Emulated Lan (lane/elan/vlan, E.g., Ethernet Or Token Ring Legacy Lan Over A Single Atm Network/lan) Patents (Class 370/395.53)
  • Patent number: 11962572
    Abstract: A system for providing policy-controlled communication over the Internet includes a client endpoint function that executes on a client device while coupled to a first VPN tunnel, a service endpoint function that operates a remote service of a plurality of remote services, and a mid-link server coupled to the first VPN tunnel and a second VPN tunnel. The client endpoint function includes a first VPN endpoint component, and the service endpoint function includes a second VPN endpoint component. A router component operates to route network packet traffic between the first and second VPN tunnels via a route specified by a plurality of policies, an inspection component that analyzes network packet traffic in accordance with the plurality of policies. The plurality of policies for the network packet traffic and the content mediation selected dynamically on the basis of one or more of a user, an application, an endpoint, and a session.
    Type: Grant
    Filed: November 21, 2022
    Date of Patent: April 16, 2024
    Assignee: Netskope, Inc.
    Inventors: Kevin Eugene Sapp, Victor Ronin, David Goldschlag, Vadim Tarnavsky
  • Patent number: 11962498
    Abstract: Symmetric networking techniques disclosed herein can be applied by gateway routers in cloud networks. The techniques can ensure that both outbound traffic received at a cloud from a branch device and return traffic directed from the cloud back to the branch device are processed by a same gateway router. The gateway router can use network address translation to insert IP addresses from an inside pool and an outside pool assigned to the router.
    Type: Grant
    Filed: June 9, 2023
    Date of Patent: April 16, 2024
    Assignee: Cisco Technology, Inc.
    Inventors: Balaji Sundararajan, Ramakumara Kariyappa, Nithin Bangalore Raju, Bhairav Dutia, Vivek Agarwal, Satish Kumar Mahadevan, Ankur Bhargava
  • Patent number: 11956293
    Abstract: Systems and methods for the selection of a network interface/CDN pair from among multiple network interface/CDN pairs are provided. In an embodiment, a method includes retrieving information about sets of CDNs accessible via different network interfaces of a device. A plurality of network interface/CDN pairs are then identified, and performance metrics for each pair are measured. A best pair is selected, and is used to retrieve the next segments of a requested content item.
    Type: Grant
    Filed: March 29, 2023
    Date of Patent: April 9, 2024
    Assignee: Adeia Guides Inc.
    Inventors: Antti Heikkinen, Mikko Uitto
  • Patent number: 11949560
    Abstract: A network device may receive a border gateway protocol (BGP) flow specification route associated with creation of an overlay network slice in a network, and may create a new routing instance based on the BGP flow specification route. The network device may associate interfaces defined by the BGP flow specification route with virtual private network (VPN) members, and may determine VPN parameters based on the BGP flow specification route. The network device may advertise the VPN parameters within the network to cause the network to generate the overlay network slice.
    Type: Grant
    Filed: January 3, 2023
    Date of Patent: April 2, 2024
    Assignee: Juniper Networks, Inc.
    Inventors: Jonathan C. Barth, Vishnu Pavan Beeram, Srihari Ramachandra Sangli, Chandrasekar Ramachandran
  • Patent number: 11929906
    Abstract: Techniques for a head-end node in one or more network autonomous systems to utilize a protocol to instantiate services on tail-end nodes. The head-end node can use a service request mechanism that is enabled by the protocol to request service instantiation on the tail-end node without a network operator having to manually configure the tail-end node, or even having access to the tail-end node. Additionally, the protocol may provide mechanisms to define handling attributes for traffic of the service (e.g., quality of service (QoS) attributes, Maximum Transmission Unit (MTU) settings, etc.), service acknowledgement mechanisms for the head-end node to determine that the service was instantiated on the tail-end node, and so forth. In this way, a head-end node can be used to instantiate a service on a tail-end node without a network operator having to have direct access to the tail-end node to manually configure the tail-end node.
    Type: Grant
    Filed: December 10, 2021
    Date of Patent: March 12, 2024
    Assignee: CISCO TECHNOLOGY, INC.
    Inventors: Patrice Brissette, Thierry Couture, Karen Michele Cadora, Jiri Chaloupka, Suresh Basavarajappa
  • Patent number: 11902051
    Abstract: Disclosed are methods for detecting misconfigured VLANs. In some embodiments, traffic on a VLAN across multiple access points is categorized. Traffic on the VLAN at a single access point is then also categorized. The categorization of the VLAN traffic at the single access point can be in response to, for example, communication errors or other conditions. The two categorizations are then compared to determine if the VLAN traffic at the AP is consistent with the VLAN traffic across a network (e.g., an enterprise network). If the VLAN traffic at the AP is generally consistent with that across the network, this may indicate that a downstream network component, such as a switch or router, is misconfigured. Thus, some embodiments programmatically reconfigure the downstream component to forward traffic for the VLAN.
    Type: Grant
    Filed: June 22, 2022
    Date of Patent: February 13, 2024
    Assignee: Juniper Networks, Inc.
