公开(公告)号：US20230396494A1

公开(公告)日：2023-12-07

申请号：US18451864

申请日：2023-08-18

Applicant: Juniper Networks, Inc.

Inventor： Pradeep H. Krishnamurthy ,  FNU Nadeem ,  Raviraj Satish Deshmukh

IPC: H04L41/0816 ,  H04L41/22

CPC classification number: H04L41/0816 ,  H04L41/22

Abstract: A controller device manages a plurality of network devices. The controller device includes a memory comprising a configuration database including a set of stored network device configurations, wherein each stored network device configuration of the set of stored network device configurations corresponds to a network device of the set of network devices. Additionally, the controller device includes processing circuitry configured to receive an intent file corresponding to an intended configuration for the set of network devices; receive a message from a network device of the set of network devices indicating an out-of-band configuration change at the network device; and determine, based on a stored network device configuration corresponding to the network device and an actual configuration of the network device, whether the intent file is compatible with the out-of-band configuration change.

公开(公告)号：US12101227B2

公开(公告)日：2024-09-24

申请号：US18313131

申请日：2023-05-05

Applicant: Juniper Networks, Inc.

Inventor： Prasad Miriyala ,  FNU Nadeem ,  Sayali Mane ,  Ankur Tandon ,  Sajeesh Mathew ,  Pranav Cherukupalli ,  Khushi Vaidya

IPC: G06F15/173 ,  H04L41/0681 ,  H04L41/0894

CPC classification number: H04L41/0894 ,  H04L41/0681

Abstract: In an example, a validation system comprises processing circuitry having access to a storage device and is configured to obtain flow records indicative of packet flows among workloads deployed to a cluster of one or more computing devices configured with a network policy, wherein each flow record of the flow records indicates a corresponding packet flow was allowed or denied by the cluster; receive an updated network policy; determine whether a corresponding packet flow for a flow record of the flow records has a discrepancy with the updated network policy; and in response to determining the corresponding packet flow for the flow record of the flow records has a discrepancy with the updated network policy, output an indication of an error.

公开(公告)号：US20240195844A1

公开(公告)日：2024-06-13

申请号：US18584531

申请日：2024-02-22

Applicant: Juniper Networks, Inc.

Inventor： Kaushik Dutta Majumdar ,  FNU Nadeem ,  Shanmukh Uppuluri

IPC: H04L9/40 ,  G06F16/245

CPC classification number: H04L63/20 ,  G06F16/245 ,  H04L63/0227

Abstract: In an example, systems and methods enable automatic implementation of intent-based security policies in a network system, such as a software-defined wide area network system, in which network segment prefixes for network segments at one or more sites are dynamically learned. A service orchestrator controller translates an intent-based security policy input by a user to a security policy for a first site. The security policy for the first site specifies a segment-specific queryable resource associated with a second site. To implement the security policy, a device associated with the first site queries the segment-specific queryable resource associated with the second site, and updates one or more forwarding tables of the device with the network segment prefixes associated with one or more network segments at the second site received in response to the query. The first site forwards network traffic to the second site based on the updated forwarding tables.

公开(公告)号：US20220321604A1

公开(公告)日：2022-10-06

申请号：US17301278

申请日：2021-03-30

Applicant: Juniper Networks, Inc.

Inventor： Kaushik Dutta Majumdar ,  FNU Nadeem ,  Shanmukh Uppuluri

IPC: H04L29/06 ,  G06F16/245 ,  G06N20/00

Abstract: In an example, systems and methods enable automatic implementation of intent-based security policies in a network system, such as a software-defined wide area network system, in which network segment prefixes for network segments at one or more sites are dynamically learned. A service orchestrator controller translates an intent-based security policy input by a user to a security policy for a first site. The security policy for the first site specifies a segment-specific queryable resource associated with a second site. To implement the security policy, a device associated with the first site queries the segment-specific queryable resource associated with the second site, and updates one or more forwarding tables of the device with the network segment prefixes associated with one or more network segments at the second site received in response to the query. The first site forwards network traffic to the second site based on the updated forwarding tables.

公开(公告)号：US20250023787A1

公开(公告)日：2025-01-16

申请号：US18893090

申请日：2024-09-23

Applicant: Juniper Networks, Inc.

Inventor： Prasad Miriyala ,  FNU Nadeem ,  Sayali Mane ,  Ankur Tandon ,  Sajeesh Mathew ,  Pranav Cherukupalli ,  Khushi Vaidya

IPC: H04L41/0894 ,  H04L41/0681

Abstract: In an example, a validation system comprises processing circuitry having access to a storage device and is configured to obtain flow records indicative of packet flows among workloads deployed to a cluster of one or more computing devices configured with a network policy, wherein each flow record of the flow records indicates a corresponding packet flow was allowed or denied by the cluster; receive an updated network policy; determine whether a corresponding packet flow for a flow record of the flow records has a discrepancy with the updated network policy; and in response to determining the corresponding packet flow for the flow record of the flow records has a discrepancy with the updated network policy, output an indication of an error.

