公开(公告)号：US12143385B2

公开(公告)日：2024-11-12

申请号：US18166893

申请日：2023-02-09

Applicant: Juniper Networks, Inc.

Inventor： Prasad Miriyala ,  Sajeesh Mathew ,  Kannan Varadhan

IPC: H04L9/40 ,  G06F21/62 ,  H04L29/06

Abstract: In some examples, an access control policy controller in a computer network may receive a request to create an access control policy that permits a role to perform one or more functions in the computer network. The access control policy controller may determine one or more operations performed on one or more objects in the computer network to perform the one or more functions based at least in part on tracking performance of the one or more functions in the computer network. The access control policy controller may create the access control policy for the role that permits the role to perform the one or more operations on the one or more objects in the computer network.

公开(公告)号：US12034652B2

公开(公告)日：2024-07-09

申请号：US17809659

申请日：2022-06-29

Applicant: Juniper Networks, Inc.

Inventor： Michael Henkel ,  Prasad Miriyala ,  Édouard Thuleau ,  Nagendra Prasath Maynattamai Prem Chandran ,  Atul S Moghe

IPC: H04L49/00 ,  H04L41/40

CPC classification number: H04L49/70 ,  H04L41/40

Abstract: In general, techniques are described for a creating a virtual network router within a software defined network (SDN) architecture. A network controller for the SDN architecture system may include processing circuitry that is configured to execute a configuration node and a control node. The configuration node may process a request by which to create a virtual network router (VNR), where the virtual network router may cause the network controller to interconnect a first virtual network (VN) and a second VN. The VNR may represent a logical abstraction of one or more policies that cause import and/or export of routing information between the first VN and the second VN. The control node configures the first VN and the second VN according to the one or more policies to enable the import and/or the export of routing information between the first VN and the second VN via the VNR.

公开(公告)号：US20240223454A1

公开(公告)日：2024-07-04

申请号：US18313131

申请日：2023-05-05

Applicant: Juniper Networks, Inc.

Inventor： Prasad Miriyala ,  FNU Nadeem ,  Sayali Mane ,  Ankur Tandon ,  Sajeesh Mathew ,  Pranav Cherukupalli ,  Khushi Vaidya

IPC: H04L41/0894 ,  H04L41/0681

CPC classification number: H04L41/0894 ,  H04L41/0681

Abstract: In an example, a validation system comprises processing circuitry having access to a storage device and is configured to obtain flow records indicative of packet flows among workloads deployed to a cluster of one or more computing devices configured with a network policy, wherein each flow record of the flow records indicates a corresponding packet flow was allowed or denied by the cluster; receive an updated network policy; determine whether a corresponding packet flow for a flow record of the flow records has a discrepancy with the updated network policy; and in response to determining the corresponding packet flow for the flow record of the flow records has a discrepancy with the updated network policy, output an indication of an error.

公开(公告)号：US20240176878A1

公开(公告)日：2024-05-30

申请号：US18459036

申请日：2023-08-30

Applicant: Juniper Networks, Inc.

Inventor： Ajit Krishna Patankar ,  Kihwan Han ,  Prasad Miriyala ,  Mansi Joshi ,  Shruti Jadon ,  Deepak Kumar Naik ,  Maria Charles Maria Selvam

IPC: G06F21/55

CPC classification number: G06F21/554 ,  G06F2221/034

Abstract: An example system for performing root cause analysis for a plurality of network devices includes one or more processors implemented in circuitry and configured to: receive telemetry data from the plurality of network devices; apply an artificial intelligence (AI) anomaly detection model, trained on historical telemetry data to detect anomalies in the historical telemetry data, to the received telemetry data to detect one or more anomalies in the received telemetry data; and apply an AI root cause analysis mode, trained on historical data, to the anomalies to determine a root cause of an issue causing the one or more anomalies.

公开(公告)号：US20230336414A1

公开(公告)日：2023-10-19

申请号：US18341186

申请日：2023-06-26

Applicant: Juniper Networks, Inc.

Inventor： Prasad Miriyala ,  Rosh Perumpully Ramadass ,  FNU Nadeem

IPC: H04L45/42 ,  H04L9/40 ,  G06F9/38 ,  G06F9/50 ,  G06F9/54 ,  H04L41/0813 ,  H04L41/0866 ,  H04L41/40 ,  H04L41/0803 ,  H04L69/00

CPC classification number: H04L41/0813 ,  G06F9/3877 ,  G06F9/505 ,  G06F9/5072 ,  G06F9/541 ,  H04L41/0803 ,  H04L41/0866 ,  H04L41/40 ,  H04L45/42 ,  H04L63/0263 ,  H04L69/03

Abstract: In an example, a method comprises obtaining, by a policy controller from a first SDN architecture system, flow metadata for packet flows exchanged among workloads of a distributed application deployed to the first SDN architecture system; identifying, using flow metadata for a packet flow of the packet flows, a source endpoint workload and a destination endpoint workload of the packet flow; generating a network policy rule to allow packet flows from the source endpoint workload to the destination endpoint workload of the packet flow; and adding the network policy rule to a configuration repository as configuration data for a second SDN architecture system to cause a deployment system to configure the second SDN architecture system with the network policy rule to allow packet flows from the source endpoint workload to the destination endpoint workload when the distributed application is deployed to the second SDN architecture system.

公开(公告)号：US11700237B2

公开(公告)日：2023-07-11

申请号：US17301279

申请日：2021-03-30

Applicant: Juniper Networks, Inc.

