Patents by Inventor Prasad Miriyala

Prasad Miriyala has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Patent number: 12034652
    Abstract: In general, techniques are described for a creating a virtual network router within a software defined network (SDN) architecture. A network controller for the SDN architecture system may include processing circuitry that is configured to execute a configuration node and a control node. The configuration node may process a request by which to create a virtual network router (VNR), where the virtual network router may cause the network controller to interconnect a first virtual network (VN) and a second VN. The VNR may represent a logical abstraction of one or more policies that cause import and/or export of routing information between the first VN and the second VN. The control node configures the first VN and the second VN according to the one or more policies to enable the import and/or the export of routing information between the first VN and the second VN via the VNR.
    Type: Grant
    Filed: June 29, 2022
    Date of Patent: July 9, 2024
    Assignee: Juniper Networks, Inc.
    Inventors: Michael Henkel, Prasad Miriyala, Édouard Thuleau, Nagendra Prasath Maynattamai Prem Chandran, Atul S Moghe
  • Publication number: 20240223454
    Abstract: In an example, a validation system comprises processing circuitry having access to a storage device and is configured to obtain flow records indicative of packet flows among workloads deployed to a cluster of one or more computing devices configured with a network policy, wherein each flow record of the flow records indicates a corresponding packet flow was allowed or denied by the cluster; receive an updated network policy; determine whether a corresponding packet flow for a flow record of the flow records has a discrepancy with the updated network policy; and in response to determining the corresponding packet flow for the flow record of the flow records has a discrepancy with the updated network policy, output an indication of an error.
    Type: Application
    Filed: May 5, 2023
    Publication date: July 4, 2024
    Inventors: Prasad Miriyala, FNU Nadeem, Sayali Mane, Ankur Tandon, Sajeesh Mathew, Pranav Cherukupalli, Khushi Vaidya
  • Publication number: 20240214294
    Abstract: In general, techniques are described that provide an analysis system for analyzing a software-defined networking (SDN) architecture system. The analysis system comprising the processing circuitry configured to obtain operational data representative of one or more of configuration, operation, and maintenance of the SDN architecture system. The processing circuitry may identify dependencies between the operational data that identify dependencies between objects representative of the configuration, operation, and maintenance of the SDN architecture system. The processing circuitry may perform, while traversing the dependences between the operational data, analysis with respect to the operational data in order to identify potential issues in the SDN architecture system, and output the potential issues in the SDN architecture system.
    Type: Application
    Filed: December 23, 2022
    Publication date: June 27, 2024
    Inventors: Prasad Miriyala, Michael Henkel, Sangyeong Kim, Senthilnathan Murugappan, Jeffrey S. Marshall, Akhilesh Pathodia
  • Patent number: 12021740
    Abstract: A plurality of switches may be arranged according to a spine and leaf topology in which each spine switch is connected to all leaf switches. A leaf switch includes a memory configured to store a plurality of policies, each of the plurality of policies being associated with a respective source identifier value and a respective destination address; a network interface communicatively coupled to one of the spine switches; and a processor implemented in circuitry and configured to: receive a packet from the spine switch via the network interface, the packet being encapsulated with a Virtual Extensible Local Area Network (VXLAN) header; extract a source identifier value from the VXLAN header; determine a destination address for the packet; determine a policy of the plurality of policies to apply to the packet according to the source identifier value and the destination address; and apply the policy to the packet.
    Type: Grant
    Filed: June 30, 2021
    Date of Patent: June 25, 2024
    Assignee: Juniper Networks, Inc.
    Inventors: Prasad Miriyala, Wen Lin, Suresh Palguna Krishnan, SelvaKumar Sivaraj, Kumuthini Ratnasingham
  • Publication number: 20240176878
    Abstract: An example system for performing root cause analysis for a plurality of network devices includes one or more processors implemented in circuitry and configured to: receive telemetry data from the plurality of network devices; apply an artificial intelligence (AI) anomaly detection model, trained on historical telemetry data to detect anomalies in the historical telemetry data, to the received telemetry data to detect one or more anomalies in the received telemetry data; and apply an AI root cause analysis mode, trained on historical data, to the anomalies to determine a root cause of an issue causing the one or more anomalies.