公开(公告)号：US12177069B2

公开(公告)日：2024-12-24

申请号：US18341186

申请日：2023-06-26

Applicant: Juniper Networks, Inc.

Inventor： Prasad Miriyala ,  Rosh Perumpully Ramadass ,  FNU Nadeem

IPC: H04L12/00 ,  G06F9/38 ,  G06F9/50 ,  G06F9/54 ,  H04L9/40 ,  H04L41/0803 ,  H04L41/0813 ,  H04L41/0866 ,  H04L41/40 ,  H04L45/42 ,  H04L69/00

Abstract: In an example, a method comprises obtaining, by a policy controller from a first SDN architecture system, flow metadata for packet flows exchanged among workloads of a distributed application deployed to the first SDN architecture system; identifying, using flow metadata for a packet flow of the packet flows, a source endpoint workload and a destination endpoint workload of the packet flow; generating a network policy rule to allow packet flows from the source endpoint workload to the destination endpoint workload of the packet flow; and adding the network policy rule to a configuration repository as configuration data for a second SDN architecture system to cause a deployment system to configure the second SDN architecture system with the network policy rule to allow packet flows from the source endpoint workload to the destination endpoint workload when the distributed application is deployed to the second SDN architecture system.

公开(公告)号：US20240223454A1

公开(公告)日：2024-07-04

申请号：US18313131

申请日：2023-05-05

Applicant: Juniper Networks, Inc.

Inventor： Prasad Miriyala ,  FNU Nadeem ,  Sayali Mane ,  Ankur Tandon ,  Sajeesh Mathew ,  Pranav Cherukupalli ,  Khushi Vaidya

IPC: H04L41/0894 ,  H04L41/0681

CPC classification number: H04L41/0894 ,  H04L41/0681

Abstract: In an example, a validation system comprises processing circuitry having access to a storage device and is configured to obtain flow records indicative of packet flows among workloads deployed to a cluster of one or more computing devices configured with a network policy, wherein each flow record of the flow records indicates a corresponding packet flow was allowed or denied by the cluster; receive an updated network policy; determine whether a corresponding packet flow for a flow record of the flow records has a discrepancy with the updated network policy; and in response to determining the corresponding packet flow for the flow record of the flow records has a discrepancy with the updated network policy, output an indication of an error.

公开(公告)号：US20230336414A1

公开(公告)日：2023-10-19

申请号：US18341186

申请日：2023-06-26

Applicant: Juniper Networks, Inc.

Inventor： Prasad Miriyala ,  Rosh Perumpully Ramadass ,  FNU Nadeem

IPC: H04L45/42 ,  H04L9/40 ,  G06F9/38 ,  G06F9/50 ,  G06F9/54 ,  H04L41/0813 ,  H04L41/0866 ,  H04L41/40 ,  H04L41/0803 ,  H04L69/00

CPC classification number: H04L41/0813 ,  G06F9/3877 ,  G06F9/505 ,  G06F9/5072 ,  G06F9/541 ,  H04L41/0803 ,  H04L41/0866 ,  H04L41/40 ,  H04L45/42 ,  H04L63/0263 ,  H04L69/03

Abstract: In an example, a method comprises obtaining, by a policy controller from a first SDN architecture system, flow metadata for packet flows exchanged among workloads of a distributed application deployed to the first SDN architecture system; identifying, using flow metadata for a packet flow of the packet flows, a source endpoint workload and a destination endpoint workload of the packet flow; generating a network policy rule to allow packet flows from the source endpoint workload to the destination endpoint workload of the packet flow; and adding the network policy rule to a configuration repository as configuration data for a second SDN architecture system to cause a deployment system to configure the second SDN architecture system with the network policy rule to allow packet flows from the source endpoint workload to the destination endpoint workload when the distributed application is deployed to the second SDN architecture system.

公开(公告)号：US20230123775A1

公开(公告)日：2023-04-20

申请号：US17657596

申请日：2022-03-31

Applicant: Juniper Networks, Inc.

Inventor： Mahesh Sivakumar ,  FNU Nadeem ,  Srinivas Akkipeddi ,  Michael Henkel ,  Prasad Miriyala ,  Gurminder Singh ,  Édouard Thuleau ,  Atul S Moghe ,  Joseph Williams ,  Ignatious Johnson Christober ,  Jeffrey S. Marshall ,  Nagendra Maynattamai ,  Dale Davis

IPC: H04L41/40 ,  H04L41/0803

Abstract: In an example, a method includes processing, by an application programming interface (API) server implemented by a configuration node of a network controller for a software-defined networking (SDN) architecture system, requests for operations on native resources of a container orchestration system; processing, by a custom API server implemented by the configuration node, requests for operations on custom resources for SDN architecture configuration, wherein each of the custom resources for SDN architecture configuration corresponds to a type of configuration object in the SDN architecture system; detecting, by a control node of the network controller, an event on an instance of a first custom resource of the custom resources; and by the control node, in response to detecting the event on the instance of the first custom resource, obtaining configuration data for the instance of the first custom resource and configuring a corresponding instance of a configuration object in the SDN architecture.