Delayed quantum key-distribution
Granted: February 6, 2024
Patent Number:
11895234
A node may receive, from a quantum key-distribution (QKD) device, a first message that includes an identifier associated with a key. The node may send, to another node, a second message that includes the identifier and a request to perform at least one task. A node may receive, from the other node, a third message that includes information associated with performance of the at least one task by the other node and information indicating a time of performance. The node may receive, from…
Data center resource monitoring with managed message load balancing with reordering consideration
Granted: February 6, 2024
Patent Number:
11895193
Techniques for resource monitoring and managed message reordering in a data center are described. In one example, a computing system comprises an ingress engine to receive a message from a network device in a data center comprising a plurality of network devices and the computing system; and in response to receiving the message from a network device in the data center, communicate the message to an appropriate collector application corresponding to the message's protocol type in…
Detecting and blocking a malicious file early in transit on a network
Granted: February 6, 2024
Patent Number:
11895129
A device may receive a malicious file associated with a network of network devices and may identify a file type and file characteristics associated with the malicious file. The device may determine one or more rules to apply to the malicious file based on the file type and the file characteristics associated with the malicious file and may apply the one or more rules to the malicious file to generate a partial file signature for the malicious file. The device may provide the partial file…
Methods and devices for blocking, detecting, and/or preventing malicious traffic
Granted: February 6, 2024
Patent Number:
11895116
A network device obtains information, associated with blacklisted domains, that includes blacklisted domain identifiers, and sinkhole server identifiers associated with the blacklisted domain identifiers. The network device obtains a set of rules that specify match criteria, associated with the blacklisted domains, that include source network addresses and/or destination network addresses for comparison to packet source network addresses and/or packet destination network addresses…
Dynamic prefix apportionment for address pool management
Granted: February 6, 2024
Patent Number:
11895086
A network device may maintain, for a user device, a pool domain into which address prefixes are allocated from a partition of an address pool management (APM) device, and may estimate, based on pool domain data, an average subscriber login rate for the pool domain by the user device. The network device may estimate, based on the pool domain data, an average response latency per apportionment alarm, and may calculate a dynamic apportionment threshold based on the average subscriber login…
Policy controller for distributed virtualization infrastructure element monitoring
Granted: January 30, 2024
Patent Number:
11888714
This disclosure describes techniques for monitoring, scheduling, and performance management for virtualization infrastructures within networks. In one example, a computing system includes a plurality of different cloud-based compute clusters (e.g., different cloud projects), each comprising a set of compute nodes. Policy agents execute on the compute nodes to monitor performance and usage metrics relating to resources of the compute nodes. Policy controllers within each cluster deploy…
Tracking host threats in a network and enforcing threat policy actions for the host threats
Granted: January 30, 2024
Patent Number:
11888877
A device receives network segment information identifying network segments associated with a network, and receives endpoint host session information identifying sessions associated with endpoint hosts communicating with the network. The device generates, based on the network segment information and the endpoint host session information, a data structure that includes information associating the network segments with the sessions associated with the endpoint hosts. The device updates the…
Managing address spaces across network elements
Granted: January 30, 2024
Patent Number:
11888814
In general, techniques are described for managing address spaces across network elements. A network device including a processor may be configured to perform the techniques. The processor may execute a pool manager that automatically distributes a first block of network addresses to a first network element acting, for a first network, as a first address allocation server to assign the first block of network addresses. The pool manager may further automatically distribute a second block…
System and method for determining a data flow path in an overlay network
Granted: January 30, 2024
Patent Number:
11888738
This disclosure describes techniques that include collecting underlay flow data within a network and associating underlay flow data with a source and a destination virtual network to enable insights into network operation and performance. In one example, this disclosure describes a method that includes identifying, for each underlay data flow, a source overlay network and a destination overlay network associated with the underlay data flow, wherein identifying includes retrieving, from…
Label deduction with flexible-algorithm
Granted: January 30, 2024
Patent Number:
11888733
A flexible-algorithm routing method comprises: receiving, by a first router, a route advertisement including a base node label, for a second router, associated with a segment routing path without flexible-algorithm, wherein the second router participates in a flexible-algorithm; deducing, by the first router and from the base node label, a node label, for the second router, associated with a segment routing path with the flexible-algorithm; and constructing, by the first router, a label…
