公开(公告)号：US11706196B1

公开(公告)日：2023-07-18

申请号：US17007830

申请日：2020-08-31

Applicant: Juniper Networks, Inc.

Inventor： Sunanda L. Kommula ,  Nitin Kumar ,  Dmitry A. Shokarev

IPC: H04L9/40 ,  G06F9/455 ,  H04L12/46

CPC classification number: H04L63/0236 ,  H04L63/0245 ,  H04L63/0272 ,  G06F9/45558 ,  G06F2009/45587 ,  H04L12/4641

Abstract: A network device is configured to receive an inbound packet from a first server device via a network tunnel, the first inbound packet including an outer header, a virtual private network (VPN) label, an inner header, and a data payload, the inner header including an inner source IP address of a source virtual machine. The processors are also configured to determine a first tunnel identifier, determine, based on the inner source IP address, a second tunnel identifier associated with a second server device hosting the source virtual machine, compare the second tunnel identifier with the first tunnel identifier to determine whether the tunnel on which the first inbound packet was received is the same as a tunnel used for forwarding traffic to the source virtual machine, and drop the inbound packet when the second tunnel identifier does not match the first tunnel identifier.

公开(公告)号：US10764249B1

公开(公告)日：2020-09-01

申请号：US15827927

申请日：2017-11-30

Applicant: Juniper Networks, Inc.

Inventor： Sunanda L. Kommula ,  Nitin Kumar ,  Dmitry A. Shokarev

IPC: H04L29/06 ,  G06F9/455 ,  H04L12/46

Abstract: A network device is configured to receive an inbound packet from a first server device via a network tunnel, the first inbound packet including an outer header, a virtual private network (VPN) label, an inner header, and a data payload, the inner header including an inner source IP address of a source virtual machine. The processors are also configured to determine a first tunnel identifier, determine, based on the inner source IP address, a second tunnel identifier associated with a second server device hosting the source virtual machine, compare the second tunnel identifier with the first tunnel identifier to determine whether the tunnel on which the first inbound packet was received is the same as a tunnel used for forwarding traffic to the source virtual machine, and drop the inbound packet when the second tunnel identifier does not match the first tunnel identifier.

公开(公告)号：US11070464B2

公开(公告)日：2021-07-20

申请号：US16162323

申请日：2018-10-16

Applicant: Juniper Networks, Inc.

Inventor： Sri Karthik Goud Gadela ,  Sharmila Koppula ,  Babu Singarayan ,  Sunanda L. Kommula

IPC: H04L12/761 ,  H04L12/707 ,  H04L12/747 ,  H04L12/741 ,  H04L12/927 ,  H04L12/947

Abstract: The techniques describe forwarding multicast traffic using a multi-level cache in a network device forwarding plane for determining a set of outgoing interfaces of the network device on which to forward the multicast traffic. For example, a multi-level cache is configured to store a multicast identifier of a multicast packet and multicast forwarding information associated with the multicast identifier, such as identification of one or more egress packet processors of the network device to which the multicast packet is to be sent for forwarding to the set of one or more egress network devices, and/or outgoing interfaces of the network device toward each egress network device of the set of one or more egress network devices. The multi-level cache is also configured to store respective multicast identifiers that are to be encapsulated with outgoing multicast packets that are forwarded to the set of one or more egress network devices.

公开(公告)号：US09806895B1

公开(公告)日：2017-10-31

申请号：US14675303

申请日：2015-03-31

Applicant: Juniper Networks, Inc.

Inventor： Sunanda L. Kommula ,  Alex Baban ,  Swamy Sadashivaiah Renu Kananda ,  Jamsheed R. Wania

IPC: H04L12/28 ,  H04L12/18 ,  H04L12/931 ,  H04L12/26 ,  H04L12/911 ,  H04L12/741 ,  H04L12/823

CPC classification number: H04L12/1863 ,  H04L43/0894 ,  H04L43/16 ,  H04L45/745 ,  H04L47/32 ,  H04L47/825 ,  H04L49/201

Abstract: A system and method for selecting packets to be forwarded from redundant multicast streams. A primary multicast stream and a secondary multicast stream are received, wherein the primary multicast stream and the secondary multicast stream are redundant multicast streams received over disjoint multicast forwarding paths. A hardware-based analyzer in a forwarding plane of the network device is applied to detect when a quality of one of the primary multicast stream or the secondary multicast stream has fallen below a threshold. In response to detecting that a quality of one of the primary multicast stream or the secondary multicast stream has fallen below a threshold, selecting, via a thread executing in a forwarding component of the network device, a different one of the primary multicast stream or the secondary multicast stream having a quality that meets the threshold, wherein selecting includes dynamically rewriting next hop operations associated with the selected stream. Packets received on the selected one of the primary multicast stream or the secondary multicast stream are forwarded and packets of the multicast stream received on the other one of the primary multicast stream or the secondary multicast stream for which the quality has fallen below the threshold are discarded.