公开(公告)号：US11968232B2

公开(公告)日：2024-04-23

申请号：US17643246

申请日：2021-12-08

Applicant: Juniper Networks, Inc.

Inventor： Manish Talwar ,  Ronald Bonica ,  Ajay Kachrani

IPC: H04L29/06 ,  H04L9/40 ,  H04L45/30 ,  H04L47/17 ,  H04L12/46 ,  H04L12/66 ,  H04L47/28

CPC classification number: H04L63/18 ,  H04L45/30 ,  H04L47/17 ,  H04L63/162

Abstract: In some implementations, a network device may determine, based on a routing table, a plurality of routing paths from the network device to another network device, wherein the plurality of routing paths are respectively associated with a plurality of security classifications. The network device may receive network traffic that is destined for the other network device and that is associated with a particular security classification of the plurality of security classifications. The network device may forward the network traffic based on a particular routing path, of the plurality of routing paths, that is associated with the other network device and the particular security classification.

公开(公告)号：US20220103473A1

公开(公告)日：2022-03-31

申请号：US17032450

申请日：2020-09-25

Applicant: Juniper Networks, Inc.

Inventor： Manish Talwar ,  Ajay Kachrani ,  Gert Grammel ,  Hao Wang ,  Tanweer Biswas

IPC: H04L12/741 ,  H04L12/751 ,  H04L29/06

Abstract: Disclosed embodiments utilize a layer three and/or layer four protocol to collect physical layer properties along a multi-hop network path between a source node and a destination node. The use of a layer three or layer four protocol provides an ability to span multiple links or networks between the source node and destination node, while also collecting the physical layer properties. Once physical layer properties along a network path can be understood, decisions relating to the configuration of the network path and/or whether to communicate via the network path are improved.

公开(公告)号：US11882029B2

公开(公告)日：2024-01-23

申请号：US17663319

申请日：2022-05-13

Applicant: Juniper Networks, Inc.

Inventor： Tarek Saad ,  Manish Talwar ,  Raveendra Torvi ,  Ajay Kachrani ,  Kireeti Kompella

IPC: H04L45/50 ,  H04L45/00 ,  H04L69/22 ,  H04L9/40

CPC classification number: H04L45/50 ,  H04L45/66 ,  H04L63/0464 ,  H04L63/061 ,  H04L69/22

Abstract: In some implementations, an ingress network device of a multiprotocol label switching (MPLS) network may receive a packet destined for a destination network device. The ingress network device may determine, based on the packet, a secure function to secure the packet and a label associated with a label-switched path (LSP) from the ingress network device to an egress network device of the MPLS network that is associated with the destination network device. The ingress network device may encrypt, using the secure function, the packet to generate an encrypted packet. The ingress network device may generate an MPLS packet comprising: an MPLS header that includes the label and a secure function indicator, a secure MPLS data header that includes information identifying the secure function, and an MPLS payload that includes the encrypted packet. The ingress network device may forward, based on the label, the MPLS packet.

公开(公告)号：US11336647B2

公开(公告)日：2022-05-17

申请号：US17038222

申请日：2020-09-30

Applicant: Juniper Networks, Inc.

Inventor： Manish Talwar ,  Ajay Kachrani ,  Gert Grammel ,  Hao Wang ,  Tanweer Biswas

IPC: H04L29/06 ,  H04L65/1069 ,  H04L101/622 ,  H04L41/0604 ,  H04L45/00 ,  H04L43/16

Abstract: Embodiments improve error detection and recovery in media access control security sessions. A MACsec session is torn down after three liveness time intervals elapse without receiving a MACsec key exchange protocol data unit (MKPDU) from a remote peer. This delay between a cessation of effective network communication over the MACsec session and the expiration of the three “liveness” intervals results in increased packet loss and an increased network convergence time as a network continues to route/forward data over the MACsec session for a period of time after the MACsec session has entered secure block mode. To solve this problem, embodiments define a new alarm, called a MACsec link alert, which is raised earlier than a MACsec session timeout generated by traditional embodiments. The MACsec link alert is raised, by at least some embodiments, after a failure to successfully receive an MKPDU from the remote peer after a single MACsec “liveness” timeout interval elapses.

公开(公告)号：US12034638B2

公开(公告)日：2024-07-09

申请号：US17752096

申请日：2022-05-24

Applicant: Juniper Networks, Inc.

Inventor： Manish Talwar ,  Ajay Kachrani ,  Gert Grammel ,  Hao Wang ,  Tanweer Biswas

IPC: H04L45/74 ,  H04L9/40 ,  H04L45/02 ,  H04L69/164 ,  H04L69/22

CPC classification number: H04L45/74 ,  H04L45/02 ,  H04L63/0485 ,  H04L69/164 ,  H04L69/22

Abstract: Disclosed embodiments utilize a layer three and/or layer four protocol to collect physical layer properties along a multi-hop network path between a source node and a destination node. The use of a layer three or layer four protocol provides an ability to span multiple links or networks between the source node and destination node, while also collecting the physical layer properties. Once physical layer properties along a network path can be understood, decisions relating to the configuration of the network path and/or whether to communicate via the network path are improved.

公开(公告)号：US10257102B1

公开(公告)日：2019-04-09

申请号：US15720472

申请日：2017-09-29

Applicant: Juniper Networks, Inc.