    Type: Application
    Filed: August 30, 2023
    Publication date: May 30, 2024
    Inventors: Ajit Krishna Patankar, Kihwan Han, Prasad Miriyala, Mansi Joshi, Shruti Jadon, Deepak Kumar Naik, Maria Charles Maria Selvam
  • Publication number: 20240154863
    Abstract: An example application programming interface (API) server device that distributes configuration data to managed network devices includes one or more processing units implemented in circuitry and configured to receive configuration data to be deployed to at least one of the managed network devices; store the configuration data to a configuration database; and send the configuration data to the at least one of the managed network devices. In this manner, the configuration data can be archived for later retrieval and analysis, e.g., to perform root cause analysis in the event of an error.
    Type: Application
    Filed: January 12, 2024
    Publication date: May 9, 2024
    Inventors: Prasad Miriyala, Michael Henkel, Iqlas M. Ottamalika
  • Publication number: 20240129161
    Abstract: In general, techniques are described for performing network segmentation for container orchestration platforms. A network controller comprising a memory and processing circuitry may be configured to perform the techniques. The memory may be configured to store a request, conforming to a container orchestration platform, to configure a new pod of a plurality of pods with a primary interface to communicate on a virtual network to segment a network formed by the plurality of pods. The processing circuitry may be configured to configure, responsive to the request, the new pod with the primary interface to enable communications via the virtual network.
    Type: Application
    Filed: December 27, 2022
    Publication date: April 18, 2024
    Inventors: Prasad Miriyala, Michael Henkel, Pranav Cherukupalli
  • Publication number: 20240095158
    Abstract: In general, techniques are described for performing pre-deployment checks to ensure that a computing environment is suitably configured for deploying a containerized software-defined networking (SDN) architecture system, and for performing post-deployment checks to determine the operational state of the containerized SDN architecture system after deployment to the computing environment.
    Type: Application
    Filed: September 15, 2023
    Publication date: March 21, 2024
    Inventors: Prasad Miriyala, Michael Henkel, Sridhar Ramachandra Katere, Pranav Cherukupalli, Atul S. Moghe, Ji Hwan Kim
  • Patent number: 11929987
    Abstract: Techniques are disclosed for a network device to preserve packet flow information across bump-in-the-wire (BITW) firewalls. For example, a method comprises receiving, by a network device, a packet. The method also comprises determining, by the network device, that the packet matches a packet flow that is associated with an action to redirect the packet to a firewall configured as a bump-in-the-wire. The method further comprises, in response to the determination: modifying, by the network device, a Media Access Control (MAC) address field of a layer 2 (L2) packet header with a flow identifier of the packet flow; sending, by the network device, the packet to the firewall; receiving, by the network device, the packet from the firewall; and recovering, by the network device, the packet flow by modifying the packet according to the flow identifier in the packet to restore the L2 packet header of the packet.
    Type: Grant
    Filed: February 25, 2020
    Date of Patent: March 12, 2024
    Assignee: Juniper Networks, Inc.
    Inventors: Pranavadatta D N, Aniket G. Daptari, Carlo Contavalli, Prasad Miriyala, Kiran K N, Prasannaa Vengatesan T S, Venkatesh Velpula
  • Patent number: 11902136
    Abstract: An example network device includes memory, a communication unit, and processing circuitry coupled to the memory and the communication unit. The processing circuitry is configured to receive first samples of flows from an interface of another network device sampled at a first sampling rate and determine a first parameter based on the first samples. The processing circuitry is configured to receive second samples of flows from the interface sampled at a second sampling rate, wherein the second sampling rate is different than the first sampling rate and determine a second parameter based on the second samples. The processing circuitry is configured to determine a third sampling rate based on the first parameter and the second parameter, control the communication unit to transmit a signal indicative of the third sampling rate to the another network device; and receive third samples of flows from the interface sampled at the third sampling rate.
    Type: Grant
    Filed: May 19, 2022
    Date of Patent: February 13, 2024
    Assignee: Juniper Networks, Inc.
    Inventors: Prasad Miriyala, Suresh Palguna Krishnan, SelvaKumar Sivaraj
  • Patent number: 11876673
    Abstract: An example application programming interface (API) server device that distributes configuration data to managed network devices includes one or more processing units implemented in circuitry and configured to receive configuration data to be deployed to at least one of the managed network devices; store the configuration data to a configuration database; and send the configuration data to the at least one of the managed network devices. In this manner, the configuration data can be archived for later retrieval and analysis, e.g., to perform root cause analysis in the event of an error.
