Juniper Networks Patent Grants

N+1 power supply system upgrade using dual output power supplies

Granted: August 15, 2017
Patent Number: 9735571
A system may include a power module that includes a group of power supplies, particular ones of the group of power supplies being operable at a group of voltages ranging from a first voltage to a second voltage. The system may further include a controller coupled to the particular ones of the group of power supplies, the controller being to ramp up an output voltage, associated with the group of power supplies, from the first voltage to the second voltage in a group of discrete steps;…

Adaptive load balancing for single active redundancy using EVPN designated forwarder election

Granted: August 15, 2017
Patent Number: 9735983
A provider edge (PE) device may receive an indication to perform a designated forwarder (DF) election associated with a network segment that includes the PE device, one or more other PE devices, and a client edge (CE) device. The PE device, the one or more other PE devices, and the CE device may be associated with an Ethernet virtual private network (EVPN) that includes a group of EVPN instances (EVIs). The PE device may perform the DF election in order to determine election information…

Monitoring network management activity

Granted: August 15, 2017
Patent Number: 9736030
A device is configured to receive, from a network device, a first message associated with a network management activity performed by using an application of the network device. The device is further configured to determine whether the first message satisfies a criterion, and to classify the first message based on a type of the application when the first message satisfies the criterion. The device is also configured to receive, from the network device, a second message associated with the…

Variable-based forwarding path construction for packet processing within a network device

Granted: August 15, 2017
Patent Number: 9736036
In general, this disclosure describes techniques for applying, with a network device, subscriber-specific packet processing using an internal processing path that includes service objects that are commonly applied to multiple packet flows associated with multiple subscribers. In one example, a network device control plane creates subscriber records that include, for respective subscribers, one or more variable values that specify service objects as well as an identifier for a packet…

Managing routing information in a hub-and-spokes network

Granted: August 8, 2017
Patent Number: 9729451
In general, techniques are described for managing routing information in a hub-and-spoke network in a manner that reduces flooding of link information. A hub router of the hub-and-spoke network including a memory and a processor may perform the techniques. The memory may be configured to store a representation of a topology of the hub-and-spoke network. The processor may be configured to utilize a separate instance of a multi-instance version of a link state protocol to communicate with…

Multi-protocol label switching rings

Granted: August 8, 2017
Patent Number: 9729455
Techniques are described for specifying and constructing multi-protocol label switching (MPLS) rings. Routers may signal membership within MPLS rings and automatically establish ring-based label switch paths (LSPs) as components of the MPLS rings for packet transport within ring networks. In one example, a router includes a processor configured to establish an MPLS ring having a plurality of ring LSPs. Each of the ring LSPs is configured to transport MPLS packets around the ring network…

Remote remediation of malicious files

Granted: August 8, 2017
Patent Number: 9729572
A device may determine that a file of a client device is a malicious file. The device may obtain remote access to the client device using a connection tool. The connection tool may provide access and control of the client device. The remote access may include access to a file location of the malicious file. The device may determine file information associated with the malicious file using the remote access to the client device. The device may select one or more remediation actions based…

Dynamically optimizing performance of a security appliance

Granted: August 1, 2017
Patent Number: 9721096
A device may identify a set of features associated with the unknown object. The device may determine, based on inputting the set of features into a threat prediction model associated with a set of security functions, a set of predicted threat scores. The device may determine, based on the set of predicted threat scores, a set of predicted utility values. The device may determine a set of costs corresponding to the set of security functions. The device may determine a set of predicted…

Detecting and preventing man-in-the-middle attacks on an encrypted connection

Granted: August 1, 2017
Patent Number: 9722801
A client device may provide, to a host device, a request to access a website associated with a host domain. The client device may receive, based on the request, verification code that identifies a verification domain and a resource, associated with the verification domain, to be requested to verify a public key certificate. The verification domain may be different from the host domain. The client device may execute the verification code, and may request the resource from the verification…

Methods and apparatus for path selection within a network based on flow duration

Granted: July 25, 2017
Patent Number: 9716661
In some embodiments, an apparatus includes a forwarding module that is configured to receive a group of first data packets. The forwarding module is configured to modify a data flow value in response to receiving each first data packet. The forwarding module is also configured to store each first data packet in a first output queue based on the data flow value not crossing a data flow threshold after being modified. Furthermore, the forwarding module is configured to receive a second…

