Malware detection based on user interactions
Granted: January 23, 2024
Patent Number:
11880458
A device may receive a file that has been downloaded, or is to be downloaded, to a user device, and that is to be subject to a malware detection procedure. The device may obtain, based on one or more file identification properties of the file, metadata identifying user interactions associated with the file. The metadata may include a first group of user interactions performed when the file was accessed on the user device or a second group of user interactions performed when the file was…
Monitoring a media access control security session
Granted: January 16, 2024
Patent Number:
11876800
A device may determine that a first link of the device is active. The device may determine whether a Media Access Control Security (MACsec) session is established on the first link. The device may selectively enable or disable a second link of the device based on determining whether the MACsec session is established on the first link.
Avoiding loops by preventing further fast reroute (FRR) after an earlier FRR
Granted: January 16, 2024
Patent Number:
11876706
In some cases, once Fast Reroute (FRR) has taken place (e.g., for MPLS protection), a further FRR is undesirable, and even detrimental. A mechanism to prevent a further FRR, once such a further FRR is determined to be potentially harmful, is described.
Path monitoring system (PMS) controller or ingress node based multiprotocal label switching (MPLS) ping and traceroute in inter-autonomous system (AS) segment routing (SR) networks
Granted: January 16, 2024
Patent Number:
11876695
Echo or traceroute functionality is supported in a path spanning multiple autonomous systems (ASes) having segment routing (SR) enabled, the path including an ingress node and an egress node, by: (a) obtaining a return label stack to reach the ingress node from either (A) the egress node, or (B) a transit node in the path; (b) obtaining a label stack to reach, from the ingress node, either (A) the egress node, or (B) the transit node; (c) generating a request message including the return…
Storing configuration data changes to perform root cause analysis for errors in a network of managed network devices
Granted: January 16, 2024
Patent Number:
11876673
An example application programming interface (API) server device that distributes configuration data to managed network devices includes one or more processing units implemented in circuitry and configured to receive configuration data to be deployed to at least one of the managed network devices; store the configuration data to a configuration database; and send the configuration data to the at least one of the managed network devices. In this manner, the configuration data can be…
Providing physical host hardware state information to virtual machines deployed on the physical host
Granted: January 16, 2024
Patent Number:
11875175
A device may receive, from a virtual machine deployed on the device, a request to register for an event associated with a hardware component of the device, and may create a path to a script associated with providing information about the event when the event occurs. The device may provide the script to an event plugin associated with the event and the hardware component, and may register the event plugin with a kernel associated with the device. The device may receive, the kernel,…
Identifying and correlating metrics associated with unhealthy key performance indicators
Granted: January 9, 2024
Patent Number:
11870559
A device may receive network data associated with a network, and may calculate, based on the network data, key performance indicators (KPIs) for the network. The device may generate a first user interface that depicts one or more of the KPIs, and may receive a selection of a particular KPI from the one or more KPIs displayed by the first user interface. The device may parse a set of rules, utilized to calculate the particular KPI, to generate a parsed set of rules, and may analyze the…
Data center architecture utilizing optical switches
Granted: January 9, 2024
Patent Number:
11871163
Embodiments of the invention describe flexible (i.e., elastic) data center architectures capable of meeting exascale, while maintaining low latency and using reasonable sizes of electronic packet switches, through the use of optical circuit switches such as optical time, wavelength, waveband and space circuit switching technologies. This flexible architecture enables the reconfigurability of the interconnectivity of servers and storage devices within a data center to respond to the…
Liveness detection and route convergence in software-defined networking distributed system
Granted: January 9, 2024
Patent Number:
11870677
This disclosure describes techniques for improving speed of network convergence after node failure. In one example, a method includes storing, by SDN controller, an underlay routing table having routes for an underlay network of a data center and an overlay routing table having a set of routes for a virtual network of an overlay network for the data center, wherein the underlay network includes physical network switches, gateway routers, and a set of virtual routers executing on…
Network policy generation for continuous deployment
Granted: January 9, 2024
Patent Number:
11870642
In an example, a method comprises obtaining, by a policy controller from a first SDN architecture system, flow metadata for packet flows exchanged among workloads of a distributed application deployed to the first SDN architecture system; identifying, using flow metadata for a packet flow of the packet flows, a source endpoint workload and a destination endpoint workload of the packet flow; generating a network policy rule to allow packet flows from the source endpoint workload to the…
Intent-based, network-aware network device software-upgrade scheduling
Granted: January 9, 2024
Patent Number:
11868761
