Patents by Inventor Jeffrey S. Marshall
Jeffrey S. Marshall has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11979415Abstract: A device receives information identifying a specific host threat to a network, where the information includes a list of network addresses associated with the specific host threat. The device identifies network elements, of the network, associated with the specific host threat to the network, and determines a network control system associated with the identified network elements. The device determines a policy enforcement group of network elements, of the identified network elements, that maps to the list of network addresses associated with the specific host threat, where the network control system is associated with the policy enforcement group of network elements. The device determines a threat policy action to enforce for the specific host threat, and causes, via the network control system, the threat policy action to be enforced by the policy enforcement group of network elements.Type: GrantFiled: December 11, 2020Date of Patent: May 7, 2024Assignee: Juniper Networks, Inc.Inventors: Srinivas Nimmagadda, Jeffrey S. Marshall, Sunil G. Rawoorkar, Srinivasan Veeraraghavan, Prakash T. Seshadri
-
Publication number: 20240106849Abstract: A device receives network segment information identifying network segments associated with a network, and receives endpoint host session information identifying sessions associated with endpoint hosts communicating with the network. The device generates, based on the network segment information and the endpoint host session information, a data structure that includes information associating the network segments with the sessions associated with the endpoint hosts. The device updates the data structure based on changes in the sessions associated with the endpoint hosts and based on changes in locations of the endpoint hosts within the network segments, and identifies, based on the data structure, a particular endpoint host, of the endpoint hosts, that changed locations within the network segments. The device determines a threat policy action to enforce for the particular endpoint host, and causes the threat policy action to be enforced, by the network, for the particular endpoint host.Type: ApplicationFiled: December 5, 2023Publication date: March 28, 2024Inventors: Prakash T. SESHADRI, Binh Phu LE, Srinivas NIMMAGADDA, Jeffrey S. MARSHALL, Kartik Krishnan S. IYYER
-
Patent number: 11888877Abstract: A device receives network segment information identifying network segments associated with a network, and receives endpoint host session information identifying sessions associated with endpoint hosts communicating with the network. The device generates, based on the network segment information and the endpoint host session information, a data structure that includes information associating the network segments with the sessions associated with the endpoint hosts. The device updates the data structure based on changes in the sessions associated with the endpoint hosts and based on changes in locations of the endpoint hosts within the network segments, and identifies, based on the data structure, a particular endpoint host, of the endpoint hosts, that changed locations within the network segments. The device determines a threat policy action to enforce for the particular endpoint host, and causes the threat policy action to be enforced, by the network, for the particular endpoint host.Type: GrantFiled: November 18, 2020Date of Patent: January 30, 2024Assignee: Juniper Networks, Inc.Inventors: Prakash T. Seshadri, Binh Phu Le, Srinivas Nimmagadda, Jeffrey S. Marshall, Kartik Krishnan S. Iyyer
-
Publication number: 20230409369Abstract: In general, techniques are described for an efficient exportation of metrics data within a software defined network (SDN) architecture. A network controller for a software-defined networking (SDN) architecture system comprising processing circuitry may implement the techniques. A telemetry node configured for execution by the processing circuitry may process a request by which to enable a metric group that defines a subset of metrics from a plurality of metrics to export from compute nodes. The telemetry node may also transform, based on the request to enable the metric group, the subset of the one or more metrics into telemetry exporter configuration data that configures a telemetry exporter deployed at the compute nodes to export the subset of the metrics. The telemetry node may also interface with the telemetry exporter to configure, based on the telemetry exporter configuration data, the telemetry exporter to export the subset of the metrics.Type: ApplicationFiled: September 20, 2022Publication date: December 21, 2023Inventors: Chunguang Liu, Prasad Miriyala, Jeffrey S. Marshall
-
Publication number: 20230388188Abstract: A device receives policy information indicating a policy to be implemented for an application hosted by multiple cloud domains, and receives, from the multiple cloud domains, different application resource tags and addresses associated with the application. The device maps the different application resource tags to a generic identifier, and associates the policy with the generic identifier and with the addresses associated with the application. The device provides, based on associating the policy with the generic identifier and with the addresses associated with the application, the policy to the multiple cloud domains to permit the multiple cloud domains to implement the policy.Type: ApplicationFiled: August 10, 2023Publication date: November 30, 2023Inventors: Prakash T. SESHADRI, Sunil G. RAWOORKAR, Yasmin ZARINA, Srinivas NIMMAGADDA, Jeffrey S. MARSHALL, Krishnaiah GOGINENI, Kartik Krishnan S. IYYER
