Signaling IP path tunnels for traffic engineering
Granted: October 31, 2023
Patent Number:
11805010
In general, techniques are described for signaling IP path tunnels for traffic engineering using constraints in an IP network. For example, network devices, e.g., routers, of an IP network may compute an IP path using constraint information and establish the IP path using, for example, Resource Reservation Protocol, to signal the IP path without using MPLS. As one example, the egress router generates a path reservation signaling message that includes an egress IP address that is assigned…
Core isolation for logical tunnels stitching multi-homed EVPN and L2 circuit
Granted: October 24, 2023
Patent Number:
11799716
Techniques are described to provide layer 2 (L2) circuit failover in the event connectivity to an Ethernet Virtual Private Network (EVPN) instance is lost. For example, if one of multi-homed provider edge (PE) devices loses connectivity to the EVPN instance, the PE device may mark its customer-facing interface as down and propagate the interface status to the access node such that the access node may update its routing information to switch L2 circuits to another one of the multi-homed…
Session-based packet capture
Granted: October 24, 2023
Patent Number:
11799779
Techniques are disclosed for generating session-specific packet capture records. In one example, a first network device receives a first packet of a session between first and second client devices, the session comprising forward and reverse packet flows. The first network device modifies the first packet to include metadata comprising a packet capture indicator that indicates whether packet capture is to be performed for the session. The first network device stores at least a portion of…
Processing segment routing packets with two policy processing instructions in a segment routing domain
Granted: October 24, 2023
Patent Number:
11799778
A network device may receive a packet and may determine whether a next header of the packet is an Internet protocol (IP) header, an Internet control message protocol (ICMP) header, or a segment routing header. The network device may determine, when the next header of the packet is the IP header, whether policy processing of the packet is set to ultimate segment decapsulation and may discard the packet when the policy processing of the packet is not set to ultimate segment decapsulation.…
Support for multiple virtual networks over an underlay network topology
Granted: October 24, 2023
Patent Number:
11799772
Techniques are described for supporting multiple virtual networks over an underlay network. The techniques may provide support for network slicing and enhanced virtual private networks (VPNs) over an underlay network. In general, the techniques include allocating a subset of resources (e.g., nodes and/or links) of the underlay network to a particular virtual network, and advertising the subset of resources to provider edge (PE) routers that are participating in the virtual network. A…
Layer-2 network extension over layer-3 network using layer-2 metadata
Granted: October 24, 2023
Patent Number:
11799762
Techniques are disclosed for session-based routing within Open Systems Interconnection (OSI) Model Layer-2 (L2) networks extended over Layer-3 (L3) networks. In one example, L2 networks connect a first client device to a first router and a second client device to a second router. An L3 network connects the first and second routers. The first router receives, from the first client device, an L2 frame destined for the second client device. The first router generates an L3 packet comprising…
Systems and methods for facilitating traceroute operations across segment routing paths within networks
Granted: October 24, 2023
Patent Number:
11799749
A disclosed method may include (1) receiving, at a node within a network, an MPLS echo request from an additional node adjacent to the node, (2) determining that a FEC query is included in a FEC stack of the MPLS echo request and then, in response to determining that the FEC query is included in the FEC stack of the MPLS echo request, (3) determining at least one FEC that corresponds to a label included in a label stack of the MPLS echo request, and then (4) notifying the additional node…
Topology-based graphical user interface for network management systems
Granted: October 24, 2023
Patent Number:
11799737
In general, techniques are described by which to provide a topology-based graphical user interface for network management systems. A controller device comprising a processor and a memory may be configured to perform the techniques. The processor may monitor network devices arranged according to a network topology to obtain operational data, and obtain configuration data defining the network topology. The memory may store the operational data and the configuration data. The processor may…
Dynamic prediction of system resource requirement of network software in a live network using data driven models
Granted: October 24, 2023
Patent Number:
11797408
In general, a device comprising a processor and a memory may be configured to perform various aspects of the techniques described in this disclosure. The processor may conduct, based on configuration parameters, each of a plurality of simulation iterations within the test environment to collect a corresponding plurality of simulation datasets representative of operating states of the network device. The processor may perform a regression analysis with respect to each of the plurality of…
Generating cryptographic random data from raw random data
Granted: October 17, 2023
Patent Number:
11791981
A device may store raw random data in a raw random data store. The raw random data may include a first plurality of data strings. The device may generate, using a quotient ring transform (QRT), cryptographic random data based on the raw random data. The cryptographic random data includes a second plurality of data strings that is transformed from the first plurality of data strings based on an extraction state stored in an extraction state store. The device may store the cryptographic…
