公开(公告)号：US09391958B2

公开(公告)日：2016-07-12

申请号：US14318830

申请日：2014-06-30

Applicant: JUNIPER NETWORKS, INC.

Inventor： Venkatasubramanian Swaminathan ,  Deepak Goel ,  Jianhui Huang ,  John Keen ,  Jean-Marc Frailong ,  Srinivasan Jagannadhan ,  Srilakshmi Adusumalli

IPC: H04L29/06

CPC classification number: H04L63/0263 ,  H04L63/02 ,  H04L63/0209

Abstract: A firewall device may include a forwarding component that includes a filter block. The filter block may obtain a first hardware-implemented filter, where a hardware implementation limits the first hardware-implemented filter to a maximum quantity of rules; determine whether a last rule associated with the accessed hardware-implemented filter includes a split-filter action, where the split-filter action identifies a second hardware-implemented filter; and link the second hardware-implemented filter to the first hardware-implemented filter to make the second hardware-implemented filter a logical continuation of the first hardware-implemented filter, in response to determining that the last rule includes the split-filter action. The filter block may further determine whether a particular rule of the first hardware-implemented filter includes a next-filter action, where the next filter action identifies a third hardware-implemented filter; and process the third hardware-implemented filter independently of the sequence of hardware attachment points.

Abstract translation: 防火墙设备可以包括包括过滤器块的转发组件。 滤波器块可以获得第一硬件实现的滤波器，其中硬件实现将第一硬件实现的滤波器限制为最大数量的规则; 确定与所访问的硬件实现的过滤器相关联的最后规则是否包括拆分过滤器动作，其中分割过滤器动作标识第二硬件实现的过滤器; 以及响应于确定所述最后一个规则包括所述分割过滤器动作，将所述第二硬件实现的过滤器链接到所述第一硬件实现的过滤器，以使得所述第二硬件实现的过滤器是所述第一硬件实现的过滤器的逻辑延续。 滤波器块还可以确定第一硬件实现的滤波器的特定规则是否包括下一个滤波器动作，其中下一个滤波器动作识别第三硬件实现的滤波器; 并且独立于硬件连接点的顺序处理第三个硬件实现的过滤器。

公开(公告)号：US09531622B1

公开(公告)日：2016-12-27

申请号：US14718913

申请日：2015-05-21

Applicant: Juniper Networks, Inc.

Inventor： Jaihari V. Loganathan ,  Srinivasan Jagannadhan

IPC: H04L12/66 ,  H04L12/26 ,  H04L12/713

CPC classification number: H04L43/50 ,  H04L12/4641 ,  H04L45/02 ,  H04L45/586

Abstract: In some embodiments, an apparatus includes a first network control entity within a control plane of a switch fabric system. The first network control entity is configured to receive a first test signal including a test instruction to be implemented within the switch fabric system. The first network control entity is configured to send a second test signal including the test instruction to a second network control entity such that the second network control entity implements the test instruction for a predetermined amount of time.

公开(公告)号：US09413660B1

公开(公告)日：2016-08-09

申请号：US14312283

申请日：2014-06-23

Applicant: Juniper Networks, Inc.

Inventor： Deepak Goel ,  Ramesh Kumar Panwar ,  Srinivasan Jagannadhan

IPC: H04L12/28 ,  H04L12/741

CPC classification number: H04L45/745 ,  H04L45/302

Abstract: In one embodiment, a method includes receiving a value associated with a data packet and identifying a data set based on the value. The data set is associated with a range of values and represents routing actions. The data set is a first data set from a plurality of data sets if the value is included in the range of values associated with the first data set. The data set is a default data set if the value is not included in a range of values associated with a data set from the plurality of data sets. The method includes combining the first data set with the default data set if the first data set is identified. The method includes combining the default data set with an except data set if the default data set is identified.

Abstract translation: 在一个实施例中，一种方法包括接收与数据分组相关联的值并基于该值识别数据集。 数据集与值的范围相关联，并表示路由动作。 如果该值包括在与第一数据集相关联的值的范围内，则数据集是来自多个数据集的第一数据集。 如果该值不包括在与多个数据集中的数据集相关联的值的范围内，则数据集是默认数据集。 该方法包括如果识别出第一数据集，则将第一数据集合与默认数据集合。 该方法包括如果识别出默认数据集，则将默认数据集与除数据集合组合。