    Inventor: Jisheng Wang
  • Patent number: 11849401
    Abstract: The minimization of the amount of power consumed by an electronic device in acquiring or maintaining network connectivity with a network may extend the battery life of the electronic device. When the electronic device has established a communication connection with a wireless access point, the electronic device cycles a network interface controller of the electronic device between a power on state and a power off state without terminating the communication connection. Accordingly, the electronic device powers on a main processor of the electronic device when the network interface controller detects a beacon during the power on state that indicates the wireless access point has a buffered data frame for the electronic device.
    Type: Grant
    Filed: December 15, 2020
    Date of Patent: December 19, 2023
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Ranveer Chandra, John Charles Krumm, Xia Zhou, Stefan Saroiu
  • Patent number: 11811647
    Abstract: Systems and methods provide for the dynamic discovery, update and propagation of multicast streams capabilities in a network. An endpoint can be coupled to a first hop router in a network environment. The first hop router can discover multicast flow characteristics information associated with the endpoint and propagate the multicast flow characteristics information of the endpoint to additional network nodes in the network environment. The first hop router and at least a portion of the additional network nodes can form one or more multicast flows associated with the endpoint through the network environment using the multicast flow characteristic information associated with the endpoint.
    Type: Grant
    Filed: June 22, 2022
    Date of Patent: November 7, 2023
    Assignee: Cisco Technology, Inc.
    Inventors: Francesco Meo, Stig Ingvar Venaas, Rahul Savarapu Parameswaran
  • Patent number: 11792119
    Abstract: Virtual network controllers are described that automatically generate policies and configuration data for routing traffic through physical network function (PNF) service chains in a multi-tenant data center. An example network controller includes a memory and processing circuitry configured to: automatically generate, for one or more integrated routing and bridging (IRB) units of corresponding virtual network forwarding tables of a switch of a switch fabric of a data center network, configuration information that, when deployed, causes the IRB units to direct data traffic conforming to multiple communication protocols and flowing over a plurality of virtual networks between a first set of server devices and a second set of server devices positioned outside of the switch fabric (i) toward a service device logically positioned outside of the switch fabric and coupled to the switch, and (ii) back from the service device into the switch fabric via the switch.
    Type: Grant
    Filed: December 29, 2020
    Date of Patent: October 17, 2023
    Assignee: Juniper Networks, Inc.
    Inventors: Ankur Tandon, Vivekananda Shenoy, Jacopo Pianigiani, Abhinav Pandit
  • Patent number: 11792682
    Abstract: A packet sending method includes: receiving, by a first node, a first broadcast data packet sent by a second node; and if a sequence number of the first broadcast data packet equals 1 plus a sequence number of a latest data packet saved by the first node, and the first node does not receive, within a first preset time period, a first acknowledgement indication for the first broadcast data packet of the second node, sending, by the first node, a first broadcast acknowledgement packet when the first preset time period elapses, where the first broadcast acknowledgement packet includes the first acknowledgement indication, and the first acknowledgement indication includes the sequence number of the first broadcast data packet and an address of the second node. This method could resolve acknowledgement packet implosion while ensuring broadcast packet reliability of a wireless mesh network.
    Type: Grant
    Filed: December 31, 2021
    Date of Patent: October 17, 2023
    Assignee: HUAWEI TECHNOLOGIES CO., LTD.
    Inventors: Yuefeng Wu, Yifan Wu, Jian Hu
  • Patent number: 11770867
    Abstract: An association establishment method and apparatus, for carrying out the method are described. The association establishment method includes broadcasting, by an access point (AP), a trigger frame, wherein the trigger frame is used to trigger one or more unassociated stations STAs to perform uplink data transmission and indicate one or more available subchannels for random accessing of the unassociated STAs. The method further includes receiving, by the AP, one or more association request messages sent on available subchannels acquired by the unassociated STAs. Thereafter, the AP broadcasts a multi-block acknowledgement M-BA frame, wherein the M-BA frame includes one or more pieces of association acknowledgement information and the association acknowledgement information is acknowledgement information of the association request message.
    Type: Grant
    Filed: May 23, 2022
    Date of Patent: September 26, 2023
    Assignee: Huawei Technologies Co., Ltd.
    Inventors: Ming Gan, Le Liu, Yunbo Li, Meilu Lin
  • Patent number: 11765076
    Abstract: An electronic device that includes a stack of multiple computer network devices (such as switches) that implement a spanning tree using a distributed spanning tree protocol (STP) is described. A given computer network device may create a virtual internal stacking port. This virtual internal stacking port is included in the spanning tree and provides stacking interface logic that allows the given computer network device to connect to a virtual hub in the stack that is common to the multiple computer network devices. Moreover, the given computer network device may run an instance of the distributed STP that controls ports in the given computer network device, where the instance of the distributed STP run by the given computer network device uses a bridge identifier that is common to the multiple computer network devices.