Inventor： Prasad Miriyala ,  Sundaresan Rajangam ,  Miraj Subhashbhai Kheni ,  Suresh B Akula

IPC: H04L29/06 ,  H04L12/24 ,  H04L12/859 ,  H04L9/40 ,  H04L41/0806 ,  H04L41/0893 ,  H04L41/142 ,  H04L47/2475 ,  H04L45/586

CPC classification number: H04L63/0263 ,  H04L41/0806 ,  H04L41/0893 ,  H04L41/142 ,  H04L47/2475 ,  H04L63/20 ,  H04L45/586

Abstract: Techniques are disclosed for generating intent-based policies and applying the policies to traffic of a computer network. In one example, a policy controller for the computer network receives traffic statistics for traffic flows among a plurality of application workloads executed by a first set of computing devices. The policy controller correlates the traffic statistics into session records for the plurality of application workloads. The policy controller generates, based on the session records for the application workloads, application firewall policies for the application workloads. Each of the application firewall policies define whether traffic flows between application workloads are to be allowed or denied. The policy controller distributes the application firewall policies to a second set of one or more computing devices for application to traffic flows between instances of the application workloads.

公开(公告)号：US20230188526A1

公开(公告)日：2023-06-15

申请号：US18166893

申请日：2023-02-09

Applicant: Juniper Networks, Inc,

Inventor： Prasad Miriyala ,  Sajeesh Mathew ,  Kannan Varadhan

IPC: H04L9/40 ,  G06F21/62

CPC classification number: H04L63/101 ,  G06F21/6209

Abstract: In some examples, an access control policy controller in a computer network may receive a request to create an access control policy that permits a role to perform one or more functions in the computer network. The access control policy controller may determine one or more operations performed on one or more objects in the computer network to perform the one or more functions based at least in part on tracking performance of the one or more functions in the computer network. The access control policy controller may create the access control policy for the role that permits the role to perform the one or more operations on the one or more objects in the computer network.

公开(公告)号：US11658933B2

公开(公告)日：2023-05-23

申请号：US17247957

申请日：2020-12-31

Applicant: Juniper Networks, Inc.

Inventor： Sangarshan Pillareddy ,  Yuvaraja Mariappan ,  James Nicholas Davey ,  Prasad Miriyala ,  Richard Roberts ,  Margarida Correia ,  Nagendra E S ,  Haji Mohamed Ashraf Ali

IPC: H04L12/46 ,  H04L61/103 ,  H04L45/745 ,  G06N20/00 ,  H04L61/5007 ,  H04L101/622

CPC classification number: H04L61/103 ,  G06N20/00 ,  H04L12/4641 ,  H04L45/745 ,  H04L61/5007 ,  H04L2101/622

Abstract: Techniques are described for learning an unknown virtual network information, such as an virtual Internet Protocol (IP) address, of a pod in a virtual network. In some examples, a virtual router executing at a computing device may receive an Address Resolution Protocol (ARP) packet from a virtual execution element in the virtual network, the virtual execution element executing at the computing device. The virtual router may determine, based at least in part on the ARP packet, whether virtual network information for the virtual execution element in a virtual network is known to the virtual router. The virtual router may, in response to determining that the virtual network information of the virtual execution element in the virtual network is not known to the virtual router, perform learning of the virtual network information for the virtual execution element.

公开(公告)号：US20230123775A1

公开(公告)日：2023-04-20

申请号：US17657596

申请日：2022-03-31

Applicant: Juniper Networks, Inc.

Inventor： Mahesh Sivakumar ,  FNU Nadeem ,  Srinivas Akkipeddi ,  Michael Henkel ,  Prasad Miriyala ,  Gurminder Singh ,  Édouard Thuleau ,  Atul S Moghe ,  Joseph Williams ,  Ignatious Johnson Christober ,  Jeffrey S. Marshall ,  Nagendra Maynattamai ,  Dale Davis

IPC: H04L41/40 ,  H04L41/0803

Abstract: In an example, a method includes processing, by an application programming interface (API) server implemented by a configuration node of a network controller for a software-defined networking (SDN) architecture system, requests for operations on native resources of a container orchestration system; processing, by a custom API server implemented by the configuration node, requests for operations on custom resources for SDN architecture configuration, wherein each of the custom resources for SDN architecture configuration corresponds to a type of configuration object in the SDN architecture system; detecting, by a control node of the network controller, an event on an instance of a first custom resource of the custom resources; and by the control node, in response to detecting the event on the instance of the first custom resource, obtaining configuration data for the instance of the first custom resource and configuring a corresponding instance of a configuration object in the SDN architecture.

公开(公告)号：US11595393B2

公开(公告)日：2023-02-28

申请号：US16836410

申请日：2020-03-31

Applicant: Juniper Networks, Inc.

Inventor： Prasad Miriyala ,  Sajeesh Mathew ,  Kannan Varadhan

IPC: H04L9/40 ,  G06F21/62 ,  H04L29/06

Abstract: In some examples, an access control policy controller in a computer network may receive a request to create an access control policy that permits a role to perform one or more functions in the computer network. The access control policy controller may determine one or more operations performed on one or more objects in the computer network to perform the one or more functions based at least in part on tracking performance of the one or more functions in the computer network. The access control policy controller may create the access control policy for the role that permits the role to perform the one or more operations on the one or more objects in the computer network.