-
Publication number: 20230362073Abstract: A method includes subscribing, by an agent, to telemetry flow data from each network device of a plurality of network devices and receiving, by the agent, a plurality of streams of telemetry flow data from the plurality of the network devices. Each of the plurality of streams corresponds to a different one of the plurality of network devices. The method further includes aggregating, by the agent, data from at least one stream of the plurality of streams of the telemetry flow data received over a period of time and, at the end of the period of time and/or when the data from the at least one stream exceeds a data threshold, sending, by the agent, the aggregated telemetry flow data to a network analyzer device.Type: ApplicationFiled: July 21, 2023Publication date: November 9, 2023Inventors: Jeffrey S. Marshall, Gurminder Singh, Prasad Miriyala, Iqlas M. Ottamalika
-
Patent number: 11811618Abstract: A disclosed method may include (1) querying, in connection with a monitoring service, a network device for device-specific data that identifies features of the network device, (2) determining, based at least in part on the device-specific data, identities of a set of ports on the network device, (3) identifying, based at least in part on the device-specific data, one or more port-specific data objects corresponding to the set of ports, (4) dynamically creating, based at least in part on the device-specific data, a device-visualization interface of the network device by (A) generating a graphical chassis widget that illustrates a logical view of the set of ports and (B) generating a graphical table that illustrates the port-specific data objects, and then (5) providing, in connection with the monitoring service, the device-visualization interface for presentation on a computing device. Various other systems and methods are also disclosed.Type: GrantFiled: June 14, 2022Date of Patent: November 7, 2023Assignee: Juniper Networks, Inc.Inventors: Yelena Kozlova, Lyubov Nesteroff, Jeffrey S. Marshall, Sadhana Rajan, Bret Michael Bailey, Vinamra Jaiswal
-
Patent number: 11765034Abstract: A device receives policy information indicating a policy to be implemented for an application hosted by multiple cloud domains, and receives, from the multiple cloud domains, different application resource tags and addresses associated with the application. The device maps the different application resource tags to a generic identifier, and associates the policy with the generic identifier and with the addresses associated with the application. The device provides, based on associating the policy with the generic identifier and with the addresses associated with the application, the policy to the multiple cloud domains to permit the multiple cloud domains to implement the policy.Type: GrantFiled: September 25, 2020Date of Patent: September 19, 2023Assignee: Juniper Networks, Inc.Inventors: Prakash T. Seshadri, Sunil G. Rawoorkar, Yasmin Zarina, Srinivas Nimmagadda, Jeffrey S. Marshall, Krishnaiah Gogineni, Kartik Krishnan S. Iyyer
-
Patent number: 11750480Abstract: A method includes subscribing, by an agent, to telemetry flow data from each network device of a plurality of network devices and receiving, by the agent, a plurality of streams of telemetry flow data from the plurality of the network devices. Each of the plurality of streams corresponds to a different one of the plurality of network devices. The method further includes aggregating, by the agent, data from at least one stream of the plurality of streams of the telemetry flow data received over a period of time and, at the end of the period of time and/or when the data from the at least one stream exceeds a data threshold, sending, by the agent, the aggregated telemetry flow data to a network analyzer device.Type: GrantFiled: November 22, 2021Date of Patent: September 5, 2023Assignee: Juniper Networks, Inc.Inventors: Jeffrey S. Marshall, Gurminder Singh, Prasad Miriyala, Iqlas M. Ottamalika
-
Patent number: 11700236Abstract: Techniques are disclosed for redirecting network traffic of virtualized application workload to a host-based firewall. For example, a system comprises a software defined networking (SDN) controller of a multi-tenant virtualized data center configured to: receive a security policy expressed as one or more tags to redirect traffic of a virtualized application workload to a host-based firewall (HBF) of the multi-tenant virtualized data center; configure network connectivity to the HBF in accordance with the security policy; a security controller that manages the HBF configured to: obtain the one or more tags from the SDN controller; receive one or more firewall policies expressed in terms of the one or more tags, wherein each of the one or more firewall policies specifies a function of the HBF; and configure the function of the HBF in accordance with the one or more firewall policies.Type: GrantFiled: February 27, 2020Date of Patent: July 11, 2023Assignee: Juniper Networks, Inc.Inventors: Prasad Miriyala, Aniket G. Daptari, Fei Chen, Pranavadatta D N, Kiran K N, Jeffrey S. Marshall, Prakash T. Seshadri
-
