公开(公告)号：US09778944B1

公开(公告)日：2017-10-03

申请号：US14940302

申请日：2015-11-13

Applicant: Juniper Networks, Inc.

Inventor： Siva Madasamy ,  Chirag Wighe

IPC: G06F9/455 ,  G06F9/50

CPC classification number: G06F9/45533 ,  G06F9/4401 ,  G06F9/45558 ,  G06F9/5077 ,  G06F2009/45562 ,  G06F2009/45575

Abstract: A device may receive an indication to perform a reboot associated with a network service provided via a first virtual machine (VM) of the device and a first container of the device. The device may create a second VM with a boot mode enabled and a second container with the boot mode enabled. The boot mode, while enabled on the second VM, may prevent the second VM from communicating with the first container. The boot mode, while enabled on the second container, may prevent the second container from communicating with the first VM. The device may shut down the first container. The device may disable, after shutting down the first container, the boot mode on the second VM. The device may disable the boot mode on the second container. The device may cause the network service to be provided by the second container and the second VM.

公开(公告)号：US09674193B1

公开(公告)日：2017-06-06

申请号：US13954311

申请日：2013-07-30

Applicant: Juniper Networks, Inc.

Inventor： Siva Madasamy

IPC: H04L12/24 ,  H04L29/08 ,  H04L29/14 ,  G06F11/20 ,  H04L29/06 ,  H04L12/26

CPC classification number: H04L63/10 ,  G06F11/2025 ,  G06F11/2028 ,  G06F21/10 ,  G06F21/606 ,  G06F21/6218 ,  G06F2221/2135 ,  G06F2221/2137 ,  G06F2221/2141 ,  H04L12/2668 ,  H04L12/2671 ,  H04L41/0654 ,  H04L41/0663 ,  H04L41/0668 ,  H04L63/101 ,  H04L67/1034 ,  H04L69/40 ,  H04W12/08 ,  H04W88/08

Abstract: An apparatus includes an aggregation module that is associated with a first network core and that is operatively coupled to a second network core and a third network core. The aggregation module is configured to receive a first copy of an access point license that authorizes access to a network via an access point and the second network core. The aggregation module receives the first copy of the access point license from the second network core in response to an installation and validation of the access point license on the second network core. The aggregation module is configured to send a second copy of the access point license to the third network core that authorizes a device to access the network via the access point and via the third network core in accordance with the access point license and in response to a failure of the second network core.

公开(公告)号：US09256416B1

公开(公告)日：2016-02-09

申请号：US13852602

申请日：2013-03-28

Applicant: JUNIPER NETWORKS, INC.

Inventor： Murali Vemula ,  Siva Madasamy ,  Srihari Ramachandra ,  Pradeep Kudethur

IPC: G06F9/445

CPC classification number: G06F8/61 ,  G06F8/62

Abstract: In some embodiments, a method includes installing at an access point that (1) includes a first software image and (2) is operatively coupled to a network controller via network, a second software image different from the first software image. The method includes defining in response to the installation, a virtual client disposed in the access point. The virtual client is configured to send to the network controller via the network a first validation data unit that causes the network controller to send a second validation data unit to the access point if the first validation data unit is received by the network controller. The method also includes installing at the access point that includes the second software image, the first software image and uninstalling the second software image if the access point does not receive the second validation data unit in response to the first validation data unit.

Abstract translation: 在一些实施例中，一种方法包括在接入点处安装（1）包括第一软件映像，以及（2）经由网络可操作地耦合到网络控制器，第二软件映像与第一软件映像不同。 所述方法包括响应于所述安装来定义设置在所述接入点中的虚拟客户端。 虚拟客户端被配置为经由网络向网络控制器发送第一验证数据单元，其使得网络控制器在网络控制器接收到第一验证数据单元时将第二验证数据单元发送到接入点。 该方法还包括在接入点处安装包括第二软件映像的接入点，第一软件映像，并且如果接入点响应于第一验证数据单元没有接收到第二验证数据单元，则卸载第二软件映像。

公开(公告)号：US10732961B1

公开(公告)日：2020-08-04

申请号：US15829893

申请日：2017-12-02

Applicant: Juniper Networks, Inc.

Inventor： Siva Madasamy ,  Shyamshankar Dharmarajan

IPC: G06F9/44 ,  G06F8/656 ,  G06F8/658 ,  H04L12/24

Abstract: A disclosed method may include (1) identifying an old version of software that is running on a network device, (2) receiving a new version of the software that is to replace the old version of the software during an in-service software upgrade, and then (3) performing the in-service software upgrade on the network device by making a system call that (A) loads the new version of the software onto the network device as the old version of the software continues to run and (B) transfers control of the network device from the old version of the software to the new version of the software by booting the new version of the software without shutting down the network device. Various other systems and methods are also disclosed.

公开(公告)号：US10567345B2

公开(公告)日：2020-02-18

申请号：US15907412

申请日：2018-02-28

Applicant: Juniper Networks, Inc.

