Juniper Networks Patent Grants

Malware detection system and method for mobile platforms

Granted: February 21, 2017
Patent Number: 9576131
In one example, a management server is configured to provide malware protection for one or more client mobile platforms in communication with the management server via a mobile network. In the example, the management server includes a processor configured to detect malware in the mobile network, select a client mobile platform having a malware scanning agent, and, manage the malware scanning agent of the client mobile platform using a device independent secure management protocol based…

Methods and apparatus for dynamic automated configuration within a control plane of a switch fabric

Granted: February 21, 2017
Patent Number: 9577879
In one embodiment, a method includes receiving a first identifier and a private key after a network device has been included in a data center switch fabric control plane, authenticating the network device based on the private key, sending a second identifier to the network device, and sending a control signal to the network device based on the second identifier. The first identifier is associated with the network device and unique within a segment of the data center switch fabric control…

Automated path re-optimization

Granted: February 21, 2017
Patent Number: 9577925
In general, techniques are described for providing current bandwidth usage information for one or more label switched paths (LSPs) to a path computation element (PCE) to trigger the PCE to dynamically modify a path computation domain of the PCE to manage network traffic within the domain. In some examples, a network router signals an LSP in a packet-switched network according to an allocated bandwidth for the LSP. The network router receives and maps the network packets to the LSP for…

Tiered services in border gateway protocol flow specification

Granted: February 21, 2017
Patent Number: 9577943
A device may receive information, via one or more border gateway protocol messages, identifying a first network traffic service and a second network traffic service. The device may map the information identifying the first network traffic service and the second network traffic service to information identifying a first tier of service for the first network traffic service and a second tier of service for the second network traffic service. The device may perform a first action and a…

Subscriber management using a restful interface

Granted: February 21, 2017
Patent Number: 9578028
A controller provides authentication, authorization, and accounting (AAA) services for a network, the controller comprising a control unit having one or more processors and a Representational State Transfer (REST) interface executed by the control unit to receive application data that specifies an interface method and a resource identifier for a resource, the resource identifier conforming to a subscriber management resource model. The REST interface determines, based on the resource…

Fire prevention in a network device with redundant power supplies

Granted: February 14, 2017
Patent Number: 9568893
A device may include multiple power supplies that are cooled by a system fan. The power supplies may be cross-connected to supply power to one another and the device may monitor temperatures of the power supplies. Based on the temperatures of the power supplies, the device may determine whether any of the power supplies are likely to be on fire. The device may shut off the fan when a power supply is determined to be likely to be on fire.

Efficient power allocation for redundant power supply with system priority

Granted: February 14, 2017
Patent Number: 9568988
This disclosure describes a more efficient and configurable power allocation scheme for redundant power supply (RPS) systems used in network switches. This allocation scheme allows the system owner to assign power from a shared RPS unit to higher priority devices in any network switch in the system. This permits more granularity in assigning the RPS with backup power available to devices such as ports residing within individual switches in a multiple switch network. An efficient power…

Classification of software based on user interface elements

Granted: February 14, 2017
Patent Number: 9569520
A device may receive an instruction to classify software. The device may identify a group of one or more user interfaces associated with the software based on receiving the instruction to classify the software. The device may determine a group of one or more user interface signatures associated with the group of one or more user interfaces. A user interface signature may include information, associated with a user interface in the group of one or more user interfaces, that may be used to…

Deriving control plane connectivity during provisioning of a distributed control plane of a switch

Granted: February 14, 2017
Patent Number: 9571337
System and methods for deriving configuration information of network resources within a dynamically configured, distributed control plane are described. In one embodiment, the present invention can include a network management device that manages virtual network entities, such as virtual switch fabrics, where the network management device hosts a network management module. The network management module is configured to maintain identifiers for the virtual network entities and the control…

Forwarding using maximally redundant trees

Granted: February 14, 2017
Patent Number: 9571387
Network devices can use maximally redundant trees (MRTs) for delivering traffic streams across a network, and for transitioning traffic to a new set of MRTs after a topology change, without dropping traffic. The disclosure describes distributed computation of a set of MRTs from one or more ingress devices to one or more egress devices of the network. In one example, network devices in a network compute a set of MRTs, and establish a set of LSPs along the paths of the set of MRTs. After a…

