Monitoring overlay networks

US 10,158,545 B1
Filed: 05/31/2018
Issued: 12/18/2018
Est. Priority Date: 05/31/2018
Status: Active Grant

First Claim

Patent Images

1. A method for managing communication over one or more networks using one or more network computers, wherein execution of instructions by the one or more network computers perform the method comprising:

employing a network computer as a management platform computer that provides one or more monitoring rules and one or more event rules;

instantiating a monitoring engine that performs actions, including;

receiving network traffic from one or more links to a physical network, wherein the network traffic is associated with one or more network addresses of the physical network and one or more gateway identifiers (GIDs) that are associated with one or more gateway computers in an overlay network, and wherein visibility of activity associated with the network traffic is obscured by the overlay network;

analyzing the network traffic to associate the activity with the one or more GIDs, wherein the one or more GIDs are separate from the one or more network addresses;

monitoring the network traffic based on the one or more monitoring rules;

providing one or more metrics associated with the one or more gateway computers based on the monitoring of the network traffic and the one or more GIDs;

comparing the one or more metrics to the one or more event rules;

generating one or more events based on one or more affirmative results of the comparison; and

instantiating an event engine that performs actions, including;

mapping the one or more events to one or more actions based on one or more characteristics of the one or more events;

executing the one or more actions; and

communicating the one or more events to the management platform computer.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Embodiments are directed to managing communication over one or more networks. A monitoring engine may be instantiated to perform actions including receiving network traffic from a physical network that may be associated with network addresses of the physical network. The monitoring engine may analyze the network traffic to associate activity with gateway identifiers (GIDs) associated with gateway computers in an overlay network such that the GIDs are separate from the network addresses. The monitoring engine may be arranged to monitor the network traffic based on monitoring rules. The monitoring engine may provide metrics associated with the gateway computers based on the monitoring of the network traffic. The monitoring engine may compare the metrics to event rules. The monitoring engine may generate events based on affirmative results of the comparison. The events may be mapped to actions based on characteristics of the events and executed.

Citations

30 Claims

1. A method for managing communication over one or more networks using one or more network computers, wherein execution of instructions by the one or more network computers perform the method comprising:
- employing a network computer as a management platform computer that provides one or more monitoring rules and one or more event rules;
  
  instantiating a monitoring engine that performs actions, including;
  
  receiving network traffic from one or more links to a physical network, wherein the network traffic is associated with one or more network addresses of the physical network and one or more gateway identifiers (GIDs) that are associated with one or more gateway computers in an overlay network, and wherein visibility of activity associated with the network traffic is obscured by the overlay network;
  
  analyzing the network traffic to associate the activity with the one or more GIDs, wherein the one or more GIDs are separate from the one or more network addresses;
  
  monitoring the network traffic based on the one or more monitoring rules;
  
  providing one or more metrics associated with the one or more gateway computers based on the monitoring of the network traffic and the one or more GIDs;
  
  comparing the one or more metrics to the one or more event rules;
  
  generating one or more events based on one or more affirmative results of the comparison; and
  
  instantiating an event engine that performs actions, including;
  
  mapping the one or more events to one or more actions based on one or more characteristics of the one or more events;
  
  executing the one or more actions; and
  
  communicating the one or more events to the management platform computer.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, further comprising, employing the management platform computer to instantiate another monitoring engine that performs actions including:
    - monitoring one or more other metrics that are associated with the one or more gateway computers;
      
      generating one or more other events based on the one or more other metrics;
      
      providing the one or more other events to another event engine that is associated with the management platform computer;
      
      employing the other event engine to map the one or more other events to one or more other actions; and
      
