Autotuning a virtual firewall
Granted: February 4, 2025
Patent Number:
12218910
A device may receive an input associated with deploying a virtual firewall on a computing device. The device may determine a first set of characteristics associated with the virtual firewall and a second set of characteristics associated with a hypervisor associated with the computing device. The device may automatically tune the virtual firewall based on the first set of characteristics and the second set of characteristics. The device may deploy the virtual firewall after tuning the…
Service function chaining with session-based routing
Granted: February 4, 2025
Patent Number:
12218839
Techniques are disclosed for session-based load-balancing of network traffic to network service instances. In one example, a network device receives a first packet of a forward packet flow from a network service instance of a plurality of network service instances after application of a network service. The first packet specifies a Media Access Control (MAC) address of the network service instance as a source MAC address. The network device defines a session comprising the forward packet…
Bitmask route target in targeted distribution of information using a routing protocol
Granted: February 4, 2025
Patent Number:
12218835
Techniques are described by which a routing protocol, such as border gateway protocol (BGP), is extended to control propagation and importation of information using route targets (RTs) specified as bitmasks that encode link administrative group information. For example, a network control device (e.g., controller) is configured to allocate one or more subset of resources (e.g., nodes or links) of an underlay network to each of one or more virtual networks established over the underlay…
Containerized routing protocol process for virtual private networks
Granted: February 4, 2025
Patent Number:
12218831
In general, this disclosure describes techniques for leveraging a containerized routing protocol process to implement virtual private networks using routing protocols. In an example, a system comprises a container orchestration system for a cluster of computing devices, the cluster of computing devices including a computing device, wherein the container orchestration system is configured to: deploy a containerized application to a compute node; and in response to deploying the…
Multicast liveness detection
Granted: February 4, 2025
Patent Number:
12218818
In some implementations, a first packet forwarding device (PFD) may obtain a probe packet. The first PFD may replicate the probe packet forming multiple copies of the probe packet. The first PFD may transmit, to the first PFD and to multiple other PFDs, the multiple copies of the probe packet. The first PFD may receive a first copy of the probe packet and multiple response packets, with the first copy of the probe packet originating at the first PFD, and with each of the multiple…
Deleting stale or unused keys to guarantee zero packet loss
Granted: January 28, 2025
Patent Number:
12212667
A first network device may install a new receive key on a data plane of the first network device, and may provide, to a second network device, a first request to install the new receive key. The first network device may receive a first indication that the new receive key is installed by the second network device, and may install a new transmit key on the data plane of the first network device based on the first indication. The first network device may provide, to the second network…
Resource reservation protocol with traffic engineering path computation across intermediate system—intermediate system flood reflector clusters
Granted: January 28, 2025
Patent Number:
12212490
In some implementations, a head Level 2 (L2) node of an intermediate system-intermediate system (IS-IS) flood reflection (FR) network may determine an end-to-end path from the head L2 node to a tail L2 node of the IS-IS FR network. The IS-IS FR network includes a plurality of L2 nodes and a plurality of FR clusters that each comprise a plurality of Level 1 (L1) nodes and a plurality of L1 and L2 (L1/L2) nodes connected by a plurality of L1 links. The head L2 node may send information…
Identifying and correlating metrics associated with unhealthy key performance indicators
Granted: January 28, 2025
Patent Number:
12212478
A device may calculate, based on network data associated with a network, key performance indicators (KPIs) for the network. The device may aggregate a first set of KPIs to generate a first aggregated KPI associated with a first functionality of the device and a second set of KPIs to generate a second aggregated KPI associated with a second functionality of the device. The device may receive a selection of a particular KPI from the first aggregated KPI, the first set of KPIs, the second…
Decentralized software upgrade image distribution for network device upgrades
Granted: January 28, 2025
Patent Number:
12210861
An example method includes receiving, by a control system for a software upgrade image, respective characterization data for network devices of a network; generating, by the control system and based on the characterization data for the network devices, an image map that indicates, for each portion of a plurality of different portions of the software upgrade image, an image proxy network device selected by the control system from among the network devices to store the portion based on the…
Network monitoring and troubleshooting using augmented reality
Granted: January 21, 2025
Patent Number:
12207099
An example device includes one or more processors; an image capture device coupled to the one or more processors and configured to generate image capture data representative of a three-dimensional (3D) physical environment; an electronic display coupled to the one or more processors; and a memory coupled to the one or more processors, the memory storing instructions to cause the one or more processors to: obtain characteristics of a network associated with the device, generate overlay…
