公开(公告)号：US20230362075A1

公开(公告)日：2023-11-09

申请号：US18224789

申请日：2023-07-21

Applicant: Juniper Networks, Inc.

Inventor： Ebrahim Safavi

IPC: H04L43/04 ,  G06N20/00 ,  H04L41/147

CPC classification number: H04L43/04 ,  G06N20/00 ,  H04L41/147

Abstract: Techniques are described in which a network management system processes network event data received from the AP devices. The NMS is configured to dynamically determine, in real-time, a minimum (MIN) threshold and a maximum (MAX) threshold for expected occurrences for each event type, wherein the MIN thresholds and MAX thresholds define ranges of expected occurrences for the network events of the corresponding event types. The NMS applies an unsupervised machine learning model to the network event data to determine predicted counts of occurrences of the network events for each of the event types and identify, based on the predicted counts of occurrences and the dynamically-determined minimum threshold values and maximum threshold values for each event type, one or more of the network events as indicative of abnormal network behavior.

公开(公告)号：US11811951B2

公开(公告)日：2023-11-07

申请号：US17133193

申请日：2020-12-23

Applicant: Juniper Networks, Inc.

Inventor： Guy Fedorkow ,  Sambasiva Rao Katta

IPC: H04L9/32 ,  H04L41/0668 ,  H04L45/24 ,  H04L9/00

CPC classification number: H04L9/3263 ,  H04L9/3247 ,  H04L41/0668 ,  H04L45/24 ,  H04L9/50

Abstract: A network device may receive a redundant identifier certificate associated with a redundant routing module, and may provide, to a bootstrap device, a primary identifier certificate associated with a primary routing module associated with the network device. The network device may establish a secure connection with the bootstrap device based on the bootstrap device verifying an authenticity of the primary routing module via the primary identifier certificate. The network device may provide, to the bootstrap device via the secure connection, a redundant routing module identifier associated with the redundant routing module and may receive, from the bootstrap device via the secure connection, a signed certificate chain associated with the redundant routing module. The network device may verify the signed certificate chain and may verify the redundant identifier certificate, associated with the redundant routing module, based on verifying the signed certificate chain.

公开(公告)号：US11811834B2

公开(公告)日：2023-11-07

申请号：US17818099

申请日：2022-08-08

Applicant: Juniper Networks, Inc.

Inventor： Sheeja J S

IPC: H04L9/40 ,  H04L45/00 ,  H04L47/32 ,  H04L45/302 ,  H04L45/74

CPC classification number: H04L63/306 ,  H04L45/306 ,  H04L45/566 ,  H04L45/74 ,  H04L47/32 ,  H04L63/0245 ,  H04L63/166

Abstract: A network device ensures availability of content destination devices, and may receive a request to install a filter, and the request may include information identifying a set of content destination devices capable of receiving packets that match the filter, and priority values indicating priorities by which the set of content destination devices are to receive the packets. The network device may receive status indications indicating availabilities associated with the set of content destination devices, and may receive a packet destined for an endpoint device. The network device may generate a copy of the packet, and may determine that a packet feature matches the filter. The network device may select a particular content destination device, from the set of content destination devices, based on the priority values and the status indications, and may cause the copy of the packet to be forwarded to the particular content destination device.

公开(公告)号：US11811817B2

公开(公告)日：2023-11-07

申请号：US17937516

申请日：2022-10-03

Applicant: Juniper Networks, Inc.

Inventor： Sarvesh K. Batta ,  Thyagarajan S. Pasupathy ,  Mohan Thangavel

IPC: H04L29/00 ,  H04L9/40 ,  H04L47/32

CPC classification number: H04L63/1433 ,  H04L47/32 ,  H04L63/0281 ,  H04L63/083 ,  H04L63/166

Abstract: A network device may receive a first data packet. The network device may determine that a level of available computing resources satisfies a threshold level. The network device may perform a secure socket layer (SSL) proxy function based on the level of available computing resources satisfying the threshold level. The network device may receive a second data packet. The network device may determine that the level of available computing resources fails to satisfy the threshold level. The network device may determine a security characteristic associated with the second data packet. The network device may determine a security rating associated with the second data packet based on the security characteristic. The network device may selectively perform the SSL proxy function based on the security rating.

公开(公告)号：US11811685B1

公开(公告)日：2023-11-07

申请号：US17813226

申请日：2022-07-18

Applicant: Juniper Networks, Inc.

Inventor： Kiran K N ,  Przemyslaw Krzysztof Grygiel ,  Damian Szeluga

IPC: H04L49/00 ,  H04L47/625 ,  H04L47/56

CPC classification number: H04L49/3063 ,  H04L47/56 ,  H04L47/6255

Abstract: An example virtual router includes a plurality of logical cores (“lcores”), where each lcore comprises a CPU core or hardware thread. The virtual router is configured to determine a latency profile, select, based at least in part on the latency profile, a packet processing mode from the plurality of packet processing modes. In response to a determination that the packet processing mode comprises the run-to-completion mode, an lcore of the plurality of lcores is configured to: read a network packet from a device queue, process the network packet to determine a destination virtual device for the network packet, the destination virtual device having a plurality of interface queues, and insert the network packet into an interface queue of the plurality of interface queues.

