公开(公告)号：US10897420B1

公开(公告)日：2021-01-19

申请号：US16235993

申请日：2018-12-28

Applicant: Juniper Networks, Inc.

Inventor： Jacopo Pianigiani ,  Vivekananda Shenoy ,  Ankur Tandon ,  Atul S Moghe ,  Suresh K Balineni ,  Tong Jiang ,  Kiran N. Kasim ,  Sridevi JeevaRaj

IPC: H04L12/741 ,  H04L12/46 ,  H04L12/713

Abstract: An example data center system includes server devices hosting data of a first tenant and a second tenant of the data center, network devices of an interconnected topology coupling the server devices including respective service virtual routing and forwarding (VRF) tables, and one or more service devices that communicatively couple the network devices, wherein the service devices include respective service VRF tables for the first set of server devices and the second set of server devices, and wherein the service devices apply services to network traffic flowing between the first set of server devices and the second set of server devices using the first service VRF table and the second service VRF table.

公开(公告)号：US12101227B2

公开(公告)日：2024-09-24

申请号：US18313131

申请日：2023-05-05

Applicant: Juniper Networks, Inc.

Inventor： Prasad Miriyala ,  FNU Nadeem ,  Sayali Mane ,  Ankur Tandon ,  Sajeesh Mathew ,  Pranav Cherukupalli ,  Khushi Vaidya

IPC: G06F15/173 ,  H04L41/0681 ,  H04L41/0894

CPC classification number: H04L41/0894 ,  H04L41/0681

Abstract: In an example, a validation system comprises processing circuitry having access to a storage device and is configured to obtain flow records indicative of packet flows among workloads deployed to a cluster of one or more computing devices configured with a network policy, wherein each flow record of the flow records indicates a corresponding packet flow was allowed or denied by the cluster; receive an updated network policy; determine whether a corresponding packet flow for a flow record of the flow records has a discrepancy with the updated network policy; and in response to determining the corresponding packet flow for the flow record of the flow records has a discrepancy with the updated network policy, output an indication of an error.

公开(公告)号：US11792119B2

公开(公告)日：2023-10-17

申请号：US17247900

申请日：2020-12-29

Applicant: Juniper Networks, Inc.

Inventor： Ankur Tandon ,  Vivekananda Shenoy ,  Jacopo Pianigiani ,  Abhinav Pandit

IPC: H04L41/22 ,  H04L67/1014 ,  H04L45/42 ,  H04L45/586 ,  H04L41/08 ,  H04L9/40 ,  H04L12/46 ,  H04L41/0806 ,  H04L45/00 ,  H04L49/1515

CPC classification number: H04L45/42 ,  H04L41/22 ,  H04L45/586 ,  H04L67/1014

Abstract: Virtual network controllers are described that automatically generate policies and configuration data for routing traffic through physical network function (PNF) service chains in a multi-tenant data center. An example network controller includes a memory and processing circuitry configured to: automatically generate, for one or more integrated routing and bridging (IRB) units of corresponding virtual network forwarding tables of a switch of a switch fabric of a data center network, configuration information that, when deployed, causes the IRB units to direct data traffic conforming to multiple communication protocols and flowing over a plurality of virtual networks between a first set of server devices and a second set of server devices positioned outside of the switch fabric (i) toward a service device logically positioned outside of the switch fabric and coupled to the switch, and (ii) back from the service device into the switch fabric via the switch.

公开(公告)号：US20210058295A1

公开(公告)日：2021-02-25

申请号：US16588699

申请日：2019-09-30

Applicant: Juniper Networks, Inc.

Inventor： Jacopo Pianigiani ,  Atul S Moghe ,  Ankur Tandon ,  Supriya Sridhar

IPC: H04L12/24 ,  H04L29/08 ,  G06F9/4401

Abstract: An access profile includes configuration characteristics that are defined using device and operating system agnostic attributes. Thus, the access profiles are not necessarily dependent or otherwise tied to any particular vendor or network OS. When a system administrator configures one or more service access points, the system administrator need only specify the vendor and network OS agnostic characteristics that are to be associated with the service access point. A configuration generator can generate vendor specific and/or network specific configuration commands and data from the vendor and network OS agnostic access profile attributes. The generated configuration commands and data can be provided to a network device hosting the service access point using a vendor specific and/or network OS specific configuration application program interface.

公开(公告)号：US11956141B2

公开(公告)日：2024-04-09

申请号：US18297291

申请日：2023-04-07

Applicant: Juniper Networks, Inc.

Inventor： Mahesh Sivakumar ,  Anantharamu Suryanarayana ,  Ankur Tandon

IPC: H04L45/02 ,  H04L12/46 ,  H04L41/12

CPC classification number: H04L45/02 ,  H04L12/4641 ,  H04L41/12

Abstract: Techniques are described in which a centralized controller, such as a software defined networking (SDN) controller, constructs a service chain that includes a physical network function (PNF) between a bare metal server (BMS) and a virtual execution element (e.g., virtual machine or container), or in some instances a remote BMS, or vice-versa. In accordance with the techniques disclosed herein, the controller may construct an inter-network service chain that includes PNFs, or a combination of PNFs and virtualized network functions (VNFs). The controller may construct an inter-network service chain to steer traffic between a BMS and a virtual execution element or remote BMS through an inter-network service chain using Virtual Extensible Local Area Network (VXLAN) as an underlying transport technology through the service chain.

