US Pat. No. 9,985,912

SHARED MEMORY SWITCH FABRIC SYSTEM AND METHOD

Juniper Networks, Inc., ...

1. A method of transferring cells through a switch fabric having a shared memory crossbar switch, a plurality of cell receive blocks and a plurality of cell transmit blocks, wherein the shared memory crossbar switch includes a shared memory having a plurality of shared memory banks, the method comprising:determining, based on a number of cells enqueued in respective output buffers in the cell transmit blocks, output buffers in the cell transmit blocks that can receive cells on a low latency path;
transferring cells from the cell receive blocks to the output buffers in the cell transmit blocks, wherein the cells include first cells that can be transferred on the low latency path and second cells that cannot be transferred via the low latency path, wherein transferring the cells includes:
transferring the first cells via a bypass mechanism in shared memory to the output buffers in the cell transmit blocks; and
transferring the second cells by writing the second cells to one or more of the shared memory banks, reading the second cells from the one or more of the shared memory banks and transferring the second cells read from the one or more of the shared memory banks to the output buffers in the cell transmit blocks;
wherein the bypass mechanism in shared memory directs a cell received at a shared memory bank to an output of the shared memory bank instead of storing the cell in the shared memory bank.

US Pat. No. 9,973,389

PROPAGATING LEAF COUNT INFORMATION TO FACILITATE SWITCHING BETWEEN A SEGMENTED TUNNEL AND A NON-SEGMENTED TUNNEL

Juniper Networks, Inc., ...

1. A device, comprising:an interface; and
one or more processors, communicatively coupled to the interface, to:
provide information associated with initiating a segmented tunnel to be used to transfer multicast traffic via a network covering a plurality of areas;
receive first acknowledgement information associated with the segmented tunnel,
the first acknowledgement information including information that identifies a first quantity of egress devices, associated with a first area of the plurality of areas, that are to receive the multicast traffic;
receive second acknowledgement information associated with the segmented tunnel,
the second acknowledgement information including information that identifies a second quantity of egress devices, associated with a second area of the plurality of areas, that are to receive the multicast traffic,
the second area being different from the first area;
determine, based on the first acknowledgement information and the second acknowledgement information, a total quantity of egress devices that are to receive the multicast traffic; and
selectively provide the multicast traffic via the segmented tunnel based on the total quantity of egress devices that are to receive the multicast traffic.

US Pat. No. 9,967,174

DESIGNATED FORWARDER (DF) ELECTION BASED ON STATIC DF ELECTION PROCEDURE

Juniper Networks, Inc., ...

1. A device, comprising:one or more processors to:
transmit, to one or more network devices of a particular portion of a network, information indicating that the device is configured to perform a static designated forwarder election procedure;
determine, based on transmitting the information, whether each of the one or more network devices of the particular portion of the network are configured to perform the static designated forwarder election procedure; and
selectively enable a static designated forwarder role or a dynamic designated forwarder role of the device, for the particular portion of the network, based on determining whether each of the one or more network devices of the particular portion of the network are configured to perform the static designated forwarder election procedure,
the static designated forwarder role being enabled based on each of the one or more network devices of the particular portion of the network being configured to perform the static designated forwarder election procedure, or
the dynamic designated forwarder role being enabled based on one of the one or more network devices, of the particular portion of the network, not being configured to perform the static designated forwarder election procedure.

US Pat. No. 9,967,210

NETWORK DEVICE DATA PLANE SANDBOXES FOR THIRD-PARTY CONTROLLED PACKET FORWARDING PATHS

Juniper Networks, Inc., ...

1. A method comprising:configuring, by a first application executed by a control plane of a network device and via a first interface executed by a forwarding unit of the network device, an internal forwarding path of the forwarding unit with first instructions that determine processing of packets received by the forwarding unit,
wherein the first application configures the internal forwarding path to include a sandbox that comprises a container for instructions to be configured inline within the internal forwarding path, and
wherein at least a portion of the internal forwarding path is stored to a memory of the forwarding unit and is executable by a packet processor of the forwarding unit;
configuring, by a second application executed by the control plane of the network device and via a second interface executed by the forwarding unit of the network device, the sandbox with second instructions that determine processing of packets within the sandbox; and
processing, by the packet processor in response to determining a packet received by the forwarding unit is associated with a packet flow controlled at least in part by the second application, the packet by executing the second instructions configured for the sandbox.

US Pat. No. 9,953,164

CONFIRMING A MALWARE INFECTION ON A CLIENT DEVICE USING A REMOTE ACCESS CONNECTION TOOL, TO IDENTIFY A MALICIOUS FILE BASED ON FUZZ HASHES

Juniper Networks, Inc., ...

1. A device, comprising:one or more memories; and
one or more processors to:
receive a trigger to determine whether one or more client devices, of a set of client devices, are infected by a malicious file;
generate a first set of hashes based on executing the malicious file in a testing environment and receiving the trigger to determine whether one or more client devices, of the set of client devices, are infected by the malicious file;
obtain information, associated with the one or more client devices and based on receiving the trigger, to determine whether the one or more client devices are infected by the malicious file,
the information indicating at least one process running on the one or more client devices;
generate one or more second sets of hashes associated with each of the one or more client devices, respectively, based on the at least one process running on the one or more client devices;
generate a plurality of similarity scores,
each of the plurality of similarity scores indicating a measure of similarity between the first set of hashes generated based on executing the malicious file in the testing environment and each of the one or more second sets of hashes generated based on the least one process running on the one or more client devices;
determine, based on the plurality of similarity scores, that at least one of the one or more client devices is infected by the malicious file; and
provide information indicating that the at least one of the one or more client devices is infected by the malicious file.

US Pat. No. 9,906,243

METHODS AND APPARATUS FOR FLEXIBLE OVERHEAD FORWARD ERROR CORRECTION (FEC) SUB-SYSTEM FOR OPTICAL FIBER COMMUNICATION SYSTEMS

Juniper Networks, Inc., ...

1. An apparatus, comprising:
an optical transceiver including a rate-adaptive forward error correction (FEC) encoder and a rate-adaptive FEC decoder, the
rate-adaptive FEC encoder configured to adjust a number of a plurality of known symbols associated with a codeword to achieve
rate adaption, a length of the codeword being fixed, the rate-adaptive FEC encoder configured to generate the codeword based
on (1) a plurality of information symbols including the plurality of known symbols and a plurality of data symbols, and (2)
a fixed number of a plurality of parity symbols,

the rate-adaptive FEC encoder configured to remove the plurality of known symbols from the codeword to produce a channel word;
the rate-adaptive FEC encoder configured to send the channel word and the number of the plurality of known symbols in response
to (1) each data symbol from the plurality of data symbols being sent or (2) an FEC overhead of the rate-adaptive FEC encoder
being changed.

US Pat. No. 9,854,493

METHODS AND APPARATUS FOR VIRTUAL SOFT HANDOFF

Juniper Networks, Inc., ...

1. A non-transitory processor-readable medium storing code representing instructions to be executed by a processor, the code
comprising code to cause the processor to:
receive, at a tunnel server, a data unit addressed to a communication device;
define, based on the data unit, a first instance of the data unit and a second instance of the data unit;
send, at a first time, the first instance of the data unit to a first base station via a first tunnel defined between the
tunnel server and the first base station such that the first base station can remove a tunnel header associated with the first
tunnel from the first instance of the data unit, the first base station being associated with a first network and operatively
coupled to the communication device;

send, at a second time after the first time, the first instance of the data unit to the communication device; and
send the second instance of the data unit to the communication device via a second tunnel defined between at least the tunnel
server and a second base station associated with a second network different from the first network and operatively coupled
to the communication device such that the communication device drops the second instance of the data unit when the first instance
of the data unit is received by the communication device prior to the second instance of the data unit.

US Pat. No. 9,787,764

SERVER HEALTH MONITORING FOR TRAFFIC LOAD BALANCER

Juniper Networks, Inc., ...

1. A device comprising:
one or more processors to:
identify configuration information that identifies a set of nodes for which a status is to be determined;
select a backup node management device based on the configuration information,
the backup node management device being selected from the set of nodes for which the status is to be determined,
the device being associated with a first Internet Protocol (IP) address within a range of IP addresses,
the backup node management device being associated with a second IP address within the range of IP addresses, and
the backup node management device being selected based on the second IP address being, within the range of IP addresses, a
next sequential IP address after the first IP address within the range of IP addresses; and

provide the configuration information to the backup node management device to permit the backup node management device to
function as the backup node management device.

US Pat. No. 9,785,787

ENCRYPTING IMAGES ON A CLIENT DEVICE FOR SECURE TRANSMISSION AND STORAGE ON A STORAGE DEVICE

Juniper Networks, Inc., ...

1. A method, comprising:
identifying, by a device that includes at least one processor, an image to be encrypted;
determining, by the device, one or more formats that are compatible with a browser being used to upload the image;
selecting, by the device, a first format from the one or more formats;
converting, by the device, the image to a first string in the first format,
the first string representing the image;
receiving, by the device, a key for encrypting the first string;
generating, by the device, a first encrypted string by encrypting the first string using the key;
converting, by the device, the first encrypted string, in the first format, to a second encrypted string in a second format;
providing, by the device, the second encrypted string to a storage device without providing the key and without providing
the image to the storage device,

the storage device being unable to recover the image using the second encrypted string;
receiving, by the device, the second encrypted string from the storage device after providing second encrypted string to the
storage device;

generating, by the device and based on the second encrypted string, a pointer that includes a resource identifier; and
generating, by the device, the image based on the pointer.

US Pat. No. 9,769,198

MALWARE DETECTION USING INTERNAL AND/OR EXTERNAL MALWARE DETECTION OPERATIONS

Juniper Networks, Inc., ...

