公开(公告)号：US12143353B2

公开(公告)日：2024-11-12

申请号：US18308367

申请日：2023-04-27

Applicant: Juniper Networks, Inc.

Inventor： Sangarshan Pillareddy ,  Yuvaraja Mariappan ,  James Nicholas Davey ,  Prasad Miriyala ,  Richard Roberts ,  Margarida Correia ,  Nagendra E S ,  Haji Mohamed Ashraf Ali

IPC: H04L45/745 ,  G06N20/00 ,  H04L12/46 ,  H04L61/103 ,  H04L61/5007 ,  H04L101/622

Abstract: Techniques are described for learning an unknown virtual network information, such as an virtual Internet Protocol (IP) address, of a pod in a virtual network. In some examples, a virtual router executing at a computing device may receive an Address Resolution Protocol (ARP) packet from a virtual execution element in the virtual network, the virtual execution element executing at the computing device. The virtual router may determine, based at least in part on the ARP packet, whether virtual network information for the virtual execution element in a virtual network is known to the virtual router. The virtual router may, in response to determining that the virtual network information of the virtual execution element in the virtual network is not known to the virtual router, perform learning of the virtual network information for the virtual execution element.

公开(公告)号：US12132623B2

公开(公告)日：2024-10-29

申请号：US18356302

申请日：2023-07-21

Applicant: Juniper Networks, Inc.

Inventor： Jeffrey S. Marshall ,  Gurminder Singh ,  Prasad Miriyala ,  Iqlas M. Ottamalika

IPC: H04L43/026

CPC classification number: H04L43/026

Abstract: A method includes subscribing, by an agent, to telemetry flow data from each network device of a plurality of network devices and receiving, by the agent, a plurality of streams of telemetry flow data from the plurality of the network devices. Each of the plurality of streams corresponds to a different one of the plurality of network devices. The method further includes aggregating, by the agent, data from at least one stream of the plurality of streams of the telemetry flow data received over a period of time and, at the end of the period of time and/or when the data from the at least one stream exceeds a data threshold, sending, by the agent, the aggregated telemetry flow data to a network analyzer device.

公开(公告)号：US12107859B2

公开(公告)日：2024-10-01

申请号：US18166893

申请日：2023-02-09

Applicant: Juniper Networks, Inc.

Inventor： Prasad Miriyala ,  Sajeesh Mathew ,  Kannan Varadhan

IPC: H04L9/40 ,  G06F21/62 ,  H04L29/06

CPC classification number: H04L63/101 ,  G06F21/6209 ,  H04L63/20

Abstract: In some examples, an access control policy controller in a computer network may receive a request to create an access control policy that permits a role to perform one or more functions in the computer network. The access control policy controller may determine one or more operations performed on one or more objects in the computer network to perform the one or more functions based at least in part on tracking performance of the one or more functions in the computer network. The access control policy controller may create the access control policy for the role that permits the role to perform the one or more operations on the one or more objects in the computer network.

公开(公告)号：US12101227B2

公开(公告)日：2024-09-24

申请号：US18313131

申请日：2023-05-05

Applicant: Juniper Networks, Inc.

Inventor： Prasad Miriyala ,  FNU Nadeem ,  Sayali Mane ,  Ankur Tandon ,  Sajeesh Mathew ,  Pranav Cherukupalli ,  Khushi Vaidya

IPC: G06F15/173 ,  H04L41/0681 ,  H04L41/0894

CPC classification number: H04L41/0894 ,  H04L41/0681

Abstract: In an example, a validation system comprises processing circuitry having access to a storage device and is configured to obtain flow records indicative of packet flows among workloads deployed to a cluster of one or more computing devices configured with a network policy, wherein each flow record of the flow records indicates a corresponding packet flow was allowed or denied by the cluster; receive an updated network policy; determine whether a corresponding packet flow for a flow record of the flow records has a discrepancy with the updated network policy; and in response to determining the corresponding packet flow for the flow record of the flow records has a discrepancy with the updated network policy, output an indication of an error.

公开(公告)号：US20240154863A1

公开(公告)日：2024-05-09

申请号：US18411207

申请日：2024-01-12

Applicant: Juniper Networks, Inc.

Inventor： Prasad Miriyala ,  Michael Henkel ,  Iqlas M. Ottamalika

IPC: H04L41/0816 ,  H04L41/0853 ,  H04L41/0869

CPC classification number: H04L41/0816 ,  H04L41/0853 ,  H04L41/0869

Abstract: An example application programming interface (API) server device that distributes configuration data to managed network devices includes one or more processing units implemented in circuitry and configured to receive configuration data to be deployed to at least one of the managed network devices; store the configuration data to a configuration database; and send the configuration data to the at least one of the managed network devices. In this manner, the configuration data can be archived for later retrieval and analysis, e.g., to perform root cause analysis in the event of an error.

公开(公告)号：US11902136B1

公开(公告)日：2024-02-13

申请号：US17664174

申请日：2022-05-19

Applicant: Juniper Networks, Inc.

