Juniper Networks Patent Grants

Methods and apparatus for control protocol validation of a switch fabric system

Granted: December 27, 2016
Patent Number: 9531622
In some embodiments, an apparatus includes a first network control entity within a control plane of a switch fabric system. The first network control entity is configured to receive a first test signal including a test instruction to be implemented within the switch fabric system. The first network control entity is configured to send a second test signal including the test instruction to a second network control entity such that the second network control entity implements the test…

Methods and apparatus for a distributed fibre channel control plane

Granted: December 27, 2016
Patent Number: 9531644
In some embodiments, a system includes a set of network control entities associated with a distributed multi-stage switch. Each network control entity from the set of network control entities is configured to manage at least one edge device having a set of ports and coupled to the distributed multi-stage switch. Each network control entity from the set of network control entities is associated with a unique set of identifiers. A network control entity from the set of network control…

Methods and apparatus for virtualizing switch control plane engine

Granted: November 29, 2016
Patent Number: 9509637
In some embodiments, an apparatus includes a scheduler disposed at a control device of a switch fabric system. The scheduler is configured to receive a control plane request associated with the switch fabric system having a data plane and a control plane separate from the data plane. The scheduler is configured to designate a control plane entity based on the control plane request and state information of each control plane entity from a set of control plane entities associated with the…

Filtering output from operational commands executed on a network device

Granted: November 15, 2016
Patent Number: 9495428
In general, techniques are described to enable selective viewing of data output in response to a command. The techniques provide generic mechanisms to filter output solicited by commands supported by current and future implementations of an interface. An example device receives from a client device an input comprising an operational command a selection request that specifies a field identifier. A schema enumeration module of the device assigns a unique element number to each element of a…

Systems and methods for load balancing multicast traffic

Granted: November 15, 2016
Patent Number: 9497124
A computer-implemented method for load balancing multicast traffic may include (1) identifying a plurality of switches that include at least a first switch that is connected to a second switch by a first path and a second path, (2) calculating a plurality of multicast distribution trees for distributing multicast traffic among the plurality of switches that includes (i) a first tree that includes the first path and whose root is different than the root of a second tree and (ii) the…

Identifying malicious devices within a computer network

Granted: November 15, 2016
Patent Number: 9497163
This disclosure describes techniques for proactively identifying possible attackers based on a profile of a device. For example, a device includes one or more processors and network interface cards to receive, from a remote device, network traffic directed to one or more computing devices protected by the device, determine, based on content of the network traffic, a first set of data points for the device, send a response to the remote device to ascertain a second set of data points for…

Provisioning layer three access for agentless devices

Granted: November 15, 2016
Patent Number: 9497179
A method may include obtaining a layer two identification of an endpoint that is seeking access to a network, the endpoint omitting an agent to communicate a layer three address of the endpoint to a policy node, applying one or more authentication rules based on the layer two identification of the endpoint, assigning the layer three address to the endpoint, learning, by the policy node, the layer three address of the endpoint, and provisioning layer three access for the endpoint to the…

Simulation system for network devices in a network

Granted: November 8, 2016
Patent Number: 9490995
A computing device is configured to receive information for setting up a simulation of a device. The computing device is further configured to request one or more modules corresponding to one or more features associated with the simulation. The computing device is further configured to receive the one or more modules. The computing device is further configured to perform the simulation using the one or more modules and the different modules. The computing device is further configured to…

Requesting high availability for network connections through control messages

Granted: November 8, 2016
Patent Number: 9491042
In one example, a network device includes one or more network interfaces configured to receive a message according to a protocol for reserving a public Internet protocol (IP) address and port for a network connection and to receive one or more packets of a packet flow associated with the public IP address and the port for the network connection, and one or more processors comprising a primary service device, wherein the processors are configured to determine whether the message includes…

Automatic aggregation of inter-device ports/links in a virtual device

Granted: November 8, 2016
Patent Number: 9491089
A virtual device includes multiple devices connected to operate as a single device. A first one of the devices is configured to determine that the first device connects to a second one of the devices via a first link; identify a second link; determine that the second link connects the first device to the second device; and automatically aggregate the first link and the second link to form a link aggregation with the second device based on determining that the first device connects to the…