1. A system, comprising:
one or more processors to:
determine to perform an internal malware detection operation and an external malware detection operation that detects malware
executing on a client device;

perform the internal malware detection operation,
the internal malware detection operation including modifying an environment, to form a modified environment,
the internal malware detection operation including an artifact persistence operation to delete stored information and determine
whether the deleted stored information has been recreated;

perform the external malware detection operation,
the external malware detection operation including performing a communication with another device;
monitor the modified environment for a first behavior indicative of the malware executing on the client device without monitoring
the communication with the other device,

the first behavior including the deleted stored information being recreated within a threshold amount of time;
recreate the deleted stored information if the deleted stored information is not recreated within the threshold amount of
time;

monitor a result of performing the communication for a second behavior indicative of the malware executing on the client device;
detect that the first behavior or the second behavior has occurred based on monitoring the modified environment and monitoring
the result,

the first behavior being detected if the deleted stored information is recreated within the threshold amount of time;
determine that the client device is infected with malware based on detecting the first behavior or the second behavior has
occurred,

the client device being determined to be infected with malware if the deleted stored information is recreated within the threshold
amount of time; and

provide a notification that the client device is infected with the malware based on determining that the client device is
infected with malware,

the notification causing one or more network devices to block network traffic to or from the client device.

US Pat. No. 9,722,801

DETECTING AND PREVENTING MAN-IN-THE-MIDDLE ATTACKS ON AN ENCRYPTED CONNECTION

Juniper Networks, Inc., ...

1. A device, comprising:
one or more processors, coupled to a memory, to:
provide a request to access a host domain;
receive, based on providing the request to access the host domain, a first code that identifies an affiliate domain to be
used to access a verification code, executable by a browser, that identifies a verification domain and a resource, accessible
via the verification domain, for verifying a public key certificate,

the verification domain being different from the host domain,
the affiliate domain being different from the host domain and the verification domain, and
the first code being different from the verification code;
access the affiliate domain using an encrypted connection;
receive the verification code based on accessing the affiliate domain;
execute the verification code;
request the resource from the verification domain based on executing the verification code;
determine whether the requested resource was received; and
selectively perform a first action or a second action based on whether the requested resource was received,
the first action, identified in the verification code, being performed based on determining that the requested resource was
not received,

the first action including one or more of:
providing a message,
sending a notification, or
terminating the encrypted connection,
the first action being performed based on the verification code running in background and without prompting a user to accept
or reject the public key certificate,

the first action indicating that the public key certificate was not verified, and
the second action being performed based on determining that the requested resource that was requested by the device was received.

US Pat. No. 9,660,898

ENHANCED PROTOCOL INDEPENDENT MULTICAST SOURCE REGISTRATION OVER A RELIABLE TRANSPORT

Juniper Networks, Inc., ...

1. A method comprising:
exchanging, by a first routing device and with a second routing device, a plurality of targeted hello messages using a Protocol
Independent Multicast (PIM) protocol to establish a targeted neighbor connection between the first routing device and the
second routing device, wherein the first routing device comprises a rendezvous point that exchanges the plurality of targeted
hello messages with the second routing device via at least one intermediate routing device, wherein the second routing device
comprises a first hop router communicatively coupled to at least one source device that provides at least one multicast stream,
and wherein exchanging the plurality of targeted hello messages comprises:

receiving, by the first routing device and from the second routing device, a first targeted hello message comprising a first
unicast message that is addressed to the first routing device; and

sending, by the first routing device and to the second routing device, a second targeted hello message to acknowledge receipt
of the first targeted hello message, wherein the second targeted hello message comprises a second unicast message that is
addressed to the second routing device; and

receiving, by the first routing device and from the second routing device using the targeted neighbor connection, a register
message that includes a plurality of multicast stream data elements, wherein each multicast stream data element identifies
a source address and a group address that are collectively associated with a respective multicast stream, and wherein each
multicast stream data element further indicates whether the respective multicast stream is active or withdrawn.

US Pat. No. 9,692,693

BANDWIDTH CONTROL FOR RING-BASED MULTI-PROTOCOL LABEL SWITCHED PATHS

Juniper Networks, Inc., ...

1. A method comprising:
outputting, with a plurality of routers connected as a ring network, a plurality of messages in accordance with a label distribution
protocol to establish a multi-protocol label switching (MPLS) ring having at least one ring label switched path (LSP) to transport
MPLS packets around the ring network to one of the routers operating as an egress router for the ring LSP, wherein the ring
LSP comprises a bidirectional multipoint-to-point (MP2P) LSP for which any of the routers within the ring network can operate
as an ingress to source packet traffic into the ring LSP for transport in an upstream direction and a downstream direction
around the ring network to the egress router for the ring LSP, and wherein each of the messages output by the routers specifies
bandwidth requirements in a downstream direction to the egress router for any packet traffic to be sourced into the ring LSP
by the respective one of the routers around the ring LSP;

after establishing the ring LSP, receiving, with a first intermediate one of the routers around the ring LSP, first configuration
data provisioning additional network traffic to be sourced by the first intermediate one of the routers into the ring LSP;

responsive to receiving the first configuration data, outputting an updated message with the first intermediate one of the
routers to reserve bandwidth in the downstream direction around the ring LSP for the additional network traffic; and

forwarding network traffic as MPLS packets around the ring network in accordance with the ring LSP.

US Pat. No. 9,477,497

METHODS FOR DETERMINING RESOURCE DEPENDENCY AND SYSTEMS THEREOF

Juniper Networks, Inc., ...

1. A method for automatically determining resource dependency when executing an application with a web browser on a client
device, the method comprising:
receiving, with the client device, input requesting execution of the application with the web browser of the client device,
wherein the application comprises a plurality of modules stored on a server that is distinct from the client device, each
of the modules being associated with one or more different resource files;

responsive to receiving the request to execute the application with the web browser and prior to downloading the modules from
the server, accessing, with the client device, an extensible markup language (XML) file specifying a master configuration
for the application;

identifying, with the client device, one or more root modules of the plurality of modules;
automatically identifying, with the client device and based at least in part on the master configuration, one or more dependencies
between two or more of the modules of the application to be executed by the web browser, the two or more of the modules including
at least one of the one or more root modules, wherein the one or more dependencies indicate one or more orderings in which
the two or more of the modules are to be downloaded from the server for execution;

determining, with the client device, which one of at least two different types of dependencies corresponds to each of the
identified one or more dependencies between the two or more of the modules, wherein the at least two different types of dependencies
comprise a hard dependency that requires a fixed loading order between dependent modules of the application, and wherein the
at least two different types of dependencies further comprise a soft dependency that requires loading of, but permits a flexible
loading order between, dependent modules of the application;

determining, with the client device, based on the identified one or more dependencies between the two or more of the modules
and on the one or more identified root modules, and further based on the respective determined type of dependency that corresponds
to each of the identified one or more dependencies, one or more ordered lists that specify the one or more orderings in which
to download the two or more of the modules from the server; and

downloading, with the web browser of the client device, the two or more of the modules from the server according to the determined
one or more ordered lists.

US Pat. No. 9,459,688

METHODS AND APPARATUS FOR REDUCING ENERGY CONSUMPTION OF NETWORK EQUIPMENT

Juniper Networks, Inc., ...

1. An apparatus, comprising:
an equipment unit having a plurality of visual indicators, a power switch, a plurality of compute components, a general power
rail, and a visual indicator power rail, the power switch including a management interface port and configured to be operatively
coupled to a power controller,

the management interface port configured to receive a first signal representing an instruction from a remote processor separate
from the equipment unit, the management interface port configured to send a second signal to the power switch,

the power switch configured to receive the first signal and the second signal that represents a status from the power controller,
the power switch configured to provide power to the plurality of visual indicators when the status is in a first mode or when
the instruction is a first instruction, the power switch configured to not provide power to the plurality of visual indicators
when the status is in a second mode or when the instruction is a second instruction different from the first instruction,

the first instruction associated with the status being in the first mode when a human presence is within a range associated
with the plurality of visual indicators,

the second instruction associated with the status being in the second mode when a human presence is not within the range associated
with the plurality of visual indicators,

the plurality of compute components configured to receive power when the power switch does not provide power to the plurality
of visual indicators,

the power switch having an input operatively coupled to the general power rail and an output operatively coupled to the visual
indicator power rail, the plurality of compute components operatively coupled to the general power rail, the plurality of
visual indictors operatively coupled to the visual indicator power rail.

US Pat. No. 9,438,533

METHODS AND APPARATUS FOR STANDARD PROTOCOL VALIDATION MECHANISMS DEPLOYED OVER A SWITCH FABRIC SYSTEM

Juniper Networks, Inc., ...

1. An apparatus, comprising:
a destination edge device configured to receive, according to a first validation protocol, a first validation packet, the
destination edge device configured to validate, based on the first validation packet, (1) a first data path through a distributed
switch fabric from a source edge device to the destination edge device, and (2) a second data path through the distributed
switch fabric from the source edge device to the destination edge device,

the destination edge device configured to send, in response to receiving the first validation packet and according to a second
validation protocol different from the first validation protocol, a second validation packet to a peripheral processing device.

US Pat. No. 9,282,043

TREND-BASED FLOW AGGREGATION FOR FLOW SUPPRESSION

Juniper Networks, Inc., ...

1. A device, comprising:
one or more processors to:
determine a first aggregation level for aggregating incoming packets;
aggregate the incoming packets using the first aggregation level;
determine a controlled packet pass rate for the incoming packets;
determine that the controlled packet pass rate satisfies an arrival rate threshold based on aggregating the incoming packets
using the first aggregation level;

determine a bandwidth violation trend associated with the incoming packets and the first aggregation level based on determining
that the controlled packet pass rate satisfies the arrival rate threshold,

the bandwidth violation trend indicating a quantity of bandwidth violation observation periods during which the controlled
packet pass rate satisfied the arrival rate threshold;

determine that flow suppression is not effective at the first aggregation level based on the bandwidth violation trend;
determine a second aggregation level based on determining that flow suppression is not effective at the first aggregation
level,

the second aggregation level being different from the first aggregation level;
set the first aggregation level to the second aggregation level; and
use the first aggregation level for aggregating additional incoming packets based on setting the first aggregation level to
the second aggregation level.

US Pat. No. 9,264,420

SINGLE SIGN-ON FOR NETWORK APPLICATIONS

Juniper Networks, Inc., ...