Inventor： Chirag Wighe ,  Siva Madasamy

IPC: H04L29/06

Abstract: A device may receive a firewall filter entry that includes one or more match conditions associated with filtering network traffic. The device may identify an access control list (ACL) template associated with the firewall filter entry. The ACL template may be associated with a template type. The device may identify one or more rules, for verifying the firewall filter entry, based on the template type associated with the ACL template. The device may verify the firewall filter entry using the one or more rules. The device may determine a hardware resource, for storing the firewall filter entry, based on the template type and based on verifying the firewall filter entry. The device may store the firewall filter entry using the hardware resource of the device.

公开(公告)号：US10164795B1

公开(公告)日：2018-12-25

申请号：US14193422

申请日：2014-02-28

Applicant: Juniper Networks, Inc.

Inventor： Siva Madasamy ,  Yafan An

IPC: H04L12/46 ,  H04L12/741

Abstract: In some embodiments, a method includes defining, by a processor included in a first node, a virtual-extensible-local-area-network (VXLAN) tunnel between the first node included in a first layer-two network, and a second node included in a second layer-two network, the VXLAN tunnel traversing at least one node of a layer-three network. The method includes receiving, at the first node, a layer-two data unit that is sent from a third node included in the first layer-two network, to a fourth node included in the second layer-two network. The method includes encapsulating, at the first node, the layer-two data unit to define an encapsulated data unit that includes a VXLAN header. The method includes sending the encapsulated packet from the first node towards the fourth node via the VXLAN tunnel.

公开(公告)号：US20180191683A1

公开(公告)日：2018-07-05

申请号：US15907412

申请日：2018-02-28

Applicant: Juniper Networks, Inc.

Inventor： Chirag Wighe ,  Siva Madasamy

IPC: H04L29/06

CPC classification number: H04L63/0263 ,  H04L63/101

Abstract: A device may receive a firewall filter entry that includes one or more match conditions associated with filtering network traffic. The device may identify an access control list (ACL) template associated with the firewall filter entry. The ACL template may be associated with a template type. The device may identify one or more rules, for verifying the firewall filter entry, based on the template type associated with the ACL template. The device may verify the firewall filter entry using the one or more rules. The device may determine a hardware resource, for storing the firewall filter entry, based on the template type and based on verifying the firewall filter entry. The device may store the firewall filter entry using the hardware resource of the device.

公开(公告)号：US09912639B1

公开(公告)日：2018-03-06

申请号：US14980232

申请日：2015-12-28

Applicant: Juniper Networks, Inc.

Inventor： Chirag Wighe ,  Siva Madasamy

IPC: G06F15/16 ,  H04L29/06

CPC classification number: H04L63/0263 ,  H04L63/101

Abstract: A device may receive a firewall filter entry that includes one or more match conditions associated with filtering network traffic. The device may identify an access control list (ACL) template associated with the firewall filter entry. The ACL template may be associated with a template type. The device may identify one or more rules, for verifying the firewall filter entry, based on the template type associated with the ACL template. The device may verify the firewall filter entry using the one or more rules. The device may determine a hardware resource, for storing the firewall filter entry, based on the template type and based on verifying the firewall filter entry. The device may store the firewall filter entry using the hardware resource of the device.

公开(公告)号：US08943490B1

公开(公告)日：2015-01-27

申请号：US13631752

申请日：2012-09-28

Applicant: Juniper Networks, Inc.

Inventor： Amit Jain ,  Rajagopalan Sivaramakrishnan ,  Abhiman Yashpala Karkera ,  Siva Madasamy

IPC: G06F9/45

CPC classification number: G06F8/65 ,  H04Q3/54516

Abstract: In general, techniques are described for performing a controlled non-stop software upgrade (NSSU) of a network device. In some examples, a method includes receiving, by a first network device included in a virtual network device, a non-stop software upgrade (NSSU) request. The first network device is communicatively coupled to each of a computing device and a second network device. The method includes, in response to receiving the NSSU request, forwarding to the second network device, network packets that are received at the first network device and destined to the computing device. The method also includes sending a message to the computing device that instructs the computing device to stop sending network packets to the first network device. The method includes updating one or more software components within the first network device, after sending the message to the computing device and based at least in part on the NSSU request.

Abstract translation: 通常，描述了用于执行网络设备的受控不间断软件升级（NSSU）的技术。 在一些示例中，一种方法包括由虚拟网络设备中包括的第一网络设备接收不间断软件升级（NSSU）请求。 第一网络设备通信地耦合到计算设备和第二网络设备中的每一个。 所述方法包括：响应于接收到所述NSSU请求，向所述第二网络设备转发在所述第一网络设备处接收并发往所述计算设备的网络分组。 该方法还包括向计算设备发送指示计算设备停止向第一网络设备发送网络分组的消息。 该方法包括在将消息发送到计算设备之后至少部分地基于NSSU请求来更新第一网络设备内的一个或多个软件组件。