公开(公告)号：US09736036B2

公开(公告)日：2017-08-15

申请号：US14611890

申请日：2015-02-02

Applicant: Juniper Networks, Inc.

Inventor： Andrzej Szyszko ,  Apurva Mehta ,  Kumar B. Mehta ,  Gopi Krishna ,  Jagadish Grandhi ,  Murtuza S. Attarwala

IPC: H04L12/56 ,  H04L12/24 ,  H04L12/851 ,  H04L12/771 ,  H04L12/741

CPC classification number: H04L41/5048 ,  H04L45/56 ,  H04L45/745 ,  H04L47/2441

Abstract: In general, this disclosure describes techniques for applying, with a network device, subscriber-specific packet processing using an internal processing path that includes service objects that are commonly applied to multiple packet flows associated with multiple subscribers. In one example, a network device control plane creates subscriber records that include, for respective subscribers, one or more variable values that specify service objects as well as an identifier for a packet processing template. A forwarding plane of the network device receives and maps subscriber packets to an associated subscriber record and then processes the packet by executing the packet processing template specified by the subscriber record. When the forwarding plane reaches a variable while executing the specified packet processing template, the forwarding plane reads the associated variable value from the subscriber record to identify and then apply the subscriber-specific service object specified by the variable.

公开(公告)号：US09166929B1

公开(公告)日：2015-10-20

申请号：US14216780

申请日：2014-03-17

Applicant: Juniper Networks, Inc.

Inventor： Prakash Kamath ,  Apurva Mehta ,  Debi Prasad Sahoo ,  Jagadish Grandhi ,  Krishna Sankaran ,  Moojin Jeong

IPC: H04L12/28 ,  H04L12/947 ,  H04L12/701 ,  H04L12/54

CPC classification number: H04L49/25 ,  H04L12/287 ,  H04L12/4625 ,  H04L12/4654 ,  H04L12/4658 ,  H04L12/56 ,  H04L45/00 ,  H04L49/70 ,  H04L63/101

Abstract: In general, techniques are described that facilitate scalable wholesale layer two (L2) connectivity between customers and service providers and a demarcation between the L2 wholesale network and one or more ISPs with which customers communicate L2 PDUs. In one example, a network device receives PDU having both a service identifier identifying a service virtual local area network (SVLAN) and a customer identifier identifying a customer VLAN (CVLAN). A virtual switch determines whether an entry of a L2 learning table is associated with both the service identifier and the customer identifier of the PDU. When no such entry exists, a VLAN learning module updates the L2 learning table to create a new entry that maps to a network device interface and is associated with both the service identifier of the PDU and a plurality of customer identifiers that includes the customer identifier of the PDU.

Abstract translation: 通常，描述了促进客户和服务提供商之间的可扩展的批发第二层（L2）连接性的技术，以及L2批发网络与客户与其通信L2 PDU的一个或多个ISP之间的分界。 在一个示例中，网络设备接收具有标识服务虚拟局域网（SVLAN）的服务标识符和标识客户VLAN（CVLAN）的客户标识符的PDU。 虚拟交换机确定L2学习表的条目是否与PDU的服务标识符和客户标识符相关联。 当不存在这样的条目时，VLAN学习模块更新L2学习表以创建映射到网络设备接口的新条目，并且与PDU的服务标识符和多个客户标识符相关联，多个客户标识符包括客户标识符 PDU。

公开(公告)号：US20150071225A1

公开(公告)日：2015-03-12

申请号：US14540958

申请日：2014-11-13

Applicant: Juniper Networks, Inc.

Inventor： Gopi Krishna ,  Apurva Mehta

IPC: H04W76/02 ,  H04L12/741 ,  H04L12/721

CPC classification number: H04W76/021 ,  H04L45/566 ,  H04L45/60 ,  H04L45/745 ,  H04L61/2514 ,  H04L61/2517 ,  H04L61/2528 ,  H04W76/11 ,  H04W76/12

Abstract: Techniques are described for performing inline NAT functions in a forwarding element of a mobile gateway router or other device in which subscriber sessions of a mobile access network are distributed across a plurality of session management cards. The session management cards pre-allocate a public network address and port range for subscribers at the time a network connection is established in response to connection request prior to receiving any data traffic associated with the subscriber. NAT profiles are programmed into hardware forwarding elements of the mobile gateway router for inline NAT when routing subscriber traffic for the mobile access network.

