Abstract: Systems and methods for selectively advertising routing information by a network appliance to a neighboring computing device are disclosed. In exemplary embodiments, customized export policies are created based on source type for each neighboring computing device to a network appliance. A source type for routing information is determined by the network appliance. The routing information is exported by the appliance to the neighboring computing device, such as a BGP router, based on the customized export policy associated with the source type.

Abstract: Provided are methods, apparatus, and system for policy based wide area network. A network of network appliances is configured with a policy configuration. Each network appliance is configured to validate each wide area network packet against the policy configuration. The validation can include verifying that the packets meet the SD-WAN network segment requirements and security rules including verifying that the source and destination address of the packet meet the firewall zone requirements. Each wide area network packet contains a policy header that is checked by the sending and receiving network appliance against the policy configuration.

Abstract: Provided are methods, apparatus, and system for policy based wide area network. A network of network appliances is configured with a policy configuration. Each network appliance is configured to validate each wide area network packet against the policy configuration. The validation can include verifying that the packets meet the SD-WAN network segment requirements and security rules including verifying that the source and destination address of the packet meet the firewall zone requirements. Each wide area network packet contains a policy header that is checked by the sending and receiving network appliance against the policy configuration.

Abstract: Disclosed is a system and method for the monitoring and authorization of an optimization device in a network. In exemplary embodiments, an optimization device transmits an authorization request message to a portal to receive authorization to operate. The portal transmits an authorization response message to the optimization device with capability parameters for operation of the device, including at least one expiration parameter for the authorization. The optimization device sends updated authorization request messages to the portal with its device usage information, such that the portal can dynamically monitor the optimization device and continue to authorize its operation.

Abstract: Disclosed is a system and method for the monitoring and authorization of an optimization device in a network. In exemplary embodiments, an optimization device transmits an authorization request message to a portal to receive authorization to operate. The portal transmits an authorization response message to the optimization device with capability parameters for operation of the device, including at least one expiration parameter for the authorization. The optimization device sends updated authorization request messages to the portal with its device usage information, such that the portal can dynamically monitor the optimization device and continue to authorize its operation.

Abstract: Disclosed herein are systems and methods for multi-level classification of data traffic flows based in part on information in a first data packet for a data traffic flow. In exemplary embodiments of the present disclosure, a key can be generated to track data traffic flows by application names and data packet information or properties. Based in part on these keys, patterns can be discerned to infer data traffic information based on only the information in a first data packet. The determined patterns can be used to predict classifications of future traffic flows with similar key information. In this way, data traffic flows can be classified and steered in a network based on limited information available in a first data packet.

Abstract: Disclosed is a system and method for the monitoring and authorization of an optimization device in a network. In exemplary embodiments, an optimization device transmits an authorization request message to a portal to receive authorization to operate. The portal transmits an authorization response message to the optimization device with capability parameters for operation of the device, including at least one expiration parameter for the authorization. The optimization device sends updated authorization request messages to the portal with its device usage information, such that the portal can dynamically monitor the optimization device and continue to authorize its operation.

Abstract: Disclosed herein are network appliances, methods, computer-readable media, and systems for aggregating network traffic statistics in a communication network. For example, the network appliance is to receive a SYN network packet; store header information from the SYN network packet in a flow data table; for each of the data packets related to the SYN network packet, store header information of the data packets in the flow table; after a predetermined amount of time or a predetermined number of rows is reached, invoke an eviction policy on the flow data table, wherein the eviction policy removes the related data packets from the flow data table; and populate an accumulating map with the flow data table.

Abstract: Disclosed is a system and method for optimization of data transfer to a software service. In exemplary embodiments, a computer-implemented method for determining a transit appliance for data traffic to a software service through one or more interconnected networks comprising a plurality of network appliances, comprises determining performance metrics for each of the plurality of network appliances to at least one IP address associated with the software service, and selecting a transit appliance for data transfer to the IP address, the selected transit appliance based at least in part on the performance metrics.

Abstract: Disclosed herein are network appliances, methods, computer-readable media, and systems for aggregating network traffic statistics in a communication network. For example, the network appliance is to determine a plurality of network flow strings that are transmitted from the network appliance or received at the network appliance; extract a network metric of the plurality of network flow strings; aggregate values associated with the network metric over the plurality of network flow strings; generate an accumulating map, wherein the accumulating map comprises the values associated with the aggregated network metric; when a new network flow string is received, invoke an eviction policy on the new network flow string, wherein the eviction policy removes at least one of the plurality of network flow strings from the accumulating map; and transmit the accumulating map to a network information collector in communication with the network appliance.