      executing the one or more other actions.
  - 3. The method of claim 1, wherein providing one or more metrics associated with the one or more gateway computers based on the monitoring of the network traffic, further comprises, monitoring one or more responses to HTTP requests, wherein the monitoring is directed to specific HTTP requests that are associated with one or more of one or more source network addresses, one or more source GIDs, one or more target network addresses, one or more target GIDs, one or more applications, one or more text patterns that are included in the one or more responses, one or more HTTP header values, or one or more query string parameters.
  - 4. The method of claim 1, wherein instantiating the monitoring engine further comprises, installing one or more monitors or event generators based on one or more of configuration information, the monitoring rules, or the event rules.
  - 5. The method of claim 1, wherein providing the one or more metrics associated with the one or more gateway computers based on the monitoring of the network traffic, further comprises:
    - determining one or more node computers that connect to the one or more gateway computers; and
      
      generating an event that includes information about the node computer, including, one or more of one or more GIDs, one or more media access control (MAC) addresses, one or more network addresses, one or more hostnames, one or more cryptographic keys, or one or more security certificates.
  - 6. The method of claim 1, wherein providing the one or more metrics associated with the one or more gateway computers based on the monitoring of the network traffic, further comprises, monitoring one or more devices in the overlay network, wherein the devices include one or more of one or more individual network devices, one or more group of network devices, each network device that is associated with the one or more gateway computers, or each network device that is associated with each gateway computer that is associated with a defined group of gateway computers.
  - 7. The method of claim 1, wherein executing the one or more actions further comprises:
    - executing one or more orchestration actions that perform actions including, one or more of;
      
      enabling or disabling network communications for a gateway computer, group of gateway computers, or portions of the overlay network;
      
      enabling or disabling access to the overlay network for one or more of one or more devices, the one or more node computers, or one or more groups of devices or node computers based on a media access control (MAC) address associated with one or more of the one or more devices, the one or more node computers, or one or more groups of devices or node computers;
      
      adding or removing one or more device groups from the overlay network;
      
      enabling or disabling trust between one or more device groups in the overlay network;
      
      adding or removing one or more node computers to a device group;
      
      creating or deleting portions of routes in the overlay network;
      
      editing a routing table that is associated with the physical network;
      
      terminating one or more client sessions;
      
      disabling one or more users from accessing the overlay network;
      
      orsending one or more notifications associated with the one or more events to one or more users.
  - 8. The method of claim 1, wherein executing the one or more actions further comprises:
    - executing an ordered sequence of sub-actions that are based on a type of the one or more events; and
      
      activating one or more hooks that are associated with one or more scripting languages.

9. A processor readable non-transitory storage media that includes instructions for managing communication over one or more networks, wherein execution of the instructions by the one or more network computers perform the method comprising:
- employing a network computer as a management platform computer that provides one or more monitoring rules and one or more event rules;
  
  instantiating a monitoring engine that performs actions, including;
  
  receiving network traffic from one or more links to a physical network, wherein the network traffic is associated with one or more network addresses of the physical network one or more gateway identifiers (GIDs) that are associated with one or more gateway computers in an overlay network, and wherein visibility of activity associated with the network traffic is obscured by the overlay network;
  
  analyzing the network traffic to associate the activity with the one or more GIDs, wherein the one or more GIDs are separate from the one or more network addresses;
  
  monitoring the network traffic based on the one or more monitoring rules;
  
  providing one or more metrics associated with the one or more gateway computers based on the monitoring of the network traffic and the one or more GIDs;
  
  comparing the one or more metrics to the one or more event rules;
  
  generating one or more events based on one or more affirmative results of the comparison; and
  
  instantiating an event engine that performs actions, including;
  
  mapping the one or more events to one or more actions based on one or more characteristics of the one or more events;
  
  executing the one or more actions; and
  
  communicating the one or more events to the management platform computer.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
- - 10. The media of claim 9, further comprising, employing the management platform computer to instantiate another monitoring engine that performs actions including:
    - monitoring one or more other metrics that are associated with the one or more gateway computers;
      
      generating one or more other events based on the one or more other metrics;
      
      providing the one or more other events to another event engine that is associated with the management platform computer;
      
      employing the other event engine to map the one or more other events to one or more other actions; and
      