Abstract translation: 描述了用于在移动网关路由器或其他设备的转发元件中执行内联NAT功能的技术，其中移动接入网络的用户会话分布在多个会话管理卡上。 会话管理卡在接收到与用户相关联的任何数据流量之前，在响应于连接请求建立网络连接时为用户预分配公共网络地址和端口范围。 当为移动接入网络路由用户流量时，NAT配置文件被编程为用于内联NAT的移动网关路由器的硬件转发元件。

公开(公告)号：US09351324B2

公开(公告)日：2016-05-24

申请号：US14540958

申请日：2014-11-13

Applicant: Juniper Networks, Inc.

Inventor： Gopi Krishna ,  Apurva Mehta

IPC: H04W76/02 ,  H04L12/741 ,  H04L12/721 ,  H04L12/773 ,  H04L29/12

CPC classification number: H04W76/021 ,  H04L45/566 ,  H04L45/60 ,  H04L45/745 ,  H04L61/2514 ,  H04L61/2517 ,  H04L61/2528 ,  H04W76/11 ,  H04W76/12

Abstract: Techniques are described for performing inline NAT functions in a forwarding element of a mobile gateway router or other device in which subscriber sessions of a mobile access network are distributed across a plurality of session management cards. The session management cards pre-allocate a public network address and port range for subscribers at the time a network connection is established in response to connection request prior to receiving any data traffic associated with the subscriber. NAT profiles are programmed into hardware forwarding elements of the mobile gateway router for inline NAT when routing subscriber traffic for the mobile access network.

Abstract translation: 描述了用于在移动网关路由器或其他设备的转发元件中执行内联NAT功能的技术，其中移动接入网络的用户会话分布在多个会话管理卡上。 会话管理卡在接收到与用户相关联的任何数据流量之前，在响应于连接请求建立网络连接时为用户预分配公共网络地址和端口范围。 当为移动接入网络路由用户流量时，NAT配置文件被编程为用于内联NAT的移动网关路由器的硬件转发元件。

公开(公告)号：US09674870B1

公开(公告)日：2017-06-06

申请号：US14159244

申请日：2014-01-20

Applicant: Juniper Networks, Inc.

Inventor： Srinivasa Chaganti ,  Apurva Mehta ,  Gopi Krishna ,  Bin W. Hong ,  Santosh Gupta ,  Bobby Vandalore

IPC: G06F15/173 ,  H04W74/00

CPC classification number: H04W74/002 ,  H04L45/60 ,  H04L45/745 ,  H04L67/146

Abstract: In general, techniques are described for aggregating, within a network device, internal forwarding routes for multiple control protocols and allocating next hops for the routes among individual service units of a decentralized control plane for the network device. The techniques may also include aggregating internal forwarding routes for data protocols and allocating next hops for the routes among individual forwarding units of a decentralized data plane for the network device. In one example, a mobile gateway includes a plurality of subscriber management service units that present a uniform interface to nodes within a mobile service provider network. An allocation manager apportions a control protocol session identifier namespace into a plurality of contiguous, non-overlapping protocol session identifier ranges and allocates the ranges among the service units. The service units execute the control protocol by utilizing respective allocated ranges, which the aggregate internal forwarding routes use to identify the associated service units.

公开(公告)号：US20150146731A1

公开(公告)日：2015-05-28

申请号：US14611890

申请日：2015-02-02

Applicant: Juniper Networks, Inc.

Inventor： Andrzej Szyszko ,  Apurva Mehta ,  Kumar B. Mehta ,  Gopi Krishna ,  Jagadish Grandhi ,  Murtuza S. Attarwala

IPC: H04L12/24 ,  H04L12/741 ,  H04L12/771

CPC classification number: H04L41/5048 ,  H04L45/56 ,  H04L45/745 ,  H04L47/2441

Abstract: In general, this disclosure describes techniques for applying, with a network device, subscriber-specific packet processing using an internal processing path that includes service objects that are commonly applied to multiple packet flows associated with multiple subscribers. In one example, a network device control plane creates subscriber records that include, for respective subscribers, one or more variable values that specify service objects as well as an identifier for a packet processing template. A forwarding plane of the network device receives and maps subscriber packets to an associated subscriber record and then processes the packet by executing the packet processing template specified by the subscriber record. When the forwarding plane reaches a variable while executing the specified packet processing template, the forwarding plane reads the associated variable value from the subscriber record to identify and then apply the subscriber-specific service object specified by the variable.

