Controlling paths in a network via a centralized controller or network devices
Granted: October 11, 2022
Patent Number:
11469993
A device provides path data associated with a network that includes network devices interconnected by links. The path data includes data identifying a first path and a second path to be provided through the network. The device provides an instruction to cause the network devices to provide information identifying the first path and to route traffic via the first path, and receives an indication of a failure associated with the first path. The indication causes the network devices to…
Network controller deployment
Granted: October 11, 2022
Patent Number:
11469958
A method for configuring a fabric managed by a software-defined networking (SDN) controller includes, with a first control host installed in a first rack having a first management switch and a second control host installed in a second rack, executing controller nodes that implement an SDN controller using a controller virtual network extending between the first rack and the second rack. The first management switch is configured to route traffic between the controller virtual network and…
Application identification and path selection at a wireless access point for local network traffic breakout
Granted: October 4, 2022
Patent Number:
11463914
A wireless access point comprises a memory; and one or more processors operably coupled to the memory configured to: receive a first packet for an application; configure an initial packet flow for the application including a first forwarding action to send traffic for the application via a tunnel path; learn the application of the first packet; generate, based on a policy of the application, an entry in an application server address cache specifying an address of the application server…
Translation between a first version of internet protocol and a second version of internet protocol when an application layer gateway (ALG) is involved
Granted: October 4, 2022
Patent Number:
11463358
A device may receive, from a first device, a port control protocol (PCP) request that includes a customer side translator (CLAT) prefix and one or more private internet protocol version X (IPvX) addresses. The PCP request may be received via an internet protocol version Y (IPvY) network. The device may store the CLAT prefix and the one or more private IPvX addresses using a data structure. The device may receive a packet that includes a private IPvX of the one or more private IPvX…
Point-to-multipoint Layer-2 network extension over Layer-3 network
Granted: October 4, 2022
Patent Number:
11463347
Techniques are disclosed for session-based routing of multipoint Open Systems Interconnection (OSI) Model Layer-2 (L2) frames of an L2 network extended over Layer-3 (L3) networks. In one example, L2 networks connect a source device to an ingress router and receiver devices to egress routers. An L3 network connects the ingress and egress routers. The ingress router receives, from the source device, a multipoint L2 frame destined for the receiver devices. The ingress router forms, for each…
EVPN multicast ingress forwarder election using source-active route
Granted: October 4, 2022
Patent Number:
11463269
The techniques describe example network systems providing core-facing designated forwarder (DF) election to forward multicast traffic into an EVPN of a core network. For example, a first PE device of a plurality of PE devices participating in an EVPN comprises one or more processors operably coupled to a memory, wherein the one or more processors are configured to: determine that a first multicast traffic flow has started for the first PE device; in response, send a source-active (SA)…
Enforcing micro-segmentation policies for physical and virtual application components in data centers
Granted: September 27, 2022
Patent Number:
11457043
A device may receive policy information associated with a first application group and a second application group. The device may receive network topology information associated with a network. The device may generate a first policy based on the policy information and the network topology information, and generate a second policy based on the policy information and the network topology information. The device may provide, to the virtual network device, information associated with the…
Tenant-based mapping for virtual routing and forwarding
Granted: September 27, 2022
Patent Number:
11456955
A network device is configured to associate a tenant of a plurality of tenants with a virtual routing and forwarding (VRF) instance of a plurality of VRF instances. The network device receives a packet comprising metadata specifying a tenant identifier for the tenant. The network device identifies, based on the tenant identifier specified by the metadata, the VRF instance associated with the tenant. The network device retrieves one or more routes from a routing information base (RIB) of…
Methods and apparatus related to virtualization of data center resources
Granted: September 20, 2022
Patent Number:
11451491
In one embodiment, an apparatus includes a switch core that has a multi-stage switch fabric. A first set of peripheral processing devices coupled to the multi-stage switch fabric by a set of connections that have a protocol. Each peripheral processing device from the first set of peripheral processing devices is a storage node that has virtualized resources. The virtualized resources of the first set of peripheral processing devices collectively define a virtual storage resource…
Anti-spoof check of IPv4-in-IPv6 fragments without reassembly
Granted: September 20, 2022
Patent Number:
11451585
A network device may receive, from a first network, one or more fragments of a first network packet of a first network packet type, where the first network packet encapsulates a second network packet of a second network packet type. The network device may buffer the one or more fragments in. The network device may, upon receiving a fragment of the first network packet that includes an indication of a source network address and a source port for the second network packet, perform an…