    Type: Grant
    Filed: August 5, 2021
    Date of Patent: September 19, 2023
    Assignee: ARRIS Enterprises LLC
    Inventor: Maocheng Hu
  • Patent number: 11734127
    Abstract: An information management cell health monitoring system is provided herein that can monitor one or more information management systems, identify any performance issues that are occurring within an information management system, and automatically, or in response to a user input, transmit an instruction to the information management system to execute a workflow to resolve the performance issue(s). For example, the information management cell health monitoring system receives operational data, secondary copy policies, and/or similar data from an information management cells via a network. The information management cell health monitoring system analyzes the received information to identify any issues. If an issue is detected, the information management cell health monitoring system retrieves workflows and determines whether any of the workflows can be used to resolve the detected issue.
    Type: Grant
    Filed: September 13, 2021
    Date of Patent: August 22, 2023
    Assignee: Commvault Systems, Inc.
    Inventors: Bheemesh R. Dwarampudi, Rajiv Kottomtharayil, Parag Gokhale, Anand Vibhor, Parminder Singh, David M. Cunningham, Michael Fasulo
  • Patent number: 11722408
    Abstract: An example data center system includes server devices hosting data of a first tenant and a second tenant of the data center, network devices of an interconnected topology coupling the server devices including respective service virtual routing and forwarding (VRF) tables, and one or more service devices that communicatively couple the network devices, wherein the service devices include respective service VRF tables for the first set of server devices and the second set of server devices, and wherein the service devices apply services to network traffic flowing between the first set of server devices and the second set of server devices using the first service VRF table and the second service VRF table.
    Type: Grant
    Filed: January 15, 2021
    Date of Patent: August 8, 2023
    Assignee: Juniper Networks, Inc.
    Inventors: Jacopo Pianigiani, Vivekananda Shenoy, Ankur Tandon, Atul S Moghe, Suresh K Balineni, Tong Jiang, Kiran N. Kasim, Sridevi JeevaRaj
  • Patent number: 11711230
    Abstract: A system for multicast packet management in a first switch in an overlay tunnel fabric is provided. The system can operate the first switch as part of a virtual switch in conjunction with a second switch of the fabric. The virtual switch can operate as a gateway for the fabric. During operation, the system can receive a join request for a multicast group. The system can then determine whether to forward the join request to the second switch based on a type of a first ingress connection of the join request. Upon receiving a data packet for the multicast group, the system can determine how to forward the data packet based on respective types of a second ingress connection and an egress connection of the data packet. The type of a respective connection can indicate whether the connection includes an overlay tunnel.
    Type: Grant
    Filed: July 20, 2021
    Date of Patent: July 25, 2023
    Assignee: Hewlett Packard Enterprise Development LP
    Inventors: Tathagata Nandy, Chethan Chavadibagilu Radhakrishnabhat, Subramanian Muthukumar
  • Patent number: 11695683
    Abstract: Disclosed herein are system, method, and computer program product aspects for multiple instance Intermediate System to Intermediate System (IS-IS or ISIS) for a multi-area fabric. A network area in a multi-area fabric includes one or more network nodes and a boundary node shared with an other network area of the multi-area fabric outside of the network area. The boundary node can include a first ISIS instance associated with the network area and a second ISIS instance associated with the other network area. The second ISIS instance can be configured to pass information associated with the other network area to the first ISIS instance.
    Type: Grant
    Filed: June 28, 2021
    Date of Patent: July 4, 2023
    Assignee: Extreme Networks, Inc.
    Inventors: Gautam Khera, Constantin Barcaru, Irina Maria Militaru, Bianca Elena Neagu
  • Patent number: 11689416
    Abstract: A handover node may receive a first hardware device identifier transmitted by a hardware device and a second hardware device identifier transmitted by a manager node. The handover node may determine whether the first and second hardware device identifiers match and, as a result of determining that the first and second hardware device identifiers match, transmit contact information for the manager node to a hardware device. A manager node may receive a hardware device identifier that identifies a hardware device, transmit the hardware device identifier to a handover node, and transmit contact information for the manager node to the handover node. The contact information may include a port number of the manager node different than a port number used to communicate with the handover node. The manager node may receive a request to establish a communication session between the hardware device and the manager node.
    Type: Grant
    Filed: June 22, 2020
    Date of Patent: June 27, 2023
    Assignee: Telefonaktiebolaget LM Ericsson (Publ)
    Inventor: Georg Schmuecking
  • Patent number: 11689446
    Abstract: Disclosed herein are system, method, and computer program product aspects for multiple instance Intermediate System to Intermediate System (IS-IS or ISIS) for a multi-area fabric. A network area in a multi-area fabric includes one or more network nodes and a boundary node shared with an other network area of the multi-area fabric outside of the network area. The boundary node can include a first ISIS instance associated with the network area and a second ISIS instance associated with the other network area. The second ISIS instance can be configured to pass information associated with the other network area to the first ISIS instance.
    Type: Grant
    Filed: February 5, 2021
    Date of Patent: June 27, 2023
    Assignee: Extreme Networks, Inc.
    Inventors: Gautam Khera, Constantin Barcaru
  • Patent number: 11682055
    Abstract: Methods and apparatus for partitioned private interconnects to provider networks are described. At least a portion of available bandwidth of a private physical interconnect between a provider network and a connectivity intermediary's network is designated as the bandwidth limit of an interconnect partition set up on behalf of a customer at the request of the intermediary. The intermediary's network comprises one or more devices to which at least one of the customer's devices is connected. Access to one or more resources of the provider network via the interconnect is enabled. Traffic monitoring results associated with the interconnect are used to enforce the designated bandwidth limit of the partition.
