公开(公告)号：US08953592B2

公开(公告)日：2015-02-10

申请号：US13631704

申请日：2012-09-28

Applicant: Juniper Networks, Inc.

Inventor： Gopi Krishna ,  Apurva Mehta ,  Ananda Sathyanarayana ,  Bobby Vandalore ,  Dinesh Bakiaraj ,  Vignesh Chinnakkannu

IPC: H04L12/28 ,  H04L29/12 ,  H04L12/14 ,  H04W8/26

CPC classification number: H04L61/203 ,  H04L12/1407 ,  H04L29/12245 ,  H04L61/2514 ,  H04L61/2517 ,  H04L61/2567 ,  H04W8/26

Abstract: In general, techniques are described for informing services nodes of private network address information in order to apply subscriber-aware services with the services node. In some examples, a services node includes an Authentication, Authorization, and Accounting (AAA) interface to receive a AAA message, wherein the AAA message has been extended from a AAA protocol to specify a private network address of a subscriber device authenticated to an access network by the AAA server and assigned the private network address that is not routable external to the access network. A mapping module associates the public network address of subscriber data traffic with the private network address received by the AAA message. One or more service modules select one or more of a plurality of subscriber policies using the associated private network address and apply services to the subscriber data traffic in accordance with the selected subscriber policies.

Abstract translation: 通常，描述了用于向服务节点通知专用网络地址信息以便将服务节点应用订户感知服务的技术。 在一些示例中，服务节点包括用于接收AAA消息的认证，授权和计费（AAA）接口，其中所述AAA消息已经从AAA协议扩展以指定认证到接入的订户设备的专用网络地址 由AAA服务器进行网络连接，并分配在接入网络外部不可路由的专用网络地址。 映射模块将用户数据业务的公网地址与AAA消息接收到的私网地址相关联。 一个或多个服务模块使用相关联的专用网络地址选择多个订户策略中的一个或多个，并且根据所选择的订户策略将服务应用于用户数据业务。

公开(公告)号：US20140092899A1

公开(公告)日：2014-04-03

申请号：US13631704

申请日：2012-09-28

Applicant: JUNIPER NETWORKS, INC.

Inventor： Gopi Krishna ,  Apurva Mehta ,  Ananda Sathyanarayana ,  Bobby Vandalore ,  Dinesh Bakiaraj ,  Vignesh Chinnakkannu

IPC: H04L12/56

CPC classification number: H04L61/203 ,  H04L12/1407 ,  H04L29/12245 ,  H04L61/2514 ,  H04L61/2517 ,  H04L61/2567 ,  H04W8/26

Abstract: In general, techniques are described for informing services nodes of private network address information in order to apply subscriber-aware services with the services node. In some examples, a services node includes an Authentication, Authorization, and Accounting (AAA) interface to receive a AAA message, wherein the AAA message has been extended from a AAA protocol to specify a private network address of a subscriber device authenticated to an access network by the AAA server and assigned the private network address that is not routable external to the access network. A mapping module associates the public network address of subscriber data traffic with the private network address received by the AAA message. One or more service modules select one or more of a plurality of subscriber policies using the associated private network address and apply services to the subscriber data traffic in accordance with the selected subscriber policies.

Abstract translation: 通常，描述了用于向服务节点通知专用网络地址信息以便将服务节点应用订户感知服务的技术。 在一些示例中，服务节点包括用于接收AAA消息的认证，授权和计费（AAA）接口，其中所述AAA消息已经从AAA协议扩展以指定认证到接入的订户设备的专用网络地址 由AAA服务器进行网络连接，并分配在接入网络外部不可路由的专用网络地址。 映射模块将用户数据业务的公网地址与AAA消息接收到的私网地址相关联。 一个或多个服务模块使用相关联的专用网络地址选择多个订户策略中的一个或多个，并且根据所选择的订户策略将服务应用于用户数据业务。

公开(公告)号：US09438699B1

公开(公告)日：2016-09-06

申请号：US14817002

申请日：2015-08-03

Applicant: Juniper Networks, Inc.

Inventor： Nikhil G. Shetty ,  Chitrak K. Ojha ,  Rohini Kasturi ,  Vijay S. Rajaram ,  Gopi Krishna ,  Venkatesh Badakere Ramachandra

IPC: G06F15/16 ,  H04L29/06 ,  H04L29/08

CPC classification number: H04L67/42 ,  H04L29/06 ,  H04L29/0872 ,  H04L67/1095 ,  H04L67/141 ,  H04L67/28 ,  H04L67/2809 ,  H04L69/16 ,  H04L69/163

Abstract: In one example, an intermediate network device sends packets that advertise a transmission control protocol (TCP) window size of zero bytes to a client device and a server device. The device, after sending the packets, receives a first zero-window probe packet from the client device including data representing a first current sequence number for a client-to-server packet flow of an established network session, and a second zero-window probe packet from the server device including data representing a second current sequence number for a server-to-client packet flow of the network session. The device also initializes a TCP state based on the first and second current sequence numbers, and acts as a TCP proxy for packets following the first zero-window probe packet of the client-to-server packet flow based on the TCP state and packets following the second zero-window probe packet of the server-to-client packet flow based on the TCP state.