      executing the one or more other actions.
  - 11. The media of claim 9, wherein providing one or more metrics associated with the one or more gateway computers based on the monitoring of the network traffic, further comprises, monitoring one or more responses to HTTP requests, wherein the monitoring is directed to specific HTTP requests that are associated with one or more of one or more source network addresses, one or more source GIDs, one or more target network addresses, one or more target GIDs, one or more applications, one or more text patterns that are included in the one or more responses, one or more HTTP header values, or one or more query string parameters.
  - 12. The media of claim 9, wherein instantiating the monitoring engine further comprises, installing one or more monitors or event generators based on one or more of configuration information, the monitoring rules, or the event rules.
  - 13. The media of claim 9, wherein providing the one or more metrics associated with the one or more gateway computers based on the monitoring of the network traffic, further comprises:
    - determining one or more node computers that connect to the one or more gateway computers; and
      
      generating an event that includes information about the node computer, including, one or more of one or more GIDs, one or more media access control (MAC) addresses, one or more network addresses, one or more hostnames, one or more cryptographic keys, or one or more security certificates.
  - 14. The media of claim 9, wherein providing the one or more metrics associated with the one or more gateway computers based on the monitoring of the network traffic, further comprises, monitoring one or more devices in the overlay network, wherein the devices include one or more of one or more individual network devices, one or more group of network devices, each network device that is associated with the one or more gateway computers, or each network device that is associated with each gateway computer that is associated with a defined group of gateway computers.
  - 15. The media of claim 9, wherein executing the one or more actions further comprises:
    - executing one or more orchestration actions that perform actions including, one or more of;
      
      enabling or disabling network communications for a gateway computer, group of gateway computers, or portions of the overlay network;
      
      enabling or disabling access to the overlay network for one or more of one or more devices, the one or more node computers, or one or more groups of devices or node computers based on a media access control (MAC) address associated with one or more of the one or more devices, the one or more node computers, or one or more groups of devices or node computers;
      
      adding or removing one or more device groups from the overlay network;
      
      enabling or disabling trust between one or more device groups in the overlay network;
      
      adding or removing one or more node computers to a device group;
      
      creating or deleting portions of routes in the overlay network;
      
      editing a routing table that is associated with the physical network;
      
      terminating one or more client sessions;
      
      disabling one or more users from accessing the overlay network;
      
      orsending one or more notifications associated with the one or more events to one or more users.
  - 16. The media of claim 9, wherein executing the one or more actions further comprises:
    - executing an ordered sequence of sub-actions that are based on a type of the one or more events; and
      
      activating one or more hooks that are associated with one or more scripting languages.

17. A system for managing communication over one or more networks, comprising:
- a network computer, comprising;
  
  one or more transceivers that communicate over the one or more networks;
  
  a memory that stores at least instructions; and
  
  one or more processors that execute instructions that perform actions, including;
  
  instantiating a monitoring engine that performs actions, including;
  
  receiving network traffic from one or more links to a physical network, wherein the network traffic is associated with one or more network addresses of the physical network and one or more gateway identifiers (GIDs) that are associated with one or more gateway computers in an overlay network, and wherein visibility of activity associated with the network traffic is obscured by the overlay network;
  
  analyzing the network traffic to associate the activity with the one or more GIDs, wherein the one or more GIDs are separate from the one or more network addresses;
  
  monitoring the network traffic based on one or more monitoring rules;
  
  providing one or more metrics associated with the one or more gateway computers based on the monitoring of the network traffic and the one or more GIDs;
  
  comparing the one or more metrics to one or more event rules;
  
  generating one or more events based on one or more affirmative results of the comparison; and
  
  instantiating an event engine that performs actions, including;
  
  mapping the one or more events to one or more actions based on one or more characteristics of the one or more events;
  
  executing the one or more actions; and
  
  communicating the one or more events to the management platform computer; and
  
  a management platform computer, comprising;
  
  one or more transceivers that communicate over the one or more networks;
  
  a memory that stores at least instructions; and
  
  one or more processors that execute instructions that perform actions, including;
  
  providing the one or more monitoring rules and the one or more event rules.
- View Dependent Claims (18, 19, 20, 21, 22, 23)
- - 18. The system of claim 17, further comprising, employing the management platform computer to instantiate another monitoring engine that performs actions including:
    - monitoring one or more other metrics that are associated with the one or more gateway computers;
      