1. A method comprising:
transmitting, by a device, a request for a resource to a first server;
receiving, by the device and from the first server based on the transmitted request for the resource, a request for verification
of the device;

transmitting, by the device, the request for verification to a second server;
receiving, by the device and from the second server and at a first time, a token based on transmitting the request for verification
to the second server,

the token uniquely identifying the request for verification,
the token being transmitted based on the second server creating a record, in a session table, including information associated
with the device, and

the second server creating a record, in a token table, including information associated with the token;
using, by the device, the token to identify a session associated with the device,
using the token to identify the session including:
communicating, using the token and between a browser associated with the device and an agent associated with the device, to
identify the session;

transmitting, to the second server and at a second time, the token; and
receiving, from the second server and at a third time, confirmation information indicating that the token, transmitted at
the second time, was received;

receiving, by the device and from the second server, a verification message based on the session;
transmitting, by the device, the verification message to the first server;
establishing, by the device and based on transmitting the verification message to the first server, the session with the first
server; and

receiving, by the device and based on establishing the session, the requested resource from the first server.

US Pat. No. 9,185,170

CONNECTIVITY PROTOCOL DELEGATION

Juniper Networks, Inc., ...

1. A method comprising:
intercepting, with a network device situated on a bidirectional forwarding path connecting a server and a client of the server,
a connectivity protocol message from the server and directed to the client, wherein the intercepted connectivity protocol
message identifies a connectivity protocol session between the server and the client and specifies whether the connectivity
protocol session is delegable;

assuming, with the network device and in response to determining based on the intercepted connectivity protocol message that
the connectivity protocol session is delegable, responsibility for operating the connectivity protocol session on behalf of
the server and in accordance with the intercepted connectivity protocol message;

monitoring, with the network device, connectivity for an application-layer communication session between an application executing
on the server and the client by exchanging, by the network device and with the client, application-layer data that includes
connectivity protocol messages for the connectivity protocol session with the client to determine a connectivity status for
the application-layer communication session,

wherein each of the connectivity protocol messages specifies a unique identifier for the application executing on the server;
and updating the server with the connectivity status for the application-layer communication session by sending a summary
report message that includes the connectivity status for the application-layer communication session to the server.

US Pat. No. 9,100,364

INTELLIGENT INTEGRATED NETWORK SECURITY DEVICE

Juniper Networks, Inc., ...

1. A method comprising:
receiving, by one or more processors of a device, a data packet;
examining, by the one or more processors, the data packet;
determining, by the one or more processors, a single flow record associated with the data packet,
determining the single flow record including:
determining a packet identifier associated with the data packet, and
evaluating a flow table to identify the single flow record using the packet identifier;
extracting, by the one or more processors, a session identifier and flow instructions, for two or more security devices, from
the single flow record,

the session identifier identifying a session associated with the data packet,
the two or more security devices being included in the device;
sending, by the one or more processors, the flow instructions and the session identifier to respective ones of the two or
more security devices to facilitate processing of the data packet;

receiving, by the one or more processors and from the two or more security devices, processing results,
the processing results being generated by the two or more security devices when processing the data packet based on the flow
instructions and the session identifier; and processing, by the one or more processors, the data packet using the processing
results.

US Pat. No. 10,952,355

APPARATUS, SYSTEM, AND METHOD FOR ELECTROMAGNETIC INTERFERENCE MITIGATION IN OPTICAL MODULE CAGES

Juniper Networks, Inc, S...

1. An apparatus comprising:a cage designed to house an optical transceiver module, wherein the cage includes:
an entry side that forms an opening for installation and removal of the optical transceiver module;
a back side opposite the entry side;
a bottom side coupled to a circuit board;
a top side opposite the bottom side; and
a top-back corner that forms an intersection between the back side of the cage and the top side of the cage; and
a non-metal Electromagnetic Interference (EMI) absorber coupled to the back side of the cage and the top side of the cage, wherein the non-metal EMI absorber:
includes a first die-cut piece of EMI material and a second die-cut piece of EMI material that intersect orthogonally to form a right angle with one another, wherein the first die-cut piece of EMI material interfaces with the back side of the cage and the second die-cut piece of EMI material interfaces with the top side of the cage;
covers and fits in the top-back corner of the cage; and
limits an amount of radiated energy from escaping the cage during operation of the optical transceiver module.

US Pat. No. 10,924,323

APPARATUS, SYSTEM, AND METHOD FOR ENABLING NETWORK MANAGEMENT SYSTEMS TO QUERY AND OBTAIN RELATED OBJECTS STORED ON NETWORK DEVICES

Juniper Networks, Inc, S...

1. A method comprising:creating, at a network device, a relationship management information base that facilitates querying relationships of objects stored across a plurality of other management information bases on the network device;
loading, into the relationship management information base, a first partition that defines relationships among a plurality of objects stored across the other management information bases on the network device, wherein the plurality of objects whose relationships are defined by the first partition comprise:
a virtual bridge;
a main interface of the virtual bridge;
at least one sub-interface of the virtual bridge; and
statistics for the main interface and the sub-interface of the virtual bridge;
loading, into the relationship management information base, a second partition that defines relationships among the plurality of objects stored across the other management information bases on the network device;
assigning partition names to the first partition and the second partition;
populating a table that includes one or more trees of object identifiers for the objects;
appending, within the table, regular expressions to endings of the object identifiers included in the table;
indexing the table by the partition names assigned to the first and second partitions and the trees of object identifiers;
receiving, at the network device, a single query directed to the relationship management information base from a network management system, wherein the single query identifies the first partition by the partition name assigned to the first partition and does not include object identifiers for all the objects whose relationships are defined by the first partition that is loaded into the relationship management information base;
providing, at the network device, a Simple Network Management Protocol (SNMP) agent;
in response to the single query directed to the relationship management information base:
identifying the first partition based on the partition name included in the single query;
identifying, within the table, a subset of the regular expressions that correspond to the first partition;
obtaining, by the SNMP agent from the other management information bases, instances of the objects whose relationships are defined by the first partition that is loaded into the relationship management information base and identified by the partition name included in the single query, wherein the SNMP agent obtains the instances of the objects by querying a sub-agent that manages the other management information bases for the instances of the objects based at least in part on the subset of regular expressions that correspond to the first partition; and
providing the objects obtained from the other management information bases to the network management system to satisfy the single query.

US Pat. No. 10,742,570

UTILIZING VIRTUAL ROUTING AND FORWARDING (VRF) INTERFACES TO MANAGE PACKET TRANSMISSION THROUGH AN INTERNAL INTERFACE

Juniper Networks, Inc., ...

1. A network device, comprising:a packet processing component; and
one or more processors to:
receive, from the packet processing component and through an internal interface, a packet that includes a virtual routing and forwarding (VRF) interface identifier associated with a VRF interface of a virtual device,
the internal interface being a single physical interface associated with multiple external interfaces;
identify an internal interface identifier, identifying the internal interface, in the packet;
generate a VRF slave interface identifier using at least a portion of a value in the VRF interface identifier;
replace the internal interface identifier in the packet with the VRF slave interface identifier to allow an upper communication layer to determine that the packet is coming from a VRF slave interface identified by the VRF slave interface identifier; and
provide, based on replacing the internal interface identifier in the packet with the VRF slave interface identifier, the packet to an application via the upper communication layer.

US Pat. No. 10,715,440

DISTRIBUTED NEXT HOP RESOLUTION

Juniper Networks, Inc., ...

1. A computer-implemented method for use in a system including a plurality of next hop resolution subsystems, each of the plurality of next hop resolution subsystems including (1) a next hop registry, (2) a partial-view tree storing a local instance of next hop resolution information, and (3) a full-view tree storing a local instance of next hop resolution information, the computer-implemented method comprising:a) receiving with one of the plurality of next hop resolution subsystems, a request to resolve a next hop;
b) responsive to receiving the request, determining, using the next hop registry of the one next hop resolution subsystem, whether or not resolution of the next hop was previously tried;
c) responsive to a determination that resolution of the next hop was previously tried,
1) processing the next hop request using the full-view tree of the one next hop resolution subsystem to obtain a result including zero or more best match next hops, and
2) replying to the request using the result, and otherwise, responsive to a determination that resolution of the next hop was not previously tried,
1) processing the next hop request using partial-view tree of the one next hop resolution subsystem to obtain a result including zero or more best match next hops,
2) updating the full-view tree of the one next hop resolution subsystem to include the result obtained,
3) replying to the request using the result,
4) publishing the next hop resolution request to the other of the plurality of next hop resolution subsystems, and
5) publishing the result as an update to the other subsystems.

US Pat. No. 10,715,428

RESOURCE RESERVATION TECHNIQUES FOR POINT-TO-MULTIPOINT TUNNELS ON A RING NETWORK

Juniper Networks, Inc., ...

1. A method comprising:receiving, by a network device and from an ingress network device of a ring network, a resource reservation request message to establish a point-to-multipoint (P2MP) ring label switched path (LSP), wherein the resource reservation request message includes a leaf identification object that identifies a plurality of leaf network devices of the P2MP ring LSP;
determining, by the network device and based on the leaf identification object, that the network device is one of the plurality of leaf network devices of the P2MP ring LSP;
sending, by the network device and in response to determining that the network device is one of the plurality of leaf network devices of the P2MP ring LSP and reserving resources according to the resource reservation request message, a resource reservation response message towards the ingress network device;
modifying, by the network device and based on the resource reservation request message, forwarding information of the network device to forward network traffic received on the P2MP ring LSP off of the P2MP ring LSP; and
sending, by the network device and to a next hop network device along the P2MP ring LSP, the resource reservation request message.

US Pat. No. 10,642,650

MULTI-THREADED ROUTE PROCESSING

Juniper Networks, Inc., ...

1. A method comprising:identifying, with a thread of a plurality of execution threads for at least one routing protocol process executing on a plurality of processing cores of at least one hardware-based processor of a network device, a first route processing thread of the execution threads to process a first route of a routing protocol, the first route received by the network device;
identifying, with the thread, a second route processing thread of the execution threads to process a second route of a routing protocol, the second route received by the network device;
processing, by the first route processing thread executing on a first core of the plurality of processing cores, the first route;
processing, by the second route processing thread executing on a second core of the plurality of processing cores at least partially concurrently with the first route processing thread executing on the first core of the plurality of processing cores, the second route;
storing, by the first route processing thread, the first route to a first routing information base partition that stores routes for the first route processing thread;
storing, by the second route processing thread, the second route to a second routing information base partition that stores routes for the second route processing thread, wherein the first routing information base partition and the second routing information base partition are partitions of an overall routing information base for the network device;
receiving, by a main thread of the execution threads, a request to show active routes stored by the network device;
communicating, by the main thread in response to the request, requests for candidate next routes to the first route processing thread and the second route processing thread;
receiving, by the main thread, from the first route processing thread, a first candidate next route stored to the first routing information base partition;
receiving, by the main thread, from the second route processing thread, a second candidate next route stored to the second routing information base partition;
selecting, by the main thread from among the first candidate next route and the second candidate next route, the first candidate next route as a next route in a route order for the request to show active routes; and
outputting, by the main thread for display to a user, in response to selecting the first candidate next route, the first candidate next route.

