公开(公告)号：US11115391B2

公开(公告)日：2021-09-07

申请号：US16668807

申请日：2019-10-30

Applicant: Juniper Networks, Inc.

Inventor： Avinash Kumar Singh ,  Sachin Mutalik Desai ,  Vaibhav Agarwal ,  Mohit Joshi

IPC: H04L29/06 ,  G06F9/455 ,  H04L12/813

Abstract: A device may receive a packet from a first endpoint that is destined for a second endpoint. The first endpoint may be hosted on the device. The device may determine whether a secure session exists between the first endpoint and the second endpoint. The secure session may permit encrypted traffic to be exchanged between the first endpoint and the second endpoint. The device may process the packet using a set of rules after determining whether the secure session exists between the first endpoint and the second endpoint. The device may encrypt the packet using security information associated with the secure session after determining that the secure session exists, or establishing the secure session when the secure session does not exist. The device may provide the packet toward the second endpoint after encrypting the packet.

公开(公告)号：US20200252437A1

公开(公告)日：2020-08-06

申请号：US16854056

申请日：2020-04-21

Applicant: Juniper Networks, Inc.

Inventor： Suresh Vishwanathan ,  Avinash Kumar Singh

IPC: H04L29/06 ,  G06F9/455

Abstract: A cloud network may include a distributed security switch (DSS). The DSS may be to receive configuration information from the hypervisor. The configuration information may include a set of access mode attributes and a security policy. The DSS may be to determine that a packet is to be directed from a source virtual machine to a target virtual machine. The DSS may be to identify an egress interface of the source virtual machine and an ingress interface of the target virtual machine. The egress interface may be associated with a first access mode attribute and the ingress interface being associated with a second access mode attribute. The DSS may be to selectively route the packet, using the shared memory, based on the first access mode attribute, the second access mode attribute, and the security policy.

公开(公告)号：US10568112B1

公开(公告)日：2020-02-18

申请号：US15700983

申请日：2017-09-11

Applicant: Juniper Networks, Inc.

Inventor： Avinash Kumar Singh ,  Chandra Mouli

IPC: H04W72/12 ,  G06F9/455 ,  G06F9/48

Abstract: A device may include one or more processors to receive priority information corresponding to a virtual machine of a computing environment, receive a packet associated with the virtual machine, determine a priority associated with the virtual machine based on the priority information, the priority information indicating the priority associated with the virtual machine relative to other virtual machines of the computing environment, and/or assign the packet to a queue associated with a service node of the computing environment based on the virtual machine, the packet to be output from the queue based on the priority associated with the virtual machine.

公开(公告)号：US11323485B2

公开(公告)日：2022-05-03

申请号：US16854056

申请日：2020-04-21

Applicant: Juniper Networks, Inc.

Inventor： Suresh Vishwanathan ,  Avinash Kumar Singh

IPC: G06F9/455 ,  H04L29/06

Abstract: A cloud network may include a distributed security switch (DSS). The DSS may be to receive configuration information from the hypervisor. The configuration information may include a set of access mode attributes and a security policy. The DSS may be to determine that a packet is to be directed from a source virtual machine to a target virtual machine. The DSS may be to identify an egress interface of the source virtual machine and an ingress interface of the target virtual machine. The egress interface may be associated with a first access mode attribute and the ingress interface being associated with a second access mode attribute. The DSS may be to selectively route the packet, using the shared memory, based on the first access mode attribute, the second access mode attribute, and the security policy.

公开(公告)号：US10469461B1

公开(公告)日：2019-11-05

申请号：US15730356

申请日：2017-10-11

Applicant: Juniper Networks, Inc.

Inventor： Avinash Kumar Singh ,  Sachin Mutalik Desai ,  Vaibhav Agarwal ,  Mohit Joshi

IPC: H04L29/06 ,  G06F9/455 ,  H04L12/813

Abstract: A device may receive a packet from a first endpoint that is destined for a second endpoint. The first endpoint may be hosted on the device. The device may determine whether a secure session exists between the first endpoint and the second endpoint. The secure session may permit encrypted traffic to be exchanged between the first endpoint and the second endpoint. The device may process the packet using a set of rules after determining whether the secure session exists between the first endpoint and the second endpoint. The device may encrypt the packet using security information associated with the secure session after determining that the secure session exists, or establishing the secure session when the secure session does not exist. The device may provide the packet toward the second endpoint after encrypting the packet.