Abstract: Systems and methods provide for provisioning a dynamic intent-based firewall. A network controller can generate a master route table for network segments reachable from edge network devices managed by the controller. The controller can receive zone definition information mapping the network segments into zones and Zone-based Firewall (ZFW) policies to apply to traffic between a source and destination zone specified by each ZFW policy. The controller can evaluate a ZFW policy to determine first edge network devices that can reach first network segments mapped to the source zone specified by the ZFW policy, second edge network devices that can reach second network segments mapped to the destination zone specified by the ZFW policy, and routing information (from the route table) between the first network segments, the first and second edge network devices, and the second network segments. The controller can transmit the routing information to the edge network devices.

Abstract: Systems, methods, and computer-readable media for scaling a source network. A system may be configured to receive a network configuration for a source network, wherein the source network comprising a plurality of nodes, receive and a scale target for a scaled network, and identify, based on the scale target, one or more selected nodes in the plurality of nodes in the source network for implementing in the scaled network. The system may further be configured to reconfigure data plane parameters and control plane parameters for each node in the one or more selected nodes.

Abstract: Systems and methods provide for synergistic domain name system DNS security updates for an enterprise network operating under a Software Defined Wide Area Network (SD-WAN). A system may be configured to collect positive and/or negative unified threat defense (UTD) results, deploy a rules-based model that, when a threat or clearance is detected across several SD-WAN edge network devices, triggers an update to a local security blacklist/whitelist, wherein the update comprises a signature, and push the update to other devices that have not yet seen the threat or clearance.

Abstract: Systems and methods provide for synergistic domain name system DNS security updates for an enterprise network operating under a Software Defined Wide Area Network (SD-WAN). A system may be configured to collect positive and/or negative unified threat defense (UTD) results, deploy a rules-based model that, when a threat or clearance is detected across several SD-WAN edge network devices, triggers an update to a local security blacklist/whitelist, wherein the update comprises a signature, and push the update to other devices that have not yet seen the threat or clearance.

Abstract: Systems, methods, and computer-readable media for scaling a source network. A system may be configured to receive a network configuration for a source network, wherein the source network comprising a plurality of nodes, receive and a scale target for a scaled network, and identify, based on the scale target, one or more selected nodes in the plurality of nodes in the source network for implementing in the scaled network. The system may further be configured to reconfigure data plane parameters and control plane parameters for each node in the one or more selected nodes.

Abstract: Systems and methods provide for provisioning a dynamic intent-based firewall. A network controller can generate a master route table for network segments reachable from edge network devices managed by the controller. The controller can receive zone definition information mapping the network segments into zones and Zone-based Firewall (ZFW) policies to apply to traffic between a source and destination zone specified by each ZFW policy. The controller can evaluate a ZFW policy to determine first edge network devices that can reach first network segments mapped to the source zone specified by the ZFW policy, second edge network devices that can reach second network segments mapped to the destination zone specified by the ZFW policy, and routing information (from the route table) between the first network segments, the first and second edge network devices, and the second network segments. The controller can transmit the routing information to the edge network devices.

Abstract: Systems, methods, and computer-readable media for scaling a source network. A system may be configured to receive a network configuration for a source network, wherein the source network comprising a plurality of nodes, receive and a scale target for a scaled network, and identify, based on the scale target, one or more selected nodes in the plurality of nodes in the source network for implementing in the scaled network. The system may further be configured to reconfigure data plane parameters and control plane parameters for each node in the one or more selected nodes.

Abstract: Systems, methods, and computer-readable media for designing network performance and configuration include determining one or more use cases for a network to be provisioned, based on at least one or more business verticals related to a customer of the network. A data plane scale is determined from the use cases and an initial data plane scale generated using a linear regression on one or more data plane parameters. The data plane parameters include a platform type, feature set, packet size, or software version of the network. A control plane scale is determined from the use cases and an initial control plane scale generated using a linear regression on one or more control plane parameters of the network. The control plane parameters include a platform type, feature set, or software version of the network. The network is provisioned for the data plane scale and the control plane scale.

