Patents Assigned to Juniper Networks
-
Patent number: 7664104Abstract: In a PPP terminating equipment 100 connected with a switch fabric and terminating PPP link, the PPP terminating equipment 100 has an LCP echo requirement detecting section 20 detecting whether or not a received packet is the LCP echo requirement packet, and an LCP echo response producing section 40 producing a response packet to the LCP echo requirement by rewriting the LCP header of the received LCP echo requirement packet. The PPP terminating equipment 100 thereby produces and returns the response packet to the LCP echo requirement.Type: GrantFiled: June 21, 2007Date of Patent: February 16, 2010Assignee: Juniper Networks, Inc.Inventor: Koichi Sumida
-
Patent number: 7664855Abstract: Techniques are described for mitigating adverse effects of port scanning within a network device. For example, an apparatus, such as a router, responds to all network connection request packets received from a client for all ports on an attached server as if all of the server's ports are open. Once a network connection is established between the router and the client, a network connection request is transmitted to the server for a requested port. Using the router to establish a full network connection with the client eliminates a unscrupulous client from sending numerous decoy network connection request messages in an effort to hide the identity of the client. By responding to all network connection requests by establishing a TCP full connection before a network connection request is forwarded to a server, a client receives no useful information regarding the state of a port on the server before providing a valid and detectable IP address. Stealth port scanning is rendered ineffective.Type: GrantFiled: May 5, 2004Date of Patent: February 16, 2010Assignee: Juniper Networks, Inc.Inventors: Michael Freed, Robert M. Krohn
-
Patent number: 7664045Abstract: Samples from an addressed data forwarding devices, such as a router, are forwarded to a specified next hop address and/or out a specified next hop interface. However, the sampling and/or next hop forwarding is suppressed if the specified next hop address is unstable or unresolved.Type: GrantFiled: June 11, 2007Date of Patent: February 16, 2010Assignee: Juniper Networks, Inc.Inventors: Kaushik Ghosh, Dennis Ferguson, Rajiv Patel, Scott Mackie
-
Publication number: 20100027543Abstract: A method may include receiving a packet including a destination address, identifying a destination address entry based on the destination address, the destination address entry including an address identifier, comparing the address identifier to an event identifier, determining whether an event occurred based on the comparison, and forwarding the packet on an alternate path if it is determined that the event occurred.Type: ApplicationFiled: July 30, 2008Publication date: February 4, 2010Applicant: Juniper Networks, Inc.Inventors: Sunesh Rustagi, Apurva Mehta, Ramanarayanan Ramakrishnan, Rajagopalan Subbiah
-
Patent number: 7657011Abstract: The invention is directed to techniques for initiating lawful intercept of packets associated with subscriber sessions on a network device of a service provider network based on identification triggers. A law enforcement agency may send an intercept request for a subscriber to an administration device of the service provider network. The administration device may then configure one or more identification triggers for the subscriber based on the intercept request. The techniques described herein initiate lawful intercept when one or more subscriber sessions on a network device match the one or more identification triggers. The techniques described herein include configuring trigger rules that include identification triggers for subscribers on a network device via a command line interface (CLI) of the network device. In addition, the techniques described herein include configuring identification triggers in a subscriber profile on an authentication device connected to a network device.Type: GrantFiled: May 1, 2006Date of Patent: February 2, 2010Assignee: Juniper Networks, Inc.Inventors: Margaret Zielinski, Paul Raison
-
Publication number: 20100020802Abstract: A communication node contains intelligence for directing both internet protocol (IP) packets and Asychronous Transfer Mode (ATM) cells toward their destinations. The ATM cells and IP packets may be received within a common data stream. The respective devices process the ATM cells and IP packets to direct the cells and packets to the proper output ports towards their destinations. The device is capable of performing policing and quality of service (QOS) processing on both the ATM cells and the IP packets.Type: ApplicationFiled: July 28, 2009Publication date: January 28, 2010Applicant: Juniper Networks, Inc.Inventor: Steven R. Willis
-
Patent number: 7653075Abstract: A network system includes a first device and a second device separated by a network having asymmetric routes in which traffic forwarded in a first direction from the first device to the second device may travel a different route than traffic forwarded in a second direction from the second device to the first device. At least three intermediate processing devices are located between the first device and the second device, wherein at least two of the intermediate processing devices are located along different asymmetric routes. The intermediate processing devices intercept a communication flow between the first device and the second device, and encapsulate the communication flow within network tunnels so that communications associated with the communication flow in the first direction and the second direction are forwarded between a same set of at least two of the intermediate processing devices.Type: GrantFiled: May 15, 2006Date of Patent: January 26, 2010Assignee: Juniper Networks, Inc.Inventors: Balraj Singh, Nitin Gugle
