公开(公告)号：US09455894B1

公开(公告)日：2016-09-27

申请号：US14039412

申请日：2013-09-27

Applicant: Juniper Networks, Inc.

Inventor： Sairam Neelam ,  Prashant Singh

IPC: H04L12/26

CPC classification number: H04L43/10 ,  H04L43/0817

Abstract: Techniques are described for selectively triggering fast reroute of traffic by enhancing a protocol used for monitoring operational status of a forwarding plane of a router. The forwarding plane of the router outputs periodic messages that, when received by a peer router, provide an indication that the forwarding plane is operational and able to forward packets. In addition, when constructing the periodic messages, the forwarding plane embeds an indication of a status of internal communication between the forwarding plane and a control plane of the router. In this way, the forwarding plane of the transmitting router provides an indication to the peer router that, although operational, the forwarding plane may be operating according to stale forwarding information.

Abstract translation: 描述了通过增强用于监视路由器的转发平面的操作状态的协议来选择性地触发业务的快速重路由的技术。 路由器的转发平面输出周期性消息，当由对等路由器接收时，提供转发平面运行并能够转发数据包的指示。 另外，在构建周期性消息时，转发平面在转发平面与路由器的控制平面之间嵌入内部通信状况的指示。 以这种方式，发送路由器的转发平面向对等路由器提供指示，尽管可操作地，转发平面可以根据陈旧的转发信息来操作。

公开(公告)号：US11245668B1

公开(公告)日：2022-02-08

申请号：US16294491

申请日：2019-03-06

Applicant: Juniper Networks, Inc.

Inventor： Sreekanth Rupavatharam ,  Prashant Singh ,  Erin C. MacNeil

IPC: H04L29/06

Abstract: A network device may detect, from an application associated with a user space of the network device, a request to configure a firewall provided by a kernel of the network device with a rule. The network device may intercept the request to configure the firewall before the firewall is configured with the rule. The network device, based on intercepting the request to configure the firewall, may analyze the rule to determine whether the rule modifies a critical functionality of the firewall. The network device may reject the request to configure the firewall based on determining that the rule modifies the critical functionality of the firewall.

公开(公告)号：US11153217B1

公开(公告)日：2021-10-19

申请号：US16699553

申请日：2019-11-30

Applicant: Juniper Networks, Inc.

Inventor： Prashant Singh ,  Sreekanth Rupavatharam

IPC: H04L12/851 ,  H04L12/813 ,  H04L12/823 ,  H04L12/805 ,  H04L29/06 ,  H04L12/825 ,  H04L12/801

Abstract: The disclosed method may include (1) determining a size of a packet received at a network device, (2) identifying, within a plurality of packet policers that track rates of packets with various sizes received at the network device, a packet policer that tracks rates of packets whose sizes are within a range that includes the size of the packet, (3) determining a current rate of packets tracked by the packet policer, and then (4) handling the packet based at least in part on whether the current rate exceeds a threshold rate. Various other apparatuses, systems, and methods are also disclosed.

公开(公告)号：US11063877B1

公开(公告)日：2021-07-13

申请号：US16747571

申请日：2020-01-21

Applicant: Juniper Networks, Inc.

Inventor： Prashant Singh ,  Sreekanth Rupavatharam ,  Hariprasad Shanmugam ,  Erin C. MacNeil

IPC: H04L12/805 ,  H04L12/935 ,  H04L12/861 ,  H04L12/879 ,  H04L12/841 ,  H04L29/06

Abstract: A socket-intercept layer in kernel space on a network device may intercept a packet destined to egress out of the network device. The socket-intercept layer may then query a routing daemon for the Maximum Transmission Unit (MTU) value of the interface out of which that packet is to egress from the network device. In response to this query, the routing daemon may provide the socket-intercept layer with the MTU value of that interface. A tunnel driver in kernel space may identify the size of the packet and fragment the packet into segments whose sizes are each less than or equal to the MTU value of the interface. The tunnel driver may then push the segments of the packet to a packet forwarding engine on the network device. In turn, the packet forwarding engine may forward the segments of the packet to the corresponding destination via the interface.

公开(公告)号：US10798062B1

公开(公告)日：2020-10-06

申请号：US16654915

申请日：2019-10-16

Applicant: Juniper Networks, Inc.

Inventor： Prashant Singh ,  Sreekanth Rupavatharam ,  Hariprasad Shanmugam

IPC: H04L29/06

Abstract: A disclosed method for applying firewall rules on packets in kernel space on network devices may include (1) intercepting, via a socket-intercept layer in kernel space on a routing engine of a network device, a packet that is destined for a remote device and then, in response to intercepting the packet in kernel space on the routing engine, (2) identifying an egress interface index that specifies an egress interface that (A) is external to kernel space and (B) is capable of forwarding the packet from the network device to the remote device, and (3) applying, on the packet in kernel space, at least one firewall rule based at least in part on the egress interface index before the packet egresses from the routing engine. Various other apparatuses, systems, and methods are also disclosed.

