公开(公告)号：US12113832B2

公开(公告)日：2024-10-08

申请号：US18057057

申请日：2022-11-18

Applicant: Juniper Networks, Inc.

Inventor： Gurminder Singh ,  Pei-Yu Yang ,  Rong Xie

IPC: H04L29/06 ,  H04L9/40

CPC classification number: H04L63/20 ,  H04L63/104

Abstract: In some examples, a system includes a network managed by a service provider and configured to provide access to one or more objects to a set of tenants each having one or more users, the service provider and the set of tenants being part of a set of entities that form a hierarchy, and a controller having access to the network. The controller is configured to obtain data indicative of a set of parameters, where the data indicative of the set of parameters is associated with an owner entity of the set of entities, generate a rule which incorporates the set of parameters, where the rule enables the controller to control access to an object of the one or more objects, and add the rule to a rules database, wherein the rules database is accessible to the controller.

公开(公告)号：US20230123775A1

公开(公告)日：2023-04-20

申请号：US17657596

申请日：2022-03-31

Applicant: Juniper Networks, Inc.

Inventor： Mahesh Sivakumar ,  FNU Nadeem ,  Srinivas Akkipeddi ,  Michael Henkel ,  Prasad Miriyala ,  Gurminder Singh ,  Édouard Thuleau ,  Atul S Moghe ,  Joseph Williams ,  Ignatious Johnson Christober ,  Jeffrey S. Marshall ,  Nagendra Maynattamai ,  Dale Davis

IPC: H04L41/40 ,  H04L41/0803

Abstract: In an example, a method includes processing, by an application programming interface (API) server implemented by a configuration node of a network controller for a software-defined networking (SDN) architecture system, requests for operations on native resources of a container orchestration system; processing, by a custom API server implemented by the configuration node, requests for operations on custom resources for SDN architecture configuration, wherein each of the custom resources for SDN architecture configuration corresponds to a type of configuration object in the SDN architecture system; detecting, by a control node of the network controller, an event on an instance of a first custom resource of the custom resources; and by the control node, in response to detecting the event on the instance of the first custom resource, obtaining configuration data for the instance of the first custom resource and configuring a corresponding instance of a configuration object in the SDN architecture.

公开(公告)号：US12184659B2

公开(公告)日：2024-12-31

申请号：US18047727

申请日：2022-10-19

Applicant: Juniper Networks, Inc.

Inventor： Gurminder Singh ,  Pei-Yu Yang ,  Rong Xie

IPC: H04L29/00 ,  H04L9/40

Abstract: This disclosure is directed to devices, systems, and techniques for enforcing access to resources within a computer network. In some examples, a system includes a network managed by a service provider and configured to provide a plurality of microservices to a plurality of tenants each having one or more users and a controller having access to the network. The controller is configured to output, to a user interface, data indicative of a plurality of capabilities for presentation by the user interface and receive, from the user interface, data indicative of a user selection of a set of capabilities and a user selection of a new role identifier. The controller is further configured to create, based on the set of capabilities and the role identifier, a role which enables access to a set of actions within a computer network, the set of actions corresponding to the set of capabilities.

公开(公告)号：US11750480B2

公开(公告)日：2023-09-05

申请号：US17456105

申请日：2021-11-22

Applicant: Juniper Networks, Inc.

Inventor： Jeffrey S. Marshall ,  Gurminder Singh ,  Prasad Miriyala ,  Iqlas M. Ottamalika

IPC: H04L43/026

CPC classification number: H04L43/026

Abstract: A method includes subscribing, by an agent, to telemetry flow data from each network device of a plurality of network devices and receiving, by the agent, a plurality of streams of telemetry flow data from the plurality of the network devices. Each of the plurality of streams corresponds to a different one of the plurality of network devices. The method further includes aggregating, by the agent, data from at least one stream of the plurality of streams of the telemetry flow data received over a period of time and, at the end of the period of time and/or when the data from the at least one stream exceeds a data threshold, sending, by the agent, the aggregated telemetry flow data to a network analyzer device.

公开(公告)号：US20230061080A1

公开(公告)日：2023-03-02

申请号：US18047727

申请日：2022-10-19

Applicant: Juniper Networks, Inc.

Inventor： Gurminder Singh ,  Pei-Yu Yang ,  Rong Xie

IPC: H04L9/40

Abstract: This disclosure is directed to devices, systems, and techniques for enforcing access to resources within a computer network. In some examples, a system includes a network managed by a service provider and configured to provide a plurality of microservices to a plurality of tenants each having one or more users and a controller having access to the network. The controller is configured to output, to a user interface, data indicative of a plurality of capabilities for presentation by the user interface and receive, from the user interface, data indicative of a user selection of a set of capabilities and a user selection of a new role identifier. The controller is further configured to create, based on the set of capabilities and the role identifier, a role which enables access to a set of actions within a computer network, the set of actions corresponding to the set of capabilities.

