Adaptive flow monitoring
Granted: February 13, 2024
Patent Number:
11902136
An example network device includes memory, a communication unit, and processing circuitry coupled to the memory and the communication unit. The processing circuitry is configured to receive first samples of flows from an interface of another network device sampled at a first sampling rate and determine a first parameter based on the first samples. The processing circuitry is configured to receive second samples of flows from the interface sampled at a second sampling rate, wherein the…
System and method for detecting lateral movement and data exfiltration
Granted: February 13, 2024
Patent Number:
11902303
A system configured to detect a threat activity on a network. The system including a digital device configured to detect a first order indicator of compromise on a network, detect a second order indicator of compromise on the network, generate a risk score based on correlating said first order indicator of compromise on the network with the second order indicator of compromise on said network, and generate at least one incident alert based on comparing the risk score to a threshold.
Media access control security (MACsec) enabled links of a link aggregation group (LAG)
Granted: February 13, 2024
Patent Number:
11902256
A device may cause a Media Access Control Security (MACsec) session to be established on a first link of a link aggregation group (LAG) that includes a plurality of links with a different device. The device may cause a data structure to be updated to identify the first link as a MACsec enabled LAG link and may send traffic via the first link. The device may cause a MACsec session to be established on at least one additional link of the LAG and may cause the data structure to be updated…
EVPN host routed bridging (HRB) and EVPN cloud native data center
Granted: February 13, 2024
Patent Number:
11902160
Techniques for EVPN Host Routed Bridging (HRB) and EVPN cloud-native data center with Host Routed Bridging (HRB) are described. A host computing device of a data center includes one or more containerized user-level applications. A cloud native virtual router is configured for dynamic deployment by the data center application orchestration engine and operable in a user space of the host computing device. Processing circuitry is configured for execution of the containerized user-level…
Dynamic internet protocol translation for port-control-protocol communication
Granted: February 13, 2024
Patent Number:
11902159
A network device may receive, from a source device, an option request that includes a source address of the source device and a destination address of a destination device, wherein the network device is associated with an Internet protocol version 6 (IPv6) network. The network device may identify a map code that is associated with an address translation for traffic associated with the destination device and may determine, based on identifying the map code, a source prefix code and a…
High-availability switchover based on traffic metrics
Granted: February 13, 2024
Patent Number:
11902157
A node may be an active node associated with a high-availability service and may route session traffic communicated via a first route path between a first endpoint and a second endpoint. The node may determine a first measurement of a traffic metric of the first route path and may receive, from another node associated with the high-availability service, a second measurement of the traffic metric of a second route path. The node may compare the first measurement and the second measurement…
Compressed routing header
Granted: February 13, 2024
Patent Number:
11902153
A node receives an internet protocol (IP) payload packet that includes an IPv6 transport header that has been extended with a compressed routing header (CRH). The CRH includes a list of segment identifiers (SIDs) that identify nodes that the IP payload packet is to traverse. The node determines, by referencing the list of SIDs, a next segment for the IP payload packet. The node updates a destination IP address that is included in the IPv6 transport header to a particular destination IP…
Weighted multicast join load balance
Granted: February 13, 2024
Patent Number:
11902148
In some examples, a method includes receiving, by an egress network device for a network, messages from each of a plurality of ingress network devices for the network, wherein each of the messages specifies a multicast source, a multicast group, and an upstream multicast hop weight value for multicast traffic for the multicast source and the multicast group; selecting, by the egress network device and based on the upstream multicast hop weight values specified by the received messages,…
Identifying a maximum segment size (MSS) corresponding to a network path
Granted: February 13, 2024
Patent Number:
11902146
Techniques are disclosed for identifying a maximum segment size (MSS) for a path. For example, a first router includes a routing engine and a packet forwarding engine. The routing engine is configured to identify a path maximum transmission unit (MTU) corresponding to a path between the first router and a second router; and identify a maximum packet overhead size corresponding to a session between a first client device and a second client device over the path between the first router and…
Preserving consistency of redundant border gateway protocol link state topology information
Granted: February 13, 2024
Patent Number:
11902144
A device may receive first topology information from a first network device of a network, and may receive second topology information from a second network device of the network. The device may assign a first BGP-LS identifier to the first network device, and may associate the first topology information with the first BGP-LS identifier. The device may assign a second BGP-LS identifier to the second network device, and may associate the second topology information with the second BGP-LS…