US Pat. No. 10,645,114

REMOTE REMEDIATION OF MALICIOUS FILES

Juniper Networks, Inc., ...

1. A device, comprising:a memory; and
one or more processors to:
analyze a file while the file is being downloaded by a client device,
a download of the file by the client device being completed before analysis of the file is completed;
determine that the file is a malicious file;
obtain remote access to the client device using a connection tool based on determining that the file is the malicious file,
the connection tool providing access and control of the client device by providing a set of login credentials to a login interface of the client device after determining that the file is the malicious file,
the remote access including access to a file location of the malicious file;
determine, using the remote access to the client device, whether an access time stamp is later than a modification time stamp for the malicious file;
determine a state of an external data structure associated with the client device;
select one or more remediation actions based on the file information and the state of the external data structure and whether the access time stamp is later than the modification time stamp for the malicious file,
where the one or more remediation actions disables a hard drive associated with the external data structure; and
cause the one or more remediation actions to be executed using the remote access to the client device,
where the one or more processors, when causing the one or more remediation actions to be executed, are to:
remotely disable the hard drive associated with the external data structure via the remote access to the client device.

US Pat. No. 10,637,768

ENABLING NON-FLEXIBLE-ALGORITHM ROUTERS TO PARTICIPATE IN FLEXIBLE-ALGORITHM ROUTING PROTOCOLS

Juniper Networks, Inc., ...

1. A method comprising:generating, by a network device of a plurality of network devices enabled for a flexible-algorithm path computation, a packet including information identifying a non-flexible-algorithm network device that is not enabled for the flexible-algorithm path computation, wherein the information comprises a loopback address of the non-flexible-algorithm network device, an identifier for the flexible-algorithm path computation, and an identifier that identifies the non-flexible-algorithm network device for the flexible-algorithm path computation; and
sending, by the network device and to at least one other network device of the plurality of network devices, the packet to cause the at least one other network device to include the non-flexible-algorithm network device in the flexible-algorithm path computation.

US Pat. No. 10,637,750

DYNAMICALLY MODIFYING A SERVICE CHAIN BASED ON NETWORK TRAFFIC INFORMATION

Juniper Networks, Inc., ...

11. A method, comprising:receiving, by a device, first information associated with a service chain to be implemented in association with a flow,
the first information associated with the service chain including:
information that identifies the flow, and
a set of network services, of the service chain, to be implemented in association with the flow;
receiving, by the device, second information identifying respective traffic percentage rates associated with the set of network services,
each of the respective traffic percentage rates identifying an amount of network traffic on which a particular network service, of the set of network services, is implemented as a percentage of a total amount of network traffic received by a network device associated with the particular network service;
implementing, by the device, the service chain based on receiving the first information and the second information;
receiving, by the device, network traffic information associated with the flow based on implementing the service chain;
determining, by the device and based on the network traffic information, whether a security issue is identified in association with the flow;
selectively modifying, by the device and based on determining whether the security issue is identified in association with the flow, the service chain, to form a modified service chain, by selectively modifying the respective traffic percentage rates associated with the set of network services,
at least two of the respective traffic percentage rates being reduced by a different respective amount if determining that the security issue is not identified in association with the flow, and
at least two of the respective traffic percentage rates being increased by a respective different amount if the security issue is not identified in association with the flow; andimplementing, by the device, the modified service chain.

US Pat. No. 10,630,581

DYNAMIC TUNNEL REPORT FOR PATH COMPUTATION AND TRAFFIC ENGINEERING WITHIN A COMPUTER NETWORK

Juniper Networks, Inc., ...

13. A method comprising:generating, by a network device configured to route network packets within a network, a dynamic tunnel report message that includes dynamic tunnel description data for a dynamic tunnel that transports the network packets through the network, wherein the network packets transported by the dynamic tunnel each comprises an outer header that does not include a multiprotocol label switching (MPLS) transport label; and
sending, by the network device, the dynamic tunnel report message to a path computation element (PCE) for a path computation domain to report the dynamic tunnel to the PCE for inclusion in path computation by the PCE for label switched paths of the network.

US Pat. No. 10,630,687

AGGREGATION AND DISBURSEMENT OF LICENSES IN DISTRIBUTED NETWORKS

Juniper Networks, Inc., ...

1. An apparatus, comprising:a first network core configured to be operatively coupled to a second network core and a third network core,
the first network core configured to receive, from the second network core, a first copy of a first access point license that authorizes a first device access to a network via a first access point and via the second network core,
the first network core configured to send a second copy of the first access point license to the third network core such that the first device is authorized to access the network via the first access point and via at least one of the first network core or the third network core in response to a failure of the second network core and without losing connectivity to the network via the first access point in response to the failure of the second network core,
the first network core configured to receive a first copy of a second access point license that authorizes access to the network via a second access point and via the third network core, and
the first network core configured to send a second copy of the second access point license to the second network core such that a second device is authorized to access the network via the second access point and via at least one of the second network core or the first network core in response to a failure of the third network core.

US Pat. No. 10,571,988

METHODS AND APPARATUS FOR CLOCK GATING PROCESSING MODULES BASED ON HIERARCHY AND WORKLOAD

Juniper Networks, Inc., ...

1. A method, comprising:defining, at a processor having a plurality of processing engines, a priority for each processing engine from the plurality of processing engines based on an identifier for each processing engine from the plurality of processing engines, the priority of each processing engine from the plurality of processing engines being fixed within a priority hierarchy of the plurality of processing engines based on an order of the identifier for that processing engine;
determining a value of a data unit counter associated with a first processing engine from plurality of processing engines, the data unit counter indicative of a number of data units being processed at the first processing engine;
initiating a clock signal at a second processing engine from the plurality of processing engines if the indication of the number of data units being processed at the first processing engine exceeds a threshold number of data units, the priority of the second processing engine being lower than the priority of the first processing engine;
sending a data unit to the second processing engine for processing if the indication of the number of data units being processed at the first processing engine exceeds the threshold number of data units and at least one data unit is stored by the processor; and
gating the clock signal at the second processing engine in response to the indication of the number of data units being processed at the first processing engine falling below the threshold number of data units.

US Pat. No. 10,560,331

SELF-DRIVEN AND ADAPTABLE MULTI-VBNG MANAGEMENT ORCHESTRATION

Juniper Networks, Inc., ...

1. A broadband network gateway (BNG) controller that manages virtual BNG (vBNG) instances, the BNG controller comprising:a memory;
one or more processors in communication with the memory;
a network subscriber database (NSDB) configured to store vBNG instance information for one or more subscriber devices, the vBNG instance information specifying a plurality of vBNG instances operable by one or more edge routers, wherein the plurality of vBNG instances are configured to receive requests to access service provider services from the one or more subscriber devices and to selectively authenticate the one or more subscriber devices for network services based on authentication information included in the requests to access services provider services; and
one or more core applications operable by the one or more processors, wherein the one or more core applications include a network instance and configuration manager (NICM) configured to:
modify the vBNG instance information to include an additional vBNG instance to be added to the plurality of vBNG instances;
output, to an edge router of the one or more edge routers, an instruction to generate the additional vBNG instance at the edge router;
receive one or more configuration updates; and
output a configuration template specifying the one or more configuration updates to update each vBNG instance of the plurality of vBNG instances.

US Pat. No. 10,547,333

METHODS AND APPARATUS FOR FLEXIBLE OVERHEAD FORWARD ERROR CORRECTION (FEC) SUB-SYSTEM FOR OPTICAL FIBER COMMUNICATION SYSTEMS

Juniper Networks, Inc., ...

1. A method, comprising:receiving, at an optical transceiver, a plurality of data symbols;
generating, at the optical transceiver, a plurality of information symbols based on the plurality of data symbols and a plurality of known symbols, a number of the plurality of known symbols being adjustable based on a forward error correction (FEC) overhead of the optical transceiver;
generating, at the optical transceiver, a plurality of parity symbols based on the plurality of information symbols;
determining, at the optical transceiver, a codeword based on the plurality of information symbols and the plurality of the parity symbols; and
sending (1) a channel word associated with the codeword and (2) a characteristic associated with the plurality of known symbols including the number of the plurality of known symbols, in response to (1) a data symbol from the plurality of data symbols being sent or (2) the FEC overhead of the optical transceiver being changed.

US Pat. No. 10,547,644

ENFORCING MICRO-SEGMENTATION POLICIES FOR PHYSICAL AND VIRTUAL APPLICATION COMPONENTS IN DATA CENTERS

Juniper Networks, Inc., ...

1. A device, comprising:one or more processors to:
receive policy information associated with a first application group and a second application group,
the first application group including a first set of virtual application components and a first set of physical application components,
the second application group including a second set of virtual application components and a second set of physical application components;
generate a logical group of virtual application components,
the first set of virtual application components and the second set of virtual application components being included in the logical group of virtual application components based on the first set of virtual application components and the second set of virtual application components being virtual application components;
generate a logical group of physical application components,
the first set of physical application components and the second set of physical application components being included in the logical group of physical application components based on the first set of physical application components and the second set of physical application components being physical application components;
receive network topology information associated with a network;
generate a first policy, to be provided to a virtual network device of the network, based on the policy information, the logical group of virtual application components, and the network topology information,
a virtual application component, of the first set of virtual application components, being connected to the virtual network device;
generate a second policy, to be provided to a physical network device of the network, based on the policy information, the logical group of physical application components, and the network topology information,
a physical application component, of the first set of physical application components, being connected to the physical network device;
provide, to the virtual network device of the network, information associated with the first policy to permit the virtual network device to implement the first policy in association with network traffic transferred between the virtual application component, of the first set of virtual application components, and the second set of virtual application components,
the first policy being provided to the virtual network device based on the virtual network device being a virtual device type; and
provide, to the physical network device, information associated with the second policy to permit the physical network device to implement the second policy in association with network traffic transferred between the physical application component, of the first set of physical application components, and another physical application component of the second set of physical application components,
the second policy being provided to the physical network device based on the physical network device being a physical device type.

