Patents by Inventor Sreekanth Rupavatharam

Sreekanth Rupavatharam has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Patent number: 11153217
    Abstract: The disclosed method may include (1) determining a size of a packet received at a network device, (2) identifying, within a plurality of packet policers that track rates of packets with various sizes received at the network device, a packet policer that tracks rates of packets whose sizes are within a range that includes the size of the packet, (3) determining a current rate of packets tracked by the packet policer, and then (4) handling the packet based at least in part on whether the current rate exceeds a threshold rate. Various other apparatuses, systems, and methods are also disclosed.
    Type: Grant
    Filed: November 30, 2019
    Date of Patent: October 19, 2021
    Assignee: Juniper Networks, Inc
    Inventors: Prashant Singh, Sreekanth Rupavatharam
  • Patent number: 11063877
    Abstract: A socket-intercept layer in kernel space on a network device may intercept a packet destined to egress out of the network device. The socket-intercept layer may then query a routing daemon for the Maximum Transmission Unit (MTU) value of the interface out of which that packet is to egress from the network device. In response to this query, the routing daemon may provide the socket-intercept layer with the MTU value of that interface. A tunnel driver in kernel space may identify the size of the packet and fragment the packet into segments whose sizes are each less than or equal to the MTU value of the interface. The tunnel driver may then push the segments of the packet to a packet forwarding engine on the network device. In turn, the packet forwarding engine may forward the segments of the packet to the corresponding destination via the interface.
    Type: Grant
    Filed: January 21, 2020
    Date of Patent: July 13, 2021
    Assignee: Juniper Networks, Inc
    Inventors: Prashant Singh, Sreekanth Rupavatharam, Hariprasad Shanmugam, Erin C. MacNeil
  • Patent number: 10887282
    Abstract: Filter synchronization across a restart of a firewall filter application for converting filter information for filters into corresponding iptables filter table rules, is ensured by (1) computing a hash value for filter information derived from a filter using the filter or information derived from the filter, (2) determining an iptables filter table rule using the filter information for the filter, (3) associating the hash value with the corresponding iptables filter table rule, and (4) adding the determined iptables filter table rule and the hash value to iptables filter table rules in a Linux kernel.
    Type: Grant
    Filed: October 19, 2018
    Date of Patent: January 5, 2021
    Assignee: Juniper Networks, Inc.
    Inventors: Sreekanth Rupavatharam, Prashant Singh, Hariprasad Shanmugam
  • Patent number: 10805202
    Abstract: A method includes receiving, by processing circuitry of a first network device, an indication of a logical address associated with an interface to a second network device and adding, by the processing circuitry, an entry to a forwarding table of the first network device, the entry in the forwarding table specifying the logical address. The method further includes adding, by the processing circuitry, an entry to a resolver database of the first network device to which the entry in the forwarding table specifying the logical address points and resolving, by the processing circuitry, the logical address to a hardware address of the second network device.
    Type: Grant
    Filed: January 25, 2019
    Date of Patent: October 13, 2020
    Assignee: Juniper Networks, Inc.
    Inventors: Sharmila Koppula, Sri Karthik Goud Gadela, Sreekanth Rupavatharam
  • Patent number: 10798062
    Abstract: A disclosed method for applying firewall rules on packets in kernel space on network devices may include (1) intercepting, via a socket-intercept layer in kernel space on a routing engine of a network device, a packet that is destined for a remote device and then, in response to intercepting the packet in kernel space on the routing engine, (2) identifying an egress interface index that specifies an egress interface that (A) is external to kernel space and (B) is capable of forwarding the packet from the network device to the remote device, and (3) applying, on the packet in kernel space, at least one firewall rule based at least in part on the egress interface index before the packet egresses from the routing engine. Various other apparatuses, systems, and methods are also disclosed.