公开(公告)号：US10374936B2

公开(公告)日：2019-08-06

申请号：US14984926

申请日：2015-12-30

Applicant: Juniper Networks, Inc.

Inventor： Prashant Singh ,  Sairam Neelam

IPC: G06F15/16 ,  H04L12/751 ,  H04L12/26 ,  H04L29/08 ,  H04L29/06 ,  H04L12/24 ,  H04L12/703 ,  H04L12/855

Abstract: Techniques are described to reduce false alarms in network devices utilizing keepalive messaging schemes. In order to potentially avoid false alarms, a transmitting network device adjusts quality of service QOS/TOS settings in keep-alive probe packets that are sent later in a current detection interval such that the keep-alive probe packets have escalating priorities. In addition, for keep-alive probe packets that are sent later in the current detection interval, the network device may also insert host-level preferential indicator within each of the packets to request preferential treatment at both itself and the peer network device.

公开(公告)号：US11388141B1

公开(公告)日：2022-07-12

申请号：US15938857

申请日：2018-03-28

Applicant: Juniper Networks, Inc.

Inventor： Sreekanth Rupavatharam ,  Karen Zhang ,  Prashant Singh

IPC: H04L9/40

Abstract: The disclosed apparatus may include (1) flagging, at a packet filter within a network device, a packet to be discarded instead of passed to a processing unit within the network device, (2) determining that the packet is part of a set of related packets that includes at least one additional packet destined at least intermediately for the network device, (3) identifying, by monitoring incoming packets received at the packet filter, the additional packet within the set of related packets, and then (4) discarding, due to the additional packet being included within the set of related packets, the additional packet instead of passing the additional packet to the processing unit. Various other apparatuses, systems, and methods are also disclosed.

公开(公告)号：US11388140B1

公开(公告)日：2022-07-12

申请号：US16940425

申请日：2020-07-28

Applicant: Juniper Networks, Inc.

Inventor： Prashant Singh ,  Sreekanth Rupavatharam ,  Hariprasad Shanmugam ,  Erin MacNeil

IPC: H04L9/40 ,  H04L69/22 ,  H04L69/329

Abstract: A disclosed method may include (1) receiving a packet at a tunnel driver in kernel space on a routing engine of a network device, (2) identifying, at the tunnel driver, metadata of the packet that indicates whether at least one firewall filter had already been correctly applied to the packet before the packet arrived at the tunnel driver, (3) determining, based at least in part on the metadata of the packet, that the firewall filter had not been correctly applied to the packet before the packet arrived at the tunnel driver, and then in response to determining that the firewall filter had not been correctly applied to the packet, (4) invoking at least one firewall filter hook that applies at least one firewall rule on the packet before the packet is allowed to exit kernel space on the routing engine. Various other apparatuses, systems, and methods are also disclosed.

公开(公告)号：US11252091B1

公开(公告)日：2022-02-15

申请号：US16678989

申请日：2019-11-08

Applicant: Juniper Networks, Inc.

Inventor： Prashant Singh ,  Sreekanth Rupavatharam

IPC: H04L1/00 ,  H04L12/813 ,  H04L12/26 ,  G06N20/00 ,  H04L12/24 ,  H04L29/08

Abstract: A network device may obtain policer configuration information. The network device may determine, based on the policer configuration information, a traffic rate limit associated with a traffic protocol type. The network device may obtain, based on the traffic protocol type, networking data associated with the traffic protocol type. The network device may determine, based on the networking data, an expected traffic rate associated with the traffic protocol type. The network device may update, based on the expected traffic rate, the traffic rate limit. The network device may cause traffic associated with the traffic protocol type to be policed based on the updated traffic rate limit.

公开(公告)号：US10735282B1

公开(公告)日：2020-08-04

申请号：US16024496

申请日：2018-06-29

Applicant: Juniper Networks, Inc.

Inventor： Prashant Singh ,  Sreekanth Rupavatharam ,  Erin C. MacNeil

IPC: H04L12/26 ,  H04L29/06 ,  H04L12/24 ,  H04L12/823

Abstract: A disclosed method may include (1) detecting, at a network stack of a network device, a packet that (A) is destined at least intermediately for a network interface of the network device and (B) has been flagged by the network stack to be dropped instead of forwarded to the network interface based on at least one characteristic of the packet, (2) instead of dropping the packet, forwarding the packet to an alternative network interface of the network device that analyzes content of packets, (3) identifying, at the alternative network interface, the characteristic of the packet, and then (4) executing, based on the characteristic of the packet, at least one action in connection with the packet that improves the performance of the network device. Various other apparatuses, systems, and methods are also disclosed.