    Type: Grant
    Filed: January 22, 2021
    Date of Patent: June 20, 2023
    Assignee: Amazon Technologies, Inc.
    Inventors: Shuai Ye, Mark Edward Stalzer, Patrick Brigham Cullen
  • Patent number: 11677866
    Abstract: A packet processing technique can include receiving a packet, and parsing the packet based on a protocol field to generate a parse result vector. The parse result vector is used to select between forwarding the packet to a virtual machine executing on a host processing integrated circuit, forwarding the packet to a physical media access controller, multicasting the packet to multiple virtual machines executing on the host processing integrated circuit, and sending the packet to a hypervisor.
    Type: Grant
    Filed: September 8, 2022
    Date of Patent: June 13, 2023
    Assignee: Amazon Technologies. Inc.
    Inventors: Ofer Naaman, Erez Izenberg, Nafea Bshara
  • Patent number: 11627081
    Abstract: A system and method for managing network traffic is disclosed. The method includes determining an application domain, network elements associated with the application domain, and roles the network elements in the application domain. A virtual routing and forwarding (VRF) policy is generated for each of the network elements in the application domain based on the application domain and the role of each of the network elements in the application domain.
    Type: Grant
    Filed: June 25, 2020
    Date of Patent: April 11, 2023
    Assignee: Arista Networks, Inc.
    Inventor: Devendra Raut
  • Patent number: 11627016
    Abstract: In one embodiment, a segment routing and tunnel exchange provides packet forwarding efficiencies in a network, including providing an exchange between a segment routing domain and a packet tunnel domain. One application includes the segment routing and tunnel exchange interfacing segment routing packet forwarding (e.g., in a Evolved Packet Core (EPC) and/or 5-G user plane) and packet tunnel forwarding in access networks (e.g., replacing a portion of a tunnel between an access node and a user plane function for accessing a corresponding data network). In one embodiment, a network provides mobility services using a segment routing data plane that spans segment routing and tunnel exchange(s) and segment routing-enabled user plane functions. One embodiment uses the segment routing data plane without any modification to a (radio) access network (R)AN (e.g., Evolved NodeB, Next Generation NodeB) nor to user equipment (e.g., any end user device).
    Type: Grant
    Filed: March 17, 2020
    Date of Patent: April 11, 2023
    Assignee: Cisco Technology, Inc.
    Inventors: Pablo Camarillo Garvia, Hendrikus G. P. Bosch, Clarence Filsfils
  • Patent number: 11621915
    Abstract: Embodiments of this application provide a packet forwarding method, a route sending and receiving method, and related apparatus. The method is applied to a data center in a non-uniform memory access (NUMA) architecture. The data center includes a server and a network device, and the server includes a first NUMA node and a second NUMA node. The method includes: The first interface processing unit (IPU) receives a first packet from the network device, where the first packet is a packet to be sent to the first virtual machine in the first NUMA node. The first IPU sends the first packet to the first virtual machine. The second IPU receives a second packet from the network device, where the second packet is a packet to be sent to the second virtual machine in the second NUMA node. The second IPU sends the second packet to the second virtual machine.
    Type: Grant
    Filed: July 2, 2021
    Date of Patent: April 4, 2023
    Assignee: HUAWEI TECHNOLOGIES CO., LTD.
    Inventors: Fang Wang, Tao Bai, Lei Fan, Jianbin Xu
  • Patent number: 11606338
    Abstract: Systems and methods for providing policy-controlled communication over the Internet are provided. A system may include a client endpoint function configured to execute on a client device while coupled to a first VPN tunnel, a service endpoint function that operates a remote service of a plurality of remote services, a gateway server including a first VPN termination point that authenticates and terminates the first VPN tunnel, a stitcher server including a second VPN termination point that authenticates and terminates a second VPN tunnel, and a mid-link server coupled to the first VPN tunnel and the second VPN tunnel. The mid-link server may include a plurality of Access Resource Servers (ARSs), and the gateway server and the stitcher server may communicate via a network connecting the plurality of ARSs.
    Type: Grant
    Filed: January 29, 2021
    Date of Patent: March 14, 2023
    Assignee: Netskope, Inc.
    Inventors: Kevin Eugene Sapp, Victor Ronin, David Goldschlag, Vadim Tarnavsky
  • Patent number: 11546288
    Abstract: According to one or more embodiments of this disclosure, a network controller in a data center network establishes a translation table for in-band traffic in a data center network, the translation table resolves ambiguous network addresses based on one or more of a virtual network identifier (VNID), a routable tenant address, or a unique loopback address. The network controller device receives packets originating from applications and/or an endpoints operating in a network segment associated with a VNID. The network controller device translates, using the translation table, unique loopback addresses and/or routable tenant addresses associated with the packets into routable tenant addresses and/or unique loopback addresses, respectively.
    Type: Grant
    Filed: February 11, 2021
    Date of Patent: January 3, 2023
    Assignee: Cisco Technology, Inc.
