Abstract: Present disclosure includes determining, at two or more gateway nodes that each communicate with a plurality of branch nodes and a plurality of resources, dynamically a path between each of the plurality of branch nodes and each of the plurality of resources, wherein the path includes one or more virtual routers; generating, at the two or more gateways, dynamically a path length based upon a number of virtual routers each path traverses; automatically translating the path length to an overlay management protocol route preference for each of the plurality of resources.

Abstract: A process can include determining affinity information indicative of route preferences between branch routers and gateway routers. A prefix can be determined for a subnet of branch routers located at a same branch location. An affinity position of a first gateway router can be determined based on affinity information of the branch routers in the subnet. A mapping can be determined between a local preference Border Gateway Protocol (BGP) community attribute and the affinity position of the first gateway router, wherein a mapped local preference BGP community attribute and the affinity position are indicative of a same routing preference. The mapped local preference BGP community attribute can be attached to routes from the first gateway router into a cloud service provider. Affinity-based route preferences are indicated to the cloud service provider by redistributing the routes from the first gateway router with the mapped local preference BGP community attribute attached.

Abstract: A process can include determining a plurality of Network Address Translation (NAT) routes associated with respective edge routers included in a same virtual private network (VPN) for communicating with a software-defined wide area network (SDWAN). A process can include identifying a first subset of the plurality of NAT routes as mapped to a first public NAT address included in a NAT pool associated with the VPN. A process can include tagging each NAT route of the first subset with a tag value indicative of a preferred router for receiving return traffic of the respective NAT route. A process can include routing traffic on a respective NAT route of the plurality of NAT routes based on applying, at an SDWAN controller, a corresponding control policy matching the tag value of the respective NAT route.

Abstract: Techniques for enabling service insertion using dynamic service path selection are described herein. In some aspects, the techniques described herein relate to avoiding a service route that passes through a service router when the second-leg path from the service router to a destination router is unreachable. In some cases, the techniques described herein relate to avoiding a route that includes a service router that does not have a path to a viable target in a core service region.

Abstract: Systems and methods are provided for re-balancing and healing of an SD-WAN in an unbalanced state and/or experiencing one or more failure states. In response to a request to connect to a new controller resulting from OMP load shedding from a first controller, the system can identify other controllers capable of handling the load requirements of the edge router. The system can incorporate the controller group preference of the edge router and select a second controller based on the identified other controllers and within the preferred controller group. If not possible, the system can temporarily assign the edge router to non-preferred controller groups and move them back to controllers in the preferred controller group once it becomes viable. The system further enhances OMP graceful restart (GR) logic to incorporate the load shedding effect and avoid unnecessary route retention that GR entails.

Abstract: Systems and methods are provided for re-balancing and healing of an SD-WAN in an unbalanced state and/or experiencing one or more failure states. In response to a request to connect to a new controller resulting from OMP load shedding from a first controller, the system can identify other controllers capable of handling the load requirements of the edge router. The system can incorporate the controller group preference of the edge router and select a second controller based on the identified other controllers and within the preferred controller group. If not possible, the system can temporarily assign the edge router to non-preferred controller groups and move them back to controllers in the preferred controller group once it becomes viable. The system further enhances OMP graceful restart (GR) logic to incorporate the load shedding effect and avoid unnecessary route retention that GR entails.

Abstract: A process can include determining a plurality of Network Address Translation (NAT) routes associated with respective edge routers included in a same virtual private network (VPN) for communicating with a software-defined wide area network (SDWAN). A process can include identifying a first subset of the plurality of NAT routes as mapped to a first public NAT address included in a NAT pool associated with the VPN. A process can include tagging each NAT route of the first subset with a tag value indicative of a preferred router for receiving return traffic of the respective NAT route. A process can include routing traffic on a respective NAT route of the plurality of NAT routes based on applying, at an SDWAN controller, a corresponding control policy matching the tag value of the respective NAT route.

Abstract: Disclosed herein are systems, methods, and computer-readable media for upgrading vSmart controllers. In one aspect, a method includes an edge router receiving a notification from a vSmart controller that an upgrade to the controller will occur. The notification can be dynamically triggered by a centralized network management system. In some embodiments, the vSmart controller can run as a virtual machine (VM) and maintains a control plane connection with one or more edge routers in an overlay network. In response to the notification, a length of time of an expiry timer in which the edge router attempts to connect to the vSmart controller can be increased, and the edge router can connect to the vSmart controller once the increased length of time has passed.

Abstract: Techniques for symmetric routing in a software-defined wide area network (SDWAN) are disclosed herein. In some aspects, the techniques described herein relate to a method including: determining a first device group, wherein the first device group includes a first router associated with a branch tag and a second router associated with a hub tag; determining a second device group, wherein the second device group includes a third router associated with and a fourth router associated with the hub tag; transmitting a first route advertisement associated with a first route from the first router to the second router to the first router; transmitting a second route advertisement associated with a second route from the first router to the third router to the first router; and preventing transmission of a third route advertisement associated with a third route from the first router to the fourth router to the first router.

