Packet classification with multiple classifiers
Granted: November 26, 2024
Patent Number:
12155576
Some embodiments provide a method for a forwarding element that receives a packet. The method determines whether the packet matches any flow entries in a first cache that uses a first type of algorithm to identify matching flow entries for packets. When the packet does not match any flow entries in the first cache, the method determines whether the packet matches any flow entries in a second cache that uses a second, different type of algorithm to identify matching flow entries for…
Scalable overlay multicast routing in multi-tier edge gateways
Granted: November 26, 2024
Patent Number:
12155564
A method for offloading multicast replication from multiple tiers of edge nodes implemented by multiple host machines to a physical switch is provided. Each of the multiple host machines implements a provider edge node and a tenant edge node. One host machine among the multiple host machines receives a packet having an overlay multicast group identifier. The host machine maps the overlay multicast group identifier to an underlay multicast group identifier. The host machine encapsulates…
Resource access control in cloud environments
Granted: November 19, 2024
Patent Number:
12149537
Access control management to shared resources in a common resource directory between different users of cloud data centers can be implemented as computer-readable methods, media and systems. A resource managing service receives a request to access resources of a resource directory managed by the resource managing service. The request includes a token for identity authentication. The resource managing service determined a container membership associated with the token, where the container…
Determining flow paths of packets through nodes of a network
Granted: November 19, 2024
Patent Number:
12149441
A search engine queries a network model for behavior of the entire network, such as data flow, based on combinations of multiple network elements. The search engine provides the state information and/or predicted behavior of the network by searching network objects in a graph-based model or a network state database that satisfy constraints given in a search query. The search engine provides the state information and/or predicted behavior based on regular-expression or plain language…
Deploying enclaves on different tee backends using a universal enclave binary
Granted: November 19, 2024
Patent Number:
12147530
The disclosure herein describes deploying a Virtual Secure Enclave (VSE) using a universal enclave binary and a Trusted Runtime (TR). A universal enclave binary is generated that includes a set of binaries of Instruction Set Architectures (ISAs) associated with Trusted Execution Environment (TEE) hardware backends. A TEE hardware backend is identified in association with a VSE-compatible device. A VSE that is compatible with the identified TEE hardware backend is generated on the…
Coherence-based attack detection
Granted: November 19, 2024
Patent Number:
12147528
While an application or a virtual machine (VM) is running, a device tracks accesses to cache lines to detect access patterns that indicate security attacks, such as cache-based side channel attacks or row hammer attacks. To enable the device to detect accesses to cache lines, the device is connected to processors via a coherence interconnect, and the application/VM data is stored in a local memory of the device. The device collects the cache lines of the application/VM data that are…
Health check as a service
Granted: November 12, 2024
Patent Number:
12143284
Example methods and systems for health check as a service are described. One example may involve a computer system receiving a request to perform a health check for a network environment that includes a set of multiple flows. The computer system may select a subset that includes (a) a first flow between a first pair of endpoints and (b) a second flow between a second pair of endpoints. The health check may be initiated for the first flow and the second flow by generating and sending (a)…
Modifying network relationships using a heterogenous network flows graph
Granted: November 12, 2024
Patent Number:
12143393
Systems and methods are described for recommending security groups using graph-based learning models. A server can create a network graph that illustrates network flows between devices in a network and security groups that the devices belong to. The network graph can include nodes that represent the devices and security groups. The server can apply a graph-based learning model to learn embeddings of the nodes and create vectors using the embeddings. Using vectors of two nodes, the server…
Context-aware service query filtering
Granted: November 12, 2024
Patent Number:
12143362
Example methods and systems for a computer system to perform context-aware service query filtering are described. One example may involve a computer system intercepting a service query from a virtualized computing instance to pause forwarding of the service query towards a destination; and obtaining context information associated with an application running on the virtualized computing instance. In response to determination that the service query is a potential security threat based on…
On-demand resource capacity in a serverless function-as-a-service infrastructure
Granted: November 12, 2024
Patent Number:
12143312
Various aspects are disclosed for optimization of dependent systems for serverless frameworks that facilitate a function-as-a-service (FaaS). In some examples, an agent can be installed on a dependent system and collect resource consumption data that is reported to a management service. The management service can throttle requests submitted to the FaaS or scale up the infrastructure depending upon the resource consumption data.
