Methods and apparatus for centralized operational management of heterogenous network devices through software-based node unification
Granted: July 20, 2021
Patent Number:
11070443
Apparatus and methods described herein relate to an apparatus including a memory and a processor operatively coupled to the memory. The processor can receive a set of network management device packages associated with a set of network management devices. The processor can merge a set of management device schema commands from the set of network management device packages with a unified schema to produce unified schema information. The processor can receive a unified schema command signal…
Dynamic implementation of a security rule
Granted: July 20, 2021
Patent Number:
11070589
A device may receive information identifying a set of conditions related to controlling implementation of a set of security rules. The set of conditions may be associated with a set of security actions that a device is to perform based on whether the set of conditions is satisfied. The device may determine the set of security rules that is to be controlled by the set of conditions using information related to the set of security rules. The device may modify information related to the set…
Removing anomalies from security policies of a network security device
Granted: July 20, 2021
Patent Number:
11070522
The techniques described herein may optimize a set of ordered rules of a security device through the removal of one or more anomalies. For example, a security management system or other configuration management system or component may detect and remove one or more anomalies from a set (e.g., list) of one or more ordered rules to be enforced by the network security device, such as shadowing anomalies, redundancy anomalies, and/or correlation anomalies, among others, as described herein.…
Selective load balancing for spraying over fabric paths
Granted: July 20, 2021
Patent Number:
11070474
A network device includes a memory, a plurality of packet processors, a switch fabric coupling the plurality of processors, and processing circuitry. The processing circuitry is configured to receive a data stream to be transmitted on a switch fabric and determine a plurality of credit counts, each credit count being assigned to a respective subchannel of a plurality of subchannels. The packet processor is further configured to determine per-subchannel occupancy of the memory for the…
Dynamically mapping hash indices to member interfaces
Granted: July 20, 2021
Patent Number:
11070472
Techniques are described for dynamically mapping hash indices to member interfaces of an aggregated interface in a hash data structure. As one example, a network device may compute net weights for the member links of a link aggregation group (LAG) and respective utilization values of hash indices in a hash map for the LAG. The network device may generate binary trees based on the net weights and utilization values of the member links of the LAG, and may map values, e.g., median values,…
Scaling border gateway protocol services
Granted: July 20, 2021
Patent Number:
11070469
This disclosure describes techniques for scaling resources that handle, participate, and/or control routing protocol sessions. In one example, this disclosure describes a method that includes instantiating a plurality of containerized routing protocol modules, each capable of storing routing information about a network having a plurality of routers; performing network address translation to enable each of the containerized routing protocol modules to communicate with each of the…
Serverless segment routing (SR)-label distribution protocol (LDP) stitching
Granted: July 20, 2021
Patent Number:
11070468
A data forwarding device belonging to both (1) a segment routing (SR) domain and (2) a label distribution protocol (LDP) domain may be used to perform a method comprising: (a) receiving, by the data forwarding device, information uniquely associated with each of one or more nodes in the LDP domain; (b) associating, for each of the one or more nodes in the LDP domain, a unique SR segment identifier (SID) with the information uniquely associated with the node in the LDP domain, to generate…
Optimized multicast forwarding with a cache
Granted: July 20, 2021
Patent Number:
11070464
The techniques describe forwarding multicast traffic using a multi-level cache in a network device forwarding plane for determining a set of outgoing interfaces of the network device on which to forward the multicast traffic. For example, a multi-level cache is configured to store a multicast identifier of a multicast packet and multicast forwarding information associated with the multicast identifier, such as identification of one or more egress packet processors of the network device…
Guaranteed bandwidth for segment routed (SR) paths
Granted: July 20, 2021
Patent Number:
11070463
At least one bandwidth-guaranteed segment routing (SR) path through a network is determined by: (a) receiving, as input, a bandwidth demand value; (b) obtaining network information; (c) determining a constrained shortest multipath (CSGi); (d) determining a set of SR segment-list(s) (Si=[sl1i, sl2i . . . slni]) a that are needed to steer traffic over CSGi; and (e) tuning the loadshares in Li, using Si and the per segment-list loadshare (Li=[l1i, l2i . . . lni]), the per segment equal cost…
Network dashboard with multifaceted utilization visualizations
Granted: July 20, 2021
Patent Number:
11070452
Techniques for presenting information about a network, virtualization infrastructure, cluster, or other computing environment, which may involve presentation of user interfaces that may enable nuanced, unique, and/or comprehensive insights into how infrastructure elements, instances, and/or computing resources are being used and information about patterns of usage and/or utilization. Techniques for communicating, within a computing system, information used to create, update, and/or…
Apparatus, system, and method for collecting network statistics information
Granted: July 20, 2021
Patent Number:
11070438
