公开(公告)号：US10742690B2

公开(公告)日：2020-08-11

申请号：US15819522

申请日：2017-11-21

Applicant: Juniper Networks, Inc.

Inventor： Prasad Miriyala ,  Anish Mehta

IPC: H04L29/06 ,  H04L29/08

Abstract: Techniques are disclosed for implementing scalable policies across a plurality of categories that support application workloads. In one example, a policy controller assigns to the plurality of categories tags specifying one or more of a plurality of dimensions. The policy controller distributes a plurality of policies to policy agents for the plurality of categories. Each policy includes one or more policy rules, and each policy rule includes one or more tags specifying one or more of the plurality of dimensions. For each policy rule, the policy agents allow or deny a traffic flow between objects that belong to categories of the plurality of categories described by the one or more dimensions of a respective tag of the policy rule.

公开(公告)号：US20240214294A1

公开(公告)日：2024-06-27

申请号：US18146274

申请日：2022-12-23

Applicant: Juniper Networks, Inc.

Inventor： Prasad Miriyala ,  Michael Henkel ,  Sangyeong Kim ,  Senthilnathan Murugappan ,  Jeffrey S. Marshall ,  Akhilesh Pathodia

IPC: H04L43/20 ,  H04L41/40

CPC classification number: H04L43/20 ,  H04L41/40

Abstract: In general, techniques are described that provide an analysis system for analyzing a software-defined networking (SDN) architecture system. The analysis system comprising the processing circuitry configured to obtain operational data representative of one or more of configuration, operation, and maintenance of the SDN architecture system. The processing circuitry may identify dependencies between the operational data that identify dependencies between objects representative of the configuration, operation, and maintenance of the SDN architecture system. The processing circuitry may perform, while traversing the dependences between the operational data, analysis with respect to the operational data in order to identify potential issues in the SDN architecture system, and output the potential issues in the SDN architecture system.

公开(公告)号：US20230409369A1

公开(公告)日：2023-12-21

申请号：US17933566

申请日：2022-09-20

Applicant: Juniper Networks, Inc.

Inventor： Chunguang Liu ,  Prasad Miriyala ,  Jeffrey S. Marshall

IPC: G06F9/455 ,  H04L41/0803 ,  H04L41/0895

CPC classification number: G06F9/45558 ,  H04L41/0803 ,  H04L41/0895 ,  G06F2009/45595

Abstract: In general, techniques are described for an efficient exportation of metrics data within a software defined network (SDN) architecture. A network controller for a software-defined networking (SDN) architecture system comprising processing circuitry may implement the techniques. A telemetry node configured for execution by the processing circuitry may process a request by which to enable a metric group that defines a subset of metrics from a plurality of metrics to export from compute nodes. The telemetry node may also transform, based on the request to enable the metric group, the subset of the one or more metrics into telemetry exporter configuration data that configures a telemetry exporter deployed at the compute nodes to export the subset of the metrics. The telemetry node may also interface with the telemetry exporter to configure, based on the telemetry exporter configuration data, the telemetry exporter to export the subset of the metrics.

公开(公告)号：US11765488B1

公开(公告)日：2023-09-19

申请号：US17649316

申请日：2022-01-28

Applicant: Juniper Networks, Inc.

Inventor： SelvaKumar Sivaraj ,  Prasad Miriyala ,  Biswajit Mandal

IPC: H04Q9/00

CPC classification number: H04Q9/00

Abstract: A method includes receiving, by a network analyzer implemented in circuitry, from a network device of a plurality of network devices, a sensor message for telemetry flow data. The sensor message indicates an interface index for a network interface, a virtual network identifier associated with a virtual network, and an IP address. The method further includes receiving, by the network analyzer, from the network device, a telemetry flow message for the telemetry flow data. The method further includes, in response to determining that the telemetry flow message includes an indication of an interface index that matches the interface index of the sensor message and that the telemetry flow message includes an indication of a virtual network identifier that matches the virtual network identifier of the sensor message, setting, by the network analyzer, the IP address as the source of the telemetry flow data.

公开(公告)号：US20230095442A1

公开(公告)日：2023-03-30

申请号：US17491300

申请日：2021-09-30

Applicant: Juniper Networks, Inc.

Inventor： Prasad Miriyala ,  Michael Henkel ,  Iqlas M. Ottamalika

IPC: H04L12/24

Abstract: An example application programming interface (API) server device that distributes configuration data to managed network devices includes one or more processing units implemented in circuitry and configured to receive configuration data to be deployed to at least one of the managed network devices; store the configuration data to a configuration database; and send the configuration data to the at least one of the managed network devices. In this manner, the configuration data can be archived for later retrieval and analysis, e.g., to perform root cause analysis in the event of an error.

公开(公告)号：US11588708B1

公开(公告)日：2023-02-21

申请号：US17449640

申请日：2021-09-30

Applicant: Juniper Networks, Inc.

