Efficient encryption and decryption of duplicate packets communicated via a virtual private network
Granted: December 24, 2024
Patent Number:
12177187
A network device may create an encrypted packet and may duplicate the encrypted packet to create a plurality of encrypted packets that includes a first set of encrypted packets that is associated with a first receiving network device and a second set of encrypted packets that is to be associated with a second receiving network device. The network device may modify the second set of encrypted packets by replacing a first virtual destination address in the second set of the plurality of…
Selective transport layer security encryption
Granted: December 24, 2024
Patent Number:
12177186
A device may transmit a packet for communicating via a tunnel. The packet may be associated with a protocol. The device may determine that the packet has been dropped by a security device. The device may selectively encrypt, after determining that the packet has been dropped, the packet using a null encryption for transport layer security (TLS) or a combination of encryption associated with the protocol and TLS encryption to generate an encrypted packet. The device may transmit the…
Dynamic computation of SR-TE policy for SR-enabled devices connected over non-SR-enabled devices
Granted: December 24, 2024
Patent Number:
12177134
Techniques are described for dynamically computing a segment routing policy for a segment routing for traffic engineering (SR-TE) path. For example, in a discontinuous SR network in which SR islands (e.g., groups of neighboring routers that are enabled for segment routing) are separated by one or more routers not enabled for segment routing, instead of returning a failure because one or more routers along a path are not enabled for SR, an ingress router may generate an SR-TE operations,…
Network policy generation for continuous deployment
Granted: December 24, 2024
Patent Number:
12177069
In an example, a method comprises obtaining, by a policy controller from a first SDN architecture system, flow metadata for packet flows exchanged among workloads of a distributed application deployed to the first SDN architecture system; identifying, using flow metadata for a packet flow of the packet flows, a source endpoint workload and a destination endpoint workload of the packet flow; generating a network policy rule to allow packet flows from the source endpoint workload to the…
Configuration for multi-stage network fabrics
Granted: December 24, 2024
Patent Number:
12177066
A method includes deploying a network device within a fabric having a management network by attaching the network device through the management network to a port of a role allocator, wherein the role allocator includes one or more ports designated as first level port connections and one or more other ports designated as second level port connections. If the deployed network device is attached to one of the ports designated as first level port connections, the deployed network device is…
Edge device for source identification using source identifier
Granted: December 17, 2024
Patent Number:
12170645
A device comprises processing circuitry configured to identify a telemetry packet indicating telemetry data for a plurality of packets output by a network device of a plurality of network devices and select a source identifier for the network device from a plurality of source identifiers. The processing circuitry is further configured to modify the telemetry packet to further indicate the selected source identifier and output the modified telemetry packet.
Determining orientation of deployed access points
Granted: December 17, 2024
Patent Number:
12170935
A system includes a plurality of access point devices (APs) configured to provide a wireless network at a site, each of the plurality of APs having a known location, and a network management system comprising one or more processors and a memory comprising instructions that when executed by the one or more processors cause the one or more processors to: determine, based on a known location of a first AP of the plurality of APs, a known location of a second AP of the plurality of APs, and…
Selective access point key caching
Granted: December 17, 2024
Patent Number:
12170894
An example system includes a plurality of AP devices configured to provide a wireless network at a site, the plurality of AP devices including a first AP device configured to determine a set of roaming candidates within the site for client devices connected to the first AP device, wherein the set of roaming candidates includes one or more AP devices of the plurality of AP selected according to a selection criteria; in response to establishing a connection with a client device, cache a…
Use of sentiment analysis to assess trust in a network
Granted: December 17, 2024
Patent Number:
12170670
This disclosure describes techniques that include assessing trust in a system, and in particular, assessing trust by performing a sentiment analysis for an entity or device within a system. In one example, this disclosure describes a method that includes performing, by a computing system and based on information collected about a network entity in a computer network, a sentiment analysis associated with the network entity; determining, by the computing system and based on the sentiment…
Internet protocol (IP) version 6 fragmentation and reassembly optimization for port-aware IP translators
Granted: December 17, 2024
Patent Number:
12170647
A network device may receive IPv6 fragments of a flow. Source and/or destination port information may be encoded into an upper sixteen bits of an identification number of an IPv6 fragment header of each of the IPv6 fragments. The network device may extract the source and/or destination port information from the IPv6 fragments, and may perform a spoof check of the IPv6 fragments. The network device may drop any of the IPv6 fragments that fail the spoof check, to generate remaining IPv6…
Link behavior prediction for use in path selection
Granted: December 17, 2024
Patent Number:
