Abstract: A software-defined network controller (SDN controller) defines a first network flow to be selectively implemented by a networking device according to a first network operation profile. The SDN controller defines a second network flow to be selectively implemented by the networking device according to a second network operation profile. A memory device of the networking device may store at least first and second network operation profiles for selective implementation based on network packet characteristic matching and/or a “trigger alarm” event. The first network operation profile is implemented when an incoming network packet matches a pre-defined and/or customizable network packet characteristic match template. The second network operation profile is implemented when a “trigger alarm” event is received. A network operation profile may execute a write action to latch, or otherwise trigger, a physical alarm of a networking device or associated device.

Abstract: The present disclosure pertains to systems and methods for selectively encrypting data flows within a software defined network (SDN). In one embodiment, a communication device may be configured to receive a plurality of unencrypted data packets. The communication device may receive from an SDN controller a criterion used to identify at least one of the unencrypted data flows to be encrypted. Based on the criterion, an encryption subsystem may generate an encrypted data flow the unencrypted data packets based on an encryption key. In some embodiments, the encryption system may parse the packets and encrypt the data payloads without encrypting the routing information associated with the packet. In other embodiments, the encryption subsystem may be configured to encapsulate and encrypt the entire unencrypted data packet. In some embodiments, the encryption subsystem may further be configured to authenticate a sending device and/or to verify the integrity of a message.

Abstract: The present disclosure pertains to systems and methods for automating the configuration of communication hosts in a software defined network (SDN) associated with an electric power transmission and distribution system. The systems and methods presented herein may utilize communication host profiles to specify various repeatable attributes and customizable attributes that may be utilized to configure the communication host and the SDN. In one embodiment, a system may comprise a communication host profile subsystem configured to select a communication host profile associated with a communication host. The host communication profile subsystem may configure the communication host based on one or more repeatable attributes and on one or more customizable attributes specified in the host communication profile. A traffic routing system may further configure a plurality of communication flows in the SDN based on the communication host based on the host communication profile.

Abstract: A software-defined network controller (SDN controller) defines a first network flow to be selectively implemented by a networking device according to a first network operation profile. The SDN controller defines a second network flow to be selectively implemented by the networking device according to a second network operation profile. The first and second network operation profiles are stored within a memory of the networking device to be selectively implemented based on the status of a profile selection input on the networking device. The profile selection input is a contact input in some embodiments. When the contact input is de-asserted, the networking device implements the first network flow according to the first network operation profile. When the contact input is asserted, the networking device implements the second network flow according to the second network operation profile.

Abstract: A software-defined network controller (SDN controller) defines a first network flow to be selectively implemented by a networking device according to a first network operation profile. The SDN controller defines a second network flow to be selectively implemented by the networking device according to a second network operation profile. The first and second network operation profiles are stored within a memory of the networking device to be selectively implemented during different time periods based on a precision time input via a precision time input port on the networking device. In some embodiments, the networking device may detect a network event and implement a network operation profile for a preset time period based on the precision time input.

Abstract: The present disclosure pertains to systems and methods of monitoring communication devices and communication links in a software defined network (SDN). In one embodiment, a system may include a communications interface configured to receive a plurality of ingress packets. A forwarding subsystem may match a subset of the plurality of ingress packets with the data flow and forwarding the subset of the plurality of ingress packets based on a first instruction set associated with the data flow. A statistical information subsystem may update a meter count associated with the subset of the plurality of ingress packets matched with the data flow. A logic engine configured to determine that the meter count fails to satisfy a threshold, change a port link state based on the failure to satisfy the threshold; and transition from the first instruction set to a second instruction set associated with the flow data.

Abstract: The present disclosure pertains to systems and methods of monitoring communication devices and communication links in a software-defined network (SDN). Network packets may be colored or tagged for routing to a packet analyzer. A VLAN bitmask may be added to a packet to identify the packet for inspection and, optionally, provide origin information identify a switch and/or port of origin. Port mirroring may be utilized and/or eventual routing of network packets to their original destination may ensure that network traffic is not disrupted. In one example, a most significant bit of a VLAN bitmask may be used by a match rule to identify packets intended for a packet analyzer without regard to original packet routing instructions and/or packet content.

Abstract: A software-defined network controller (SDN controller) defines a first network flow to be selectively implemented by a networking device according to a first network operation profile. The SDN controller defines a second network flow to be selectively implemented by the networking device according to a second network operation profile. A memory device of the networking device may store at least first and second network operation profiles for selective implementation during defined event windows. The event window(s) may be defined by start event inputs and stop event inputs. The event inputs may include, without limitation, a combination of parameter-based inputs and/or temporal inputs. In one specific embodiment, the networking device detects a network event and modifies a network operation profile for a preset time period and/or until an interrupt or stop event is detected.

Abstract: A software-defined network controller (SDN controller) defines a first network flow to be selectively implemented by a networking device according to a first network operation profile. The SDN controller defines a second network flow to be selectively implemented by the networking device according to a second network operation profile. The first and second network operation profiles are stored within a memory of the networking device to be selectively implemented during different time periods based on a precision time input via a precision time input port on the networking device. In some embodiments, the networking device may detect a network event and implement a network operation profile for a preset time period based on the precision time input.

Abstract: A software-defined network controller (SDN controller) defines a first network flow to be selectively implemented by a networking device according to a first network operation profile. The SDN controller defines a second network flow to be selectively implemented by the networking device according to a second network operation profile. A memory device of the networking device may store at least first and second network operation profiles for selective implementation based on network packet characteristic matching and/or a “trigger alarm” event. The first network operation profile is implemented when an incoming network packet matches a pre-defined and/or customizable network packet characteristic match template. The second network operation profile is implemented when a “trigger alarm” event is received. A network operation profile may execute a write action to latch, or otherwise trigger, a physical alarm of a networking device or associated device.