Stun free snapshots in virtual volume datastores using delta storage structure
Granted: November 12, 2024
Patent Number:
12141463
The disclosure provides a method for virtual volume snapshot creation by a storage array. The method generally includes receiving a request to generate a snapshot of a virtual volume associated with a virtual machine, in response to receiving the request, preparing a file system of the storage array to generate the snapshot, wherein preparing the file system comprises creating a delta storage structure to receive write input/output (I/O) requests directed for the virtual volume when…
Performing resynchronization jobs in a distributed storage system based on a parallelism policy
Granted: November 12, 2024
Patent Number:
12141440
The disclosure herein describes performing resynchronization (“resync”) jobs in a distributed storage system based on a parallelism policy. A resync job is obtained from a queue and input/output (I/O) resources that will be used during execution of the resync job are identified. Available bandwidth slots of each I/O resource of the identified I/O resources are determined. The parallelism policy is applied to the identified I/O resources and the available bandwidth slots. Based on the…
Performance efficient blockchain application programming interfaces
Granted: November 12, 2024
Patent Number:
12141128
This disclosure describes aspects of an efficient blockchain API communication mechanism that reduces the energy usage and data usage. In some examples, a publish-subscribe mechanism is used for completed transaction receipts for blockchain transactions of a blockchain. The publish-subscribe mechanism uses an open source remote procedure call protocol or hypertext transfer protocol (HTTP). Components of a distributed blockchain application use a single transport or communications…
Efficient write-back for journal truncation
Granted: November 12, 2024
Patent Number:
12141063
A method for efficient write-back for journal truncation is provided. A method includes maintaining a journal in a memory of a computing system including a plurality of records. Each record indicates a transaction associated with one or more pages in an ordered data structure and maintaining a dirty list including an entry for each page indicated by a record in the journal. Each entry in the dirty list includes a respective first log sequence number (LSN) associated with a least recent…
Managing deployment of cloud-native network functions (CNFs)
Granted: November 5, 2024
Patent Number:
12137154
Described herein are systems, methods, and software to manage new and updated containerized network functions (CNFs). In one implementation, a management service identifies a CNF in a first repository. Once identified, the management service identifies one or more configuration parameters associated with the CNF and updates one or more files for the CN with the one or more configuration parameters. The management service then stores at least the one or more files for the CNF in a second…
Dynamic rate limiting of incoming data streams
Granted: November 5, 2024
Patent Number:
12137054
The rate of incoming data records in a data stream is dynamically limited based on stream delay. A current delay representing a latency between a beginning of the data stream and a currently processed data record is obtained. A maximum delay representing a maximum tolerated delay is determined. A threshold delay representing a delay value that triggers calculation of a new drop rate is determined. A drop rate is calculated based on the current delay, the maximum delay, and the threshold…
Processing I/O commands using block size aware polling
Granted: November 5, 2024
Patent Number:
12135661
Example computer-implemented methods, media, and systems for processing input/output (I/O) commands using block size aware polling are disclosed. One example method includes creating multiple polling queues and multiple interrupt queues in a transport drivers layer of a storage stack. A first I/O command is received from a core layer of the storage stack and by the transport drivers layer. A ratio of a total number of multiple small block size commands in the transport drivers layer to a…
Container-level monitoring
Granted: November 5, 2024
Patent Number:
12135626
Embodiments of the present disclosure relate to container-level monitoring. Embodiments include detecting, by an agent of a virtual machine, an event. Embodiments include determining, by the agent of the virtual machine, an address related to the event. Embodiments include accessing, by the agent of the virtual machine, container mapping information. Embodiments include locating, by the agent of the virtual machine, the address in the container mapping information. Embodiments include…
Enhanced locking mechanism for B+ tree data structures
Granted: October 29, 2024
Patent Number:
12130791
A method for modifying key-value pairs of a B+ tree is provided. The method receives a request to modify a particular key-value pair. Each node of the tree has a modification number. The method traverses a path on the tree from the root node toward the particular node. The traversing includes upon reaching a parent node of the path, acquiring a shared lock on both the parent node and a child node one level below the parent node. Upon determining that the child node is the particular…
System and method for anonymizing sensitive information in logs of
Granted: October 29, 2024
Patent Number:
12130945
System and method for anonymizing logs generated in applications running in a computing environment detects log data being generated in an application and compares the log data to a set of predefined search pattern policies to find sensitive information contained in the log data. The sensitive information contained in the log data is converted into anonymous information to produce anonymized log data within the application. The anonymized log data is then written to a destination.
