COMMUNICATING NETWORK PATH AND STATUS INFORMATION IN MULTI-HOMED NETWORKS
Granted: March 20, 2014
Application Number:
20140078884
An example network system includes a layer two (L2) device and a layer three (L3) device. The L2 device includes a control unit is configured to determine a preferred network path from a first L2 network in which the L2 device resides to an intermediate L3 network in which the L3 device resides that couples the first L2 network to a second L2 network having a second L2 device. The control unit includes a management endpoint (MEP) module. The MEP module executes an operations,…
DYNAMIC ACCESS CONTROL POLICY WITH PORT RESTRICTIONS FOR A NETWORK SECURITY APPLIANCE
Granted: February 20, 2014
Application Number:
20140053239
A network security appliance supports definition of a security policy to control access to a network. The security policy is defined by match criteria including a layer seven network application, a static port list of layer four ports for a transport-layer protocol, and actions to be applied to packet flows that match the match criteria. A rules engine dynamically identifies a type of layer seven network application associated with the received packet flow based on inspection of…
MULTI-SERVICE VPN NETWORK CLIENT FOR MOBILE DEVICE HAVING INTEGRATED ACCELERATION
Granted: January 30, 2014
Application Number:
20140029750
An integrated, multi-service virtual private network (VPN) network client for cellular mobile devices is described. The multi-service network client can be deployed as a single software package on cellular mobile network devices to provide integrated services including secure enterprise VPN connectivity, acceleration, security management including monitored and enforced endpoint compliance, and collaboration services. The multi-service client integrates with an operating system of the…
NETWORK ROUTING USING INDIRECT NEXT HOP DATA
Granted: January 9, 2014
Application Number:
20140010114
A router maintains routing information including (i) route data representing destinations within a computer network, (ii) next hop data representing interfaces to neighboring network devices, and (iii) indirect next hop data that maps a subset of the routes represented by the route data to a common one of the next hop data elements. In this manner, routing information is structured such that routes having the same next hop use indirect next hop data structures to reference common next…
SELECTIVE BGP GRACEFUL RESTART IN REDUNDANT ROUTER DEPLOYMENTS
Granted: January 2, 2014
Application Number:
20140003227
In general, techniques are described for selectively invoking graceful restart procedures when a route reflector member of a redundant route cluster fails. In one example, a method is provided that includes determining, by a provider edge router that supports graceful restart procedures, that a first router forms a redundant group with at least a second router. The method also includes detecting a failure of the first router and determining that at least the second router in the…
BEHAVIOR-BASED TRAFFIC PROFILING BASED ON ACCESS CONTROL INFORMATION
Granted: January 2, 2014
Application Number:
20140007202
A method includes receiving one or more of user information, role information, or authorization information associated with a user accessing a network, selecting a traffic flow to monitor that is associated with the one or more of user information, role information, or authorization information, monitoring the traffic flow, determining whether an anomaly exists with respect to the traffic flow based on a traffic behavior pattern associated with the one or more of user information, role…
MIGRATING VIRTUAL MACHINES BETWEEN COMPUTING DEVICES
Granted: January 2, 2014
Application Number:
20140007089
In one example, a system includes a first computing device configured to execute a virtual machine, wherein the virtual machine is communicatively coupled to a virtual private network (VPN) via a first attachment circuit using a first set of network parameters, stop execution of the virtual machine, and create checkpoint data for the virtual machine, and a second computing device configured to execute the virtual machine, using at least some of the checkpoint data, and to cause the…
METHODS AND APPARATUS FOR PROVIDING SERVICES IN DISTRIBUTED SWITCH
Granted: January 2, 2014
Application Number:
20140006549
In some embodiments, a non-transitory processor-readable medium stores code representing instructions to be executed by a processor. The code causes the processor to receive, at an edge device, a first data unit having a characteristic. The code causes the processor to identify, at a first time, an identifier of a service module associated with the characteristic in response to each entry from a set of entries within a flow table not being associated with the characteristic. The code…
METHODS AND APPARATUS FOR PROVIDING SERVICES IN DISTRIBUTED SWITCH
Granted: January 2, 2014
Application Number:
20140003433
In some embodiments, a non-transitory processor-readable medium stores code representing instructions to be executed by a processor. The code causes the processor to receive, from a source peripheral processing device, a portion of a data packet having a destination address associated with a destination peripheral processing device. The code causes the processor to identify, based on the destination address, a service to be performed on the portion of the data packet. The code causes the…
FEEDBACK LOOP FOR SERVICE ENGINEERED PATHS
Granted: January 2, 2014
Application Number:
20140003232
In general, techniques are described for providing feedback loops for service engineered paths. A service node comprising an interface and a control unit may implement the techniques. The interface receives traffic via a path configured within a network to direct the traffic from an ingress network device of the path to the service node. The control unit applies one or more services to the traffic received via the path and generates service-specific information related to the application…
