Methods and devices are provided for the efficient allocation and deletion of virtual output queues. According to some implementations, incoming packets are classified accordint to a queue in which the packet (or classification information for the packet) will be stored, e.g., according to a "Q" value. For example, a Q value may be a Q number defined as {Egress port number I I Priority number II Ingress port number}. Only a single physical queue is allocated for each classification. When a physical queue is empty, the physical queue is preferably de-allocated and added to a "free list" of available physical queues. Accordingly, the total number of allocated physical queues preferably does not exceed the total number of classified packets. Because the input buffering requirements of Fibre Channel ("FC") and other protocols place limitations on the number of incoming packets, the dynamic allocation methods of the present invention result in a sparse allocation of physical queues.
H04L 47/2441 - Trafic caractérisé par des attributs spécifiques, p. ex. la priorité ou QoS en s'appuyant sur la classification des flux, p. ex. en utilisant des services intégrés [IntServ]
A method and apparatus for providing network security using role-based access control is disclosed. A network device implementing such a method can include, for example, an access control list (700). Such an access control list includes an access control list entry (710), which, in turn, includes one or more user group fields (730 and 740). Alternatively, a network device implementing such a method can include, for example, a forwarding table (300) that includes a plurality of forwarding table entries (310). In such a case, at least one of the forwarding table entries includes a user group field (350).
H04L 9/32 - Dispositions pour les communications secrètes ou protégéesProtocoles réseaux de sécurité comprenant des moyens pour vérifier l'identité ou l'autorisation d'un utilisateur du système
H04L 12/28 - Réseaux de données à commutation caractérisés par la configuration des liaisons, p. ex. réseaux locaux [LAN Local Area Networks] ou réseaux étendus [WAN Wide Area Networks]
H04L 45/7453 - Recherche de table d'adressesFiltrage d'adresses en utilisant le hachage
3.
SYSTEM AND METHOD FOR DELIVERING PRIVATE NETWORK FEATURES TO A PUBLIC NETWORK
A method is provided that includes receiving a request from a communication device to establish a communication session with a mobile station. The request is responded to by signaling the mobile station via a cellular data network that a call is being initiated for the mobile station. Signaling information may be exchanged with a voice gateway such that one or more voice circuits are established to accommodate voice data that may propagate between the communication device and the mobile station. A signaling pathway may be established between an Internet protocol private branch exchange (IP PBX) and the mobile station via the cellular data network. The establishment of the signaling pathway is substantially concurrent with the establishment of one or more of the voice circuits such that one or more features associated with a private network are delivered to the mobile station during the communication session.
H04W 4/06 - Répartition sélective de services de diffusion, p. ex. service de diffusion/multidiffusion multimédiaServices à des groupes d’utilisateursServices d’appel sélectif unidirectionnel
H04W 8/18 - Traitement de données utilisateur ou abonné, p. ex. services faisant l'objet d'un abonnement, préférences utilisateur ou profils utilisateurTransfert de données utilisateur ou abonné
H04W 40/02 - Sélection d'itinéraire ou de voie de communication, p. ex. routage basé sur l'énergie disponible ou le chemin le plus court
4.
SYSTEM AND METHOD FOR PROVIDING TRANSPARENCY IN DELIVERING PRIVATE NETWORK FEATURES
A method is provided that includes receiving a request from a communication device to establish a communication session with a mobile station, the mobile station being operable to roam between a private and a public network. The mobile station is signaled via a cellular data network that a call is being initiated for the mobile station. Signaling information may be exchanged with a voice gateway such that one or more voice circuits are established. A signaling pathway may be established between an Internet protocol private branch exchange IP (PBX) and the mobile station via the cellular data network. The establishment of the signaling pathway is substantially concurrent with the establishment of one or more of the voice circuits. One or more features associated with a private network are delivered to the mobile station during the communication session as an end user moves between the public and private networks.
System architecture and corresponding method for securing communication via a network (e.g. IEEE 802.11) is provided. In accordance with one embodiment, the present system and method protocol, may be suitably configured to achieve mutual authentication by using a shared secret to establish a tunnel used to protect weaker authentication methods (e.g. user names and passwords). The shared secret, referred to in this embodiment as the protected access credential may be advantageously used to mutually authenticate a server and a peer upon securing a tunnel for communication via a network. The present system and method disclosed and claimed herein, in one aspect thereof, comprises the steps of 1) providing a communication implementation between a first and a second party; 2) provisioning a secure credential between the first and the second party; and 3) establishing a secure tunnel between the first and the second party using the secure credential.
A method is disclosed for avoiding the storage of client state on a server. Based on a local key that is not known to a client, a server encrypts the client's state information. The client's state information may include, for example, the client's authentication credentials, the client's authorization characteristics, and a shared secret key that the server can use to encrypt and authenticate communication to and from the client. By any of a variety of mechanisms, the encrypted client state information is provided to the client. The server may free memory that stored the client's state information. When the server needs the client's state information, the client sends, to the server, the encrypted state information that the client stored. The server decrypts the client state information using the local key. Because each client stores that client's own state information in encrypted form, the server does not need to store any client's state information permanently.
A virtual network device sub-unit (122(1), 122(2)) includes an interface (320(1), 320(2), 320(3), 320(4)) to a virtual network device link (360) and a distributed forwarding module (312(1), 312(2)). The interface (320(1), 320(2), 320(3), 320(4)) receives a packet, and the distributed forwarding module (312(1), 312(2))forwards the packet received by the interface (320(1), 320(2), 320(3), 320(4)). The distributed forwarding module (312(1), 312(2)) performs an ingress lookup if the packet includes a multicast destination address and an egress lookup if the packet includes a unicast destination address. If the packet includes a multicast destination address, the distributed forwarding module replicates the packet for each of several outgoing VLANs associated with the multicast destination address. If an additional multicast packet is received via an interface (320(1), 320(2), 320(3), 320(4)) that is not coupled to a virtual network device link (306), the distributed forwarding module (312(1), 312(2)) sends at most one copy of the additional multicast packet via the virtual network device link (360).
H04L 41/0806 - Réglages de configuration pour la configuration initiale ou l’approvisionnement, p. ex. prêt à l’emploi [plug-and-play]
H04L 41/082 - Réglages de configuration caractérisés par les conditions déclenchant un changement de paramètres la condition étant des mises à jour ou des mises à niveau des fonctionnalités réseau
H04L 45/00 - Routage ou recherche de routes de paquets dans les réseaux de commutation de données
In a subscriber television system having a headend, a server, and plurality of client-receivers, the server, which is remote from the headend, is adapted to receive a validation-message (800) from one or more client-receivers. The validation-message (800) includes content (802) and an authentication-token (804). The server validates that the sender of the validation-message is a valid client-receiver of the subscriber television system using an authentication-token and a validator that is known to both the server and to at least one of the client-receivers.
H04N 21/6334 - Signaux de commande issus du serveur dirigés vers des éléments du réseau ou du client vers le client pour l’autorisation, p. ex. en transmettant une clé
10.
PROPAGATION OF MINIMUM GUARANTEED SCHEDULING RATES
Propagation of minimum guaranteed scheduling rates among scheduling layers in a hierarchical schedule is disclosed. The minimum guaranteed scheduling rate for a parent schedule entry is typically based on the summation of the minimum guaranteed scheduling rates of its immediate child schedule entries. This propagation of minimum rate scheduling guarantees for a class of traffic can be dynamic (e.g., based on the active traffic for this class of traffic, active services for this class of traffic), or statically configured. One embodiment also includes multiple scheduling lanes for scheduling items, such as, but not limited to packets or indications thereof, such that different categories of traffic (e.g., propagated minimum guaranteed scheduling rate, non propagated minimum guaranteed scheduling rate, high priority, excess rate, etc.) of scheduled items can be propagated through the hierarchy of schedules accordingly without being blocked behind a lower priority or different type of traffic.
H04J 3/16 - Systèmes multiplex à division de temps dans lesquels le temps attribué à chacun des canaux au cours d'un cycle de transmission est variable, p. ex. pour tenir compte de la complexité variable des signaux, pour adapter le nombre de canaux transmis
H04L 47/52 - Ordonnancement selon la bande passante des files d'attente
H04L 47/525 - Ordonnancement selon la bande passante des files d'attente par redistribution de la bande passante résiduelle
H04L 47/60 - Ordonnancement des files d’attente en implémentant un ordonnancement hiérarchique
H04L 47/628 - Ordonnancement des files d’attente caractérisé par des critères d’ordonnancement pour des créneaux de service ou des commandes de service basé sur la taille du paquet, p. ex. le paquet le plus court en premier
11.
SYSTEM AND METHOD FOR MANAGING END USER APPROVAL FOR CHARGING IN A NETWORK ENVIRONMENT
An apparatus for managing information in a network environment is provided that includes a content service gateway operable to communicate with an end user in order to facilitate a communication session. The communication session relates to a request by the end user for content or for a service. A quota server coupled to the content service gateway is operable to receive a service authorization request from the content service gateway relating to the communication session. The service authorization request operates to authorize access to the service or to the content for the end user.
G06F 15/173 - Communication entre processeurs utilisant un réseau d'interconnexion, p. ex. matriciel, de réarrangement, pyramidal, en étoile ou ramifié
A method for radar protection. The method includes recording energy events and calculating differences in recorded energy events to determine pulses. The method further includes sorting intervals between pulses into histogram bins, each bin representing a range of time intervals between two pulses, each pulse indicative of a radar frequency and limiting network traffic on a frequency based on a selected bin count.
G01S 13/00 - Systèmes utilisant la réflexion ou la reradiation d'ondes radio, p. ex. systèmes radarSystèmes analogues utilisant la réflexion ou la reradiation d'ondes dont la nature ou la longueur d'onde sont sans importance ou non spécifiées
A method for controlling cell sizes (118a, ..., 118n) associated with respective access points (102a, ..., 102n), each having a receive sensitivity and an output power. The method includes changing the start of packet thresholds and/or clear channel assessment thresholds to vary the cell sizes (I 18a,...,118n) of the access points (102a, ..., 102n).
An arrangement for providing optical coupling into and out of a relatively thin silicon waveguide formed in the SOI layer of an SOI structure includes a lensing element and a defined reference surface within the SOI structure for providing optical coupling in an efficient manner. The input to the waveguide may come from an optical fiber or an optical transmitting device (laser). A similar coupling arrangement may be used between a thin silicon waveguide and an output fiber (either single mode fiber or multimode fiber).
