Media access control security (MACsec) enabled links of a link aggregation group (LAG)
Granted: April 8, 2025
Patent Number:
12273325
A device may cause a Media Access Control Security (MACsec) session to be established on a first link of a link aggregation group (LAG) that includes a plurality of links with a different device. The device may cause a data structure to be updated to identify the first link as a MACsec enabled LAG link and may send traffic via the first link. The device may cause a MACsec session to be established on at least one additional link of the LAG and may cause the data structure to be updated…
Broadband network gateway (BNG) as dynamic host configuration protocol (DHCP) server
Granted: April 8, 2025
Patent Number:
12273318
In some implementations, a broadband network gateway (BNG) may receive, from a customer premises equipment, a dynamic host configuration protocol (DHCP) discover request, wherein the BNG is connected to the customer premises equipment and a fixed mobile interworking function (FMIF). The BNG may communicate with, based on the DHCP discover request, the FMIF. The BNG may provide to the customer premises equipment, and based on communicating with the FMIF, a DHCP offer that offers…
Maintaining processing core affinity for fragmented packets in network devices
Granted: April 8, 2025
Patent Number:
12273264
Techniques are disclosed for maintaining processing unit core affinity for fragmented packets. In one example, a service physical interface card (PIC) implementing a service plane of a network device receives fragmented and/or non-fragmented packet data for a traffic flow. The service PIC comprises at least one processing unit comprising multiple cores. A routing engine operating in a control plane of the network device defines one or more core groups comprising a subset of the cores.…
Systems and methods for enabling precision time protocol over a link aggregation group using link aggregation control protocol parameters
Granted: April 8, 2025
Patent Number:
12273263
A network device may identify a link aggregation group (LAG) of a plurality of links between the network device and another network device. The network device may identify link aggregation control protocol (LACP) parameters that were communicated by the network device and the other network device in association with the LAG. The network device may determine, based on the LACP parameters, a priority order of the plurality of links in the LAG. The network device may communicate with the…
Intelligent firewall policy processor
Granted: April 1, 2025
Patent Number:
12267300
An example network system includes processing circuitry and one or more memories coupled to the processing circuitry. The one or more memories are configured to store instructions which cause the system to obtain telemetry data, the telemetry data being associated with a plurality of applications running on a plurality of hosts. The instructions cause the system to, based on the telemetry data, determine a subset of applications of the plurality of applications that run on a first host…
Cloud native software-defined network architecture
Granted: April 1, 2025
Patent Number:
12267208
In an example, a method includes processing, by an application programming interface (API) server implemented by a configuration node of a network controller for a software-defined networking (SDN) architecture system, requests for operations on native resources of a container orchestration system; processing, by a custom API server implemented by the configuration node, requests for operations on custom resources for SDN architecture configuration, wherein each of the custom resources…
Power efficient and scalable co-packaged optical devices
Granted: April 1, 2025
Patent Number:
12267111
A co-packaged optical-electrical chip can include an application-specific integrated circuit (ASIC) and a plurality of optical modules, such as optical transceivers. The ASIC and each of the optical modules can exchange electrical signaling via integrated electrical paths. The ASIC can include Ethernet switch, error correction, bit-to-symbol mapping/demapping, and digital signal processing circuits to pre-compensate and post-compensate channel impairments (e.g.,…
Automated application service deployment across multiple environments
Granted: April 1, 2025
Patent Number:
12265808
In general, a device comprising a processor and a memory may be configured to perform various aspects of the techniques described in this disclosure. The memory may store source configuration data of a source environment descriptor associated with a source operating environment and target configuration data of a target environment descriptor associated with a target operating environment. The processor may compare the source configuration data to the target configuration data, and…
Storing configuration data changes to perform root cause analysis for errors in a network of managed network devices
Granted: March 25, 2025
Patent Number:
12261742
An example application programming interface (API) server device that distributes configuration data to managed network devices includes one or more processing units implemented in circuitry and configured to receive configuration data to be deployed to at least one of the managed network devices; store the configuration data to a configuration database; and send the configuration data to the at least one of the managed network devices. In this manner, the configuration data can be…
Tracking host threats in a network and enforcing threat policy actions for the host threats
Granted: March 25, 2025
Patent Number:
12261870
A device receives network segment information identifying network segments associated with a network, and receives endpoint host session information identifying sessions associated with endpoint hosts communicating with the network. The device generates, based on the network segment information and the endpoint host session information, a data structure that includes information associating the network segments with the sessions associated with the endpoint hosts. The device updates the…
