公开(公告)号：US20160156668A1

公开(公告)日：2016-06-02

申请号：US15014611

申请日：2016-02-03

Applicant: Juniper Networks, Inc.

Inventor： Michael E. KNAPPE ,  Joe TOMASELLO ,  Krishna NARAYANASWAMY ,  Alexander S. WATERMAN

IPC: H04L29/06

CPC classification number: H04L63/20 ,  H04L63/0236 ,  H04L63/0281 ,  H04L63/12

Abstract: A network device is configured to receive network traffic associated with an application executing on a user device; identify, based on the network traffic, an application identifier associated with the application; determine whether the application identifier matches one of a set of application identifiers stored by the network device; identify a policy based on the application identifier when the application identifier matches one of the set of application identifiers; and apply the policy to the network traffic associated with the application. The policy may be obtained from another network device, in communication with the network device, when the application identifier does not match one of the set of application identifiers.

Abstract translation: 网络设备被配置为接收与在用户设备上执行的应用相关联的网络流量; 基于所述网络流量识别与所述应用相关联的应用标识符; 确定应用标识符是否匹配网络设备存储的一组应用标识符之一; 当所述应用标识符与所述应用标识符集合中的一者匹配时，基于所述应用标识符识别策略; 并将策略应用于与应用程序相关联的网络流量。 当应用标识符与一组应用标识符不匹配时，该策略可以从与网络设备通信的另一网络设备获得。

公开(公告)号：US20150156219A1

公开(公告)日：2015-06-04

申请号：US14620901

申请日：2015-02-12

Applicant: Juniper Networks, Inc.

Inventor： Krishna NARAYANASWAMY ,  Roger A. CHICKERING ,  Steven A. MALMSKOG

IPC: H04L29/06

CPC classification number: H04L63/20 ,  G06F9/45558 ,  G06F9/5077 ,  G06F21/53 ,  G06F21/604 ,  G06F2009/45587 ,  G06F2221/2141 ,  G06F2221/2149 ,  H04L63/10 ,  H04L63/1416 ,  H04L63/1433

Abstract: A system includes a virtual machine (VM) server and a policy engine server. The VM server includes two or more guest operating systems and an agent. The agent is configured to collect information from the two or more guest operating systems. The policy engine server is configured to: receive the information from the agent; generate access control information for a first guest OS, of the two or more guest operating systems, based on the information; and configure an enforcer based on the access control information.

Abstract translation: 系统包括虚拟机（VM）服务器和策略引擎服务器。 VM服务器包括两个或多个客户机操作系统和代理。 代理被配置为从两个或多个客户操作系统收集信息。 策略引擎服务器被配置为：从代理接收信息; 基于所述信息生成所述两个或多个客户操作系统的第一客户操作系统的访问控制信息; 并根据访问控制信息配置执行者。

公开(公告)号：US20190044888A1

公开(公告)日：2019-02-07

申请号：US16146806

申请日：2018-09-28

Applicant: Juniper Networks, Inc.

Inventor： Krishna NARAYANASWAMY ,  Jean-Marc FRAILONG ,  Anjan VENKATRAMANI ,  Srinivasan JAGANNADHAN

IPC: H04L12/931

Abstract: In some embodiments, a non-transitory processor-readable medium stores code representing instructions to be executed by a processor. The code causes the processor to receive, at an edge device, a first data unit having a characteristic. The code causes the processor to identify, at a first time, an identifier of a service module associated with the characteristic in response to each entry from a set of entries within a flow table not being associated with the characteristic. The code causes the processor to define an entry in the flow table associated with the characteristic and the identifier of the service module. The code causes the processor to send the first data unit to the service module. The code causes the processor to receive, at the edge device, a second data unit having the characteristic, and send the second data unit to the service module based on the entry.