公开(公告)号：US09351324B2

公开(公告)日：2016-05-24

申请号：US14540958

申请日：2014-11-13

Applicant: Juniper Networks, Inc.

Inventor： Gopi Krishna ,  Apurva Mehta

IPC: H04W76/02 ,  H04L12/741 ,  H04L12/721 ,  H04L12/773 ,  H04L29/12

CPC classification number: H04W76/021 ,  H04L45/566 ,  H04L45/60 ,  H04L45/745 ,  H04L61/2514 ,  H04L61/2517 ,  H04L61/2528 ,  H04W76/11 ,  H04W76/12

Abstract: Techniques are described for performing inline NAT functions in a forwarding element of a mobile gateway router or other device in which subscriber sessions of a mobile access network are distributed across a plurality of session management cards. The session management cards pre-allocate a public network address and port range for subscribers at the time a network connection is established in response to connection request prior to receiving any data traffic associated with the subscriber. NAT profiles are programmed into hardware forwarding elements of the mobile gateway router for inline NAT when routing subscriber traffic for the mobile access network.

Abstract translation: 描述了用于在移动网关路由器或其他设备的转发元件中执行内联NAT功能的技术，其中移动接入网络的用户会话分布在多个会话管理卡上。 会话管理卡在接收到与用户相关联的任何数据流量之前，在响应于连接请求建立网络连接时为用户预分配公共网络地址和端口范围。 当为移动接入网络路由用户流量时，NAT配置文件被编程为用于内联NAT的移动网关路由器的硬件转发元件。

公开(公告)号：US10999125B1

公开(公告)日：2021-05-04

申请号：US16278317

申请日：2019-02-18

Applicant: Juniper Networks, Inc.

Inventor： Harsha Srinath ,  Sanjay Agrawal ,  Gopi Krishna ,  Ananya Basu

IPC: G06F11/00 ,  H04L12/24 ,  H04L12/703 ,  H04L12/751 ,  H04L12/707 ,  H04L12/713 ,  H04L29/14 ,  H04L29/06

Abstract: A system and method for communicating between applications using a routing process. A set of one or more signal-routes are defined on a network device, including a first signal-route. Each signal-route is associated with a state of an application to be executed on the network device, wherein the first signal-route is associated with a first application state of the application. The network device detects, within the application executing within an application layer of the network device, a change in the first application state and notifies other applications of the change in the first application state. Notifying includes modifying the first signal-route, wherein modifying includes adding the first signal-route to or removing the first signal-route from a Routing Information Base (RIB) and advertising the change in the RIB.

公开(公告)号：US20140092738A1

公开(公告)日：2014-04-03

申请号：US13630458

申请日：2012-09-28

Applicant: JUNIPER NETWORKS, INC.

Inventor： Jagadish Grandhi ,  Gopi Krishna ,  Ananda Sathyanarayana ,  Arun Balasubramanian ,  Bobby Vandalore

IPC: H04L12/56 ,  H04L12/24

CPC classification number: H04L45/22 ,  H04L45/24 ,  H04L45/50 ,  H04L47/125 ,  H04L47/14 ,  H04L47/52 ,  H04L47/724 ,  H04L47/824

Abstract: In general, techniques are described for maintaining load balancing after service application. A network device comprising ingress and egress forwarding components and a service card may implement the techniques. An ingress forwarding component receives a packet and, in response to a determination that the service is to be applied to the packet, updates the packet to include an ingress identifier that identifies the ingress forwarding component, thereafter transmitting the updated packet to the service card. The service card applies the service to the updated packet to generate a serviced packet and transmits the serviced packet to the ingress forwarding component identified by the ingress identifier so as to maintain load balancing of packet flows across the plurality of forwarding components. The ingress forwarding component determines a next hop to which to forward the serviced packet and the egress forwarding component forwards the serviced packet to the determined next hop.

Abstract translation: 通常，描述了在维护应用后维护负载平衡的技术。 包括入口和出口转发组件和服务卡的网络设备可以实现这些技术。 入口转发组件接收分组，并且响应于确定将应用于分组的服务，更新分组以包括标识入口转发组件的入口标识符，然后将更新的分组发送到服务卡。 服务卡将服务应用于更新的分组，以生成服务分组，并将服务分组发送到由入口标识符标识的入口转发组件，以便保持跨多个转发组件的分组流的负载均衡。 入口转发组件确定转发服务分组的下一跳，并且出口转发组件将服务分组转发到确定的下一跳。

公开(公告)号：US10469317B1

公开(公告)日：2019-11-05

申请号：US15473369

申请日：2017-03-29

Applicant: Juniper Networks, Inc.

