公开(公告)号：US11088871B1

公开(公告)日：2021-08-10

申请号：US16788072

申请日：2020-02-11

Applicant: Juniper Networks, Inc.

Inventor： Wen Lin ,  Ravi Shekhar ,  Vamshi Krishna Voruganti ,  Aldrin Isaac ,  SelvaKumar Sivaraj ,  Sean A. Mentzer ,  John E. Drake

IPC: H04L12/46 ,  H04L29/12 ,  H04L12/66 ,  H04L12/723

Abstract: A first provider edge device may receive device information from a second provider edge device included in an Ethernet virtual private network (EVPN). The device information may identify a media access control (MAC) address and may indicate that the device is connected to the second provider edge device. The first provider edge device may receive data transmitted by the device and may determine, based on information included in the data, that the device has moved from the second provider edge device to the first provider edge device. The first provider edge device may generate a data packet including mobility information indicating that the device has moved to the first provider edge device. The first provider edge device may transmit, via a data plane of the EVPN, the data packet to the second provider edge device to permit the second provider edge device to update routing information for the device.

公开(公告)号：US11082337B2

公开(公告)日：2021-08-03

申请号：US16395656

申请日：2019-04-26

Applicant: Juniper Networks, Inc.

Inventor： John E. Drake

IPC: H04L12/26 ,  H04L12/46 ,  H04L12/715 ,  H04L12/66 ,  H04L12/751 ,  H04L12/741

Abstract: Techniques are described for supporting multiple virtual networks over an underlay network. The techniques may provide support for network slicing and enhanced virtual private networks (VPNs) over the underlay network. In general, the techniques include allocating a subset of resources (e.g., nodes and/or links) of the underlay network to a particular virtual network, and advertising the subset of resources to provider edge (PE) routers that are participating in the virtual network. A network controller device may advertise the subset of resources for the virtual network to the respective PE routers using BGP-LS (Border Gateway Protocol-Link State). Based on the advertisements, each of the PE routers generates a restricted view of the full underlay network topology for the virtual network and, thus, only uses the subset of resources in the restricted view to generate routing and forwarding tables for the virtual network.

公开(公告)号：US10116464B2

公开(公告)日：2018-10-30

申请号：US14675202

申请日：2015-03-31

Applicant: Juniper Networks, Inc.

Inventor： Wen Lin ,  John E. Drake ,  Zhaohui Zhang

IPC: H04L12/46 ,  H04L12/18 ,  H04L12/761 ,  H04L12/721

Abstract: The techniques of this disclosure may improve multicast forwarding in an Ethernet Virtual Private Network when delivering multicast traffic to receivers on a different IP subnet than the multicast source. A method may include configuring first and second layer-2 domains to forward network traffic; configuring a first layer-3 Integrated Routing and Bridging (IRB) interface for the first layer-2 domain and a second layer-3 IRB interface for the second layer 2 domain; receiving a multicast packet from a multicast source device, the multicast source device being included in the first layer-2 domain, the multicast packet having a multicast receiver device in the second layer-2 domain; and forwarding, using the first and second layer-3 IRB interfaces, the multicast packet to the multicast receiver device, without receiving the multicast packet from another provider edge router that has been elected as the designated router on the second IRB interface for the second layer-2 domain.

公开(公告)号：US20170288970A1

公开(公告)日：2017-10-05

申请号：US15083732

申请日：2016-03-29

Applicant: Juniper Networks, Inc.

Inventor： Wen Lin ,  John E. Drake ,  Sunil Kumar Malali ,  Kapil Arora ,  Vikram Nagarajan

IPC: H04L12/24

CPC classification number: H04L41/12 ,  H04L12/46 ,  H04L12/4625 ,  H04L45/02 ,  H04L45/54 ,  H04L45/64 ,  H04L45/66 ,  H04L61/2084 ,  H04L61/6004 ,  H04L61/6022

Abstract: The techniques described are directed to providing mass withdrawal of media access control (MAC) routes for network devices in an Ethernet virtual private network data center interconnect (EVPN DCI). MAC routes to reach the learned MAC addresses are stored in routing tables with corresponding top-of-rack Ethernet segment identifier (TOR-ESI) values that represent the Ethernet segments from where the MAC addresses were learned. A provider edge (PE) network device may configure and advertise a virtual Ethernet segment identifier (vESI) that includes a plurality of TOR-ESI values. As Ethernet segments of the data center become unavailable, the corresponding TOR-ESI values may be withdrawn from the vESI to form an updated vESI. In this way, MAC routes having a TOR-ESI value that was withdrawn from the vESI may be removed from the routing tables in each of the network devices.

公开(公告)号：US09660860B1

公开(公告)日：2017-05-23

申请号：US14585303

申请日：2014-12-30

Applicant: Juniper Networks, Inc.

Inventor： Yakov Rekhter ,  Raveendra Torvi ,  Ravi Singh ,  Minjie Dai ,  John E. Drake ,  Vishnu Pavan Kumar Beeram ,  Yimin Shen ,  Harish Sitaraman ,  Chandrasekar Ramachandran

IPC: H04L12/26 ,  H04L12/24 ,  H04L12/723

CPC classification number: H04L45/50 ,  H04L41/0631 ,  H04L41/0659 ,  H04L45/28

Abstract: In general, techniques are described for a path computation delay timer for multi-protocol label switched networks. As an example, an ingress network device configured to act as an ingress for a label switched path (LSP) may perform the techniques. The ingress network device comprises an interface and a processor. The interface may receive a message indicating an error along the LSP. The processor may delay an operation performed to configure a replacement LSP to be used in place of the LSP in order to provide time during which a cause of the error along the LSP is able to be determined. When the cause of the error is determined to be a failure of a network device supporting operation of the LSP, the processor may further perform the operation to configure the replacement LSP with the ingress network device such that the replacement LSP avoids the failed network device.

