公开(公告)号：US10938716B1

公开(公告)日：2021-03-02

申请号：US16205016

申请日：2018-11-29

Applicant: Riverbed Technology, Inc.

Inventor： Bill Y. Chin ,  Arun Natarajan ,  Arthur L. Jones

IPC: H04L12/715 ,  H04L29/06 ,  H04L12/721

Abstract: Systems and techniques are described for ensuring that policies are consistently applied to traffic across an overlay network. An application identifier associated with a forward traffic flow and a corresponding reverse traffic flow can be determined by a device that routes packets of both the forward traffic flow and the corresponding reverse traffic flow. Next, an overlay header can be added to each packet in the forward traffic flow and to each packet in the corresponding reverse traffic flow, wherein the overlay header comprises the application identifier, a policy identifier, and a policy action. Each device in the overlay network can then apply the policy action specified in the overlay header of each packet that it routes.

公开(公告)号：US10887131B1

公开(公告)日：2021-01-05

申请号：US16203973

申请日：2018-11-29

Applicant: Riverbed Technology, Inc.

Inventor： Bill Y. Chin ,  Alfred Jörg Ammann

IPC: H04L12/58 ,  H04L12/46 ,  H04L12/931 ,  H04L12/911 ,  H04L12/66

Abstract: Some embodiments described herein provide a combination of a layer 3 (L3) hop with layer 2 (L2) bypass/fail-to-wire in a network device. Specifically, some embodiments place the network device between two routers, thereby becoming a L3 hop between the two routers. The existing route between the two routers is preserved by using L2 bypass through the network device. If the network device fails, then the physical fail-to-wire will be engaged, removing its L3 hop, but preserving the L2 bypass.

公开(公告)号：US11232227B1

公开(公告)日：2022-01-25

申请号：US16203449

申请日：2018-11-28

Applicant: Riverbed Technology, Inc.

Inventor： Bill Y. Chin ,  Arthur L. Jones ,  Kand Ly

IPC: H04L29/06 ,  G06F21/62 ,  H04L12/26 ,  G06F21/60 ,  G06F16/174

Abstract: Systems and techniques are described for preventing data leaks from a network. A set of sensitive files or sensitive data that includes sensitive information can be received, and a first set of labels can be determined based on the set of sensitive files or sensitive data. An apparatus can then receive data that is to be checked for sensitive information, and determine a second set of labels based on the data. Next, the apparatus can match the second set of labels with the first set of labels. The apparatus can then determine whether or not the data includes sensitive information based on a result of said matching, and perform a data leak prevention action if it is determined that the data includes sensitive information.

公开(公告)号：US10728097B1

公开(公告)日：2020-07-28

申请号：US16204144

申请日：2018-11-29

Applicant: Riverbed Technology, Inc.

Inventor： Bill Y. Chin ,  Elanchezhiyan Elango ,  Venkatram Ramanathan

IPC: G06F15/16 ,  H04L12/24 ,  H04L29/08

Abstract: Systems and techniques are described for applying a set of policy rules to network traffic. During operation, conditions specified in the set of policy rules can be evaluated, wherein each condition is a logical expression defined over a set of variables, and is evaluated by substituting values of the set of variables associated with the network traffic into the logical expression. Next, a subset of policy rules can be selected whose conditions evaluated as true. A highest precedence policy rule from the subset of policy rules can then be identified by applying a set of precedence rules to the subset of policy rules, wherein the set of precedence rules imposes a precedence order on the set of policy rules based on condition categories and condition specificities. Finally, an action that is specified in the highest precedence policy rule can be performed.