G02B 6/12 - Guides de lumièreDétails de structure de dispositions comprenant des guides de lumière et d'autres éléments optiques, p. ex. des moyens de couplage du type guide d'ondes optiques du genre à circuit intégré
15.
COUPLING BETWEEN FREE SPACE AND OPTICAL WAVEGUIDE USING ETCHED COUPLING SURFACES
A plasma-based etching process is used to specifically shape the endface of an optical substrate supporting an optical waveguide into a contoured facet which will improve coupling efficiency between the waveguide and a free space optical signal. The ability to use standard photolithographic techniques to pattern and etch the optical endface facet allows for virtually any desired facet geometry to be formed - and replicated across the surface of a wafer for the entire group of assemblies being fabricated. A lens may be etched into the endface using a properly-defined photolithographic mask, with the focal point of the lens selected with respect to the parameters of the optical waveguide and the propagating free space signal. Alternatively, an angled facet may be formed along the endface, with the angle sufficient to re-direct reflected/scattered signals away from the optical axis.
A packet comparator includes a match packet buffer and a first in first out (FIFO) buffer that stores a reference packet stream. Once a packet in the reference stream and a candidate stream are matched to the match packet, the reference stream and the candidate stream are considered synchronized. Thereafter, the two streams are passed through a compare function and a resultant stream is output from the packet comparator. Possible resultant streams include the results of an exclusive OR (XOR) operation between all, or selected parts, of packets in each of the streams.
H04N 7/24 - Systèmes pour la transmission de signaux de télévision utilisant la modulation par impulsions codées
H04N 21/434 - Désassemblage d'un flux multiplexé, p. ex. démultiplexage de flux audio et vidéo, extraction de données additionnelles d'un flux vidéoRemultiplexage de flux multiplexésExtraction ou traitement de SIDésassemblage d'un flux élémentaire mis en paquets
17.
TWO-DIMENSIONAL LENSING ARRANGEMENT FOR OPTICAL BEAM COLLIMATION AND BEAM ORIENTATION
An arrangement for collimating and turning an optica! beam utilizing a pair of two-dimensional lenses to separate the collimation into separate one-dimensional operations, while using one of the two-dimensional lenses to also perform the turn-ing operation. A first two-dimensional Sensing surface is disposed at the endface of a launching waveguide. This first two-dimen-sional lensing surface provides collimation along one axis of the system (for example, the X axis). A second two-dimensional lensing surface is provided by introducing a defined curvature to a turning mirror in the system. The curvature of the turning mir-ror is designed to create colvmation (or focusing, if desired) in the orthogonal beamfront (in this case, the Y axis beamfront), while also re-directing the propagating signal into the desired orientation.
Disclosed are, inter alia, methods, apparatus, computer-storage media, mechanisms, and means associated with loss of reducing flooding in a bridged network, typically including a device directly connected to multiple upstream bridges. These bridges are configured such that the device receives broadcast/multicast traffic from a single interface of one of the bridges, while allowing unicast traffic over each of the communications links connecting the device to the bridges. In one configuration, the device implements virtual machine(s), each including a virtual network interface associated with a MAC address; and the di-rectly connected bridges are configured, for each particular MAC address of these MAC addresses of the virtual interfaces, such that one and only one of the bridges will forward packets having the particular MAC address as its destination address over a com-munications link directly connected to the device.
An initial amount of data transmitted from a MAC (12) is buffered in a PHY buffer (25). Depending on the speed at which the PHY buffer fills up relative to the time remaining for the far-end PHY (66) to transition from a second to a first far-end PHY power state the PHY does or does not transmit a data delay indicator (50) to MAC to preempt the MAC from transmitting the remaining amount of data.
A system includes a processor. The processor is configured to receive network traffic that includes a data block. The processor will generate a unique identifier (UID) for the file that includes a hash value corresponding to the file. The processor will determine whether the file is indicated as good or bad with the previously-stored UID. The processor will call a file -type specific detection nugget corresponding to the file's file -type to perform a full file inspection to detect whether the file is good or bad and store a result of the inspection together with the UID of the file, when the file is determined to be not listed in the previously-stored UIDs. The processor will not call the file-type specific detection nugget when the file's indicator is "good" or "bad" in the previously-stored UIDs. The processor will issue an alert about the bad file when the file's indicator is "bad".
21.
SYSTEM AND METHOD FOR RESOLVING OPERATING SYSTEM OR SERVICE IDENTITY CONFLICTS
A system includes a processor device. The processor device is configured to receive reports of operating system identities for a single host; determine which of the operating system identities are an intersection of the reported operating system identities; and assign the intersection of the reported operating system identities as a resolved operating system identity.
A method and a device providing one virtual endpoint dedicated to serve one particular real endpoint, and the virtual endpoint is typically installed on a server in the same local network as the associated real endpoint, where an MCU or a fraction of a distributed MCU also is installed. In the upstream direction, the virtual endpoint includes at least an upstream decoder, a scaling unit and an upstream encoder. In the downstream direction, the virtual endpoint includes at least a number of decoders, a composing unit and a downstream encoder.
A method may include selecting a destination of a traffic flow in a second network domain outside of a first network domain, and determining multiple paths from an origin of the traffic flow to the destination, where each of the multiple paths may include a first network domain path through the first network domain and a second network domain path through the second network domain. The method may also include, for each of the multiple paths, combining a first performance score for the first network domain path with a second performance score for the second network domain path. The method may additionally include selecting one of the plurality of paths with a combined first and second performance score below a threshold, and routing the traffic flow along the selected one of the plurality of paths.
H04L 43/08 - Surveillance ou test en fonction de métriques spécifiques, p. ex. la qualité du service [QoS], la consommation d’énergie ou les paramètres environnementaux
H04L 45/302 - Détermination de la route basée sur la qualité de service [QoS] demandée
H04L 61/4511 - Répertoires de réseauCorrespondance nom-adresse en utilisant des répertoires normalisésRépertoires de réseauCorrespondance nom-adresse en utilisant des protocoles normalisés d'accès aux répertoires en utilisant le système de noms de domaine [DNS]
A method may include receiving a domain name system (DNS) query at a network device, where the DNS query may be associated with a traffic flow identified for rerouting through an alternative path utilizing an alternative network device instead of a default path. The method may also include rewriting the DNS query such that the DNS query is routed through the alternative network device along the alternative path and to a DNS server associated with the alternative path. The method may additionally include receiving a DNS response from the DNS server, where a resource identified in the DNS response may be based on the DNS query coming through the alternative network device.
H04L 43/08 - Surveillance ou test en fonction de métriques spécifiques, p. ex. la qualité du service [QoS], la consommation d’énergie ou les paramètres environnementaux
H04L 45/12 - Évaluation de la route la plus courte
H04L 45/125 - Évaluation de la route la plus courte basée sur le débit ou la bande passante
H04L 45/302 - Détermination de la route basée sur la qualité de service [QoS] demandée
H04L 45/64 - Routage ou recherche de routes de paquets dans les réseaux de commutation de données à l'aide d'une couche de routage superposée
H04L 61/4511 - Répertoires de réseauCorrespondance nom-adresse en utilisant des répertoires normalisésRépertoires de réseauCorrespondance nom-adresse en utilisant des protocoles normalisés d'accès aux répertoires en utilisant le système de noms de domaine [DNS]
25.
THERMAL MODELING FOR CABLES TRANSMITTING DATA AND POWER
In one embodiment, a method includes receiving at a thermal modeling module, data from a Power Sourcing Equipment device, PSE, (10) for cables (14) extending from the PSE (10) to Powered Devices, PDs (12), the cables (14) configured to transmit power and data from the PSE (10) to the PDs (12), calculating at the thermal modeling module (18), thermal characteristics for the cables (14) based on the data, and identifying a thermal rise above a specified threshold at one of the cables (14). The data comprises real-time electrical data for the cables (14). An apparatus and logic are also disclosed herein.
In some examples, an example method to measure quality of service (QoS) of a network tunnel may include configuring a network tunnel from a tunnel source endpoint to a tunnel destination endpoint, transmitting multiple status packets to the tunnel destination endpoint, receiving multiple forwarded status packets from the tunnel destination endpoint, determining a time of receipt of each of the forwarded status packets, and determining a QoS measure of the network tunnel based on a time of transmission of each of the multiple status packets and the time of receipt of each of the forwarded status packets.
In some examples, an example method to provide a virtualized Carrier-grade Network Address Translation (CGN) at a first customer edge router may include establishing a tunnel between the first customer edge router and each aggregation router among one or more aggregation routers, performing a Network Address Translation (NAT) on a first data packet to create a NAT'ed first data packet, selecting a first aggregation router from amongst the one or more aggregation routers to send the NAT'ed first data packet to, encapsulating the NAT'ed first data packet with overlay information corresponding to a tunnel established between the first customer edge router and a first aggregation router, and sending the encapsulated NAT'ed first data packet through the tunnel to the first aggregation router.
A method may include determining, by a first network device, a type of control channel to open across a transport in a software-defined network (SDN). The method may also include establishing the control channel with a control device via a control plane that is separate from a data plane. The method may further include advertising first security association parameters to the control device via the control channel. The method may include receiving, from the control device via the control channel, second security association parameters associated with a second network device. The method may also include establishing a data plane connection with the second network device using the second security association parameters.
A. method may include receiving a data flow of an application directed to the destination in a software-defined network (SDN). The method may also include identifying a classification of the application. The method may additionally include identifying a set of performance thresholds associated with the classification of the application. The method may also include determining a current performance of the data flow of the application in the SDN. The method may also include generating a performance score for the application based on the set of performance thresholds and the current performance of the data flow of the application in the SDN. The method may further include causing the performance score for the application to be presented via an interface.
