Data collection configuration file generation
Granted: January 31, 2023
Patent Number:
11570260
A network monitoring system may receive a configuration request to generate a configuration file associated with collecting feature or debug data associated with a feature, hardware, or software associated with a network device. The network monitoring system may determine a command profile associated with the feature, hardware, or software that identifies a set of commands associated with obtaining the feature or debug data from the network device. The network monitoring system may…
Dynamic security actions for network tunnels against spoofing
Granted: January 31, 2023
Patent Number:
11570207
An example network device receives an encapsulated network packet via a network tunnel; extracts IPv6 header information from the encapsulated network packet; extracts IPv4 header information from the encapsulated network packet; determines that the encapsulated network packet is a spoofed network packet based on the IPv6 header information and the IPv4 header information; and in response to detecting the spoofed network packet, transmits a message to a Tunnel Entry Point (TEP) device,…
Preventing packet loss during timer-based encryption key rollover
Granted: January 31, 2023
Patent Number:
11570162
A key server network device may install, on the key server network device, a new decryption key based on a timer-based key rollover setting and may provide, to peer network devices, messages identifying the new decryption key. The key server network device may utilize an original encryption key, to encrypt traffic, until all of the peer network devices provide acknowledgements of installation of the new decryption key. The key server network device may be configured to utilize the…
Decryption of secure sockets layer sessions having enabled perfect forward secrecy using a Diffie-Hellman key exchange
Granted: January 31, 2023
Patent Number:
11569986
A device may receive client cipher information, associated with initiating a secure session, identifying at least one key exchange cipher supported by a client device associated with the secure session. The device may determine, based on the client cipher information, that a Diffie-Hellman key exchange is to be used to establish the secure session. The device may determine whether a server device, associated with the secure session, supports use of the Diffie-Hellman key exchange. The…
Network system fault resolution via a machine learning model
Granted: January 31, 2023
Patent Number:
11570038
Disclosed are embodiments for automatically resolving faults in a complex network system. Some embodiments monitor one or more of system operational parameter values and message exchanges between network components. A machine learning model detects a fault in the complex network system, and an action is selected based on a cause of the fault. After the action is applied to the complex network system, additional monitoring is performed to either determine the fault has been resolved or…
Service status notification
Granted: January 31, 2023
Patent Number:
11570073
A provider edge (PE) device may receive traffic associated with one or more services, wherein the traffic includes a plurality of packets, and may determine, based on the plurality of packets, one or more packets respectively associated with each service of the one or more services. The PE device may determine, based on the one or more packets respectively associated with each service of the one or more services, a respective status of each of the one or more services. The PE device may…
Multiple state control interfaces between a control plane and a user plane in a disaggregated broadband network gateway architecture
Granted: January 31, 2023
Patent Number:
11570080
A disaggregated broadband network gateway (DBNG) control plane system may receive an association setup request message from a DBNG user plane device, wherein the association setup request message is received via a state control interface between the DBNG control plane system and the DBNG user plane device. The DBNG control plane system may determine, based on the association setup request message, one or more capabilities of the DBNG user plane device and may thereby cause one or more…
Fast reroute for BUM traffic in ethernet virtual private networks
Granted: January 31, 2023
Patent Number:
11570086
Techniques are described for providing fast reroute for BUM traffic in EVPN. For example, a first provider edge (PE) device, elected as a designated forwarder (DF) of an Ethernet segment, configures a backup path using a label received from a second PE device of the Ethernet segment (e.g., backup DF) that identifies the second PE device as a “protector” of the Ethernet segment. For example, a routing component of the DF configures within a forwarding component a backup path to the…
Scaling border gateway protocol services
Granted: January 31, 2023
Patent Number:
11570094
This disclosure describes techniques for scaling resources that handle, participate, and/or control routing protocol sessions. In one example, this disclosure describes a method that includes instantiating a plurality of containerized routing protocol modules, each capable of storing routing information about a network having a plurality of routers; performing network address translation to enable each of the containerized routing protocol modules to communicate with each of the…
Estimating standby socket window size during asynchronous socket replication
Granted: January 31, 2023
Patent Number:
11570116
A secondary routing device is configured as a backup routing device for a primary routing device. The primary routing device performs asynchronous socket replication with the secondary routing device. The secondary routing device includes a transmission buffer, in memory, for storing replicated socket data transmitted between the primary routing device and the standby routing device and one or more processors implemented in circuitry and configured to execute a replication driver to:…
