: March 21, 2017
Patent Number:
9602527
Systems and methods for retrospective scanning of network traffic logs for missed threats using updated scan engines are provided. According to an embodiment, a network security device maintains a network traffic log that includes information associated with network activities observed within a private network. Responsive to an event, the network traffic log is retrospectively scanned in an attempt to identify a threat that was missed by a previous signature-based scan or a previous…
Inline inspection of security protocols
Granted: March 21, 2017
Patent Number:
9602498
Systems and methods for inline security protocol inspection are provided. According to one embodiment, a security device receives an encrypted raw packet from a first network appliance and buffers the encrypted raw packet in a buffer. An inspection module accesses the encrypted raw packet from the buffer, decrypts the encrypted raw packet to produce a plain text and scans the plain text by the inspection module.
Identifying nodes in a ring network
Granted: March 21, 2017
Patent Number:
9602303
Methods and systems for determining a token master on a ring network are provided in which possession of an arbitration token permits a blade participating in the ring network to transmit a packet. According to one embodiment, when an event at a blade represents expiration of a timeout period for receipt of the token, a new token is transmitted onto the ring network. When the event represents receipt of the token, then the priority of the originating blade is compared that of the first…
Network advertising system
Granted: March 7, 2017
Patent Number:
9589284
Systems and methods for transmitting content to a client via a communication network are provided. According to one embodiment, an insertion server running within a firewall device of a network observes a content request of an application protocol by monitoring or proxying transport communication protocol connections established through the firewall device. The content request is (i) originated by a client device coupled to the network, (ii) directed to a destination device coupled to…
Facilitating content accessibility via different communication formats
Granted: February 28, 2017
Patent Number:
9584472
Facilitating content accessibility via different communication formats is disclosed. In some embodiments, in response to receiving a content request from an IPv6 enabled client, the requested content is provided to the IPv6 enabled client in IPv6 format, wherein the requested content is originally obtained in IPv4 format from an IPv4 enabled server and translated into IPv6 format.
Facilitating content accessibility via different communication formats
Granted: February 28, 2017
Patent Number:
9584473
Methods and systems for facilitating content accessibility via different communication formats are provided. According to one embodiment, a method is provided for directing content requests to an appropriate content delivery network. A content request is received from a client. The content request relates to web page content published by a content publisher in an Internet Protocol version 4 (IPv4) format or an Internet Protocol version 6 (IPv6) format that is obtained by the content…