H04L 41/5009 - Détermination des paramètres de rendement du niveau de service ou violations des contrats de niveau de service, p. ex. violations du temps de réponse convenu ou du temps moyen entre l’échec [MTBF]
H04L 41/5019 - Pratiques de respect de l’accord du niveau de service
H04L 41/5022 - Pratiques de respect de l’accord du niveau de service en donnant des priorités, p. ex. en attribuant des classes de service
H04L 41/5025 - Pratiques de respect de l’accord du niveau de service en réagissant de manière proactive aux changements de qualité du service, p. ex. par reconfiguration après dégradation ou mise à niveau de la qualité du service
H04L 43/045 - Traitement des données de surveillance capturées, p. ex. pour la génération de fichiers journaux pour la visualisation graphique des données de surveillance
H04L 43/08 - Surveillance ou test en fonction de métriques spécifiques, p. ex. la qualité du service [QoS], la consommation d’énergie ou les paramètres environnementaux
H04L 43/10 - Surveillance active, p. ex. battement de cœur, utilitaire Ping ou trace-route
H04L 45/00 - Routage ou recherche de routes de paquets dans les réseaux de commutation de données
H04L 45/12 - Évaluation de la route la plus courte
H04L 45/302 - Détermination de la route basée sur la qualité de service [QoS] demandée
H04L 47/2425 - Trafic caractérisé par des attributs spécifiques, p. ex. la priorité ou QoS pour la prise en charge de spécifications de services, p. ex. SLA
H04L 47/2441 - Trafic caractérisé par des attributs spécifiques, p. ex. la priorité ou QoS en s'appuyant sur la classification des flux, p. ex. en utilisant des services intégrés [IntServ]
30.
COMBINED POWER, DATA, AND COOLING DELIVERY IN A COMMUNICATIONS NETWORK
(12) INTERNATIONAL APPLICATION PUBLISHED UNDER THE PATENT COOPERATION TREATY (PCT) CORRECTED VERSION (19) World Intellectual Property 11111110111101100 0101111111111 110 I I 1110111 1011 11 11 11 111 10EOEE1110 111 1101111 Organization International Bureau (10) International Publication Number (43) International Publication Date WO 2019/168761 A8 06 September 2019 (06.09.2019) WIPO I PCT (51) International Patent Classification: 60189 (US). TWISS, Robert, Gregory; 405 BowdenRoad, HO4L 12/10 (2006.01) HO4B 7/00 (2006.01) Chapel Hill, NC 27516 (US). ACHKIR, D., Brice; 2423 Tait St., Livermore, CA 94550 (US). (21) International Application Number: PCT/US2019/019259 (74) Agent: KAPLAN, Cindy, S.; P.O. Box 2448, Saratoga, CA 95070 (US). (22) International Filing Date: 22 February 2019 (22.02.2019) (81) Designated States (unless otherwise indicated, for every kind of national protection available): AE, AG, AL, AM, (25) Filing Language: English AO, Ar, AU, AZ, EA, 13E, EG, EH, EN, ER, EW, E Y, EZ, (26) Publication Language: English CA, CH, CL, CN, CO, CR, CU, CZ, DE, DJ, DK, DM, DO, DZ, EC, EE, EG, ES, FI, GB, GD, GE, GII, GM, GT, IIN, (30) Priority Data: HR, HU, ID, IL, IN, IR, IS, JO, JP, KE, KG, KH, KN, KP, 15/910,203 02 March 2018 (02.03.2018) US KR, KW, KZ, LA, LC, LK, LR, LS, LU, LY, MA, MD, ME, (71) Applicant: CISCO TECHNOLOGY, INC. [US/US]: 170 MG, MK, MN, MW, MX, MY, MZ, NA, NG, NI, NO, NZ, West Tasman Drive, San Jose, CA 95134-1706 (US). OM, PA, PE, PG, PH, PL, PT, QA, RO, RS, RU, RW, SA, SC, SD, SE, SG, SK, SL, SM, ST, SV, SY, TH, TJ, TM, TN, (72) Inventors: GOERGEN, Joel, Richard; 18129 Clouds TR, TT, TZ, UA, UG, US, UZ, VC, VN, ZA, ZM, ZW. Rest Road, Soulsbyville, CA 95372 (US) BYERS, Charles, Calvin; 2S710 Wendelin Court, Wheaton, IL (54) Title: COMBINED POWER, DATA, AND COOLING DELIVERY IN A COMMUNICATIONS NETWORK 12 REMOTE NETWORK DEVICE REMOTE } NETWORK DEVICE 10i REMOTE F-12 14 CENTRAL HUB NETWORK (NETWORK DEVICE DEVICE) _________________________ -7-15 REMOTE ¨Power __________ P. PSU NETWORK DEVICE -4¨Data _________ r. LINE CARDS = REMOTE 14 NETWORK HEAT X-18 DEVICE -41-Cooling EXCHANGER - REMOTE NETWORK DEVICE CABLE WITH POWER, DATA, AND COOLING L-12 FIGURE 1 1-1 r=-= cc (57) Abstract: In one embodiment, a method includes delivering power, data, and cooling from a central network device to a plurality of remote communications devices over cables connecting the central network device to the remote communications devices, each of the cables carrying said power, data, and cooling, and receiving at the central network device, power and thermal data from the remote CT communications devices based on monitoring of power and cooling at the remote communications devices. The remote communications 1-1 devices are powered by the power and cooled by the cooling delivered from the central network device. An apparatus is also disclosed el herein. C.) Date Recue/Date Received 2020-12-07 [Continued on next page] WO 2019/168761 A8 111E1101M I Ell l 11111 1111111111 10 1111111111 11111 111111111 111111111 1111111111111111111 (84) Designated States (unless otherwise indicated, for every kind of regional protection available): AREPO (BW, GH. GM, KE, LR, LS, MW, MZ, NA, RW, SD, SL, ST, SZ, TZ. UG, ZM, ZW), Eurasian (AM, AZ, BY, KG, KZ, RU, TJ, TM), European (AL, AT, BE, BG, CH, CY, CZ, DE, DK, EE, ES, FI, FR, GB, GR, HR, HU, IE, IS, IT, LT, LU, LV, MC, MK, MT, NL, NO, PL, PT, RO, RS, SE, SI, SK, SM, TR), OAPI (BF, BJ, CF, CG, CI, CM, GA, GN, GQ, GW, KM, ML, MR, NE, SN, TD, TG). Published: ¨ with international search report (Art. 21(3)) (48) Date of publication of this corrected version: 15 October 2020 (15.10.2020) (15) Information about Correction: see Notice of 15 October 2020 (15.10.2020) Date Recue/Date Received 2020-12-07
In one embodiment, a method includes delivering power, data, and cooling on a cable from a central network device to a splitter device for splitting and transmitting the power, data, and cooling to a plurality of remote communications devices over a plurality of cables, each of the cables carrying the power, data, and cooling, receiving at the central network device, monitoring information from the remote communications devices on the cable, processing the monitoring information, and allocating the power, data, and cooling to each of the remote communications devices based on the monitoring information. A system is also disclosed herein.
In an embodiment, a computer-implemented method is presented for updating a configuration of a deployed application, the deployed application comprising a plurality of instances each comprising one or more physical computers or one or more virtualized computing devices, in a computing environment, the method comprising: receiving a request to update an application profile model that is hosted in a database, the request specifying a change of a first set of application configuration parameters of the deployed application to a second set of application configuration parameters, the first set of application configuration parameters indicating a current configuration state of the deployed application and the second set of application configuration parameters indicating a target configuration state of the deployed application, in response to the request, updating the application profile model in the database using the second set of application configuration parameters, and generating, based on the updated application profile model, a solution descriptor comprising a description of the first set of application configuration parameters and the second set of application configuration parameters, and updating the deployed application based on the solution descriptor.
G06F 9/455 - ÉmulationInterprétationSimulation de logiciel, p. ex. virtualisation ou émulation des moteurs d’exécution d’applications ou de systèmes d’exploitation
G06F 15/16 - Associations de plusieurs calculateurs numériques comportant chacun au moins une unité arithmétique, une unité programme et un registre, p. ex. pour le traitement simultané de plusieurs programmes
H04L 41/082 - Réglages de configuration caractérisés par les conditions déclenchant un changement de paramètres la condition étant des mises à jour ou des mises à niveau des fonctionnalités réseau
H04L 67/1001 - Protocoles dans lesquels une application est distribuée parmi les nœuds du réseau pour accéder à un serveur parmi une pluralité de serveurs répliqués
H04L 67/1097 - Protocoles dans lesquels une application est distribuée parmi les nœuds du réseau pour le stockage distribué de données dans des réseaux, p. ex. dispositions de transport pour le système de fichiers réseau [NFS], réseaux de stockage [SAN] ou stockage en réseau [NAS]
33.
METHOD AND DEVICE FOR DYNAMIC AND SEAMLESS LINK SELECTION
A disclosed method is performed at an access point. The method includes receiving a request message from a client device, where the request message includes a request for an allocation of a wireless channel for the client device from the access point. The method further includes exchanging candidate and load information with a plurality of other access points. The method additionally includes selecting a preferred access point from the access point and the plurality of other access points based on the candidate and load information exchanged with the plurality of other access points. The method also includes facilitating the allocation of the wireless channel for the client device from the preferred access point.
Techniques for provisioning multicast chains in a cloud-based environment are described herein. In an embodiment, a system sends a model of an application comprising sources, destinations, and virtualized appliances for initiation by host computers to a software- defined networking (SDN) controller. The SDN controller determines locations for the virtualized appliances and generates an updated model of the application, the updated model comprising the locations for the virtualized appliances. The SDN controller sends the updated model to the orchestration system. The orchestration system uses the updated model to generate a mapping of virtualized appliances to available host computers. Using the mapping of virtualized appliances to available host computers, the orchestration system sends instructions for initiating the virtualized appliances on the available host computers to one or more cloud management systems.