Abstract: Disclosed herein are systems, methods, and computer-readable media for upgrading vSmart controllers. In one aspect, a method includes an edge router receiving a notification from a vSmart controller that an upgrade to the controller will occur. The notification can be dynamically triggered by a centralized network management system. In some embodiments, the vSmart controller can run as a virtual machine (VM) and maintains a control plane connection with one or more edge routers in an overlay network. In response to the notification, a length of time of an expiry timer in which the edge router attempts to connect to the vSmart controller can be increased, and the edge router can connect to the vSmart controller once the increased length of time has passed.

Abstract: Techniques for enabling service insertion using dynamic service path selection are described herein. In some aspects, the techniques described herein relate to avoiding a service route that passes through a service router when the second-leg path from the service router to a destination router is unreachable. In some cases, the techniques described herein relate to avoiding a route that includes a service router that does not have a path to a viable target in a core service region.

Abstract: The present technology intelligently selects routes to be distributed to edge network device from SD-WAN controllers. Rather than indiscriminately distributing routes, the present technology utilizes logic to account for route viability conditions to determine whether a route between a first edge network device and a second edge network device is likely to be usable between the edge network devices.

Abstract: Disclosed herein are systems, methods, and computer-readable media for upgrading vSmart controllers. In one aspect, a method includes an edge router receiving a notification from a vSmart controller that an upgrade to the controller will occur. The notification can be dynamically triggered by a centralized network management system. In some embodiments, the vSmart controller can run as a virtual machine (VM) and maintains a control plane connection with one or more edge routers in an overlay network. In response to the notification, a length of time of an expiry timer in which the edge router attempts to connect to the vSmart controller can be increased, and the edge router can connect to the vSmart controller once the increased length of time has passed.

Abstract: Techniques are described for suppressing data plane traffic using a service monitoring policy for data plane control. If a service provided to a router becomes nonfunctional, preventing the router from being able to forward traffic to a next-hop device, data plane traffic from client devices on the data plane that requires the use of the nonfunctioning service is suppressed. Additionally, new communication pathways to the router that will use the nonfunctioning service are prevented from being established. Traffic is redirected to another router with a functioning service. Thus, traffic that may normally be directed to the router with the nonfunctioning service and not able to be forwarded (e.g., blackholing of data) can be forwarded to the other router.

Abstract: Symmetric networking techniques disclosed herein can be applied by gateway routers in cloud networks. The techniques can ensure that both outbound traffic received at a cloud from a branch device and return traffic directed from the cloud back to the branch device are processed by a same gateway router. The gateway router can use network address translation to insert IP addresses from an inside pool and an outside pool assigned to the router.

Abstract: According to some embodiments, a software defined wide area network (SD-WAN) includes a first region and a second region. The first region includes multiple first routing controllers and multiple first SD-WAN edge routers. The second region includes multiple second routing controllers and multiple second SD-WAN edge routers. Each first SD-WAN edge router of the first region is configured to establish Overlay Management Protocol (OMP) peering connections with the plurality of first routing controllers of the first region but to avoid establishing OMP peering connections with the plurality of second routing controllers of the second region. Each second SD-WAN edge router of the second region is configured to establish OMP peering connections with the plurality of second routing controllers of the second region but to avoid establishing OMP peering connections with the plurality of first routing controllers of the first region.

Abstract: According to some embodiments, a software defined wide area network (SD-WAN) includes a first region and a second region. The first region includes multiple first routing controllers and multiple first SD-WAN edge routers. The second region includes multiple second routing controllers and multiple second SD-WAN edge routers. Each first SD-WAN edge router of the first region is configured to establish Overlay Management Protocol (OMP) peering connections with the plurality of first routing controllers of the first region but to avoid establishing OMP peering connections with the plurality of second routing controllers of the second region. Each second SD-WAN edge router of the second region is configured to establish OMP peering connections with the plurality of second routing controllers of the second region but to avoid establishing OMP peering connections with the plurality of first routing controllers of the first region.

Abstract: Novel mechanisms for compiling routing policies and evaluating network routes, including: (a) an efficient mechanism for representing routing policies to facilitate the runtime evaluation of network routes; (b) a mechanism for late-binding vectors pertaining to external constructs used or recited within the routing policies; and (c) a mechanism for updating routing policy state pertinent to network route evaluation. Existing methods for evaluating network routes on a network device, such as the use of route maps, tend to introduce complexity and extend route evaluation runtime when performing, for example, certain operations to one or more route attributes for any given network route being evaluated. Through implementation of disclosed mechanisms, however, route evaluation runtimes may be reduced, thereby minimizing, if not eliminating, any route evaluation congestion.

Abstract: A vehicle upper body structural brace apparatus includes a first member having a first end in a rear region of a vehicle and second and third members each coupled to a second end of the first member. The second and third members are configured to couple lower and upper unibody vehicle structural components, respectively. The first, second and third members transfer impact forces at the first end of the first member from the first end, around first and second vehicle interior regions, and to the lower and upper unibody vehicle structural components.

Abstract: A vehicle frame includes an outside rail section having an upper flange, a lower flange, and an inward facing cavity between the upper and lower flanges. An inside rail section is coupled along the upper and lower flanges of the outside rail section and has an outward facing cavity that aligns with the inward facing cavity to enclose an interior volume. A pair of hydroform tubes extending vertically through apertures at spaced longitudinal locations in the upper flange and engage a bottom surface of the inward cavity to define a pillar for supporting a vehicle roof.