Deleting stale or unused keys to guarantee zero packet loss
Granted: January 28, 2025
Patent Number:
12212667
A first network device may install a new receive key on a data plane of the first network device, and may provide, to a second network device, a first request to install the new receive key. The first network device may receive a first indication that the new receive key is installed by the second network device, and may install a new transmit key on the data plane of the first network device based on the first indication. The first network device may provide, to the second network…
Resource reservation protocol with traffic engineering path computation across intermediate system—intermediate system flood reflector clusters
Granted: January 28, 2025
Patent Number:
12212490
In some implementations, a head Level 2 (L2) node of an intermediate system-intermediate system (IS-IS) flood reflection (FR) network may determine an end-to-end path from the head L2 node to a tail L2 node of the IS-IS FR network. The IS-IS FR network includes a plurality of L2 nodes and a plurality of FR clusters that each comprise a plurality of Level 1 (L1) nodes and a plurality of L1 and L2 (L1/L2) nodes connected by a plurality of L1 links. The head L2 node may send information…
Identifying and correlating metrics associated with unhealthy key performance indicators
Granted: January 28, 2025
Patent Number:
12212478
A device may calculate, based on network data associated with a network, key performance indicators (KPIs) for the network. The device may aggregate a first set of KPIs to generate a first aggregated KPI associated with a first functionality of the device and a second set of KPIs to generate a second aggregated KPI associated with a second functionality of the device. The device may receive a selection of a particular KPI from the first aggregated KPI, the first set of KPIs, the second…
Decentralized software upgrade image distribution for network device upgrades
Granted: January 28, 2025
Patent Number:
12210861
An example method includes receiving, by a control system for a software upgrade image, respective characterization data for network devices of a network; generating, by the control system and based on the characterization data for the network devices, an image map that indicates, for each portion of a plurality of different portions of the software upgrade image, an image proxy network device selected by the control system from among the network devices to store the portion based on the…
Network monitoring and troubleshooting using augmented reality
Granted: January 21, 2025
Patent Number:
12207099
An example device includes one or more processors; an image capture device coupled to the one or more processors and configured to generate image capture data representative of a three-dimensional (3D) physical environment; an electronic display coupled to the one or more processors; and a memory coupled to the one or more processors, the memory storing instructions to cause the one or more processors to: obtain characteristics of a network associated with the device, generate overlay…
Detecting miswirings in a spine and leaf topology of network devices
Granted: January 21, 2025
Patent Number:
12206569
A network device may receive topology data identifying a spine and leaf topology of network devices, and may set link metrics to a common value to generate modified topology data. The network device may remove data identifying connections from leaf network devices to any devices outside the topology from the modified topology data to generate further modified topology data, and may process the further modified topology data, with a model, to determine path data identifying paths to…
Predicting network issues based on historical data
Granted: January 21, 2025
Patent Number:
12206566
Techniques are described for monitoring application performance in a computer network. For example, a network management system (NMS) includes a memory storing path data received from a plurality of network devices, the path data reported by each network device of the plurality of network devices for one or more logical paths of a physical interface from the given network device over a wide area network (WAN). Additionally, the NMS may include processing circuitry in communication with…
Automatic generation and update of connectivity association keys for media access control security protocol
Granted: January 14, 2025
Patent Number:
12200111
A first network device may identify a MACsec session between the first network device and a second network device that utilizes a CAK, may determine, using a KDF and one or more KDF input parameters, an additional CAK, may encrypt the one or more KDF input parameters and/or KDF identification information that identifies the KDF and the one or more KDF input parameters to generate encrypted KDF input information, and may send, to the second network device, a first message that includes…
Wireless signal strength-based detection of poor network link performance
Granted: January 14, 2025
Patent Number:
12200596
A cloud-based network management system (NMS) stores path data from network devices operating as network gateways for an enterprise network, the path data collected by each network device of the plurality of network devices. The NMS determines, for a logical path within a specified time window, a wireless signal quality and a link quality based at least in part on the path data. The NMS, in response to determining that the logical path is of a poor link quality, determine a correlation…
Intelligent radio band reconfiguration for access points of a wireless network
Granted: January 14, 2025
Patent Number:
12200499
Methods and apparatus for automatically reconfiguring network parameters are described. Some embodiments identify communication channels that may interfere with higher priority equipment and deactivate communication channels that may cause harmful interference. Some APs are switched to 2.4 GHz communication channels. In some embodiments, AP operating parameters, such as transmission power are adjusted to reduce interference for higher priority receivers.
