Patents by Inventor Srinivasan Jagannadhan
Srinivasan Jagannadhan has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Publication number: 20190044888Abstract: In some embodiments, a non-transitory processor-readable medium stores code representing instructions to be executed by a processor. The code causes the processor to receive, at an edge device, a first data unit having a characteristic. The code causes the processor to identify, at a first time, an identifier of a service module associated with the characteristic in response to each entry from a set of entries within a flow table not being associated with the characteristic. The code causes the processor to define an entry in the flow table associated with the characteristic and the identifier of the service module. The code causes the processor to send the first data unit to the service module. The code causes the processor to receive, at the edge device, a second data unit having the characteristic, and send the second data unit to the service module based on the entry.Type: ApplicationFiled: September 28, 2018Publication date: February 7, 2019Applicant: Juniper Networks, Inc.Inventors: Krishna NARAYANASWAMY, Jean-Marc FRAILONG, Anjan VENKATRAMANI, Srinivasan JAGANNADHAN
-
Patent number: 10129182Abstract: In some embodiments, a non-transitory processor-readable medium stores code representing instructions to be executed by a processor. The code causes the processor to receive, at an edge device, a first data unit having a characteristic. The code causes the processor to identify, at a first time, an identifier of a service module associated with the characteristic in response to each entry from a set of entries within a flow table not being associated with the characteristic. The code causes the processor to define an entry in the flow table associated with the characteristic and the identifier of the service module. The code causes the processor to send the first data unit to the service module. The code causes the processor to receive, at the edge device, a second data unit having the characteristic, and send the second data unit to the service module based on the entry.Type: GrantFiled: June 29, 2012Date of Patent: November 13, 2018Assignee: Juniper Networks, Inc.Inventors: Krishna Narayanaswamy, Jean-Marc Frailong, Anjan Venkatramani, Srinivasan Jagannadhan
-
Patent number: 10097481Abstract: In some embodiments, a non-transitory processor-readable medium stores code representing instructions to be executed by a processor. The code causes the processor to receive, from a source peripheral processing device, a portion of a data packet having a destination address associated with a destination peripheral processing device. The code causes the processor to identify, based on the destination address, a service to be performed on the portion of the data packet. The code causes the processor to select, based on the service, an identifier of a service module associated with the service. The code further causes the processor to send the portion of the data packet to the service module via a distributed switch fabric such that the service module performs the service on the portion of the data packet and sends the portion of the data packet to the destination peripheral processing device via the distributed switch fabric.Type: GrantFiled: June 29, 2012Date of Patent: October 9, 2018Assignee: Juniper Networks, Inc.Inventors: Krishna Narayanaswamy, Jean-Marc Frailong, Anjan Venkatramani, Srinivasan Jagannadhan
-
Patent number: 9531622Abstract: In some embodiments, an apparatus includes a first network control entity within a control plane of a switch fabric system. The first network control entity is configured to receive a first test signal including a test instruction to be implemented within the switch fabric system. The first network control entity is configured to send a second test signal including the test instruction to a second network control entity such that the second network control entity implements the test instruction for a predetermined amount of time.Type: GrantFiled: May 21, 2015Date of Patent: December 27, 2016Assignee: Juniper Networks, Inc.Inventors: Jaihari V. Loganathan, Srinivasan Jagannadhan
-
Patent number: 9413660Abstract: In one embodiment, a method includes receiving a value associated with a data packet and identifying a data set based on the value. The data set is associated with a range of values and represents routing actions. The data set is a first data set from a plurality of data sets if the value is included in the range of values associated with the first data set. The data set is a default data set if the value is not included in a range of values associated with a data set from the plurality of data sets. The method includes combining the first data set with the default data set if the first data set is identified. The method includes combining the default data set with an except data set if the default data set is identified.Type: GrantFiled: June 23, 2014Date of Patent: August 9, 2016Assignee: Juniper Networks, Inc.Inventors: Deepak Goel, Ramesh Kumar Panwar, Srinivasan Jagannadhan