US Pat. No. 10,511,401

OPTICAL PROTECTION SWITCH WITH BROADCAST MULTI-DIRECTIONAL CAPABILITY

Juniper Networks, Inc., ...

1. An apparatus, comprising:a first reconfigurable optical add/drop multiplexer (ROADM) configured to receive a first optical signal on a first optical channel;
a second ROADM configured to receive a second optical signal on a second optical channel;
a reconfigurable optical switch including:
a first switch, configured to be in optical communication with the first ROADM and switchable between a first state and a second state, to transmit the first optical signal at the first state and block the first optical signal at the second state;
a second switch, configured to be in optical communication with the second ROADM and switchable between the first state and the second state, to transmit the second optical signal at the first state and block the second optical signal at the second state; and
an output port, in optical communication with the first switch and the second switch, to transmit an output signal that is a sum of possible optical signals transmitted through the first switch and the second switch; and
a first detector, operatively coupled to the first optical channel, to detect an amplitude of the first optical signal, in response to the amplitude of the first optical signal less than a threshold value, the first switch being turned to the second state to block the first optical signal and the second switch being turned to the first state to transmit the second optical signal to the output port.

US Pat. No. 10,476,817

TRANSPORT LSP SETUP USING SELECTED FABRIC PATH BETWEEN VIRTUAL NODES

Juniper Networks, Inc., ...

1. A method comprising:selecting, by a first virtual routing node of a single-chassis network device having a plurality of forwarding components and a plurality of fabric links coupling respective pairs of the plurality of forwarding components at respective fabric interfaces of the plurality forwarding components, a fabric interface of a forwarding component of the plurality of forwarding components that has an egress interface toward a network destination and that is associated with the first virtual routing node;
advertising, by the first virtual routing node to the second virtual routing node in a routing protocol message over a single-hop routing protocol session established between the first virtual routing node to the second virtual routing node, the fabric interface as a next hop for the network destination and a label for use in establishing a transport label switched path (LSP); and
in response to receiving, by the second virtual routing node, the routing protocol message advertising the fabric interface and the label:
updating, by the second virtual routing node, stored routing information of the second virtual routing node to replace an aggregated fabric interface with the fabric interface as the next hop for the network destination, wherein the aggregated fabric interface is a logical interface associated with a logical link connecting the first virtual routing node and the second virtual routing node, the logical link logically representing multiple fabric links of the plurality of fabric links, wherein the fabric interface is a member interface of the aggregated fabric interface, the fabric interface comprising a physical interface coupling one of the multiple fabric links to the forwarding component of the plurality of forwarding components that has the egress interface toward the network destination,
computing, by the second virtual routing node, a path for the transport LSP to include the fabric interface, and
establishing, by the second virtual routing node, the transport LSP along the computed path by sending a message to the first virtual routing node containing the label, wherein the message comprises one of a Label Distribution Protocol (LDP) label mapping message and a Resource Reservation Protocol with Traffic-Engineering extensions (RSVP-TE) path message.

US Pat. No. 10,476,770

PACKET LOSS DETECTION FOR USER DATAGRAM PROTOCOL (UDP) TRAFFIC

Juniper Networks, Inc., ...

1. A network device, comprising:one or more memories; and
one or more processors, to:
receive user datagram protocol (UDP) traffic flow associated with an internet protocol (IP) session,
the UDP traffic flow including a set of UDP packets;
apply a first firewall filter to each UDP packet of the set of UDP packets,
where, when applying the first firewall filter, the one or more processors are to:
set one or more bits of each UDP packet of the set of UDP packets to one or more particular bit values to allow each UDP packet to be identified in association with the first firewall filter, and
the first firewall filter to be applied during a first time period;
update, each time a UDP packet of the set of UDP packets is received, a first packet counter to account for a total number of UDP packets to which the first firewall filter has been applied;
provide, to another network device, each UDP packet of the set of UDP packets,
the other network device to update a second packet counter to account for a total number of UDP packets to which the first firewall filter has been applied and which have been received by the other network device; and
provide the first packet counter to a server device,
the other network device to provide the second packet counter to the server device, and
where, at a threshold time period after the first time period, the server device determines packet loss information for the IP session for the first time period, and
where the server device, by comparing only packet counters associated with the first firewall filter, is able to differentiate between packet loss and at least one of:
packet delay, or a UDP source device stopping transmission of the UDP traffic flow;
provide, after the first time period, a third packet counter to the server device,
the third packet counter being associated with counting additional UDP packets that have been counted in association with a second firewall filter,
the other network device to provide a fourth packet counter to the server device that is associated with counting additional UDP packets that have been counted in association with the second firewall filter and that have been received by the other network device,
where the server device uses the fourth packet counter as an indicator that all packet counters associated with the first firewall filter have been received; and
alternate between the first firewall filter and at least the second firewall filter,
where the first firewall filter is applied during the first time period, and the at least the second firewall filter is to be applied during one or more additional time periods.

US Pat. No. 10,431,703

OPTICAL CLADDING LAYER DESIGN

Juniper Networks, Inc., ...

1. An apparatus, comprising:a cladding layer defining a longitudinal direction transverse to a first surface of the cladding layer and a lateral direction parallel to the cladding layer, the cladding layer having a first thickness in a first lateral region and a second thickness in a second lateral region, the second thickness being greater than the first thickness;
a silicon semiconductor layer positioned on a second surface of the cladding layer opposite the first surface of the cladding layer; and
a buried oxide layer positioned on the silicon semiconductor layer, wherein the buried oxide layer includes a hole, at least a portion of the hole being longitudinally aligned with at least a portion of the second lateral region.

US Pat. No. 10,404,570

AUTOMATICALLY DETECTING AN ERROR IN A COMMUNICATION AND AUTOMATICALLY DETERMINING A SOURCE OF THE ERROR

Juniper Networks, Inc., ...

1. A device, comprising:one or more processors to:
monitor a communication between network devices for an error associated with the communication;
detect the error associated with the communication between the network devices;
perform a comparison of an error metric and a threshold error metric,
the error metric being associated with the error;
determine whether the comparison indicates that the error metric satisfies the threshold error metric;
identify a source of the error using a loopback test based on determining whether the comparison indicates that the error metric satisfies the threshold error metric,
using the loopback test including applying the loopback test to a transceiver component of a network device, of the network devices, prior to applying the loopback test to a network interface controller (NIC) of the network device; and
provide error source information based on identifying the source of the error,
the error source information identifying the source of the error.

US Pat. No. 10,389,635

ADVERTISING SELECTED FABRIC PATHS FOR SERVICE ROUTES IN VIRTUAL NODES

Juniper Networks, Inc., ...

1. A method comprising:selecting, by a first virtual routing node of a single-chassis network device having a plurality of forwarding components and a plurality of fabric links coupling respective pairs of the plurality of forwarding components at respective fabric interfaces of the plurality of forwarding components, a fabric interface of a forwarding component of the plurality of forwarding components that has an egress interface toward a network destination and that is associated with the first virtual routing node;
advertising, by the first virtual routing node to a second virtual routing node of the single-chassis network device, the fabric interface as a next hop for the network destination;
in response to receiving the fabric interface, storing, by the second virtual routing node to a context data structure of the second virtual node, the fabric interface as a next hop for the network destination;
selecting, by the second virtual routing node and based on the context data structure, the fabric interface from among a plurality of fabric interfaces as a next hop for the network destination; and
forwarding, by the second virtual routing node, network traffic destined for the network destination to the selected fabric interface.

US Pat. No. 10,382,582

HIERARCHICAL NETWORK TRAFFIC SCHEDULING USING DYNAMIC NODE WEIGHTING

Juniper Networks, Inc., ...

1. A method comprising:storing, by a network device, data defining a plurality of nodes arranged in a hierarchical ordering, wherein the plurality of nodes includes at least a root node, the root node representing a physical interface of the network device to send and receive packets for one or more services, and a plurality of intermediate nodes each representing a logical interface associated with one or more subscribers of at least one of the one or more services, wherein each of the plurality of nodes represents a packet scheduler that schedules packets outbound via the physical interface;
grouping, by the network device, queues of a plurality of queues that are children of the intermediate nodes to form virtual subscribers, each of the virtual subscribers associated with one or more queues of the plurality of queues, wherein the queues enqueue packets for transmittal by the network device via the physical interface;
associating, by the network device, a first virtual subscriber and a second virtual subscriber of the virtual subscribers with a shared intermediate node of the plurality of intermediate nodes;
computing, by the network device, a weight for the shared intermediate node based on a number of virtual subscribers associated with the shared intermediate node and the respective weights of the first virtual subscriber and the second virtual subscriber associated with the shared intermediate node;
computing, by the network device and based on the computed weight for the shared intermediate node, an amount of bandwidth to be allocated to each of the queues associated with the first virtual subscriber and the second virtual subscriber;
allocating, by the network device, the computed amount of bandwidth to the queues associated with the first virtual subscriber and the second virtual subscriber that are associated with the shared intermediate node; and
scheduling, by the network device, packets for transmittal from the queues via the physical interface in accordance with the allocated bandwidth.

US Pat. No. 10,381,942

BALANCING POWER DISTRIBUTION

Juniper Networks, Inc., ...

1. A method comprising:determining, by a device, a first current of a first input phase of a power system;
determining, by the device, a second current of a second input phase of the power system;
determining, by the device, that the first input phase and the second input phase are not balanced based on the first current and the second current;
selecting, by the device, the first input phase based on determining that the first input phase and the second input phase are not balanced;
selecting, by the device, two output phases, of a plurality of output phases of the power system, based on determining that the first input phase and the second input phase are not balanced; and
balancing, by the device, the first input phase and the second input phase by using the first input phase and the two output phases.

US Pat. No. 10,383,027

PROXY ADVERTISEMENTS IN MULTIHOMED NETWORKS

Juniper Networks, Inc., ...

