Patents by Inventor Shangwei Duan
Shangwei Duan has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Publication number: 20240114425Abstract: During authentication of an SDWAN tunnel, Intent ISAKMP packets authenticate the local SDWAN controller and the remote SDWAN controller with each other, wherein the ISAKMP packets include a notify payload. Configured link costs associated with at least two member paths at the remote SDWAN controller that have heterogeneous physical attributes from the notify payload of the ISAKMP packets are retrieved. The configured link-cost of the at least two member paths is reflective of link physical attributes. One of the at least two member paths is identified based on a lowest link-cost between the at least two member paths, for steering SDWAN network traffic.Type: ApplicationFiled: September 30, 2022Publication date: April 4, 2024Inventors: Shengyang Wei, Shangwei Duan
-
Patent number: 11791932Abstract: Systems and methods are provided for error correction in network data transfers. In some cases, such systems and methods include selection of a ratio of error correction to user data based upon determined communication channel health.Type: GrantFiled: January 26, 2021Date of Patent: October 17, 2023Assignee: Fortinet, Inc.Inventors: Scott Parker, Shangwei Duan
-
Patent number: 11765089Abstract: Systems and methods for dynamic service-based load balancing in an SD-WAN are provided. According to one embodiment, a subnet assigned to a client device by a hub network of the SD-WAN and one or more attributes of a path or a route to a group of clients within the subnet are received by a first process of an SD-WAN controller via a dynamic routing protocol. A tagged subnet is generated by the first process by tagging the subnet with a route tag corresponding to the one or more attributes. The first process informs the SD-WAN of the tagged subnet by communicating the tagged subnet to a second process of the SD-WAN controller via an inter-process communication mechanism. Responsive to receipt of the tagged subnet, the second process translates an SD-WAN service rule defined with reference to the route tag to an SD-WAN service rule defined with reference to the subnet.Type: GrantFiled: November 26, 2020Date of Patent: September 19, 2023Assignee: Fortinet, Inc.Inventors: Shangwei Duan, Xin Gu
-
Publication number: 20230135386Abstract: A health check is generated for at least two member paths between the local SDWAN controller and a remote SDWAN controller, with a set health check probe packets for transmission by the network interface to remote SDWAN controllers. A link cost is determined for each member path from a set of health check response packets received by the network interface. SDWAN network traffic is prioritized for each member path between the local SDWAN controller and the remote SDWAN controller based at least in part on the link cost.Type: ApplicationFiled: November 2, 2021Publication date: May 4, 2023Inventor: Shangwei Duan
-
Publication number: 20220239408Abstract: Systems and methods are provided for error correction in network data transfers. In some cases, such systems and methods include selection of a ratio of error correction to user data based upon determined communication channel health.Type: ApplicationFiled: January 26, 2021Publication date: July 28, 2022Applicant: Fortinet, Inc.Inventors: Scott Parker, Shangwei Duan
-
Patent number: 11329913Abstract: Systems and methods are described for automatically controlling network routing between downstream side and upstream side of a communication network to enforce symmetric routing. According to one embodiment, a Software-Defined Wide Area Network (SDWAN) controller of a network device associated with a spoke site of an SDWAN manages links forming the SDWAN. The controller receives information regarding route maps, including a preferred route-map and an un-preferred route-map. Further, the controller configures a local BGP daemon with the route maps to exchange routing information including a BGP attribute with the BGP peers and selects a link on which network traffic is to be transmitted. The controller causes the BGP daemon to (i) use the preferred route-map to advertise the routing information to the BGP peer associated with the selected link, and (ii) use the un-preferred route-map to advertise the routing information to a remainder of the BGP peers.Type: GrantFiled: March 26, 2020Date of Patent: May 10, 2022Assignee: Fortinet, Inc.Inventors: Shangwei Duan, Xin Gu
-
Patent number: 11140059Abstract: Systems and methods are described for active path detection for on-demand network links in an SDWAN. According to one embodiment, on establishment of an on-demand network link between a first spoke device and a second spoke device of an SDWAN, the first spoke creates a health check object and periodically measures a metric representing a latency between the first and second spokes. Responsive to receipt of a packet via the on-demand network link, the first spoke determines whether the packet represents transmission of probing or user traffic. When the packet represents user traffic, the first spoke causes an idle timer associated with the on-demand network link to be restarted. When the packet represents probing traffic, the first spoke allows the idle timer to run so the on-demand network link may be removed when the idle timer expires.Type: GrantFiled: March 24, 2020Date of Patent: October 5, 2021Assignee: Fortinet, Inc.Inventor: Shangwei Duan
-
Publication number: 20210306247Abstract: Systems and methods are described for active path detection for on-demand network links in an SDWAN. According to one embodiment, on establishment of an on-demand network link between a first spoke device and a second spoke device of an SDWAN, the first spoke creates a health check object and periodically measures a metric representing a latency between the first and second spokes. Responsive to receipt of a packet via the on-demand network link, the first spoke determines whether the packet represents transmission of probing or user traffic. When the packet represents user traffic, the first spoke causes an idle timer associated with the on-demand network link to be restarted. When the packet represents probing traffic, the first spoke allows the idle timer to run so the on-demand network link may be removed when the idle timer expires.Type: ApplicationFiled: March 24, 2020Publication date: September 30, 2021Applicant: Fortinet, Inc.Inventor: Shangwei Duan