Server to support client data models from heterogeneous data sources
Granted: March 25, 2025
Patent Number:
12261741
Network elements are managed with a server to support client data models from heterogeneous data sources. A server receives a first query for configuration data of a network element to be returned in a first model. The server determines a model type for the configuration data of the network element. When the model type is a second model that is not the first model, the server sends a second query to the network element for the configuration data to be returned in the second model and…
Intent graph model generation using difference information
Granted: March 25, 2025
Patent Number:
12259927
A system includes computer-readable media configured to store a plurality of objects representing intent graph models of a network, and processing circuitry coupled to the computer-readable media. The processing circuitry is configured to receive a request indicating a requested time, determine one or more first objects of the plurality of objects, the first objects storing an intent graph model associated with a first time, the first time different from the requested time, determine one…
Service chaining among devices of interconnected topology
Granted: March 18, 2025
Patent Number:
12255812
An example data center system includes server devices hosting data of a first tenant and a second tenant of the data center, network devices of an interconnected topology coupling the server devices including respective service virtual routing and forwarding (VRF) tables, and one or more service devices that communicatively couple the network devices, wherein the service devices include respective service VRF tables for the first set of server devices and the second set of server…
Active assurance for virtualized services
Granted: March 18, 2025
Patent Number:
12255802
An example method includes receiving, by a computing system, a declarative testing descriptor for active testing of a virtualized service; obtaining, from an orchestration layer, metadata associated with the virtualized service, wherein the metadata specifies a unique name for a virtualized service within the namespace of a cluster managed by the orchestration layer; determining, by the computing system using the declarative testing descriptor and the metadata, an active testing…
Synthesizing probe parameters based on historical data
Granted: March 18, 2025
Patent Number:
12255798
An example network device includes a memory configured to store a plurality of counts of packets of a data flow. The network device also includes one or more processors in communication with the memory. The one or more processors are configured to determine the plurality of counts of packets of the data flow, wherein each count of the plurality of counts includes a number of packets occurring in a predetermined time period. The one or more processors are configured to assign a…
Network graph model and root cause analysis for a network management system
Granted: March 18, 2025
Patent Number:
12255768
A method for managing a plurality of network devices of a network includes determining, by one or more processors, a causality map for the plurality of network devices according to an intent. The method further includes receiving, by the one or more processors, an indication of a network service impact and determining, by the one or more processors, a relevant portion of the causality map based on the network service impact. The method further includes determining, by the one or more…
Multi-layer statistical wireless terminal location determination
Granted: March 11, 2025
Patent Number:
12248081
Disclosed are embodiments for determining a location of a wireless terminal. The wireless terminal measures signal strength of a plurality of wireless transmitters. Based on this information, a plurality of location probability surfaces are generated. Each location probability surface indicates a plurality of probabilities that the wireless terminal is in each of a corresponding plurality of geographic regions. These probability surfaces are then averaged to determine a composite…
Quantum cryptography in an internet key exchange procedure
Granted: March 11, 2025
Patent Number:
12250302
In some implementations, a first network device may communicate, with a second network device, one or more internet key exchange (IKE) messages to exchange a first identifier associated with the first network device and a second identifier associated with the second network device, and to indicate that a post-quantum preshared key (PPK) is to be used as a shared key for an IKE security association (SA) between the first network device and the second network device. The first network…
Scalable multi-tenant underlay network supporting multi-tenant overlay network
Granted: March 11, 2025
Patent Number:
12250147
Techniques are disclosed for scalable virtualization of tenants and subtenants on a virtualized computing infrastructure. In one example, a first controller for the virtualized computing infrastructure configures underlay network segments in the virtualized computing infrastructure by configuring respective Virtual Extensible Local Area Network (VXLAN) segments of a plurality of VXLAN segments of a VXLAN in a switch fabric comprising network switches. Each VXLAN segment provides underlay…
Intent-driven configuration of a cloud-native router
Granted: March 11, 2025
Patent Number:
12250117
In general, techniques are described for leveraging a configuration framework for an orchestration platform to configure software that implements a control plane for a containerized network router in a cloud-native SDN architecture. In an example, a method comprises receiving, by a server executing a containerized routing protocol process, configuration data generated from a Network Resource configuration object managed by a custom resource controller; configuring, by the server, the…
