Juniper Networks Patent Grants

Using a public key infrastructure for automatic device configuration

Granted: March 21, 2017
Patent Number: 9600302
A device may receive a digital voucher, a customer certificate, and configuration information for automatically configuring the device. The digital voucher may include a first customer identifier that identifies a customer associated with the device and a device identifier that identifies the device. The customer certificate may include a second customer identifier that identifies the customer and a customer public key associated with the customer. The configuration information may…

Rendezvous point link resiliency for bidirectional protocol independent multicast (PIM-BIDIR)

Granted: March 21, 2017
Patent Number: 9602294
Techniques provide rendezvous point link (RPL) resiliency for bidirectional protocol independent multicast (PIM-BIDIR) in a computer network. According to the techniques, when two or more RPL partitions have a same RPL subnet, routers on the RPL subnet are configured to elect an active RPL partition that will function as a RPL. The routers on any inactive RPL partitions may then treat the inactive RPL partitions as regular links in the RPL subnet and build a route to the active RPL…

Applications-aware targeted LDP sessions

Granted: March 21, 2017
Patent Number: 9602354
In general, the disclosure relates to techniques for initiating a targeted LDP session in a manner that includes information specifying one or more application for which a targeted LDP session is being initiated. In one example, a method includes receiving, by a network device, a LDP initialization message to initiate an Label Distribution Protocol (LDP) session with a peer network device, the LDP initialization message including a Targeted Applications Capability (TAC) field specifying…

Network topology optimization

Granted: March 21, 2017
Patent Number: 9602387
In some examples, a controller for a multi-layer network comprising a network layer and an underlying transport layer is configured to obtain abstract link data describing a plurality of candidate links; determine, based at least on the abstract link data, a first solution comprising a network topology for the network layer that includes a first selected subset of the candidate links; determine, after generating a modified network topology based at least on the network topology and the…

Data center architecture utilizing optical switches

Granted: March 21, 2017
Patent Number: 9602434
Embodiments of the invention describe flexible (i.e., elastic) data center architectures capable of meeting exascale, while maintaining low latency and using reasonable sizes of electronic packet switches, through the use of optical circuit switches such as optical time, wavelength, waveband and space circuit switching technologies. This flexible architecture enables the reconfigurability of the interconnectivity of servers and storage devices within a data center to respond to the…

Methods and apparatus for flow control associated with a switch fabric

Granted: March 21, 2017
Patent Number: 9602439
In some embodiments, an apparatus includes a switch fabric having at least a first switch stage and a second switch stage, an edge device operatively coupled to the switch fabric and a management module. The edge device is configured to send a first portion of a data stream to the switch fabric such that the first portion of the data stream is received at a queue of the second switch stage of the switch fabric via the first switch stage of the switch fabric. The management module is…

Managing TCP anycast requests

Granted: March 21, 2017
Patent Number: 9602591
Managing TCP anycast requests at content delivery network nodes is disclosed. In some embodiments, serving a request includes receiving a request at a node of a plurality of nodes comprising a content delivery network, wherein each of the plurality of nodes share a same anycast IP address to which the request is directed and servicing the request at the node.

Usage monitoring control for mobile networks

Granted: March 21, 2017
Patent Number: 9602675
In general, techniques are described for facilitating usage monitoring control in mobile networks. A mobile gateway comprising one or more processors and a memory may be configured to perform the techniques. The one or more processors may be configured to transmit a usage monitoring report indicative of usage of a service provided via a session for which usage monitoring was previously activated. The memory may be configured to store a monitoring key that was configured as a result of…

Apparatus, system, and method for improving the energy efficiency of routers

Granted: March 14, 2017
Patent Number: 9594423
The disclosed apparatus may include a set of router components that are consuming electrical power in connection with a router that facilitates network traffic within a network. The apparatus may also include a power-optimization unit communicatively coupled to the set of router components. The power-optimization unit may detect at least one router component included in the set of router components that is not currently being used by the router to facilitate the network traffic within…

Online network device diagnostic monitoring and fault recovery system

Granted: March 14, 2017
Patent Number: 9594621
An online network device monitoring and recovery system generates, based at least in part on a schema that describes entities included in a network device, a software entity profile of entity object instances that represent the entities included in the network device, the entities including both hardware components and interfaces between the hardware components. The system registers the software entity profile to one or more proxies implemented on the network device. The system receives…

