Juniper Networks Patent Grants

Resilient multiprotocol label switching (MPLS) rings using segment routing

Granted: February 20, 2024
Patent Number: 11909556
A ring node N belonging to a resilient MPLS ring (RMR) provisions and/or configures clockwise (CW) and anti-clockwise (AC) paths on the RMR by: (a) configuring two ring node segment identifiers (Ring-SIDs) on the ring node, wherein a first of the two Ring-SIDs (CW-Ring-SID) is to reach N in a clockwise direction on the ring and a second of the two Ring-SIDs (AC-Ring-SID) is to reach N in an anti-clockwise direction on the ring, and wherein the CW-Ring-SID and AC-Ring-SID are unique…

Reconfigurable optical router

Granted: February 20, 2024
Patent Number: 11909516
Embodiments of the invention describe apparatuses, optical systems, and methods for utilizing a dynamically reconfigurable optical transmitter. A laser array outputs a plurality of laser signals (which may further be modulated based on electrical signals), each of the plurality of laser signals having a wavelength, wherein the wavelength of each of the plurality of laser signals is tunable based on other electrical signals. An optical router receives the plurality of (modulated) laser…

Media access control security (MACsec) enabled links of a link aggregation group (LAG)

Granted: February 13, 2024
Patent Number: 11902256
A device may cause a Media Access Control Security (MACsec) session to be established on a first link of a link aggregation group (LAG) that includes a plurality of links with a different device. The device may cause a data structure to be updated to identify the first link as a MACsec enabled LAG link and may send traffic via the first link. The device may cause a MACsec session to be established on at least one additional link of the LAG and may cause the data structure to be updated…

Media access control security (MACsec) enabled links of a link aggregation group (LAG)

Granted: February 13, 2024
Patent Number: 11902256
A device may cause a Media Access Control Security (MACsec) session to be established on a first link of a link aggregation group (LAG) that includes a plurality of links with a different device. The device may cause a data structure to be updated to identify the first link as a MACsec enabled LAG link and may send traffic via the first link. The device may cause a MACsec session to be established on at least one additional link of the LAG and may cause the data structure to be updated…

Determining rate differential weighted fair output queue scheduling for a network device

Granted: February 13, 2024
Patent Number: 11902827
A network device may receive packets and may calculate, during a time interval, an arrival rate and a departure rate, of the packets, at one of multiple virtual output queues. The network device may calculate a current oversubscription factor based on the arrival rate and the departure rate, and may calculate a target oversubscription factor based on an average of previous oversubscription factors associated with the multiple virtual output queues. The network device may determine…

Retaining key parameters after a transmission control protocol (TCP) session flap

Granted: February 13, 2024
Patent Number: 11902404
A network device may monitor a TCP session with another network device, and may identify ingress and/or egress packets, a TCP header, and a socket of the TCP session. The network device may inspect the ingress and/or egress packets, the TCP header, and the socket to identify a zero window advertisement, details of a last quantity of packets sent or received, synchronize, finish, or reset packets sent or received, negotiated TCP options, or buffer space utilization, and may temporarily…

Liveness detection for an authenticated client session

Granted: February 13, 2024
Patent Number: 11902380
A network node may determine parameters of an authenticated client session for a client device, wherein the parameters comprise a network address of the client device. The network node may determine inactivity of the client device in the authenticated client session. The network node may generate, based on determining the inactivity of the client device, an address resolution protocol (ARP) message or a neighbor solicitation (NS) message to send to the client device, wherein the ARP…

Regulating enqueueing and dequeuing border gateway protocol (BGP) update messages

Granted: February 13, 2024
Patent Number: 11902365
A network device, associated with peer network devices, may receive policy information for a protocol; and compute a first update message based on information regarding a route associated with the policy information. The network device may determine that an upper utilization threshold for one or more of peer queues, associated with the peer network devices, is not satisfied; and write the first update message to the peer queues based on determining that the upper utilization threshold is…

Generating a network security policy based on a user identity associated with malicious behavior

Granted: February 13, 2024
Patent Number: 11902330
A device may receive data identifying malicious behavior by a compromised endpoint device associated with a network and may receive user identity data identifying a user of the compromised endpoint device associated with the network. The device may receive endpoint device data identifying the compromised endpoint device and other endpoint devices associated with the network and may receive network device data identifying network devices associated with the network. The device may utilize…

System and method for detecting lateral movement and data exfiltration

Granted: February 13, 2024
Patent Number: 11902303
A system configured to detect a threat activity on a network. The system including a digital device configured to detect a first order indicator of compromise on a network, detect a second order indicator of compromise on the network, generate a risk score based on correlating said first order indicator of compromise on the network with the second order indicator of compromise on said network, and generate at least one incident alert based on comparing the risk score to a threshold.