Abstract: Systems and methods for selectively transmitting routing information between separated local area network (LAN) interfaces are disclosed. In exemplary embodiments, a network appliance to update a local routing table with IP subnet, neighbor type, source type, and community identifier of a second network appliance; based at least on the local routing table, receive a customized routing policy and subnet exporting policy that permits the network appliance to export a subset of IP addresses from the local routing table to a permitted community of network appliances, wherein the customized routing policy and subnet exporting policy are configured by a network administrator of the network appliance; match the permitted community of network appliances to a new community identifier of a third network appliance; and export the subset of IP addresses of the local routing table to the third network appliance based on the customized routing policy and subnet exporting policy.

Abstract: Disclosed herein are network information collectors, methods, computer-readable media, and systems for generating network traffic statistics. For example, the network appliance is to receive, via a network, an accumulating map from a network appliance device, wherein the accumulating map comprises a condensed and aggregated version of web traffic flow information to the network appliance device; receive, via the network, additional accumulating maps from other network appliance devices; populate an accumulation map database with the accumulating map and the additional accumulating maps; and generate a report of the network traffic statistics hosted by the network appliance device and the other network appliance devices.

Abstract: Disclosed is a system and method for optimization of data transfer to a software service. In exemplary embodiments, a computer-implemented method for determining a transit appliance for data traffic to a software service through one or more interconnected networks comprising a plurality of network appliances, comprises determining performance metrics for each of the plurality of network appliances to at least one IP address associated with the software service, and selecting a transit appliance for data transfer to the IP address, the selected transit appliance based at least in part on the performance metrics.

Abstract: Disclosed herein are systems and methods for multi-level classification of data traffic flows based on information in a first data packet for a data traffic flow. In exemplary embodiments of the present disclosure, a key can be generated to track data traffic flows by application names and data packet information or properties. Based on these keys, patterns can be discerned to infer data traffic information based on only the information in a first data packet. The determined patterns can be used to predict classifications of future traffic flows with similar key information. In this way, data traffic flows can be classified and steered in a network based on limited information available in a first data packet.

Abstract: Disclosed herein are systems and methods for detection of a path break in a communication network by one network appliance of a plurality of network appliance. A communication path that is transitioning from active to idle state can be quickly determined by evaluating network data traffic within a predetermined time interval after the end of a data transmission. By strategically utilizing health probes at only a set predetermined time interval after a data transmission, a path break condition can be quickly determined without significant use of network bandwidth. Further, the path break condition can be determined unilaterally by one network appliance.

Abstract: Disclosed herein are systems and methods for forward packet recovery in a communication network with constrained network bandwidth overhead. In exemplary embodiments, a target byte protection ratio is determined. Error correcting frames are dynamically generated by a first processor such that error correcting information can be generated to approximate the target byte protection ratio. The data packets and error correcting information are then transmitted across one or more communication networks to a second processor. The second processor can use the error correcting information to regenerate or replace data packets missing or corrupted in transmission across one or more communication networks.

Abstract: Disclosed herein are systems and methods for the creation, maintenance and management of virtual overlay networks across multiple communication networks managed by service providers. The simple creation and management of network overlays is accomplished via a network orchestrator manager, allowing for automation of configuration of connected network devices throughout an entire organization's network, regardless of the physical location of each device.

Abstract: Disclosed is a system and method for optimization of data transfer to a software service. In exemplary embodiments, a computer-implemented method for determining a transit appliance for data traffic to a software service through one or more interconnected networks comprising a plurality of network appliances, comprises determining performance metrics for each of the plurality of network appliances to at least one IP address associated with the software service, and selecting a transit appliance for data transfer to the IP address, the selected transit appliance based at least in part on the performance metrics.

Abstract: Disclosed herein are systems and methods for multi-level classification of data traffic flows based on information in a first data packet for a data traffic flow. In exemplary embodiments of the present disclosure, a key can be generated to track data traffic flows by application names and data packet information or properties. Based on these keys, patterns can be discerned to infer data traffic information based on only the information in a first data packet. The determined patterns can be used to predict classifications of future traffic flows with similar key information. In this way, data traffic flows can be classified and steered in a network based on limited information available in a first data packet.

Abstract: Disclosed is a system and method for the monitoring and authorization of an optimization device in a network. In exemplary embodiments, an optimization device transmits an authorization request message to a portal to receive authorization to operate. The portal transmits an authorization response message to the optimization device with capability parameters for operation of the device, including at least one expiration parameter for the authorization. The optimization device sends updated authorization request messages to the portal with its device usage information, such that the portal can dynamically monitor the optimization device and continue to authorize its operation.