公开(公告)号：US09979650B1

公开(公告)日：2018-05-22

申请号：US14672810

申请日：2015-03-30

Applicant: Juniper Networks, Inc.

Inventor： NischalKumar N. Sheth ,  Jean-Marc Frailong ,  Paul R. Kim

IPC: H04L12/28 ,  H04L12/745 ,  H04L12/749 ,  H04L12/743 ,  H04L12/66

CPC classification number: H04L45/748 ,  H04L12/66 ,  H04L45/741 ,  H04L45/7453

Abstract: A device may receive a packet with a destination address, and may input, to a probabilistic filter, prefixes associated with the destination address. A prefix may include one or more most significant bits of the destination address. The device may identify candidate prefixes associated with a response from the probabilistic filter. The device may identify a longest candidate prefix of the candidate prefixes, and may perform a lookup to determine that a memory component includes a parent prefix that matches the longest candidate prefix. The parent prefix may be associated with a child prefixes that include the parent prefix and one or more additional bits. The device may identify a longest matching prefix, of the parent prefix and the child prefixes, that matches one or more most significant bits of the destination address and that corresponds to an output component. The device may output the packet via the output component.

公开(公告)号：US09509637B1

公开(公告)日：2016-11-29

申请号：US14621878

申请日：2015-02-13

Applicant: Juniper Networks, Inc.

Inventor： Ravi Shekhar ,  Quaizar Vohra ,  Michael O'Gorman ,  Aleksandar Ratkovic ,  Jean-Marc Frailong ,  Shesha Sreenivasamurthy

IPC: H04L12/24 ,  H04L12/947 ,  H04L12/50 ,  H04L12/46

CPC classification number: G06F9/45558 ,  G06F2009/4557 ,  G06F2009/45595 ,  H04L12/4641 ,  H04L12/50 ,  H04L41/0896 ,  H04L49/25

Abstract: In some embodiments, an apparatus includes a scheduler disposed at a control device of a switch fabric system. The scheduler is configured to receive a control plane request associated with the switch fabric system having a data plane and a control plane separate from the data plane. The scheduler is configured to designate a control plane entity based on the control plane request and state information of each control plane entity from a set of control plane entities associated with the control plane and instantiated as a virtual machine. The scheduler is configured to send a signal to a compute device of the switch fabric system in response to the control plane request such that the control plane entity is instantiated as a virtual machine at the compute device.

公开(公告)号：US08924687B1

公开(公告)日：2014-12-30

申请号：US13936903

申请日：2013-07-08

Applicant: Juniper Networks, Inc.

Inventor： Jean-Marc Frailong ,  Anurag P Gupta ,  David Talaski ,  Sanjeev Singh

IPC: G06F12/00 ,  G06F9/26 ,  G06F9/34 ,  G06F12/06

CPC classification number: G06F12/06 ,  G06F12/1018

Abstract: A data read/write system receives a key associated with a data read request. The data read/write system hashes the key to obtain a first hash value and hashes the key to obtain a second hash value, where the second hash value is different than the first hash value. The data read/write system obtains a pointer from a pointer array using the first and second hash values, and uses one or more bits of the pointer and the first hash value to retrieve data from a data look-up array.

Abstract translation: 数据读/写系统接收与数据读取请求相关联的密钥。 数据读/写系统对密钥进行散列以获得第一散列值，并且对该密钥进行散列以获得第二散列值，其中第二散列值不同于第一散列值。 数据读/写系统使用第一和第二散列值从指针数组中获取指针，并使用指针的一个或多个位和第一个散列值从数据查找数组中检索数据。

公开(公告)号：US08923301B1

公开(公告)日：2014-12-30

申请号：US14091600

申请日：2013-11-27

Applicant: Juniper Networks, Inc.

Inventor： Eric M. Verwillow ,  Jean-Marc Frailong ,  Avanindra Godbole

IPC: H04L12/54 ,  H04L12/863 ,  H04L12/741

CPC classification number: H04L47/6215 ,  H04L45/74 ,  H04L45/745 ,  H04L69/22

Abstract: A network device may receive a packet including control tags in a header portion of the packet and may extract candidate tags from the control tags in the header portion of the packet. The network device may compress, using a first lookup table, the candidate tags to obtain keys corresponding to the candidate tags, where each of the keys is represented in a compressed format relative to the corresponding candidate tags. The network device may further determine a final key based on the first keys and determine a priority class for the packet based on a lookup operation of the final key into a second lookup table. The network device may further write the packet, or a reference to the packet, to a selected priority queue, of a number of priority queues, where the priority queue is selected based on the determined priority class.

公开(公告)号：US20140237541A1

公开(公告)日：2014-08-21

申请号：US14262593

申请日：2014-04-25

Applicant: Juniper Networks, Inc.

