公开(公告)号：US12095817B2

公开(公告)日：2024-09-17

申请号：US17301278

申请日：2021-03-30

Applicant: Juniper Networks, Inc.

Inventor： Kaushik Dutta Majumdar ,  Fnu Nadeem ,  Shanmukh Uppuluri

IPC: H04L9/40 ,  G06F16/245

CPC classification number: H04L63/20 ,  G06F16/245 ,  H04L63/0227

Abstract: In an example, systems and methods enable automatic implementation of intent-based security policies in a network system, such as a software-defined wide area network system, in which network segment prefixes for network segments at one or more sites are dynamically learned. A service orchestrator controller translates an intent-based security policy input by a user to a security policy for a first site. The security policy for the first site specifies a segment-specific queryable resource associated with a second site. To implement the security policy, a device associated with the first site queries the segment-specific queryable resource associated with the second site, and updates one or more forwarding tables of the device with the network segment prefixes associated with one or more network segments at the second site received in response to the query. The first site forwards network traffic to the second site based on the updated forwarding tables.

公开(公告)号：US11916963B2

公开(公告)日：2024-02-27

申请号：US17301278

申请日：2021-03-30

Applicant: Juniper Networks, Inc.

Inventor： Kaushik Dutta Majumdar ,  Fnu Nadeem ,  Shanmukh Uppuluri

IPC: H04L9/40 ,  G06F16/245

CPC classification number: H04L63/20 ,  G06F16/245 ,  H04L63/0227

Abstract: In an example, systems and methods enable automatic implementation of intent-based security policies in a network system, such as a software-defined wide area network system, in which network segment prefixes for network segments at one or more sites are dynamically learned. A service orchestrator controller translates an intent-based security policy input by a user to a security policy for a first site. The security policy for the first site specifies a segment-specific queryable resource associated with a second site. To implement the security policy, a device associated with the first site queries the segment-specific queryable resource associated with the second site, and updates one or more forwarding tables of the device with the network segment prefixes associated with one or more network segments at the second site received in response to the query. The first site forwards network traffic to the second site based on the updated forwarding tables.

公开(公告)号：US20240195844A1

公开(公告)日：2024-06-13

申请号：US18584531

申请日：2024-02-22

Applicant: Juniper Networks, Inc.

Inventor： Kaushik Dutta Majumdar ,  FNU Nadeem ,  Shanmukh Uppuluri

IPC: H04L9/40 ,  G06F16/245

CPC classification number: H04L63/20 ,  G06F16/245 ,  H04L63/0227

Abstract: In an example, systems and methods enable automatic implementation of intent-based security policies in a network system, such as a software-defined wide area network system, in which network segment prefixes for network segments at one or more sites are dynamically learned. A service orchestrator controller translates an intent-based security policy input by a user to a security policy for a first site. The security policy for the first site specifies a segment-specific queryable resource associated with a second site. To implement the security policy, a device associated with the first site queries the segment-specific queryable resource associated with the second site, and updates one or more forwarding tables of the device with the network segment prefixes associated with one or more network segments at the second site received in response to the query. The first site forwards network traffic to the second site based on the updated forwarding tables.

公开(公告)号：US20220321604A1

公开(公告)日：2022-10-06

申请号：US17301278

申请日：2021-03-30

Applicant: Juniper Networks, Inc.

Inventor： Kaushik Dutta Majumdar ,  FNU Nadeem ,  Shanmukh Uppuluri

IPC: H04L29/06 ,  G06F16/245 ,  G06N20/00

Abstract: In an example, systems and methods enable automatic implementation of intent-based security policies in a network system, such as a software-defined wide area network system, in which network segment prefixes for network segments at one or more sites are dynamically learned. A service orchestrator controller translates an intent-based security policy input by a user to a security policy for a first site. The security policy for the first site specifies a segment-specific queryable resource associated with a second site. To implement the security policy, a device associated with the first site queries the segment-specific queryable resource associated with the second site, and updates one or more forwarding tables of the device with the network segment prefixes associated with one or more network segments at the second site received in response to the query. The first site forwards network traffic to the second site based on the updated forwarding tables.