Methods and apparatus relating to the use of real and/or virtual beacons
Granted: January 24, 2023
Patent Number:
11564147
Methods and apparatus relating to use of actual and/or virtual beacons are described. Virtual beacons are virtual in that an actual beacon need not be transmitted but a rather a virtual beacon transmitter at a desired location maybe considered to transmit virtual beacons. In some embodiments a set of beacon transmitter information for one or more beacons is supplied to devices in a communications system. The beacon transmitter information indicates transmission power and location of…
Lockless management of immutable objects by multi-threaded processes using multiple counters
Granted: January 24, 2023
Patent Number:
11561823
In general, the disclosure describes techniques for lockless management of immutable objects by multi-threaded processes. A device comprising a processor may implement the techniques, where the processor execute a multi-threaded process including a producer thread and a consumer thread. The producer thread may instantiate an immutable object, and provide, to the consumer thread, a reference to the immutable object. The producer thread may also increment a reference counter to indicate…
Pattern matching by a network device for domain names with wildcard characters
Granted: January 24, 2023
Patent Number:
11563715
A network device may receive data, may extract primary patterns from a plurality of domain names included in the data, may process the primary patterns, with a hash model, to generate hash keys for the primary patterns, wherein a hash key includes a hash value associated with a wildcard character, and may store the plurality of domain names in a hash table. The network device may extract a particular primary pattern from a particular domain name included in a search request, may…
Routing engine switchover based on health determined by support vector machine
Granted: January 24, 2023
Patent Number:
11563671
This disclosure describes techniques that include determining the health of one or more routing engines included within a router. In one example, this disclosure describes a method that includes performing, by a first routing engine included within a router, routing operations, wherein the router includes a plurality of routing engines, including the first routing engine and a second routing engine; receiving, by a computing system, data including health indicators associated with the…
Methods and apparatus relating to the use of real and/or virtual beacons
Granted: January 24, 2023
Patent Number:
11564147
Methods and apparatus relating to use of actual and/or virtual beacons are described. Virtual beacons are virtual in that an actual beacon need not be transmitted but a rather a virtual beacon transmitter at a desired location maybe considered to transmit virtual beacons. In some embodiments a set of beacon transmitter information for one or more beacons is supplied to devices in a communications system. The beacon transmitter information indicates transmission power and location of…
Pattern matching by a network device for domain names with wildcard characters
Granted: January 24, 2023
Patent Number:
11563715
A network device may receive data, may extract primary patterns from a plurality of domain names included in the data, may process the primary patterns, with a hash model, to generate hash keys for the primary patterns, wherein a hash key includes a hash value associated with a wildcard character, and may store the plurality of domain names in a hash table. The network device may extract a particular primary pattern from a particular domain name included in a search request, may…
Routing engine switchover based on health determined by support vector machine
Granted: January 24, 2023
Patent Number:
11563671
This disclosure describes techniques that include determining the health of one or more routing engines included within a router. In one example, this disclosure describes a method that includes performing, by a first routing engine included within a router, routing operations, wherein the router includes a plurality of routing engines, including the first routing engine and a second routing engine; receiving, by a computing system, data including health indicators associated with the…
Proactive tunnel configuration computation for on-demand SD-WAN tunnels
Granted: January 24, 2023
Patent Number:
11563601
This disclosure describes techniques are described for proactively computing configuration information for policy-driven on-demand tunnel creation and deletion between sites in a software-defined networking in wide area network (SD-WAN) environment. In some examples, a controller device is configured to precompute configuration data for an overlay tunnel through the wide area network to connect a first site and a second site of a plurality of sites in the SD-WAN environment. The…
Memory tracking for malware detection
Granted: January 24, 2023
Patent Number:
11562066
A device may load a process under test into virtual memory associated with the device. The virtual memory may include a plurality of memory pages. The device may insert a malware inspection element and a memory tracking element into the process under test and may provide a notification of an event associated with the process under test to a memory tracking element. The device may identify, using the memory tracking element, one or more memory pages of the plurality of memory pages. The…
Supporting multiple authentication methods on a port of a network device at the same time
Granted: January 24, 2023
Patent Number:
11562062
A network device may receive, via a single port of the network device, a connection request from a user device and may obtain, based on the connection request, information related to an authentication history of the user device. The network device may determine, based on the information related to the authentication history of the user device, an authentication method to be used by the network device to authenticate the user device and may determine, using the authentication method, that…