公开(公告)号：US11706193B2

公开(公告)日：2023-07-18

申请号：US17397848

申请日：2021-08-09

Applicant: Juniper Networks, Inc.

Inventor： Weimin Ji ,  John E. Drake ,  Jeffrey M. Haas

IPC: G06F9/00 ,  G06F15/16 ,  G06F17/00 ,  H04L9/40 ,  H04L41/0668

CPC classification number: H04L63/0209 ,  H04L41/0668

Abstract: Example security systems for use between at least one upstream router and at least one downstream router, are described. A group or pool of security devices can be used to provide stateful security to bidirectional packet flows between upstream and downstream routers. The packets of the bidirectional flows are forwarded to particular security devices based on a consistent hash ring process. For a given flow, bidirectional state information is synchronized among some, but not all, of the security devices. The security devices among which such bidirectional flow state information is shared are determined using the same consistent hash ring process.

公开(公告)号：US11677586B1

公开(公告)日：2023-06-13

申请号：US17443500

申请日：2021-07-27

Applicant: Juniper Networks, Inc.

Inventor： Wen Lin ,  Ravi Shekhar ,  Vamshi Krishna Voruganti ,  Aldrin Isaac ,  SelvaKumar Sivaraj ,  Sean A. Mentzer ,  John E. Drake

IPC: H04L12/46 ,  H04L45/50 ,  H04L12/66 ,  H04L61/5007 ,  H04L101/622

CPC classification number: H04L12/4641 ,  H04L12/66 ,  H04L45/50 ,  H04L61/5007 ,  H04L2101/622

Abstract: A first provider edge device may receive device information from a second provider edge device included in an Ethernet virtual private network (EVPN). The device information may identify a media access control (MAC) address and may indicate that the device is connected to the second provider edge device. The first provider edge device may receive data transmitted by the device and may determine, based on information included in the data, that the device has moved from the second provider edge device to the first provider edge device. The first provider edge device may generate a data packet including mobility information indicating that the device has moved to the first provider edge device. The first provider edge device may transmit, via a data plane of the EVPN, the data packet to the second provider edge device to permit the second provider edge device to update routing information for the device.

公开(公告)号：US20230037516A1

公开(公告)日：2023-02-09

申请号：US17397848

申请日：2021-08-09

Applicant: Juniper Networks, Inc.

Inventor： Weimin Ji ,  John E. Drake ,  Jeffrey M. Haas

IPC: H04L29/06 ,  H04L12/24

Abstract: Example security systems for use between at least one upstream router and at least one downstream router, are described. A group or pool of security devices can be used to provide stateful security to bidirectional packet flows between upstream and downstream routers. The packets of the bidirectional flows are forwarded to particular security devices based on a consistent hash ring process. For a given flow, bidirectional state information is synchronized among some, but not all, of the security devices. The security devices among which such bidirectional flow state information is shared are determined using the same consistent hash ring process.

公开(公告)号：US11570086B2

公开(公告)日：2023-01-31

申请号：US17249163

申请日：2021-02-22

Applicant: Juniper Networks, Inc.

Inventor： Wen Lin ,  John E. Drake

IPC: H04L45/16 ,  H04L45/02 ,  H04L45/00 ,  H04L45/50 ,  H04L47/32

Abstract: Techniques are described for providing fast reroute for BUM traffic in EVPN. For example, a first provider edge (PE) device, elected as a designated forwarder (DF) of an Ethernet segment, configures a backup path using a label received from a second PE device of the Ethernet segment (e.g., backup DF) that identifies the second PE device as a “protector” of the Ethernet segment. For example, a routing component of the DF configures within a forwarding component a backup path to the second PE device, e.g., installing the label and operation(s) within the forwarding component to cause the forwarding component to add the label to BUM packets received from a core network. Therefore, when an access link to the local CE device has failed, the DF reroutes BUM packets from the core network via the backup path to the second PE device, which sends the BUM packets to the CE device.

公开(公告)号：US20220321458A1

公开(公告)日：2022-10-06

申请号：US17301351

申请日：2021-03-31

Applicant: Juniper Networks, Inc.

Inventor： Wen Lin ,  Yi Zheng ,  Mukesh Kumar ,  Xichun Hong ,  SelvaKumar Sivaraj ,  Vamshi Krishna Voruganti ,  John E. Drake

IPC: H04L12/703 ,  H04L12/46 ,  H04L12/24

Abstract: Techniques are described for providing fast reroute for traffic in EVPN-VXLAN. For example, a backup PE device of an Ethernet segment is configured with an additional tunnel endpoint address (“reroute tunnel endpoint address”) for a backup path associated with a second split-horizon group that is different than a tunnel endpoint address and first split-horizon group for another path used for normal traffic forwarding. The backup PE device sends the reroute tunnel endpoint address to a primary PE device of the Ethernet segment, which uses the reroute tunnel endpoint address to configure a backup path to the backup PE device over the core network. For example, the primary PE device may install the reroute tunnel endpoint address within its forwarding plane and one or more operations to cause the primary PE device to encapsulate a VXLAN header including the reroute tunnel endpoint address when rerouting the packet along the backup path.