    Inventors: Vijay Chander, Yibin Yang, Praveen Jain, Munish Mehta
  • Patent number: 11528166
    Abstract: Systems, methods, and computer-readable media are described for establishing an optimized geo-location based hub mesh network for a group of network controllers spanning multiple regions, where the optimized mesh network includes substantially fewer connections between network controllers than conventional hub mesh networks. Geo-location information is obtained for the group of network controllers, and the network controllers are categorized into various physical regions based on the geo-location information. Then, within each region, a particular network controller is selected to serve as a primary regional hub for that region. Tunnel connections are then established between each non-hub network controller in each region and the primary regional hub for that region. In addition, tunnel connections are established between each non-hub network controller in a region and each other non-hub network controller within the same region.
    Type: Grant
    Filed: January 12, 2021
    Date of Patent: December 13, 2022
    Assignee: Hewlett Packard Enterprise Development LP
    Inventors: Hari Krishna Kurmala, Shreekanth Chandranna
  • Patent number: 11528255
    Abstract: Systems and methods for providing policy-controlled communication over the Internet are provided. A system may include a client endpoint function configured to execute on a client device while coupled to a first VPN tunnel, a service endpoint function that operates a remote service of a plurality of remote services, and a mid-link server coupled to the first VPN tunnel and a second VPN tunnel. The client endpoint function may include a first VPN endpoint component, and the service endpoint function may include a second VPN endpoint component. The mid-link server may include a first VPN termination point that authenticates and terminates the first VPN tunnel and a second VPN termination point that authenticates and terminates the second VPN tunnel. The first VPN termination point may re-authenticate the client device based on a first characteristic of the first VPN endpoint component and/or a second characteristic of the second VPN endpoint component.
    Type: Grant
    Filed: January 29, 2021
    Date of Patent: December 13, 2022
    Assignee: Netskope, Inc.
    Inventors: David Goldschlag, Vadim Tarnavsky, Kevin Eugene Sapp, Victor Ronin
  • Patent number: 11522754
    Abstract: Systems and methods are provided herein for an improved method of Zero-Touch Provisioning (ZTP) where a first switch receives a virtual local area network (VLAN) identifier from a second switch, allowing the first switch to reach a dynamic host configuration protocol (DHCP) server. This may be accomplished by a first switch receiving a VLAN identifier from a second switch. The first switch then transmits a DHCP discover message using the VLAN identifier. The first switch then receives reachability information for a ZTP server from the DHCP server. The first switch uses the reachability information to establish a provisioning session between the first switch and the ZTP server.
    Type: Grant
    Filed: September 15, 2020
    Date of Patent: December 6, 2022
    Assignee: ARISTA NETWORKS, INC.
    Inventors: Kumar Narayanan, John French
  • Patent number: 11444807
    Abstract: A network element configured to implement an Ethernet Virtual Private Network (EVPN) Virtual Private Wire Service (VPWS) Flexible Cross-Connect (FXC) local switching service includes a plurality of ports; and a switching fabric configured to switch traffic between the plurality of ports; wherein a set of ports is configured in a distributed Link Aggregation Group (LAG) with two nodes, and an inter-chassis link configured with a second network element, and wherein, responsive to a failure of the inter-chassis link, a distribution state of members in the distributed LAG is coordinated.
    Type: Grant
    Filed: January 22, 2020
    Date of Patent: September 13, 2022
    Assignee: Ciena Corporation
    Inventor: Marc Holness
  • Patent number: 11432057
    Abstract: An optical line terminal (OLT) detects content distribution conditions in terminals, and performs control for performing switching to distribution to each terminal using an individual virtual local area network (VLAN) or distribution to a plurality of terminals by broadcasting using a broadcasting VLAN, in accordance with the detected content distribution conditions. The OLT detects that the number of viewers of a predetermined channel exceeds a predetermined threshold value or is less than the predetermined threshold value, as the content distribution conditions. Further, the OLT performs switching to distribution using a broadcasting VLAN in a case where it is detected that the number of viewers of the predetermined channel exceeds the predetermined threshold value, and performs switching to distribution using an individual VLAN in a case where it is detected that the number of viewers of the predetermined channel is less than the predetermined threshold value.
    Type: Grant
    Filed: July 31, 2019
    Date of Patent: August 30, 2022
    Assignee: Nippon Telegraph and Telephone Corporation
    Inventors: Shunsuke Homma, Shinya Kawano
  • Patent number: 11416638
    Abstract: Described is a lattice cryptography processor with configurable parameters. The lattice cryptography processor includes a sampling circuit configured to operate in accordance with a Secure Hash Algorithm 3 (SHA-3)-based pseudo-random number generator (PRNG), a single-port random access memory (RAM)-based number theoretic transform (NTT) memory architecture and a modular arithmetic unit. The described lattice cryptography processor is configured to be programmed with custom instructions for polynomial arithmetic and sampling. The configurable lattice cryptography processor may operate with lattice-based CCA-secure key encapsulation and a variety of different lattice-based protocols including, but not limited to: Frodo, NewHope, qTESLA, CRYSTALS-Kyber and CRYSTALS-Dilithium, achieving up to an order of magnitude improvement in performance and energy-efficiency compared to state-of-the-art hardware implementations.