H04L 41/122 - Découverte ou gestion des topologies de réseau des topologies virtualisées, p. ex. les réseaux définis par logiciel [SDN] ou la virtualisation de la fonction réseau [NFV]
H04L 41/40 - Dispositions pour la maintenance, l’administration ou la gestion des réseaux de commutation de données, p. ex. des réseaux de commutation de paquets en utilisant la virtualisation des fonctions réseau ou ressources, p. ex. entités SDN ou NFV
H04L 47/72 - Contrôle d'admissionAllocation des ressources en utilisant des actions de réservation pendant l’établissement de la connexion
H04L 65/611 - Diffusion en flux de paquets multimédias pour la prise en charge des services de diffusion par flux unidirectionnel, p. ex. radio sur Internet pour la multidiffusion ou la diffusion
H04L 67/1001 - Protocoles dans lesquels une application est distribuée parmi les nœuds du réseau pour accéder à un serveur parmi une pluralité de serveurs répliqués
H04N 5/262 - Circuits de studio, p. ex. pour mélanger, commuter, changer le caractère de l'image, pour d'autres effets spéciaux
Systems, methods, and computer-readable media for providing multi-cloud connectivity. A method can involve adding a new virtual private cloud (VPC) to a multi-cloud environment including a private network and VPCs connected to the private network via a segment routing (SR) domain and respective virtual routers on the VPCs and the private network. The method can involve deploying a new virtual router on the new VPC, registering the new virtual router at a BGP controller in the multi-cloud environment, and receiving, at the BGP controller, topology information from the new virtual router. The method can further involve identifying routes in the multi-cloud environment based on paths computed based on the topology information, sending, to the new virtual router, routing information including the routes, SR identifiers and SR policies, and based on the routing information, providing interconnectivity between the private network, the VPCs, and the new VPC.
H04L 41/5041 - Gestion des services réseau, p. ex. en assurant une bonne réalisation du service conformément aux accords caractérisée par la relation temporelle entre la création et le déploiement d’un service
H04L 45/02 - Mise à jour ou découverte de topologie
H04L 45/586 - Association de routeurs de routeurs virtuels
H04L 45/64 - Routage ou recherche de routes de paquets dans les réseaux de commutation de données à l'aide d'une couche de routage superposée
H04L 67/10 - Protocoles dans lesquels une application est distribuée parmi les nœuds du réseau
H04L 69/329 - Protocoles de communication intra-couche entre entités paires ou définitions d'unité de données de protocole [PDU] dans la couche application [couche OSI 7]
36.
REDUCING DISTRIBUTED STORAGE OPERATION LATENCY USING SEGMENT ROUTING TECHNIQUES
Systems, methods, and computer-readable media for reducing distributed storage operation latency using segment routing. In some examples, a method can involve receiving, from a client, a message identifying an intent to store or retrieve data on a distributed storage environment, and sending to the client a segment routing (SR) list identifying storage node candidates for storing or retrieving the data. The method can involve steering a data request from the client through a path defined by the SR list based on a segment routing header (SRH) associated with the request, the SRH being configured to steer the request through the path until a storage node from the storage node candidates accepts the request. The method can further involve sending, to the client device, a response indicating that the storage node has accepted the request and storing or retrieving the data at the storage node that accepted the request.
H04L 67/1095 - Réplication ou mise en miroir des données, p. ex. l’ordonnancement ou le transport pour la synchronisation des données entre les nœuds du réseau
H04L 67/1097 - Protocoles dans lesquels une application est distribuée parmi les nœuds du réseau pour le stockage distribué de données dans des réseaux, p. ex. dispositions de transport pour le système de fichiers réseau [NFS], réseaux de stockage [SAN] ou stockage en réseau [NAS]
37.
UNIQUE IDENTITIES OF ENDPOINTS ACROSS LAYER 3 NETWORKS
Systems and methods provide for determining unique identities of endpoints across L3 networks. For example, a first networking device of a network management system in a first L3 network can receive a mapping of a first L3 network address to a first L2 network address from a second networking device in a second L3 network. The system can determine that the first L2 network address is associated with a third networking device. The system can receive a mapping of the L3 address to a second L2 network address from the third device. The system can determine that the second L2 address is associated with an endpoint. The system can store the L3 address and the second L2 address as an identity of the endpoint. The system can present network utilization information of the endpoint using traffic to/from the L3 address correlated to the endpoint based on its identity.
H04L 41/0213 - Protocoles de gestion de réseau normalisés, p. ex. protocole de gestion de réseau simple [SNMP]
H04L 41/0853 - Récupération de la configuration du réseauSuivi de l’historique de configuration du réseau en recueillant activement des informations de configuration ou en sauvegardant les informations de configuration
H04L 41/12 - Découverte ou gestion des topologies de réseau
H04L 41/142 - Analyse ou conception de réseau en utilisant des méthodes statistiques ou mathématiques
H04L 41/22 - Dispositions pour la maintenance, l’administration ou la gestion des réseaux de commutation de données, p. ex. des réseaux de commutation de paquets comprenant des interfaces utilisateur graphiques spécialement adaptées [GUI]
H04L 43/0876 - Utilisation du réseau, p. ex. volume de charge ou niveau de congestion
H04L 45/745 - Recherche de table d'adressesFiltrage d'adresses
H04L 61/103 - Correspondance entre adresses de types différents à travers les couches réseau, p. ex. résolution d’adresse de la couche réseau dans la couche physique ou protocole de résolution d'adresse [ARP]
A request is received from a client device to connect to a wireless network associated with a cloud computing device. A first notification is received to indicate that a first client transaction has started. Using a first timer, a first timestamp associated with a start time of the first client transaction is identified. A first data frame having the first client transaction and the first timestamp is generated. A second notification indicating that the first client transaction has completed is received. Using the first timer, a second timestamp associated with an end time of the first client transaction is identified. Using the second timestamp, the first data frame is updated using the second timestamp. The first data frame is sent to the cloud computing device.
Systems and methods provide for provisioning a dynamic intent-based firewall. A network controller can generate a master route table for network segments reachable from edge network devices managed by the controller. The controller can receive zone definition information mapping the network segments into zones and Zone-based Firewall (ZFW) policies to apply to traffic between a source and destination zone specified by each ZFW policy. The controller can evaluate a ZFW policy to determine first edge network devices that can reach first network segments mapped to the source zone specified by the ZFW policy, second edge network devices that can reach second network segments mapped to the destination zone specified by the ZFW policy, and routing information (from the route table) between the first network segments, the first and second edge network devices, and the second network segments. The controller can transmit the routing information to the edge network devices.
Systems and methods provide for synergistic domain name system DNS security updates for an enterprise network operating under a Software Defined Wide Area Network (SD-WAN). A system may be configured to collect positive and/or negative unified threat defense (UTD) results, deploy a rules-based model that, when a threat or clearance is detected across several SD-WAN edge network devices, triggers an update to a local security blacklist/whitelist, wherein the update comprises a signature, and push the update to other devices that have not yet seen the threat or clearance.
H04L 41/342 - Canaux de signalisation pour la communication dédiée à la gestion du réseau entre entités virtuelles, p. ex. orchestrateurs, SDN ou NFV
H04L 61/4511 - Répertoires de réseauCorrespondance nom-adresse en utilisant des répertoires normalisésRépertoires de réseauCorrespondance nom-adresse en utilisant des protocoles normalisés d'accès aux répertoires en utilisant le système de noms de domaine [DNS]
41.
END-TO-END IDENTITY-AWARE ROUTING ACROSS MULTIPLE ADMINISTRATIVE DOMAINS
Systems and methods provide for end-to-end identity-aware routing across multiple administrative domains. A first ingress edge device of a second overlay network can receive a first encapsulated packet from a first egress edge device of a first overlay network. The first ingress edge device can de-encapsulate the first encapsulated packet to obtain an original packet and a user or group identifier. The first ingress edge device can apply a user or group policy matching the user or group identifier to determine a next hop for the original packet. The first ingress edge device can encapsulate the original packet and the user or group identifier to generate a second encapsulated packet. The first ingress edge device can forward the second encapsulated packet to the next hop.
In one embodiment, an apparatus includes an interface for transmitting pulse power and data to a powered device over a wire pair and a controller for receiving input identifying power transitions in the pulse power and suspending data transmission during the power transitions. A method is also disclosed herein.
In one embodiment, a method includes transmitting data on two wire pairs carrying pulse power, wherein the pulse power comprises a plurality of voltage pulses with the voltage pulses on the wire pairs offset between the wire pairs to provide continuous power and identifying transitions between at least one of a pulse-on time and a pulse-off time, and a pulse-off time and a pulse-on time on at least one of the wire pairs. Data transmission on the wire pair is controlled during the identified transitions on the wire pair to prevent interference between the pulse power and the data.
The present technology provides a system, method and computer readable medium for steering a content request among plurality of cache servers based on multi-level assessment of content popularity. In some embodiments a three levels of popularity may be determined comprising popular, semi-popular and unpopular designations for the queried content. The processing of the query and delivery of the requested content depends on the aforementioned popularity level designation and comprises a acceptance of the query at the edge cache server to which the query was originally directed, rejection of the query and re-direction to a second edge cache server or redirection of the query to origin server to thereby deliver the requested content. The proposed technology results in higher hit ratio for edge cache clusters by steering requests for semi-popular content to one or more additional cache servers while forwarding request for unpopular content to origin server.
H04L 65/80 - Dispositions, protocoles ou services dans les réseaux de communication de paquets de données pour prendre en charge les applications en temps réel en répondant à la qualité des services [QoS]
H04L 67/06 - Protocoles spécialement adaptés au transfert de fichiers, p. ex. protocole de transfert de fichier [FTP]
H04L 67/1008 - Sélection du serveur pour la répartition de charge basée sur les paramètres des serveurs, p. ex. la mémoire disponible ou la charge de travail
H04L 67/1095 - Réplication ou mise en miroir des données, p. ex. l’ordonnancement ou le transport pour la synchronisation des données entre les nœuds du réseau
H04L 67/288 - Dispositifs intermédiaires distribués, c.-à-d. dispositifs intermédiaires pour l'interaction avec d'autres dispositifs intermédiaires de même niveau
H04L 67/563 - Redirection de flux de réseau de données
H04L 67/568 - Stockage temporaire des données à un stade intermédiaire, p. ex. par mise en antémémoire
H04L 67/5682 - Politiques ou règles de mise à jour, de suppression ou de remplacement des données stockées
H04L 69/329 - Protocoles de communication intra-couche entre entités paires ou définitions d'unité de données de protocole [PDU] dans la couche application [couche OSI 7]
H04N 21/231 - Opération de stockage de contenu, p. ex. mise en mémoire cache de films pour stockage à court terme, réplication de données sur plusieurs serveurs, ou établissement de priorité des données pour l'effacement
45.