Framework for automated application-to-network root cause analysis
Granted: January 14, 2025
Patent Number:
12199813
A computing system comprising a memory and processing circuitry may perform the techniques. The memory may store time series data comprising measurements of one or more performance indicators. The processing circuitry may determine, based on the time series data, an anomaly in the performance of the network system, and create, based on the time series data, a knowledge graph. The processing circuitry may determine, in response to detecting the anomaly, and based on the knowledge graph…
Network access control intent-based policy configuration
Granted: January 7, 2025
Patent Number:
12192241
Techniques are described for configuration and application of intent-based network access control (NAC) policies for authentication and authorization of multi-tenant, network access server (NAS) devices to access enterprise networks of organizations. A network management system configures intent-based NAC policies for an organization. A cloud-based NAC system may apply an appropriate intent-based NAC policy in response to an authentication request from a NAS device. The NAC system…
Maintaining a set of links associated with a link aggregation group to facilitate provisioning or updating of a customer edge device
Granted: January 7, 2025
Patent Number:
12192095
In some implementations, a provider edge device associated with a link aggregation group (LAG) may maintain, according to a link aggregation control protocol (LACP), a set of links that connect the PE device to a consumer edge device. The provider edge device may determine that the provider edge device and another provider edge device associated with the LAG are not receiving link aggregation control protocol data units (LACPDUs) from the consumer edge device. The provider edge device…
Distributed flooding technique
Granted: January 7, 2025
Patent Number:
12192093
A network device may receive, from a transmission network device, a link state message associated with an origination network device. The network device may determine an order of a set of one-hop neighbor network devices from the transmission network device. The network device may determine, based on the link state message and the order of the set of one-hop neighbor network devices, whether the network device is to send a copy of the link state message to at least one one-hop neighbor…
Device access control for applications of multiple containers
Granted: December 31, 2024
Patent Number:
12182634
A device may receive a lock request associated with using an embedded device of a containerized environment from a first instance of an application being executed in a first container of the containerized environment. The device may perform a lock operation associated with the embedded device to permit the first instance of the application to use the embedded device and to prevent a second instance of the application, executing in a second container of the containerized environment, from…
Creating roles and controlling access within a computer network
Granted: December 31, 2024
Patent Number:
12184659
This disclosure is directed to devices, systems, and techniques for enforcing access to resources within a computer network. In some examples, a system includes a network managed by a service provider and configured to provide a plurality of microservices to a plurality of tenants each having one or more users and a controller having access to the network. The controller is configured to output, to a user interface, data indicative of a plurality of capabilities for presentation by the…
Increasing robustness of connections by offloading keep alive protocol data units
Granted: December 31, 2024
Patent Number:
12184535
A network device may establish, via a routing protocol daemon (RPD) of the network device, border gateway protocol (BGP) sockets with peer network devices and may establish a socket between the RPD and a periodic packet management daemon (PPMD) of the network device. The network device may provide file descriptors of the BGP sockets from the RPD to the PPMD, via the socket, and may provide, from the RPD and via the BGP sockets, non-keep alive protocol data units (PDUs) to the peer…
Using anycast as an abstract next hop (ANH) to reduce information related to border gateway protocol (BGP) next hops received by autonomous system border routers (ASBRs) and/or to improve BGP path convergence
Granted: December 31, 2024
Patent Number:
12184532
An autonomous system border router (ASBR) provided in a domain in which routers share an anycast address, may perform a method comprising: (a) receiving, from an exterior Border Gateway Protocol (eBGP) peer, first reachability information for a first prefix, the first reachability information including a first next hop (NH) address; (b) communicating first link state information about the first prefix to another router in the domain, the first link state information associating the first…
Application service level expectation health and performance
Granted: December 31, 2024
Patent Number:
12184522
Techniques are described for monitoring application performance in a computer network. For example, a network management system (NMS) includes a memory storing path data received from a plurality of network devices, the path data reported by each network device of the plurality of network devices for one or more logical paths of a physical interface from the given network device over a wide area network (WAN). Additionally, the NMS may include processing circuitry in communication with…
Rollback-on-error support for forwarding components of a network device
Granted: December 31, 2024
Patent Number:
12184493
A network device may receive an original configuration that includes configuration objects, and may generate, based on the original configuration, a dependency graph that includes nodes representing and entries representing the configuration objects. The network device may receive a configuration update that includes new configuration objects, and may update the dependency graph based on the configuration update and to generate an updated dependency graph that includes new nodes and/or…
