Riverbed Technology Patent Grants

Data leak prevention using content based segmentation scanning

Granted: January 25, 2022
Patent Number: 11232227
Systems and techniques are described for preventing data leaks from a network. A set of sensitive files or sensitive data that includes sensitive information can be received, and a first set of labels can be determined based on the set of sensitive files or sensitive data. An apparatus can then receive data that is to be checked for sensitive information, and determine a second set of labels based on the data. Next, the apparatus can match the second set of labels with the first set of…

Automated problem diagnosis on logs using anomalous telemetry analysis

Granted: December 28, 2021
Patent Number: 11210158
Systems and techniques are described for performing automatic problem diagnosis. Telemetry data of a system can be analyzed to identify a set of time ranges during which the telemetry data exhibits anomalous behavior. Next, a subset of log entries having a timestamp that is in one of the time ranges in set of time ranges can be extracted from a set of log entries generated by the system. The subset of log entries can then be analyzed, by using natural language processing, to identify a…

Network topology generation using traceroute data

Granted: December 14, 2021
Patent Number: 11201809
Embodiments provide systems, methods, and computer program products to generate a network topology. Internet Protocol (IP) addresses may be collected that immediately precede a first IP address in a set of IP-address-sequences to obtain a first set of previous-hop IP addresses, where each IP-address-sequence in the set of IP-address-sequences comprises a sequence of IP addresses traversed by at least one packet. Next, each IP address in the first set of previous-hop IP addresses may be…

Advanced injection rule engine

Granted: November 30, 2021
Patent Number: 11188352
Systems and techniques are described for controlling injection of a library into a process. Specifically, some embodiments provide an Advanced Injection Rule Engine (AIRE), which uses a set of rules to selectively inject a library, e.g., a dynamic-link library (DLL), into a process. Some embodiments implement a Domain Specific Language (DSL), called AIRE Script, to define the injection rules that are used by the AIRE at runtime.

Method and apparatus for path selection

Granted: June 8, 2021
Patent Number: 11032188
Systems and techniques are described for configuring path selection in a network. The network can comprise a first router, a second router, a third router, a fourth router, and an intermediary device. The second router can be configured to use Differentiated Services Code Point (DSCP) while routing packets so that packets with a first DSCP value are routed through the third router, and packets with a second DSCP value are routed through the fourth router. The intermediary device can be…

Preserving policy with path selection

Granted: March 2, 2021
Patent Number: 10938716
Systems and techniques are described for ensuring that policies are consistently applied to traffic across an overlay network. An application identifier associated with a forward traffic flow and a corresponding reverse traffic flow can be determined by a device that routes packets of both the forward traffic flow and the corresponding reverse traffic flow. Next, an overlay header can be added to each packet in the forward traffic flow and to each packet in the corresponding reverse…

Software defined wide area network (SD WAN) enabled network fabric for containers

Granted: February 2, 2021
Patent Number: 10911374
Systems and techniques are described for creating a software-defined wide-area-network (SD-WAN) enabled network fabric for containers. Embodiments can configure one or more virtual networks on a network node, wherein the one or more virtual networks are used for creating the SD-WAN enabled network fabric for containers. Next, the embodiments can deploy a virtual gateway on the network node by executing the virtual gateway image. The embodiments can then create a container network…

High availability (HA) network device

Granted: January 5, 2021
Patent Number: 10887131
Some embodiments described herein provide a combination of a layer 3 (L3) hop with layer 2 (L2) bypass/fail-to-wire in a network device. Specifically, some embodiments place the network device between two routers, thereby becoming a L3 hop between the two routers. The existing route between the two routers is preserved by using L2 bypass through the network device. If the network device fails, then the physical fail-to-wire will be engaged, removing its L3 hop, but preserving the L2…

Estimating data transfer performance improvement that is expected to be achieved by a network optimization device

Granted: November 17, 2020
Patent Number: 10841192
Systems and techniques are described for calculating performance improvement achieved and/or expected to be achieved by optimizing a network connection. Network characteristics can be measured for non-optimized network connections. Next, the network characteristics can be analyzed to obtain a set of non-optimized connection groups, wherein each non-optimized connection group corresponds to non-optimized network connections that have similar network characteristics. Network…

Virtualized data storage system architecture

Granted: November 10, 2020
Patent Number: 10831721
Virtual storage arrays consolidate branch data storage at data centers connected via wide area networks. Virtual storage arrays appear to storage clients as local data storage; however, virtual storage arrays actually store data at the data center. The virtual storage arrays overcomes bandwidth and latency limitations of the wide area network by predicting and prefetching storage blocks, which are then cached at the branch location. Virtual storage arrays leverage an understanding of the…