INTEGRATION OF POWER, DATA, COOLING, AND MANAGEMENT IN A NETWORK COMMUNICATIONS SYSTEM
In one embodiment, a system includes a central hub comprising a power source, a data switch, a coolant system, and a management module, a plurality of network devices located within an interconnect domain of the central hub, and at least one combined cable connecting the central hub to the network devices and comprising a power conductor, a data link, a coolant tube, and a management communications link contained within an outer cable jacket.
In one embodiment, an apparatus comprises an input power interface for receiving input power, a power control system for transmitting DC (Direct Current) pulse power on multiple phases over a cable to a plurality of powered devices and verifying cable operation during an off-time of pulses in the DC pulse power, and a cable interface for delivery of the DC pulse power on the multiple phases and data over the cable to the powered devices. A method for transmitting multiple phase pulse power is also disclosed herein.
In one embodiment, a method includes detecting a request to route traffic to a service associated with an application. The method also includes identifying an application identifier associated with the application and selecting, using the application identifier, a label from a plurality of labels included in a routing table. The label includes one or more routes. The method further includes routing the traffic to the service associated with the application using the label.
H04L 61/10 - Correspondance entre adresses de types différents
H04L 67/63 - Ordonnancement ou organisation du service des demandes d'application, p. ex. demandes de transmission de données d'application en utilisant l'analyse et l'optimisation des ressources réseau requises en acheminant une demande de service en fonction du contenu ou du contexte de la demande
H04W 12/121 - Système de détection d’intrusions sans fil [WIDS]Système de prévention d’intrusions sans fil [WIPS]
H04W 40/02 - Sélection d'itinéraire ou de voie de communication, p. ex. routage basé sur l'énergie disponible ou le chemin le plus court
In one embodiment, a method includes providing a first profile to a plurality of edge routers of the SD-WAN, the plurality of edge routers operable to interface a plurality of devices to the SD-WAN. The first profile enables the plurality of edge routers to discover which devices of the plurality of devices support a first application. The method includes receiving, from one or more of the edge routers, information indicating which devices of the plurality of devices support the first application and building a first application fabric based on the information indicating which devices of the plurality of devices support the first application.
H04L 41/122 - Découverte ou gestion des topologies de réseau des topologies virtualisées, p. ex. les réseaux définis par logiciel [SDN] ou la virtualisation de la fonction réseau [NFV]
H04L 43/065 - Génération de rapports liés aux appareils du réseau
According to some embodiments, a method performed by a first software defined wide area network (SD-WAN) edge router communicably coupled to a public network comprises: receiving a transport location (TLOC)-extension configuration for a known interface of the first edge router; detecting a second edge router attempting to connect to the known interface of the first edge router; and transmitting, to the second edge router, configuration information for the second edge router so that the second edge router is able to communicate with the public network through a TLOC-extension with the first edge router. In some embodiments, the second edge router receives device configuration information (e.g., PnP, ZTP, etc.) from the public network via the TLOC-extension.
H04L 9/32 - Dispositions pour les communications secrètes ou protégéesProtocoles réseaux de sécurité comprenant des moyens pour vérifier l'identité ou l'autorisation d'un utilisateur du système
H04L 41/0806 - Réglages de configuration pour la configuration initiale ou l’approvisionnement, p. ex. prêt à l’emploi [plug-and-play]
H04L 41/40 - Dispositions pour la maintenance, l’administration ou la gestion des réseaux de commutation de données, p. ex. des réseaux de commutation de paquets en utilisant la virtualisation des fonctions réseau ou ressources, p. ex. entités SDN ou NFV
50.
SEAMLESS MULTI-CLOUD SDWAN DISASTER RECOVERY USING ORCHESTRATION PLANE
The present disclosure is directed to management of migration of SD-WAN solutions in a multi-cloud structure upon detection of a failover event. In one aspect, a method includes monitoring, using virtual bonds of a network orchestration component, clusters of virtual management components of multiple cloud networks, corresponding virtual management components of one of the multiple cloud networks implementing one or more services of a Software-Defined Wide Access Network (SD-WAN) solution; detecting, using the virtual bonds, a failover event at the one of the multiple cloud networks; and identifying, by the virtual bonds, a new destination cloud network to migrate the one or more services of the SD-WAN solution to. from a source cloud network at which the failover event is detected.
H04L 41/0668 - Gestion des fautes, des événements, des alarmes ou des notifications en utilisant la reprise sur incident de réseau par sélection dynamique des éléments du réseau de récupération, p. ex. le remplacement par l’élément le plus approprié après une défaillance
H04L 41/40 - Dispositions pour la maintenance, l’administration ou la gestion des réseaux de commutation de données, p. ex. des réseaux de commutation de paquets en utilisant la virtualisation des fonctions réseau ou ressources, p. ex. entités SDN ou NFV
51.
SYSTEMS AND METHODS FOR APPLYING SD-WAN POLICIES TO ROUTER-GENERATED TRAFFIC
In one embodiment, a method includes receiving non-Internet Protocol (IP) traffic from one or more non-IP traffic sources. The method also includes terminating the non-IP traffic and re-originating the non-IP traffic as first IP traffic in accordance with one or more software- defined networking in a wide area network (SD-WAN) protocols. The method further includes communicating the first IP traffic to an SD-WAN link in accordance with one or more SD- WAN policies.
Techniques for routing data packets through service chains within and between public cloud networks of multi-cloud fabrics. A router in a network, e.g., a public cloud network, receives data packets from nodes in the network through segments of the network. Based at least in part on (i) a source address of the data packet, (ii) a destination address of the data packet, and (iii) an identity of the segments of the network from which the data packets are received, the router determines a next node in the network to which the data packet is to be forwarded. The router may then forward the data packet through another segment of the network to the next node and then receive the data packet from the next node through the another segment.
A network security system implements connectivity policies of a network environment. The network security system may use a network topology mapping to implement connectivity policies, where the network topology mapping includes sets of security zones, security devices, and zone paths between the security zones via the one or more security devices. The network security system can generate a universal representation of a connectivity policy for the network environment using a universal syntax. Using the network topology mapping, the network security system can identify zone paths between the security zones for implementing the connectivity policy. The network security system can configure security devices along the zone paths in accordance with the connectivity policies. Configuring security devices may include converting some or all of the universal representation of the connectivity policy into a device-specific representation in a native syntax of the security device.
The present disclosure is directed to a centralized control policy for multicast replicator selection. Methods include receiving multicast advertisements from a plurality of edge devices configured with multicast protocol, each multicast advertisement including information indicating whether an associated edge device is a replicator; analyzing multicast advertisements from the plurality of edge devices to identify one or more replicators; receiving a centralized policy configuration associated with at least one control policy that includes a preference related to selection of at least one replicator from the identified one or more replicators, the preference applicable to a defined set of edge devices from the plurality of edge devices; and updating at least one multicast advertisement with the control policy for transmission to the defined set of edge devices, the updated at least one multicast advertisement indicating the preference for replicator selection for the defined set of edge devices based on the control policy.
In one embodiment, a method includes receiving energy efficiency data from a plurality of nodes within a network. The method also includes determining an energy efficiency node quotient for each of the plurality of nodes within the network to generate a plurality of energy efficiency node quotients and determining an energy efficiency path quotient for each of a plurality of paths within the network to generate a plurality of energy efficiency path quotients. The method further includes determining one or more policies associated with the plurality of paths and selecting a path from the plurality of paths based at least on the plurality of energy efficient path quotients and the one or more policies.
H04L 43/0817 - Surveillance ou test en fonction de métriques spécifiques, p. ex. la qualité du service [QoS], la consommation d’énergie ou les paramètres environnementaux en vérifiant la disponibilité en vérifiant le fonctionnement
H04L 43/10 - Surveillance active, p. ex. battement de cœur, utilitaire Ping ou trace-route
H04L 45/00 - Routage ou recherche de routes de paquets dans les réseaux de commutation de données
H04L 45/12 - Évaluation de la route la plus courte
H04L 45/302 - Détermination de la route basée sur la qualité de service [QoS] demandée
According to an embodiment, a system comprises one or more processors and one or more computer-readable non-transitory storage media comprising instructions that, when executed by the one or more processors, cause one or more components of the system to perform operations. The operations comprise determining that an endpoint device has requested to discover a location of a protected resource that is protected by a gateway, determining whether the endpoint device has provided a token that is valid, and permitting the endpoint device to discover the location of the protected resource based on determining that the endpoint device has provided the token that is valid. The token indicates that the endpoint device successfully completed a first multi-factor authentication procedure in connection with accessing an authentication enforcement resource.
In one embodiment, a method includes receiving a historical text document that is associated with a breach event. The method also includes searching for an attack tactic within the historical text document using a machine learning algorithm. The method further includes generating a probability that the attack tactic exists within the historical text document, comparing the probability to a predetermined probability threshold, and categorizing the historical text document based on the probability.
In one embodiment, a method includes determining an attack tactic risk score for one or more attack tactics based on a dataset of actual loss events and determining an incident risk score for an incident based on the one or more attack tactic risk scores. The method also includes determining a priority value for an asset. The asset is associated with the incident. The method further includes generating an asset risk score for the asset based on the priority value of the asset and the incident risk score.
G06F 21/55 - Détection d’intrusion locale ou mise en œuvre de contre-mesures
G06F 21/57 - Certification ou préservation de plates-formes informatiques fiables, p. ex. démarrages ou arrêts sécurisés, suivis de version, contrôles de logiciel système, mises à jour sécurisées ou évaluation de vulnérabilité
G06Q 10/0635 - Analyse des risques liés aux activités d’entreprises ou d’organisations
59.
PRIORITIZING VULNERABILITY BASED ON APPLICATION SECURITY CONTEXT
According to some embodiments, a method includes determining a plurality of business transactions for a plurality of services provided by an application. The method further includes calculating a vulnerability score for each determined business transaction. Each vulnerability score is based on one or more application context factors of a plurality of application context factors. The method further includes displaying a graphical user interface. The graphical user interface includes a list of the determined business transactions and the calculated vulnerability score for each determined business transaction in the list.
G06F 21/57 - Certification ou préservation de plates-formes informatiques fiables, p. ex. démarrages ou arrêts sécurisés, suivis de version, contrôles de logiciel système, mises à jour sécurisées ou évaluation de vulnérabilité
G06Q 20/12 - Architectures de paiement spécialement adaptées aux systèmes de commerce électronique
60.