    Type: Grant
    Filed: October 16, 2019
    Date of Patent: October 6, 2020
    Assignee: Juniper Networks, Inc
    Inventors: Prashant Singh, Sreekanth Rupavatharam, Hariprasad Shanmugam
  • Patent number: 10798059
    Abstract: A disclosed method may include (1) receiving a packet at a tunnel driver in kernel space on a routing engine of a network device, (2) identifying, at the tunnel driver, metadata of the packet that indicates whether at least one firewall filter had already been correctly applied to the packet before the packet arrived at the tunnel driver, (3) determining, based at least in part on the metadata of the packet, that the firewall filter had not been correctly applied to the packet before the packet arrived at the tunnel driver, and then in response to determining that the firewall filter had not been correctly applied to the packet, (4) invoking at least one firewall filter hook that applies at least one firewall rule on the packet before the packet is allowed to exit kernel space on the routing engine. Various other apparatuses systems, and methods are also disclosed.
    Type: Grant
    Filed: October 6, 2017
    Date of Patent: October 6, 2020
    Assignee: Juniper Networks, Inc
    Inventors: Prashant Singh, Sreekanth Rupavatharam, Hariprasad Shanmugam, Erin MacNeil
  • Patent number: 10797983
    Abstract: A disclosed method may include (1) determining that a packet traversing a network device has been selected for conditional tracing by (A) comparing a characteristic of the packet against a firewall rule that calls for all packets exhibiting the characteristic to be conditionally debugged while traversing the network device and (B) determining, based at least in part on the comparison, that the firewall rule applies to the packet due at least in part to the packet exhibiting the characteristic, (2) tracing a journey of the packet within the network device in response to the determination by collecting information about the packet's journey through a network stack of the network device, and then (3) performing at least one action on the network device based at least in part on the information collected about the packet's journey through the network stack. Various other systems, methods, and computer-readable media are also disclosed.
    Type: Grant
    Filed: June 5, 2018
    Date of Patent: October 6, 2020
    Assignee: Juniper Networks, Inc
    Inventors: Prashant Singh, Sreekanth Rupavatharam
  • Patent number: 10742570
    Abstract: A device may receive, from the packet processing component and through an internal interface, a packet that includes a virtual routing and forwarding (VRF) interface identifier associated with a VRF interface of a virtual device. The internal interface may be associated with multiple external interfaces. The device may modify a value identifying an incoming interface via which the packet is received after receiving the packet that includes the VRF interface identifier. The modified value may be associated with the virtual device, and the modified value may allow an upper communication layer to determine that the packet is associated with the virtual device. The device may provide the packet to the upper communication layer after modifying the value identifying the incoming interface via which the packet is received to permit the upper communication layer to forward the packet to a destination.
    Type: Grant
    Filed: March 2, 2017
    Date of Patent: August 11, 2020
    Assignee: Juniper Networks, Inc.
    Inventors: Sreekanth Rupavatharam, Erin C. MacNeil, Hariprasad Shanmugam
  • Patent number: 10740162
    Abstract: A device may receive, by a kernel of the device and from a loadable kernel module of the device, information that instructs the kernel to invoke a callback function associated with the loadable kernel module based on an execution of a hook of the kernel. The device may receive, by the kernel of the device and from an application of the device, a socket application programming interface (API) call. The socket API call may include control information. The device may execute, by the kernel of the device, the hook based on receiving the socket API call. The device may invoke, by the kernel of the device, the callback function associated with the loadable kernel module based on executing the hook to permit a functionality associated with the callback function to be provided. The kernel may provide the control information, associated with the socket API call, to the callback function as an argument.
    Type: Grant
    Filed: October 31, 2018
    Date of Patent: August 11, 2020
    Assignee: Juniper Networks, Inc.
    Inventors: Erin C. MacNeil, Hariprasad Shanmugam, Sreekanth Rupavatharam
  • Patent number: 10735282
    Abstract: A disclosed method may include (1) detecting, at a network stack of a network device, a packet that (A) is destined at least intermediately for a network interface of the network device and (B) has been flagged by the network stack to be dropped instead of forwarded to the network interface based on at least one characteristic of the packet, (2) instead of dropping the packet, forwarding the packet to an alternative network interface of the network device that analyzes content of packets, (3) identifying, at the alternative network interface, the characteristic of the packet, and then (4) executing, based on the characteristic of the packet, at least one action in connection with the packet that improves the performance of the network device. Various other apparatuses, systems, and methods are also disclosed.
