公开(公告)号：US20240078123A1

公开(公告)日：2024-03-07

申请号：US17929526

申请日：2022-09-02

Applicant: Juniper Networks, Inc.

Inventor： Thayumanavan Sridhar ,  Raja Kommula ,  Ganesh Byagoti Matad Sunkada ,  Santha Nagesh Ayyagari ,  Vikram Singh ,  Darrell Ball ,  Yuvaraja Mariappan

IPC: G06F9/455

CPC classification number: G06F9/45558 ,  G06F2009/4557 ,  G06F2009/45595

Abstract: In general, techniques are described for automatically and transparently providing service proxying to virtual machines using Network Interface Cards (NICs). In some examples, a service proxy implemented by a NIC of a computing device that hosts a virtual machine may mimic sidecar service proxy behavior. A NIC-based mesh agent may automatically detect the service offered by the virtual machine and interact with control plane components to dynamically incorporate the service into a service mesh.

公开(公告)号：US11924044B2

公开(公告)日：2024-03-05

申请号：US17656353

申请日：2022-03-24

Applicant: Juniper Networks, Inc.

Inventor： David M. Katz ,  Ross W. Callon ,  Scott Mackie ,  Dennis C. Ferguson

IPC: H04L41/12 ,  G06F9/48 ,  G06F9/50 ,  G06F11/20 ,  H04L45/02 ,  H04L45/48

CPC classification number: H04L41/12 ,  G06F9/4843 ,  G06F9/5061 ,  G06F11/2097 ,  H04L45/02 ,  H04L45/48 ,  G06F11/2023 ,  G06F2201/81

Abstract: In general, techniques are described for organizing execution of distributed operating systems for network devices. A device comprising hardware computing nodes may be configured to perform the techniques. The hardware computing nodes may execute a protocol by which to discover a topology of the plurality of hardware computing nodes, and determine, based on the topology, a subset of the plurality of hardware computing nodes to manage execution of a distributed operating system. The determined subset of the plurality of hardware computing nodes may execute a communication bus by which to synchronize operating system state information between the subset of the plurality of hardware computing nodes. The hardware computing nodes may further execute, based on the operating system state information, the distributed operating system to provide an execution environment in which one or more applications execute.

公开(公告)号：US20240073247A1

公开(公告)日：2024-02-29

申请号：US17823382

申请日：2022-08-30

Applicant: Juniper Networks, Inc.

Inventor： Shiva Kumar N ,  Jayanth Eswar Reddy BASIREDDYGARI ,  Rakesh Kumar SHARMA

IPC: H04L9/40

CPC classification number: H04L63/166 ,  H04L63/0807 ,  H04L63/1425

Abstract: A system communicates, with a client device, to establish a first TLS communication session between the system and the client device, and with a server device, to establish a second TLS communication session between the system and the server device. The system generates a first session ticket associated with the first TLS communication session, and obtains, from the server device, a second session ticket associated with the second TLS communication session. The system sends, to the client device and via the first TLS communication session, the first session ticket, with the second session ticket included in the first session ticket. The system receives, from the client device and after the first TLS communication session and the second TLS communication session terminate, the first session ticket that includes the second session ticket, which the system uses to facilitate resumption of the first TLS communication session and the second TLS communication session.

公开(公告)号：US20240073117A1

公开(公告)日：2024-02-29

申请号：US18501190

申请日：2023-11-03

Applicant: Juniper Networks, Inc.

Inventor： Jisheng Wang ,  Charl Matthee ,  Randall Frei ,  Jie C. Jiang

IPC: H04L43/12 ,  H04L43/026 ,  H04L43/028

CPC classification number: H04L43/12 ,  H04L43/026 ,  H04L43/028

Abstract: Systems, devices and techniques for an adaptive application-specific probing scheme are disclosed. An example network device includes memory configured to store a network address and probe protocol usable for probing a first network device associated with a source of an application, and one or more processors configured to determine a network address and probe protocol usable for probing the first network device, wherein the first network device comprises a server that is responsive to the probing, the server executing the application for the data flow, or a closest network device, to the server, that is responsive to the probing. The one or more processors are also configured to send to a second network device at a location serviced by the application, a message specifying the network address and probe protocol usable for probing the first network device.

公开(公告)号：US20240073112A1

公开(公告)日：2024-02-29

申请号：US18500351

申请日：2023-11-02

Applicant: Juniper Networks, Inc.

Inventor： Sheeja J S

IPC: H04L43/028 ,  H04L9/40 ,  H04L43/026 ,  H04L43/12

CPC classification number: H04L43/028 ,  H04L43/026 ,  H04L43/12 ,  H04L63/08 ,  H04L63/102 ,  H04L63/306

Abstract: A network monitoring device may receive, from a mediation device, flow-tap content data (generated by the mediation device based on current and/or previous investigation reports associated with flow tapping) that needs to be monitored. The network monitoring device may map the content data to a flow-tap content destination address of a content destination device in an entry of a flow-tap content filter. The network monitoring device may analyze, using the flow-tap content filter, network traffic of the network to detect a traffic flow that includes the content data. The network monitoring device may generate, based on successfully detecting a traffic flow that includes the content data, a traffic flow copy and may provide the traffic flow copy to the flow-tap content destination address, wherein the traffic flow copy is to be accessible to the content destination device to enable a context analysis of the content data.