Abstract: Systems and methods provide for provisioning a dynamic intent-based firewall. A network controller can generate a master route table for network segments reachable from edge network devices managed by the controller. The controller can receive zone definition information mapping the network segments into zones and Zone-based Firewall (ZFW) policies to apply to traffic between a source and destination zone specified by each ZFW policy. The controller can evaluate a ZFW policy to determine first edge network devices that can reach first network segments mapped to the source zone specified by the ZFW policy, second edge network devices that can reach second network segments mapped to the destination zone specified by the ZFW policy, and routing information (from the route table) between the first network segments, the first and second edge network devices, and the second network segments. The controller can transmit the routing information to the edge network devices.

Abstract: Systems, methods, and computer-readable media for scaling a source network. A system may be configured to receive a network configuration for a source network, wherein the source network comprising a plurality of nodes, receive and a scale target for a scaled network, and identify, based on the scale target, one or more selected nodes in the plurality of nodes in the source network for implementing in the scaled network. The system may further be configured to reconfigure data plane parameters and control plane parameters for each node in the one or more selected nodes.

Abstract: The present disclosure is directed to a peer node discovery process whereby a network management node can discover peers of inaccessible nodes that have lost connectivity to the network management node over the control plane and receive health report of the inaccessible nodes via the discovered peers. In one example, a method includes detecting a loss of connectivity to a network node; based on a type of the network node, performing one of a first process or a second process to obtain a health report of the network node, the first process and the second process including identification of at least one corresponding peer node from which the health report of the network node is to be received; and analyzing the health report to determine root cause of the loss of connectivity.

Abstract: Systems, methods, and computer-readable media for designing network performance and configuration include determining one or more use cases for a network to be provisioned, based on at least one or more business verticals related to a customer of the network. A data plane scale is determined from the use cases and an initial data plane scale generated using a linear regression on one or more data plane parameters. The data plane parameters include a platform type, feature set, packet size, or software version of the network. A control plane scale is determined from the use cases and an initial control plane scale generated using a linear regression on one or more control plane parameters of the network. The control plane parameters include a platform type, feature set, or software version of the network. The network is provisioned for the data plane scale and the control plane scale.

Abstract: A method may include receiving monitor data via the control plane from at least one device of a set of devices in the SDN. The method may further include generating a data model based on a set of SDN parameters and the monitor data. The method may also include determining a change for at least one device of the set of devices in the SDN based on the data model. The method may include generating a policy, based on the change for at least one device of the set of devices in the SDN. The method may further include sending the policy via the control plane to the set of devices in the SDN.

Abstract: Systems and methods provide for synergistic domain name system DNS security updates for an enterprise network operating under a Software Defined Wide Area Network (SD-WAN). A system may be configured to collect positive and/or negative unified threat defense (UTD) results, deploy a rules-based model that, when a threat or clearance is detected across several SD-WAN edge network devices, triggers an update to a local security blacklist/whitelist, wherein the update comprises a signature, and push the update to other devices that have not yet seen the threat or clearance.

Abstract: Systems and methods provide for provisioning a dynamic intent-based firewall. A network controller can generate a master route table for network segments reachable from edge network devices managed by the controller. The controller can receive zone definition information mapping the network segments into zones and Zone-based Firewall (ZFW) policies to apply to traffic between a source and destination zone specified by each ZFW policy. The controller can evaluate a ZFW policy to determine first edge network devices that can reach first network segments mapped to the source zone specified by the ZFW policy, second edge network devices that can reach second network segments mapped to the destination zone specified by the ZFW policy, and routing information (from the route table) between the first network segments, the first and second edge network devices, and the second network segments. The controller can transmit the routing information to the edge network devices.

Abstract: A method may include receiving monitor data via the control plane from at least one device of a set of devices in the SDN. The method may further include generating a data model based on a set of SDN parameters and the monitor data. The method may also include determining a change for at least one device of the set of devices in the SDN based on the data model. The method may include generating a policy, based on the change for at least one device of the set of devices in the SDN. The method may further include sending the policy via the control plane to the set of devices in the SDN.

Abstract: A method may include generating a set of instructions for a set of devices in a software-defined network (SDN) to monitor a set of characteristics. The method may further include sending the set of instructions to the set of devices in the SDN via a control plane. The method may also include receiving monitor data via the control plane from at least one device of the set of devices in the SDN. The method may include receiving an input signal to generate a data model in view of a set of input parameters. The method may further include generating the data model based on the set of input parameters and the monitor data. The method may include causing an action pertaining to the SDN in view of the data model.