-
Patent number: 9391958Abstract: A firewall device may include a forwarding component that includes a filter block. The filter block may obtain a first hardware-implemented filter, where a hardware implementation limits the first hardware-implemented filter to a maximum quantity of rules; determine whether a last rule associated with the accessed hardware-implemented filter includes a split-filter action, where the split-filter action identifies a second hardware-implemented filter; and link the second hardware-implemented filter to the first hardware-implemented filter to make the second hardware-implemented filter a logical continuation of the first hardware-implemented filter, in response to determining that the last rule includes the split-filter action.Type: GrantFiled: June 30, 2014Date of Patent: July 12, 2016Assignee: Juniper Networks, Inc.Inventors: Venkatasubramanian Swaminathan, Deepak Goel, Jianhui Huang, John Keen, Jean-Marc Frailong, Srinivasan Jagannadhan, Srilakshmi Adusumalli
-
Patent number: 9042402Abstract: In some embodiments, an apparatus includes a first network control entity within a control plane of a switch fabric system. The first network control entity is configured to receive a first test signal including a test instruction to be implemented within the switch fabric system. The first network control entity is configured to send a second test signal including the test instruction to a second network control entity such that the second network control entity implements the test instruction for a predetermined amount of time.Type: GrantFiled: May 10, 2011Date of Patent: May 26, 2015Assignee: Juniper Networks, Inc.Inventors: Jaihari V. Loganathan, Srinivasan Jagannadhan
-
Publication number: 20140325635Abstract: A firewall device may include a forwarding component that includes a filter block. The filter block may obtain a first hardware-implemented filter, where a hardware implementation limits the first hardware-implemented filter to a maximum quantity of rules; determine whether a last rule associated with the accessed hardware-implemented filter includes a split-filter action, where the split-filter action identifies a second hardware-implemented filter; and link the second hardware-implemented filter to the first hardware-implemented filter to make the second hardware-implemented filter a logical continuation of the first hardware-implemented filter, in response to determining that the last rule includes the split-filter action.Type: ApplicationFiled: June 30, 2014Publication date: October 30, 2014Inventors: Venkatasubramanian SWAMINATHAN, Deepak GOEL, Jianhui HUANG, John KEEN, Jean-Marc FRAILONG, Srinivasan JAGANNADHAN, Srilakshmi ADUSUMALLI
-
Patent number: 8800021Abstract: A firewall device may include a forwarding component that includes a filter block. The filter block may obtain a first hardware-implemented filter, where a hardware implementation limits the first hardware-implemented filter to a maximum quantity of rules; determine whether a last rule associated with the accessed hardware-implemented filter includes a split-filter action, where the split-filter action identifies a second hardware-implemented filter; and link the second hardware-implemented filter to the first hardware-implemented filter to make the second hardware-implemented filter a logical continuation of the first hardware-implemented filter, in response to determining that the last rule includes the split-filter action.Type: GrantFiled: June 29, 2011Date of Patent: August 5, 2014Assignee: Juniper Networks, Inc.Inventors: Venkatasubramanian Swaminathan, Deepak Goel, Jianhui Huang, John Keen, Jean-Marc Frailong, Srinivasan Jagannadhan, Srilakshmi Adusumalli
-
Patent number: 8799507Abstract: An example network device includes a control plane and a filter lookup module that includes a Bloom filter that supports parallel lookup of a maximum number of different prefix lengths. The filter lookup module accesses the Bloom filter to determine a longest length prefix that matches an entry in a set of prefixes. The control plane receives prefix lengths that include more than the maximum number of different prefix lengths supported by the Bloom filter, wherein the set of prefix lengths is associated with one application, generates, based on the received set of prefix lengths, two or more groups of different prefix lengths, wherein each of the two or more groups of different prefix lengths includes no more than the maximum number of different prefix lengths, and programs the filter lookup module with the two or more groups of different prefix lengths associated with the one application.Type: GrantFiled: March 13, 2012Date of Patent: August 5, 2014Assignee: Juniper Networks, Inc.Inventors: John Keen, Jean-Marc Frailong, Deepak Goel, Srinivasan Jagannadhan, Srilakshmi Adusumalli