A controller device manages a plurality of network devices. The controller device includes one or more processing units configured to receive an upgrade request; obtain a redundancy model indicating network device redundancies or service redundancies; determine, based on the upgrade request and the redundancy model, an update graph having nodes each representing one of the network devices or one of the services, the update graph also having at least one edge that connects two of the…
Autotuning a virtual firewall
Granted: January 2, 2024
Patent Number:
11863524
A device may receive an input associated with deploying a virtual firewall on a computing device. The device may determine a first set of characteristics associated with the virtual firewall and a second set of characteristics associated with a hypervisor associated with the computing device. The device may automatically tune the virtual firewall based on the first set of characteristics and the second set of characteristics. The device may deploy the virtual firewall after tuning the…
Prefix range to identifier range mapping
Granted: January 2, 2024
Patent Number:
11863445
A network node may receive an indication of a range of network address prefixes and a corresponding range of sequential identifiers. The network node may generate a policy for mapping respective network address prefixes, having ordered positions within the range of network address prefixes, to respective identifiers having corresponding ordered positions within the corresponding range of sequential identifiers. The network node may discover a device associated with a network address…
Determining a best destination over a best path using multifactor path selection
Granted: January 2, 2024
Patent Number:
11863426
A network device may receive a request for a service from an endpoint device located in a first region, and may determine whether destination addresses are identified for the service and the first region. The network device may determine whether the service and the first region are identified in a lookup table, and may receive performance metrics associated with multiple paths in the first region to the destination addresses, based on the service and the first region not being identified…
Model-based service placement
Granted: December 26, 2023
Patent Number:
11855848
An example computing device is configured to receive an instance of a customer service model representative of a plurality of customer services. Each of the plurality of customer services associated with a corresponding at least one requirement and a corresponding at least one constraint. The computing device is configured to receive an instance of a resource model representative of a plurality of resources and map the instance of the customer service model and the instance of the…
Using anycast as an abstract next hop (ANH) to reduce information related to border gateway protocl (BGP) next hops received by autonomous system border routers (ASBRs) and/or to improve BGP path convergence
Granted: December 19, 2023
Patent Number:
11848852
An autonomous system border router (ASBR) provided in a domain in which routers share an anycast address, may perform a method comprising: (a) receiving, from an exterior Border Gateway Protocol (eBGP) peer, first reachability information for a first prefix, the first reachability information including a first next hop (NH) address; (b) communicating first link state information about the first prefix to another router in the domain, the first link state information associating the first…
Detection of insufficient RF coverage areas in a wireless network
Granted: December 12, 2023
Patent Number:
11843957
Techniques are described that detect areas with insufficient radio frequency (RF) coverage in a wireless network. A network management system (NMS) determines one or more service level expectation (SLE) metrics for each client device in a wireless network. The SLE metrics are aggregated to each access point (AP) in the wireless network, and each AP is assigned an AP score based on the aggregated SLE metrics. To identify potential coverage holes, the NMS groups APs having poor AP scores.…
Safely engineering egress traffic changes
Granted: December 12, 2023
Patent Number:
11843542
A network device can automatically select an execution plan from a set of possible execution plans that cause a first set of traffic assignments in a network to be changed to a second set of traffic assignments. A traffic assignment indicates assignments of the traffic to one or more tunnels, internal routes and/or peer links to be utilized for routing traffic received at provider edge routers through a network to prefixes. A traffic assignment can have various parameters such as…
Service-based transport classes for mapping services to tunnels
Granted: December 5, 2023
Patent Number:
11838147
Techniques are disclosed for disseminating network service-specific mapping information across administrative domains. In one example, a network device receives an indication of a route target and one or more underlay tunnels configured to support a service route. The service route is configured to transport network traffic associated with a first network service of a plurality of network services. The network device defines, based on the indication, a first transport class of a…
Identifying root cause of failures through detection of network scope failures
Granted: December 5, 2023
Patent Number:
11838172
Techniques are described by which a network management system (NMS) is configured to provide identification of root cause failure through the detection of network scope failures. For example, the NMS comprises one or more processors; and a memory comprising instructions that when executed by the one or more processors cause the one or more processors to: generate a hierarchical attribution graph comprising attributes representing different network scopes at different hierarchical levels;…