1. A provider edge device, comprising:one or more memories; and
one or more processors to:
receive a first media access control (MAC)/Internet Protocol (IP) route advertisement,
the first MAC/IP route advertisement identifying a MAC route, or a MAC and IP route, relating to an endpoint device;
generate and provide a MAC/IP route proxy advertisement based on the MAC route or the MAC and IP route;
detect a potential decrease in reliability of the MAC route or the MAC and IP route;
broadcast a request to verify the reliability of the MAC and IP route;
determine, based on the request, whether the reliability of the MAC route, or the MAC and IP route, has decreased; and
perform an action to cause withdrawal of the MAC/IP route proxy advertisement, or to cause a second MAC/IP route advertisement that identifies the MAC route, or the MAC and IP route, to be provided, based on determining whether the reliability of the MAC route, or the MAC and IP route, has decreased.

US Pat. No. 10,348,482

APPARATUS, SYSTEM, AND METHOD FOR MITIGATING CROSSTALK AMONG SERDES DEVICES

Juniper Networks, Inc, S...

1. An apparatus comprising:a plurality of SerDes devices that each facilitate transmitting and receiving communications in connection with a network device, wherein each of the SerDes devices comprises:
a transmitter that operates in a clock domain; and
a receiver that operates in a different clock domain than the transmitter;
at least one phase-adjustment device communicatively coupled to a first SerDes device included in the SerDes devices, wherein:
the phase-adjustment device mitigates crosstalk among the SerDes devices by:
receiving at least one reference clock signal;
generating at least one phase-adjusted clock signal based at least in part on the reference clock signal such that the phase-adjusted clock signal and the reference clock signal are out of phase with respect to one another; and
delivering the phase-adjusted clock signal to the first SerDes device to ensure that the SerDes devices are switching out of phase with respect to one another;
the phase-adjustment device comprises:
one or more buffers that facilitate delaying the reference clock signal to form the phase-adjusted clock signal; and
a programmable multiplexer that controls, based at least in part on a plurality of select lines, the number of buffers through which the reference clock signal passes to form the phase-adjusted clock signal;
at least one control interface that sweeps a plurality of different combinations of high-low signals across the select lines by testing the plurality of different combinations of high-low signals, wherein:
each combination of high-low signals comprises:
a first select line included in the select lines that is pulled to a logic high level or a logic low level;
a second select line included in the select lines that is pulled to the logic high level or the logic low level;
each combination of high-low signals is different from one another;
a processor that:
probes an incoming signal on the receiver included in the first SerDes device;
facilitates determining an optimal amount of delay between the reference clock signal and the phase-adjusted clock signal by analyzing an eye pattern that:
results from probing the incoming signal on the receiver included in the first SerDes device;
represents a level of crosstalk experienced by the receiver included in the first SerDes device during the sweep, the optimal amount of delay between the reference clock signal and the phase-adjusted clock signal being dependent upon at least one distance between the plurality of SerDes devices;
facilitates identifying, by analyzing the eye pattern during the sweep, a combination of high-low signals on the select lines that achieves the optimal amount of delay between the reference clock signal and the phase-adjusted clock signal; and
wherein the control interface programs the programmable multiplexer by setting the select lines with the identified combination of high-low signals to delay the reference clock signal by the optimal amount of delay such that the reference clock signal and the phase-adjusted clock signal are out of phase with respect to one another by the optimal amount of delay.

US Pat. No. 10,341,228

RSVP MAKE-BEFORE-BREAK LABEL REUSE

Juniper Networks, Inc., ...

1. A method comprising:receiving, by a router and from an upstream router, a first message requesting establishment of a label switched path (LSP), wherein the first message includes a tunnel identifier pair comprising a tunnel identifier and an extended tunnel identifier used to uniquely identify the requested LSP;
comparing, by the router, the tunnel identifier pair for the requested LSP to existing LSP information stored at the router, the existing LSP information including tunnel identifier pairs for one or more existing LSPs; and
based on a determination that the tunnel identifier pair for the requested LSP is the same as one of the tunnel identifier pairs for one of the existing LSPs, assigning, by the router, a label used by the router to identify incoming traffic associated with the requested LSP that is the same as a previously allocated label for the one of the existing LSPs having the same tunnel identifier pair as the requested LSP.

US Pat. No. 10,313,766

APPARATUS FOR MATING A FIELD-REPLACEABLE UNIT TO A BACKPLANE OF A TELECOMMUNICATIONS SYSTEM

Juniper Networks, Inc., ...

1. An apparatus comprising:a field-replaceable unit that:
is designed to mate with a backplane of a telecommunications system; and
facilitates communication among computing devices within a network; and
at least one helical ejector that is coupled to the field-replaceable unit and comprises:
a shaft;
a tightening knob coupled to the shaft;
a spring that envelops the shaft;
a nut that:
is coupled to the shaft;
abuts the tightening knob; and
abuts the spring; and
an ejector block;
wherein:
the helical elector fastens to a housing of the telecommunications system to enable the field-replaceable unit to mate with the backplane of the telecommunications system; and
the tightening knob compresses the spring against the ejector block by way of the nut such that the spring applies a force on the field-replaceable unit that pushes the field-replaceable unit toward the backplane of the telecommunications system.

US Pat. No. 10,305,780

CONTROLLING ACCUMULATED INTERIOR GATEWAY PROTOCOL (“AIGP”) ATTRIBUTE UPDATES

Juniper Networks, Inc., ...

11. Apparatus for controlling accumulated interior gateway protocol (“AIGP”) updates, the apparatus comprising:a) a forwarding component for forwarding data in a communications network; and
b) a control component including at least one processor configured to
1) monitor AIGP value changes over a first time period,
2) determine whether or not a monitored number of AIGP changes over the first time period is excessive based on a specified test, and
3) responsive to a determination that the monitored number of AIGP changes of the first time period is excessive, set an AIGP value to a locked value and using the locked AIGP value in an AIGP protocol over a second time period and otherwise, responsive to a determination that the monitored number of AIGP changes over the first time period is not excessive, use actual AIGP values, as updated, in the AIGP protocol.

US Pat. No. 10,298,322

METHODS AND APPARATUS FOR DETECTING AND COMPENSATING POWER IMBALANCE AND MODULATION IMPERFECTION FOR A COHERENT OPTICAL TRANSMITTER

Juniper Networks, Inc., ...

1. A method, comprising:sending, to a finite impulse response (FIR) filter of an optical transmitter, a first signal to adjust a first scale factor of a first tributary channel of the optical transmitter, the first scale factor associated with a tap characteristic of the FIR filter;
determining a first set of parameters associated with the first tributary channel based on the first scale factor being adjusted;
determining a power imbalance between the first tributary channel of the optical transmitter and a second tributary channel of the optical transmitter based on the first set of parameters and a second set of parameters associated with the second tributary channel, the second set of parameters associated with a second scale factor of the second tributary channel and the tap characteristic of the FIR filter; and
sending, to at least one of an optical component of the optical transmitter or an electrical component of the optical transmitter, a second signal to adjust, based on the power imbalance, an operational setting of the at least one of the optical component or the electrical component to reduce the power imbalance between the first tributary channel and the second tributary channel.

US Pat. No. 10,291,433

SIGNALING MULTICAST INFORMATION TO A REDUNDANT MULTI-HOMING ROUTER FOR A LAYER 2 VIRTUAL PRIVATE NETWORK

Juniper Networks, Inc., ...

1. A method comprising:receiving, by a provider edge device of a layer 3 (L3) network, configuration data for a layer 2 (L2) virtual private network (L2VPN) for the L3 network for switching L2 packet data units (PDUs) among two or more L2 networks connected to the L3 network, wherein the configuration data configures the provider edge device as a neighbor having a redundant attachment circuit, for the L2VPN, with a customer edge device of a local L2 network of the two or more L2 networks;
receiving, by the provider edge device from the customer edge device via the redundant attachment circuit, when the provider edge device is a backup neighbor for the customer edge device, a control plane message destined for the provider edge device, the control plane message indicating a multicast group; and
forwarding, by the provider edge device to the customer edge device via the redundant attachment circuit for the L2VPN and based at least on the control plane message, multicast traffic for the multicast group received from the L3 network.

US Pat. No. 10,291,511

BIT INDEX EXPLICIT REPLICATION (BIER) FORWARDING FOR NETWORK DEVICE COMPONENTS

Juniper Networks, Inc., ...

1. A network device, comprising:a memory; and
one or more processors to:
modify a forwarding table to generate a modified forwarding table,
the forwarding table including information associated with destinations and information associated with next hops for the destinations,
the forwarding table being modified to include:
information associated with one or more egress line cards of the network device,
 the information associated with the one or more egress line cards including identifiers for the one or more egress line cards, and
information associated with masks for the one or more egress line cards,
 the masks for the one or more egress line cards indicating destinations reachable via corresponding next hops, and
 at least one mask for an egress line card, of the masks for the one or more egress line cards, being created based on combining a plurality of masks for neighbor routers;
receive a multicast packet that includes information identifying destinations for the multicast packet;
identify a particular egress line card, of the one or more egress line cards, for forwarding the multicast packet based on the information identifying the destinations for the multicast packet and based on the modified forwarding table;
create two or more copies of the multicast packet; and
forward, via the particular egress line card, the two or more copies of the multicast packet toward two or more of the destinations.

US Pat. No. 10,291,518

MANAGING FLOW TABLE ENTRIES FOR EXPRESS PACKET PROCESSING BASED ON PACKET PRIORITY OR QUALITY OF SERVICE

Juniper Networks, Inc., ...

1. A first device, comprising:a memory; and
one or more processors to:
identify a capacity indicator associated with a packet,
the packet being associated with a flow, and
the capacity indicator identifying capacity information associated with a flow table at a second device;
determine a service indicator that indicates a priority associated with at least one of the packet or the flow;
determine whether the flow qualifies for express processing based on the capacity indicator and the service indicator; and
selectively provide a message to the second device based on determining whether the flow qualifies for express processing,
the message including an instruction for the second device to store an entry, associated with the flow, in the flow table.

US Pat. No. 10,291,521

MULTI-CHASSIS LINK AGGREGATION GROUPS WITH MORE THAN TWO CHASSIS

Juniper Networks, Inc., ...

