公开(公告)号：US10805202B1

公开(公告)日：2020-10-13

申请号：US16258310

申请日：2019-01-25

Applicant: Juniper Networks, Inc.

Inventor： Sharmila Koppula ,  Sri Karthik Goud Gadela ,  Sreekanth Rupavatharam

IPC: H04L12/755 ,  H04L12/741 ,  H04L12/733 ,  H04L12/721 ,  H04L12/747 ,  H04L12/749

Abstract: A method includes receiving, by processing circuitry of a first network device, an indication of a logical address associated with an interface to a second network device and adding, by the processing circuitry, an entry to a forwarding table of the first network device, the entry in the forwarding table specifying the logical address. The method further includes adding, by the processing circuitry, an entry to a resolver database of the first network device to which the entry in the forwarding table specifying the logical address points and resolving, by the processing circuitry, the logical address to a hardware address of the second network device. In response to determining an existing next hop entry of a next hop database of the first network device corresponds to the hardware address of the second network device, the method includes pointing, by the processing circuitry, the entry in the resolver database to the existing next hop entry in the next hop database without adding an additional entry to the next hop database for the second network device.

公开(公告)号：US10797983B1

公开(公告)日：2020-10-06

申请号：US16000483

申请日：2018-06-05

Applicant: Juniper Networks, Inc.

Inventor： Prashant Singh ,  Sreekanth Rupavatharam

IPC: H04L12/26 ,  G06F8/65 ,  G06F11/36 ,  H04L29/06

Abstract: A disclosed method may include (1) determining that a packet traversing a network device has been selected for conditional tracing by (A) comparing a characteristic of the packet against a firewall rule that calls for all packets exhibiting the characteristic to be conditionally debugged while traversing the network device and (B) determining, based at least in part on the comparison, that the firewall rule applies to the packet due at least in part to the packet exhibiting the characteristic, (2) tracing a journey of the packet within the network device in response to the determination by collecting information about the packet's journey through a network stack of the network device, and then (3) performing at least one action on the network device based at least in part on the information collected about the packet's journey through the network stack. Various other systems, methods, and computer-readable media are also disclosed.

公开(公告)号：US10362070B1

公开(公告)日：2019-07-23

申请号：US15241834

申请日：2016-08-19

Applicant: Juniper Networks, Inc.

Inventor： Sreekanth Rupavatharam ,  Hariprasad Shanmugam ,  Erin C. MacNeil

IPC: H04L29/06 ,  H04L5/00 ,  H04L29/08

Abstract: The disclosed method may include (1) receiving a synchronize message from a computing device to initiate synchronization between the computing device and a server with respect to a communication protocol, (2) notifying an application in user space on the server of the synchronize message such that the application in user space selects at least one attribute to be applied to a communication session resulting from the synchronization between the computing device and the server, (3) sending a synchronize acknowledgment that identifies the attribute selected by the application in user space to the computing device to further the synchronization between the computing device and the server, and then (4) establishing the communication session with the attribute selected by the application in user space upon receiving an acknowledgment message from the computing device to complete the synchronization. Various other methods, systems, and apparatuses are also disclosed.

公开(公告)号：US10348652B2

公开(公告)日：2019-07-09

申请号：US15418717

申请日：2017-01-28

Applicant: Juniper Networks, Inc.

Inventor： Erin C. MacNeil ,  Sreekanth Rupavatharam ,  Hariprasad Shanmugam

IPC: G06F3/06 ,  G06F9/54 ,  H04L12/879 ,  H04L12/46 ,  H04L29/06 ,  H04L12/935

Abstract: The disclosed computer-implemented method may include (1) identifying, in kernel space on a network device, a packet that is destined for a remote device, (2) passing, along with the packet, metadata for the packet to a packet buffer in kernel space on the network device, (3) framing, by the kernel module in kernel space, the packet such that the packet egresses via a tunnel interface driver on the network device, (4) encapsulating, by the tunnel interface driver, the packet with the metadata, and then (5) forwarding, by the tunnel interface driver, the packet to the remote device based at least in part on the metadata with which the packet was encapsulated. Various other methods, systems, and computer-readable media are also disclosed.

公开(公告)号：US11388141B1

公开(公告)日：2022-07-12

申请号：US15938857

申请日：2018-03-28

Applicant: Juniper Networks, Inc.

Inventor： Sreekanth Rupavatharam ,  Karen Zhang ,  Prashant Singh

IPC: H04L9/40

Abstract: The disclosed apparatus may include (1) flagging, at a packet filter within a network device, a packet to be discarded instead of passed to a processing unit within the network device, (2) determining that the packet is part of a set of related packets that includes at least one additional packet destined at least intermediately for the network device, (3) identifying, by monitoring incoming packets received at the packet filter, the additional packet within the set of related packets, and then (4) discarding, due to the additional packet being included within the set of related packets, the additional packet instead of passing the additional packet to the processing unit. Various other apparatuses, systems, and methods are also disclosed.