Network performance monitoring using an active measurement protocol and relay mechanism
Granted: February 13, 2024
Patent Number:
11902133
A first device may provide, periodically throughout a test session and to neighboring devices that are in a network with the first device, a message request for measuring network performance. The neighboring devices, upon receiving the request message, are to use a relay mechanism to determine network performance indicator (NPI) values. The first device may receive, from the neighboring devices and periodically throughout the test session, a response message that includes the NPI values.…
Determining an organizational level network topology
Granted: February 13, 2024
Patent Number:
11902100
An example network analysis system includes a memory storing telemetry data received from a plurality of network devices, the plurality of network devices includes extract entity information and connectivity information from the received telemetry data, wherein the entity information represents one or more network devices of the plurality of network devices and the connectivity information represents network connections between one or more devices of the plurality of network devices; and…
Adaptive location-based SD-WAN policies
Granted: February 13, 2024
Patent Number:
11902097
An example method includes receiving, by an SD-WAN system, WAN link characterization data for a plurality of WAN links of the SD-WAN system over a time period; and for each site of a plurality of sites of the SD-WAN system, generating, by the SD-WAN system, a local policy for the site, wherein generating the local policy is based on a machine learning model trained with the WAN link characterization data for the plurality of WAN links, and providing the local policy to an SD-WAN edge…
Collection of error packet information for network policy enforcement
Granted: February 13, 2024
Patent Number:
11902096
A network device may detect an error associated with a packet based on error information being generated from processing the packet at a layer of a network stack. The network device may determine, based on detecting the error, metadata associated with the packet. The network device may generate telemetry data to include the metadata. The network device may provide the telemetry data to a network analyzer for policy enforcement.
Programmable diagnosis model for correlation of network events
Granted: February 13, 2024
Patent Number:
11902085
Network management techniques are described. A controller device of this disclosure manages a device group of a network. The controller device includes processing circuitry in communication with the memory, the processing circuitry being configured to receive, using a programmable diagnosis service executed by the processing circuitry, a programming input, to form, using the programmable diagnosis service, based on the programming input, a resource definition graph that models…
Detecting VLAN misconfiguration
Granted: February 13, 2024
Patent Number:
11902051
Disclosed are methods for detecting misconfigured VLANs. In some embodiments, traffic on a VLAN across multiple access points is categorized. Traffic on the VLAN at a single access point is then also categorized. The categorization of the VLAN traffic at the single access point can be in response to, for example, communication errors or other conditions. The two categorizations are then compared to determine if the VLAN traffic at the AP is consistent with the VLAN traffic across a…
Apparatus, system, and method for achieving accurate insertion counts on removable modules
Granted: February 13, 2024
Patent Number:
11901898
A disclosed apparatus for accomplishing such a task may include (1) a circuit board incorporated into a module designed for insertion into slots of computing devices, (2) at least one conductive contact disposed on the circuit board, (3) a counter circuit disposed on the circuit board and communicatively coupled to the conductive contact, wherein the counter circuit comprises (A) a signal-change detector that detects signal changes as the module is inserted into one of the slots of the…
Active assurance for virtualized services
Granted: February 6, 2024
Patent Number:
11895002
An example method includes receiving, by a computing system, a declarative testing descriptor for active testing of a virtualized service; obtaining, from an orchestration layer, metadata associated with the virtualized service, wherein the metadata specifies a unique name for a virtualized service within the namespace of a cluster managed by the orchestration layer; determining, by the computing system using the declarative testing descriptor and the metadata, an active testing…
Dynamic prefix apportionment for address pool management
Granted: February 6, 2024
Patent Number:
11895086
A network device may maintain, for a user device, a pool domain into which address prefixes are allocated from a partition of an address pool management (APM) device, and may estimate, based on pool domain data, an average subscriber login rate for the pool domain by the user device. The network device may estimate, based on the pool domain data, an average response latency per apportionment alarm, and may calculate a dynamic apportionment threshold based on the average subscriber login…
Virtualized cell site routers with layer 2 forwarding
Granted: February 6, 2024
Patent Number:
11895020
In general, techniques are described for deploying virtualized cell site routers (vCSRs) capable of layer 2 (L2) forwarding to cell site servers to support management and orchestration of functional units for mobile networks executing on the cell site servers. In an example, a method comprises receiving, at a forwarding plane of a virtualized cell site router (vCSR) of a first Distributed Unit (DU) of a plurality of DU servers of a cell site for a 5G radio access network, the vCSR having…
