公开(公告)号：US09647937B1

公开(公告)日：2017-05-09

申请号：US15012387

申请日：2016-02-01

Applicant: Juniper Networks, Inc.

Inventor： Mohini Dukes ,  Jerome P. Moisand

IPC: G06F15/16 ,  H04L12/715 ,  H04L12/931 ,  H04L12/721

CPC classification number: H04L45/64 ,  H04L45/38 ,  H04L47/10 ,  H04L49/351 ,  H04L49/70

Abstract: A network device includes an internal policy engine that makes local policy decisions for packet flows and controls policies applied by service modules and forwarding components of the network device. The policy engine interacts with an external policy server to receive policies using software defined networking (SDN) protocol as if the data plane of the network device were directly exposed to the external policy server by the SDN protocol.

公开(公告)号：US10693770B2

公开(公告)日：2020-06-23

申请号：US15694588

申请日：2017-09-01

Applicant: Juniper Networks, Inc.

Inventor： Jerome P. Moisand ,  Julius W. Francis

IPC: H04L12/725 ,  H04L12/46 ,  H04L29/08

Abstract: Techniques are described for providing session-aware, stateful network services to subscriber packet flows. Devices within a service provider network direct subscriber packets along service chains. Each tunnel is established to direct traffic according a particular ordered set of network services for the corresponding service chain. An ingress device for the tunnels encapsulate the subscriber packets and embed opaque session cookies that each uniquely identifies a collection of packet flows of a subscriber session amongst other packet flows transported by a given service tunnel. Each service node need only identify the tunnel on which a tunnel packet was received and the session cookie embedded within the tunnel packet to uniquely associate the encapsulated subscriber packet with a subscriber session, without needing to further inspect the encapsulated subscriber packet, and to index or otherwise retrieve state and statistics required to enforce the network service the service nod is programmed to deliver.

公开(公告)号：US08934453B1

公开(公告)日：2015-01-13

申请号：US13873045

申请日：2013-04-29

Applicant: Juniper Networks, Inc.

Inventor： Jagadishchandra Sarnaik ,  Sreenivasa Tellakula ,  Ravi Nuguru ,  Ujjvala Nangineni ,  Jerome P. Moisand ,  Sanjay Wadhwa

IPC: H04W4/00 ,  H04W28/02

CPC classification number: H04W28/0289 ,  H04W8/082 ,  H04W28/08 ,  H04W76/12

Abstract: In general, the invention is directed to techniques for offloading mobile data traffic from a mobile core network to a broadband network. For example, as described herein, a breakout gateway forwards a service request from a mobile device and addressed to a service node. The service node designates an access point name (APN) for offload such that data traffic associated with service requests specifying the designated APN is to be offloaded to an offload network. The service node receives the service requests from the breakout gateway and, if the service request specifies the designated APN, the service node sends a request to the breakout gateway. The breakout gateway receives the request and assigns a routable PDP address to the mobile device. An offload module on the breakout gateway redirects mobile data traffic to the offload network when the source PDP address of the traffic is the previously assigned PDP address.

Abstract translation: 通常，本发明涉及将移动数据业务从移动核心网卸载到宽带网络的技术。 例如，如本文所述，分组网关从移动设备转发服务请求并寻址到服务节点。 服务节点指定用于卸载的接入点名称（APN），使得与指定指定APN的服务请求相关联的数据流量将被卸载到卸载网络。 服务节点接收来自分组网关的服务请求，如果服务请求指定了指定的APN，则服务节点向中断网关发送请求。 分组网关接收请求，并向移动设备分配可路由的PDP地址。 当流量的源PDP地址是先前分配的PDP地址时，分支网关上的卸载模块将移动数据流量重定向到卸载网络。

公开(公告)号：US08706897B2

公开(公告)日：2014-04-22

申请号：US13665395

申请日：2012-10-31

Applicant: Juniper Networks, Inc.

Inventor： Sanjay Wadhwa ,  Jerome P. Moisand ,  Mathias Kokot

IPC: G06F15/16 ,  H04L12/28 ,  H04L12/56 ,  H04L29/06 ,  H04L12/18 ,  G06F21/10

CPC classification number: H04L29/06 ,  G06F21/10 ,  H04L12/185 ,  H04L12/1854 ,  H04L29/06027 ,  H04L47/15

Abstract: Network devices, such as a router and a downstream multicast distribution device, may use multiple control channels when setting up a multicast stream for a multicast request. For example, first messages may be transmitted using a first protocol to an upstream device over a first channel, the first messages indicating when a first multicast media stream is being requested by at least one of a number of client devices. Second messages may be transmitted using a second protocol over a second channel, the second messages being transmitted on a per-client basis and each identifying a one of the client devices as requesting the first multicast media stream. By using two control channels to convey the multicast channel requests, the router may obtain visibility into the action of the subscriber and can consequently perform per-subscriber operations such as access-control, bandwidth based admission control, statistics, and QoS adjustment for multicast IPTV streams received by the subscriber.

Abstract translation: 诸如路由器和下游组播分发设备之类的网络设备在为组播请求建立组播流时可以使用多个控制信道。 例如，可以使用第一协议将第一消息通过第一信道发送到上游设备，第一消息指示何时由多个客户端设备中的至少一个请求第一多播媒体流。 可以使用第二协议在第二信道上发送第二消息，第二消息是在每个客户端的基础上发送的，并且每个将客户端设备中的一个识别为请求第一多播媒体流。 通过使用两个控制信道来传送组播信道请求，路由器可以获得对用户动作的可见性，并且因此可以执行诸如接入控制，基于带宽的接纳控制，统计和用于组播IPTV的QoS调整之类的每用户操作 用户接收的流。

公开(公告)号：US09252972B1

公开(公告)日：2016-02-02

申请号：US13723177

申请日：2012-12-20

Applicant: Juniper Networks, Inc.