SYSTEMS AND METHODS FOR SECURELY TRANSFERRING ACCOUNT INFORMATION BETWEEN DEVICES
A network device is disclosed. The network device includes an incoming power port, an outgoing power port, an internal circuit, and a power storage system connected to the incoming power port, the outgoing power port and the internal circuit. In alternative embodiments, the device may include a power regenerator, a power detector and divider, or a power splitter.
An application-specific integrated circuit and related network switch are disclosed. The integrated circuit includes switch circuitry for receiving a 802.11 wireless data frame and forwarding it to a predetermined port. Inspection circuitry is provided for inspecting attributes of the data frame. Decision circuitry is provided for instructing the switch circuitry to forward the data frame based on the attributes, both 802.3 wired and 802.11 wireless.
A mobile device supports concurrent registrations of different wireless personalities with one or more service provider networks. Potentially using a single wireless interface, the mobile device can register and maintain multiple personalities and monitor for notifications targeted to any one of these personalities.
H04W 8/18 - Traitement de données utilisateur ou abonné, p. ex. services faisant l'objet d'un abonnement, préférences utilisateur ou profils utilisateurTransfert de données utilisateur ou abonné
H04W 24/00 - Dispositions de supervision, de contrôle ou de test
H04W 60/00 - Rattachement à un réseau, p. ex. enregistrementSuppression du rattachement à un réseau, p. ex. annulation de l'enregistrement
H04W 68/00 - Avertissement aux utilisateurs, p. ex. alerte ou messagerie, sur l'arrivée d'une communication, un changement de service ou similaires
An apparatus for managing network access is provided that includes a billing system element operable to receive one or more packets of a communication flow and to communicate with a price server. The price server is operable to receive a query from the billing system element associated with a pricing parameter relating to a data segment to be accessed by an end user associated with the communication flow. The price server is also operable to return a response to the billing system element that includes the pricing parameter relating to the data segment such that the end user can verify the pricing parameter before accessing the data segment.
Method and devices are provided to form virtual switches for data networks. As noted above, the term "switch" as used herein will apply to switches, routers and similar network devices. Each virtual switch acts as a single logical unit, while encompassing at least two physical chassis. Accordingly, each virtual switch may be treated as a single point of management. Each virtual switch includes a master chassis and at least one slave chassis. The master chassis is configured to control the slave chassis. The master chassis includes at least one master supervisor card and the slave chassis includes at least one slave supervisor card. The master chassis and the slave chassis communicate via a virtual switch link according to a virtual switch link protocol.
H04L 41/0806 - Réglages de configuration pour la configuration initiale ou l’approvisionnement, p. ex. prêt à l’emploi [plug-and-play]
H04L 41/082 - Réglages de configuration caractérisés par les conditions déclenchant un changement de paramètres la condition étant des mises à jour ou des mises à niveau des fonctionnalités réseau
H04L 45/00 - Routage ou recherche de routes de paquets dans les réseaux de commutation de données
H04L 45/586 - Association de routeurs de routeurs virtuels
66.
ERROR VECTOR MAGNITUDE SELECTION DIVERSITY METRIC FOR OFDM
Described herein is an apparatus for inclusion in a station of a wireless network, and a method implemented in a station of a wireless network. The method includes wirelessly receiving data via each of a plurality of antennas (703and 705), the data corresponding to a packet of information transmitted from a remote station, sampling the received data corresponding to the received packet to form data samples for each of the antennas, and determining a measure of signal quality from samples of the received data for each of the antennas. The method further includes selecting (1003) one of the plurality of receive antennas as the antenna for receiving from the remote station according to the determined measure of signal quality.
A method for providing a superior quality of service for multicast data streams delivered over a wireless local area network. As Internet Protocol multicast data streams are received by an access point, the access point observes Internet Group Multicast Protocol registration messages to determine which of its associated stations subscribe to each multicast data stream. The access point then determines which of the multicast data streams it receives have only active subscribing stations as opposed to those data streams having at least one associated station operating in power-save mode. The access point will automatically transmit each multicast data stream having only active subscribers immediately to the associated active stations, while buffering the multicast data stream for which there is at least one associated station operating in power-save mode.
H04W 4/06 - Répartition sélective de services de diffusion, p. ex. service de diffusion/multidiffusion multimédiaServices à des groupes d’utilisateursServices d’appel sélectif unidirectionnel
H04W 8/22 - Traitement ou transfert des données du terminal, p. ex. statut ou capacités physiques
H04W 84/12 - Réseaux locaux sans fil [WLAN Wireless Local Area Network]
68.
SELECTING AN ACCESS POINT ACCORDING TO A MEASURE OF RECEIVED SIGNAL QUALITY
An apparatus for inclusion and a method for operation in a station (STA) of a wireless network. The method includes received data from at least one remote station and determining a measure of the signal quality, e.g., a measure of the EVM from samples of the data received from the remote station(s). If the remote station(s) is/are access point(s), the station selects an access point for association according to criteria that include the measure of the EVM from the remote station. If the received data includes a request management message, the station responds to the request management message with a response management message that include a measure of the EVM of the received data corresponding to the request management message. Thus, the remote station receiving the response management message receives an indication of the quality of the link between the station and the remote station without the receiving remote station necessarily being EVM-capable.
A method is disclosed for enabling stateless server-based pre-shared secrets. Based on a local key that is not known to a client, a server encrypts the client's state information. The client's state information may include, for example, the client's authentication credentials, the client's authorization characteristics, and a shared secret key that the client uses to derive session keys. By any of a variety of mechanisms, the encrypted client state information is provided to the client. The server may free memory that stored the client's state information. When the server needs the client's state information, the client sends, to the server, the encrypted state information that the client stored. The server decrypts the client state information using the local key. Because each client stores that client's own state information in encrypted form, the server does not need to store any client's state information permanently.
A wafer-level testing arrangement for opto-electronic devices formed in a silicon-on-insulator (SOI) wafer structure utilizes a single opto-electronic testing element to perform both optical and electrical testing. Beam steering optics may be formed on the testing element and used to facilitate the coupling between optical probe signals and optical coupling elements (e.g., prism couplers, gratings) formed on the top surface of the SOI structure. The optical test signals are thereafter directed into optical waveguides formed in the top layer of the SOI structure. The opto~electronic testing element also comprises a plurality of electrical test pins that are positioned to contact a plurality of bondpad test sites on the opto-electronic device and perform electrical testing operations. The optical test signal results may be converted into electrical representations within the SOI structure and thus returned to the testing element as electrical signals.
The invention provides a method and system of detecting aliases in a network. The network comprises at least one device and at least one Network management system (NMS) for managing the devices. The NMS identifies each device available in the network with a message digest. The NMS retrieves the message digest of a device that is submitted for management. The NMS tries to locate the retrieved message digest with a database of message digests. In case the retrieved message digest is located on the database, the NMS declares the device as an alias. However, if the message digest is not located on the database, the NMS stores the message digest in the database and starts managing the device.
H04L 41/00 - Dispositions pour la maintenance, l’administration ou la gestion des réseaux de commutation de données, p. ex. des réseaux de commutation de paquets
H04L 41/0213 - Protocoles de gestion de réseau normalisés, p. ex. protocole de gestion de réseau simple [SNMP]
H04L 61/30 - Gestion des noms de réseau, p. ex. utilisation d'alias ou de surnoms
An optical system that includes an analog laser transmitter having a burst operative mode is disclosed. The system further includes a power controller that is configured to place the analog laser transmitter in the burst operative mode when a digital enable signal is provided to the power controller. The power controller comprises a reference voltage source, a ground node, and an input selector switch that is configured to select the reference voltage source when the digital enable signal is asserted, and alternatively, to select the ground node when the digital enable signal is de- asserted. In a second exemplary embodiment, a method of operating an analog laser transmitter is disclosed. The method comprises providing an analog signal to the analog laser transmitter, and a digital enable signal to a controller circuit that is coupled to the analog laser transmitter. The method further comprises turning on the analog laser transmitter when the enable signal is asserted, and turning off the analog laser transmitter when the enable signal is de-asserted.
A technique for network planning that includes an interface for guiding a network user through the network allocation process, such as defining groups of clients based on their capabilities. Portions of the wireless local area network infrastructure, e.g., access points, are allocated among the groups. When a client attempts to associate with an access point, the access point determines the client capabilities. If the client is supported by the access point, the access point allows the client to associate and sends the client a message that contains a prioritized list of other nearby access points allocated to service that client, otherwise the access point sends a prioritized roaming list of nearby access points to the client that are allocated to serve that type of client. Feedback is provided by the network infrastructure enabling a network user or the network to automatically reallocate resources based on the feedback.
In a virtual infrastructure, a single appliance (12, 36) is provided that hosts a centralized virtual machine monitor (VMM) control plane (34) to effectively establish a single virtual switch across all virtual machines (18) within one or more clusters of servers (12), thereby reducing the number of management points for the network administrator and facilitating easier VM migration.
G06F 9/455 - ÉmulationInterprétationSimulation de logiciel, p. ex. virtualisation ou émulation des moteurs d’exécution d’applications ou de systèmes d’exploitation
75.
DETECTING MALICIOUS SOFTWARE THROUGH CONTEXTUAL CONVICTIONS, GENERIC SIGNATURES AND MACHINE LEARNING TECHNIQUES
Novel methods, components, and systems that enhance traditional techniques for detecting malicious software are presented. More specifically, methods, components, and systems that use important contextual information from a client system (such as recent history of events on that system), machine learning techniques, the automated deployment of generic signatures, and combinations thereof, to detect malicious software. The disclosed invention provides a significant improvement with regard to automation compared to previous approaches.
A Core Service Platform (CSP) system is integrated with an operator network and IT system to provide services to subscribers and operators. Based on information collected from the operator network and IT system, the CSP system delivers alerts to a subscriber's device and provides offers to resolve the condition causing the alerts. The CSP system provides customized contextual offers to the subscriber's device based on contextual assessments of a subscriber's current context, such as time in contract, loyalty status, data and voice usage, value of customer, time, location and purchase history. The CSP system also provides an operator a suite of tools for the operator to manage its pricing, offers, campaigns and other subscriber-related issues.