-
Patent number: 7653086Abstract: A method of scheduling upstream bandwidth. This method comprises: 1) anticipating the need for the upstream bandwidth in advance of any specific request for said upstream bandwidth; and 2) scheduling the upstream bandwidth in accordance with such need.Type: GrantFiled: October 31, 2007Date of Patent: January 26, 2010Assignee: Juniper Networks, Inc.Inventor: Nurettin Burcak Beser
-
Patent number: 7652982Abstract: The principles of the invention allow a network device, such as a router, to maintain a high level of services during a failure without substantially utilizing redundant hardware components. During execution, the network device stores a subset of state information associated with applications executing on the network device. In the event of a failure, the network device reconstructs data structures associated with at least one of the applications based on the stored subset of state information. Next, the network device restarts at least one of the applications to resolve the failure. While restarting, the network device may continue to receive and forward information, such as packets, and, therefore, may continue to provide a high level of access to client devices previously connected to the network device.Type: GrantFiled: November 16, 2005Date of Patent: January 26, 2010Assignee: Juniper Networks, Inc.Inventor: Ashwin Kovummal
-
Patent number: 7653009Abstract: In general, this disclosure describes techniques of selecting routes for network packets through a computer network based, at least in part, on electrical power procurement arrangements of devices in the computer network. As described herein, there may be a plurality of routes through a computer network from a first device to a second device. Each of these routes may include one or more devices that consume electrical power. A route selection device may make a determination regarding how network packets are to be routed among these routes based, at least in part, on arrangements made to procure the electrical power consumed by the devices along the routes. After the route selection device makes this determination, the route selection device may cause network packets to be routed among these routes in accordance with this determination.Type: GrantFiled: September 10, 2007Date of Patent: January 26, 2010Assignee: Juniper Networks, Inc.Inventors: Kent Watsen, Matthew Palmer
-
Patent number: 7650634Abstract: Methods, computer program products and apparatus for processing data packets are described. Methods include receiving the data packet, examining the data packet, determining a single flow record associated with the packet and extracting flow instructions for two or more devices from the single flow record.Type: GrantFiled: March 28, 2003Date of Patent: January 19, 2010Assignee: Juniper Networks, Inc.Inventor: Nir Zuk
-
Patent number: 7649904Abstract: A forwarding component of a routing node floods copies of a packet to a plurality of next hops associated with the same layer two (L2) network as an interface on which the packet was received. The plurality of next hops excludes a next hop that corresponds to the interface that received the packet. The forwarding component requires that forwarding information installed by a control unit specify the plurality of next hops to which to flood the copies of the packet, and the forwarding component is not capable of deriving the plurality of next hops to which to flood the copies of the packet from a single flooding next hop identifier after the packet is received. Prior to receiving the packet, a flooding next hop control module derives the plurality of next hops based on the flooding next hop and installs the derived next hops into the forwarding information.Type: GrantFiled: February 20, 2008Date of Patent: January 19, 2010Assignee: Juniper Networks, Inc.Inventors: Kaushik Ghosh, Kireeti Kompella, Junan Chen, Raj Tuplur
-
Patent number: 7647318Abstract: Techniques for controlling access to resources within a device are described. A device is described, for example, that includes a computer-readable medium and a management interface. The computer-readable medium stores configuration data and authorization data. The authorization data defines an access control attribute and an associated regular expression specifying a textual pattern. The management interface receives a text-based command to access the configuration data of the device, evaluates the command using the regular expression, and controls access to the configuration data based on the evaluation.Type: GrantFiled: July 28, 2003Date of Patent: January 12, 2010Assignee: Juniper Networks, Inc.Inventors: Robert P. Enns, Mark E. Trostler
-
Publication number: 20100002382Abstract: A front-to-back cooling system allows cooling of an apparatus containing two orthogonal sets of modules. Each set of modules is independently cooled. A vertical set of modules is cooled with vertical air flow across the modules that enters from a front of the apparatus and exhausts from a back of the apparatus. A horizontal set of modules is cooled with horizontal front-to-back air flow. When the horizontal set of modules is at the front of the apparatus, a plenum extending exterior to the vertical set of modules allows exhausting horizontally flowing air to the rear of the apparatus. When the horizontal set of modules is at the rear of the apparatus, a plenum extending exterior to the vertical set of modules allows moving air from the front of the apparatus to a chamber holding the horizontal modules.Type: ApplicationFiled: July 3, 2008Publication date: January 7, 2010Applicant: Juniper Networks, Inc.Inventors: Gunes Aybay, Pradeep Sindhu, Jean-Marc Frailong, David J. Lima
-
