Juniper Networks Patent Grants

Maintaining user identity associated with access to network resources using virtual machines

Granted: May 23, 2017
Patent Number: 9658872
The identity of a user of a computerized system is maintained by operating a virtual machine used only by the user, such that logged actions made by the virtual machine can be associated with the user, wherein the user is not otherwise directly identified by the virtual machine. Information requests made from the virtual machine to a specific resource may be logged to enable tracking and auditing of resource access by the user. The virtual machine is managed by an access device to a data…

Path computation delay timer in multi-protocol label switched networks

Granted: May 23, 2017
Patent Number: 9660860
In general, techniques are described for a path computation delay timer for multi-protocol label switched networks. As an example, an ingress network device configured to act as an ingress for a label switched path (LSP) may perform the techniques. The ingress network device comprises an interface and a processor. The interface may receive a message indicating an error along the LSP. The processor may delay an operation performed to configure a replacement LSP to be used in place of the…

Readiness detection for data plane configuration of label-switched paths

Granted: May 23, 2017
Patent Number: 9660866
Techniques are described for generating a No-Acknowledgement (NACK) message if the installation of a route for a label-switched path at a router has failed or is likely to fail. In some examples, a network device includes at least one processor and at least one module operable by the at least one processor to: receive a request to forward network packets for an LSP; responsive to receiving the request, initiate configuration of at least one forwarding unit of the network device to…

BGP link-state extensions for segment routing

Granted: May 23, 2017
Patent Number: 9660897
Mechanisms are described by which link state “path” information can be collected from networks and shared with external components, such as routers or centralized controllers or path computation elements, using an exterior gateway protocol, such as the Border Gateway Protocol. That is, the link state information for multiple interior gateway protocol (IGP) routing domains is shared between external components using the exterior gateway protocol, such as BGP. As such, the techniques…

Enhanced protocol independent multicast source registration over a reliable transport

Granted: May 23, 2017
Patent Number: 9660898
In one example, a method includes exchanging, by a first routing device and with a second routing device, targeted hello messages using a Protocol Independent Multicast (PIM) protocol to establish a targeted neighbor connection between the first routing device and the second routing device, wherein the first routing device exchanges the targeted hello messages with the second routing device via at least one intermediate routing device, and wherein at least one of the first or second…

Methods and apparatus for flow control associated with a switch fabric

Granted: May 23, 2017
Patent Number: 9660940
In some embodiments, an apparatus includes a flow control module configured to receive a first data packet from an output queue of a stage of a multi-stage switch at a first rate when an available capacity of the output queue crosses a first threshold. The flow control module is configured to receive a second data packet from the output queue of the stage of the multi-stage switch at a second rate when the available capacity of the output queue crosses a second threshold. The flow…

Apparatus, system, and method for reconfiguring point-to-multipoint label-switched paths

Granted: May 16, 2017
Patent Number: 9654386
An apparatus may include a processor and a control plane that directs the processor to (1) detect that at least a portion of an initial branch path of a point-to-multipoint label-switched path has failed over to a failover route that rejoins the initial branch path at a network node and (2) establish an alternate branch path that merges with the initial branch path at the network node. The apparatus may also include a network interface and a data plane that uses the network interface to…

Systems and methods for multipath load balancing

Granted: May 16, 2017
Patent Number: 9654401
A computer-implemented method for multipath load balancing may include (1) identifying a plurality of paths from a source switch to a destination switch, (2) determining, for each of the plurality of paths, a limiting bandwidth of the path based at least in part on the lowest link bandwidth of one or more data links in the path, and (3) balancing network traffic that is transmitted from the source switch to the destination switch across the plurality of paths based at least in part on…

Obtaining suspect objects based on detecting suspicious activity

Granted: May 16, 2017
Patent Number: 9654496
A device may detect a suspicious activity. The device may automatically obtain a suspect object from a client device that is associated with the suspicious activity and based on detecting the suspicious activity. The suspect object may be an object that is possibly associated with the suspicious activity. The device may determine that the suspect object is malicious. The device may perform an action based on determining that the suspect object is malicious.