12170608
Techniques are described for predicting future behavior of links in a network and generating dynamic thresholds for link metrics for use in path selection. In one example, a computing system receives historical values of a link metric for links of a network. The computing system executes a machine learning system which processes the historical values of the link metric to generate: (1) a predicted future value of the link metric for each link; and (2) a threshold for the link metric…
Virtual network assistant having proactive analytics and correlation engine using unsupervised ML model
Granted: December 17, 2024
Patent Number:
12170600
Techniques are described in which a network management system processes network event data received from the AP devices. The NMS is configured to dynamically determine, in real-time, a minimum (MIN) threshold and a maximum (MAX) threshold for expected occurrences for each event type, wherein the MIN thresholds and MAX thresholds define ranges of expected occurrences for the network events of the corresponding event types. The NMS applies an unsupervised machine learning model to the…
Business policy management for self-driving network
Granted: December 17, 2024
Patent Number:
12170593
A controller device manages a plurality of network devices. The controller device includes one or more processing units configured to receive an indication of a stateful intent, the data structure including a plurality of nodes and a plurality of edges, each node of the plurality of nodes being representative of a respective network device of the plurality of network devices. The one or more processing units are configured to determine, using an abstract function configured at a node of…
Using zones based on entry points and exit points of a network device to apply a security policy to network traffic
Granted: December 10, 2024
Patent Number:
12166799
A network device may be configured to receive network traffic. The network device may be configured to identify one or more entry points of the network device associated with the network traffic and to determine, based on the one or more entry points of the network device, a source zone associated with the network traffic. The network device may be configured to identify one or more exit points of the network device associated with the network traffic and to determine, based on the one…
Closed-loop network provisioning based on network access control fingerprinting
Granted: December 10, 2024
Patent Number:
12166758
Techniques are described for providing network provisioning by a network management system (NMS) based on fingerprint information determined by a network access control (NAC) system. An example method includes receiving, by the NAC system, a network access request for a client device to access an enterprise network; obtaining, by the NAC system, fingerprint information of the client device associated with the network access request, wherein the fingerprinting information comprises…
Network management system for dial-out communication sessions
Granted: December 10, 2024
Patent Number:
12166749
A system determines identification information associated with an endpoint device, which is associated with a tenant of the system, and the tenant. The system generates and sends, to the endpoint device, a certificate that includes the identification information. The system receives, from the endpoint device and as part of an attempt by the endpoint device to initiate a dial-out communication session with the system, the certificate. The system causes, based on the certificate, the…
Apparatus, system, and method for instant routing engine switchovers
Granted: December 10, 2024
Patent Number:
12166672
A disclosed computing device capable of instantly switching over between routing engines may include (1) a packet forwarding board configured to (A) forward control traffic via a first link to a traffic replication device and (B) forward data traffic via a second link to a first routing engine, (2) the traffic replication device configured to (A) replicate the control traffic received from the packet forwarding board and (B) select control signals received from the first routing engine,…
Session monitoring using metrics of session establishment
Granted: December 10, 2024
Patent Number:
12166670
A first router generates session establishment metrics for use in network path selection. For example, a plurality of routers connect a client device to a network service instance hosted by a server. A first router is connected to the network service instance via first and second paths. The first router receives session performance requirements for a session between the client device and the network service instance. The first router forwards, along the first path, network traffic for…
Software upgrade deployment in mixed network of in-service software upgrade (ISSU)-capable and ISSU-incapable devices
Granted: December 10, 2024
Patent Number:
12164905
Techniques are disclosed for deploying software upgrades to a mixed network of In-Service Software Upgrade (ISSU)-capable and ISSU-incapable network devices without interrupting network traffic serviced by the mixed network. In one example, a centralized controller for a network determines that first network devices of a plurality of network devices for the network are In-Service Software Upgrade (ISSU)-capable and second network devices of the plurality of network devices are not…
Protecting instances of resources of a container orchestration platform from unintentional deletion
Granted: December 3, 2024
Patent Number:
12159176
A container orchestration platform manages a plurality of instances of resources including a first custom resource and a second custom resource. An API server of the container orchestration platform receives a request to delete an instance of the second custom resource; determines whether instance data associated with the instance of the second custom resource has a backreference identifying an instance of the first custom resource, the backreference indicating the instance of the first…