公开(公告)号：US11652727B2

公开(公告)日：2023-05-16

申请号：US17454979

申请日：2021-11-15

Applicant: Juniper Networks, Inc.

Inventor： Mahesh Sivakumar ,  Anantharamu Suryanarayana ,  Ankur Tandon

IPC: G06F15/16 ,  H04L45/02 ,  H04L12/46 ,  H04L41/12

CPC classification number: H04L45/02 ,  H04L12/4641 ,  H04L41/12

Abstract: Techniques are described in which a centralized controller, such as a software defined networking (SDN) controller, constructs a service chain that includes a physical network function (PNF) between a bare metal server (BMS) and a virtual execution element (e.g., virtual machine or container), or in some instances a remote BMS, or vice-versa. In accordance with the techniques disclosed herein, the controller may construct an inter-network service chain that includes PNFs, or a combination of PNFs and virtualized network functions (VNFs). The controller may construct an inter-network service chain to steer traffic between a BMS and a virtual execution element or remote BMS through an inter-network service chain using Virtual Extensible Local Area Network (VXLAN) as an underlying transport technology through the service chain.

公开(公告)号：US20220217047A1

公开(公告)日：2022-07-07

申请号：US17655718

申请日：2022-03-21

Applicant: Juniper Networks, Inc.

Inventor： Jacopo Pianigiani ,  Atul S. Moghe ,  Ankur Tandon ,  Supriya Sridhar

IPC: H04L41/0866 ,  G06F9/4401 ,  H04L41/082 ,  H04L67/303

Abstract: An access profile includes configuration characteristics that are defined using device and operating system agnostic attributes. Thus, the access profiles are not necessarily dependent or otherwise tied to any particular vendor or network OS. When a system administrator configures one or more service access points, the system administrator need only specify the vendor and network OS agnostic characteristics that are to be associated with the service access point. A configuration generator can generate vendor specific and/or network specific configuration commands and data from the vendor and network OS agnostic access profile attributes. The generated configuration commands and data can be provided to a network device hosting the service access point using a vendor specific and/or network OS specific configuration application program interface.

公开(公告)号：US20210377164A1

公开(公告)日：2021-12-02

申请号：US17247858

申请日：2020-12-28

Applicant: Juniper Networks, Inc.

Inventor： Parag Sanghvi ,  Ankur Tandon ,  Jacopo Pianigiani ,  Atul S Moghe ,  Patrik Bok

IPC: H04L12/713 ,  H04L12/751 ,  H04L12/813 ,  H04L12/931 ,  H04L12/771 ,  H04L12/715

Abstract: Network controllers are described that enable creation of logical interconnects between logical routers of different, isolated virtual networks and for auto-generation and deployment of routing policies to control “leaking” of select routes amongst the different virtual networks. In one example, a network controller includes a memory and processing circuitry configured to identify a source logical router of a first virtual network and a destination logical router of a second virtual network implemented on one or more physical devices of a switch fabric, form a policy defining one or more rules for controlling leaking of one or more of the routes through a logical router interconnect from the source logical router to the destination logical router, and push the policy to the one or more physical devices of the switch fabric for application to communications through the logical router interconnect.

公开(公告)号：US11722408B1

公开(公告)日：2023-08-08

申请号：US17248257

申请日：2021-01-15

Applicant: Juniper Networks, Inc.

Inventor： Jacopo Pianigiani ,  Vivekananda Shenoy ,  Ankur Tandon ,  Atul S Moghe ,  Suresh K Balineni ,  Tong Jiang ,  Kiran N. Kasim ,  Sridevi JeevaRaj

IPC: H04L45/00 ,  H04L12/46 ,  H04L45/586 ,  H04L45/745

CPC classification number: H04L45/54 ,  H04L12/4641 ,  H04L45/586 ,  H04L45/745

Abstract: An example data center system includes server devices hosting data of a first tenant and a second tenant of the data center, network devices of an interconnected topology coupling the server devices including respective service virtual routing and forwarding (VRF) tables, and one or more service devices that communicatively couple the network devices, wherein the service devices include respective service VRF tables for the first set of server devices and the second set of server devices, and wherein the service devices apply services to network traffic flowing between the first set of server devices and the second set of server devices using the first service VRF table and the second service VRF table.

公开(公告)号：US20230246941A1

公开(公告)日：2023-08-03

申请号：US18297291

申请日：2023-04-07

Applicant: Juniper Networks, Inc.

Inventor： Mahesh Sivakumar ,  Anantharamu Suryanarayana ,  Ankur Tandon

IPC: H04L45/02 ,  H04L12/46 ,  H04L41/12

CPC classification number: H04L45/02 ,  H04L12/4641 ,  H04L41/12

Abstract: Techniques are described in which a centralized controller, such as a software defined networking (SDN) controller, constructs a service chain that includes a physical network function (PNF) between a bare metal server (BMS) and a virtual execution element (e.g., virtual machine or container), or in some instances a remote BMS, or vice-versa. In accordance with the techniques disclosed herein, the controller may construct an inter-network service chain that includes PNFs, or a combination of PNFs and virtualized network functions (VNFs). The controller may construct an inter-network service chain to steer traffic between a BMS and a virtual execution element or remote BMS through an inter-network service chain using Virtual Extensible Local Area Network (VXLAN) as an underlying transport technology through the service chain.