    Type: Grant
    Filed: February 19, 2020
    Date of Patent: August 16, 2022
    Assignee: MASSACHUSETTS INSTITUTE OF TECHNOLOGY
    Inventors: Utsav Banerjee, Anantha P. Chandrakasan
  • Patent number: 11411819
    Abstract: Automatic network configuration for the recovery of virtual machines. A network configuration can be automatically provisioned by discovering the network topology of a source site and then matching the virtual machines to their locations or subnets in the network topology. The network is then implemented on a target site such that the required connectivity is present in the recovered target site even when the infrastructure of the source site and the target site are different.
    Type: Grant
    Filed: January 17, 2019
    Date of Patent: August 9, 2022
    Assignee: EMC IP HOLDING COMPANY LLC
    Inventors: Boris Shpilyuck, Assaf Natanzon, David Zlotnick
  • Patent number: 11405306
    Abstract: Systems and methods provide for the dynamic discovery, update and propagation of multicast streams capabilities in a network. An endpoint can be coupled to a first hop router in a network environment. The first hop router can discover multicast flow characteristics information associated with the endpoint and propagate the multicast flow characteristics information of the endpoint to additional network nodes in the network environment. The first hop router and at least a portion of the additional network nodes can form one or more multicast flows associated with the endpoint through the network environment using the multicast flow characteristic information associated with the endpoint.
    Type: Grant
    Filed: May 30, 2019
    Date of Patent: August 2, 2022
    Assignee: CISCO TECHNOLOGY, INC.
    Inventors: Francesco Meo, Stig Ingvar Venaas, Rahul Savarapu Parameswaran
  • Patent number: 11388022
    Abstract: Disclosed are methods for detecting misconfigured VLANs. In some embodiments, traffic on a VLAN across multiple access points is categorized. Traffic on the VLAN at a single access point is then also categorized. The categorization of the VLAN traffic at the single access point can be in response to, for example, communication errors or other conditions. The two categorizations are then compared to determine if the VLAN traffic at the AP is consistent with the VLAN traffic across a network (e.g., an enterprise network). If the VLAN traffic at the AP is generally consistent with that across the network, this may indicate that a downstream network component, such as a switch or router, is misconfigured. Thus, some embodiments programmatically reconfigure the downstream component to forward traffic for the VLAN.
    Type: Grant
    Filed: February 5, 2020
    Date of Patent: July 12, 2022
    Assignee: Juniper Networks, Inc.
    Inventor: Jisheng Wang
  • Patent number: 11388084
    Abstract: Techniques for routing traffic across different virtual local area networks (VLANs) within a single bridge domain are described. One technique includes receiving at a first network device a packet from a second network device on a first interface of multiple interfaces within a bridge domain at the first network device. Attachment circuit information associated with the packet is determined. An information element that includes an indication of the attachment circuit information is generated. The information element is transmitted to the third network device.
    Type: Grant
    Filed: July 17, 2019
    Date of Patent: July 12, 2022
    Assignee: Cisco Technology, Inc.
    Inventors: Ali Sajassi, Mankamana P. Mishra, Samir Thoria, Patrice Brissette, Mei Zhang, Tapraj Singh
  • Patent number: 11375556
    Abstract: An association establishment method and apparatus for carrying out the method are described. The association establishment method includes broadcasting, by an access point (AP), a trigger frame, wherein the trigger frame is used to trigger one or more unassociated stations STAs to perform uplink data transmission and indicate one or more available subchannels for random accessing of the unassociated STAs. The method further comprises receiving, by the AP, one or more association request messages sent on available subchannels acquired by the unassociated STAs. Thereafter, the AP broadcasts a multi-block acknowledgement M-BA frame, wherein the M-BA frame includes one or more pieces of association acknowledgement information and the association acknowledgement information is acknowledgement information of the association request message.
    Type: Grant
    Filed: December 30, 2020
    Date of Patent: June 28, 2022
    Assignee: Huawei Technologies Co., Ltd.
    Inventors: Ming Gan, Le Liu, Yunbo Li, Meilu Lin
  • Patent number: 11374964
    Abstract: A technique to stop lateral movement of ransomware between endpoints in a VLAN is disclosed. A security appliance is set as the default gateway for intra-LAN communication by overwriting the DHCP responses. Message traffic from compromised endpoints is detected. Attributes of ransomware may be detected in the message traffic, as well as attempts to circumvent the security appliance. Compromised devices may be quarantined. The security appliance may act in response to an initial detection of ransomware such that it does not ordinarily interfere with operation of a primary DHCP server.
    Type: Grant
    Filed: January 28, 2022
    Date of Patent: June 28, 2022
    Assignee: AIRGAP NETWORKS INC.
    Inventors: Ritesh R. Agrawal, Vinay Adavi, Satish M. Mohan
  • Patent number: 11368374
    Abstract: A hosting system is provided. The hosting system includes a grid of hardware nodes for provisioning virtual servers including a first virtual server for a first user and a second virtual server for a second user. The hosting system further includes dedicated servers including a first dedicated server for the first user and a second dedicated server for the second user. A switch, in response to the first virtual server and the second virtual server having overlapping virtual local area network (VLAN) identifications (IDs), defines a first broadcast domain for the first user and a second broadcast domain for the second user, places the first virtual server and the first dedicated server in the first broadcast domain, and places the second virtual server and the second dedicated server in the second broadcast domain.