Multi-chassis switch having a modular center stage chassis

Granted: July 25, 2017
Patent Number: 9716669
A system may comprise a first group of switches, each switch including a first group of inputs and outputs, and a first group of controllers, each controller being independent from one another and corresponding to a switch of the first group of switches, to selectively control the switch to connect the switch's inputs with outputs. The first group of switches and controllers may be installed in a chassis. The system may comprise a second group of switches, each switch including a second…

Dynamic logging

Granted: July 18, 2017
Patent Number: 9710762
In general, techniques are described for dynamically modifying the extent of logging performed by logging information generators in response to events detected in logging information received by the collector. In some examples, a network device includes one or more processors and a collector executed by the processors to receive a log message that includes logging information from a generator. The network device also includes a rules engine to apply one or more rules that each specify a…

Network services resource management

Granted: July 18, 2017
Patent Number: 9712374
In general, the invention is directed to techniques for scheduling resource access within an intermediate network device. For example, as described herein, a device receives packets for a plurality of sessions that include application-layer data for the sessions. The device determines a weight for each of the plurality of sessions and, during periods of resource congestion, selects one or more sessions for additional resource allocation based on the respective weights of the sessions.…

Point-to-multipoint path computation for wide area network optimization

Granted: July 18, 2017
Patent Number: 9712447
In some examples, a controller for a network includes a path computation module configured for execution by one or more processors to obtain configuration information for at least one point-to-multipoint label switched path (P2MP LSP); obtain, from the network via at least one protocol, network topology information defining a network topology for the network; determine, based on the network topology, a first solution comprising first respective paths through the network for the at least…

Identifying applications for intrusion detection systems

Granted: July 18, 2017
Patent Number: 9712490
An intrusion detection system (“IDS”) device is described that includes a flow analysis module to receive a first packet flow from a client and to receive a second packet flow from a server. The IDS includes a forwarding component to send the first packet flow to the server and the second packet flow to the client and a stateful inspection engine to apply one or more sets of patterns to the first packet flow to determine whether the first packet flow represents a network attack. The…

PCIe-based host network accelerators (HNAS) for data center overlay network

Granted: July 11, 2017
Patent Number: 9703743
A high-performance, scalable and drop-free data center switch fabric and infrastructure is described. The data center switch fabric may leverage low cost, off-the-shelf packet-based switching components (e.g., IP over Ethernet (IPoE)) and overlay forwarding technologies rather than proprietary switch fabric. In one example, host network accelerators (HNAs) are positioned between servers (e.g., virtual machines or dedicated servers) of the data center and an IPoE core network that…

Mitigating an effect of a downstream failure in an automatic transfer switching system

Granted: July 11, 2017
Patent Number: 9705337
A system may comprise a first switch connected to an output of a first power source, a second switch connected to an output of a second power source, a first sensor connected to an output of the first switch, a second sensor connected to an output of the second switch, a third switch connected to the first sensor and the second sensor and connected to a load, and a control device connected to the first switch, the second switch, the first sensor, the second sensor, and the third switch.

Service latency monitoring using two way active measurement protocol

Granted: July 11, 2017
Patent Number: 9705769
A device may establish a communication session, with a client device, for monitoring a latency of a service. The device may receive, from the client device, a request for a monitored service list. The monitored service list may identify one or more services for which service latency monitoring is supported. The device may provide, to the client device, the monitored service list. The device may receive, from the client device, a service latency monitoring session request that may…

Multi-topology resource scheduling within a computer network

Granted: July 11, 2017
Patent Number: 9705781
In general, techniques are described for dynamically scheduling and establishing paths in a multi-layer, multi-topology network to provide dynamic network resource allocation and support packet flow steering along paths prescribed at any layer or combination of layers of the network. In one example, a multi-topology path computation element (PCE) accepts requests from client applications for dedicated paths. The PCE receives topology information from network devices and attempts to…

Bit index explicit replication (BIER)forwarding for network device components

Granted: July 11, 2017
Patent Number: 9705784
A network device receives multicast packets that include information identifying destinations in the network, identifies next hops associated with the destinations, and populates a cache with the destinations and addresses of the identified next hops. The network device receives a particular multicast packet that includes information identifying particular destinations included in the cache, identifies one or more next hops for the particular destinations from the cache, and forwards the…