公开(公告)号：US20250016029A1

公开(公告)日：2025-01-09

申请号：US18892845

申请日：2024-09-23

Applicant: Juniper Networks, Inc.

Inventor： Prasad Miriyala ,  Michael Henkel ,  Pranav Cherukupalli

IPC: H04L12/46 ,  G06F9/50

Abstract: In general, techniques are described for performing network segmentation for container orchestration platforms. A network controller comprising a memory and processing circuitry may be configured to perform the techniques. The memory may be configured to store a request, conforming to a container orchestration platform, to configure a new pod of a plurality of pods with a primary interface to communicate on a virtual network to segment a network formed by the plurality of pods. The processing circuitry may be configured to configure, responsive to the request, the new pod with the primary interface to enable communications via the virtual network.

公开(公告)号：US12192241B2

公开(公告)日：2025-01-07

申请号：US17937208

申请日：2022-09-30

Applicant: Juniper Networks, Inc.

Inventor： Viacheslav Dementyev ,  Kesavan Kazhiyur Mannar ,  Madhava Rao Cheethirala ,  Natarajan Manthiramoorthy ,  Raja Rao Tadimeti

IPC: H04L9/40

Abstract: Techniques are described for configuration and application of intent-based network access control (NAC) policies for authentication and authorization of multi-tenant, network access server (NAS) devices to access enterprise networks of organizations. A network management system configures intent-based NAC policies for an organization. A cloud-based NAC system may apply an appropriate intent-based NAC policy in response to an authentication request from a NAS device. The NAC system identifies a vendor of the NAS device, matches incoming attributes in the authentication request to a set of normalized match rules of the intent-based NAC policy, and translates a set of abstracted policy results corresponding to the set of normalized match rules into a vendor-specific set of return attributes based on the vendor of the NAS device. The NAC system sends the vendor-specific set of return attributes to the NAS device to enable the NAS device to access the enterprise network of the organization.

公开(公告)号：US20250004738A1

公开(公告)日：2025-01-02

申请号：US18294933

申请日：2022-08-05

Applicant: Juniper Networks, Inc.

Inventor： Praveen Jain ,  Natarajan Manthiramoorthy ,  Suresh Kumar Nalluru ,  Mahesh Kalappattil ,  Krishnamurthy Kodundirapalli Padmanabhan

IPC: G06F8/61

Abstract: An example system includes a service provider, wherein the service provider is configured to: receive a connection request from an enterprise device via one or more communication networks, generate a route, a logical tunnel, and a first port number, instantiate, by the service provider, a service process configured to listen for network traffic at a first port associated with the first port number, store an association of the route to a logical tunnel interface for the logical tunnel with one of a plurality of virtual machines (VMs) and an association of the first port number with a source Internet protocol (IP) address obtained from the connection request, and forward, to the first port, an application request received from the enterprise at a second port associated with a second port number and via a tunnel established with the enterprise device.

公开(公告)号：US12184659B2

公开(公告)日：2024-12-31

申请号：US18047727

申请日：2022-10-19

Applicant: Juniper Networks, Inc.

Inventor： Gurminder Singh ,  Pei-Yu Yang ,  Rong Xie

IPC: H04L29/00 ,  H04L9/40

Abstract: This disclosure is directed to devices, systems, and techniques for enforcing access to resources within a computer network. In some examples, a system includes a network managed by a service provider and configured to provide a plurality of microservices to a plurality of tenants each having one or more users and a controller having access to the network. The controller is configured to output, to a user interface, data indicative of a plurality of capabilities for presentation by the user interface and receive, from the user interface, data indicative of a user selection of a set of capabilities and a user selection of a new role identifier. The controller is further configured to create, based on the set of capabilities and the role identifier, a role which enables access to a set of actions within a computer network, the set of actions corresponding to the set of capabilities.

公开(公告)号：US12184532B1

公开(公告)日：2024-12-31

申请号：US18381607

申请日：2023-10-18

Applicant: Juniper Networks, Inc.

Inventor： Suraj Narayan Sharma ,  Hitesh Mali

IPC: H04L45/02 ,  H04L61/5069

Abstract: An autonomous system border router (ASBR) provided in a domain in which routers share an anycast address, may perform a method comprising: (a) receiving, from an exterior Border Gateway Protocol (eBGP) peer, first reachability information for a first prefix, the first reachability information including a first next hop (NH) address; (b) communicating first link state information about the first prefix to another router in the domain, the first link state information associating the first prefix with the anycast address; (c) receiving, from an eBGP peer, second reachability information for a second prefix, the second reachability information including a second next hop (NH) address; and (d) communicating second link state information about the second prefix to the other router in the domain, the second link state information associating the second prefix with the anycast address. This effectively reduces the number of next hops related to a prefix learned by two or more ASBRs (e.g., one or more spine routers in a Clos of an aggregate spine) via eBGP, stored as forwarding information on a non-ASBR in an IGP domain (e.g., on a leaf node in a Clos of an aggregate spine).