Inventor： Mohini Dukes ,  Jerome P. Moisand

IPC: G06F15/16 ,  H04L12/54

CPC classification number: H04L45/64 ,  H04L45/38 ,  H04L47/10 ,  H04L49/351 ,  H04L49/70

Abstract: A network device includes an internal policy engine that makes local policy decisions for packet flows and controls policies applied by service modules and forwarding components of the network device. The policy engine interacts with an external policy server to receive policies using software defined networking (SDN) protocol as if the data plane of the network device were directly exposed to the external policy server by the SDN protocol.

Abstract translation: 网络设备包括内部策略引擎，其对分组流进行本地策略决策，并且控制由服务模块应用的策略以及网络设备的转发组件。 策略引擎与外部策略服务器进行交互，以使用软件定义的网络（SDN）协议接收策略，就像网络设备的数据平面通过SDN协议直接暴露给外部策略服务器一样。

公开(公告)号：US20150092551A1

公开(公告)日：2015-04-02

申请号：US14042685

申请日：2013-09-30

Applicant: Juniper Networks, Inc.

Inventor： Jerome P. Moisand ,  Julius W. Francis

IPC: H04L12/725

CPC classification number: H04L45/30 ,  H04L12/4633 ,  H04L67/02 ,  H04L67/1027 ,  H04L67/142 ,  H04L67/146

Abstract: Techniques are described for providing session-aware, stateful network services to subscriber packet flows. Devices within a service provider network direct subscriber packets along service chains. Each tunnel is established to direct traffic according a particular ordered set of network services for the corresponding service chain. An ingress device for the tunnels encapsulate the subscriber packets and embed opaque session cookies that each uniquely identifies a collection of packet flows of a subscriber session amongst other packet flows transported by a given service tunnel. Each service node need only identify the tunnel on which a tunnel packet was received and the session cookie embedded within the tunnel packet to uniquely associate the encapsulated subscriber packet with a subscriber session, without needing to further inspect the encapsulated subscriber packet, and to index or otherwise retrieve state and statistics required to enforce the network service the service nod is programmed to deliver.

Abstract translation: 描述了用于向订户分组流提供会话感知状态网络服务的技术。 服务提供商网络内的设备沿着服务链直接向用户分组。 建立每个隧道以根据特定有序的一组网络服务来指导流量用于相应的服务链。 用于隧道的入口设备封装用户分组并嵌入不透明会话cookie，每个会话cookie每个唯一地标识由给定服务隧道传输的其他分组流中的用户会话的分组流的集合。 每个服务节点仅需要识别在其上接收到隧道分组的隧道和嵌入在隧道分组内的会话cookie，以将封装的用户分组与订户会话唯一地关联，而不需要进一步检查封装的用户分组，并且索引或 否则检索执行网络服务所需的状态和统计信息，服务节点被编程为传递。

公开(公告)号：US20170366452A1

公开(公告)日：2017-12-21

申请号：US15694588

申请日：2017-09-01

Applicant: Juniper Networks, Inc.

Inventor： Jerome P. Moisand ,  Julius W. Francis

IPC: H04L12/725 ,  H04L12/46 ,  H04L29/08

Abstract: Techniques are described for providing session-aware, stateful network services to subscriber packet flows. Devices within a service provider network direct subscriber packets along service chains. Each tunnel is established to direct traffic according a particular ordered set of network services for the corresponding service chain. An ingress device for the tunnels encapsulate the subscriber packets and embed opaque session cookies that each uniquely identifies a collection of packet flows of a subscriber session amongst other packet flows transported by a given service tunnel. Each service node need only identify the tunnel on which a tunnel packet was received and the session cookie embedded within the tunnel packet to uniquely associate the encapsulated subscriber packet with a subscriber session, without needing to further inspect the encapsulated subscriber packet, and to index or otherwise retrieve state and statistics required to enforce the network service the service nod is programmed to deliver.

公开(公告)号：US09755960B2

公开(公告)日：2017-09-05

申请号：US14042685

申请日：2013-09-30

Applicant: Juniper Networks, Inc.

Inventor： Jerome P. Moisand ,  Julius W. Francis

IPC: H04L12/725 ,  H04L12/46 ,  H04L29/08

CPC classification number: H04L45/30 ,  H04L12/4633 ,  H04L67/02 ,  H04L67/1027 ,  H04L67/142 ,  H04L67/146

Abstract: Techniques are described for providing session-aware, stateful network services to subscriber packet flows. Devices within a service provider network direct subscriber packets along service chains. Each tunnel is established to direct traffic according a particular ordered set of network services for the corresponding service chain. An ingress device for the tunnels encapsulate the subscriber packets and embed opaque session cookies that each uniquely identifies a collection of packet flows of a subscriber session amongst other packet flows transported by a given service tunnel. Each service node need only identify the tunnel on which a tunnel packet was received and the session cookie embedded within the tunnel packet to uniquely associate the encapsulated subscriber packet with a subscriber session, without needing to further inspect the encapsulated subscriber packet, and to index or otherwise retrieve state and statistics required to enforce the network service the service nod is programmed to deliver.