Confirmed commit with user specified automatic rollback configuration
Granted: January 30, 2024
Patent Number:
11888695
A network device receives a first message indicating that the network device is to operate according to a new configuration for a period of time and that the network device is to operate according to a user specified configuration upon expiration of the period of time without confirmation of the new configuration. The network device thereby causes the network device to operate according to the new configuration for the period of time, and then determines whether the network device…
Early detection of telemetry data streaming interruptions
Granted: January 30, 2024
Patent Number:
11888680
A computing device may receive, from a collector device, a request to subscribe, in a target-defined mode, to network telemetry data regarding a network element associated with the computing device. The computing device may, in response to receiving the request, provision a network telemetry sensor to operate in a working mode to collect the network telemetry data regarding the network element. The collector device may send, to the collector device, the network telemetry data collected…
Hypothesis driven diagnosis of network systems
Granted: January 30, 2024
Patent Number:
11888679
An example method includes obtaining, by one or more processors, data indicating resource dependencies between a plurality of resources in a network and event dependencies between a plurality of network events and one or more of the plurality of resources; generating a Bayesian model based on resource types of the plurality of resources and event types of the plurality of network events; receiving an indication of a fault in the network; collecting fault data and generating, based on the…
Making transmission control protocol (TCP) sessions robust in a socket replication environment
Granted: January 30, 2024
Patent Number:
11886304
A network device may execute a master application communicating with another network device via a session, and may receive, by a backup application replication layer, a replicated data object. The backup application replication layer may provide the replicated data object to a backup application, and may calculate a time delta between when the replicated data object is received and when the replicated data object arrives at the backup application. The backup application replication layer…
Malware detection based on user interactions
Granted: January 23, 2024
Patent Number:
11880458
A device may receive a file that has been downloaded, or is to be downloaded, to a user device, and that is to be subject to a malware detection procedure. The device may obtain, based on one or more file identification properties of the file, metadata identifying user interactions associated with the file. The metadata may include a first group of user interactions performed when the file was accessed on the user device or a second group of user interactions performed when the file was…
Dynamic security actions for network tunnels against spoofing
Granted: January 23, 2024
Patent Number:
11882150
An example network device receives an encapsulated network packet via a network tunnel; extracts IPv6 header information from the encapsulated network packet; extracts IPv4 header information from the encapsulated network packet; determines that the encapsulated network packet is a spoofed network packet based on the IPv6 header information and the IPv4 header information; and in response to detecting the spoofed network packet, transmits a message to a Tunnel Entry Point (TEP) device,…
Securing multiprotocol label switching (MPLS) payloads
Granted: January 23, 2024
Patent Number:
11882029
In some implementations, an ingress network device of a multiprotocol label switching (MPLS) network may receive a packet destined for a destination network device. The ingress network device may determine, based on the packet, a secure function to secure the packet and a label associated with a label-switched path (LSP) from the ingress network device to an egress network device of the MPLS network that is associated with the destination network device. The ingress network device may…
User interface for 5G radio access network (RAN) topology
Granted: January 23, 2024
Patent Number:
11882006
Techniques are disclosed for a user interface for displaying a topology representation of infrastructure of a 5G Radio Access Network (RAN), such as an Open Radio Access Network (O-RAN) 5G infrastructure. For example, a computing system displays, via a user interface, first icons, each icon of the first icons representing first components providing Level-1 functionality for the O-RAN 5G infrastructure, such as non-real-time RAN Intelligent Controllers (RICs). The computing system…
Determining reorder commands for remote reordering of policy rules
Granted: January 23, 2024
Patent Number:
11881997
In general, techniques are described for determining reorder commands for remote reordering of policy rules. A device management system comprising a memory, a processor, and an interface may be configured to perform the techniques. A memory may store a currently configured policy for a managed network device and an updated policy for the managed device. The processor may determine a longest increasing subsequence (LIS) between a source list comprising the plurality of policy rules in a…
Service-based transport classes for mapping services to tunnels
Granted: January 23, 2024
Patent Number:
11881963
Techniques are disclosed for disseminating network service-specific mapping information across administrative domains. In one example, a network device receives an indication of a route target and one or more underlay tunnels configured to support a service route. The service route is configured to transport network traffic associated with a first network service of a plurality of network services. The network device defines, based on the indication, a first transport class of a…