The disclosed method may include (1) deploying, within a network device, at least one sensor designed to collect network statistics information about a plurality of logical network interfaces of the network device, (2) receiving, at the network device, one or more requests to obtain network statistics information about at least one logical network interface of the network device, (3) determining a range of network addresses that includes a network address of each logical network…
Controlling an aggregate number of unique PIM joins in one or more PIM join/prune messages received from a PIM neighbor
Granted: July 20, 2021
Patent Number:
11070386
The potential problem of too many unique protocol independent multicast (PIM) joins (corresponding to unique (Source, Group) combinations) in PIM join/prune messages being received by a router may be solved by controlling (e.g., limiting) a number of unique PIM joins to be sent to the router from a downstream device. This may be accomplished, for example, by communicating a limit (or multiple different limits) from a PIM device to one or more downstream PIM neighbors. For example, the…
Apparatus, device, and method for fragmenting packets into segments that comply with the maximum transmission unit of egress interfaces
Granted: July 13, 2021
Patent Number:
11063877
A socket-intercept layer in kernel space on a network device may intercept a packet destined to egress out of the network device. The socket-intercept layer may then query a routing daemon for the Maximum Transmission Unit (MTU) value of the interface out of which that packet is to egress from the network device. In response to this query, the routing daemon may provide the socket-intercept layer with the MTU value of that interface. A tunnel driver in kernel space may identify the size…
Control plane-based EVPN optimized inter-subnet multicast (OISM) forwarding
Granted: July 13, 2021
Patent Number:
11063860
In general, techniques are described for providing control plane-based OISM forwarding. For example, network devices may configure two types of next hops for a multicast group. For example, the next hops may include an L2-switched next hop and an L3-routed next hop. The L2-switched next hop specifies the one or more other PE devices as a next hop for multicast traffic for the multicast group that is received on an access-facing interface of the PE device and switched on a source Virtual…
Automated configuration and data collection during modeling of network devices
Granted: July 6, 2021
Patent Number:
11055453
In general, techniques are described for providing diversity in simulation datasets during modeling. A device comprising a memory and a processor may be configured to perform the techniques. The memory may store simulation configuration files for conducting simulations of the network device within a test environment. The processor may conduct, based on the simulation configuration files, each of the simulations with respect to the network device to collect corresponding simulation…
Filtering data using malicious reference information
Granted: July 6, 2021
Patent Number:
11057347
A device may receive data from a first endpoint device. The device may identify a network protocol. The network protocol may be associated with receiving the data. The device may identify a format. The format may be associated with encoding textual information in the data. The device may determine, based on the format and the network protocol, text in the data. The device may determine whether the text includes a reference from a plurality of references. The plurality of references may…
Ping/traceroute for static label switched paths (LSPs) and static segment routing traffic engineering (SRTE) tunnels
Granted: July 6, 2021
Patent Number:
11057290
A static label-switched path (LSP) over which packets belonging to a forwarding equivalency class (FEC) are forwarded may be tested by (a) generating a multi-protocol label switching (MPLS) echo request message including a target FEC stack type-length-value (TLV), the target FEC stack TLV having a Nil FEC sub-TLV; and (b) sending the MPLS echo request message with a label stack corresponding to the FEC for forwarding over the static LSP. A static segment routed traffic engineered (SRTE)…
Aliasing behavior for traffic to multihomed sites in ethernet virtual private network (EVPN) networks
Granted: July 6, 2021
Patent Number:
11057243
For use in an Ethernet Virtual Private Network (EVPN) in which a site including at least one MAC-addressable device is multihomed, via a customer edge device (CE), to at least two provider edge devices (PE1 and PE2), the potential problem of one of the at least two provider edge devices (PE2) dropping or flooding packets designed for a MAC-addressable device of the multihomed site is solved by controlling advertisements of an auto-discovery per EVPN instance (A-D/EVI) route (or an…
Controlling protocol independent multicast (PIM) join/prune messages from a downstream PIM neighbor using a PIM join/prune response(s) from an upstream PIM neighbor
Granted: July 6, 2021
Patent Number:
11057235
The potential problem of sending (or resending) PIM join/prune messages (referred to as “PIM join(s)”) too infrequently may be solved by: (a) sending a PIM join, including a unique message identifier value, to an upstream PIM peer; (b) responsive to sending the PIM join, (1) starting a quick refresh timer, and (2) starting a standard refresh timer, which is longer than the quick refresh timer; (c) responsive to a determination that the quick refresh timer expired, (1) resending the…
Generating cryptographic random data from raw random data
Granted: July 6, 2021
Patent Number:
11057186
A device may store raw random data in a raw random data store. The raw random data may include a first plurality of data strings. The device may generate, using a quotient ring transform (QRT), cryptographic random data based on the raw random data. The cryptographic random data includes a second plurality of data strings that is transformed from the first plurality of data strings based on an extraction state stored in an extraction state store. The device may store the cryptographic…
