Patents Assigned to Juniper Networks
  • Publication number: 20090141717
    Abstract: Techniques are described that allow a network device, such as a router, to dynamically build VLAN interfaces based on subscriber information strings included within packets. In particular, the network device comprises an interface controller and a forwarding controller, where the forwarding controller receives the packet over an Ethernet port and forwards the received packet to the interface controller. The packet includes both Ethernet tagging information and a subscriber information string. The interface controller comprises an Ethernet module that dynamically builds a primary virtual local area network (VLAN) sub-interface (PVS) based on the Ethernet tagging information. The Ethernet module also dynamically builds a subscriber VLAN sub-interface (SVS) based on the subscriber information string. The SVS allows the network device to distinguish between subscribers residing on the same VLAN, and, therefore, to provide subscriber specific services.
    Type: Application
    Filed: February 11, 2009
    Publication date: June 4, 2009
    Applicant: Juniper Networks, Inc.
    Inventors: Linda M. Cabeca, Mathias Kokot, Jerome P. Moisand, Vitali Vinokour, Thomas Lemaire, Karen Ruben
  • Publication number: 20090135837
    Abstract: A method, performed in a network element, for communicating packet multimedia data between a first endpoint and a second endpoint, the method comprising the machine-implemented steps of receiving an outbound multimedia data packet; determining if the outbound multimedia data packet originated from a first endpoint that is logically behind a security device; determining and storing information identifying a logical pinhole in the security device, wherein the logical pinhole is associated with expected inbound multimedia data packets directed to the first endpoint; performing an action that keeps the logical pinhole open during all of a communication session between the first endpoint and the second endpoint; and forwarding inbound multimedia data packets directed from the second endpoint to the first endpoint via the logical pinhole.
    Type: Application
    Filed: January 26, 2009
    Publication date: May 28, 2009
    Applicant: Juniper Networks, Inc.
    Inventor: Shai Mohaban
  • Patent number: 7539205
    Abstract: A network device seamlessly handles multicast traffic flow between virtual private networks (VPNs) and content providers located external to the VPNs. For example, the network device, such as a router, comprises an interface card and a forwarding component. The forwarding component maintains forwarding data for a public network and forwarding data for the virtual private network. The interface card receives a multicast packet from a virtual private network destined for a multicast content provider external to the virtual private network. When forwarding the multicast packet, the forwarding component bypasses the forwarding data for the public network and forwards the multicast packet to the multicast content provider in accordance with the forwarding data for the public network.
    Type: Grant
    Filed: January 7, 2005
    Date of Patent: May 26, 2009
    Assignee: Juniper Networks, Inc.
    Inventor: Prasad Deshpande
  • Patent number: 7535826
    Abstract: Graceful restart in routers having redundant routing facilities may be accomplished by replicating network (state/topology) information.
    Type: Grant
    Filed: December 10, 2001
    Date of Patent: May 19, 2009
    Assignee: Juniper Networks, Inc
    Inventors: Bruce Cole, Anthony Joseph Li
  • Patent number: 7535825
    Abstract: Link failure messages are sent through a network to accelerate convergence of routing information after a network fault. The link failure messages reduce the oscillations in routing information stored by routers, which otherwise can cause significant problems, including intermittent loss of network connectivity as well as increased packet loss and latency. For example, the link failure messages reduce the time that a network using a path vector routing protocol, such as the Border Gateway Protocol (BGP), takes to converge to a stable state. More particularly, upon detecting a network fault, a router generates link failure information to identify the specific link that has failed. In some types of systems, the router communicates the link failure information to neighboring routers as well as a conventional update message withdrawing any unavailable routes. Once other routers receive the link failure information, the routers do not attempt to use routes that include the failed link.
    Type: Grant
    Filed: February 21, 2006
    Date of Patent: May 19, 2009
    Assignee: Juniper Networks, Inc.