Separation of control plane functions using virtual machines in network device

Granted: February 14, 2017
Patent Number: 9571388
Techniques are described for separating control plane functions in a network device using virtual machines. The techniques include initializing multiple virtual machine instances in a control unit of a standalone router, and running different control processes for the router in each of the virtual machines. For example, in a root system domain (RSD)-protected system domain (PSD) system, a control unit of the standalone router may support a RSD virtual machine (VM) and one or more PSD VMs…

Tunneled packet aggregation for virtual networks

Granted: February 14, 2017
Patent Number: 9571394
In general, techniques are described for enhancing operations of virtual networks. In some examples, a network system includes a plurality of servers interconnected by a switch fabric comprising a plurality of switches interconnected to form a physical network. Each of the servers comprises an operating environment executing one or more virtual machines in communication via one or more virtual networks. The servers comprise a set of virtual routers configured to extend the virtual…

Packet parsing and control packet classification

Granted: February 14, 2017
Patent Number: 9571396
A system may include receiving a packet, of a packet stream, including control tags in a header portion of the packet and classifying each of the control tags into a category selected from a set of possible categories. The set of possible categories may include an unambiguous interposable (UI) category that is assigned to a control tag that corresponds to an unambiguous parsing interpretation and that is interposable within a sequence of the control tags, and an ambiguous interposable…

Using a firewall filter to select a member link of a link aggregation group

Granted: February 14, 2017
Patent Number: 9571411
A device may store, in a data structure, a set of link identifiers, that identifies a set of member links included in a link aggregation group, in association with a set of packet parameters. The device may receive a network packet. The device may determine a particular packet parameter, of the set of packet parameters, associated with the network packet. The device may route the network packet via a particular member link, of the set of member links, identified by the particular link…

Anti-replay mechanism for group virtual private networks

Granted: February 14, 2017
Patent Number: 9571458
A virtual private network (VPN) device is described that provides a strict anti-replay mechanism for packets in a group VPN. An example first VPN device includes one or more processors, one or more network interfaces configured to receive a packet having an encryption header that includes a group VPN member identifier association with a second VPN device and a sequence number, wherein the first and second VPN devices are members of a group VPN, a data repository configured to store a…

Targeted attack discovery

Granted: February 14, 2017
Patent Number: 9571519
A device may receive usage information, associated with a group of client networks, including particular usage information associated with a particular client network. The device may receive threat information, associated with the group of client networks, including particular threat information associated with the particular client network. The device may determine a baseline based on the usage information. The device may determine a normalization function, associated with the…

Terminating connections and selecting target source devices for resource requests

Granted: February 14, 2017
Patent Number: 9571566
A device receives, from a client device, a request for a resource, and accesses a table that includes one or more items of information. The device compares information provided in the request to the one or more items of information provided in the table, and terminates a connection for the request at the device when the information provided in the request matches at least one of the one or more items of information provided in the table. The device forwards the request to a network when…

Weighted rendezvous hashing

Granted: February 14, 2017
Patent Number: 9571570
A device may be configured to store virtual identifier information indicating virtual identifiers associated with servers. The virtual identifier information may associate a quantity of virtual identifiers with each respective server of the servers based on a weight associated with the respective server. The device may receive an object identifier identifying an object to be processed by at least one of the servers. The device may calculate hash values for the virtual identifiers based…

Usage monitoring control for mobile networks

Granted: February 14, 2017
Patent Number: 9571663
In general, techniques are described for facilitating usage monitoring control in mobile networks. A mobile gateway comprising one or more processors may be configured to perform the techniques. The one or more processors are configured to establish a session by which a mobile device is to access a service, and in response to receiving an indication to activate a charging rule having an incomplete indication to activate usage monitoring with respect to the service provided via the…

Apparatus and method for securely logging boot-tampering actions

Granted: February 7, 2017
Patent Number: 9563774
The disclosed apparatus may include a storage device and a secure counter. The apparatus may also include a tamper-logging component that (1) detects an action that is associated with booting untrusted images from the storage device and, in response to detecting the action, (2) securely logs the action by incrementing the secure counter. Various other apparatuses, systems, and methods are also disclosed.