1. A method comprising:receiving, by a first chassis of a multi-chassis link aggregation group (MC-LAG) having three or more chassis, a packet to be forwarded using the MC-LAG, the packet including layer 2 forwarding information including a source media access control (MAC) address, the chassis comprising switching or routing devices;
determining, by the first chassis, whether the packet was received from a device outside of the MC-LAG;
when the packet was received from the device outside of the MC-LAG, adding, by the first chassis, data to the packet that identifies the first chassis as a source of the packet for the MC-LAG, wherein adding the data comprises adding the data in addition to the layer 2 forwarding information, without modifying the layer 2 forwarding information, wherein adding the data to the packet comprises adding an Ethernet tag to the packet, wherein the packet includes an EtherType value indicating that the packet includes the Ethernet tag, and wherein the Ethernet tag includes a value representative of the first chassis as the source of the packet for the MC-LAG and an identifier of the MC-LAG; and
forwarding, by the first chassis, the packet toward an egress chassis for the MC-LAG, wherein forwarding comprises determining, by the first chassis, a port of the first chassis by which to forward the packet using a data structure that maps the added data to the port and forwarding the packet via the determined port.

US Pat. No. 10,291,531

BANDWIDTH MANAGEMENT FOR RESOURCE RESERVATION PROTOCOL LSPS AND NON-RESOURCE RESERVATION PROTOCOL LSPS

Juniper Networks, Inc., ...

1. A method comprising:comparing, by a network device and to a pre-defined threshold, traffic flow statistics indicating an amount of network traffic forwarded on a non-resource reservation protocol label switched path (LSP) over an interface of an ingress network device to the non-resource reservation protocol LSP, wherein the non-resource reservation protocol LSP is a label switched path established from the ingress network device to an egress network device using a label-switching protocol without requesting reservation of resources; and
in response to determining the amount of network traffic has met the pre-defined threshold for the interface, automatically adjusting, by the network device and based on the amount of network traffic forwarded on the non-resource reservation protocol LSP, a percentage of reservable bandwidth available for resource reservation protocol LSP reservations for the interface of the ingress network device.

US Pat. No. 10,281,663

PHOTONIC INTEGRATED CIRCUIT WITH ACTIVE ALIGNMENT

Juniper Networks, Inc., ...

1. A device comprising:a photonic integrated circuit that includes:
a transmitter circuit with a transmitter-side optical communication path to a transmitter-side optical coupler configured to couple with an optical transmission fiber, the transmitter-side optical communication path having a transmission direction away from the transmitter circuit and towards the transmitter-side optical coupler;
a receiver circuit with a receiver-side optical communication path to a receiver-side optical coupler configured to couple with an optical reception fiber, the receiver-side optical communication path having a reception direction away from the receiver-side optical coupler and toward the receiver circuit;
a counter-propagating tap configured to divert a portion of light sent backward against the transmission direction of the transmitter-side optical communication path; and
a photodiode configured to receive the portion of the light diverted by the counter-propagating tap and measure a power level of the diverted portion of the light sent backward against the transmission direction of the transmitter-side optical communication path; and
a light source configured to generate the light and send the light backward against the transmission direction of the transmitter-side optical communication path;
wherein the transmitter-side optical coupler is configured to adjust a coupling alignment of the transmitter-side optical communication path to the optical transmission fiber based on the measured power level of the diverted portion of the light.

US Pat. No. 10,277,527

UTILIZATION OF NETWORK TUNNEL SIGNALING FOR CONNECTION REQUEST RATE LIMITATION

Juniper Networks, Inc., ...

1. A device, comprising:one or more memories; and
one or more processors to:
determine an acceptance rate threshold associated with a network server,
the acceptance rate threshold being a handling capacity of the network server for processing connection requests,
the acceptance rate threshold being determined by the device by requesting information from the network server;
determine that a rate at which a set of connection requests are being received exceeds the acceptance rate threshold before sending the set of connection requests to the network server;
cause a first portion of the set of connection requests to be transmitted to the network server via a network tunnel based on determining that the rate at which the set of connection requests are being received exceeds the acceptance rate threshold,
the first portion of the set of connection requests being caused to be transmitted at a rate not exceeding the acceptance rate threshold;
cause a second portion of the set of connection requests to be dropped; and
cause a third portion of the set of connection requests to be queued for a particular period of time,
the third portion of the set of connection requests being transmitted to the network server via the network tunnel after the particular period of time has elapsed,
where the one or more processors, when causing the third portion of the set of connection requests to be transmitted to the network server via the network tunnel, are to:
continue to cause the third portion of the set of connection requests to be transmitted to the network server via the network tunnel until at least one of:
the rate at which the set of connection requests are being received does not exceed the acceptance rate threshold,
the rate at which the set of connection requests are being received is a particular percentage less than the acceptance rate threshold, or
a queue of queued connections is emptied.

US Pat. No. 10,278,112

RESOLVING OUT-OF-BAND CONFIGURATION CHANGES TO HIGH-LEVEL SERVICE CONFIGURATION FOR MANAGED NETWORK DEVICES

Juniper Networks, Inc., ...

1. A method comprising, by a network management system (NMS) device that manages a plurality of network devices:determining that a low-level configuration of a first network device of the plurality of network devices has been changed by an out-of-band (OOB) change, wherein the OOB change comprises a change applied directly to the low-level configuration of the first network device, the low-level configuration comprising configuration data according to which the first network device performs one or more network services;
translating the OOB change to a high-level configuration change;
determining whether to apply the high-level configuration change to the plurality of network devices other than the first network device; and
in response to determining to apply the high-level configuration change to the plurality of network devices other than the first network device, applying the OOB change to low-level configurations of the plurality of network devices other than the first network device.

US Pat. No. 10,268,510

SELECTIVE PRIORITIZATION OF PROCESSING OF OBJECTS

Juniper Networks, Inc., ...

1. A device, comprising:one or more memories; and
one or more processors, communicatively coupled to the one or more memories, to:
receive one or more first objects and one or more second objects to be processed,
the one or more first objects having a first priority level, and
the one or more second objects having a second priority level that is lower than the first priority level;
store, in a first queue, information identifying the one or more first objects, the one or more second objects, and an order in which the one or more first objects and the one or more second objects were received;
store, in a second queue, information identifying the one or more first objects based on the one or more first objects being associated with the first priority level;
process a first quantity of unprocessed objects, of the one or more first objects, based on the first quantity of the unprocessed objects being identified by the second queue,
the unprocessed objects being objects, of the one or more first objects and the one or more second objects, that have not been processed by the device;
process a second quantity of the unprocessed objects, of the one or more first objects and the one or more second objects, based on the first queue;
selectively process a third quantity of the unprocessed objects, of the one or more first objects, or each unprocessed object of the one or more second objects, based on whether every first object has been processed; and
perform one or more actions based on at least one of:
processing the first quantity of the unprocessed objects,
processing the second quantity of the unprocessed objects, or
selectively processing the third quantity of the unprocessed objects.

US Pat. No. 10,250,562

ROUTE SIGNALING DRIVEN SERVICE MANAGEMENT

Juniper Networks, Inc., ...

15. A service gateway system, comprising:a network; and
a plurality of service gateway network devices connected by the network, wherein the plurality of service gateway network devices includes a first service gateway network device and a second service gateway network device, wherein each service gateway network device includes a memory and one or more processors connected to the memory, wherein the one or more processors are configured to:
receive configuration information defining a redundancy set having a master redundancy state and a standby redundancy state, wherein the configuration information includes one or more redundancy policies associated with the redundancy set, the one or more redundancy policies including a service redundancy policy that defines changes to be made in a service when a transition occurs in the state of the redundancy set;
receive configuration information defining events that cause a transition between the master and standby redundancy states in the redundancy set, wherein the events include a first event that causes a transition from the master redundancy state to the standby redundancy state in the redundancy set;
store a plurality of signal-routes, including a first signal-route, wherein each signal-route is a route used by applications to signal changes in application state and wherein each signal-route is associated with one or more of the defined events, wherein the first signal-route is associated with the first event; and
in response to detecting the first event in the service gateway:
transition the redundancy set, within the service gateway, from the master redundancy state to the standby redundancy state;
modify a first signal-route state associated with the redundancy set, wherein modifying includes adding the first signal-route to or removing the first signal-route from a routing information base and advertising, from the service gateway and to peer network devices, the change in the routing information base; and
modify the service based on the service redundancy policy.

US Pat. No. 10,229,459

METHOD AND APPARATUS FOR ROUTING IN TRANSACTION MANAGEMENT SYSTEMS

Juniper Networks, Inc., ...

1. An apparatus, comprising:a memory; and
a processor operatively coupled to the memory and configured to be disposed within a switch fabric element operatively coupled to remaining portions of a switch fabric,
the processor configured to receive a data unit having a transaction code indicator for a transaction initiated via a client device, the transaction code indicator associated with a financial ticker,
the processor configured to send a Domain Name Service (DNS) query based on the transaction code indicator,
the processor configured to receive a DNS response having a virtual destination address in response to the DNS query,
the processor configured to store an association between the virtual destination address and a destination engine of a plurality of destination engines, the destination engine operatively coupled to the switch fabric, the association including a plurality of equal-cost multi-path routes,
the processor configured to replace a destination address of the data unit with the virtual destination address to define a modified data unit,
the processor configured to send, via a route from the plurality of equal-cost multi-path routes, the modified data unit to the destination engine from the plurality of destination engines based on the virtual destination address such that the destination engine conducts a trade associated with the financial ticker.

US Pat. No. 10,193,801

AUTOMATIC TRAFFIC MAPPING FOR MULTI-PROTOCOL LABEL SWITCHING NETWORKS

Juniper Networks, Inc., ...

1. A method comprising:executing, by a network device, a multiprotocol label switching protocol to direct a plurality of routers along a path to establish a label switched path along the path, the plurality of routers including a head-end label edge router that acts as an ingress to admit traffic into the label switched path and a tail-end label edge router that acts as an egress from the label switched path;
executing, by the network device, a path computation element communication protocol to generate a communication associating a label switched path community with the established label switched path;
transmitting, by the network device, in accordance with the path computation element communication protocol, and after the label switched path has been established to use one or more labels when admitting traffic into the label switched path, the communication to the head-end label edge router;
identifying, by the network device and based on traffic mapping rules, a mapping between a layer three network flow and the label switched path community;
executing, by the network device, a routing protocol used for routing advertising information to generate an advertisement advertising the mapping; and
transmitting, by the network device and in accordance with the routing protocol, the advertisement to the head-end label edge router so that the head-end label edge router is able to map the layer three network flow to the label switched path identified by the label switched path community and admit traffic corresponding to the layer three network flow into the label switched path identified by the label switched path community, and the layer three network flow identified in the advertisement by one or more of a destination address, a destination port, a source address, a source port, and a protocol.