In one embodiment, techniques are shown and described relating to learning machine based detection of abnormal network performance. In particular, in one embodiment, a border router receives a set of network properties x; and network performance metrics M; from a network management server (NMS), and then intercepts x; and M; transmitted from nodes in a computer network of the border router. As such, the border router may then build a regression function F based on x; and Mi, and can detect one or more anomalies in the intercepted x; and M; based on the regression function F. In another embodiment, the NMS, which instructed the border router, receives the detected anomalies from the border router.
H04L 41/147 - Analyse ou conception de réseau pour prédire le comportement du réseau
H04L 41/16 - Dispositions pour la maintenance, l’administration ou la gestion des réseaux de commutation de données, p. ex. des réseaux de commutation de paquets en utilisant l'apprentissage automatique ou l'intelligence artificielle
H04L 43/08 - Surveillance ou test en fonction de métriques spécifiques, p. ex. la qualité du service [QoS], la consommation d’énergie ou les paramètres environnementaux
H04L 43/10 - Surveillance active, p. ex. battement de cœur, utilitaire Ping ou trace-route
78.
CO-EXISTENCE OF A DISTRIBUTED ROUTING PROTOCOL AND CENTRALIZED PATH COMPUTATION FOR DETERMINISTIC WIRELESS NETWORKS
In one embodiment, a device both communicates with a network operating a distributed proactive routing protocol, and participates in a centralized path computation protocol. The device communicates routing characteristics of the distributed proactive routing protocol for the network from the network to the centralized path computation protocol, and also communicates one or more computed paths from the centralized path computation protocol to the network, where the computed paths from the centralized path computation protocol are based on the routing characteristics of the distributed proactive routing protocol for the network.
H04W 40/26 - Gestion d'informations sur la connectabilité, p. ex. exploration de connectabilité ou mise à jour de connectabilité pour acheminement hybride en combinant un acheminement proactif et un acheminement réactif
H04W 40/28 - Gestion d'informations sur la connectabilité, p. ex. exploration de connectabilité ou mise à jour de connectabilité pour acheminement réactif
H04W 40/30 - Gestion d'informations sur la connectabilité, p. ex. exploration de connectabilité ou mise à jour de connectabilité pour acheminement proactif
A method may include identifying an address within a packet of a traffic flow associated with a network device. The method may also include comparing the address within the packet with a stored address, the stored address associated with a route for an alternative traffic path, where the alternative traffic path may be different from a default route of traffic passing through the network device. The method may additionally include, based on the address within the packet matching the stored address, routing the packet along the alternative traffic path instead of the default route of traffic.
H04L 43/026 - Capture des données de surveillance en utilisant l’identification du flux
H04L 43/028 - Capture des données de surveillance en filtrant
H04L 43/08 - Surveillance ou test en fonction de métriques spécifiques, p. ex. la qualité du service [QoS], la consommation d’énergie ou les paramètres environnementaux
H04L 45/125 - Évaluation de la route la plus courte basée sur le débit ou la bande passante
H04L 45/745 - Recherche de table d'adressesFiltrage d'adresses
H04L 61/4511 - Répertoires de réseauCorrespondance nom-adresse en utilisant des répertoires normalisésRépertoires de réseauCorrespondance nom-adresse en utilisant des protocoles normalisés d'accès aux répertoires en utilisant le système de noms de domaine [DNS]
H04L 69/16 - Implémentation ou adaptation du protocole Internet [IP], du protocole de contrôle de transmission [TCP] ou du protocole datagramme utilisateur [UDP]
A method of routing network traffic may include routing traffic from a local network device, through a remote network location, to a third party network resource along a first path. The method may also include determining a first ranking for the first path, and determining a second ranking for a second path from the local network device to the third party network resource along a second path, the second path excluding the remote network location. The method may additionally include, based on the second ranking exceeding the first ranking by a threshold amount, rerouting the traffic along the second path.
H04L 43/08 - Surveillance ou test en fonction de métriques spécifiques, p. ex. la qualité du service [QoS], la consommation d’énergie ou les paramètres environnementaux
H04L 45/12 - Évaluation de la route la plus courte
H04L 45/125 - Évaluation de la route la plus courte basée sur le débit ou la bande passante
H04L 45/302 - Détermination de la route basée sur la qualité de service [QoS] demandée
H04L 61/4511 - Répertoires de réseauCorrespondance nom-adresse en utilisant des répertoires normalisésRépertoires de réseauCorrespondance nom-adresse en utilisant des protocoles normalisés d'accès aux répertoires en utilisant le système de noms de domaine [DNS]
81.
SYSTEM AND METHOD FOR RESOURCE PLACEMENT ACROSS CLOUDS FOR DATA INTENSIVE WORKLOADS
Systems, methods, computer-readable media are disclosed for determining a point of delivery (POD) device or network component on a cloud for workload and resource placement in a multi-cloud environment. A method includes determining a first amount of data for transitioning from performing a first function on input data to performing a second function on a first outcome of the first function; determining a second amount of data for transitioning from performing the second function on the first outcome to performing a third function on a second outcome of the second function; determining a processing capacity for each of one or more network nodes on which the first function and the third function are implemented; and selecting the network node for implementing the second function based on the first amount of data, the second amount of data, and the processing capacity for each of the network nodes.
Disclosed are systems, methods, and computer-readable media for a hybrid cloud structure for machine-learning based object recognition. In one aspect, a system includes one or more video-capable access points; and one or more processors configured to receive image data from the one or more video-capable access points; perform, at a first processor of the one or more processors, a first process to detect one or more objects of interest in the image data; generate vector IDs for one or more objects detected in the image data; perform, at a second processor of the one or more processors, a second process to identify the one or more objects in the vector IDs; and generate at least one offline trail for the one or more objects based on statistics associated with the one or more objects identified.
The present technology is directed to a system and method for application aware management and recovery of link failures resulting from excessive errors observed on the link. One aspect of the proposed technology is based on identification of link errors associated with application-specific data patterns traversing link. Other aspects involve corrective actions based on relocation or modification of specific application traffic to thereby alleviate the observed excessive link errors and prevent a link failure or shut down. Relocation may involve moving the source application to a different virtual machine/container/physical device or rerouting application traffic by updating relevant routing protocols. Modification may involve harmlessly changing payload data pattern to remove data-pattern dependent signal attenuation. Information corresponding to identified faulty payload data patterns and associated frame data quality parameters maybe stored and utilized to provide analytics evaluation of network wide physical resource issues that maybe affecting application traffic.
H04L 41/0668 - Gestion des fautes, des événements, des alarmes ou des notifications en utilisant la reprise sur incident de réseau par sélection dynamique des éléments du réseau de récupération, p. ex. le remplacement par l’élément le plus approprié après une défaillance
H04L 41/069 - Gestion des fautes, des événements, des alarmes ou des notifications en utilisant des journaux de notificationsPost-traitement des notifications
H04L 41/16 - Dispositions pour la maintenance, l’administration ou la gestion des réseaux de commutation de données, p. ex. des réseaux de commutation de paquets en utilisant l'apprentissage automatique ou l'intelligence artificielle
H04L 43/0811 - Surveillance ou test en fonction de métriques spécifiques, p. ex. la qualité du service [QoS], la consommation d’énergie ou les paramètres environnementaux en vérifiant la disponibilité en vérifiant la connectivité
H04L 43/0817 - Surveillance ou test en fonction de métriques spécifiques, p. ex. la qualité du service [QoS], la consommation d’énergie ou les paramètres environnementaux en vérifiant la disponibilité en vérifiant le fonctionnement
H04L 47/2475 - Trafic caractérisé par des attributs spécifiques, p. ex. la priorité ou QoS pour la prise en charge des trafics caractérisés par le type d'applications
H04L 47/26 - Commande de fluxCommande de la congestion utilisant un retour explicite à la source, p. ex. paquets de signalisation de congestion
H04L 69/40 - Dispositions, protocoles ou services de réseau indépendants de la charge utile de l'application et non couverts dans un des autres groupes de la présente sous-classe pour se remettre d'une défaillance d'une instance de protocole ou d'une entité, p. ex. protocoles de redondance de service, état de redondance de protocole ou redirection de service de protocole
84.
SERVICE TRAFFIC REPLICATION AND DYNAMIC POLICY ENFORCEMENT IN A MULTI-CLOUD SERVICE MESH
In an embodiment, a data processing method comprises receiving, at a BIER replicator node that is programmed to implement Bit Index Explicit Replication (BIER) protocol, from a data source, a multicast stream packet identifying a service-level multicast group address; using the BIER replicator node, replicating the multicast stream packet according to BIER protocol and transmitting two or more replicated packet streams to two or more BIER receiver nodes that are programmed to implement BIER; using the two or more BIER receiver nodes, transmitting the two or more replicated packet streams to two or more receivers. Other embodiments may use modified iOAM (In-situ Operations, Administration, and Maintenance) techniques comprising: using the source, encapsulating an iOAM header and placing in the header one of: an identifier of a replicator policy; a definition of a replicator policy expressed in a symbolic language; receiving the iOAM header at one or more of the BIER replicator nodes; at a particular one of the replicator nodes, performing one of: reading the identifier of the replicator policy, retrieving a pre-defined packet replication policy that matches the identifier, and executing the pre-defined packet replication policy to dynamically adjust packet processing behavior of the particular one of the BIER replicator nodes; or parsing the definition of the replicator policy in the symbolic language to yield a new packet replication policy, and executing the new packet replication policy to dynamically adjust packet processing behavior of the particular one of the BIER replicator nodes.
Systems, methods, and computer-readable media for migrating an application container between nodes on a network while serving incoming request streams are disclosed. An interest packet for an application container may be received at an origin node from a destination node sent over an information centric network, the interest packet including a request for migrating the application container to the destination node. In response, the origin node may transfer a copy of the application container over the network and to the destination node. The origin node can then shut down the application container and transmit over interim network nodes and to the destination node, any remaining container state. The destination node may then update a routing plane for the information-centric network for routing network traffic for the application container to the destination node.
H04L 67/125 - Protocoles spécialement adaptés aux environnements propriétaires ou de mise en réseau pour un usage spécial, p. ex. les réseaux médicaux, les réseaux de capteurs, les réseaux dans les véhicules ou les réseaux de mesure à distance en impliquant la commande des applications des terminaux par un réseau
86.