公开(公告)号：US20240073087A1

公开(公告)日：2024-02-29

申请号：US18147599

申请日：2022-12-28

Applicant: Juniper Networks, Inc.

Inventor： Michael Henkel ,  Richard Roberts

IPC: H04L41/0816 ,  H04L41/0866 ,  H04L41/0894

CPC classification number: H04L41/0816 ,  H04L41/0866 ,  H04L41/0894

Abstract: In general, techniques are described for leveraging a configuration framework for an orchestration platform to configure software that implements a control plane for a containerized network router in a cloud-native SDN architecture. In an example, a method comprises receiving, by a server executing a containerized routing protocol process, configuration data generated from a Network Resource configuration object managed by a custom resource controller; configuring, by the server, the containerized routing protocol process with the configuration data; and programming, by the containerized routing protocol process, based on the configuration data generated from the Network Resource configuration object, a virtual router data plane to forward network traffic.

公开(公告)号：US11916963B2

公开(公告)日：2024-02-27

申请号：US17301278

申请日：2021-03-30

Applicant: Juniper Networks, Inc.

Inventor： Kaushik Dutta Majumdar ,  Fnu Nadeem ,  Shanmukh Uppuluri

IPC: H04L9/40 ,  G06F16/245

CPC classification number: H04L63/20 ,  G06F16/245 ,  H04L63/0227

Abstract: In an example, systems and methods enable automatic implementation of intent-based security policies in a network system, such as a software-defined wide area network system, in which network segment prefixes for network segments at one or more sites are dynamically learned. A service orchestrator controller translates an intent-based security policy input by a user to a security policy for a first site. The security policy for the first site specifies a segment-specific queryable resource associated with a second site. To implement the security policy, a device associated with the first site queries the segment-specific queryable resource associated with the second site, and updates one or more forwarding tables of the device with the network segment prefixes associated with one or more network segments at the second site received in response to the query. The first site forwards network traffic to the second site based on the updated forwarding tables.

公开(公告)号：US11909663B1

公开(公告)日：2024-02-20

申请号：US17587675

申请日：2022-01-28

Applicant: Juniper Networks, Inc.

Inventor： Jeevan Madhu Kamisetty ,  Lakshmana Murthy Mantha ,  Joseph L. White ,  Simon Jonathan Gordon

IPC: H04L47/76

CPC classification number: H04L47/76

Abstract: A non-transitory processor-readable medium storing code representing instructions to be executed by a processor can cause the processor to receive an indication to load balance a group of sessions associated with a network node and a switch across a group of links between a gateway device and the switch at a first time. The code causes the processor to calculate at a second time, a load based on the group of sessions and associated with a first set of links in an active configuration before the first time. The code causes the processor to send a signal to cause a set of sessions from the group of sessions to re-establish themselves at a third time based on a threshold value calculated based on the load such that the set of sessions are load balanced across a second set of links in the active configuration at the third time.

公开(公告)号：US11909635B2

公开(公告)日：2024-02-20

申请号：US17193831

申请日：2021-03-05

Applicant: Juniper Networks, Inc.

Inventor： Dhaval Bakulesh Bhodia ,  Vyasraj Satyanarayana ,  Saleem Rahim ,  Shrish Mahishi

IPC: H04L45/00 ,  H04L45/28 ,  H04L45/42

CPC classification number: H04L45/566 ,  H04L45/22 ,  H04L45/28 ,  H04L45/38 ,  H04L45/42

Abstract: A network device may receive packets, wherein the network device includes a first routing component, a second routing component, a first forwarding component, a second forwarding component, and a physical interface card concentrator with multiple physical interface cards. The first routing component may provide, to the physical interface card concentrator, a signal indicating that the second forwarding component is to be an active forwarding component. The physical interface card concentrator may cause, based on the signal, a data path for the multiple physical interface cards to be switched from the first forwarding component to the second forwarding component. The first routing component may provide the packets to the second forwarding component. The second forwarding component may provide the packets to the multiple physical interface cards via the data path. The multiple physical interface cards may forward the packets toward destinations associated with the packets.

公开(公告)号：US11909632B2

公开(公告)日：2024-02-20

申请号：US18054831

申请日：2022-11-11

Applicant: Juniper Networks, Inc.

Inventor： Kevin Wang ,  Jaihari V. Loganathan ,  Jeffrey Haas ,  Sanjay Khanna

IPC: H04L45/50 ,  H04L45/00 ,  H04L45/24 ,  H04L45/42 ,  H04L45/586 ,  H04L47/78

CPC classification number: H04L45/50 ,  H04L45/22 ,  H04L45/24 ,  H04L45/42 ,  H04L45/586 ,  H04L47/781

Abstract: In general, various aspects of the techniques are described in this disclosure for distributed label assignment for labeled routes. In one example, a method includes obtaining, by a first thread of a plurality of execution threads for at least one routing protocol process executing on processing circuitry of a network device, an allocation of first labels drawn from a label space for a network service; adding, by the first thread, the first labels to a first local label pool for the first thread; generating, by the first thread, after obtaining the allocation of the first labels, a labeled route comprising a route for the network service and a label assigned by the first thread from the first local label pool; and outputting, by the network device, the labeled route.