Inventor： Kannan Varadhan ,  Jean-Marc Frailong ,  Anjan Venkatramani

IPC: H04L29/06 ,  H04L12/18

CPC classification number: H04L63/0227 ,  H04L12/18 ,  H04L45/00 ,  H04L45/16 ,  H04L45/30 ,  H04L63/0254 ,  H04L63/104

Abstract: A multicast-capable firewall allows firewall security policies to be applied to multicast traffic. The multicast-capable firewall may be integrated within a routing device, thus allowing a single device to provide both routing functionality, including multicast support, as well as firewall services. The routing device provides a user interface by which a user specifies one or more zones to be recognized by the integrated firewall when applying stateful firewall services to multicast packets. The user interface supports a syntax that allows the user to define subsets of the plurality of interfaces associated with the zones, and define a single multicast policy to be applied to multicast sessions associated with a multicast group. The multicast policy identifies common services to be applied pre-replication, and exceptions specifying additional services to be applied post-replication to copies of the multicast packets for the one or more zones.

Abstract translation: 具有组播功能的防火墙允许将防火墙安全策略应用于组播流量。 可组播的防火墙可以集成在路由设备内，从而允许单个设备提供包括组播支持在内的路由功能以及防火墙服务。 路由设备提供一个用户界面，用户通过该用户界面指定一个或多个区域，以便在向组播数据包应用状态防火墙服务时由集成防火墙识别。 用户界面支持语法，允许用户定义与区域相关联的多个接口的子集，并且定义要应用于与多播组相关联的多播会话的单个组播策略。 多播策略标识要应用预复制的常用服务，以及将要复制后应用的其他服务指定给一个或多个区域的多播数据包副本的异常。

公开(公告)号：US09985911B2

公开(公告)日：2018-05-29

申请号：US14621892

申请日：2015-02-13

Applicant: Juniper Networks, Inc.

Inventor： Pradeep Sindhu ,  Gunes Aybay ,  Jean-Marc Frailong ,  Anjan Venkatramani ,  Quaizar Vohra

IPC: H04L12/935 ,  H04L12/24 ,  H04L12/947 ,  H04L12/931 ,  H04L29/06

CPC classification number: H04L49/30 ,  H04L41/0806 ,  H04L41/0846 ,  H04L49/257 ,  H04L49/35 ,  H04L49/356 ,  H04L63/101

Abstract: In one embodiment, edge devices can be configured to be coupled to a multi-stage switch fabric and peripheral processing devices. The edge devices and the multi-stage switch fabric can collectively define a single logical entity. A first edge device from the edge devices can be configured to be coupled to a first peripheral processing device from the peripheral processing devices. The second edge device from the edge devices can be configured to be coupled to a second peripheral processing device from the peripheral processing devices. The first edge device can be configured such that virtual resources including a first virtual resource can be defined at the first peripheral processing device. A network management module coupled to the edge devices and configured to provision the virtual resources such that the first virtual resource can be migrated from the first peripheral processing device to the second peripheral processing device.

公开(公告)号：US09191366B2

公开(公告)日：2015-11-17

申请号：US14262593

申请日：2014-04-25

Applicant: Juniper Networks, Inc.

Inventor： Kannan Varadhan ,  Jean-Marc Frailong ,  Anjan Venkatramani

IPC: H04L29/06 ,  H04L12/725 ,  H04L12/18 ,  H04L12/701 ,  H04L12/761

CPC classification number: H04L63/0227 ,  H04L12/18 ,  H04L45/00 ,  H04L45/16 ,  H04L45/30 ,  H04L63/0254 ,  H04L63/104

Abstract: A multicast-capable firewall allows firewall security policies to be applied to multicast traffic. The multicast-capable firewall may be integrated within a routing device, thus allowing a single device to provide both routing functionality, including multicast support, as well as firewall services. The routing device provides a user interface by which a user specifies one or more zones to be recognized by the integrated firewall when applying stateful firewall services to multicast packets. The user interface supports a syntax that allows the user to define subsets of the plurality of interfaces associated with the zones, and define a single multicast policy to be applied to multicast sessions associated with a multicast group. The multicast policy identifies common services to be applied pre-replication, and exceptions specifying additional services to be applied post-replication to copies of the multicast packets for the one or more zones.

Abstract translation: 具有组播功能的防火墙允许将防火墙安全策略应用于组播流量。 可组播的防火墙可以集成在路由设备内，从而允许单个设备提供包括组播支持在内的路由功能以及防火墙服务。 路由设备提供一个用户界面，用户通过该用户界面指定一个或多个区域，以便在向组播数据包应用状态防火墙服务时由集成防火墙识别。 用户界面支持语法，允许用户定义与区域相关联的多个接口的子集，并且定义要应用于与多播组相关联的多播会话的单个组播策略。 多播策略标识要应用预复制的常用服务，以及将要复制后应用的其他服务指定给一个或多个区域的多播数据包副本的异常。

公开(公告)号：US09116814B1

公开(公告)日：2015-08-25

申请号：US14092072

申请日：2013-11-27

Applicant: JUNIPER NETWORKS, INC.