Inventor： Prasad Miriyala ,  Suresh Palguna Krishnan ,  SelvaKumar Sivaraj

IPC: H04L43/0888 ,  H04L43/0894 ,  H04L43/16 ,  H04L43/026

CPC classification number: H04L43/0888 ,  H04L43/026 ,  H04L43/0894 ,  H04L43/16

Abstract: An example network device includes memory, a communication unit, and processing circuitry coupled to the memory and the communication unit. The processing circuitry is configured to receive first samples of flows from an interface of another network device sampled at a first sampling rate and determine a first parameter based on the first samples. The processing circuitry is configured to receive second samples of flows from the interface sampled at a second sampling rate, wherein the second sampling rate is different than the first sampling rate and determine a second parameter based on the second samples. The processing circuitry is configured to determine a third sampling rate based on the first parameter and the second parameter, control the communication unit to transmit a signal indicative of the third sampling rate to the another network device; and receive third samples of flows from the interface sampled at the third sampling rate.

公开(公告)号：US11870642B2

公开(公告)日：2024-01-09

申请号：US17657613

申请日：2022-03-31

Applicant: Juniper Networks, Inc.

Inventor： Prasad Miriyala ,  Rosh Perumpully Ramadass ,  Fnu Nadeem

IPC: H04L12/00 ,  H04L41/0813 ,  H04L45/42 ,  H04L9/40 ,  H04L41/0866 ,  H04L69/00 ,  G06F9/38 ,  G06F9/50 ,  G06F9/54 ,  H04L41/40 ,  H04L41/0803

CPC classification number: H04L41/0813 ,  G06F9/3877 ,  G06F9/505 ,  G06F9/5072 ,  G06F9/541 ,  H04L41/0803 ,  H04L41/0866 ,  H04L41/40 ,  H04L45/42 ,  H04L63/0263 ,  H04L69/03

Abstract: In an example, a method comprises obtaining, by a policy controller from a first SDN architecture system, flow metadata for packet flows exchanged among workloads of a distributed application deployed to the first SDN architecture system; identifying, using flow metadata for a packet flow of the packet flows, a source endpoint workload and a destination endpoint workload of the packet flow; generating a network policy rule to allow packet flows from the source endpoint workload to the destination endpoint workload of the packet flow; and adding the network policy rule to a configuration repository as configuration data for a second SDN architecture system to cause a deployment system to configure the second SDN architecture system with the network policy rule to allow packet flows from the source endpoint workload to the destination endpoint workload when the distributed application is deployed to the second SDN architecture system.

公开(公告)号：US20230362073A1

公开(公告)日：2023-11-09

申请号：US18356302

申请日：2023-07-21

Applicant: Juniper Networks, Inc.

Inventor： Jeffrey S. Marshall ,  Gurminder Singh ,  Prasad Miriyala ,  Iqlas M. Ottamalika

IPC: H04L43/026

CPC classification number: H04L43/026

Abstract: A method includes subscribing, by an agent, to telemetry flow data from each network device of a plurality of network devices and receiving, by the agent, a plurality of streams of telemetry flow data from the plurality of the network devices. Each of the plurality of streams corresponds to a different one of the plurality of network devices. The method further includes aggregating, by the agent, data from at least one stream of the plurality of streams of the telemetry flow data received over a period of time and, at the end of the period of time and/or when the data from the at least one stream exceeds a data threshold, sending, by the agent, the aggregated telemetry flow data to a network analyzer device.

公开(公告)号：US20230164041A1

公开(公告)日：2023-05-25

申请号：US17456105

申请日：2021-11-22

Applicant: Juniper Networks, Inc.

Inventor： Jeffrey S. Marshall ,  Gurminder Singh ,  Prasad Miriyala ,  Iqlas M. Ottamalika

IPC: H04L12/26

CPC classification number: H04L43/026

Abstract: A method includes subscribing, by an agent, to telemetry flow data from each network device of a plurality of network devices and receiving, by the agent, a plurality of streams of telemetry flow data from the plurality of the network devices. Each of the plurality of streams corresponds to a different one of the plurality of network devices. The method further includes aggregating, by the agent, data from at least one stream of the plurality of streams of the telemetry flow data received over a period of time and, at the end of the period of time and/or when the data from the at least one stream exceeds a data threshold, sending, by the agent, the aggregated telemetry flow data to a network analyzer device.

公开(公告)号：US20220210113A1

公开(公告)日：2022-06-30

申请号：US17247957

申请日：2020-12-31

Applicant: Juniper Networks, Inc.

Inventor： Sangarshan Pillareddy ,  Yuvaraja Mariappan ,  James Nicholas Davey ,  Prasad Miriyala ,  Richard Roberts ,  Margarida Correia ,  Nagendra E S ,  Haji Mohamed Ashraf Ali

IPC: H04L29/12 ,  H04L12/46 ,  H04L12/741 ,  G06N20/00

Abstract: Techniques are described for learning an unknown virtual network information, such as an virtual Internet Protocol (IP) address, of a pod in a virtual network. In some examples, a virtual router executing at a computing device may receive an Address Resolution Protocol (ARP) packet from a virtual execution element in the virtual network, the virtual execution element executing at the computing device. The virtual router may determine, based at least in part on the ARP packet, whether virtual network information for the virtual execution element in a virtual network is known to the virtual router. The virtual router may, in response to determining that the virtual network information of the virtual execution element in the virtual network is not known to the virtual router, perform learning of the virtual network information for the virtual execution element.