Methods and apparatus for using virtual local area networks in a switch fabric

Granted: November 8, 2016
Patent Number: 9491090
In some embodiments, a switch module is configured to receive from a first edge device a multicast data unit having a VLAN identifier. The switch module is configured to select a set of port modules based on the VLAN identifier. The switch module is configured to define an unmodified instance of the multicast data unit for each port module from the set of port modules. The switch module is configured to send the unmodified instance of the multicast data unit to each port module from the…

Apparatus, system, and method for preventing unintentional forwarding reconfiguration in network environments

Granted: November 8, 2016
Patent Number: 9491092
The disclosed apparatus may include a physical link that facilitates communication for a plurality of customer networks connected to a service provider network. The apparatus may also include a network device communicatively coupled to the physical link. The network device may identify first and second route-update messages that advertise a plurality of route targets representing the plurality of customer networks to at least one other network device within the service provider network.…

Non-stop routing with internal session mirroring and adaptive application-level rate limiting

Granted: November 8, 2016
Patent Number: 9491107
This application describes techniques for replicating data at a primary routing engine of a network device before processing the data at a transport layer of the primary routing engine, wherein the data is to be sent to a routing peer via a routing communication session, and sending the replicated data to a secondary routing engine of the network device to be processed at a transport layer of the secondary routing engine. The secondary routing engine, in response to detecting that a…

Providing a service based on time and location based passwords

Granted: November 8, 2016
Patent Number: 9491165
A first device may receive a first password from a second device. The first password may be generated based on first time information and first location information identifying a geographic location of the second device. The first device may, determine a second password based on second time information and second location information identifying the geographic location of the second device. The first device may determine that the second device is located at the geographic location at a…

Detecting past intrusions and attacks based on historical network traffic information

Granted: November 1, 2016
Patent Number: 9485262
A device may receive information that identifies an attack signature for detecting an intrusion. The device may determine a device configuration that is vulnerable to the intrusion, may determine an endpoint device associated with the device configuration, and may determine a time period during which the endpoint device was associated with the device configuration. The device may determine an endpoint identifier associated with the endpoint device during the time period, and may identify…

Polluting results of vulnerability scans

Granted: November 1, 2016
Patent Number: 9485270
A security device may receive, from a server device, a response to a request. The request may be provided by an attacker device and may include a plurality of input values. The security device may determine the plurality of input values, included in the request, based on receiving the response. The security device may modify the response to form a modified response. The response may be modified to include information associated with the plurality of input values. The response may be…

Dynamic service handling using a honeypot

Granted: November 1, 2016
Patent Number: 9485276
A network device comprises one or more processors coupled to a memory, and a dynamic services module configured for execution by the one or more processors to receive, from a client device, a service request specifying a service. The dynamic service module is further configured for execution by the one or more processors to, in response to obtaining a negative indication for the service, send a representation of the service request to a honeypot to cause the honeypot to offer the service…

Estimating bit error rate

Granted: November 1, 2016
Patent Number: 9483340
A system may obtain a current bit error count that identifies a quantity of bit errors in a bit stream during a time interval. The system may determine that the current bit error count identifies one or more bit errors. The system may determine whether an estimated bit error rate (BER) for the bit stream is likely to satisfy a threshold. The system may select an approach for determining the estimated BER for the bit stream. The estimated BER may be determined based on combining the…

Uninterruptable power supply for device having power supply modules with internal automatic transfer switches

Granted: November 1, 2016
Patent Number: 9484771
Techniques are described for determining whether power from a first power source is unavailable to a power supply module. In response to determining that power from the first power source is unavailable, the techniques de-couple the first power source from one or more components of an electronic device connected to an output of the power supply module with one or more de-coupling components of the power supply module that connect an automatic transfer switch (ATS) of the power supply…

Multi-layered application classification and decoding

Granted: November 1, 2016
Patent Number: 9485216
An intrusion detection system is described that is capable of applying a plurality of stacked (layered) application-layer decoders to extract encapsulated application-layer data from a tunneled packet flow produced by multiple applications operating at the application layer, or layer seven (L7), of a network stack. In this was, the IDS is capable of performing application identification and decoding even when one or more software applications utilize other software applications as for…