Detecting miswirings in a spine and leaf topology of network devices
Granted: January 21, 2025
Patent Number:
12206569
A network device may receive topology data identifying a spine and leaf topology of network devices, and may set link metrics to a common value to generate modified topology data. The network device may remove data identifying connections from leaf network devices to any devices outside the topology from the modified topology data to generate further modified topology data, and may process the further modified topology data, with a model, to determine path data identifying paths to…
Predicting network issues based on historical data
Granted: January 21, 2025
Patent Number:
12206566
Techniques are described for monitoring application performance in a computer network. For example, a network management system (NMS) includes a memory storing path data received from a plurality of network devices, the path data reported by each network device of the plurality of network devices for one or more logical paths of a physical interface from the given network device over a wide area network (WAN). Additionally, the NMS may include processing circuitry in communication with…
Wireless signal strength-based detection of poor network link performance
Granted: January 14, 2025
Patent Number:
12200596
A cloud-based network management system (NMS) stores path data from network devices operating as network gateways for an enterprise network, the path data collected by each network device of the plurality of network devices. The NMS determines, for a logical path within a specified time window, a wireless signal quality and a link quality based at least in part on the path data. The NMS, in response to determining that the logical path is of a poor link quality, determine a correlation…
Intelligent radio band reconfiguration for access points of a wireless network
Granted: January 14, 2025
Patent Number:
12200499
Methods and apparatus for automatically reconfiguring network parameters are described. Some embodiments identify communication channels that may interfere with higher priority equipment and deactivate communication channels that may cause harmful interference. Some APs are switched to 2.4 GHz communication channels. In some embodiments, AP operating parameters, such as transmission power are adjusted to reduce interference for higher priority receivers.
Automatic generation and update of connectivity association keys for media access control security protocol
Granted: January 14, 2025
Patent Number:
12200111
A first network device may identify a MACsec session between the first network device and a second network device that utilizes a CAK, may determine, using a KDF and one or more KDF input parameters, an additional CAK, may encrypt the one or more KDF input parameters and/or KDF identification information that identifies the KDF and the one or more KDF input parameters to generate encrypted KDF input information, and may send, to the second network device, a first message that includes…
Framework for automated application-to-network root cause analysis
Granted: January 14, 2025
Patent Number:
12199813
A computing system comprising a memory and processing circuitry may perform the techniques. The memory may store time series data comprising measurements of one or more performance indicators. The processing circuitry may determine, based on the time series data, an anomaly in the performance of the network system, and create, based on the time series data, a knowledge graph. The processing circuitry may determine, in response to detecting the anomaly, and based on the knowledge graph…
Network access control intent-based policy configuration
Granted: January 7, 2025
Patent Number:
12192241
Techniques are described for configuration and application of intent-based network access control (NAC) policies for authentication and authorization of multi-tenant, network access server (NAS) devices to access enterprise networks of organizations. A network management system configures intent-based NAC policies for an organization. A cloud-based NAC system may apply an appropriate intent-based NAC policy in response to an authentication request from a NAS device. The NAC system…
Maintaining a set of links associated with a link aggregation group to facilitate provisioning or updating of a customer edge device
Granted: January 7, 2025
Patent Number:
12192095
In some implementations, a provider edge device associated with a link aggregation group (LAG) may maintain, according to a link aggregation control protocol (LACP), a set of links that connect the PE device to a consumer edge device. The provider edge device may determine that the provider edge device and another provider edge device associated with the LAG are not receiving link aggregation control protocol data units (LACPDUs) from the consumer edge device. The provider edge device…
Distributed flooding technique
Granted: January 7, 2025
Patent Number:
12192093
A network device may receive, from a transmission network device, a link state message associated with an origination network device. The network device may determine an order of a set of one-hop neighbor network devices from the transmission network device. The network device may determine, based on the link state message and the order of the set of one-hop neighbor network devices, whether the network device is to send a copy of the link state message to at least one one-hop neighbor…
Device access control for applications of multiple containers
Granted: December 31, 2024
Patent Number:
12182634
A device may receive a lock request associated with using an embedded device of a containerized environment from a first instance of an application being executed in a first container of the containerized environment. The device may perform a lock operation associated with the embedded device to permit the first instance of the application to use the embedded device and to prevent a second instance of the application, executing in a second container of the containerized environment, from…