公开(公告)号：US11516254B2

公开(公告)日：2022-11-29

申请号：US16447733

申请日：2019-06-20

Applicant: Juniper Networks, Inc.

Inventor： Gurminder Singh ,  Pei-Yu Yang ,  Rong Xie

IPC: H04L29/06 ,  H04L9/40

Abstract: In some examples, a system includes a network managed by a service provider and configured to provide access to one or more objects to a set of tenants each having one or more users, the service provider and the set of tenants being part of a set of entities that form a hierarchy, and a controller having access to the network. The controller is configured to obtain data indicative of a set of parameters, where the data indicative of the set of parameters is associated with an owner entity of the set of entities, generate a rule which incorporates the set of parameters, where the rule enables the controller to control access to an object of the one or more objects, and add the rule to a rules database, wherein the rules database is accessible to the controller.

公开(公告)号：US11516220B1

公开(公告)日：2022-11-29

申请号：US16235739

申请日：2018-12-28

Applicant: Juniper Networks, Inc.

Inventor： Gurminder Singh ,  Pei-Yu Yang ,  Rong Xie

IPC: H04L29/00 ,  H04L9/40

Abstract: This disclosure is directed to devices, systems, and techniques for enforcing access to resources within a computer network. In some examples, a system includes a network managed by a service provider and configured to provide a plurality of microservices to a plurality of tenants each having one or more users and a controller having access to the network. The controller is configured to output, to a user interface, data indicative of a plurality of capabilities for presentation by the user interface and receive, from the user interface, data indicative of a user selection of a set of capabilities and a user selection of a new role identifier. The controller is further configured to create, based on the set of capabilities and the role identifier, a role which enables access to a set of actions within a computer network, the set of actions corresponding to the set of capabilities.

公开(公告)号：US11070540B1

公开(公告)日：2021-07-20

申请号：US16235647

申请日：2018-12-28

Applicant: Juniper Networks, Inc.

Inventor： Gurminder Singh ,  Pei-Yu Yang ,  Mamata Devabhaktuni

IPC: H04L29/06 ,  G06F21/31

Abstract: A controller may be used to create and process an assertion, in some cases, to implement single-sign on (SSO) in a computer network. In some examples, the controller includes processing circuitry coupled to a storage device. The processing circuitry is configured to create the assertion, where the assertion includes information indicative of a set of attributes and parse the assertion to determine the set of attributes. Additionally, the processing circuitry is configured to determine if each attribute of the set of attributes maps to a plurality of primary user groups stored in the storage device. Based on determining that an attribute of the set of attributes does not map to at least one primary user group of the plurality of primary user groups, the processing circuitry is configured to create a set of secondary user groups and a set of secondary user group names corresponding to the attribute.

公开(公告)号：US12132623B2

公开(公告)日：2024-10-29

申请号：US18356302

申请日：2023-07-21

Applicant: Juniper Networks, Inc.

Inventor： Jeffrey S. Marshall ,  Gurminder Singh ,  Prasad Miriyala ,  Iqlas M. Ottamalika

IPC: H04L43/026

CPC classification number: H04L43/026

Abstract: A method includes subscribing, by an agent, to telemetry flow data from each network device of a plurality of network devices and receiving, by the agent, a plurality of streams of telemetry flow data from the plurality of the network devices. Each of the plurality of streams corresponds to a different one of the plurality of network devices. The method further includes aggregating, by the agent, data from at least one stream of the plurality of streams of the telemetry flow data received over a period of time and, at the end of the period of time and/or when the data from the at least one stream exceeds a data threshold, sending, by the agent, the aggregated telemetry flow data to a network analyzer device.

公开(公告)号：US20230362073A1

公开(公告)日：2023-11-09

申请号：US18356302

申请日：2023-07-21

Applicant: Juniper Networks, Inc.

Inventor： Jeffrey S. Marshall ,  Gurminder Singh ,  Prasad Miriyala ,  Iqlas M. Ottamalika

IPC: H04L43/026

CPC classification number: H04L43/026

Abstract: A method includes subscribing, by an agent, to telemetry flow data from each network device of a plurality of network devices and receiving, by the agent, a plurality of streams of telemetry flow data from the plurality of the network devices. Each of the plurality of streams corresponds to a different one of the plurality of network devices. The method further includes aggregating, by the agent, data from at least one stream of the plurality of streams of the telemetry flow data received over a period of time and, at the end of the period of time and/or when the data from the at least one stream exceeds a data threshold, sending, by the agent, the aggregated telemetry flow data to a network analyzer device.