Patents Assigned to Juniper Networks
  • Firewall including local bus
    Patent number: 7784093
    Abstract: A gateway for screening packets transferred over a network. The gateway includes a plurality of network interfaces, a memory and a memory controller. Each network interface receives and forwards messages from a network through the gateway. The memory temporarily stores packets received from a network. The memory controller couples each of the network interfaces and is configured to coordinate the transfer of received packets to and from the memory using a memory bus. The gateway includes a firewall engine coupled to the memory bus. The firewall engine is operable to retrieve packets from the memory and screen each packet prior to forwarding a given packet through the gateway and out an appropriate network interface. A local bus is coupled between the firewall engine and the memory providing a second path for retrieving packets from memory when the memory bus is busy.
    Type: Grant
    Filed: February 29, 2008
    Date of Patent: August 24, 2010
    Assignee: Juniper Networks, Inc.
    Inventors: Feng Deng, Yan Ke, Dongping Luo
  • Use of group poll scheduling for broadband communication systems
    Patent number: 7782832
    Abstract: A group poll mechanism (GPM) that schedules upstream bandwidth for cable modems by pointing a request opportunity normally reserved for a single service flow to more than one service flow. Essentially, instead of using the seldom-used poll requests one per service flow, this same request opportunity is pointed to multiple service flows. In such kind of a scheme the GPM gives the same mini-slot to multiple service flows. The GPM implements the use of place-holder SIDs and novel mapping of information elements in MAP messages.
    Type: Grant
    Filed: June 1, 2007
    Date of Patent: August 24, 2010
    Assignee: Juniper Networks, Inc.
    Inventor: Nurettin Burcak Beser
  • Point-to-multi-point/non-broadcasting multi-access VPN tunnels
    Patent number: 7779461
    Abstract: A system establishes a virtual private network (VPN) tunnel to a destination and determines a next hop for the VPN tunnel. The system inserts the next hop, and an address associated with the destination, into an entry of a first table. The system inserts the next hop, and a tunnel identifier corresponding to the established VPN tunnel, into an entry of a second table. The system associates one or more security parameters, used to encrypt traffic sent via the VPN tunnel, with the tunnel identifier.
    Type: Grant
    Filed: November 16, 2004
    Date of Patent: August 17, 2010
    Assignee: Juniper Networks, Inc.
    Inventors: Changming Liu, Choung-Yaw Shieh, Yonghui Cheng
  • Processing numeric addresses in a network router
    Patent number: 7779087
    Abstract: Processing of numeric addresses is facilitated by using a user interface, rather than system modules, to handle name resolution. Processing the addresses at the user interface level avoids delays and packet blocking problems associated with using system modules to perform the task. Relieving the system modules from the responsibility of processing numeric addresses allows them to process other requests, improving overall system efficiency.
    Type: Grant
    Filed: January 18, 2007
    Date of Patent: August 17, 2010
    Assignee: Juniper Networks, Inc.
    Inventors: Reid Evan Wilson, Philip Austin Shafer, Robert P. Enns
  • Bandwidth allocation to support fast buffering
    Patent number: 7779142
    Abstract: A system delivers a media stream to a client using a delivery bandwidth. The system adjusts an amount of the bandwidth used to deliver the media stream based on a state of a buffer associated with the client that receives and buffers the delivered media stream.
    Type: Grant
    Filed: January 23, 2007
    Date of Patent: August 17, 2010
    Assignee: Juniper Networks, Inc.
    Inventors: Spencer Greene, Robert Dykes
  • Method and apparatus for implementing a layer 3/layer 7 firewall in an L2 device
    Patent number: 7779459
    Abstract: Methods and apparatus for transferring packets in a packet switched communication system. A system is provided that includes an L2 device including a controller determining for each packet received whether the received packet is to be inspected, an inspection device operable to inspect and filter packets identified by the controller including using a zone specific policy and an L2 controller for transferring inspected packets in accordance with L2 header information using L2 protocols.
    Type: Grant
    Filed: October 9, 2007
    Date of Patent: August 17, 2010
    Assignee: Juniper Networks, Inc.
    Inventors: Yu Ming Mao, Roger Jia-Jyi Lian, Guangsong Huang, Lee Chik Cheung
  • Event problem report bundles in XML format
    Patent number: 7779094
    Abstract: A network device may include logic configured to detect that an event has occurred in the network device, determine an XML document structure based on the detected event, and generate an XML document with the determined structure including information relating to the detected event.
    Type: Grant
    Filed: August 21, 2007
    Date of Patent: August 17, 2010
    Assignee: Juniper Networks, Inc.