    Inventor: Ross W. Callon
  • Patent number: 7535926
    Abstract: Techniques are described for dynamically configuring an interface in a network service provider. The techniques allow dynamic configuration of, for example, a dual stacked interface that includes both Internet Protocol version 6 (IPv6) and Internet Protocol version 4 (IPv4) on the same layer 2 link. In this way, a customer network having an existing IPv4 connection to a network service provider will be able to run both IPv4 and IPv6 over the same interface. A network device within the network service provider may receive a control packet from a subscriber device. The packet may be received on an ATM hybrid permanent virtual circuit (PVC) that supports multiple interface columns. The network device is capable of auto-sensing multiple packet protocols and may dynamically create multiple interface columns over the same ATM interface based on the encapsulation type of the received packets.
    Type: Grant
    Filed: January 7, 2005
    Date of Patent: May 19, 2009
    Assignee: Juniper Networks, Inc.
    Inventors: Prasad Deshpande, Eric L. Peterson, Thomas M. Mistretta, Mathias Kokot
  • Publication number: 20090125633
    Abstract: In general, the invention is directed to techniques for establishing secure connections with devices residing behind a security device. In accordance with the techniques, a managed device initiates a transmission control protocol (TCP) session to establish a TCP session with a management device such that the management device acts as the TCP server and the managed device acts as a TCP client. Once established, the managed device sends a role reversal message specifying an identity of the managed device via the TCP session. Upon receiving the role reversal message, the management device initiates a secure connection over the TCP session in accordance with a secure protocol such that the management device acts as the secure protocol client and the managed device acts as the secure protocol server. By properly establishing the secure session, each of the devices assumes the proper roles and administrators may more easily configure the devices.
    Type: Application
    Filed: November 14, 2007
    Publication date: May 14, 2009
    Applicant: Juniper Networks, Inc.
    Inventors: Kent A. Watsen, Simon J. Gerraty, Paul Fraley, Philip A. Shafer, Darren Tom
  • Patent number: 7532633
    Abstract: A label switching router (LSR) is described that spoof checks Multi-protocol Label Switching (MPLS) packets to prevent malicious or inadvertent injection of MPLS packets within a label switched path (LSP). The LSR ensures that MPLS packets received from an upstream label switching router (LSR) contain labels that were advertised to that upstream LSR. A software module associated with a signaling protocol, such as the Resource Reservation Protocol (RSVP), the Label Distribution Protocol (LDP), or the Border Gateway Protocol (BGP), is extended to utilize an MPLS forwarding table, and MPLS interface table, and a remote autonomous system table. A set of interfaces for which the label was advertised may be checked to determine whether an interface on which a packet was received is contained in the set of interfaces. The MPLS forwarding table may contain a spoof-check field used to specify one of several different types of spoof checks and to specify the set of interfaces.
    Type: Grant
    Filed: October 12, 2005
    Date of Patent: May 12, 2009
    Assignee: Juniper Networks, Inc.
    Inventor: Bruno Rijsman
  • Patent number: 7529246
    Abstract: A system and method that optimizes transmission control protocol (TCP) initial session establishment without intruding upon TCP's core algorithms. TCP's initially session establishment is accelerated by locally processing a source's initial TCP request within the source's local area network (LAN). A control module relatively near the source's local area network (LAN) and another control module relatively near a destination's LAN are utilized to complete the initial TCP session establishment within the source and the destination's respective LANs, thereby substantially eliminating the first round-trip time delay before the actual data flow begins. The first application-layer data packet thus can be transmitted at substantially the same time as the initial TCP request.
    Type: Grant
    Filed: January 2, 2007
    Date of Patent: May 5, 2009
    Assignee: Juniper Networks, Inc.
    Inventors: Balraj Singh, Amit P. Singh, Vern Paxson
  • Patent number: 7529943
    Abstract: A network device constructs an outgoing resource reservation message and determines an authentication value, using, for example, a cryptographic algorithm and at least a portion of the outgoing message. The network device identifies a destination node for the message and inserts the authentication value in the message. The network device sends the message across a network to the destination node for authentication at the destination node using the authentication value.