      generating one or more other events based on the one or more other metrics;
      
      providing the one or more other events to another event engine that is associated with the management platform computer;
      
      employing the other event engine to map the one or more other events to one or more other actions; and
      
      executing the one or more other actions.
  - 19. The system of claim 17, wherein providing one or more metrics associated with the one or more gateway computers based on the monitoring of the network traffic, further comprises, monitoring one or more responses to HTTP requests, wherein the monitoring is directed to specific HTTP requests that are associated with one or more of one or more source network addresses, one or more source GIDs, one or more target network addresses, one or more target GIDs, one or more applications, one or more text patterns that are included in the one or more responses, one or more HTTP header values, or one or more query string parameters.
  - 20. The system of claim 17, wherein instantiating the monitoring engine further comprises, installing one or more monitors or event generators based on one or more of configuration information, the monitoring rules, or the event rules.
  - 21. The system of claim 17, wherein providing the one or more metrics associated with the one or more gateway computers based on the monitoring of the network traffic, further comprises:
    - determining one or more node computers that connect to the one or more gateway computers; and
      
      generating an event that includes information about the node computer, including, one or more of one or more GIDs, one or more media access control (MAC) addresses, one or more network addresses, one or more hostnames, one or more cryptographic keys, or one or more security certificates.
  - 22. The system of claim 17, wherein providing the one or more metrics associated with the one or more gateway computers based on the monitoring of the network traffic, further comprises, monitoring one or more devices in the overlay network, wherein the devices include one or more of one or more individual network devices, one or more group of network devices, each network device that is associated with the one or more gateway computers, or each network device that is associated with each gateway computer that is associated with a defined group of gateway computers.
  - 23. The system of claim 17, wherein executing the one or more actions further comprises:
    - executing one or more orchestration actions that perform actions including, one or more of;
      
      enabling or disabling network communications for a gateway computer, group of gateway computers, or portions of the overlay network;
      
      enabling or disabling access to the overlay network for one or more of one or more devices, the one or more node computers, or one or more groups of devices or node computers based on a media access control (MAC) address associated with one or more of the one or more devices, the one or more node computers, or one or more groups of devices or node computers;
      
      adding or removing one or more device groups from the overlay network;
      
      enabling or disabling trust between one or more device groups in the overlay network;
      
      adding or removing one or more node computers to a device group;
      
      creating or deleting portions of routes in the overlay network;
      
      editing a routing table that is associated with the physical network;
      
      terminating one or more client sessions;
      
      disabling one or more users from accessing the overlay network;
      
      orsending one or more notifications associated with the one or more events to one or more users.

24. A network computer for managing communication over one or more networks, comprising:
- one or more transceivers that communicate over the one or more networks;
  
  a memory that stores at least instructions; and
  
  one or more processors that execute instructions that perform actions, including;
  
  employing a network computer as a management platform computer that provides one or more monitoring rules and one or more event rules;
  
  instantiating a monitoring engine that performs actions, including;
  
  receiving network traffic from one or more links to a physical network, wherein the network traffic is associated with one or more network addresses of the physical network and one or more gateway identifiers (GIDs) that are associated with one or more gateway computers in an overlay network, and wherein visibility of activity associated with the network traffic is obscured by the overlay network;
  
  analyzing the network traffic to associate the activity with the one or more GIDs, wherein the one or more GIDs are separate from the one or more network addresses;
  
  monitoring the network traffic based on the one or more monitoring rules;
  
  providing one or more metrics associated with the one or more gateway computers based on the monitoring of the network traffic and the one or more GIDs;
  
  comparing the one or more metrics to the one or more event rules;
  
  generating one or more events based on one or more affirmative results of the comparison; and
  
  instantiating an event engine that performs actions, including;
  
  mapping the one or more events to one or more actions based on one or more characteristics of the one or more events;
  
