公开(公告)号：US11700236B2

公开(公告)日：2023-07-11

申请号：US16652643

申请日：2020-02-27

Applicant: Juniper Networks, Inc.

Inventor： Prasad Miriyala ,  Aniket G. Daptari ,  Fei Chen ,  Pranavadatta D N ,  Kiran K N ,  Jeffrey S. Marshall ,  Prakash T. Seshadri

IPC: G06F21/53 ,  H04L9/40 ,  H04L45/76 ,  H04L41/0894 ,  G06F9/455 ,  H04L12/46

CPC classification number: H04L63/0263 ,  G06F9/45558 ,  H04L12/4679 ,  H04L41/0894 ,  H04L45/76 ,  G06F2009/45587 ,  G06F2009/45595

Abstract: Techniques are disclosed for redirecting network traffic of virtualized application workload to a host-based firewall. For example, a system comprises a software defined networking (SDN) controller of a multi-tenant virtualized data center configured to: receive a security policy expressed as one or more tags to redirect traffic of a virtualized application workload to a host-based firewall (HBF) of the multi-tenant virtualized data center; configure network connectivity to the HBF in accordance with the security policy; a security controller that manages the HBF configured to: obtain the one or more tags from the SDN controller; receive one or more firewall policies expressed in terms of the one or more tags, wherein each of the one or more firewall policies specifies a function of the HBF; and configure the function of the HBF in accordance with the one or more firewall policies.

公开(公告)号：US20200099654A1

公开(公告)日：2020-03-26

申请号：US16138767

申请日：2018-09-21

Applicant: Juniper Networks, Inc.

Inventor： Jimmy Jose ,  Pranavadatta D N ,  Reji Thomas

IPC: H04L29/12

Abstract: A network device in a network may determine a tentative network address for a network interface of the network device and may determine whether the tentative network address is duplicative of any one of the network addresses in the network. If the tentative network address is duplicative of a network address assigned to another network interface in the network, the network device may store an indication of the other network interface. In response to receiving an indication that a new network address is assigned to the other network interface, the network device may re-determine whether the tentative network address is duplicative of any one of the network addresses in the network. If the network device determines that the tentative network address is not duplicative of any one of the plurality of network addresses in the network, the network device may assign the tentative network address to the network interface.