公开(公告)号：US12184522B2

公开(公告)日：2024-12-31

申请号：US18155658

申请日：2023-01-17

Applicant: Juniper Networks, Inc.

Inventor： Prashant Kumar ,  Jisheng Wang ,  Gorakhanath Kathare ,  Yogesh B G ,  Kaushik Adesh Agrawal ,  Jie C Jiang ,  Scott A. McCulley ,  Greg Schrock

IPC: H04L43/0817 ,  H04L41/0604 ,  H04L41/0631 ,  H04L41/08 ,  H04L41/16 ,  H04L43/067 ,  H04L41/046 ,  H04L41/069 ,  H04L41/0816 ,  H04L41/082 ,  H04L41/122 ,  H04L41/14 ,  H04L41/147 ,  H04L43/06 ,  H04L43/0876

Abstract: Techniques are described for monitoring application performance in a computer network. For example, a network management system (NMS) includes a memory storing path data received from a plurality of network devices, the path data reported by each network device of the plurality of network devices for one or more logical paths of a physical interface from the given network device over a wide area network (WAN). Additionally, the NMS may include processing circuitry in communication with the memory and configured to: determine, based on the path data, one or more application health assessments for one or more applications, wherein the one or more application health assessments are associated with one or more application time periods for a site, and in response to determining at least one failure state, output a notification including identification of a root cause of the at least one failure state.

公开(公告)号：US12184493B1

公开(公告)日：2024-12-31

申请号：US18473469

申请日：2023-09-25

Applicant: Juniper Networks, Inc.

Inventor： Ashok Kumar Padhy ,  Scott Mackie ,  Sreenivas Gadela ,  Swamy Sadashivaiah Renu Kananda ,  Yanfang Zhang

IPC: G06F15/177 ,  H04L41/082 ,  H04L41/0859 ,  H04L41/0866

Abstract: A network device may receive an original configuration that includes configuration objects, and may generate, based on the original configuration, a dependency graph that includes nodes representing and entries representing the configuration objects. The network device may receive a configuration update that includes new configuration objects, and may update the dependency graph based on the configuration update and to generate an updated dependency graph that includes new nodes and/or new entries representing the new configuration objects. The network device may test the configuration update, based on the updated dependency graph, to determine whether the configuration update fails or succeeds. The network device may selectively implement the configuration update based on the configuration update succeeding or perform a rollback of the configuration update, based on the configuration update failing, to restore the original configuration.

公开(公告)号：US20240430197A1

公开(公告)日：2024-12-26

申请号：US18341439

申请日：2023-06-26

Applicant: Juniper Networks, Inc.

Inventor： Zhaohui ZHANG ,  Kireeti KOMPELLA

IPC: H04L45/50

Abstract: In some implementations, a network device may receive, from a first other network device, a route that includes a label, a prefix, and a next-hop identifier. The network device may generate, based on receiving the route, a composite tunnel attribute that includes an identifier of the network device and a label allocated by the network device. The network device may modify, based on generating the composite tunnel attribute, the route to cause the composite tunnel attribute to be included in the route. The network device may send, based on modifying the route, the route to a second other network device.

公开(公告)号：US20240430153A1

公开(公告)日：2024-12-26

申请号：US18828155

申请日：2024-09-09

Applicant: Juniper Networks, Inc.

Inventor： Ebrahim Safavi

IPC: H04L41/0631 ,  H04L41/0681 ,  H04L41/0816 ,  H04L41/147 ,  H04L41/16

Abstract: A network management system may detect congestion and other network problems, identify the root cause of the issue and invoke remedial actions. The network management system may collect a time series of network data from various devices in the network. The network management system may use the collected network data to determine metrics indicating whether the network is experiencing congestion and/or anomalies, and if so, what is the root cause. Once the root cause is identified an automated and/or manual corrective action may take place.

公开(公告)号：US12177187B2

公开(公告)日：2024-12-24

申请号：US18145995

申请日：2022-12-23

Applicant: Juniper Networks, Inc.

Inventor： Goutham Kondapavuluru ,  Sarvesh K. Batta ,  Vijay Sai Ram Paruchuri ,  Ramesh Biradar ,  Sharanagoud B Devaraddi

IPC: H04L9/40 ,  H04L9/08 ,  H04L69/22

Abstract: A network device may create an encrypted packet and may duplicate the encrypted packet to create a plurality of encrypted packets that includes a first set of encrypted packets that is associated with a first receiving network device and a second set of encrypted packets that is to be associated with a second receiving network device. The network device may modify the second set of encrypted packets by replacing a first virtual destination address in the second set of the plurality of encrypted packets with a second virtual destination address that identifies a virtual tunnel endpoint of the second receiving network device. The network device may encapsulate and may send, based on the first virtual destination address and the second virtual destination address, individual encapsulated encrypted packets to the first receiving network device or the second receiving network device.