-
Patent number: 8798057Abstract: In one embodiment, a method includes receiving a value associated with a data packet and identifying a data set based on the value. The data set is associated with a range of values and represents routing actions. The data set is a first data set from a plurality of data sets if the value is included in the range of values associated with the first data set. The data set is a default data set if the value is not included in a range of values associated with a data set from the plurality of data sets. The method includes combining the first data set with the default data set if the first data set is identified. The method includes combining the default data set with an except data set if the default data set is identified.Type: GrantFiled: September 30, 2008Date of Patent: August 5, 2014Assignee: Juniper Networks, Inc.Inventors: Deepak Goel, Ramesh Panwar, Srinivasan Jagannadhan
-
Patent number: 8675648Abstract: In one embodiment, a method includes receiving a policy vectors associated with a switch fabric, determining a compression scheme, and producing a compressed vector based on the policy vector and the compression scheme. The policy vector is represented by a bit sequence and has a plurality of policy bit values. A policy bit value from the plurality of policy bit vales is configured to trigger an action associated with a data packet in the switch fabric. The compression scheme is determined based on a portion of the policy vector.Type: GrantFiled: September 30, 2008Date of Patent: March 18, 2014Assignee: Juniper Networks, Inc.Inventors: Deepak Goel, Ramesh Panwar, Srinivasan Jagannadhan
-
Publication number: 20140006549Abstract: In some embodiments, a non-transitory processor-readable medium stores code representing instructions to be executed by a processor. The code causes the processor to receive, at an edge device, a first data unit having a characteristic. The code causes the processor to identify, at a first time, an identifier of a service module associated with the characteristic in response to each entry from a set of entries within a flow table not being associated with the characteristic. The code causes the processor to define an entry in the flow table associated with the characteristic and the identifier of the service module. The code causes the processor to send the first data unit to the service module. The code causes the processor to receive, at the edge device, a second data unit having the characteristic, and send the second data unit to the service module based on the entry.Type: ApplicationFiled: June 29, 2012Publication date: January 2, 2014Applicant: Juniper Networks, Inc.Inventors: Krishna Narayanaswamy, Jean-Marc Frailong, Anjan Venkatramani, Srinivasan Jagannadhan
-
Publication number: 20140003433Abstract: In some embodiments, a non-transitory processor-readable medium stores code representing instructions to be executed by a processor. The code causes the processor to receive, from a source peripheral processing device, a portion of a data packet having a destination address associated with a destination peripheral processing device. The code causes the processor to identify, based on the destination address, a service to be performed on the portion of the data packet. The code causes the processor to select, based on the service, an identifier of a service module associated with the service. The code further causes the processor to send the portion of the data packet to the service module via a distributed switch fabric such that the service module performs the service on the portion of the data packet and sends the portion of the data packet to the destination peripheral processing device via the distributed switch fabric.Type: ApplicationFiled: June 29, 2012Publication date: January 2, 2014Applicant: Juniper Networks, Inc.Inventors: Krishna Narayanaswamy, Jean-Marc Frailong, Anjan Venkatramani, Srinivasan Jagannadhan
-
Patent number: 8571034Abstract: In one embodiment, an apparatus can include a policy vector module configured to retrieve a compressed policy vector based on a portion of a data packet received at a multi-stage switch. The apparatus can also include a decompression module configured to receive the compressed policy vector and configured to define a decompressed policy vector based on the compressed policy vector. The decompressed policy vector can define a combination of bit values associated with a policy.Type: GrantFiled: April 29, 2011Date of Patent: October 29, 2013Assignee: Juniper Networks, Inc.Inventors: Ramesh Panwar, Deepak Goel, Srinivasan Jagannadhan, Jean-Marc Frailong