Publication number: 20230123775Abstract: In an example, a method includes processing, by an application programming interface (API) server implemented by a configuration node of a network controller for a software-defined networking (SDN) architecture system, requests for operations on native resources of a container orchestration system; processing, by a custom API server implemented by the configuration node, requests for operations on custom resources for SDN architecture configuration, wherein each of the custom resources for SDN architecture configuration corresponds to a type of configuration object in the SDN architecture system; detecting, by a control node of the network controller, an event on an instance of a first custom resource of the custom resources; and by the control node, in response to detecting the event on the instance of the first custom resource, obtaining configuration data for the instance of the first custom resource and configuring a corresponding instance of a configuration object in the SDN architecture.Type: ApplicationFiled: March 31, 2022Publication date: April 20, 2023Inventors: Mahesh Sivakumar, FNU Nadeem, Srinivas Akkipeddi, Michael Henkel, Prasad Miriyala, Gurminder Singh, Édouard Thuleau, Atul S Moghe, Joseph Williams, Ignatious Johnson Christober, Jeffrey S. Marshall, Nagendra Maynattamai, Dale Davis
-
Publication number: 20220400045Abstract: A method includes determining, by a controller device that manages a plurality of network devices, device characteristic information for a network device of the plurality of network devices and selecting, by the controller device, one or more sensors from a plurality of sensors based on the device characteristic information for the network device. The method further includes outputting, by the controller device, an instruction to cause the network device to generate the one or more selected sensors at the network device and receiving, by the controller device, sensor information from the one or more selected sensors generated at the network device.Type: ApplicationFiled: September 30, 2021Publication date: December 15, 2022Inventors: Jeffrey S. Marshall, Iqlas M. Ottamalika, Sri Ram Sankar, Raghuram Malpe Pai, Shashank Veerapaneni, Vijay Kumar Gadde, Harsha Lakshmikanth
-
Patent number: 11516067Abstract: A method includes determining, by a controller device that manages a plurality of network devices, device characteristic information for a network device of the plurality of network devices and selecting, by the controller device, one or more sensors from a plurality of sensors based on the device characteristic information for the network device. The method further includes outputting, by the controller device, an instruction to cause the network device to generate the one or more selected sensors at the network device and receiving, by the controller device, sensor information from the one or more selected sensors generated at the network device.Type: GrantFiled: September 30, 2021Date of Patent: November 29, 2022Assignee: Juniper Networks, Inc.Inventors: Jeffrey S. Marshall, Iqlas M. Ottamalika, Sri Ram Sankar, Raghuram Malpe Pai, Shashank Veerapaneni, Vijay Kumar Gadde, Harsha Lakshmikanth
-
Publication number: 20220303246Abstract: Techniques are disclosed for redirecting network traffic of virtualized application workload to a host-based firewall. For example, a system comprises a software defined networking (SDN) controller of a multi-tenant virtualized data center configured to: receive a security policy expressed as one or more tags to redirect traffic of a virtualized application workload to a host-based firewall (HBF) of the multi-tenant virtualized data center; configure network connectivity to the HBF in accordance with the security policy; a security controller that manages the HBF configured to: obtain the one or more tags from the SDN controller; receive one or more firewall policies expressed in terms of the one or more tags, wherein each of the one or more firewall policies specifies a function of the HBF; and configure the function of the HBF in accordance with the one or more firewall policies.Type: ApplicationFiled: February 27, 2020Publication date: September 22, 2022Inventors: Prasad Miriyala, Aniket G. Daptari, Fei Chen, Pranavadatta D N, Kiran K N, Jeffrey S. Marshall, Prakash T. Seshadri
-
Patent number: 11394622Abstract: A disclosed method may include (1) querying, in connection with a monitoring service, a network device for device-specific data that identifies features of the network device, (2) determining, based at least in part on the device-specific data, identities of a set of ports on the network device, (3) identifying, based at least in part on the device-specific data one or more port-specific data objects corresponding to the set of ports, (4) dynamically creating, based at least in part on the device-specific data, a device-visualization interface of the network device by (A) generating a graphical chassis widget that illustrates a logical view of the set of ports and (B) generating a graphical table that illustrates the port-specific data objects, and then (5) providing, in connection with the monitoring service, the device-visualization interface for presentation on a computing device. Various other systems and methods are also disclosed.Type: GrantFiled: March 19, 2020Date of Patent: July 19, 2022Assignee: Juniper Networks, IncInventors: Yelena Kozlova, Lyubov Nesteroff, Jeffrey S. Marshall, Sadhana Rajan, Bret Michael Bailey, Vinamra Jaiswal
-