Patent number: 7644108Abstract: A network acceleration device simultaneously caches and intelligently serves different historical versions of stored network content. For example, the network acceleration device may receive one or more requests for original content; however, subsequent updates to the content may create varying versions of the content, e.g., a pre-update version and one or more post-update versions. Client devices that requested the content prior to the update receive the pre-update version from the network acceleration device. Client devices that requested content after the update receive the post-update version from the network device. Moreover, the network acceleration device facilitates the simultaneous delivery of the pre-update version and the post-update version without waiting for delivery of the pre-update version to be complete. Thus, the network acceleration device may facilitate decreased download times by seamlessly and transparently providing both versions of the content simultaneously.Type: GrantFiled: September 15, 2005Date of Patent: January 5, 2010Assignee: Juniper Networks, Inc.Inventor: Steven A. Malmskog
-
Publication number: 20090328219Abstract: The invention is directed to techniques for dynamic policy provisioning. A network security device may comprise a memory that stores a first policy that identifies a first set of patterns that correspond to a first set of network attacks and a second policy, and a control unit that applies the first policy to the network traffic to detect the first set of network attacks. The control unit, while applying the first policy, monitors parameters corresponding to one or more resources and dynamically determines whether to apply a second policy to the network traffic based on the parameters. The control unit, based on the dynamic determination, applies the second policy to the network traffic to detect a second set of network attacks and forwards the network traffic based on the application of the second policy. In this manner, the network security device may implement the dynamic policy provisioning techniques.Type: ApplicationFiled: May 20, 2009Publication date: December 31, 2009Applicant: Juniper Networks, Inc.Inventor: Krishna Narayanaswamy
-
Publication number: 20090327827Abstract: A networking system, device, and method are provided. The networking device typically includes a user-defined ruleset including HTTP request rules and HTTP response rules. The networking device may further include a request processor configured to receive an incoming HTTP request from the client, apply HTTP request rules to the incoming HTTP request, to thereby produce a modified HTTP request, and send the modified HTTP request to the server. The networking device may further include a response processor configured to receive an HTTP response to the modified HTTP request from the server, apply the HTTP response rules to the HTTP response, to thereby produce a modified HTTP response, and send the modified HTTP response to the client.Type: ApplicationFiled: September 10, 2009Publication date: December 31, 2009Applicant: Juniper Networks, Inc.Inventors: Israel L'Heureux, Steve Malmskog
-
Publication number: 20090323695Abstract: A scheduler allowing high-speed scheduling scalable with the number of input and output ports of a crosspoint switch and suppressed unfairness among inputs is disclosed. The scheduler includes an M×M matrix of scheduling modules, each of which schedules packet forwarding connections from a corresponding input group of input ports to selected ones of a corresponding output group of output ports based on reservation information. A diagonal modulo pattern is used to determine a set of M scheduling modules to avoid coming into collision with each other. Each determined scheduling module performs reservation of packet forwarding connections based on current reservation information and transfers updated reservation information in row and column directions of the M×M matrix.Type: ApplicationFiled: August 31, 2009Publication date: December 31, 2009Applicant: Juniper Networks, Inc.Inventors: Satoshi KAMIYA, Hirokazu OZAKI
-
Patent number: 7639602Abstract: A mobile radio system comprises first through N-th radio base stations, where N represents a positive integer which is greater than one. On a start-up sequence of an n-th radio base station, a base station control apparatus transmits an n-th individual identifier as a station identifier to the n-th radio base station to allocate the n-th individual identifier to the n-th radio base station, where n is a variable between one and N, both inclusive. The base station control apparatus transmits a transmission message signal having the n-th individual identifier as a transmission individual identifier to the n-th radio base station to carry out a link connection between the base station control apparatus and the n-th radio base station. In the n-th radio base station, an ATM reception section compares the transmission individual identifier with the n-th station identifier to abandon the transmission message signal when the transmission individual identifier is not coincident with the n-th station identifier.Type: GrantFiled: August 30, 2005Date of Patent: December 29, 2009Assignee: Juniper Networks, Inc.Inventor: Hiroshi Aoki
-
Patent number: 7639710Abstract: A system includes a gateway node that contains modular cards that separately implement control and data planes of a network protocol. The separate data and control cards provide for improved system reliability and improved flexibility in managing bandwidth. Control or data cards can be added to the gateway node as needed based on system load.Type: GrantFiled: February 27, 2003Date of Patent: December 29, 2009Assignee: Juniper Networks, Inc.Inventors: Arthur Stine, Paul S. Traina, Spencer Greene