-
Patent number: 8571023Abstract: In one embodiment, an apparatus comprises a range selection module, a first stage of bloom filters, a second stage of bloom filters and a hashing module. The range selection module is configured to define a set of hash key vectors based on a set of range values associated with at least a portion of an address value from a data packet received at a multi-stage switch. The first stage of bloom filters and the second stage of bloom filters are collectively configured to determine that at least a portion of a hash key vector from the set of hash key vectors has a probability of being included in a hash table. The hashing module is configured to produce a hash value based on the hash key vector such that a first policy vector is selected based on the hash value and the first policy vector is decompressed to produce a second policy vector associated with the data packet.Type: GrantFiled: June 4, 2010Date of Patent: October 29, 2013Assignee: Juniper Networks, Inc.Inventors: Ramesh Panwar, Deepak Goel, Srinivasan Jagannadhan
-
Publication number: 20130246651Abstract: An example network device includes a control plane and a filter lookup module that includes a Bloom filter that supports parallel lookup of a maximum number of different prefix lengths. The filter lookup module accesses the Bloom filter to determine a longest length prefix that matches an entry in a set of prefixes. The control plane receives prefix lengths that include more than the maximum number of different prefix lengths supported by the Bloom filter, wherein the set of prefix lengths is associated with one application, generates, based on the received set of prefix lengths, two or more groups of different prefix lengths, wherein each of the two or more groups of different prefix lengths includes no more than the maximum number of different prefix lengths, and programs the filter lookup module with the two or more groups of different prefix lengths associated with the one application.Type: ApplicationFiled: March 13, 2012Publication date: September 19, 2013Applicant: JUNIPER NETWORKS, INC.Inventors: John Keen, Jean-Marc Frailong, Deepak Goel, Srinivasan Jagannadhan, Srilakshmi Adusumalli
-
Patent number: 8364852Abstract: In one embodiment, a network management module converts zone policies for a network into access sets and access set lists. The network management module can define access sets for a collection of peripheral processing devices that share the same communication restrictions imposed by the zone policies. The network management module can allocate address blocks for each access set such that at least some of the peripheral processing devices in the same access can share a common address prefix. The network management module can define access sets lists such that each access set references an access set list that includes all the peripheral processing devices in the network that can communicate with the peripheral processing devices in the referencing access set. The network management module can apply access sets and access set lists in generating or updating firewall filter rules, and in some embodiments, the access sets can be expressed in terms of the one or more common address prefixes.Type: GrantFiled: December 22, 2010Date of Patent: January 29, 2013Assignee: Juniper Networks, Inc.Inventors: Amit Shukla, Srinivasan Jagannadhan
-
Patent number: 8111697Abstract: In one embodiment, a method includes classifying a data packet received at a switch fabric, selecting an action descriptor in response to the classifying, and processing an action defined in the action descriptor. The classifying is based on a primary classification condition and first portion of the data packet. The action descriptor is associated with the primary classification condition. The processing includes determining whether a secondary classification condition is satisfied by a second portion of the data packet.Type: GrantFiled: December 31, 2008Date of Patent: February 7, 2012Assignee: Juniper Networks, Inc.Inventors: Ramesh Panwar, Deepak Goel, Jianhui Huang, Srinivasan Jagannadhan
-
Publication number: 20110200038Abstract: In one embodiment, an apparatus can include a policy vector module configured to retrieve a compressed policy vector based on a portion of a data packet received at a multi-stage switch. The apparatus can also include a decompression module configured to receive the compressed policy vector and configured to define a decompressed policy vector based on the compressed policy vector. The decompressed policy vector can define a combination of bit values associated with a policy.Type: ApplicationFiled: April 29, 2011Publication date: August 18, 2011Applicant: Juniper Networks, Inc.Inventors: Ramesh Panwar, Deepak Goel, Srinivasan Jagannadhan, Jean-Marc Frailong