-
Publication number: 20210306261Abstract: Systems and methods are described for automatically controlling network routing between downstream side and upstream side of a communication network to enforce symmetric routing. According to one embodiment, a Software-Defined Wide Area Network (SDWAN) controller of a network device associated with a spoke site of an SDWAN manages links forming the SDWAN. The controller receives information regarding route maps, including a preferred route-map and an un-preferred route-map. Further, the controller configures a local BGP daemon with the route maps to exchange routing information including a BGP attribute with the BGP peers and selects a link on which network traffic is to be transmitted. The controller causes the BGP daemon to (i) use the preferred route-map to advertise the routing information to the BGP peer associated with the selected link, and (ii) use the un-preferred route-map to advertise the routing information to a remainder of the BGP peers.Type: ApplicationFiled: March 26, 2020Publication date: September 30, 2021Applicant: Fortinet, Inc.Inventors: Shangwei Duan, Xin Gu
-
Patent number: 11063905Abstract: Systems and methods for detecting Internet services by a network policy controller are provided. According to one embodiment, a network controller maintains an Internet service database (ISDB) in which multiple Internet services and corresponding protocols, port numbers, Internet Protocol (IP) address ranges and singularity levels of the IP ranges are stored. The network policy controller intercepts network traffic and detects the Internet service of the network traffic. If an IP address of the network traffic falls in an IP range with highest singularity level and the protocol type, port number of the network traffic are matched in the ISDB, the corresponding Internet service is identified as the Internet service of the network traffic. The network policy controller further controls transmission of the network traffic based on the Internet service.Type: GrantFiled: May 9, 2019Date of Patent: July 13, 2021Assignee: Fortinet, Inc.Inventors: Shangwei Duan, Peixue Li
-
Publication number: 20210105212Abstract: Systems and methods for dynamic service-based load balancing in an SD-WAN are provided. According to one embodiment, a subnet assigned to a client device by a hub network of the SD-WAN and one or more attributes of a path or a route to a group of clients within the subnet are received by a first process of an SD-WAN controller via a dynamic routing protocol. A tagged subnet is generated by the first process by tagging the subnet with a route tag corresponding to the one or more attributes. The first process informs the SD-WAN of the tagged subnet by communicating the tagged subnet to a second process of the SD-WAN controller via an inter-process communication mechanism. Responsive to receipt of the tagged subnet, the second process translates an SD-WAN service rule defined with reference to the route tag to an SD-WAN service rule defined with reference to the subnet.Type: ApplicationFiled: November 26, 2020Publication date: April 8, 2021Applicant: Fortinet, Inc.Inventors: Shangwei Duan, Xin Gu
-
Patent number: 10951529Abstract: Systems and methods for dynamic service-based load balancing in an SD-WAN are provided. According to one embodiment, a routing protocol daemon of an SDN controller within a spoke network receives a dynamically assigned subnet and associated attributes for a client device newly registered with the hub network. The routing protocol daemon tags the subnet with a route tag using a route map based on the received attributes meeting network administrator-defined match criteria for corresponding attributes associated with the route tag in the route map. The tagged subnet is communicated to an SD-WAN daemon of the SDN controller, which translates an SD-WAN service rule defined with reference to the route tag to an SD-WAN service rule defined with reference to the subnet. A load balancer associated with the spoke network is caused to perform load balancing of incoming network traffic in accordance with the translated SD-WAN service rule.Type: GrantFiled: December 13, 2018Date of Patent: March 16, 2021Assignee: Fortinet, Inc.Inventors: Shangwei Duan, Xin Gu
-
Publication number: 20200358743Abstract: Systems and methods for detecting Internet services by a network policy controller are provided. According to one embodiment, a network controller maintains an Internet service database (ISDB) in which multiple Internet services and corresponding protocols, port numbers, Internet Protocol (IP) address ranges and singularity levels of the IP ranges are stored. The network policy controller intercepts network traffic and detects the Internet service of the network traffic. If an IP address of the network traffic falls in an IP range with highest singularity level and the protocol type, port number of the network traffic are matched in the ISDB, the corresponding Internet service is identified as the Internet service of the network traffic. The network policy controller further controls transmission of the network traffic based on the Internet service.Type: ApplicationFiled: May 9, 2019Publication date: November 12, 2020Applicant: Fortinet, Inc.Inventors: Shangwei Duan, Peixue Li
-
Publication number: 20200195557Abstract: Systems and methods for dynamic service-based load balancing in an SD-WAN are provided. According to one embodiment, a routing protocol daemon of an SDN controller within a spoke network receives a dynamically assigned subnet and associated attributes for a client device newly registered with the hub network. The routing protocol daemon tags the subnet with a route tag using a route map based on the received attributes meeting network administrator-defined match criteria for corresponding attributes associated with the route tag in the route map. The tagged subnet is communicated to an SD-WAN daemon of the SDN controller, which translates an SD-WAN service rule defined with reference to the route tag to an SD-WAN service rule defined with reference to the subnet. A load balancer associated with the spoke network is caused to perform load balancing of incoming network traffic in accordance with the translated SD-WAN service rule.Type: ApplicationFiled: December 13, 2018Publication date: June 18, 2020Applicant: Fortinet, Inc.Inventors: Shangwei Duan, Xin Gu