Patents by Inventor Srinivasan Jagannadhan

Srinivasan Jagannadhan has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Publication number: 20190044888
    Abstract: In some embodiments, a non-transitory processor-readable medium stores code representing instructions to be executed by a processor. The code causes the processor to receive, at an edge device, a first data unit having a characteristic. The code causes the processor to identify, at a first time, an identifier of a service module associated with the characteristic in response to each entry from a set of entries within a flow table not being associated with the characteristic. The code causes the processor to define an entry in the flow table associated with the characteristic and the identifier of the service module. The code causes the processor to send the first data unit to the service module. The code causes the processor to receive, at the edge device, a second data unit having the characteristic, and send the second data unit to the service module based on the entry.
    Type: Application
    Filed: September 28, 2018
    Publication date: February 7, 2019
    Applicant: Juniper Networks, Inc.
    Inventors: Krishna NARAYANASWAMY, Jean-Marc FRAILONG, Anjan VENKATRAMANI, Srinivasan JAGANNADHAN
  • Patent number: 10129182
    Abstract: In some embodiments, a non-transitory processor-readable medium stores code representing instructions to be executed by a processor. The code causes the processor to receive, at an edge device, a first data unit having a characteristic. The code causes the processor to identify, at a first time, an identifier of a service module associated with the characteristic in response to each entry from a set of entries within a flow table not being associated with the characteristic. The code causes the processor to define an entry in the flow table associated with the characteristic and the identifier of the service module. The code causes the processor to send the first data unit to the service module. The code causes the processor to receive, at the edge device, a second data unit having the characteristic, and send the second data unit to the service module based on the entry.
    Type: Grant
    Filed: June 29, 2012
    Date of Patent: November 13, 2018
    Assignee: Juniper Networks, Inc.
    Inventors: Krishna Narayanaswamy, Jean-Marc Frailong, Anjan Venkatramani, Srinivasan Jagannadhan
  • Patent number: 10097481
    Abstract: In some embodiments, a non-transitory processor-readable medium stores code representing instructions to be executed by a processor. The code causes the processor to receive, from a source peripheral processing device, a portion of a data packet having a destination address associated with a destination peripheral processing device. The code causes the processor to identify, based on the destination address, a service to be performed on the portion of the data packet. The code causes the processor to select, based on the service, an identifier of a service module associated with the service. The code further causes the processor to send the portion of the data packet to the service module via a distributed switch fabric such that the service module performs the service on the portion of the data packet and sends the portion of the data packet to the destination peripheral processing device via the distributed switch fabric.
    Type: Grant
    Filed: June 29, 2012
    Date of Patent: October 9, 2018
    Assignee: Juniper Networks, Inc.
    Inventors: Krishna Narayanaswamy, Jean-Marc Frailong, Anjan Venkatramani, Srinivasan Jagannadhan
  • Patent number: 9531622
    Abstract: In some embodiments, an apparatus includes a first network control entity within a control plane of a switch fabric system. The first network control entity is configured to receive a first test signal including a test instruction to be implemented within the switch fabric system. The first network control entity is configured to send a second test signal including the test instruction to a second network control entity such that the second network control entity implements the test instruction for a predetermined amount of time.
    Type: Grant
    Filed: May 21, 2015
    Date of Patent: December 27, 2016
    Assignee: Juniper Networks, Inc.
    Inventors: Jaihari V. Loganathan, Srinivasan Jagannadhan
  • Patent number: 9413660
    Abstract: In one embodiment, a method includes receiving a value associated with a data packet and identifying a data set based on the value. The data set is associated with a range of values and represents routing actions. The data set is a first data set from a plurality of data sets if the value is included in the range of values associated with the first data set. The data set is a default data set if the value is not included in a range of values associated with a data set from the plurality of data sets. The method includes combining the first data set with the default data set if the first data set is identified. The method includes combining the default data set with an except data set if the default data set is identified.
    Type: Grant
    Filed: June 23, 2014
    Date of Patent: August 9, 2016
    Assignee: Juniper Networks, Inc.