FILTERING WITHIN DEVICE MANAGEMENT PROTOCOL QUERIES
Granted: December 26, 2013
Application Number:
20130346574
An example device includes an interface to receive, from a device management system, a request message that conforms to a network management protocol, a control unit that provides an execution environment for a management agent, and a data repository. The request message includes a set of managed object identifiers and a set of filter operator object identifiers. The management agent is operable to generate at least one filter criterion based on the managed object identifiers and the…
DISTRIBUTED PROCESSING OF NETWORK DEVICE TASKS
Granted: December 26, 2013
Application Number:
20130346470
Techniques are described for distributing network device tasks across virtual machines executing in a computing cloud. A network device includes a network interface to send and receive messages, a routing unit comprising one or more processors configured to execute a version of a network operating system, and a virtual machine agent. The virtual machine agent is configured to identify a virtual machine executing at a computing cloud communicatively coupled to the network device, wherein…
SERVICE PLANE TRIGGERED FAST REROUTE PROTECTION
Granted: December 26, 2013
Application Number:
20130343174
Techniques are described for detecting failure or degradation of a service enabling technology function independent from an operational state of a service node hosting the service enabling technology function. For example, a service node may provide one or more service enabling technology functions, and service engineered paths may be traffic-engineered through a network to service node network devices that host a service enabling technology function. A monitor component at the service…
ALLOCATING AND DISTRIBUTING LABELS FOR PACKET ENCAPSULATION
Granted: December 19, 2013
Application Number:
20130336315
In one example, a network device receives a packet to be forwarded according to a label switching protocol, determines a service to be performed on the packet by a service network device, sends a label request message to the service network device, wherein the label request message indicates support for labels having a particular length, wherein the particular length is larger than twenty bits (e.g., forty bits), and wherein the label request message specifies the service to be performed…
SELF CLOCKING INTERRUPT GENERATION IN A NETWORK INTERFACE CARD
Granted: December 12, 2013
Application Number:
20130332638
A network interface card may issue interrupts to a host in which the determination of when to issue an interrupt to the host may be based on the incoming packet rate. In one implementation, an interrupt controller of the network interface card may issue interrupts to that informs a host of the arrival of packets. The interrupt controller may issue the interrupts in response to arrival of a predetermined number of packets, where the interrupt controller re-calculates the predetermined…
MULTITENANT SERVER FOR VIRTUAL NETWORKS WITHIN DATACENTER
Granted: December 12, 2013
Application Number:
20130332577
In general, techniques are described for facilitating multi-tenancy of a server accessed by virtual networks of a data center. A device included within a data center comprising one or more processors may perform the techniques. The processors may be configured to execute a virtual switch that supports a number of virtual networks executing within the data center. The virtual switch may be configured to receive a request regarding data associated with an identifier that is unique within…
FACILITATING OPERATION OF ONE OR MORE VIRTUAL NETWORKS
Granted: December 12, 2013
Application Number:
20130329725
Techniques for facilitating the operation of one or more virtual networks are described. In some examples, a system may include a first controller node device configured to control operation of a first set of elements in the one or more virtual networks, wherein the first set of elements includes a first server device. The system may also include a second controller node device configured to control operation of a second set of elements in the one or more virtual networks, wherein the…
MULTICAST SERVICE IN VIRTUAL NETWORKS
Granted: December 12, 2013
Application Number:
20130329605
Techniques are described to provide multicast service within a virtual network using a virtual network controller and endpoint replication without requiring multicast support in the underlying network. The virtual network controller is configured to create a multicast tree for endpoint devices of a multicast group in the virtual network at a centralized location instead of in a distributed fashion. The virtual network controller communicates the multicast tree to one or more of the…
NEXT HOP CHAINING FOR FORWARDING DATA IN A NETWORK SWITCHING DEVICE
Granted: December 12, 2013
Application Number:
20130329603
A route for a data unit through a network may be defined based on a number of next hops. Exemplary embodiments described herein may implement a router forwarding table as a chained list of references to next hops. In one implementation, a device includes a forwarding table that includes: a first table configured to store, for each of a plurality of routes for data units in a network, a chain of links to next hops for the routes; and a second table configured to store the next hops. The…
CONGESTION MANAGMENT FOR FIBRE CHANNEL OVER ETHERNET OVER WIDE AREA NETWORKS
Granted: December 5, 2013
Application Number:
20130322236
In general, techniques are described for mapping WAN conditions to appropriate back-pressure mechanisms at the WAN edges to improve the performance of delay and/or loss-sensitive applications. In one example, a system includes a wide area network having a provider edge (PE) router to establish a Fibre Channel over Ethernet (FCoE) pseudowire over the wide area network. A Lossless Ethernet network attaches, by an attachment circuit, to the FCoE pseudowire at the PE router. A Fibre Channel…