Inventor： Tong Jiang ,  Roshan Joyce ,  Gopi Krishna ,  Sankar Ramamoorthi

IPC: H04L12/24 ,  H04L12/46 ,  G06F9/455

Abstract: Techniques are described for dynamically adapting virtualized network functions (VNFs) to different target environments. A controller stores device profiles that include configuration data and workflows for resolving configuration parameters for instantiating and deploying a VNF package to form a network service. To support the resolution of VNF configuration parameters, a VNF descriptor for the VNF is extended to include a device family parameter that indicates a shared architecture and configuration parameters. The controller, when instantiating the VNF, may identify a device profile usable for resolving the configuration parameters for the VNF and obtain configuration data from the device profile for creating and configuring a VNF instance for the VNF descriptor. Extending the VNF descriptor to specify a device family allows the VNF to be flexibly adapted for different target environments and may avoid the use of numerous pre-defined VNF descriptors.

公开(公告)号：US10210058B1

公开(公告)日：2019-02-19

申请号：US14871405

申请日：2015-09-30

Applicant: Juniper Networks, Inc.

Inventor： Harsha Srinath ,  Sanjay Agrawal ,  Gopi Krishna ,  Ananya Basu

IPC: G06F11/20 ,  G06F11/30 ,  G06F11/14 ,  H04L29/06

Abstract: A redundant service delivery gateway system and method. Configuration information defining roles for redundant service delivery gateways is received via a user interface defined for each of a plurality of redundant service delivery gateways. Configuration information defining one or more redundancy events, a redundancy policy associated with each redundancy event and two or more redundancy sets is also received via a user interface. Each redundancy set is associated with one or more of the redundancy events and each redundancy set includes a master redundancy state and a standby redundancy state. A first redundancy event detected in a first service delivery gateway leads to a transition, in the first service delivery gateway, from a master redundancy state to a standby redundancy state in the redundancy set associated with the first redundancy event.

公开(公告)号：US09736036B2

公开(公告)日：2017-08-15

申请号：US14611890

申请日：2015-02-02

Applicant: Juniper Networks, Inc.

Inventor： Andrzej Szyszko ,  Apurva Mehta ,  Kumar B. Mehta ,  Gopi Krishna ,  Jagadish Grandhi ,  Murtuza S. Attarwala

IPC: H04L12/56 ,  H04L12/24 ,  H04L12/851 ,  H04L12/771 ,  H04L12/741

CPC classification number: H04L41/5048 ,  H04L45/56 ,  H04L45/745 ,  H04L47/2441

Abstract: In general, this disclosure describes techniques for applying, with a network device, subscriber-specific packet processing using an internal processing path that includes service objects that are commonly applied to multiple packet flows associated with multiple subscribers. In one example, a network device control plane creates subscriber records that include, for respective subscribers, one or more variable values that specify service objects as well as an identifier for a packet processing template. A forwarding plane of the network device receives and maps subscriber packets to an associated subscriber record and then processes the packet by executing the packet processing template specified by the subscriber record. When the forwarding plane reaches a variable while executing the specified packet processing template, the forwarding plane reads the associated variable value from the subscriber record to identify and then apply the subscriber-specific service object specified by the variable.

公开(公告)号：US09379982B1

公开(公告)日：2016-06-28

申请号：US14042676

申请日：2013-09-30

Applicant: Juniper Networks, Inc.

Inventor： Gopi Krishna ,  Suresh Kumar Vinapamula Venkata ,  Shauli Gal ,  Li Fang ,  Harsha Srinath ,  Sanjay Agrawal ,  Jwala Dinesh Gupta Chakka

IPC: H04L12/803

CPC classification number: H04L47/125 ,  H04L67/1023 ,  H04L67/1034

Abstract: In general, techniques are described for load balancing, with a service node, packet flows using stateless load balancing that adapts to server failure to provide flow affinity to initially selected servers for the duration of respective flows. In one example, service node device applies stateless load balancing to packet flows to distribute the flows among a plurality of servers. The service node determines a failure of a failed server and then receives an initial packet of a packet flow from the packet flows and forwards the initial packet to an active server. The service node generates a mapping of the packet flow to the active server, determines a recovery of the failed server, receives a subsequent packet of the packet flow, and forwards the subsequent packet of the packet flow to the active server based at least on the mapping of the packet flow to the active server.

Abstract translation: 一般来说，描述了用于负载平衡的技术，其中使用服务节点，使用无状态负载平衡的分组流适应于服务器故障，以在相应流程的持续时间内为初始选择的服务器提供流量亲和度。 在一个示例中，服务节点设备向分组流应用无状态负载均衡以在多个服务器之间分配流。 服务节点确定故障服务器的故障，然后从分组流中接收分组流的初始分组，并将初始分组转发到活动服务器。 服务节点生成分组流到活动服务器的映射，确定故障服务器的恢复，接收分组流的后续分组，并且至少基于所述分组流将后续分组流转发到活动服务器 将数据包流映射到活动服务器。