公开(公告)号：US20240422167A1

公开(公告)日：2024-12-19

申请号：US18815417

申请日：2024-08-26

Applicant: Juniper Networks, Inc.

Inventor： Prasad Miriyala ,  Sajeesh Mathew ,  Akhilesh Pathodia ,  Tashi Garg

IPC: H04L9/40 ,  G06F9/54

Abstract: A network controller for a software-defined networking (SDN) architecture system may receive a request to generate an access control policy for a role in a container orchestration system, where the request specifies a plurality of functions. The network controller may execute the plurality of functions and may log execution of the plurality of functions in an audit log. The network controller may parse the audit log to determine a plurality of resources of the container orchestration system accessed from executing the plurality of functions and, for each resource of the plurality of resources, a respective one or more types of operations performed on the respective resource. The network controller may create, based at least in part on the parsed audit log, the access control policy for the role that permits a role to perform, on each of the plurality of resources, the respective one or more types of operations.

公开(公告)号：US12074884B2

公开(公告)日：2024-08-27

申请号：US17808970

申请日：2022-06-24

Applicant: Juniper Networks, Inc.

Inventor： Prasad Miriyala ,  Sajeesh Mathew ,  Akhilesh Pathodia ,  Tashi Garg

IPC: H04L9/40 ,  G06F9/54

CPC classification number: H04L63/105 ,  G06F9/547 ,  H04L63/20

Abstract: A network controller for a software-defined networking (SDN) architecture system may receive a request to generate an access control policy for a role in a container orchestration system, where the request specifies a plurality of functions. The network controller may execute the plurality of functions and may log execution of the plurality of functions in an audit log. The network controller may parse the audit log to determine a plurality of resources of the container orchestration system accessed from executing the plurality of functions and, for each resource of the plurality of resources, a respective one or more types of operations performed on the respective resource. The network controller may create, based at least in part on the parsed audit log, the access control policy for the role that permits a role to perform, on each of the plurality of resources, the respective one or more types of operations.

公开(公告)号：US20240214294A1

公开(公告)日：2024-06-27

申请号：US18146274

申请日：2022-12-23

Applicant: Juniper Networks, Inc.

Inventor： Prasad Miriyala ,  Michael Henkel ,  Sangyeong Kim ,  Senthilnathan Murugappan ,  Jeffrey S. Marshall ,  Akhilesh Pathodia

IPC: H04L43/20 ,  H04L41/40

CPC classification number: H04L43/20 ,  H04L41/40

Abstract: In general, techniques are described that provide an analysis system for analyzing a software-defined networking (SDN) architecture system. The analysis system comprising the processing circuitry configured to obtain operational data representative of one or more of configuration, operation, and maintenance of the SDN architecture system. The processing circuitry may identify dependencies between the operational data that identify dependencies between objects representative of the configuration, operation, and maintenance of the SDN architecture system. The processing circuitry may perform, while traversing the dependences between the operational data, analysis with respect to the operational data in order to identify potential issues in the SDN architecture system, and output the potential issues in the SDN architecture system.

公开(公告)号：US12058022B2

公开(公告)日：2024-08-06

申请号：US18146274

申请日：2022-12-23

Applicant: Juniper Networks, Inc.

Inventor： Prasad Miriyala ,  Michael Henkel ,  Sangyeong Kim ,  Senthilnathan Murugappan ,  Jeffrey S. Marshall ,  Akhilesh Pathodia

IPC: H04L12/24 ,  H04L29/08 ,  H04L41/40 ,  H04L43/20 ,  G06F11/34 ,  G06F11/36

CPC classification number: H04L43/20 ,  H04L41/40

Abstract: In general, techniques are described that provide an analysis system for analyzing a software-defined networking (SDN) architecture system. The analysis system comprising the processing circuitry configured to obtain operational data representative of one or more of configuration, operation, and maintenance of the SDN architecture system. The processing circuitry may identify dependencies between the operational data that identify dependencies between objects representative of the configuration, operation, and maintenance of the SDN architecture system. The processing circuitry may perform, while traversing the dependences between the operational data, analysis with respect to the operational data in order to identify potential issues in the SDN architecture system, and output the potential issues in the SDN architecture system.

公开(公告)号：US11425221B1

公开(公告)日：2022-08-23

申请号：US17446923

申请日：2021-09-03

Applicant: Juniper Networks, Inc.

Inventor： Michael Henkel ,  Akhilesh Pathodia

IPC: H04L67/133 ,  H04L67/1097 ,  H04L67/5682 ,  H04L67/01

Abstract: A device comprising a memory and a processor may be configured to perform techniques by which to provide a runtime extensible application programming (API) server. The memory may store a datastore that includes a data model. The processor may execute the API server by which to access the data model stored to the datastore. The API server may receive, from a controller, a registration request (providing a resource definition specifying a semantic validation rule) to register a new data model to the datastore, and register the new data model to the datastore. The API server may next receive, from a client, a create request to create a resource for the new data model having initial data that conforms to the resource definition, apply the semantic validation rule to the initial data, and create, responsive to validating the create request, the resource for the new data model in the datastore.