Failure detection manager

Granted: May 16, 2017
Patent Number: 9654527
A network device is configured to receive information regarding a group of content streams and determine a buffer size for each of the content streams. The network device is further configured to receive the content streams from one or more encoding devices. The network device is further configured to buffer an amount of each of the content streams based on the respective buffer size. The network device is further configured to send a first content stream to a user device. The network…

Multi-file malware analysis

Granted: May 9, 2017
Patent Number: 9646159
A device may identify a plurality of files for a multi-file malware analysis. The device may execute the plurality of files in a malware testing environment. The device may monitor the malware testing environment for behavior indicative of malware. The device may detect the behavior indicative of malware. The device may perform a first multi-file malware analysis or a second multi-file malware analysis based on detecting the behavior indicative of malware. The first multi-file malware…

System and method for authorizing usage of network devices

Granted: May 9, 2017
Patent Number: 9647841
The disclosed system may include (1) a detection module, stored in memory, that detects that a user is attempting to operate a network peripheral device configured for connecting into a base network device, at least one of the network peripheral device and the base network device including a trusted platform module that further includes an endorsement key that identifies the trusted platform module, (2) an obtaining module, stored in memory, that obtains a digitally signed indication…

Routing proxy for resource requests and resources

Granted: May 9, 2017
Patent Number: 9647871
A device receives, from a client device, a request for a resource, where the request provides an identifier of the client device. The device selects a target device for the resource, connects with the selected target device, and provides a proxy of the request to the selected target device, where the proxy of the request hides the identifier of the client device. The device receives the resource from the selected target device, where the resource provides an identifier of the target…

LSP ping and traceroute for bypass tunnels

Granted: May 9, 2017
Patent Number: 9647912
A method performed by a network device may include assembling a multiprotocol label switching (MPLS) echo request, the echo request including an instruction for a transit node to forward the echo request via a bypass path associated with the transit node, and an instruction for an egress node to send an echo reply indicating that the echo request was received on the bypass path. The method may also include sending the MPLS echo request over a functioning label switched path (LSP).

Propagating LDP MAC flush as TCN

Granted: May 9, 2017
Patent Number: 9647924
A first provider edge (PE) device is configured to: receive a Label Distribution Protocol (LDP) MAC Flush message from a PE device via an input port; flush a routing table in response to the LDP MAC Flush message; determine whether the LDP MAC Flush message comprises a PE identifier corresponding to the PE device; generate a Topology Change Notification (TCN) message based on the LDP MAC Flush message when the LDP MAC Flush message comprises the PE identifier corresponding to the PE…

OSPF point-to-multipoint over broadcast or NBMA mode

Granted: May 9, 2017
Patent Number: 9647928
A network device identifies an Open Shortest Path First (OSPF) link between the network device and a layer 2 network as one of a point-to-multipoint over broadcast interface or a point-to-multipoint over non-broadcast multi access (NBMA) interface, and performs database synchronization and neighbor discovery and maintenance using one of a broadcast model or a NBMA model. The network device also generates a link-state advertisement for the network device, where the link-state…

Policy control using software defined network (SDN) protocol

Granted: May 9, 2017
Patent Number: 9647937
A network device includes an internal policy engine that makes local policy decisions for packet flows and controls policies applied by service modules and forwarding components of the network device. The policy engine interacts with an external policy server to receive policies using software defined networking (SDN) protocol as if the data plane of the network device were directly exposed to the external policy server by the SDN protocol.

Processing packets by a network device

Granted: May 9, 2017
Patent Number: 9647940
A method and apparatus for performing a lookup in a switching device of a packet switched network where the lookup includes a plurality of distinct operations each of which returns a result that includes a pointer to a next operation in a sequence of operations for the lookup. The method includes determining a first lookup operation to be executed, executing the first lookup operation including returning a result and determining if the result includes a pointer to another lookup…

Methods and apparatus for assessing the quality of a data path including both layer-2 and layer-3 devices

Granted: May 2, 2017
Patent Number: 9641420
In some embodiments, an apparatus includes a layer-2 device operably coupled to a source device and a destination device and disposed within a data path (1) between the source device and the destination device, and (2) includes at least one layer-3 device. The layer-2 device receives a first test data unit from the source device, and defines a quality datum associated with processing the first test data unit. The layer-2 device defines a second test data unit based on the first test data…

Mesh network of simple nodes with centralized control

Granted: April 25, 2017
Patent Number: 9634928
A mesh network of wired and/or wireless nodes is described in which a centralized controller provides seamless end-to-end service from the edge of the mesh network to mesh nodes located proximate to subscriber devices. The controller operates to provide a central configuration point for configuring forwarding planes of the mesh nodes of the mesh network, so as to set up transport data channels to transport traffic from the edge nodes via the mesh nodes to the subscriber devices.