Abstract translation: 通常，本公开描述了使用包括通常应用于与多个订户相关联的多个分组流的服务对象的内部处理路径与网络设备一起应用订户特定分组处理的技术。 在一个示例中，网络设备控制平面创建订户记录，其为相应的订户包括指定服务对象的一个​​或多个变量值以及分组处理模板的标识符。 网络设备的转发平面将用户分组接收并映射到相关联的用户记录，然后通过执行由用户记录指定的分组处理模板来处理该分组。 当转发平面在执行指定的分组处理模板时到达变量时，转发平面从用户记录读取相关联的变量值，以识别并应用由变量指定的用户特定服务对象。

公开(公告)号：US08953592B2

公开(公告)日：2015-02-10

申请号：US13631704

申请日：2012-09-28

Applicant: Juniper Networks, Inc.

Inventor： Gopi Krishna ,  Apurva Mehta ,  Ananda Sathyanarayana ,  Bobby Vandalore ,  Dinesh Bakiaraj ,  Vignesh Chinnakkannu

IPC: H04L12/28 ,  H04L29/12 ,  H04L12/14 ,  H04W8/26

CPC classification number: H04L61/203 ,  H04L12/1407 ,  H04L29/12245 ,  H04L61/2514 ,  H04L61/2517 ,  H04L61/2567 ,  H04W8/26

Abstract: In general, techniques are described for informing services nodes of private network address information in order to apply subscriber-aware services with the services node. In some examples, a services node includes an Authentication, Authorization, and Accounting (AAA) interface to receive a AAA message, wherein the AAA message has been extended from a AAA protocol to specify a private network address of a subscriber device authenticated to an access network by the AAA server and assigned the private network address that is not routable external to the access network. A mapping module associates the public network address of subscriber data traffic with the private network address received by the AAA message. One or more service modules select one or more of a plurality of subscriber policies using the associated private network address and apply services to the subscriber data traffic in accordance with the selected subscriber policies.

Abstract translation: 通常，描述了用于向服务节点通知专用网络地址信息以便将服务节点应用订户感知服务的技术。 在一些示例中，服务节点包括用于接收AAA消息的认证，授权和计费（AAA）接口，其中所述AAA消息已经从AAA协议扩展以指定认证到接入的订户设备的专用网络地址 由AAA服务器进行网络连接，并分配在接入网络外部不可路由的专用网络地址。 映射模块将用户数据业务的公网地址与AAA消息接收到的私网地址相关联。 一个或多个服务模块使用相关联的专用网络地址选择多个订户策略中的一个或多个，并且根据所选择的订户策略将服务应用于用户数据业务。

公开(公告)号：US20140092899A1

公开(公告)日：2014-04-03

申请号：US13631704

申请日：2012-09-28

Applicant: JUNIPER NETWORKS, INC.

Inventor： Gopi Krishna ,  Apurva Mehta ,  Ananda Sathyanarayana ,  Bobby Vandalore ,  Dinesh Bakiaraj ,  Vignesh Chinnakkannu

IPC: H04L12/56

CPC classification number: H04L61/203 ,  H04L12/1407 ,  H04L29/12245 ,  H04L61/2514 ,  H04L61/2517 ,  H04L61/2567 ,  H04W8/26

Abstract: In general, techniques are described for informing services nodes of private network address information in order to apply subscriber-aware services with the services node. In some examples, a services node includes an Authentication, Authorization, and Accounting (AAA) interface to receive a AAA message, wherein the AAA message has been extended from a AAA protocol to specify a private network address of a subscriber device authenticated to an access network by the AAA server and assigned the private network address that is not routable external to the access network. A mapping module associates the public network address of subscriber data traffic with the private network address received by the AAA message. One or more service modules select one or more of a plurality of subscriber policies using the associated private network address and apply services to the subscriber data traffic in accordance with the selected subscriber policies.

Abstract translation: 通常，描述了用于向服务节点通知专用网络地址信息以便将服务节点应用订户感知服务的技术。 在一些示例中，服务节点包括用于接收AAA消息的认证，授权和计费（AAA）接口，其中所述AAA消息已经从AAA协议扩展以指定认证到接入的订户设备的专用网络地址 由AAA服务器进行网络连接，并分配在接入网络外部不可路由的专用网络地址。 映射模块将用户数据业务的公网地址与AAA消息接收到的私网地址相关联。 一个或多个服务模块使用相关联的专用网络地址选择多个订户策略中的一个或多个，并且根据所选择的订户策略将服务应用于用户数据业务。