    Type: Grant
    Filed: April 16, 2004
    Date of Patent: May 5, 2009
    Assignee: Juniper Networks, Inc.
    Inventor: Nurettin Burcak Beser
  • Patent number: 7529272
    Abstract: A method and apparatus for scheduling virtual upstream channels within one physical upstream channel is disclosed. A different MAP message is received by a receiver for each virtual upstream channel from that sent downstream. Where multiple upstream receivers are used, separate MAP messages can be sent for each receiver and consequently, each virtual upstream channel. The use of multiple upstream receivers is not necessary if the upstream receiver can change the upstream channel descriptors it is using per burst.
    Type: Grant
    Filed: November 29, 2006
    Date of Patent: May 5, 2009
    Assignee: Juniper Networks, Inc.
    Inventor: Nurettin Burcak Beser
  • Patent number: 7529326
    Abstract: The invention performs frequency estimation over both the burst preamble, during which known symbols are transmitted, and also during the burst's data packet, which is subsequent to the preamble and extracted by the local detector. During the preamble, an initial frequency estimate is obtained. This estimate is based on a time average of either phase or correlation samples. Atypical phase or correlation samples, attributable to detector symbol errors during the data packet, are detected and filtered, so as to avoid including the atypical samples in a time-averages used to provide the frequency estimate. In a first embodiment correlation samples are time averaged, and atypical correlation samples are suppressed prior to correlation time averaging. In a second embodiment, phase slope values are time averaged, and atypical values of phase slope are suppressed prior to phase slope time averaging.
    Type: Grant
    Filed: January 24, 2007
    Date of Patent: May 5, 2009
    Assignee: Juniper Networks, Inc.
    Inventor: Ambroise Popper
  • Patent number: 7525921
    Abstract: A router detects a network attack and forwards traffic associated with the network attack to a discard interface. The router applies one or more filters to calculate traffic flow statistics for the traffic forwarded to the discard interface. The router may exchange routing communications with one or more other routers to alert the routers of the network attack. For example, the router may generate a routing communication in accordance with a routing protocol that advertises a route to the targeted device, and includes a policy tag that indicates the existence of a network attack. The other routers update forwarding information in accordance with the advertised route, and automatically forward traffic to respective discard interfaces based on the policy tag, thereby diffusing the network attack.
    Type: Grant
    Filed: June 4, 2003
    Date of Patent: April 28, 2009
    Assignee: Juniper Networks, Inc.
    Inventor: Jeffrey Yi Dar Lo
  • Patent number: 7526607
    Abstract: A compression device recognizes patterns of data and compressing the data, and sends the compressed data to a decompression device that identifies a cached version of the data to decompress the data. In this way, the compression device need not resend high bandwidth traffic over the network. Both the compression device and the decompression device cache the data in packets they receive. Each device has a disk, on which each device writes the data in the same order. The compression device looks for repetitions of any block of data between multiple packets or datagrams that are transmitted across the network. The compression device encodes the repeated blocks of data by replacing them with a pointer to a location on disk. The decompression device receives the pointer and replaces the pointer with the contents of the data block that it reads from its disk.
    Type: Grant
    Filed: September 22, 2005
    Date of Patent: April 28, 2009
    Assignee: Juniper Networks, Inc.
    Inventors: Amit P. Singh, Balraj Singh, Vanco Burzevski
  • Patent number: 7522599
    Abstract: Principles of the invention are described for providing multicast virtual private networks (MVPNs) across a public network that are capable of carrying high-bandwidth multicast traffic with increased scalability. In particular, the MVPNs may transport layer three (L3) multicast traffic, such as Internet Protocol (IP) packets, between remote sites via the public network. The principles described herein may reduce the overhead of protocol independent multicast (PIM) neighbor adjacencies and customer control information maintained for MVPNs. The principles may also reduce the state and the overhead of maintaining the state in the network by removing the need to maintain at least one dedicated multicast tree per each MVPN.