    Type: Grant
    Filed: September 8, 2020
    Date of Patent: June 21, 2022
    Assignee: International Business Machines Corporation
    Inventors: Yogesh Angrish, Yueqin Lin, Martin A. Berryman, Justin M. Kitagawa, Paul Lappas
  • Patent number: 11353797
    Abstract: A method of controlling a computer process for designing or verifying a photolithographic component includes building a source tree including nodes of the process, including dependency relationships among the nodes, defining, for some nodes, at least two different process conditions, expanding the source tree to form an expanded tree, including generating a separate node for each different defined process condition, and duplicating dependent nodes having an input relationship to each generated separate node, determining respective computing hardware requirements for processing the node, selecting computer hardware constraints based on capabilities of the host computing system, determining, based on the requirements and constraints and on dependency relations in the expanded tree, an execution sequence for the computer process, and performing the computer process on the computing system.
    Type: Grant
    Filed: November 24, 2017
    Date of Patent: June 7, 2022
    Assignee: ASML Netherlands B.V.
    Inventors: Yen-Wen Lu, Xiaorui Chen, Yang Lin
  • Patent number: 11349881
    Abstract: A first security service function chain is generated that identifies at least a first service function path comprising an identified set of security service functions, with at least one of the identified set of security service functions comprising a virtualized network function in a software defined networking (SDN) network architecture. The first security service function chain is utilized to create classification policies associating packets of a given packet type with the first security service function chain, and the first service function path is utilized to create forwarding policies specifying handling of packets of the given packet type by respective ones of the identified set of security service functions. The classification policies are provided to one or more nodes in a communication network comprising the SDN network architecture, and the forwarding policies are provided to one or more of the identified set of security service functions in the communication network.
    Type: Grant
    Filed: August 5, 2016
    Date of Patent: May 31, 2022
    Assignee: ALCATEL LUCENT
    Inventors: Zhiyuan Hu, Xueqiang Yan, Zhigang Luo
  • Patent number: 11347481
    Abstract: The present invention relates to a learning engine function and the use thereof in a system using a suite of modular and clearly structured Artificial Intelligence application design tools (SOACAIA), executable on distributed or undistributed computing platforms to browse, develop, make available and manage AI applications, this set of tools implementing four functions: A Studio function; A Forge function; An Orchestrator function; A fast machine learning engine FMLE (FastML Engine) function.
    Type: Grant
    Filed: August 27, 2020
    Date of Patent: May 31, 2022
    Assignee: BULL SAS
    Inventors: Fran├žois Exertier, Mathis Gavillon
  • Patent number: 11340932
    Abstract: Example methods and systems for packet handling based on a multiprocessor architecture configuration are provided. One example method may comprise: in response to receiving a first ingress packet that requires processing by a first virtual central processing unit (VCPU) running on the first node, steering the first ingress packet towards a first receive (RX) queue and performing local memory access on the first node to access the first ingress packet from the first RX queue. The method may also comprise: in response to receiving a second ingress packet that requires processing by a second VCPU running on the second node, steering the second ingress packet towards a second RX queue and performing local memory access on the second node to access the second ingress packet from the second RX queue.
    Type: Grant
    Filed: January 23, 2020
    Date of Patent: May 24, 2022
    Assignee: VMWARE, INC.
    Inventors: Yong Wang, Boon Seong Ang, Guolin Yang, Wenyi Jiang
  • Patent number: 11323292
    Abstract: Aspects of the disclosure involve systems and methods for utilizing Virtual Local Area Network separation in a connection, which may be a single connection, between a customer to a telecommunications network and a cloud environment to allow the customer to access multiple instances within the cloud through the connection. A customer may purchase multiple cloud resource instances from a public cloud environment and, utilizing the telecommunications network, connect to the multiple instances through a communication port or connection to the cloud environment. To utilize the single connection or port, communication packets intended for the cloud environment may be tagged with a VLAN tag that indicates to which cloud instance the packet is intended. The telecommunications network may route the packet to the intended cloud environment and configure one or more aspects of the cloud environment to analyze the attached VLAN tag to transmit the packet to the intended instance.
    Type: Grant
    Filed: August 5, 2020
    Date of Patent: May 3, 2022
    Assignee: Level 3 Communications, LLC
    Inventor: Austin D. Ritchie
  • Patent number: 11303474
    Abstract: Techniques for split-horizon filtering for EVPN-VXLANs are described. For example, an egress provider edge (PE) device is configured to apply split-horizon filtering to a BUM packet received from an intermediate network if the BUM packet includes a split-horizon identifier advertised by the egress PE device. As one example, the PE device encapsulates the split-horizon identifier within a tagging packet frame, such as a tagging packet frame in accordance with the 802.1Q tag format comprising a Tag Protocol Identifier (TPID). An ingress PE device receives the split-horizon identifier advertised by the egress PE device and is configured to encapsulate the split-horizon identifier within a BUM packet received from the Ethernet segment, and send the encapsulated packet into the intermediate network towards the egress PE device. In this way, when egress PE device receives the encapsulated packet including the split-horizon identifier, the egress PE device performs split-horizon filtering on the packet.
