Abstract: An apparatus configured to perform resilient data plane processing using multiple network streams may comprise a memory and a processor communicatively coupled to one another. The processor may be configured to establish a connection with the data aggregator, and request access to one or more resources from a data aggregator. Further, the processor may be configured to receive a first data stream and a second data stream from the data aggregator, combine a version of the first data stream and a version of the second data stream into a local data stream, and present the local data stream.

Abstract: A system and method are provided for implementing a network component and verifying an update of the network component. The network component can be, e.g., a software-defined wide area network, a firewall, a router, or a load balancer. The network component can be an embedded network edge device that is implemented, e.g., in software, in circuitry, or using hardware acceleration (e.g., a data processing unit (DPU), a smart network interface card (SmartNIC), etc.). The updated version of the network component is verified by implementing it on a shadow dataplane concurrently with the current version operating on a primary dataplane, and comparing the performances of these two versions. Based on this comparison satisfying various verification criteria, the updated version passes a verification test and can be promoted to the primary dataplane.

Abstract: A system and method are provided for dynamically placing security controls in a network infrastructure. Input values representing the workload are ingested. A network component is placed in front of the workload to process/filter ingress traffic into the workload. The input values are analyzed to determine the asset criticality of the workload and to determine which vulnerabilities to which the workload is susceptible. Based on this analysis of the input values, compensating controls are selected to protect the workload from the determined vulnerabilities, and the network component is dynamically programed to perform these compensating controls on the ingress traffic. The network component is located directly in front of the workload, and it can be a data processing unit (DPU), a Berkley packet filter (BPF), and/or an extended BPF (eBPF) capability.

Abstract: A system and method are provided for continuous integration, continuous deployment of a network component, such as a software-defined wide area network, a firewall, a router, or a load balancer. The software development lifecycle is achieved without interrupting the data flow of the network by using a multi-dataplane architecture, including a primary dataplane and a shadow dataplane. A packet dispatcher relays ingress data packets to the primary dataplane executing a current version of the network component and the shadow dataplane executing an upgrade to the network component. A control plane agent analyzes/compares the performances of the respective dataplanes for verification testing, and the control plane agent upgrades the network component to the new version upon passing the verification testing. The upgrades is achieved without interruption to the data flow of the network component by gradually transitioning to outputting egress data packets generated using the upgraded version.

Abstract: A system and method are provided that use metadata encoded in a data flow to determine security actions to perform at a policy-enforcement point based on the security-chain context for the data flow that is provided by metadata (e.g., the security-chain context can include which security operations have been performed upstream on which data packets). The policy-enforcement point receives the data flow and the metadata, including attestations of the security operations that have previously (e.g., upstream) been applied to the data flow. Based on the attested to security operations, the policy-enforcement point selects what security actions to apply next to the data flow, e.g., additional security operations to apply, allow the data flow into a workload or trust zone, drop the workload, perform dynamic load balancing.

Abstract: A system and method are provided for implementing a network component, such as a software-defined wide area network, a firewall, a router, or a load balancer. The network component can be an embedded network edge device that is implemented, e.g., in software, in circuitry, or using hardware acceleration (e.g., a data processing unit (DPU), a smart network interface card (SmartNIC), etc.). The system can include multiple dataplanes, including a primary dataplane and a shadow dataplane. A packet dispatcher relays received data packets to a primary dataplane and the shadow dataplane. The primary dataplane applies a current version of the network component to data packets, and the secondary dataplane applies a new version of the network component to identical replicas of the data packets. A control plane agent compares performance data gathered from the respective dataplanes to perform verification testing on the new version of the network component.

Abstract: A fence post including a body, a depth spade, and an insertion spade. The body including a first cylindrical member, second cylindrical member, a third cylindrical member and one or more wire retainers. The first cylindrical member, second cylindrical member, and third cylindrical member are coupled to one another by at least one point on a circumference of the first cylindrical member, second cylindrical member, and third cylindrical member. The one or more wire retainers spaced along a length of the body. The depth spade located at a first location on the length of the fence post. The insertion spade located at a second location on the length of the fence post.

Abstract: A balloon comprising: a center portion having a proximal end, a distal end opposite the proximal end, and a length between the proximal end and the distal end. The center portion comprises: a first nominal diameter and a first radial modulus at the proximal end; a second nominal diameter and a second radial modulus at the distal end; further wherein, the first nominal diameter is equal to the second nominal diameter, such that, when the balloon is inflated to a nominal pressure, the center portion has a constant diameter over the length; and further wherein, the first radial modulus is smaller than the second radial modulus, such that, when the balloon is inflated above a nominal pressure, the center portion adopts a tapered shape in which the proximal end has a first stretched diameter and the distal end has a second stretched diameter, the first stretched diameter being larger than the second stretched diameter.

Abstract: In one aspect, a computerized system useful for implementing a virtual private network (VPN) including an edge device that automatically establishes an Internet Protocol Security (IPsec) tunnel alongside an unsecure Multipath Protocol (MP) tunnel with a gateway device in preparation for a transmission of a secure traffic communication. The edge device has a list of local subnets. The edge device sends the list of local subnets to the gateway during an initial MP tunnel establishment handshake message exchange between the edge device and the gateway device. Each subnet includes an indication of whether the subnet is reachable over the VPN. A gateway device that automatically establishes the IPsec tunnel alongside the unsecure MP tunnel with the edge device. An enterprise datacenter server that comprises an orchestrator module that receives a toggle the VPN command and enables the VPN on the orchestrator.