Inventor： Ajay Kachrani ,  Manish Talwar ,  Elmer Tolentino ,  Rathi Kartheek ,  Hao Wang

IPC: H04L12/823 ,  H04L1/20 ,  H04B10/40

CPC classification number: H04L47/32 ,  H04B10/40 ,  H04B10/5057 ,  H04L1/203 ,  H04L41/0659 ,  H04L43/0847 ,  H04L43/10 ,  H04Q2011/0079

Abstract: In some embodiments, an apparatus comprises an optical transponder which includes a processor, an electrical interface and an optical interface. The processor is operatively coupled to the electrical interface and the optical interface. The optical interface is configured to be operatively coupled to a plurality of optical links and the electrical interface is configured to be operatively coupled to a router such that the optical transponder is configured to be operatively coupled between the plurality of optical links and the router. The processor is configured to perform pre-forward error correction (FEC) bit error rate (BER) detection to identify a degradation of an optical link from the plurality of optical links. The processor is configured to make modifications to packets designated to be transmitted via the optical link in response to the degradation being identified such that the router is notified of the degradation of the optical link.

公开(公告)号：US10735333B2

公开(公告)日：2020-08-04

申请号：US16283331

申请日：2019-02-22

Applicant: Juniper Networks, Inc.

Inventor： Ajay Kachrani ,  Manish Talwar ,  Elmer Tolentino ,  Rathi Kartheek ,  Hao Wang

IPC: H04L12/823 ,  H04L1/20 ,  H04B10/40 ,  H04B10/50 ,  H04L12/24 ,  H04L12/26 ,  H04Q11/00 ,  H04B10/079 ,  H04B10/032

Abstract: In some embodiments, an apparatus comprises an optical transponder which includes a processor, an electrical interface and an optical interface. The processor is operatively coupled to the electrical interface and the optical interface. The optical interface is configured to be operatively coupled to a plurality of optical links and the electrical interface is configured to be operatively coupled to a router such that the optical transponder is configured to be operatively coupled between the plurality of optical links and the router. The processor is configured to perform pre-forward error correction (FEC) bit error rate (BER) detection to identify a degradation of an optical link from the plurality of optical links. The processor is configured to make modifications to packets designated to be transmitted via the optical link in response to the degradation being identified such that the router is notified of the degradation of the optical link.

公开(公告)号：US10425345B2

公开(公告)日：2019-09-24

申请号：US15720472

申请日：2017-09-29

Applicant: Juniper Networks, Inc.

Inventor： Ajay Kachrani ,  Manish Talwar ,  Elmer Tolentino ,  Rathi Kartheek ,  Hao Wang

IPC: H04L12/823 ,  H04L1/20 ,  H04B10/40 ,  H04L12/26 ,  H04Q11/00

Abstract: In some embodiments, an apparatus comprises an optical transponder which includes a processor, an electrical interface and an optical interface. The processor is operatively coupled to the electrical interface and the optical interface. The optical interface is configured to be operatively coupled to a plurality of optical links and the electrical interface is configured to be operatively coupled to a router such that the optical transponder is configured to be operatively coupled between the plurality of optical links and the router. The processor is configured to perform pre-forward error correction (FEC) bit error rate (BER) detection to identify a degradation of an optical link from the plurality of optical links. The processor is configured to make modifications to packets designated to be transmitted via the optical link in response to the degradation being identified such that the router is notified of the degradation of the optical link.

公开(公告)号：US12244493B2

公开(公告)日：2025-03-04

申请号：US18531947

申请日：2023-12-07

Applicant: Juniper Networks, Inc.

Inventor： Tarek Saad ,  Manish Talwar ,  Raveendra Torvi ,  Ajay Kachrani ,  Kireeti Kompella

IPC: H04L45/50 ,  H04L9/40 ,  H04L45/00 ,  H04L69/22

Abstract: In some implementations, an egress network device of a multiprotocol label switching (MPLS) network may exchange Internet key exchange (IKE) messages with an ingress network device of the MPLS network to establish a security association between the egress network device and the ingress network device. The egress network device may receive an MPLS packet that includes an MPLS header, a secure MPLS data header, and an MPLS payload. The egress network device may process the MPLS header to determine a label associated with a label-switched path (LSP) and a secure function indicator. The egress network device may decrypt, using a secure function identified based on the secure MPLS data header, the MPLS payload to generate a decrypted packet. The egress network device may transmit the decrypted packet towards a destination device.

公开(公告)号：US12056000B1

公开(公告)日：2024-08-06

申请号：US17652549

申请日：2022-02-25

Applicant: Juniper Networks, Inc.

Inventor： Jerry Kawata ,  Manish Talwar ,  Avanthi Boyapati ,  Ajay Kachrani ,  Gert Grammel ,  Manjunath Ramappa Tahasildar ,  Harshit Sharma

IPC: G06F11/00 ,  G06F11/07 ,  G06F11/30 ,  G06F11/34

CPC classification number: G06F11/079 ,  G06F11/0793 ,  G06F11/3075 ,  G06F11/3476

Abstract: In some implementations, a device may obtain a log file that includes a plurality of log entries. The device may identify a sequence of log entries, of the plurality of log entries, that are associated with a resource. The device may process the sequence of log entries to generate a sequence of log templates. The device may process the sequence of log templates to identify an anomaly associated with the sequence of log templates. The device may determine, based on the anomaly associated with the sequence of log templates, an anomaly associated with the sequence of log entries. The device may perform, based on the anomaly associated with the sequence of log entries, one or more actions.