    Type: Grant
    Filed: September 30, 2021
    Date of Patent: January 16, 2024
    Assignee: Juniper Networks, Inc.
    Inventors: Prasad Miriyala, Michael Henkel, Iqlas M. Ottamalika
  • Patent number: 11870642
    Abstract: In an example, a method comprises obtaining, by a policy controller from a first SDN architecture system, flow metadata for packet flows exchanged among workloads of a distributed application deployed to the first SDN architecture system; identifying, using flow metadata for a packet flow of the packet flows, a source endpoint workload and a destination endpoint workload of the packet flow; generating a network policy rule to allow packet flows from the source endpoint workload to the destination endpoint workload of the packet flow; and adding the network policy rule to a configuration repository as configuration data for a second SDN architecture system to cause a deployment system to configure the second SDN architecture system with the network policy rule to allow packet flows from the source endpoint workload to the destination endpoint workload when the distributed application is deployed to the second SDN architecture system.
    Type: Grant
    Filed: March 31, 2022
    Date of Patent: January 9, 2024
    Assignee: Juniper Networks, Inc.
    Inventors: Prasad Miriyala, Rosh Perumpully Ramadass, Fnu Nadeem
  • Publication number: 20230409369
    Abstract: In general, techniques are described for an efficient exportation of metrics data within a software defined network (SDN) architecture. A network controller for a software-defined networking (SDN) architecture system comprising processing circuitry may implement the techniques. A telemetry node configured for execution by the processing circuitry may process a request by which to enable a metric group that defines a subset of metrics from a plurality of metrics to export from compute nodes. The telemetry node may also transform, based on the request to enable the metric group, the subset of the one or more metrics into telemetry exporter configuration data that configures a telemetry exporter deployed at the compute nodes to export the subset of the metrics. The telemetry node may also interface with the telemetry exporter to configure, based on the telemetry exporter configuration data, the telemetry exporter to export the subset of the metrics.
    Type: Application
    Filed: September 20, 2022
    Publication date: December 21, 2023
    Inventors: Chunguang Liu, Prasad Miriyala, Jeffrey S. Marshall
  • Publication number: 20230362073
    Abstract: A method includes subscribing, by an agent, to telemetry flow data from each network device of a plurality of network devices and receiving, by the agent, a plurality of streams of telemetry flow data from the plurality of the network devices. Each of the plurality of streams corresponds to a different one of the plurality of network devices. The method further includes aggregating, by the agent, data from at least one stream of the plurality of streams of the telemetry flow data received over a period of time and, at the end of the period of time and/or when the data from the at least one stream exceeds a data threshold, sending, by the agent, the aggregated telemetry flow data to a network analyzer device.
    Type: Application
    Filed: July 21, 2023
    Publication date: November 9, 2023
    Inventors: Jeffrey S. Marshall, Gurminder Singh, Prasad Miriyala, Iqlas M. Ottamalika
  • Publication number: 20230336414
    Abstract: In an example, a method comprises obtaining, by a policy controller from a first SDN architecture system, flow metadata for packet flows exchanged among workloads of a distributed application deployed to the first SDN architecture system; identifying, using flow metadata for a packet flow of the packet flows, a source endpoint workload and a destination endpoint workload of the packet flow; generating a network policy rule to allow packet flows from the source endpoint workload to the destination endpoint workload of the packet flow; and adding the network policy rule to a configuration repository as configuration data for a second SDN architecture system to cause a deployment system to configure the second SDN architecture system with the network policy rule to allow packet flows from the source endpoint workload to the destination endpoint workload when the distributed application is deployed to the second SDN architecture system.
    Type: Application
    Filed: June 26, 2023
    Publication date: October 19, 2023
    Inventors: Prasad Miriyala, Rosh Perumpully Ramadass, FNU Nadeem
  • Patent number: 11765488
    Abstract: A method includes receiving, by a network analyzer implemented in circuitry, from a network device of a plurality of network devices, a sensor message for telemetry flow data. The sensor message indicates an interface index for a network interface, a virtual network identifier associated with a virtual network, and an IP address. The method further includes receiving, by the network analyzer, from the network device, a telemetry flow message for the telemetry flow data. The method further includes, in response to determining that the telemetry flow message includes an indication of an interface index that matches the interface index of the sensor message and that the telemetry flow message includes an indication of a virtual network identifier that matches the virtual network identifier of the sensor message, setting, by the network analyzer, the IP address as the source of the telemetry flow data.
