公开(公告)号：US11700236B2

公开(公告)日：2023-07-11

申请号：US16652643

申请日：2020-02-27

Applicant: Juniper Networks, Inc.

Inventor： Prasad Miriyala ,  Aniket G. Daptari ,  Fei Chen ,  Pranavadatta D N ,  Kiran K N ,  Jeffrey S. Marshall ,  Prakash T. Seshadri

IPC: G06F21/53 ,  H04L9/40 ,  H04L45/76 ,  H04L41/0894 ,  G06F9/455 ,  H04L12/46

CPC classification number: H04L63/0263 ,  G06F9/45558 ,  H04L12/4679 ,  H04L41/0894 ,  H04L45/76 ,  G06F2009/45587 ,  G06F2009/45595

Abstract: Techniques are disclosed for redirecting network traffic of virtualized application workload to a host-based firewall. For example, a system comprises a software defined networking (SDN) controller of a multi-tenant virtualized data center configured to: receive a security policy expressed as one or more tags to redirect traffic of a virtualized application workload to a host-based firewall (HBF) of the multi-tenant virtualized data center; configure network connectivity to the HBF in accordance with the security policy; a security controller that manages the HBF configured to: obtain the one or more tags from the SDN controller; receive one or more firewall policies expressed in terms of the one or more tags, wherein each of the one or more firewall policies specifies a function of the HBF; and configure the function of the HBF in accordance with the one or more firewall policies.

公开(公告)号：US12289249B2

公开(公告)日：2025-04-29

申请号：US18334979

申请日：2023-06-14

Applicant: Juniper Networks, Inc.

Inventor： Shailender Sharma ,  Vinod Nair ,  Kiran K N ,  Kirankumar Kashinath Raikar ,  Rakesh Kumar Reddy Varimalla

IPC: H04L47/762 ,  H04L41/0816 ,  H04L47/78 ,  H04W40/28

Abstract: In general, techniques are described for deploying and managing a virtual router having Data Plane Development Kit (DPDK) functionality to a computing device. In an example, a method includes creating, by a container orchestration platform executing on a computing device, a virtual router custom resource instance of a virtual router custom resource definition, the virtual router custom resource instance for a virtual router to execute on the computing device; based on configuration data for the virtual router custom resource instance, by the container orchestration platform, modifying the virtual router custom resource instance with the configuration data and deploying a first virtual computing instance comprising a virtual router configured according to the modified virtual router custom resource instance; and executing, by the computing device, the virtual router to process a packet.

公开(公告)号：US20240422107A1

公开(公告)日：2024-12-19

申请号：US18334979

申请日：2023-06-14

Applicant: Juniper Networks, Inc.

Inventor： Shailender Sharma ,  Vinod Nair ,  Kiran K N ,  Kirankumar Kashinath Raikar ,  Rakesh Kumar Reddy Varimalla

IPC: H04L47/762 ,  H04L41/0816 ,  H04L47/78 ,  H04W40/28

Abstract: In general, techniques are described for deploying and managing a virtual router having Data Plane Development Kit (DPDK) functionality to a computing device. In an example, a method includes creating, by a container orchestration platform executing on a computing device, a virtual router custom resource instance of a virtual router custom resource definition, the virtual router custom resource instance for a virtual router to execute on the computing device; based on configuration data for the virtual router custom resource instance, by the container orchestration platform, modifying the virtual router custom resource instance with the configuration data and deploying a first virtual computing instance comprising a virtual router configured according to the modified virtual router custom resource instance; and executing, by the computing device, the virtual router to process a packet.

公开(公告)号：US12159176B2

公开(公告)日：2024-12-03

申请号：US17491224

申请日：2021-09-30

Applicant: Juniper Networks, Inc.

Inventor： Yuvaraja Mariappan ,  Thayumanavan Sridhar ,  Sajeesh Mathew ,  Raj Yavatkar ,  Senthilnathan Murugappan ,  Raja Kommula ,  Kiran K N

IPC: G06F9/54 ,  G06F9/455

Abstract: A container orchestration platform manages a plurality of instances of resources including a first custom resource and a second custom resource. An API server of the container orchestration platform receives a request to delete an instance of the second custom resource; determines whether instance data associated with the instance of the second custom resource has a backreference identifying an instance of the first custom resource, the backreference indicating the instance of the first custom resource is dependent on the instance of the second custom resource; and in response to determining that the instance data has the backreference to the instance of the first custom resource, bypasses deletion of the instance of the second custom resource.

公开(公告)号：US11991097B2

公开(公告)日：2024-05-21

申请号：US17813027

申请日：2022-07-15

Applicant: Juniper Networks, Inc.

Inventor： Vinay K Nallamothu ,  Vinod Nair ,  Kiran K N ,  Shailender Sharma

IPC: H04L12/46 ,  H04L45/50 ,  H04L49/00

CPC classification number: H04L49/70 ,  H04L12/4633 ,  H04L45/50

Abstract: In general, this disclosure describes techniques for providing a hybrid data plane that can include a kernel-based data plane and a Data Plane Development Kit (DPDK)-based data plane. An example system includes a DPDK-based virtual router configured to send and receive packets via a physical network interface, and a kernel network stack configured to perform tunneling processing for packets destined to a containerized application and received by the DPDK-based virtual router via the physical interface.

