公开(公告)号：US20220303246A1

公开(公告)日：2022-09-22

申请号：US16652643

申请日：2020-02-27

Applicant: Juniper Networks, Inc.

Inventor： Prasad Miriyala ,  Aniket G. Daptari ,  Fei Chen ,  Pranavadatta D N ,  Kiran K N ,  Jeffrey S. Marshall ,  Prakash T. Seshadri

IPC: H04L9/40 ,  H04L41/0894 ,  H04L12/46 ,  H04L45/76 ,  G06F9/455

Abstract: Techniques are disclosed for redirecting network traffic of virtualized application workload to a host-based firewall. For example, a system comprises a software defined networking (SDN) controller of a multi-tenant virtualized data center configured to: receive a security policy expressed as one or more tags to redirect traffic of a virtualized application workload to a host-based firewall (HBF) of the multi-tenant virtualized data center; configure network connectivity to the HBF in accordance with the security policy; a security controller that manages the HBF configured to: obtain the one or more tags from the SDN controller; receive one or more firewall policies expressed in terms of the one or more tags, wherein each of the one or more firewall policies specifies a function of the HBF; and configure the function of the HBF in accordance with the one or more firewall policies.

公开(公告)号：US11245752B2

公开(公告)日：2022-02-08

申请号：US16916588

申请日：2020-06-30

Applicant: Juniper Networks, Inc.

Inventor： Fei Chen ,  Weisong Peng ,  Xia Zhu ,  Tiejun Zhang ,  Na Liu

IPC: H04L29/08 ,  H04L29/06 ,  G06F16/23

Abstract: A first network device may configure a high-availability cluster associated with a network that includes the first network device and a second network device. The first network device may identify a plurality of devices communicatively coupled to the network and determine a set of tasks for the plurality of devices. The first network device may queue the set of tasks in a task queue that is accessible to the second network device. The second network device may perform a first task and the first network device may perform a second task of the set of tasks. The first network device may receive first result information that is associated with a performance of the first task. The first network device may determine a result associated with performing the second task. The first network device may synchronize the first result information and the second result information with the second network device.

公开(公告)号：US11700236B2

公开(公告)日：2023-07-11

申请号：US16652643

申请日：2020-02-27

Applicant: Juniper Networks, Inc.

Inventor： Prasad Miriyala ,  Aniket G. Daptari ,  Fei Chen ,  Pranavadatta D N ,  Kiran K N ,  Jeffrey S. Marshall ,  Prakash T. Seshadri

IPC: G06F21/53 ,  H04L9/40 ,  H04L45/76 ,  H04L41/0894 ,  G06F9/455 ,  H04L12/46

CPC classification number: H04L63/0263 ,  G06F9/45558 ,  H04L12/4679 ,  H04L41/0894 ,  H04L45/76 ,  G06F2009/45587 ,  G06F2009/45595

Abstract: Techniques are disclosed for redirecting network traffic of virtualized application workload to a host-based firewall. For example, a system comprises a software defined networking (SDN) controller of a multi-tenant virtualized data center configured to: receive a security policy expressed as one or more tags to redirect traffic of a virtualized application workload to a host-based firewall (HBF) of the multi-tenant virtualized data center; configure network connectivity to the HBF in accordance with the security policy; a security controller that manages the HBF configured to: obtain the one or more tags from the SDN controller; receive one or more firewall policies expressed in terms of the one or more tags, wherein each of the one or more firewall policies specifies a function of the HBF; and configure the function of the HBF in accordance with the one or more firewall policies.