    Type: Grant
    Filed: January 28, 2022
    Date of Patent: September 19, 2023
    Assignee: Juniper Networks, Inc.
    Inventors: SelvaKumar Sivaraj, Prasad Miriyala, Biswajit Mandal
  • Patent number: 11750480
    Abstract: A method includes subscribing, by an agent, to telemetry flow data from each network device of a plurality of network devices and receiving, by the agent, a plurality of streams of telemetry flow data from the plurality of the network devices. Each of the plurality of streams corresponds to a different one of the plurality of network devices. The method further includes aggregating, by the agent, data from at least one stream of the plurality of streams of the telemetry flow data received over a period of time and, at the end of the period of time and/or when the data from the at least one stream exceeds a data threshold, sending, by the agent, the aggregated telemetry flow data to a network analyzer device.
    Type: Grant
    Filed: November 22, 2021
    Date of Patent: September 5, 2023
    Assignee: Juniper Networks, Inc.
    Inventors: Jeffrey S. Marshall, Gurminder Singh, Prasad Miriyala, Iqlas M. Ottamalika
  • Publication number: 20230269215
    Abstract: Techniques are described for learning an unknown virtual network information, such as an virtual Internet Protocol (IP) address, of a pod in a virtual network. In some examples, a virtual router executing at a computing device may receive an Address Resolution Protocol (ARP) packet from a virtual execution element in the virtual network, the virtual execution element executing at the computing device. The virtual router may determine, based at least in part on the ARP packet, whether virtual network information for the virtual execution element in a virtual network is known to the virtual router. The virtual router may, in response to determining that the virtual network information of the virtual execution element in the virtual network is not known to the virtual router, perform learning of the virtual network information for the virtual execution element.
    Type: Application
    Filed: April 27, 2023
    Publication date: August 24, 2023
    Inventors: Sangarshan Pillareddy, Yuvaraja Mariappan, James Nicholas Davey, Prasad Miriyala, Richard Roberts, Margarida Correia, Nagendra E S, Haji Mohamed Ashraf Ali
  • Patent number: 11700237
    Abstract: Techniques are disclosed for generating intent-based policies and applying the policies to traffic of a computer network. In one example, a policy controller for the computer network receives traffic statistics for traffic flows among a plurality of application workloads executed by a first set of computing devices. The policy controller correlates the traffic statistics into session records for the plurality of application workloads. The policy controller generates, based on the session records for the application workloads, application firewall policies for the application workloads. Each of the application firewall policies define whether traffic flows between application workloads are to be allowed or denied. The policy controller distributes the application firewall policies to a second set of one or more computing devices for application to traffic flows between instances of the application workloads.
    Type: Grant
    Filed: March 30, 2021
    Date of Patent: July 11, 2023
    Assignee: Juniper Networks, Inc.
    Inventors: Prasad Miriyala, Sundaresan Rajangam, Miraj Subhashbhai Kheni, Suresh B Akula
  • Patent number: 11700236
    Abstract: Techniques are disclosed for redirecting network traffic of virtualized application workload to a host-based firewall. For example, a system comprises a software defined networking (SDN) controller of a multi-tenant virtualized data center configured to: receive a security policy expressed as one or more tags to redirect traffic of a virtualized application workload to a host-based firewall (HBF) of the multi-tenant virtualized data center; configure network connectivity to the HBF in accordance with the security policy; a security controller that manages the HBF configured to: obtain the one or more tags from the SDN controller; receive one or more firewall policies expressed in terms of the one or more tags, wherein each of the one or more firewall policies specifies a function of the HBF; and configure the function of the HBF in accordance with the one or more firewall policies.
    Type: Grant
    Filed: February 27, 2020
    Date of Patent: July 11, 2023
    Assignee: Juniper Networks, Inc.
    Inventors: Prasad Miriyala, Aniket G. Daptari, Fei Chen, Pranavadatta D N, Kiran K N, Jeffrey S. Marshall, Prakash T. Seshadri