  executing the one or more actions; and
  
  communicating the one or more events to the management platform computer.
- View Dependent Claims (25, 26, 27, 28, 29, 30)
- - 25. The network computer of claim 24, further comprising, employing the management platform computer to instantiate another monitoring engine that performs actions including:
    - monitoring one or more other metrics that are associated with the one or more gateway computers;
      
      generating one or more other events based on the one or more other metrics;
      
      providing the one or more other events to another event engine that is associated with the management platform computer;
      
      employing the other event engine to map the one or more other events to one or more other actions; and
      
      executing the one or more other actions.
  - 26. The network computer of claim 24, wherein providing one or more metrics associated with the one or more gateway computers based on the monitoring of the network traffic, further comprises, monitoring one or more responses to HTTP requests, wherein the monitoring is directed to specific HTTP requests that are associated with one or more of one or more source network addresses, one or more source GIDs, one or more target network addresses, one or more target GIDs, one or more applications, one or more text patterns that are included in the one or more responses, one or more HTTP header values, or one or more query string parameters.
  - 27. The network computer of claim 24, wherein instantiating the monitoring engine further comprises, installing one or more monitors or event generators based on one or more of configuration information, the monitoring rules, or the event rules.
  - 28. The network computer of claim 24, wherein providing the one or more metrics associated with the one or more gateway computers based on the monitoring of the network traffic, further comprises:
    - determining one or more node computers that connect to the one or more gateway computers; and
      
      generating an event that includes information about the node computer, including, one or more of one or more GIDs, one or more media access control (MAC) addresses, one or more network addresses, one or more hostnames, one or more cryptographic keys, or one or more security certificates.
  - 29. The network computer of claim 24, wherein providing the one or more metrics associated with the one or more gateway computers based on the monitoring of the network traffic, further comprises, monitoring one or more devices in the overlay network, wherein the devices include one or more of one or more individual network devices, one or more group of network devices, each network device that is associated with the one or more gateway computers, or each network device that is associated with each gateway computer that is associated with a defined group of gateway computers.
  - 30. The network computer of claim 24, wherein executing the one or more actions further comprises:
    - executing one or more orchestration actions that perform actions including, one or more of;
      
      enabling or disabling network communications for a gateway computer, group of gateway computers, or portions of the overlay network;
      
      enabling or disabling access to the overlay network for one or more of one or more devices, the one or more node computers, or one or more groups of devices or node computers based on a media access control (MAC) address associated with one or more of the one or more devices, the one or more node computers, or one or more groups of devices or node computers;
      
      adding or removing one or more device groups from the overlay network;
      
      enabling or disabling trust between one or more device groups in the overlay network;
      
      adding or removing one or more node computers to a device group;
      
      creating or deleting portions of routes in the overlay network;
      
      editing a routing table that is associated with the physical network;
      
      terminating one or more client sessions;
      
      disabling one or more users from accessing the overlay network;
      
      orsending one or more notifications associated with the one or more events to one or more users.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Tyco Fire & Security GmbH (Johnson Controls International plc)
Original Assignee
Tempered Networks, Inc. (Johnson Controls International plc)
Inventors
Marrone, Nicholas Anthony, Skene, Bryan David, Fuchs, Ludwin, Hussey, Jeffrey Scott
Primary Examiner(s)
LO, DIANE LEE

Application Number

US15/994,760
Time in Patent Office

201 Days
Field of Search

None
US Class Current
CPC Class Codes

H04L 12/66   Arrangements for connecting...

H04L 41/06   Management of faults, event...

H04L 41/0893   Assignment of logical group...

H04L 41/0894   Policy-based network config...

H04L 43/08   Monitoring or testing based...

H04L 43/0876   Network utilisation, e.g. v...

H04L 43/16   Threshold monitoring

H04L 45/64   using an overlay routing layer

H04L 63/20   for managing network securi...

H04L 65/102   Gateways arrangements for c...

H04L 67/1001   for accessing one among a p...

Monitoring overlay networks

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

Citations

30 Claims

Specification

Solutions

Use Cases

Quick Links

Monitoring overlay networks

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

30 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links