    Type: Grant
    Filed: June 29, 2018
    Date of Patent: August 4, 2020
    Assignee: Juniper Networks, Inc
    Inventors: Prashant Singh, Sreekanth Rupavatharam, Erin C. MacNeil
  • Patent number: 10594618
    Abstract: The disclosed apparatus may include (1) a physical routing engine that comprises (A) a socket-intercept layer, stored in kernel space, that (I) intercepts a packet that is destined for a remote device and (II) queries, in response to intercepting the packet in kernel space, a routing daemon in user space for an MTU value of an egress interface that is to forward the packet from the network device to the remote device and (B) a tunnel driver, stored in kernel space, that fragments the packet into segments whose respective sizes each comply with the MTU value of the egress interface and (2) a physical packet forwarding engine that forwards the segments of the packet to the remote device by way of the egress interface. Various other apparatuses, systems, and methods are also disclosed.
    Type: Grant
    Filed: June 6, 2017
    Date of Patent: March 17, 2020
    Assignee: Juniper Networks, Inc
    Inventors: Prashant Singh, Sreekanth Rupavatharam, Hariprasad Shanmugam, Erin C. MacNeil
  • Patent number: 10505899
    Abstract: A disclosed method for applying firewall rules on packets in kernel space on network devices may include (1) intercepting, via a socket-intercept layer in kernel space on a routing engine of a network device, a packet that is destined for a remote device and then, in response to intercepting the packet in kernel space on the routing engine, (2) identifying an egress interface index that specifies an egress interface that (A) is external to kernel space and (B) is capable of forwarding the packet from the network device to the remote device and (3) applying, on the packet in kernel space, at least one firewall rule based at least in part on the egress interface index before the packet egresses from the routing engine. Various other apparatuses, systems, and methods are also disclosed.
    Type: Grant
    Filed: August 14, 2017
    Date of Patent: December 10, 2019
    Assignee: Juniper Networks, Inc
    Inventors: Prashant Singh, Sreekanth Rupavatharam, Hariprasad Shanmugam, Erin MacNeil
  • Patent number: 10474518
    Abstract: A device may receive information related to an operation of the device during each of multiple time intervals. The device may store, for each time interval of the multiple time intervals, the information in a respective slot of a circular buffer that includes multiple slots. The circular buffer may be used to store a historical record of the information in one or more of the multiple slots. The historical record may be provided from the circular buffer during a dump of the device. The device may provide the historical record during the dump of the device based on storing the historical record of the information in the one or more of the multiple slots.
    Type: Grant
    Filed: December 6, 2016
    Date of Patent: November 12, 2019
    Assignee: Juniper Networks, Inc.
    Inventor: Sreekanth Rupavatharam
  • Patent number: 10362070
    Abstract: The disclosed method may include (1) receiving a synchronize message from a computing device to initiate synchronization between the computing device and a server with respect to a communication protocol, (2) notifying an application in user space on the server of the synchronize message such that the application in user space selects at least one attribute to be applied to a communication session resulting from the synchronization between the computing device and the server, (3) sending a synchronize acknowledgment that identifies the attribute selected by the application in user space to the computing device to further the synchronization between the computing device and the server, and then (4) establishing the communication session with the attribute selected by the application in user space upon receiving an acknowledgment message from the computing device to complete the synchronization. Various other methods, systems, and apparatuses are also disclosed.
    Type: Grant
    Filed: August 19, 2016
    Date of Patent: July 23, 2019
    Assignee: Juniper Networks, Inc
    Inventors: Sreekanth Rupavatharam, Hariprasad Shanmugam, Erin C. MacNeil
  • Patent number: 10348652
    Abstract: The disclosed computer-implemented method may include (1) identifying, in kernel space on a network device, a packet that is destined for a remote device, (2) passing, along with the packet, metadata for the packet to a packet buffer in kernel space on the network device, (3) framing, by the kernel module in kernel space, the packet such that the packet egresses via a tunnel interface driver on the network device, (4) encapsulating, by the tunnel interface driver, the packet with the metadata, and then (5) forwarding, by the tunnel interface driver, the packet to the remote device based at least in part on the metadata with which the packet was encapsulated. Various other methods, systems, and computer-readable media are also disclosed.