Publication number: 20210099472Abstract: A device receives information identifying a specific host threat to a network, where the information includes a list of network addresses associated with the specific host threat. The device identifies network elements, of the network, associated with the specific host threat to the network, and determines a network control system associated with the identified network elements. The device determines a policy enforcement group of network elements, of the identified network elements, that maps to the list of network addresses associated with the specific host threat, where the network control system is associated with the policy enforcement group of network elements. The device determines a threat policy action to enforce for the specific host threat, and causes, via the network control system, the threat policy action to be enforced by the policy enforcement group of network elements.Type: ApplicationFiled: December 11, 2020Publication date: April 1, 2021Inventors: Srinivas NIMMAGADDA, Jeffrey S. MARSHALL, Sunil G. RAWOORKAR, Srinivasan VEERARAGHAVAN, Prakash T. SESHADRI
-
Publication number: 20210075810Abstract: A device receives network segment information identifying network segments associated with a network, and receives endpoint host session information identifying sessions associated with endpoint hosts communicating with the network. The device generates, based on the network segment information and the endpoint host session information, a data structure that includes information associating the network segments with the sessions associated with the endpoint hosts. The device updates the data structure based on changes in the sessions associated with the endpoint hosts and based on changes in locations of the endpoint hosts within the network segments, and identifies, based on the data structure, a particular endpoint host, of the endpoint hosts, that changed locations within the network segments. The device determines a threat policy action to enforce for the particular endpoint host, and causes the threat policy action to be enforced, by the network, for the particular endpoint host.Type: ApplicationFiled: November 18, 2020Publication date: March 11, 2021Inventors: Prakash T. Seshadri, Binh Phu Le, Srinivas Nimmagadda, Jeffrey S. Marshall, Kartik krishnan S. Iyyer
-
Publication number: 20210014119Abstract: A device receives policy information indicating a policy to be implemented for an application hosted by multiple cloud domains, and receives, from the multiple cloud domains, different application resource tags and addresses associated with the application. The device maps the different application resource tags to a generic identifier, and associates the policy with the generic identifier and with the addresses associated with the application. The device provides, based on associating the policy with the generic identifier and with the addresses associated with the application, the policy to the multiple cloud domains to permit the multiple cloud domains to implement the policy.Type: ApplicationFiled: September 25, 2020Publication date: January 14, 2021Inventors: Prakash T. Seshadri, Sunil G. RAWOORKAR, Yasmin ZARINA, Srinivas NIMMAGADDA, Jeffrey S. MARSHALL, Krishnaiah GOGINENI, Kartik Krishnan S. IYYER
-
Patent number: 10887327Abstract: A device receives information identifying a specific host threat to a network, where the information includes a list of network addresses associated with the specific host threat. The device identifies network elements, of the network, associated with the specific host threat to the network, and determines a network control system associated with the identified network elements. The device determines a policy enforcement group of network elements, of the identified network elements, that maps to the list of network addresses associated with the specific host threat, where the network control system is associated with the policy enforcement group of network elements. The device determines a threat policy action to enforce for the specific host threat, and causes, via the network control system, the threat policy action to be enforced by the policy enforcement group of network elements.Type: GrantFiled: June 29, 2018Date of Patent: January 5, 2021Assignee: Juniper Networks, Inc.Inventors: Srinivas Nimmagadda, Jeffrey S. Marshall, Sunil G. Rawoorkar, Srinivasan Veeraraghavan, Prakash T. Seshadri
-
Patent number: 10862912Abstract: A device receives network segment information identifying network segments associated with a network, and receives endpoint host session information identifying sessions associated with endpoint hosts communicating with the network. The device generates, based on the network segment information and the endpoint host session information, a data structure that includes information associating the network segments with the sessions associated with the endpoint hosts. The device updates the data structure based on changes in the sessions associated with the endpoint hosts and based on changes in locations of the endpoint hosts within the network segments, and identifies, based on the data structure, a particular endpoint host, of the endpoint hosts, that changed locations within the network segments. The device determines a threat policy action to enforce for the particular endpoint host, and causes the threat policy action to be enforced, by the network, for the particular endpoint host.Type: GrantFiled: June 29, 2018Date of Patent: December 8, 2020Assignee: Juniper Networks, Inc.Inventors: Prakash T. Seshadri, Binh Phu Le, Srinivas Nimmagadda, Jeffrey S. Marshall, Kartik Krishnan S. Iyyer