    Inventors: Deepak Goel, Ramesh Kumar Panwar, Srinivasan Jagannadhan
  • Patent number: 9391958
    Abstract: A firewall device may include a forwarding component that includes a filter block. The filter block may obtain a first hardware-implemented filter, where a hardware implementation limits the first hardware-implemented filter to a maximum quantity of rules; determine whether a last rule associated with the accessed hardware-implemented filter includes a split-filter action, where the split-filter action identifies a second hardware-implemented filter; and link the second hardware-implemented filter to the first hardware-implemented filter to make the second hardware-implemented filter a logical continuation of the first hardware-implemented filter, in response to determining that the last rule includes the split-filter action.
    Type: Grant
    Filed: June 30, 2014
    Date of Patent: July 12, 2016
    Assignee: Juniper Networks, Inc.
    Inventors: Venkatasubramanian Swaminathan, Deepak Goel, Jianhui Huang, John Keen, Jean-Marc Frailong, Srinivasan Jagannadhan, Srilakshmi Adusumalli
  • Patent number: 9042402
    Abstract: In some embodiments, an apparatus includes a first network control entity within a control plane of a switch fabric system. The first network control entity is configured to receive a first test signal including a test instruction to be implemented within the switch fabric system. The first network control entity is configured to send a second test signal including the test instruction to a second network control entity such that the second network control entity implements the test instruction for a predetermined amount of time.
    Type: Grant
    Filed: May 10, 2011
    Date of Patent: May 26, 2015
    Assignee: Juniper Networks, Inc.
    Inventors: Jaihari V. Loganathan, Srinivasan Jagannadhan
  • Publication number: 20140325635
    Abstract: A firewall device may include a forwarding component that includes a filter block. The filter block may obtain a first hardware-implemented filter, where a hardware implementation limits the first hardware-implemented filter to a maximum quantity of rules; determine whether a last rule associated with the accessed hardware-implemented filter includes a split-filter action, where the split-filter action identifies a second hardware-implemented filter; and link the second hardware-implemented filter to the first hardware-implemented filter to make the second hardware-implemented filter a logical continuation of the first hardware-implemented filter, in response to determining that the last rule includes the split-filter action.
    Type: Application
    Filed: June 30, 2014
    Publication date: October 30, 2014
    Inventors: Venkatasubramanian SWAMINATHAN, Deepak GOEL, Jianhui HUANG, John KEEN, Jean-Marc FRAILONG, Srinivasan JAGANNADHAN, Srilakshmi ADUSUMALLI
  • Patent number: 8800021
    Abstract: A firewall device may include a forwarding component that includes a filter block. The filter block may obtain a first hardware-implemented filter, where a hardware implementation limits the first hardware-implemented filter to a maximum quantity of rules; determine whether a last rule associated with the accessed hardware-implemented filter includes a split-filter action, where the split-filter action identifies a second hardware-implemented filter; and link the second hardware-implemented filter to the first hardware-implemented filter to make the second hardware-implemented filter a logical continuation of the first hardware-implemented filter, in response to determining that the last rule includes the split-filter action.
    Type: Grant
    Filed: June 29, 2011
    Date of Patent: August 5, 2014
    Assignee: Juniper Networks, Inc.
    Inventors: Venkatasubramanian Swaminathan, Deepak Goel, Jianhui Huang, John Keen, Jean-Marc Frailong, Srinivasan Jagannadhan, Srilakshmi Adusumalli
  • Patent number: 8799507
    Abstract: An example network device includes a control plane and a filter lookup module that includes a Bloom filter that supports parallel lookup of a maximum number of different prefix lengths. The filter lookup module accesses the Bloom filter to determine a longest length prefix that matches an entry in a set of prefixes. The control plane receives prefix lengths that include more than the maximum number of different prefix lengths supported by the Bloom filter, wherein the set of prefix lengths is associated with one application, generates, based on the received set of prefix lengths, two or more groups of different prefix lengths, wherein each of the two or more groups of different prefix lengths includes no more than the maximum number of different prefix lengths, and programs the filter lookup module with the two or more groups of different prefix lengths associated with the one application.