    Inventors: Pallavi Mahajan, Dogu Narin, M. Richard Salaiz
  • Method, apparatus and computer program product for a network firewall
    Patent number: 7774836
    Abstract: An improved firewall for providing network security is described. The improved firewall provides for dynamic rule generation, as well using conventional fixed rules. This improvement is provided without significant increase in the processing time required for most packets. Additionally, the improved firewall provides for translation of IP addresses between the firewall and the internal network.
    Type: Grant
    Filed: August 2, 2006
    Date of Patent: August 10, 2010
    Assignee: Juniper Networks, Inc.
    Inventors: Ken Xie, Yan Ke, Yuming Mao
  • MPOA system and its shortcut communication control method, and shortcut communication control program
    Patent number: 7773605
    Abstract: An MPOA system for establishing communication by using layer 3 protocol on an ATM network, in which data about the layer 3 address of a source of data packets is added to an address resolution request packet which is transmitted in order to establish a shortcut VCC toward a destination of the data packets in each communication node and hence transmitted to the destination, and in the case of accepting the address resolution request packets to be transmitted in order to establish the respective shortcut VCCs toward the destination of the data packets, as for the same communication, from a plurality of the communication nodes, a shortcut VCC is established only between the destination and the communication node remotest from the destination on the network.
    Type: Grant
    Filed: May 1, 2007
    Date of Patent: August 10, 2010
    Assignee: Juniper Networks, Inc.
    Inventor: Koichi Horikawa
  • Method and system for providing secure access to private networks
    Patent number: 7774455
    Abstract: Improved approaches for providing secure access to resources maintained on private networks are disclosed. The secure access can be provided through a public network using a standard network browser. Multiple remote users are able to gain restricted and controlled access to at least portions of a private network through a common access point. The solution provided by the invention is not only easily set up and managed, but also able to support many remote users in a cost-effective manner.
    Type: Grant
    Filed: January 29, 2002
    Date of Patent: August 10, 2010
    Assignee: Juniper Networks, Inc.
    Inventors: Theron Tock, Sampath Srinivas
  • Routing instances for network system management and control
    Patent number: 7774480
    Abstract: A network device and a method are provided. The network device may include a plurality of elements and a routing infrastructure. The routing infrastructure may be configured to route network traffic received at the network device, and transfer, among two or more of the elements, packets that include management information related to the routing of the network traffic.
    Type: Grant
    Filed: March 5, 2007
    Date of Patent: August 10, 2010
    Assignee: Juniper Networks, Inc.
    Inventors: James Murphy, Saurabh Sandhir
  • Distribution of traffic flow criteria
    Patent number: 7773596
    Abstract: Traffic flow criteria are distributed between routing devices. More specifically, a routing protocol, such as the Border Gateway Protocol (BGP), may be extended in a manner that allows fine-grain criteria to be conveyed for application to network traffic. For example, a flow specification data type may be defined in accordance with BGP to allow a variable number of packet flow attributes to be specified, such as source information, destination information, port information, protocol or other flow criteria. In this manner, traffic flow criteria are specified in a way that cannot be expressed using destination address prefixes only. The flow specification data type may be defined as network layer reachability information (NLRI) that is associated with a route advertised in accordance with BGP.
    Type: Grant
    Filed: February 19, 2004
    Date of Patent: August 10, 2010
    Assignee: Juniper Networks, Inc.
    Inventor: Pedro R. Marques
  • Network device management interface having fine-grain access control using regular expressions
    Patent number: 7774367
    Abstract: Techniques for controlling access to resources within a device are described. A device is described, for example, that includes a computer-readable medium and a management interface. The computer-readable medium stores configuration data and authorization data. The authorization data defines an access control attribute and an associated regular expression specifying a textual pattern. The management interface receives a text-based command to access the configuration data of the device, evaluates the command using the regular expression, and controls access to the configuration data based on the evaluation.
    Type: Grant
    Filed: August 20, 2007
    Date of Patent: August 10, 2010
    Assignee: Juniper Networks, Inc.
    Inventors: Robert P. Enns, Mark E. Trostler
  • Packet fragment handling
    Patent number: 7773599
    Abstract: A network device may include a packet header processing engine configured to receive a packet containing packet header information that includes a maximum transfer unit size and a packet length, and determine whether the packet length is greater than the maximum transfer unit size. The packet header processing engine may also be configured to generate and transmit new packet header information when the packet length is less than the maximum transfer unit size, and generate a first fragment header when the packet length is greater than the maximum transfer unit size. The packet header processing engine may further be configured to transmit the first fragment header for generation of a first packet fragment when the packet length is greater than the maximum transfer unit size.
    Type: Grant
    Filed: September 11, 2007
    Date of Patent: August 10, 2010
    Assignee: Juniper Networks, Inc.