Pluggable module for signal relay between communication cards

Granted: March 14, 2017
Patent Number: 9594716
Techniques are described for an electronic device in which a communication plane having a plurality of slots for receiving communication cards further includes an interface for receiving a pluggable module that operates to relay signals within the communication plane. The electronic device includes a plurality of removable communication cards and a communication plane having slots for receiving the plurality of removable communication cards. The electronic device also includes the…

Internet protocol virtual private network service performance monitoring

Granted: March 14, 2017
Patent Number: 9596167
An example router includes a control unit configured to receive virtual private network (VPN) routing and forwarding table (VRF) configuration data defining a VRF for a VPN and VPN address space for the VPN, receive configuration data defining a measurement endpoint for measuring performance of a layer 3 (L3) service and associating the measurement endpoint with a remote measurement endpoint of a remote router. The control unit is configured to encapsulate, to generate a flow measurement…

Dynamic control channel establishment for software-defined networks having centralized control

Granted: March 14, 2017
Patent Number: 9596169
Dynamic control channel establishment for an access network is described in which a centralized controller provides seamless end-to-end service from a core-facing edge of a network to access nodes. For example, a method includes receiving, by the centralized controller, a discover message originating from a network node, which includes an intermediate node list that specifies a plurality of network nodes the discover message traversed from the network node to an edge node, determining,…

Optimizing private virtual local area networks (VLANS)

Granted: March 14, 2017
Patent Number: 9596179
A network device is provided in a private virtual local area network (VLAN). The network device receives a packet on one of multiple private VLAN ports of the network device, and assigns a classified VLAN signature to the packet. The network device also assigns a primary VLAN signature to the packet, and stores a media access control (MAC) address and the classified VLAN signature of the packet in a single MAC address table.

Two stage bloom filter for longest prefix match

Granted: March 14, 2017
Patent Number: 9596181
A device may receive a packet that includes a destination address. The device may analyze a first Bloom filter, based on the destination address, in order to identify a prefix range entry associated with the destination address and included in a set of prefix range entries associated with the first Bloom filter. The device may analyze a second Bloom filter, based on the destination address and the identified prefix range entry, in order to identify a prefix length entry associated with…

Cloud based customer premises equipment

Granted: March 14, 2017
Patent Number: 9596211
Network (cloud) based customer premises equipment may receive, over a broadband access circuit, layer 2 traffic from an access device at a customer premises; provide dynamic host configuration protocol (DHCP) services for computing devices at the customer premises, the DHCP services providing Internet Protocol (IP) addresses to the computing devices at the customer premises; and provide network address translation (NAT) services for the computing devices at the customer premises.

Partitioning a filter to facilitate filtration of packets

Granted: March 14, 2017
Patent Number: 9596215
A method may include obtaining a match vector that indicates one or more filter rules that are potentially applicable to a packet. The method may include partitioning the match vector into a plurality of segments. The method may include generating a summary vector that identifies one or more portions of the match vector that include one or more match bits. A match bit may indicate one of the one or more filter rules that is potentially applicable to the packet. The method may include…

Preserving an authentication state by maintaining a virtual local area network (VLAN) association

Granted: March 14, 2017
Patent Number: 9596241
A method may include detecting a presence of a first server device; communicating, with the first server device, to obtain information associated with the first server device; sending, to a second server device, a request for authentication services, where the request includes the information associated with the first server device; receiving, from the second server device, a notification that the first server device has been authenticated, where the notification includes a session…

Security enforcement in virtualized systems

Granted: March 14, 2017
Patent Number: 9596268
A system includes a virtual machine (VM) server and a policy engine server. The VM server includes two or more guest operating systems and an agent. The agent is configured to collect information from the two or more guest operating systems. The policy engine server is configured to: receive the information from the agent; generate access control information for a first guest OS, of the two or more guest operating systems, based on the information; and configure an enforcer based on the…

Dynamic network device processing using external components

Granted: March 14, 2017
Patent Number: 9596318
A network device may receive information regarding a service set identifying service to apply to a data flow received via a particular interface of the network device; receive the data flow via the particular interface; identify a service to provide to the data flow based on the information regarding the service set; identify a processing device to process the data flow; and provide the data flow to the processing device. The processing device may be different than the network device and…