Abstract: Techniques and architecture are described for providing a configurable security posture for a network device using an extended ownership artifact, e.g., an ownership voucher, an ownership certificate, etc., and a security profile mechanism that scales to user needs and desires for security profiles on network devices, i.e., easily and securely customizable on thousands of nodes of a network. The configurable security posture may be achieved using the manufacturer authorized signing authority (MASA) to issue an ownership voucher with a security bit extension to support security profile additions. Using the MASA service, a user may explicitly decide on various security postures of a given network device and may apply that profile across the fixed or modular chassis of a network of network devices.

Abstract: Techniques and architecture are described for providing a configurable security posture for a network device using an extended ownership artifact, e.g., an ownership voucher, an ownership certificate, etc., and a security profile mechanism that scales to user needs and desires for security profiles on network devices, i.e., easily and securely customizable on thousands of nodes of a network. The configurable security posture may be achieved using the manufacturer authorized signing authority (MASA) to issue an ownership voucher with a security bit extension to support security profile additions. Using the MASA service, a user may explicitly decide on various security postures of a given network device and may apply that profile across the fixed or modular chassis of a network of network devices.

Abstract: Techniques and architecture are described for verifying real-time ownership of network devices, e.g., routers, switches, etc. The real-time ownership of network devices is verified using the ownership voucher/ownership certificate model, which is useful for device security and protocol security. The techniques and architecture are leveraged on various bases such as, for example, routing, attestation, protocols, management protocols, etc., where a user may enforce the ownership check before making any connection of a network device or even managing the respective network device after it is securely booted.

Abstract: Techniques and architecture are described for validating and verifying iPXE scripts prior to execution during a booting process. During the booting process of a network device, right after the UEFI/BIOS stage of the booting process, a trusted iPXE script may make a request to a network server for the ownership voucher and owner certificate of the network device. The ownership voucher and owner certificate may then be stored in a trusted platform module (TPM) on the network device. In configurations, the retrieved owner certificate may be validated by the ownership voucher. The owner certificate may be used to validate iPXE scripts. Once validated, the iPXE scripts may be executed and the booting process may be continued to the kernel loading step and the application loading step. During a subsequent booting process of the network device, the ownership voucher and owner certificate may be retrieved from the TPM.

Abstract: According to certain embodiments, a method performed by a device comprises obtaining, from a plurality of hardware modules of the device, a plurality of serial numbers associated with the plurality of hardware modules. Each hardware module is associated with a respective serial number. The method further comprises obtaining, from a provisioning system, one or more ownership vouchers corresponding to the plurality of serial numbers. The method further comprises verifying, for each hardware module of the plurality of hardware modules, whether to trust said hardware module based at least in part on the one or more ownership vouchers.

Abstract: Disclosed are systems, apparatuses, methods, and computer-readable media for configuration payload separation policies. According to at least one example, a method is provided for device function. The method includes: during a boot sequence of a network device, generating a unique key for encrypting and decrypting data; identifying a secure location in the network device for storing the unique key; storing the unique key in the secure location; encrypting a configuration payload with the unique key; storing the encrypted configuration payload in an external non-volatile memory; and, in response to a request to access data within the configuration payload, decrypting the encrypted configuration payload using the unique key.

Abstract: According to certain embodiments, a method performed by a device comprises obtaining, from a plurality of hardware modules of the device, a plurality of serial numbers associated with the plurality of hardware modules. Each hardware module is associated with a respective serial number. The method further comprises obtaining, from a provisioning system, one or more ownership vouchers corresponding to the plurality of serial numbers. The method further comprises verifying, for each hardware module of the plurality of hardware modules, whether to trust said hardware module based at least in part on the one or more ownership vouchers.

Abstract: Techniques and architecture are described for validating and verifying iPXE scripts prior to execution during a booting process. During the booting process of a network device, right after the UEFI/BIOS stage of the booting process, a trusted iPXE script may make a request to a network server for the ownership voucher and owner certificate of the network device. The ownership voucher and owner certificate may then be stored in a trusted platform module (TPM) on the network device. In configurations, the retrieved owner certificate may be validated by the ownership voucher. The owner certificate may be used to validate iPXE scripts. Once validated, the iPXE scripts may be executed and the booting process may be continued to the kernel loading step and the application loading step. During a subsequent booting process of the network device, the ownership voucher and owner certificate may be retrieved from the TPM.

Abstract: In one embodiment, methods for mediated transfer of ownership are described. The method may include receiving a request for an ownership voucher from a device, validating an identifier of the device, determining whether to issue the ownership voucher, generating a signed ownership voucher, and sending the signed ownership voucher to the device. In another embodiment, methods for unmediated transfer of ownership are described, including receiving, an ownership voucher associated with a first ownership certificate, determining whether the ownership voucher comprises a signature associated with a manufacturer, based at least in part on determining that the signature of the manufacturer is absent, determining that a second ownership certificate is stored in memory, determining that the second ownership certificate comprises a signature associated with a user, validating the ownership voucher; and based at least in part on the validating, enrolling the first ownership certificate on the network device.

Abstract: Techniques and architecture are described for providing a configurable security posture for a network device using an extended ownership artifact, e.g., an ownership voucher, an ownership certificate, etc., and a security profile mechanism that scales to user needs and desires for security profiles on network devices, i.e., easily and securely customizable on thousands of nodes of a network. The configurable security posture may be achieved using the manufacturer authorized signing authority (MASA) to issue an ownership voucher with a security bit extension to support security profile additions. Using the MASA service, a user may explicitly decide on various security postures of a given network device and may apply that profile across the fixed or modular chassis of a network of network devices.