    Type: Grant
    Filed: March 13, 2012
    Date of Patent: August 5, 2014
    Assignee: Juniper Networks, Inc.
    Inventors: John Keen, Jean-Marc Frailong, Deepak Goel, Srinivasan Jagannadhan, Srilakshmi Adusumalli
  • Patent number: 8798057
    Abstract: In one embodiment, a method includes receiving a value associated with a data packet and identifying a data set based on the value. The data set is associated with a range of values and represents routing actions. The data set is a first data set from a plurality of data sets if the value is included in the range of values associated with the first data set. The data set is a default data set if the value is not included in a range of values associated with a data set from the plurality of data sets. The method includes combining the first data set with the default data set if the first data set is identified. The method includes combining the default data set with an except data set if the default data set is identified.
    Type: Grant
    Filed: September 30, 2008
    Date of Patent: August 5, 2014
    Assignee: Juniper Networks, Inc.
    Inventors: Deepak Goel, Ramesh Panwar, Srinivasan Jagannadhan
  • Patent number: 8675648
    Abstract: In one embodiment, a method includes receiving a policy vectors associated with a switch fabric, determining a compression scheme, and producing a compressed vector based on the policy vector and the compression scheme. The policy vector is represented by a bit sequence and has a plurality of policy bit values. A policy bit value from the plurality of policy bit vales is configured to trigger an action associated with a data packet in the switch fabric. The compression scheme is determined based on a portion of the policy vector.
    Type: Grant
    Filed: September 30, 2008
    Date of Patent: March 18, 2014
    Assignee: Juniper Networks, Inc.
    Inventors: Deepak Goel, Ramesh Panwar, Srinivasan Jagannadhan
  • Publication number: 20140006549
    Abstract: In some embodiments, a non-transitory processor-readable medium stores code representing instructions to be executed by a processor. The code causes the processor to receive, at an edge device, a first data unit having a characteristic. The code causes the processor to identify, at a first time, an identifier of a service module associated with the characteristic in response to each entry from a set of entries within a flow table not being associated with the characteristic. The code causes the processor to define an entry in the flow table associated with the characteristic and the identifier of the service module. The code causes the processor to send the first data unit to the service module. The code causes the processor to receive, at the edge device, a second data unit having the characteristic, and send the second data unit to the service module based on the entry.
    Type: Application
    Filed: June 29, 2012
    Publication date: January 2, 2014
    Applicant: Juniper Networks, Inc.
    Inventors: Krishna Narayanaswamy, Jean-Marc Frailong, Anjan Venkatramani, Srinivasan Jagannadhan
  • Publication number: 20140003433
    Abstract: In some embodiments, a non-transitory processor-readable medium stores code representing instructions to be executed by a processor. The code causes the processor to receive, from a source peripheral processing device, a portion of a data packet having a destination address associated with a destination peripheral processing device. The code causes the processor to identify, based on the destination address, a service to be performed on the portion of the data packet. The code causes the processor to select, based on the service, an identifier of a service module associated with the service. The code further causes the processor to send the portion of the data packet to the service module via a distributed switch fabric such that the service module performs the service on the portion of the data packet and sends the portion of the data packet to the destination peripheral processing device via the distributed switch fabric.
    Type: Application
    Filed: June 29, 2012
    Publication date: January 2, 2014
    Applicant: Juniper Networks, Inc.
    Inventors: Krishna Narayanaswamy, Jean-Marc Frailong, Anjan Venkatramani, Srinivasan Jagannadhan
  • Patent number: 8571034
    Abstract: In one embodiment, an apparatus can include a policy vector module configured to retrieve a compressed policy vector based on a portion of a data packet received at a multi-stage switch. The apparatus can also include a decompression module configured to receive the compressed policy vector and configured to define a decompressed policy vector based on the compressed policy vector. The decompressed policy vector can define a combination of bit values associated with a policy.
    Type: Grant
    Filed: April 29, 2011
    Date of Patent: October 29, 2013
    Assignee: Juniper Networks, Inc.