Determining dependent causes of a computer system event

Granted: February 13, 2024
Patent Number: 11900273
Disclosed are methods and systems for determining combinations of system parameters that indicate a root cause of a system level experience deterioration (SLED). Some of the disclosed embodiments generate a decision tree from a first class of operational parameter datasets. Rules are derived from the decision tree. Filtered rule sets for feature parameters included in the system parameters are then determined. Pairs of features within a particular dataset that each satisfy their…

EVPN host routed bridging (HRB) and EVPN cloud native data center

Granted: February 13, 2024
Patent Number: 11902160
Techniques for EVPN Host Routed Bridging (HRB) and EVPN cloud-native data center with Host Routed Bridging (HRB) are described. A host computing device of a data center includes one or more containerized user-level applications. A cloud native virtual router is configured for dynamic deployment by the data center application orchestration engine and operable in a user space of the host computing device. Processing circuitry is configured for execution of the containerized user-level…

Dynamic internet protocol translation for port-control-protocol communication

Granted: February 13, 2024
Patent Number: 11902159
A network device may receive, from a source device, an option request that includes a source address of the source device and a destination address of a destination device, wherein the network device is associated with an Internet protocol version 6 (IPv6) network. The network device may identify a map code that is associated with an address translation for traffic associated with the destination device and may determine, based on identifying the map code, a source prefix code and a…

High-availability switchover based on traffic metrics

Granted: February 13, 2024
Patent Number: 11902157
A node may be an active node associated with a high-availability service and may route session traffic communicated via a first route path between a first endpoint and a second endpoint. The node may determine a first measurement of a traffic metric of the first route path and may receive, from another node associated with the high-availability service, a second measurement of the traffic metric of a second route path. The node may compare the first measurement and the second measurement…

Compressed routing header

Granted: February 13, 2024
Patent Number: 11902153
A node receives an internet protocol (IP) payload packet that includes an IPv6 transport header that has been extended with a compressed routing header (CRH). The CRH includes a list of segment identifiers (SIDs) that identify nodes that the IP payload packet is to traverse. The node determines, by referencing the list of SIDs, a next segment for the IP payload packet. The node updates a destination IP address that is included in the IPv6 transport header to a particular destination IP…

Weighted multicast join load balance

Granted: February 13, 2024
Patent Number: 11902148
In some examples, a method includes receiving, by an egress network device for a network, messages from each of a plurality of ingress network devices for the network, wherein each of the messages specifies a multicast source, a multicast group, and an upstream multicast hop weight value for multicast traffic for the multicast source and the multicast group; selecting, by the egress network device and based on the upstream multicast hop weight values specified by the received messages,…

Collection of error packet information for network policy enforcement

Granted: February 13, 2024
Patent Number: 11902096
A network device may detect an error associated with a packet based on error information being generated from processing the packet at a layer of a network stack. The network device may determine, based on detecting the error, metadata associated with the packet. The network device may generate telemetry data to include the metadata. The network device may provide the telemetry data to a network analyzer for policy enforcement.

Programmable diagnosis model for correlation of network events

Granted: February 13, 2024
Patent Number: 11902085
Network management techniques are described. A controller device of this disclosure manages a device group of a network. The controller device includes processing circuitry in communication with the memory, the processing circuitry being configured to receive, using a programmable diagnosis service executed by the processing circuitry, a programming input, to form, using the programmable diagnosis service, based on the programming input, a resource definition graph that models…

Detecting VLAN misconfiguration

Granted: February 13, 2024
Patent Number: 11902051
Disclosed are methods for detecting misconfigured VLANs. In some embodiments, traffic on a VLAN across multiple access points is categorized. Traffic on the VLAN at a single access point is then also categorized. The categorization of the VLAN traffic at the single access point can be in response to, for example, communication errors or other conditions. The two categorizations are then compared to determine if the VLAN traffic at the AP is consistent with the VLAN traffic across a…

Apparatus, system, and method for achieving accurate insertion counts on removable modules

Granted: February 13, 2024
Patent Number: 11901898
A disclosed apparatus for accomplishing such a task may include (1) a circuit board incorporated into a module designed for insertion into slots of computing devices, (2) at least one conductive contact disposed on the circuit board, (3) a counter circuit disposed on the circuit board and communicatively coupled to the conductive contact, wherein the counter circuit comprises (A) a signal-change detector that detects signal changes as the module is inserted into one of the slots of the…