    Inventors: Raymond Marcelino Manese Lim, Jeffrey G. Libby
  • Transparent caching of repeated video content in a network
    Patent number: 7770198
    Abstract: Techniques are described for detection of repeated video content to reduce an amount of high bandwidth traffic transmitted across a network from a video source device to remote subscriber devices. In particular, the invention relates to a first intermediate device capable of recognizing patterns of video content and sending a communication to a second intermediate device that transmits a cached version of the video content. In this way, the first intermediate device does not have to resend the high bandwidth video content over the network. The network may comprise any private or public network.
    Type: Grant
    Filed: December 16, 2005
    Date of Patent: August 3, 2010
    Assignee: Juniper Networks, Inc.
    Inventor: Spencer Greene
  • Dynamically inserting filters into forwarding paths of a network device
    Patent number: 7769873
    Abstract: Techniques are described for dynamically inserting filters into a forwarding path of a router in response to a received filter description. For example, a first router may receive a generic filter description, and process the generic filter description to generate machine instructions executable by forwarding hardware. The forwarding hardware, which may be a forwarding engine or an interface card, executes the machine instructions to implement the dynamic filter. The router, for instance, may filter packet flows of a device sourcing a network disturbance, such as a denial of service (DoS) attack by applying the dynamic filter to the packet flows. The router may further forward the filter description to neighboring routers to filter the packet flows closer to the source.
    Type: Grant
    Filed: October 25, 2002
    Date of Patent: August 3, 2010
    Assignee: Juniper Networks, Inc.
    Inventor: Scott Mackie
  • Determining liveness of protocols and interfaces
    Patent number: 7769885
    Abstract: The liveness of routing protocols can be determined using a mechanism to aggregate liveness information for the protocols. The ability of an interface to send and receive packets and the forwarding capability of an interface can also be determined using this mechanism. Since liveness information for multiple protocols, the liveness of interfaces, the forwarding capability of interfaces, or both, may be aggregated in a message, the message can be sent more often than could individual messages for each of the multiple protocols. This allows fast detection of failures, and sending connectivity messages for the individual protocols, such as neighbor “hellos,” to be sent less often.
    Type: Grant
    Filed: February 10, 2004
    Date of Patent: August 3, 2010
    Assignee: Juniper Networks, Inc.
    Inventor: Kireeti Kompella
  • Efficient discovery and verification of paths through a meshed overlay network
    Patent number: 7769019
    Abstract: The present invention provides an efficient system and method for routing information through a dynamic network. The system includes at least one ingress point and one egress point. The ingress and egress point cooperate to form a virtual circuit for routing packets to destination subnets directly reachable by the egress point. The egress point automatically discovers which subnets are directly accessible via its local ports and summarizes this information for the ingress point. The ingress point receives this information, compiles it into a routing table, and verifies that those subnets are best accessed by the egress point. Verification is accomplished by sending probe packets to select addresses on the subnet. Additionally, the egress point may continue to monitor the local topology and incrementally update the information to the ingress to allow the ingress to adjust its compiled routing table.
    Type: Grant
    Filed: May 23, 2007
    Date of Patent: August 3, 2010
    Assignee: Juniper Networks, Inc.
    Inventors: Anupam A. Bharali, Balraj Singh, Manish H. Sampat, Amit P. Singh, Rajiv Batra
  • Network proxy with asymmetric connection connectivity
    Patent number: 7768939
    Abstract: Techniques are described in which a network device waits differing amounts of time for different network sockets before beginning processes to determine whether respective network connections from the network sockets have failed. An intermediate device may create a network socket for a network connection having a keep-alive wait time option set to a keep-alive wait time associated with a class of the network connection. If an amount of time specified by the keep-alive option of the socket passes after a last successful communication on the network connection, the socket may begin a process to determine whether the network connection has failed. If the intermediate device determines that the network connection has failed, the intermediate device may terminate the connection to free resources on the intermediate device allocated to the network connection.
    Type: Grant
    Filed: January 2, 2007
    Date of Patent: August 3, 2010
    Assignee: Juniper Networks, Inc.
    Inventors: Atul N. Trivedi, James K. Tosh
  • Identification of potential network threats using a distributed threshold random walk
    Patent number: 7768921
    Abstract: In general, the invention is directed to techniques of identifying an infected network device in a computer network where traffic to and from the infected network device is not necessarily routed through a single point on the computer network. For example, individual line cards in network devices count incoming network flows from network devices in host tables. The host tables of all line cards of all participating network devices are then correlated. It is then determined whether the number of flows from a network device outweighs the number of flows to the network device to a significant degree. If so, the network device may be considered suspicious. Packets from a suspicious network device may be rerouted to a network security device for more thorough inspection.
    Type: Grant
    Filed: October 30, 2006
    Date of Patent: August 3, 2010
    Assignee: Juniper Networks, Inc.
    Inventors: Harshad Nakil, Bryan Burns, Ankur Singla