Prefix compression for keyed values

Granted: September 1, 2020
Patent Number: 10762281
Systems and techniques are described for compressing strings by using a tree data structure. Specifically, for each string in a sequence of strings, the embodiments can traverse the tree data structure by matching characters of the string with characters associated with nodes of the tree data structure until either (1) all characters in the string have been processed, or (2) a current character in the string does not match a corresponding character in a current node of the tree data…

Hierarchical policies in a network

Granted: July 28, 2020
Patent Number: 10728097
Systems and techniques are described for applying a set of policy rules to network traffic. During operation, conditions specified in the set of policy rules can be evaluated, wherein each condition is a logical expression defined over a set of variables, and is evaluated by substituting values of the set of variables associated with the network traffic into the logical expression. Next, a subset of policy rules can be selected whose conditions evaluated as true. A highest precedence…

Displaying adaptive content in heterogeneous performance monitoring and troubleshooting environments

Granted: June 9, 2020
Patent Number: 10680926
Systems, methods, and computer program embodiments are disclosed for adaptively displaying application performance data. In an embodiment, a plurality of performance monitoring data sources may be identified based on an application model that defines the topological structure of a software application. A request may be received for performance data associated with the application. One or more content options may then be determined based on the received request, and each content option…

Virtualization planning system

Granted: October 22, 2019
Patent Number: 10452416
An interactive virtualization management system provides an assessment of proposed or existing virtualization schemes. A Virtual Technology Overhead Profile (VTOP) is created for each of a variety of configurations of host computer systems and virtualization technologies by measuring the overhead experienced under a variety of conditions. The multi-variate overhead profile corresponding to each target configuration being evaluated is used by the virtualization management system to…

Node fault identification in wireless LAN access points

Granted: September 24, 2019
Patent Number: 10425305
A wireless access point array having a plurality of access point radios, a monitor radio and an array controller. The array controller includes processes, methods and functions for verifying the operation of the access point radios. The access point radios may be verified by attempting to establish a data connection between the monitor radio and each of the access point radios.

Methods and systems for distribution and retrieval of network traffic records

Granted: August 27, 2019
Patent Number: 10397329
A method includes transmitting, by a distribution server, to each of a plurality of worker computers, a request for an enumeration of Internet Protocol (IP) addresses ranked according to a criterion. The method includes receiving, by the distribution computer, from a first of the plurality of worker computers, a first partial enumeration of the requested IP addresses ranked according to the criterion, the first partial enumeration stored in a hash table. The method includes receiving, by…

Dynamic key generation for identifying data segments

Granted: August 6, 2019
Patent Number: 10375197
Systems and techniques are described for caching resources. Multiple distinct resource identifiers that correspond to the same resource can be automatically collected, wherein the multiple distinct resource identifiers are included in resource requests that are sent from at least one client to at least one server. Next, a key can be automatically determined that matches the multiple distinct resource identifiers by analyzing the multiple distinct resource identifiers. A resource request…

Auto discovery between proxies in an IPv6 network

Granted: July 23, 2019
Patent Number: 10361997
Systems and techniques are described for performing proxy auto-discovery in an Internet Protocol version 6 (IPv6) network by using the destination options extension header field in the IPv6 header. Specifically, systems and techniques are described to enable a pair of proxies to transparently intercept connection handshake messages that are carried in IPv6 packets between two network nodes, and to use the destination options extension header field in the IPv6 packets to automatically…

Minimally invasive monitoring of path quality

Granted: July 16, 2019
Patent Number: 10355944
Systems and techniques are described for performing minimally invasive monitoring of path quality in a network. Specifically, path quality requests and measurements can be piggy-backed on the data traffic that is flowing through a secure connection between two network nodes. For example, path quality requests and measurements can be inserted into the TFC padding field of IP/ESP packets that are being communicated between two IPsec devices. The disclosed embodiments ensure that the…

Network topology generation using traceroute data

Granted: July 16, 2019
Patent Number: 10355962
Embodiments provide systems, methods, and computer program products for inferring node and link information from traceroute data in order to generate topology information. A system receives traceroute data for a data packet that traverses a path from a source to a destination. The system infers port types for the addresses in the traceroute data and groups subsets of the addresses in the traceroute data into logical nodes based on neighbor relationships demonstrated in backward and…