Abstract: According to certain embodiments, a method performed by a device comprises obtaining, from a plurality of hardware modules of the device, a plurality of serial numbers associated with the plurality of hardware modules. Each hardware module is associated with a respective serial number. The method further comprises obtaining, from a provisioning system, one or more ownership vouchers corresponding to the plurality of serial numbers. The method further comprises verifying, for each hardware module of the plurality of hardware modules, whether to trust said hardware module based at least in part on the one or more ownership vouchers.

Abstract: A remote server monitors the health of a network of computing devices through hierarchical composite indicators by obtaining performance attributes from computing devices in the network. The server generates a composite indicator associated with one or more of the computing device based on a combination of at least two performance attributes of the computing device(s). The server monitors the composite indicator and, responsive to a determination that the composite indicator indicates an alert condition, generates an alert associated with the computing device(s). Additionally, if the alert condition is subject to remediation, the server causes at least one of the computing devices to execute a command to provide remediation of the alert condition.

Abstract: Disclosed are systems, apparatuses, methods, and computer-readable media for configuration payload separation policies. According to at least one example, a method is provided for device function. The method includes: during a boot sequence of a network device, generating a unique key for encrypting and decrypting data; identifying a secure location in the network device for storing the unique key; storing the unique key in the secure location; encrypting a configuration payload with the unique key; storing the encrypted configuration payload in an external non-volatile memory; and, in response to a request to access data within the configuration payload, decrypting the encrypted configuration payload using the unique key.

Abstract: A remote server monitors a network of computing devices through hierarchical composite indicators by obtaining telemetry data from a computing device in a network of computing devices. The telemetry data includes performance attributes of the computing device. The server generates a composite indicator associated with the computing device based on a combination of at least two performance attributes of the computing device. The server monitors the composite indicator and, responsive to a determination that the composite indicator meets an alert threshold, generates an alert associated with the computing device. Additionally, the server can monitor the health of the network of computing devices based on composite indicators from multiple computing devices in the network.

Abstract: A remote server monitors the health of a network of computing devices through hierarchical composite indicators by obtaining performance attributes from computing devices in the network. The server generates a composite indicator associated with one or more of the computing device based on a combination of at least two performance attributes of the computing device(s). The server monitors the composite indicator and, responsive to a determination that the composite indicator indicates an alert condition, generates an alert associated with the computing device(s). Additionally, if the alert condition is subject to remediation, the server causes at least one of the computing devices to execute a command to provide remediation of the alert condition.

Abstract: A remote server monitors a network of computing devices through hierarchical composite indicators by obtaining telemetry data from a computing device in a network of computing devices. The telemetry data includes performance attributes of the computing device. The server generates a composite indicator associated with the computing device based on a combination of at least two performance attributes of the computing device. The server monitors the composite indicator and, responsive to a determination that the composite indicator meets an alert threshold, generates an alert associated with the computing device. Additionally, the server can monitor the health of the network of computing devices based on composite indicators from multiple computing devices in the network.

Abstract: A method is disclosed that is implemented by a router for executing an internet protocol fast reroute process in response to a network event invalidating a current route to a destination node without degrading forwarding plane functionality or performance caused by indirect forwarding information base lookups. The method comprises a set steps including receiving or generating the network event by the router, the network event associated with a network event identifier and looking up the network event identifier in an event table to determine routes that are affected by the network event. The method further includes determining whether a route with a fast reroute forwarding object is affected by the network event in the routing information base and overwriting a current next hop forwarding object using a backup next hop forwarding object in the forwarding information base.

Abstract: A method is disclosed that is implemented by a router for executing an internet protocol fast reroute process in response to a network event invalidating a current route to a destination node without degrading forwarding plane functionality or performance caused by indirect forwarding information base lookups. The method comprises a set steps including receiving or generating the network event by the router, the network event associated with a network event identifier and looking up the network event identifier in an event table to determine routes that are affected by the network event. The method further includes determining whether a route with a fast reroute forwarding object is affected by the network event in the routing information base and overwriting a current next hop forwarding object using a backup next hop forwarding object in the forwarding information base.

Abstract: A load balancer dynamically load balances packets for network connections between clients and servers. When receiving a packet from a client that requests a new connection, the load balancer checks the current load of all the servers and selects the server most suitable to handle the new connection. The load balancer then forwards that packet to the selected server. If the server accepts the request for the new connection, then the server responds with an acknowledgement packet. The acknowledgement packet also includes the server's blade identification that the client uses for all subsequent packets on the accepted connection. When the load balancer receives a packet containing the blade identification, the load balancer forwards the packet to the server corresponding to the blade identification. Backup load balancers can therefore continue packet forwarding services in a smooth and efficient manner.

Abstract: A load balancer dynamically load balances packets for network connections between clients and servers. When receiving a packet from a client that requests a new connection, the load balancer checks the current load of all the servers and selects the server most suitable to handle the new connection. The load balancer then forwards that packet to the selected server. If the server accepts the request for the new connection, then the server responds with an acknowledgement packet. The acknowledgement packet also includes the server's blade identification that the client uses for all subsequent packets on the accepted connection. When the load balancer receives a packet containing the blade identification, the load balancer forwards the packet to the server corresponding to the blade identification. Backup load balancers can therefore continue packet forwarding services in a smooth and efficient manner.