Inventor： Prasad Miriyala ,  Anish Mehta

IPC: H04L41/22 ,  H04L41/142 ,  G06F9/451 ,  H04L41/12 ,  G06F3/04842

Abstract: Graphical user interfaces are generated that, when displayed, provide a visual and interactive representation of one or more aspects associated with the execution of one or more applications on a computer network. The graphical user interfaces may in include graphical depictions representation policy objects, each policy object assigned one or more tags, each tag assigned to a category or a sub-category. The tags, when taken in combination, may identify an application, and one or more other characteristics associated with each of the policy objects. The graphical elements representing the policy objects may be displayed in the graphical user interfaces so that the policy objects assigned to tags in a category are positioned in an outer ring, and policy objects assigned to sub-category tags are positioned in a inner ring surrounded by the outer ring, with interconnection elements representing communications between policy objects extending within an interior area.

公开(公告)号：US20220303246A1

公开(公告)日：2022-09-22

申请号：US16652643

申请日：2020-02-27

Applicant: Juniper Networks, Inc.

Inventor： Prasad Miriyala ,  Aniket G. Daptari ,  Fei Chen ,  Pranavadatta D N ,  Kiran K N ,  Jeffrey S. Marshall ,  Prakash T. Seshadri

IPC: H04L9/40 ,  H04L41/0894 ,  H04L12/46 ,  H04L45/76 ,  G06F9/455

Abstract: Techniques are disclosed for redirecting network traffic of virtualized application workload to a host-based firewall. For example, a system comprises a software defined networking (SDN) controller of a multi-tenant virtualized data center configured to: receive a security policy expressed as one or more tags to redirect traffic of a virtualized application workload to a host-based firewall (HBF) of the multi-tenant virtualized data center; configure network connectivity to the HBF in accordance with the security policy; a security controller that manages the HBF configured to: obtain the one or more tags from the SDN controller; receive one or more firewall policies expressed in terms of the one or more tags, wherein each of the one or more firewall policies specifies a function of the HBF; and configure the function of the HBF in accordance with the one or more firewall policies.

公开(公告)号：US11418546B1

公开(公告)日：2022-08-16

申请号：US17009631

申请日：2020-09-01

Applicant: Juniper Networks, Inc.

Inventor： Prasad Miriyala ,  Aniket G. Daptari

IPC: H04L29/06 ,  H04L9/40

Abstract: Techniques are disclosed for implementing scalable port range policies across a plurality of categories that support application workloads. In one example, a policy agent receives, from a centralized controller for a computer network, a plurality of policies. Each policy of the plurality of policies includes one or more policy rules, and each of the one or more policy rules specifies one or more tags specifying one or more dimensions for application workloads executed by the one or more computing devices and a corresponding port range. The policy agent assigns, based on a policy rule, a port range specified by the policy rule to objects of the one or more computing devices that belong to categories described by the one or more dimensions of the one or more tags of the policy rule. The categories support the application workloads and are assigned to the tags by a centralized controller.

公开(公告)号：US11323487B1

公开(公告)日：2022-05-03

申请号：US16947570

申请日：2020-08-06

Applicant: Juniper Networks, Inc.

Inventor： Prasad Miriyala ,  Anish Mehta

IPC: H04L9/40 ,  H04L29/06 ,  H04L67/10

Abstract: Techniques are disclosed for implementing scalable policies across a plurality of categories that support application workloads. In one example, a policy controller assigns to the plurality of categories tags specifying one or more of a plurality of dimensions. The policy controller distributes a plurality of policies to policy agents for the plurality of categories. Each policy includes one or more policy rules, and each policy rule includes one or more tags specifying one or more of the plurality of dimensions. For each policy rule, the policy agents allow or deny a traffic flow between objects that belong to categories of the plurality of categories described by the one or more dimensions of a respective tag of the policy rule.

公开(公告)号：US11216309B2

公开(公告)日：2022-01-04

申请号：US16444971

申请日：2019-06-18

Applicant: Juniper Networks, Inc.

Inventor： Charles Arthur Piercey ,  Aniket G. Daptari ,  Prasad Miriyala ,  Erwin Daria ,  William Stuart Mackie

IPC: G06F9/455 ,  G06F9/50

Abstract: An example method includes receiving a resource request for at least one compute and/or storage resource from a distributed computing system distributed among multiple data centers, determining a resource policy that is associated with the resource request, wherein the resource policy includes a rule specifying at least one metadata tag and at least one criterion associated with the at least one metadata tag, identifying at least one object included in a resource object model that complies with the rule of the resource policy, wherein the at least one object has an assigned value for the metadata tag that satisfies the at least one criterion, selecting a data center that is associated with the at least one object identified from the resource object model, and deploying, on the selected data center, the at least one compute or storage resource.