Inventor： Jianhui Huang ,  Sharada Yeluri ,  Jean-Marc Frailong ,  Jeffrey G. Libby ,  Anurag P. Gupta ,  Paul Coelho

IPC: G06F12/00 ,  G06F12/08 ,  G06F12/12

CPC classification number: G06F12/0855 ,  G06F12/0815 ,  G06F12/0868 ,  G06F12/0891 ,  G06F12/12 ,  Y02D10/13

Abstract: A data read/write system includes a system clock, a single port memory, a cache memory that is separate from the single port memory, and a controller coupled to an instruction pipeline. The controller receives, via the instruction pipeline, first data to write to an address of the single port memory, and further receives, via the instruction pipeline, a request to read second data from the single port memory. The controller stores the first data in the cache memory, and retrieves the second data from either the cache memory or the single port memory during one or more first clock cycles of the system clock. The controller copies the first data from the cache memory and stores the first data at the address in the single port memory during a second clock cycle of the system clock that is different than the one or more first clock cycles.

Abstract translation: 数据读/写系统包括系统时钟，单端口存储器，与单端口存储器分开的高速缓存存储器，以及耦合到指令流水线的控制器。 控制器经由指令流水线接收第一数据以写入单端口存储器的地址，并且经由指令流水线接收从单端口存储器读取第二数据的请求。 控制器将第一数据存储在高速缓冲存储器中，并且在系统时钟的一个或多个第一时钟周期期间从高速缓冲存储器或单端口存储器检索第二数据。 控制器从高速缓冲存储器复制第一数据，并且在系统时钟的不同于一个或多个第一时钟周期的第二时钟周期期间将第一数据存储在单端口存储器中的地址处。

公开(公告)号：US09098262B2

公开(公告)日：2015-08-04

申请号：US14529331

申请日：2014-10-31

Applicant: Juniper Networks, Inc.

Inventor： Jean-Marc Frailong ,  Pradeep S. Sindhu ,  Jeffrey G. Libby ,  Jian Hui Huang ,  Rajesh Nair ,  John Keen

IPC: G06F9/28 ,  G06F15/00 ,  G06F9/30

CPC classification number: G06F9/28 ,  G06F7/57 ,  G06F9/30 ,  G06F9/3001 ,  G06F9/30018 ,  G06F9/30072 ,  G06F9/30145 ,  G06F9/3859 ,  G06F9/3893 ,  G06F15/00

Abstract: A processor may include a conditional arithmetic logic unit and a main arithmetic logic unit. The conditional arithmetic logic unit may perform a first arithmetic logic operation to generate a first result, and output the result. The main arithmetic logic unit may select input buses among a plurality of data buses that carry the first result from the conditional arithmetic logic unit, perform a second arithmetic logic operation on data provided by the selected input buses to generate a second result, and write the second result in a storage component.

Abstract translation: 处理器可以包括条件算术逻辑单元和主算术逻辑单元。 条件算术逻辑单元可以执行第一算术逻辑运算以产生第一结果，并输出结果。 主算术逻辑单元可以选择携带来自条件算术逻辑单元的第一结果的多个数据总线中的输入总线，对由所选择的输入总线提供的数据执行第二运算逻辑运算以产生第二结果，并写入 第二个结果是存储组件。

公开(公告)号：US09077466B2

公开(公告)日：2015-07-07

申请号：US13692425

申请日：2012-12-03

Applicant: Juniper Networks, Inc.

Inventor： Sarin Thomas ,  Srihari Vegesna ,  Pradeep Sindhu ,  Chi-Chung Kenny Chen ,  Jean-Marc Frailong ,  David J. Ofelt ,  Philip A. Thomas ,  Chang-Hong Wu

IPC: H04L12/28 ,  H04J3/00 ,  H04L12/947 ,  H04L12/937

CPC classification number: H04J3/00 ,  H04L49/251 ,  H04L49/254

Abstract: In one embodiment, a method can include receiving at an egress schedule module a request to schedule transmission of a group of cells from an ingress queue through a switch fabric of a multi-stage switch. The ingress queue can be associated with an ingress stage of the multi-stage switch. The egress schedule module can be associated with an egress stage of the multi-stage switch. The method can also include determining, in response to the request, that an egress port at the egress stage of the multi-stage switch is available to transmit the group of cells from the multi-stage switch.

Abstract translation: 在一个实施例中，一种方法可以包括在出口调度模块处接收通过多级交换机的交换结构调度来自进入队列的小区的传输的请求。 入站队列可以与多级交换机的进入级相关联。 出口调度模块可以与多级交换机的出口级相关联。 该方法还可以包括响应于该请求确定多级交换机的出口级的出口端口可用于从多级交换机发送小区组。