公开(公告)号：US11368294B2

公开(公告)日：2022-06-21

申请号：US16907685

申请日：2020-06-22

Applicant: Juniper Networks, Inc.

Inventor： Guruprasad P N ,  Sumeet Mundra

IPC: H04L9/08

Abstract: A first network device may install a receiving key for decrypting traffic on protocol hardware associated with a data plane of the first network device. The first network device may receive, from the data plane, a first notification indicating that the receiving key is installed on the protocol hardware and may provide, to a second network device, a first message identifying the receiving key. The first network device may receive, from the second network device, an acknowledgment message indicating that the receiving key is installed on the second network device and may install a transmission key for encrypting traffic on the protocol hardware. The first network device may receive, from the data plane, a second notification indicating that the transmission key is installed on the protocol hardware and may provide, to the second network device, a second message identifying the transmission key.

公开(公告)号：US20210351921A1

公开(公告)日：2021-11-11

申请号：US16907685

申请日：2020-06-22

Applicant: Juniper Networks, Inc.

Inventor： Guruprasad P N ,  Sumeet MUNDRA

IPC: H04L9/08

Abstract: A first network device may install a receiving key for decrypting traffic on protocol hardware associated with a data plane of the first network device. The first network device may receive, from the data plane, a first notification indicating that the receiving key is installed on the protocol hardware and may provide, to a second network device, a first message identifying the receiving key. The first network device may receive, from the second network device, an acknowledgment message indicating that the receiving key is installed on the second network device and may install a transmission key for encrypting traffic on the protocol hardware. The first network device may receive, from the data plane, a second notification indicating that the transmission key is installed on the protocol hardware and may provide, to the second network device, a second message identifying the transmission key.

公开(公告)号：US11626981B2

公开(公告)日：2023-04-11

申请号：US17457951

申请日：2021-12-07

Applicant: Juniper Networks, Inc.

Inventor： Guruprasad P N ,  Sumeet Mundra

IPC: H04L9/08

Abstract: A first network device may install a receiving key for decrypting traffic on protocol hardware associated with a data plane of the first network device. The first network device may receive, from the data plane, a first notification indicating that the receiving key is installed on the protocol hardware and may provide, to a second network device, a first message identifying the receiving key. The first network device may receive, from the second network device, an acknowledgment message indicating that the receiving key is installed on the second network device and may install a transmission key for encrypting traffic on the protocol hardware. The first network device may receive, from the data plane, a second notification indicating that the transmission key is installed on the protocol hardware and may provide, to the second network device, a second message identifying the transmission key.

公开(公告)号：US11570162B1

公开(公告)日：2023-01-31

申请号：US17218928

申请日：2021-03-31

Applicant: Juniper Networks, Inc.

Inventor： Sumeet Mundra ,  Guruprasad P N

IPC: H04L29/06 ,  H04L9/40 ,  H04L9/08

Abstract: A key server network device may install, on the key server network device, a new decryption key based on a timer-based key rollover setting and may provide, to peer network devices, messages identifying the new decryption key. The key server network device may utilize an original encryption key, to encrypt traffic, until all of the peer network devices provide acknowledgements of installation of the new decryption key. The key server network device may be configured to utilize the original encryption key based on the timer-based key rollover setting. The key server network device may generate an alarm. The alarm may include information indicating that the key server network device is waiting for the acknowledgements from one or more peer network devices and information identifying the one or more peer network devices.

公开(公告)号：US20220094534A1

公开(公告)日：2022-03-24

申请号：US17457951

申请日：2021-12-07

Applicant: Juniper Networks, Inc.

Inventor： Guruprasad P N ,  Sumeet MUNDRA

IPC: H04L9/08

Abstract: A first network device may install a receiving key for decrypting traffic on protocol hardware associated with a data plane of the first network device. The first network device may receive, from the data plane, a first notification indicating that the receiving key is installed on the protocol hardware and may provide, to a second network device, a first message identifying the receiving key. The first network device may receive, from the second network device, an acknowledgment message indicating that the receiving key is installed on the second network device and may install a transmission key for encrypting traffic on the protocol hardware. The first network device may receive, from the data plane, a second notification indicating that the transmission key is installed on the protocol hardware and may provide, to the second network device, a second message identifying the transmission key.

公开(公告)号：US10972442B1

公开(公告)日：2021-04-06

申请号：US16413172

申请日：2019-05-15

Applicant: Juniper Networks, Inc.

Inventor： Guruprasad P N ,  Reji P Rajesh ,  Sumeet Mundra ,  Sundareswaram Pallan Viswanathan

IPC: H04L29/06 ,  H04L9/08 ,  H04L12/24 ,  H04L12/26

Abstract: A first line card of a first network device may receive packets to be transmitted to a second line card of a second network device. The first line card may predict an earliest satisfaction time for satisfaction of a first packet quantity threshold of one or more packet quantity thresholds. The first line card may transmit the packets to the second line card. The first line card may determine whether a quantity of transmitted packets transmitted by the first line card satisfies the first packet quantity threshold. Based on whether the quantity of transmitted packets satisfies the one or more of the one or more packet quantity thresholds, the first line card may perform one or more actions related to modifying a security key, or may perform one or more other actions related to monitoring transmission of the packets.