公开(公告)号：US20240078123A1

公开(公告)日：2024-03-07

申请号：US17929526

申请日：2022-09-02

Applicant: Juniper Networks, Inc.

Inventor： Thayumanavan Sridhar ,  Raja Kommula ,  Ganesh Byagoti Matad Sunkada ,  Santha Nagesh Ayyagari ,  Vikram Singh ,  Darrell Ball ,  Yuvaraja Mariappan

IPC: G06F9/455

CPC classification number: G06F9/45558 ,  G06F2009/4557 ,  G06F2009/45595

Abstract: In general, techniques are described for automatically and transparently providing service proxying to virtual machines using Network Interface Cards (NICs). In some examples, a service proxy implemented by a NIC of a computing device that hosts a virtual machine may mimic sidecar service proxy behavior. A NIC-based mesh agent may automatically detect the service offered by the virtual machine and interact with control plane components to dynamically incorporate the service into a service mesh.

公开(公告)号：US20230066013A1

公开(公告)日：2023-03-02

申请号：US17446145

申请日：2021-08-26

Applicant: Juniper Networks, Inc.

Inventor： Darrell Ball

IPC: H04L12/947 ,  G06F9/54 ,  H04L12/933

Abstract: In general, techniques are described for enhancing packet processing in a computing device of a network. The computing device is configured to in response to receiving ingress data of a flow from the first network device via the first network interface, execute, based on a hook point in kernel space of the device, a kernel program to transfer, via a first socket of a user module, the ingress data for packet processing; configure an code point for the second network interface, wherein the user module is configured to couple a second socket with the code point; and in response to determining the second network device as a next hop for the flow, transfer, based on the code point, egress data of the flow via the second socket to the second network interface, wherein the second network interface is operative to output the egress data to the second network device.

公开(公告)号：US12003429B2

公开(公告)日：2024-06-04

申请号：US17446145

申请日：2021-08-26

Applicant: Juniper Networks, Inc.

Inventor： Darrell Ball

IPC: H04L49/25 ,  G06F9/54 ,  H04L49/15

CPC classification number: H04L49/25 ,  G06F9/545 ,  H04L49/15

Abstract: In general, techniques are described for enhancing packet processing in a computing device of a network. The computing device is configured to in response to receiving ingress data of a flow from the first network device via the first network interface, execute, based on a hook point in kernel space of the device, a kernel program to transfer, via a first socket of a user module, the ingress data for packet processing; configure an code point for the second network interface, wherein the user module is configured to couple a second socket with the code point; and in response to determining the second network device as a next hop for the flow, transfer, based on the code point, egress data of the flow via the second socket to the second network interface, wherein the second network interface is operative to output the egress data to the second network device.

公开(公告)号：US20240259311A1

公开(公告)日：2024-08-01

申请号：US18633311

申请日：2024-04-11

Applicant: Juniper Networks, Inc.

Inventor： Darrell Ball

IPC: H04L45/745 ,  H04L45/00

CPC classification number: H04L45/745 ,  H04L45/38

Abstract: Techniques are disclosed for providing automatic policy configuration for packet flows. For example, a computing device comprises a virtual node and one or more virtual execution elements coupled to the virtual node. The computing device may also comprise one or more processors configured to: receive a packet originating from an application workload hosted on the one or more virtual execution elements and destined for a remote destination device; determine the packet is part of a new packet flow; in response, configure, by a kernel of the computing device and without sending the packet to a user space of the computing device, a policy for a forward packet flow for the new packet flow; configure, by the kernel, a policy for a reverse packet flow associated with the forward packet flow; and send the packet toward the remote destination device in accordance with the policy for the forward packet flow.

公开(公告)号：US11997014B2

公开(公告)日：2024-05-28

申请号：US17450147

申请日：2021-10-06

Applicant: Juniper Networks, Inc.

Inventor： Darrell Ball

IPC: H04L45/00 ,  H04L45/745

CPC classification number: H04L45/745 ,  H04L45/38

Abstract: Techniques are disclosed for providing automatic policy configuration for packet flows. For example, a computing device comprises a virtual node and one or more virtual execution elements coupled to the virtual node. The computing device may also comprise one or more processors configured to: receive a packet originating from an application workload hosted on the one or more virtual execution elements and destined for a remote destination device; determine the packet is part of a new packet flow; in response, configure, by a kernel of the computing device and without sending the packet to a user space of the computing device, a policy for a forward packet flow for the new packet flow; configure, by the kernel, a policy for a reverse packet flow associated with the forward packet flow; and send the packet toward the remote destination device in accordance with the policy for the forward packet flow.

公开(公告)号：US20230146525A1

公开(公告)日：2023-05-11

申请号：US17450147

申请日：2021-10-06

Applicant: Juniper Networks, Inc.

Inventor： Darrell Ball

IPC: H04L12/741 ,  H04L12/721

CPC classification number: H04L45/745 ,  H04L45/38

Abstract: Techniques are disclosed for providing automatic policy configuration for packet flows. For example, a computing device comprises a virtual node and one or more virtual execution elements coupled to the virtual node. The computing device may also comprise one or more processors configured to: receive a packet originating from an application workload hosted on the one or more virtual execution elements and destined for a remote destination device; determine the packet is part of a new packet flow; in response, configure, by a kernel of the computing device and without sending the packet to a user space of the computing device, a policy for a forward packet flow for the new packet flow; configure, by the kernel, a policy for a reverse packet flow associated with the forward packet flow; and send the packet toward the remote destination device in accordance with the policy for the forward packet flow.