Abstract: In one aspect, a computerized method useful for connecting to a multipath hub in a cluster includes the step of, with a gateway in a same network as the cluster, receiving, from a branch edge, a request to connect to a logical identifier (ID) of the multipath hub. The gateway recognizes a logical ID representing a cluster. The gateway determines a least-loaded edge in the cluster to be the multipath hub. The gateway returns a connectivity information for the multipath hub. The branch edge configures a tunnel to the multipath hub.

Abstract: Some embodiments of the invention provide a method of remediating anomalies in an SD-WAN implemented by multiple forwarding elements (FEs) located at multiple sites connected by the SD-WAN. The method determines that a particular anomaly detected in the SD-WAN requires remediation to improve performance for a set of one or more flows traversing through the SD-WAN. The method identifies a set of two or more remedial actions for remediating the particular anomaly in the SD-WAN. For each identified remedial action in the set, the method selectively implements the identified remedial action for a subset of the set of flows for a duration of time in order to collect a set of performance metrics associated with SD-WAN performance during the duration of time for which the identified remedial action is implemented.

Abstract: Some embodiments of the invention provide a method for remediating anomalies in an SD-WAN implemented by multiple forwarding elements (FEs) located at multiple sites connected by the SD-WAN. The method is performed for each particular FE in a set of one or more FEs. The method identifies a set of metrics associated with each application of multiple applications for which the particular FE forwards traffic flows. For each particular application of the multiple applications, the method generates a distribution graph that shows the identified set of metrics associated with the particular application for the particular FE over a first duration of time.

Abstract: A drive system comprising a rotatable input disc that receives an input rotational force and rotates about a longitudinal axis, where the input disc comprises driving features formed on its interior face. The drive system also comprises a rotatable output disc that rotates about the longitudinal axis and comprises driving features formed on its interior face, where the output disc provides an output rotational force. The drive system comprises a drive core between the interior face of the input disc and the interior face of the output disc to translate the input rotational force to the output rotational force. As the input disc is rotated by the input rotational force, engaging feature(s) of power disc(s) in the drive core engages the driving features of the input disc causing rotation of each power disc. As the power disc(s) is rotated, the engaging feature(s) of each power disc(s) engages the driving features of the output disc causing rotation of the output disc.

Abstract: Compositions and methods for isolating L-glufosinate from a composition comprising L-glufosinate and glutamate are provided. The method comprises converting the glutamate to pyroglutamate followed by the isolation of L-glufosinate from the pyroglutamate and other components of the composition to obtain substantially purified L-glufosinate. The composition comprising L-glufosinate and glutamate is subjected to an elevated temperature for a sufficient time to allow for the conversion of glutamate to pyroglutamate, followed by the isolation of L-glufosinate from the pyroglutamate and other components of the composition to obtain substantially purified L-glufosinate. The glutamate alternatively may be converted to pyroglutamate by enzymatic conversion. The purified L-glufosinate is present in a final composition at a concentration of 90% or greater of the sum of L-glufosinate, glutamate, and pyroglutamate.

Abstract: The invention relates to the identification of fusion proteins comprising polypeptide and protein variants of fibroblast growth factor 21 (FGF21) with improved pharmaceutical properties. Also disclosed are methods for treating FGF21-associated disorders, including metabolic conditions.

Abstract: Some embodiments of the invention provide a method of detecting and remediating anomalies in an SD-WAN implemented by multiple forwarding elements (FEs) located at multiple sites connected by the SD-WAN. The method receives, from the multiple FEs, multiple sets of flow data associated with application traffic that traverses the multiple FEs. The method uses a first set of machine-trained processes to analyze the multiple sets of flow data in order to identify at least one anomaly associated with at least one particular FE in the multiple FEs. The method uses a second set of machine-trained processes to identify at least one remedial action for remediating the identified anomaly. The method implements the identified remedial action by directing an SD-WAN controller deployed in the SD-WAN to implement the identified remedial action.

Abstract: Compositions and methods for isolating L-glufosinate from a composition comprising L-glufosinate and glutamate are provided. The method comprises converting the glutamate to pyroglutamate followed by the isolation of L-glufosinate from the pyroglutamate and other components of the composition to obtain substantially purified L-glufosinate. The composition comprising L-glufosinate and glutamate is subjected to an elevated temperature for a sufficient time to allow for the conversion of glutamate to pyroglutamate, followed by the isolation of L-glufosinate from the pyroglutamate and other components of the composition to obtain substantially purified L-glufosinate. The glutamate alternatively may be converted to pyroglutamate by enzymatic conversion. The purified L-glufosinate is present in a final composition at a concentration of 90% or greater of the sum of L-glufosinate, glutamate, and pyroglutamate.

Abstract: In one aspect, a computerized method useful for connecting to a multipath hub in a cluster includes the step of, with a gateway in a same network as the cluster, receiving, from a branch edge, a request to connect to a logical identifier (ID) of the multipath hub. The gateway recognizes a logical ID representing a cluster. The gateway determines a least-loaded edge in the cluster to be the multipath hub. The gateway returns a connectivity information for the multipath hub. The branch edge configures a tunnel to the multipath hub.

Abstract: Some embodiments provide a method for quantifying quality of several service classes provided by a link between first and second forwarding nodes in a wide area network (WAN). At a first forwarding node, the method computes and stores first and second path quality metric (PQM) values based on packets sent from the second forwarding node for the first and second service classes. The different service classes in some embodiments are associated with different quality of service (QoS) guarantees that the WAN offers to the packets. In some embodiments, the computed PQM value for each service class quantifies the QoS provided to packets processed through the service class. In some embodiments, the first forwarding node adjusts the first and second PQM values as it processes more packets associated with the first and second service classes. The first forwarding node also periodically forwards to the second forwarding node the first and second PQM values that it maintains for the first and second service classes.