公开(公告)号：US11388140B1

公开(公告)日：2022-07-12

申请号：US16940425

申请日：2020-07-28

Applicant: Juniper Networks, Inc.

Inventor： Prashant Singh ,  Sreekanth Rupavatharam ,  Hariprasad Shanmugam ,  Erin MacNeil

IPC: H04L9/40 ,  H04L69/22 ,  H04L69/329

Abstract: A disclosed method may include (1) receiving a packet at a tunnel driver in kernel space on a routing engine of a network device, (2) identifying, at the tunnel driver, metadata of the packet that indicates whether at least one firewall filter had already been correctly applied to the packet before the packet arrived at the tunnel driver, (3) determining, based at least in part on the metadata of the packet, that the firewall filter had not been correctly applied to the packet before the packet arrived at the tunnel driver, and then in response to determining that the firewall filter had not been correctly applied to the packet, (4) invoking at least one firewall filter hook that applies at least one firewall rule on the packet before the packet is allowed to exit kernel space on the routing engine. Various other apparatuses, systems, and methods are also disclosed.

公开(公告)号：US11252091B1

公开(公告)日：2022-02-15

申请号：US16678989

申请日：2019-11-08

Applicant: Juniper Networks, Inc.

Inventor： Prashant Singh ,  Sreekanth Rupavatharam

IPC: H04L1/00 ,  H04L12/813 ,  H04L12/26 ,  G06N20/00 ,  H04L12/24 ,  H04L29/08

Abstract: A network device may obtain policer configuration information. The network device may determine, based on the policer configuration information, a traffic rate limit associated with a traffic protocol type. The network device may obtain, based on the traffic protocol type, networking data associated with the traffic protocol type. The network device may determine, based on the networking data, an expected traffic rate associated with the traffic protocol type. The network device may update, based on the expected traffic rate, the traffic rate limit. The network device may cause traffic associated with the traffic protocol type to be policed based on the updated traffic rate limit.

公开(公告)号：US10742570B1

公开(公告)日：2020-08-11

申请号：US15447658

申请日：2017-03-02

Applicant: Juniper Networks, Inc.

Inventor： Sreekanth Rupavatharam ,  Erin C. MacNeil ,  Hariprasad Shanmugam

IPC: H04L12/935 ,  H04L12/713 ,  H04L12/741

Abstract: A device may receive, from the packet processing component and through an internal interface, a packet that includes a virtual routing and forwarding (VRF) interface identifier associated with a VRF interface of a virtual device. The internal interface may be associated with multiple external interfaces. The device may modify a value identifying an incoming interface via which the packet is received after receiving the packet that includes the VRF interface identifier. The modified value may be associated with the virtual device, and the modified value may allow an upper communication layer to determine that the packet is associated with the virtual device. The device may provide the packet to the upper communication layer after modifying the value identifying the incoming interface via which the packet is received to permit the upper communication layer to forward the packet to a destination.

公开(公告)号：US10735282B1

公开(公告)日：2020-08-04

申请号：US16024496

申请日：2018-06-29

Applicant: Juniper Networks, Inc.

Inventor： Prashant Singh ,  Sreekanth Rupavatharam ,  Erin C. MacNeil

IPC: H04L12/26 ,  H04L29/06 ,  H04L12/24 ,  H04L12/823

Abstract: A disclosed method may include (1) detecting, at a network stack of a network device, a packet that (A) is destined at least intermediately for a network interface of the network device and (B) has been flagged by the network stack to be dropped instead of forwarded to the network interface based on at least one characteristic of the packet, (2) instead of dropping the packet, forwarding the packet to an alternative network interface of the network device that analyzes content of packets, (3) identifying, at the alternative network interface, the characteristic of the packet, and then (4) executing, based on the characteristic of the packet, at least one action in connection with the packet that improves the performance of the network device. Various other apparatuses, systems, and methods are also disclosed.

公开(公告)号：US10474518B1

公开(公告)日：2019-11-12

申请号：US15370369

申请日：2016-12-06

Applicant: Juniper Networks, Inc.

Inventor： Sreekanth Rupavatharam

IPC: G06F11/00 ,  G06F11/07 ,  G06F11/36

Abstract: A device may receive information related to an operation of the device during each of multiple time intervals. The device may store, for each time interval of the multiple time intervals, the information in a respective slot of a circular buffer that includes multiple slots. The circular buffer may be used to store a historical record of the information in one or more of the multiple slots. The historical record may be provided from the circular buffer during a dump of the device. The device may provide the historical record during the dump of the device based on storing the historical record of the information in the one or more of the multiple slots.