Abstract: The present disclosure pertains to systems and methods of monitoring communication devices and communication links in a software defined network (SDN). In one embodiment, a system may include a communications interface configured to receive a plurality of ingress packets. A forwarding subsystem may match a subset of the plurality of ingress packets with the data flow and forwarding the subset of the plurality of ingress packets based on a first instruction set associated with the data flow. A statistical information subsystem may update a meter count associated with the subset of the plurality of ingress packets matched with the data flow. A logic engine configured to determine that the meter count fails to satisfy a threshold, change a port link state based on the failure to satisfy the threshold; and transition from the first instruction set to a second instruction set associated with the flow data.

Abstract: Systems and methods are disclosed that provide for physical access management of an access-controlled area of a distributed site of an electric power delivery system using one or more one or more articulated access control policies. In some embodiments, to authenticate rights to access an access-controlled area, a first user may provide an associated access control system with credentials satisfying first authentication requirements based on an applicable policy. In connection with subsequent access authentication requests, the access control system may accept credentials satisfying second authentication requirements that may be different than the first authentication requirements. In this manner, access control requirements to the access-controlled area may be managed based on an associated articulated policy.

Abstract: Systems and methods are disclosed that provide for physical access management of an access-controlled area of a distributed site of an electric power delivery system using one or more one or more articulated access control policies. In some embodiments, to authenticate rights to access an access-controlled area, a first user may provide an associated access control system with credentials satisfying first authentication requirements based on an applicable policy. In connection with subsequent access authentication requests, the access control system may accept credentials satisfying second authentication requirements that may be different than the first authentication requirements. In this manner, access control requirements to the access-controlled area may be managed based on an associated articulated policy.

Abstract: Systems and methods are disclosed that provide for managing transient assets used in connection with an access-controlled area of a distribution site of an electric power delivery system. In some embodiments, one or more users entering and access-controlled area may be identified via physical access control credentials provided to an associated access control system. Transient assets brought within an access-controlled area may be detected via one or more wired and/or wireless communication channels and may be associated with the one or more identified users located within the access-controlled area.

Abstract: The present disclosure pertains to systems and methods for selectively encrypting data flows within a software defined network (SDN). In one embodiment, a communication device may be configured to receive a plurality of unencrypted data packets. The communication device may receive from an SDN controller a criterion used to identify at least one of the unencrypted data flows to be encrypted. Based on the criterion, an encryption subsystem may generate an encrypted data flow the unencrypted data packets based on an encryption key. In some embodiments, the encryption system may parse the packets and encrypt the data payloads without encrypting the routing information associated with the packet. In other embodiments, the encryption subsystem may be configured to encapsulate and encrypt the entire unencrypted data packet. In some embodiments, the encryption subsystem may further be configured to authenticate a sending device and/or to verify the integrity of a message.

Abstract: A software-defined network controller (SDN controller) defines a first network flow to be selectively implemented by a networking device according to a first network operation profile. The SDN controller defines a second network flow to be selectively implemented by the networking device according to a second network operation profile. The first and second network operation profiles are stored within a memory of the networking device to be selectively implemented based on the status of a profile selection input on the networking device. The profile selection input is a contact input in some embodiments. When the contact input is de-asserted, the networking device implements the first network flow according to the first network operation profile. When the contact input is asserted, the networking device implements the second network flow according to the second network operation profile.

Abstract: The present disclosure pertains to systems and methods to identify high-priority traffic within a software defined network (“SDN”) and to route such traffic through physically distinct communication paths. Such routing may help to reduce network congestion faced by high-priority traffic and increase the reliability of transmission of such data. Certain embodiments may further be configured to generate a failover communication path that is physically distinct from a primary communication path. Still further, certain embodiments may be configured to suggest enhancements to a network that may improve a reliability criterion.

Abstract: The present disclosure pertains to systems and methods for selectively encrypting data flows within a software defined network (SDN). In one embodiment, a communication device may be configured to receive a plurality of unencrypted data packets. The communication device may receive from an SDN controller a criterion used to identify at least one of the unencrypted data flows to be encrypted. Based on the criterion, an encryption subsystem may generate an encrypted data flow the unencrypted data packets based on an encryption key. In some embodiments, the encryption system may parse the packets and encrypt the data payloads without encrypting the routing information associated with the packet. In other embodiments, the encryption subsystem may be configured to encapsulate and encrypt the entire unencrypted data packet. In some embodiments, the encryption subsystem may further be configured to authenticate a sending device and/or to verify the integrity of a message.

Abstract: The present disclosure pertains to systems and methods to identify high-priority traffic within a software defined network (“SDN”) and to route such traffic through physically distinct communication paths. Such routing may help to reduce network congestion faced by high-priority traffic and increase the reliability of transmission of such data. Certain embodiments may further be configured to generate a failover communication path that is physically distinct from a primary communication path. Still further, certain embodiments may be configured to suggest enhancements to a network that may improve a reliability criterion.

Abstract: The present disclosure pertains to systems and method for configuration of communication flows in a software defined network (“SDN”). In one embodiment, a system is operable to configure a communication flow between a first host and a second host. A mode selection subsystem is configured to cause a plurality of network devices in a network connecting the first communication host and the second communication host to transition between an open mode and an SDN operating mode. In the open mode, the network devices may discover a communication path between the first host and the second host. An analysis subsystem may receive information from the plurality of network devices information about the discovered path, and a topology discovery subsystem may be configured to create a communication flow corresponding to the discovered path. The communication flow may allow communication between the first host and the second host in the SDN operating mode.