公开(公告)号：US11811651B2

公开(公告)日：2023-11-07

申请号：US17150082

申请日：2021-01-15

Applicant: Juniper Networks, Inc.

Inventor： Tarek Saad ,  Raveendra Torvi ,  Vishnu Pavan Beeram ,  Jonathan C. Barth

IPC: H04L45/302 ,  H04L45/44 ,  H04L45/50 ,  H04L45/58

CPC classification number: H04L45/302 ,  H04L45/44 ,  H04L45/50 ,  H04L45/583

Abstract: A disclosed method may include (1) receiving, at a network node within a network, a packet from another network node within the network, (2) identifying, within the packet, a slice label that indicates a network slice that has been logically partitioned on the network, (3) determining a QoS policy that corresponds to the network slice indicated by the slice label, (4) applying the QoS policy to the packet, and then upon applying the QoS policy to the packet, (5) forwarding the packet to an additional network node within the network. Various other apparatuses, systems, and methods are also disclosed.

公开(公告)号：US11811649B2

公开(公告)日：2023-11-07

申请号：US17808126

申请日：2022-06-22

Applicant: Juniper Networks, Inc.

Inventor： Kaliraj Vairavakkalai

IPC: H04L45/00 ,  G06F16/23 ,  H04L12/66

CPC classification number: H04L45/26 ,  G06F16/2379 ,  H04L12/66

Abstract: An auto-discovery route reflector (auto-discovery-RR) may obtain a route from an originating network device and may update a data structure to include at least some information contained in the route. The auto-discovery-RR may identify, based on the data structure, a plurality of target network devices, wherein the plurality of target network devices includes at least one route reflector (RR) and at least one route reflector client (RR-client). The auto-discovery-RR may send the route to the plurality of target network devices to facilitate establishment of a connection between the originating network device and at least one target network device of the plurality of target network devices.

公开(公告)号：US11811641B1

公开(公告)日：2023-11-07

申请号：US16826002

申请日：2020-03-20

Applicant: Juniper Networks, Inc.

Inventor： Shraddha Hegde ,  Antoni B Przygienda ,  Salih K A ,  Harsha Lakshmikanth

IPC: G06F15/173 ,  H04L45/02 ,  H04L41/12 ,  H04L45/00 ,  H04L45/28 ,  H04L9/40

CPC classification number: H04L45/02 ,  H04L41/12 ,  H04L45/04 ,  H04L45/22 ,  H04L45/28 ,  H04L45/32 ,  H04L63/1408 ,  H04L12/4604 ,  H04L45/32 ,  H04L63/1458 ,  H04L41/0654 ,  H04L63/14 ,  H04L63/1408 ,  H04L63/1416 ,  H04L63/1425 ,  H04L63/1433

Abstract: A secure IGP topology or other link state topology can be implemented by a network security unit that runs in a centralized environment on servers separate from a network associated with the IGP topology. The network security unit acquires the topology information, such as by participating in IGP or through border gateway protocol with link state (BGP-LS). The network security unit detects possible network problems, such as indicators of potential network attacks. Once an indicator of a potential network attack is detected, the network security unit identifies the node that is compromised. Once the compromised node is identified, the network security unit can report the node for manual or automated intervention. In some aspects, the network security unit can isolate the compromised node by shutting down links connected to the compromised node.

公开(公告)号：US11811509B2

公开(公告)日：2023-11-07

申请号：US17248585

申请日：2021-01-29

Applicant: Juniper Networks, Inc.

Inventor： Vinod Kumar N ,  Robert W. Kebler ,  Vikram Nagarajan

IPC: H04L12/18

CPC classification number: H04L12/18

Abstract: An example egress network device includes at least one computer processor and a memory. The memory includes instructions that cause the at least one computer processor to receive messages from each of a plurality of ingress network devices. Each message specifies a multicast source as an anycast address that belongs to two or more sources, a multicast group, and a customer site identifier that uniquely identifies a customer network device via which the anycast address is reachable. The instructions cause the at least one computer processor to select, based on the customer site identifiers, one of the plurality of ingress network devices to which to send a multicast join message of a plurality of multicast join messages for the multicast source and multicast group. The instructions cause the at least one computer processor to send the multicast join message to the selected one of the plurality of ingress network devices.

公开(公告)号：US11808874B2

公开(公告)日：2023-11-07

申请号：US17811789

申请日：2022-07-11

Applicant: Juniper Networks, Inc.

Inventor： Neal Dante Castagnoli

IPC: G01S5/06 ,  G01S5/02 ,  G01S3/48

CPC classification number: G01S5/06 ,  G01S5/0278 ,  G01S5/02521 ,  G01S5/02525 ,  G01S5/02528 ,  G01S3/48

Abstract: Disclosed are embodiments for determining a location of a device based on phase differences of a signal received from the device. In some embodiments, expected phase differences for signals transmitted from a plurality of regions are determined. The expected phase differences are those differences of the signal when received at each of a plurality of receive elements of a receiving device. By comparing phase differences of a signal received from the device to the expected phase differences, a location of the device is determined.