    Type: Grant
    Filed: March 13, 2020
    Date of Patent: April 12, 2022
    Assignee: Juniper Networks, Inc.
    Inventors: Vinod Kumar Gornal M., Harish Pandey
  • Patent number: 11303669
    Abstract: A technique to stop lateral movement of ransomware between endpoints in a VLAN is disclosed. A security appliance is set as the default gateway for intra-LAN communication. Message traffic from compromised endpoints is detected. Attributes of ransomware may be detected in the message traffic, as well as attempts to circumvent the security appliance. Compromised devices may be quarantined.
    Type: Grant
    Filed: October 8, 2021
    Date of Patent: April 12, 2022
    Assignee: AIRGAP NETWORKS INC.
    Inventors: Ritesh R. Agrawal, Vinay Adavi, Satish M. Mohan
  • Patent number: 11303673
    Abstract: A technique to stop lateral movement of ransomware between endpoints in a VLAN is disclosed. A security appliance is set as the default gateway for intra-LAN communication by overwriting the DHCP responses. Message traffic from compromised endpoints is detected. Attributes of ransomware may be detected in the message traffic, as well as attempts to circumvent the security appliance. Compromised devices may be quarantined.
    Type: Grant
    Filed: October 8, 2021
    Date of Patent: April 12, 2022
    Assignee: AIRGAP NETWORKS INC.
    Inventors: Ritesh R. Agrawal, Vinay Adavi, Satish M. Mohan
  • Patent number: 11277283
    Abstract: An example branch gateway includes processing circuitry, memory including instructions, and a plurality of ports. The branch gateway transmits, from a plurality of ports, a first broadcast message. The branch gateway receives, in response to the first broadcast message, response messages on respective ports. The branch gateway determines, based on a receipt order of the response messages, an identifying address from a first response message. The branch gateway assigns the respective port for each response message to a unique VLAN. The branch gateway determines, for each port assigned to a unique VLAN, a link health parameter. The branch gateway selects a primary port to connect to an activation server of a WAN. The branch gateway selects a secondary port to connect to the activation server.
    Type: Grant
    Filed: July 1, 2020
    Date of Patent: March 15, 2022
    Assignee: Hewlett Packard Enterprise Development LP
    Inventors: Sanjay Kaniyoor Surendra Hegde, Isaac Theogaraj
  • Patent number: 11252106
    Abstract: A method for deploying different virtual networks over several public cloud datacenters for different entities. For each entity, the method (1) identifies a set of public cloud datacenters of one or more public cloud providers to connect a set of machines of the entity, (2) deploys managed forwarding nodes (MFNs) for the entity in the identified set of public cloud datacenters, and then (3) configures the MFNs to implement a virtual network that connects the entity's set of machines across its identified set of public cloud datacenters. In some embodiments, the method identifies the set of public cloud datacenters for an entity by receiving input from the entity's network administrator. In some embodiments, this input specifies the public cloud providers to use and/or the public cloud regions in which the virtual network should be defined. Conjunctively, or alternatively, this input in some embodiments specifies actual public cloud datacenters to use.
    Type: Grant
    Filed: October 24, 2019
    Date of Patent: February 15, 2022
    Assignee: VMWARE, INC.
    Inventors: Israel Cidon, Prashanth Venugopal, Aran Bergman, Chen Dar, Alex Markuze, Eyal Zohar
  • Patent number: 11252183
    Abstract: A technique to stop lateral movement of ransomware between endpoints in a VLAN is disclosed. The security appliance may be implemented on-prem or in cloud data center environments. A security appliance is set as the default gateway for intra-LAN communication. Message traffic from compromised endpoints is detected. Attributes of ransomware may be detected in the message traffic, as well as attempts to circumvent the security appliance. Compromised devices may be quarantined.
    Type: Grant
    Filed: October 8, 2021
    Date of Patent: February 15, 2022
    Assignee: AIRGAP NETWORKS INC.
    Inventors: Ritesh R. Agrawal, Vinay Adavi, Satish M. Mohan
  • Patent number: 11245624
    Abstract: Systems and methods are provided herein for implementing multi-table OpenFlow flows that have combinations of packet edits. This may be accomplished by a network device receiving a first flow entry with a first set of actions to be installed into a flow table. The network device may determine that the first set of actions includes edits to a plurality of fields of a matched data packet. In response, the network device may change the first set of actions of the first flow entry to edit a first field of the data packet and create a second flow entry with a second set of actions to edit a second field of the data packet. The network device may install the first and second flow entries into one or more flow tables of the network device.
    Type: Grant
    Filed: May 1, 2020
    Date of Patent: February 8, 2022
    Assignee: ARISTA NETWORKS, INC.
    Inventors: Joseph Olakangil, Nitin Karkhanis, Anuraag Mittal, Purushothaman Nandakumaran, Manjula Gopalakrishnan