公开(公告)号：US20230412526A1

公开(公告)日：2023-12-21

申请号：US17813027

申请日：2022-07-15

Applicant: Juniper Networks, Inc.

Inventor： Vinay K. Nallamothu ,  Vinod Nair ,  Kiran K N ,  Shailender Sharma

IPC: H04L49/00 ,  H04L12/46 ,  H04L45/50

CPC classification number: H04L49/70 ,  H04L12/4633 ,  H04L45/50

Abstract: In general, this disclosure describes techniques for providing a hybrid data plane that can include a kernel-based data plane and a Data Plane Development Kit (DPDK)-based data plane. An example system includes a DPDK-based virtual router configured to send and receive packets via a physical network interface, and a kernel network stack configured to perform tunneling processing for packets destined to a containerized application and received by the DPDK-based virtual router via the physical interface.

公开(公告)号：US20230006904A1

公开(公告)日：2023-01-05

申请号：US17806865

申请日：2022-06-14

Applicant: Juniper Networks, Inc.

Inventor： Raja Kommula ,  Thayumanavan Sridhar ,  Yuvaraja Mariappan ,  Kiran K N ,  Raj Yavatkar

IPC: H04L43/0852 ,  H04L47/33

Abstract: A system is configured to compute a latency between a first computing device and a second computing device. The system includes a network interface card (NIC) of a first computing device. The NIC includes a set of interfaces configured to receive one or more packets and send one or more packets. The processing unit is configured to identify information indicative of a forward packet, compute, based on a first time corresponding to the forward packet and a second time corresponding to a reverse packet associated with the forward packet, a latency between the first computing device and a second computing device, wherein the second computing device includes a destination of the forward packet and a source of the reverse packet, and output information indicative of the latency between the first computing device and the second computing device.

公开(公告)号：US20220279420A1

公开(公告)日：2022-09-01

申请号：US17649632

申请日：2022-02-01

Applicant: Juniper Networks, Inc.

Inventor： Srinivas Akkipeddi ,  Narendranath Karjala Subramanyam ,  Sachchidanand Vaidya ,  Mahesh Sivakumar ,  Pavan Kumar Kurapati ,  Philip M. Goddard ,  Sivakumar Ganapathy ,  Shailender Sharma ,  Kiran K N ,  Pranavadatta D N ,  Vinay K Nallamothu ,  Yuvaraja Mariappan ,  Ashutosh K. Grewal

IPC: H04W40/24 ,  H04L45/586 ,  H04L45/64 ,  H04L45/00

Abstract: In general, this disclosure describes techniques for a containerized router operating within a cloud native orchestration framework. In an example, a virtualized cell site router comprises a computing device configured with a containerized router, the computing device comprising: a containerized virtual router configured to execute on the processing circuitry and configured to implement a data plane for the containerized router; a containerized routing protocol process configured to execute on the processing circuitry and configured to implement a control plane for the containerized router; and a pod comprising a containerized distributed unit, wherein the containerized routing protocol process is configured to advertise routing information comprising reachability information for the containerized distributed unit.

公开(公告)号：US20240305586A1

公开(公告)日：2024-09-12

申请号：US18667560

申请日：2024-05-17

Applicant: Juniper Networks, Inc.

Inventor： Vinay K. Nallamothu ,  Vinod Nair ,  Kiran K N ,  Shailender Sharma

IPC: H04L49/00 ,  H04L12/46 ,  H04L45/50

CPC classification number: H04L49/70 ,  H04L12/4633 ,  H04L45/50

Abstract: In general, this disclosure describes techniques for providing a hybrid data plane that can include a kernel-based data plane and a Data Plane Development Kit (DPDK)-based data plane. An example system includes a DPDK-based virtual router configured to send and receive packets via a physical network interface, and a kernel network stack configured to perform tunneling processing for packets destined to a containerized application and received by the DPDK-based virtual router via the physical interface.

公开(公告)号：US12081336B2

公开(公告)日：2024-09-03

申请号：US17644966

申请日：2021-12-17

Applicant: Juniper Networks, Inc.

Inventor： Kiran K N ,  Yashika Badaya ,  Rakesh Kumar Reddy Varimalla

IPC: H04L1/1809 ,  H04L12/46 ,  H04L43/0829 ,  H04L45/00 ,  H04L45/28 ,  H04L45/586

CPC classification number: H04L1/1809 ,  H04L12/4633 ,  H04L43/0829 ,  H04L45/22 ,  H04L45/28 ,  H04L45/586

Abstract: Techniques are described for capturing dropped packets and creating modified dropped packets with drop information associated with the dropped packets to provide greater details of the dropped packets for further analysis and/or serviceability. For example, a computing device comprises an internal communication channel, a process executing in user space, and a virtual router. The virtual router comprises, for example, processing circuitry and a drop interface to the internal communication channel, wherein the virtual router is configured to: receive a packet; in response to determining the packet is to be dropped, creating a modified dropped packet to include drop information associated with the packet; and provide the modified dropped packet to the drop interface to communicate the modified dropped packet via the internal communication channel to the process.