Quantum cryptography in an internet key exchange procedure
Granted: October 17, 2023
Patent Number:
11791994
In some implementations, a first network device may communicate, with a second network device, one or more internet key exchange (IKE) messages to exchange a first identifier associated with the first network device and a second identifier associated with the second network device, and to indicate that a post-quantum preshared key (PPK) is to be used as a shared key for an IKE security association (SA) between the first network device and the second network device. The first network…
Processing instructions to configure a network device
Granted: October 17, 2023
Patent Number:
11792069
A controller device includes a memory configured to store a tree structure comprising a plurality of nodes, wherein the tree structure comprises a set of sub-structures, and wherein the tree structure defines a configuration of a network device of a set of network devices such that each node of the plurality of nodes corresponds to a respective resource of the network device. Additionally, the controller device includes processing circuitry configured to receive an instruction to update…
Intent-based user authentication for dynamic applications
Granted: October 17, 2023
Patent Number:
11792071
An example computing system includes one or more processing units implemented in circuitry and configured to: process an intent for configuration of a plurality of managed network devices, the intent representing authorization of access to capabilities of applications accessible to users of the managed network devices according to roles assigned to the users; receive advertised capabilities from a new application accessible to the users; receive a request for authorization to one of the…
Systems and methods for replicating traffic statistics on redundant packet forwarding engine system
Granted: October 17, 2023
Patent Number:
11792111
In some implementations, a first processing component of a network device may receive first traffic data obtained by a second processing component of the network device. The first processing component may store the first traffic data as residual statistics. The first processing component may obtain second traffic data associated with a copy of a traffic stream processed by the first processing component based on storing the first traffic data as the residual statistics. The first…
Multi-protocol service chaining among devices of interconnected topology
Granted: October 17, 2023
Patent Number:
11792119
Virtual network controllers are described that automatically generate policies and configuration data for routing traffic through physical network function (PNF) service chains in a multi-tenant data center. An example network controller includes a memory and processing circuitry configured to: automatically generate, for one or more integrated routing and bridging (IRB) units of corresponding virtual network forwarding tables of a switch of a switch fabric of a data center network,…
Configuring service load balancers with specified backend virtual networks
Granted: October 17, 2023
Patent Number:
11792126
Techniques are described for specifying a backend virtual network for a service load balancer. An example orchestrator of this disclosure is configured to receive a service definition for a service implemented by load balancing service traffic for the service among a plurality of backend virtual execution elements, wherein the service definition specifies a first virtual network to use as a backend virtual network for the service, to instantiate, in a selected one of the computing…
Bulk discovery of devices behind a network address translation device
Granted: October 10, 2023
Patent Number:
11784874
A network management system may discover a plurality of network devices behind a network address translation device, such as a firewall. The network management system may receive a model of N network devices, generate a bulk activation configuration for the N network devices and commit the bulk activation configuration on a seed network device. The network management system may receive a request for a first connection from a first neighboring network device and may connect to the first…
Layer-2 network extension over Layer-3 network using encapsulation
Granted: October 10, 2023
Patent Number:
11784917
Techniques are disclosed for session-based routing within Open Systems Interconnection (OSI) Model Layer-2 (L2) networks extended over Layer-3 (L3) networks. In one example, L2 networks connect a first client device to a first router and a second client device to a second router. An L3 network connects the first and second routers. The first router receives, from the first client device, an non-session-based L2 frame destined for the second client device. The first router forms an L3…
Combined input and output queue for packet forwarding in network devices
Granted: October 10, 2023
Patent Number:
11784925
An apparatus for switching network traffic includes an ingress packet forwarding engine and an egress packet forwarding engine. The ingress packet forwarding engine is configured to determine, in response to receiving a network packet, an egress packet forwarding engine for outputting the network packet and enqueue the network packet in a virtual output queue. The egress packet forwarding engine is configured to output, in response to a first scheduling event and to the ingress packet…
Dropped packet detection and classification for networked devices
Granted: October 10, 2023
Patent Number:
11784937
In general, this disclosure describes a network device to determine a cause of packets being dropped within a network. An example method includes generating, by a traffic monitor operating on a network device, an exception packet that includes a unique exception code that identifies a cause for a component in the network device to discard a transit packet, and a nexthop index identifying a forwarding path being taken by the transit packet experiencing the exception. The method also…