    Type: Grant
    Filed: January 28, 2017
    Date of Patent: July 9, 2019
    Assignee: Juniper Networks, Inc.
    Inventors: Erin C. MacNeil, Sreekanth Rupavatharam, Hariprasad Shanmugam
  • Patent number: 10243877
    Abstract: A device may receive a packet associated with an application. The device may identify a filter associated with the application. The device may determine that information associated with the packet matches information associated with the filter. The device may compare a count, associated with the filter, and an expediting threshold associated with expediting processing of the packet based on determining that the information associated with the packet matches the information associated with the filter. The device may selectively expedite processing of the packet based on comparing the count and the expediting threshold.
    Type: Grant
    Filed: November 30, 2016
    Date of Patent: March 26, 2019
    Assignee: Juniper Networks, Inc.
    Inventors: Ramanan Govindarajan, Sreekanth Rupavatharam, Erin C. Macneil
  • Publication number: 20190065291
    Abstract: A device may receive, by a kernel of the device and from a loadable kernel module of the device, information that instructs the kernel to invoke a callback function associated with the loadable kernel module based on an execution of a hook of the kernel. The device may receive, by the kernel of the device and from an application of the device, a socket application programming interface (API) call. The socket API call may include control information. The device may execute, by the kernel of the device, the hook based on receiving the socket API call. The device may invoke, by the kernel of the device, the callback function associated with the loadable kernel module based on executing the hook to permit a functionality associated with the callback function to be provided. The kernel may provide the control information, associated with the socket API call, to the callback function as an argument.
    Type: Application
    Filed: October 31, 2018
    Publication date: February 28, 2019
    Inventors: Erin C. MACNEIL, Hariprasad SHANMUGAM, Sreekanth RUPAVATHARAM
  • Patent number: 10127091
    Abstract: A device may receive, by a kernel of the device and from a loadable kernel module of the device, information that instructs the kernel to invoke a callback function associated with the loadable kernel module based on an execution of a hook of the kernel. The device may receive, by the kernel of the device and from an application of the device, a socket application programming interface (API) call. The socket API call may include control information. The device may execute, by the kernel of the device, the hook based on receiving the socket API call. The device may invoke, by the kernel of the device, the callback function associated with the loadable kernel module based on executing the hook to permit a functionality associated with the callback function to be provided. The kernel may provide the control information, associated with the socket API call, to the callback function as an argument.
    Type: Grant
    Filed: December 22, 2016
    Date of Patent: November 13, 2018
    Assignee: Juniper Networks, Inc.
    Inventors: Erin C. MacNeil, Hariprasad Shanmugam, Sreekanth Rupavatharam
  • Patent number: 8572245
    Abstract: A device may distribute client packets to multiple servers, transmit health check packets with a specific window size to the multiple servers, capture the client packets and the health check packets, and extract the health check packets from the captured packets. In addition, the device may capture packets, detect a connection problem, transmit a reset packet with a specific window size, and extract the reset packet from the captured packets.
    Type: Grant
    Filed: February 29, 2012
    Date of Patent: October 29, 2013
    Assignee: Juniper Networks, Inc.
    Inventors: Yogendra Singh, Sreekanth Rupavatharam
  • Patent number: 8493959
    Abstract: A method for providing multiple media access control (MAC) addresses in a device of a master/slave system may include providing a first MAC address in a MAC address storage of the device. The method may also include providing a second MAC address in a multicast table entry of a multicast hash filter of the device.
    Type: Grant
    Filed: August 12, 2010
    Date of Patent: July 23, 2013
    Assignee: Juniper Networks, Inc.
    Inventor: Sreekanth Rupavatharam