Distributed tactical traffic engineering (TE) using loop free alternative (LFA), remote-LFA (R-LFA) and/or topology independent-LFA (TI-LFA) secondary paths
Granted: September 20, 2022
Patent Number:
11451478
A tactical solution to network congestion is provided by a data forwarding device having (1) a first interface with a first link to a downstream data forwarding device and (2) second interface with a second link to a downstream data forwarding device, and executing a method comprising: (a) configuring the second interface as part of a loop-free alternate (LFA) path to a destination device, wherein the first interface is part of a shortest/preferred path to the destination device; (b)…
Virtualization infrastructure underlay network performance measurement and monitoring
Granted: September 20, 2022
Patent Number:
11451454
A variety of different graphical user interfaces are generated that when displayed provide a visual and interactive representation of one or more performance metrics associated with the operation of a computer network. The graphical user interfaces may be used to monitor the underlay computer network for a virtualization infrastructure, as one example. Aspects include grouping the servers of a computer network into a plurality of aggregates, each aggregate comprising one or more servers.…
Scalable control plane for telemetry data collection within a distributed computing system
Granted: September 20, 2022
Patent Number:
11451450
An example control plane that is executed on one or more processors in a distributed computing system is configured to receive an indication of a node to be onboarded into the distributed computing system, wherein the node comprises one of a compute node or a network device node, to discover one or more compute resources or network device resources that are associated with the node, and to assign, based on the discovery, the node to a collector that is executed in the distributed…
Configuration of EVPN topologies using a user interface
Granted: September 20, 2022
Patent Number:
11451449
Techniques are described by which a network management system (NMS) provides a common user interface (UI) to enable a user to collectively configure network devices to establish an EVPN topology. For example, an NMS is configured to: generate data representative of a common UI comprising UI elements representing a plurality of network devices to be configured in an EVPN topology; receive, via the common UI, an indication of a user input selecting one or more of the UI elements…
Sharing configuration resources for network devices among applications
Granted: September 20, 2022
Patent Number:
11451440
In an example, a method includes receiving, by a network management system (NMS), a configuration request comprising first configuration data for a network device, the first configuration data defining a data structure comprising a first property/value pair; generating, by the NMS from the first configuration data, a corresponding first path/value pair for the first property/value pair, wherein a path of the first path/value pair uniquely identifies the first path/value pair in an…
Optical protection switch with broadcast multi-directional capability
Granted: September 13, 2022
Patent Number:
11444715
An apparatus includes a first reconfigurable optical add/drop multiplexer (ROADM) to receive a first optical signal and a second ROADM to receive a second optical signal. The apparatus also includes a reconfigurable optical switch that includes a first switch, switchable between a first state and a second state, to transmit the first optical signal at the first state and block the first optical signal at the second state. The reconfigurable optical switch also includes a second switch,…
Deploying secure neighbor discovery in EVPN
Granted: September 13, 2022
Patent Number:
11444975
Techniques are described for providing security extensions to neighbor discovery in Ethernet Virtual Private Network (EVPN). For example, a network device that implements Ethernet Virtual Private Network (EVPN) receives a neighbor discovery response message including a nonce originated by a second network device and not originated by the first network device. The network device processes the neighbor discovery response message including the nonce originated by the second network device…
Multiple clusters managed by software-defined network (SDN) controller
Granted: September 13, 2022
Patent Number:
11444836
In general, the disclosure describes examples where a single software-defined network (SDN) controller is configured to receive an indication of a first cluster identifier for a first cluster of computing devices and receive an indication of a second cluster identifier for a second cluster of computing devices. In response to a determination that first configuration information indicates the first cluster identifier, the SDN controller is configured to configure a first set of virtual…
Business policy management for self-driving network
Granted: September 13, 2022
Patent Number:
11444833
A controller device manages a plurality of network devices. The controller device includes one or more processing units configured to receive an indication of a stateful intent, the data structure including a plurality of nodes and a plurality of edges, each node of the plurality of nodes being representative of a respective network device of the plurality of network devices. The one or more processing units are configured to determine, using an abstract function configured at a node of…
Maximally redundant trees to redundant multicast source nodes for multicast protection
Granted: September 13, 2022
Patent Number:
11444793
In general, techniques are described for enabling a network of network devices (or “nodes”) to provide redundant multicast streams from redundant multicast sources to an egress network node. In some examples, the egress network node (or a controller for the network) computes maximally redundant trees (MRTs) from the egress network node to a virtual proxy node virtually added to the network topology by the egress network node for redundant multicast sources of redundant multicast…