    Inventors: Ramesh Panwar, Deepak Goel, Srinivasan Jagannadhan, Jean-Marc Frailong
  • Patent number: 8571023
    Abstract: In one embodiment, an apparatus comprises a range selection module, a first stage of bloom filters, a second stage of bloom filters and a hashing module. The range selection module is configured to define a set of hash key vectors based on a set of range values associated with at least a portion of an address value from a data packet received at a multi-stage switch. The first stage of bloom filters and the second stage of bloom filters are collectively configured to determine that at least a portion of a hash key vector from the set of hash key vectors has a probability of being included in a hash table. The hashing module is configured to produce a hash value based on the hash key vector such that a first policy vector is selected based on the hash value and the first policy vector is decompressed to produce a second policy vector associated with the data packet.
    Type: Grant
    Filed: June 4, 2010
    Date of Patent: October 29, 2013
    Assignee: Juniper Networks, Inc.
    Inventors: Ramesh Panwar, Deepak Goel, Srinivasan Jagannadhan
  • Publication number: 20130246651
    Abstract: An example network device includes a control plane and a filter lookup module that includes a Bloom filter that supports parallel lookup of a maximum number of different prefix lengths. The filter lookup module accesses the Bloom filter to determine a longest length prefix that matches an entry in a set of prefixes. The control plane receives prefix lengths that include more than the maximum number of different prefix lengths supported by the Bloom filter, wherein the set of prefix lengths is associated with one application, generates, based on the received set of prefix lengths, two or more groups of different prefix lengths, wherein each of the two or more groups of different prefix lengths includes no more than the maximum number of different prefix lengths, and programs the filter lookup module with the two or more groups of different prefix lengths associated with the one application.
    Type: Application
    Filed: March 13, 2012
    Publication date: September 19, 2013
    Applicant: JUNIPER NETWORKS, INC.
    Inventors: John Keen, Jean-Marc Frailong, Deepak Goel, Srinivasan Jagannadhan, Srilakshmi Adusumalli
  • Patent number: 8364852
    Abstract: In one embodiment, a network management module converts zone policies for a network into access sets and access set lists. The network management module can define access sets for a collection of peripheral processing devices that share the same communication restrictions imposed by the zone policies. The network management module can allocate address blocks for each access set such that at least some of the peripheral processing devices in the same access can share a common address prefix. The network management module can define access sets lists such that each access set references an access set list that includes all the peripheral processing devices in the network that can communicate with the peripheral processing devices in the referencing access set. The network management module can apply access sets and access set lists in generating or updating firewall filter rules, and in some embodiments, the access sets can be expressed in terms of the one or more common address prefixes.
    Type: Grant
    Filed: December 22, 2010
    Date of Patent: January 29, 2013
    Assignee: Juniper Networks, Inc.
    Inventors: Amit Shukla, Srinivasan Jagannadhan
  • Patent number: 8111697
    Abstract: In one embodiment, a method includes classifying a data packet received at a switch fabric, selecting an action descriptor in response to the classifying, and processing an action defined in the action descriptor. The classifying is based on a primary classification condition and first portion of the data packet. The action descriptor is associated with the primary classification condition. The processing includes determining whether a secondary classification condition is satisfied by a second portion of the data packet.
    Type: Grant
    Filed: December 31, 2008
    Date of Patent: February 7, 2012
    Assignee: Juniper Networks, Inc.
    Inventors: Ramesh Panwar, Deepak Goel, Jianhui Huang, Srinivasan Jagannadhan
  • Publication number: 20110200038
    Abstract: In one embodiment, an apparatus can include a policy vector module configured to retrieve a compressed policy vector based on a portion of a data packet received at a multi-stage switch. The apparatus can also include a decompression module configured to receive the compressed policy vector and configured to define a decompressed policy vector based on the compressed policy vector. The decompressed policy vector can define a combination of bit values associated with a policy.
    Type: Application
    Filed: April 29, 2011
    Publication date: August 18, 2011
    Applicant: Juniper Networks, Inc.
    Inventors: Ramesh Panwar, Deepak Goel, Srinivasan Jagannadhan, Jean-Marc Frailong