SYSTEMS AND METHODS FOR ON-DEMAND FLOW-BASED POLICY ENFORCEMENT IN MULTI-CLOUD ENVIRONMENTS
Systems, methods, and computer-readable media for policy splitting in multi-cloud fabrics. In some examples, a method can include discovering a path from a first endpoint in a first cloud to a second endpoint in a second cloud; determining runtime policy table capacities associated with nodes in the path; determining policy distribution and enforcement for traffic from the first endpoint to the second endpoint based on the runtime policy table capacities; based on the policy distribution and enforcement, installing a set of policies for traffic from the first endpoint to the second endpoint across a set of nodes in the path; and applying the set of policies to traffic from the first endpoint in the first cloud to the second endpoint in the second cloud.
Systems, methods, and computer-readable storage media are provided for using service affinity for application placement. A method includes evaluating, using a netflow module within an orchestrator, flows coming in and out of deployed services within a multi-node network to yield an evaluation. Based on the evaluation, the method includes determining an affinity between respective services of the deployed services to yield a traffic matrix and, based on the traffic matrix, at a placement module, determining on which nodes within the multi-node network to place one or more applications. Determining the affinity can be performed at at least a first level and a second level. The first level can include an individual container or virtual machine level and the second level can include a service description level.
G06F 9/455 - ÉmulationInterprétationSimulation de logiciel, p. ex. virtualisation ou émulation des moteurs d’exécution d’applications ou de systèmes d’exploitation
G06F 9/50 - Allocation de ressources, p. ex. de l'unité centrale de traitement [UCT]
88.
CLOUD ENABLING OF LEGACY TRUSTED NETWORKING DEVICES FOR ZERO TOUCH PROVISIONING AND ENTERPRISE AS A SERVICE
The disclosed technology relates to a process for zero touch provisioning to provide cloud enablement of legacy computing devices. Specifically, the disclosed technology provides the ability to automate the process of connecting computing devices that may not originally have the capabilities to connect to the Internet so that the computing devices can be managed by a cloud network or be provided updates by the cloud network. The cloud enablement for computing devices is performed by modifying the computing device with hardware and software that would direct the computing device to establish secure communications with the cloud network without user involvement.
H04L 41/082 - Réglages de configuration caractérisés par les conditions déclenchant un changement de paramètres la condition étant des mises à jour ou des mises à niveau des fonctionnalités réseau
H04W 4/50 - Fourniture de services ou reconfiguration de services
H04W 8/18 - Traitement de données utilisateur ou abonné, p. ex. services faisant l'objet d'un abonnement, préférences utilisateur ou profils utilisateurTransfert de données utilisateur ou abonné
Systems and methods provide for optimizing video review using motion recap images. A video review system can identify background image data of a video clip including an amount of motion satisfying a motion threshold. The video review system can generate foreground mask data segmenting foreground image data, representing a moving object in the video clip, from the background image data. The video review system can select a set of instances of the moving object represented in the foreground image data. The video review system can generate a motion recap image by superimposing the set of instances of the moving object represented in the foreground image data onto the background data.
Multi-tenant optimized serverless placement using network interface card and commodity storage may be provided. A first request to execute a first function may be received. Next, it may be determined to execute the first function at a first network interface card. The first network interface card may include a plurality of processors. Then, a container may be created at the first network interface card. The container may have at least one processor of the plurality of processors. The first function may be executed at the container.
G06F 9/455 - ÉmulationInterprétationSimulation de logiciel, p. ex. virtualisation ou émulation des moteurs d’exécution d’applications ou de systèmes d’exploitation
91.
DECENTRALIZED INTERNET PROTOCOL SECURITY KEY NEGOTIATION
Methods are provided for decentralized key negotiation. One method includes initiating, by a first Internet Key Exchange (IKE) node from among a plurality of IKE nodes, a rekeying process for an Internet Protocol Security (IP Sec) communication session established with a client device and serviced by a second IKE node from among the plurality of IKE nodes, and in which a first encryption key is used to encrypt traffic. The method further includes obtaining, by the first IKE node from a key value store, information about the IPSec communication session and performing, by the first IKE node, at least a part of the rekeying process in which the first encryption key is replaced with a second encryption key for the IPSec communication session.
In one embodiment, a router includes one or more processors and one or more computer-readable non-transitory storage media coupled to the one or more processors. The one or more computer-readable non-transitory storage media include instructions that, when executed by the one or more processors, cause the router to perform operations including receiving software-defined networking in a wide area network (SD-WAN) policies from a component of an SD-WAN network. The operations also include establishing a session with a mobile device and receiving information associated with the mobile device in response to establishing the session with the mobile device. The operations further include filtering the SD-WAN policies based on the information associated with the mobile device to generate SD-WAN device-specific policies and communicating the SD-WAN device-specific policies to the mobile device.
A method includes, in a constellation of clients including a first client and a second client, receiving, at the first client, a connection request from the second client, retrieving endpoint reachability data associated with the second client and transmitting, to a server, a connection request based on the endpoint reachability data. The first client receives, from the server and based on the connection request, endpoint reachability information associated with the second client and starts a bidirectional connection with the second client. A direct or indirect tunnel is established between the first client and the second client. The tunnel is set up based on a table which maps a first connectivity option associated with the first client to a second connectivity option associated with the second client to determine whether to establish the direct tunnel or the indirect tunnel between the first client and the second client.
G06F 9/455 - ÉmulationInterprétationSimulation de logiciel, p. ex. virtualisation ou émulation des moteurs d’exécution d’applications ou de systèmes d’exploitation
H04L 9/32 - Dispositions pour les communications secrètes ou protégéesProtocoles réseaux de sécurité comprenant des moyens pour vérifier l'identité ou l'autorisation d'un utilisateur du système
H04L 61/2589 - Traversée NAT sur un serveur relais, p. ex. traversée utilisant le relais pour la traduction d’adresses de réseaux [TURN]
H04L 67/141 - Configuration des sessions d'application
94.
SYSTEMS AND METHODS FOR PROVIDING BIDIRECTIONAL FORWARDING DETECTION WITH PERFORMANCE ROUTING MEASUREMENTS
Disclosed is a first device and a second device each sending BFD echo request packets in an initial stage of establishing communication between the two devices. A method can include de¬ termining that a certain mode is detected, such as a low bandwidth mode. The method can be practiced by one or both of the devices or a separate network controller. Based on the detection of the certain mode or the communication link being in a certain mode, the method includes the first device or the second device electing to be a master or a slave. Upon establishing that one of the devices is the master and the other of the devices is a slave, only the master will send BFD echo request packets.
The present disclosure is directed to a peer node discovery process whereby a network management node can discover peers of inaccessible nodes that have lost connectivity to the network management node over the control plane and receive health report of the inaccessible nodes via the discovered peers. In one example, a method includes detecting a loss of connectivity to a network node; based on a type of the network node, performing one of a first process or a second process to obtain a health report of the network node, the first process and the second process including identification of at least one corresponding peer node from which the health report of the network node is to be received; and analyzing the health report to determine root cause of the loss of connectivity.
H04L 41/0631 - Gestion des fautes, des événements, des alarmes ou des notifications en utilisant l’analyse des causes profondesGestion des fautes, des événements, des alarmes ou des notifications en utilisant l’analyse de la corrélation entre les notifications, les alarmes ou les événements en fonction de critères de décision, p. ex. la hiérarchie ou l’analyse temporelle ou arborescente
H04L 43/065 - Génération de rapports liés aux appareils du réseau
H04L 43/20 - Dispositions pour la surveillance ou le test de réseaux de commutation de données le système de surveillance ou les éléments surveillés étant des entités virtualisées, abstraites ou définies par logiciel, p. ex. SDN ou NFV
Systems, methods, and computer-readable media for interconnecting SDWANs through segment routing. A first SDWAN and a second SDWAN of a SDWAN fabric can be identified. A segment routing domain that interconnects the first SDWAN and the second SDWAN can be formed across a WAN underlay of the SDWAN fabric. Data transmission between the first SDWAN and the second SDWAN can be controlled by performing segment routing through the segment routing domain formed between the first SDWAN and the second SDWAN.
According to certain embodiments, a system comprises one or more processors and one or more computer-readable non-transitory storage media comprising instructions that, when executed by the one or more processors, cause one or more components of the system to perform operations comprising: receiving location data associated with a plurality of remote users accessing one or more existing remote access gateways that are located at one or more network locations; building a heatmap of user locations based at least in part on the received location data; and identifying, from the heatmap of user locations, at least one new network location in which to generate at least one new remote access gateway, or at least one existing network location in which to remove at least one of the existing remote access gateways.
H04L 41/0895 - Configuration de réseaux ou d’éléments virtualisés, p. ex. fonction réseau virtualisée ou des éléments du protocole OpenFlow
H04L 41/122 - Découverte ou gestion des topologies de réseau des topologies virtualisées, p. ex. les réseaux définis par logiciel [SDN] ou la virtualisation de la fonction réseau [NFV]
The present disclosure is directed to systems and methods for dynamic firewall discovery on a service plane. The method includes the steps of identifying a source data packet for transmission from a source machine at a source site to a destination machine at a destination site, wherein the source data packet corresponds to a request for connection between the source machine and the destination machine over a WAN, inspecting the source data packet at a first firewall associated with the source site, marking the source data packet with a marker to indicate inspection by the first firewall, transmitting the marked source data packet to the destination site, determining at the destination site that the source data packet has been inspected based on the marker, and forwarding the source data packet to the destination machine at the destination site, without inspection of the source data packet by a second firewall associated with the destination site.
The present technology discloses systems, methods, and computer-readable media to establish at least one target for a network, the target including at least one of an ingress parameter or an egress parameter and a policy for network packets; receive at least one network packet on the network; search for at least one matching target from the at least one targets, the at least matching target comprising parameters that match the at least one network packet; apply a policy in the at least one matching target to the at least one network packet; and forward the at least one network packet in accordance with the policy.
A server that includes a graphics processing unit (GPU) may receive, from a first application that is remote from the server, a first request to reserve a first number of cores of the GPU for a first amount of time. The server may also receive, from a second application that is also remote from the server, a second request to reserve a second number of cores of the GPU for a second amount of time that at least partly overlaps the first amount of time. The server may determine that the first request is associated with a higher priority than the second request and, in response, may reserve the first number of cores for the first amount of time for the first application. The server may send, to the first application, an indication that the first number of cores have been reserved as requested by the first application.
brevets