    Type: Grant
    Filed: August 26, 2005
    Date of Patent: April 21, 2009
    Assignee: Juniper Networks, Inc.
    Inventors: Rahul Aggarwal, Yakov Rekhter, Anil Lohiya
  • Patent number: 7522600
    Abstract: Principles of the invention are described for providing multicast virtual private networks (MVPNs) across a public network that are capable of carrying high-bandwidth multicast traffic with increased scalability. In particular, the MVPNs may transport layer three (L3) multicast traffic, such as Internet Protocol (IP) packets, between remote sites via the public network. The principles described herein may reduce the overhead of protocol independent multicast (PIM) neighbor adjacencies and customer control information maintained for MVPNs. The principles may also reduce the state and the overhead of maintaining the state in the network by removing the need to maintain at least one dedicated multicast tree per each MVPN.
    Type: Grant
    Filed: August 26, 2005
    Date of Patent: April 21, 2009
    Assignee: Juniper Networks, Inc.
    Inventors: Rahul Aggarwal, Yakov Rekhter, Anil Lohiya
  • Patent number: 7522635
    Abstract: A voice relaying apparatus includes a receiving a cell from a network, a plurality of cell assembling/disassembling units for assembling and disassembling the cells, and a transmitting section for transmitting the cells assembled by each of the plurality of cell assembling/disassembling units. Each of the plurality of cell assembling/disassembling units is composed of a cell disassembling section for disassembling for cell received by the receiving section, a detecting section for detecting whether the voice relaying apparatus is carrying out a relay switch operation, and a cell assembling the cell disassembled by the cell disassembling section and for sending the cell to the transmitting section if the detecting section detects that the voice relaying apparatus is carrying out the relay switch operation.
    Type: Grant
    Filed: January 12, 2004
    Date of Patent: April 21, 2009
    Assignee: Juniper Networks, Inc.
    Inventor: Noboru Tatsuki
  • Patent number: 7523097
    Abstract: Techniques are described for reliable restoration of archived configuration. For example, a device, such as a router, comprises a first memory to store operational configuration data and a second memory to store candidate configuration data. The candidate configuration data represents a working copy of the operational configuration data. The device further includes a control unit to lock the candidate configuration data, load archived configuration data to replace the locked candidate configuration data and commit the candidate configuration data to restore the archived configuration data as the operational configuration data of the device. In locking the candidate configuration, the device ensures reliable restoration of the candidate configuration by helping prevent the device from becoming both unreachable and inoperable.
    Type: Grant
    Filed: January 13, 2004
    Date of Patent: April 21, 2009
    Assignee: Juniper Networks, Inc.
    Inventors: Reid E. Wilson, Philip A. Shafer
  • Patent number: 7519728
    Abstract: A system improves bandwidth used by a data stream. The system receives data from the data stream and partitions the data into bursts. At least one of the bursts includes one or more idles. The system selectively removes the idles from the at least one burst and transmits the bursts, including the at least one burst.
    Type: Grant
    Filed: July 18, 2002
    Date of Patent: April 14, 2009
    Assignee: Juniper Networks, Inc.
    Inventors: Sharada Yeluri, Kevin Clark, Shahriar Ilislamloo, Chung Lau
  • Patent number: 7519735
    Abstract: A network router employs a single board architecture that includes both a forwarding engine and an interface card concentrator. All of the circuits involved in routing are incorporated into a single board, reducing the system cost of the router. A single processor performs various functions in connection with these circuits, such as management of interface cards and the forwarding engine. In addition to lowering the system cost, the compact architecture allows higher density installation of interface cards.
    Type: Grant
    Filed: May 8, 2001
    Date of Patent: April 14, 2009
    Assignee: Juniper Networks, Inc.
    Inventors: Hann-Hwan Ju, Ashok Krishnamurthi, Ross Heitkamp, Antony Chatzigianis, Ken Kuwabara