US Pat. No. 10,135,214

ORTHOGONAL CROSS-CONNECTING OF PRINTED CIRCUIT BOARDS WITHOUT A MIDPLANE BOARD

Juniper Networks, Inc., ...

1. A method, comprising:forming a plurality of connector-receiving portions in a printed circuit board (PCB), each connector-receiving portion from the plurality of connector-receiving portions having a via and a semi-blind via;
coupling a first plurality of connectors to a first side of the PCB that is opposite a second side of the PCB, each connector from the first plurality of connectors including a ground contact and a signal contact; and
coupling a second plurality of connectors to the second side of the PCB such that each connector from the first plurality of connectors is located opposite a different connector from the second plurality of connectors, each connector from the second plurality of connectors including a ground contact and a signal contact,
the ground contact for each connector from the first plurality of connectors is electrically coupled to the corresponding connector from the second plurality of connectors through the via for the corresponding connector-receiving portion from the plurality of connector-receiving portion,
the signal contact for each connector from the first plurality of connectors is not electrically coupled to the corresponding connector from the second plurality of connectors through the semi-blind via for the corresponding connector-receiving portion from the plurality of connector-receiving portion.

US Pat. No. 10,129,075

MULTICAST ONLY FAST RE-ROUTE OVER REMOTE LOOP-FREE ALTERNATE BACKUP PATH

Juniper Networks, Inc., ...

1. A method comprising:receiving, by a network device configured with multicast only fast re-route (MoFRR), a join request initiated by one or more receivers for a multicast group;
sending, by the network device, a first multicast routing protocol control message including the join request to a first upstream neighbor network device along a primary path toward a source of the multicast group, wherein the primary path comprises a direct link between the network device and the first upstream neighbor network device;
sending, by the network device, a second multicast routing protocol control message including the join request to a second upstream neighbor network device along a remote loop-free alternate (RLFA) backup path toward a RLFA network device, the second control message further including a different message type than the first control message and an address of the RLFA network device, wherein the RLFA backup path comprises a label switching path (LSP) between the network device and the RLFA network device that traverses the second upstream neighbor network device and a direct link between the RLFA network device and the first upstream neighbor network device;
receiving, by the network device from the source of the multicast group, multicast data packets for the multicast group on at least one of the primary path or the RLFA backup path; and
forwarding, by the network device toward the one or more receivers, the multicast data packets for the multicast group.

US Pat. No. 10,127,091

INTERCEPTING SOCKET METADATA

Juniper Networks, Inc., ...

15. A method, comprising:receiving, by a kernel of a device and from a loadable kernel module of the device, information that instructs the kernel of the device to invoke a function associated with the loadable kernel module based on an execution of a hook of a transport layer protocol handler of the kernel of the device,
the kernel of the device being associated with a set of hooks,
the set of hooks including the hook, and
each hook, of the set of hooks, being associated with a particular transport layer protocol;
receiving, by the kernel of the device and from an application of the device, a socket application programming interface (API) call,
the socket API call including control information;
receiving, by the kernel of the device and after receiving the socket API call, a packet via a socket,
the socket API call requesting the kernel of the device to provide the packet to the application;
executing, by the kernel of the device, the hook based on based on receiving the socket; and
invoking, by the kernel of the device, the function associated with the loadable kernel module based on executing the hook to permit a functionality associated with the function to be provided,
the kernel to provide the control information, associated with the socket API call, to the function as an argument.

US Pat. No. 10,110,455

SERVICE LATENCY MONITORING USING TWO WAY ACTIVE MEASUREMENT PROTOCOL

Juniper Networks, Inc., ...

1. A method, comprising:receiving, by a device, at a first receipt time, and from a client device, a packet and a first time stamp associated with the packet,
the first time stamp being associated with a transmission time of the packet;
associating, by the device, the packet with a second time stamp,
the second time stamp being associated with the first receipt time;
transmitting, by the device and to a service device, the packet and at least one of:
the first time stamp,
the second time stamp, or
a third time stamp associated with transmitting the packet to the service device;
receiving, by the device, at a second receipt time, and based on a service being performed on the packet, the packet and at least one of:
the first time stamp,
the second time stamp, or
the third time stamp;
associating, by the device, the packet with a fourth time stamp associated with the second receipt time;
calculating, by the device, a service latency based on the third time stamp and the fourth time stamp; and
transmitting, by the device and to the client device, the packet, information identifying the service latency, and at least one of:
the first time stamp,
the second time stamp,
the third time stamp, or
the fourth time stamp.

US Pat. No. 10,103,902

AUTO-DISCOVERY OF REPLICATION NODE AND REMOTE VTEPS IN VXLANS

Juniper Networks, Inc., ...

9. A method comprising:receiving, by a network switch in a virtual extensible local area network (VXLAN) from a router that includes a replication node for broadcast, unidentified unicast and multicast (BUM) traffic, a first advertisement including an address of the replication node and at least one virtual network identifier (VNI) range associated with the replication node, wherein the at least one VNI range specifies at least a starting VNI and an ending VNI;
upon receiving the first advertisement, sending, by the network switch to one or more VXLAN tunnel endpoints (VTEPs) connected to the network switch in the VXLAN, a second advertisement including the address of the replication node and the at least one VNI range associated with the replication node; and
upon registration of at least one of the one or more VTEPs with the router and construction of a distribution tree in the VXLAN, forwarding, by the network switch, BUM traffic received from the replication node of the router toward the one or more VTEPs.

US Pat. No. 10,097,479

METHODS AND APPARATUS FOR RANDOMLY DISTRIBUTING TRAFFIC IN A MULTI-PATH SWITCH FABRIC

Juniper Networks, Inc., ...

1. An apparatus, comprising:a memory, and
a processor operatively coupled to the memory,
the processor configured to randomly select a first egress port indicator from a first list of egress port indicators for a first cell from a plurality of cells, each egress port indicator from the first list of egress port indicators representing a status of an egress port of a switch, the first list of egress port indicators is uniquely associated with a first destination indicator for the first cell,
the first egress port indicator has a first value before the first egress port indicator is selected for the first cell,
the processor is configured to change the first egress port indicator from the first value to a second value after the first egress port indicator is selected for the first cell, the second value being different from the first value,
the processor configured to send the first egress port indicator such that the first cell is sent from an egress port associated with the first egress port indicator,
the processor configured to randomly select a second egress port indicator from a second list of egress port indicators for a second cell from the plurality of cells, each egress port indicator from the second list of egress port indicators representing a status of an egress port of the switch, the second set of cells being mutually exclusive from the first set of cells, the second list of egress port indicators is uniquely associated with a second destination indicator for the second cell, the second destination indicator for the second cell being different from the first destination indicator for the first cell,
the processor configured to send the second egress port indicator such that the second cell is sent from an egress port associated with the second egress port indicator.

US Pat. No. 10,097,446

DYNAMIC AREA FILTERING FOR LINK-STATE ROUTING PROTOCOLS

Juniper Networks, Inc., ...

1. A method comprising: receiving, by an area border router that borders a backbone area and a non-backbone area of a multi-area autonomous system that employs a hierarchical link state routing protocol to administratively group routers of the autonomous system into areas, a request message from the non-backbone area that requests the area border router to provide routing information associated with a service endpoint identifier to the non-backbone area, wherein the request message specifies the service endpoint identifier and the routing information comprises link state information associated with the service endpoint identifier;adding or reconfiguring, by the area border router in response to the request message, a filter associated with the link state routing protocol to specify the service endpoint identifier; and
sending, by the area border router according to the filter, the routing information associated with the service endpoint identifier to the non-backbone area.

US Pat. No. 10,082,856

PERFORMING A HEALTH CHECK ON POWER SUPPLY MODULES THAT OPERATE IN A CURRENT SHARING MODE

Juniper Networks, Inc., ...

1. A device, comprising:one or more processors to:
select a power supply module (PSM), from a plurality of PSMs that operate in a current sharing mode, for performing a health check;
perform the health check on the selected PSM by iteratively modifying an output voltage of the selected PSM and monitoring for a corresponding modification in an output current of the selected PSM;
determine whether the selected PSM is capable of delivering a particular load without a failure based on performing the health check; and
perform an action based on whether the selected PSM is capable of delivering the particular load without the failure.

US Pat. No. 10,083,026

IN-SERVICE SOFTWARE UPGRADE OF SOFTWARE-DEFINED NETWORKING CONTROLLER

Juniper Networks, Inc., ...

1. A method comprising:on at least one processor of a cloud data center executing a first Software Defined Networking (SDN) controller configured to perform session management of a plurality of session instances, wherein the cloud data center further comprises:
an orchestration engine communicatively coupled to the first SDN controller via a first northbound application program interface (API); and
a plurality of compute nodes configured to perform compute functions for the plurality of session instances, wherein each of the plurality of compute nodes comprise:
a virtual router, wherein each virtual router is communicatively coupled to the first SDN controller via a southbound API; and
at least one virtual machine configured to execute at least one session instance of the plurality of session instances:
in response to receiving a request to perform an in-service software upgrade (ISSU) of the first SDN controller:
initializing a second SDN controller on the cloud data center;
establishing a peering session between the first SDN controller and the second SDN controller;
concurrently receiving, by each of the first SDN controller and the second SDN controller, networking and routing information for the plurality of session instances; and
using, by the second SDN controller, the networking and routing information for the plurality of session instances to build a state database for the second SDN controller while the first SDN controller uses the networking and routing information for the plurality of session instances to perform session management of the plurality of session instances; and
after initializing the second SDN controller and building the state database for the second SDN controller, transferring session management for the plurality of session instances from the first SDN controller to the second SDN controller.

US Pat. No. 10,069,590

METHODS AND APPARATUS FOR ADAPTIVE COMPENSATION OF SIGNAL BANDWIDTH NARROWING THROUGH FINITE IMPULSE RESPONSE FILTERS

Juniper Networks, Inc., ...

1. An apparatus, comprising:a finite impulse response (FIR) filter to receive a digital signal; and
a transmitter, operatively coupled to the FIR filter, to transmit an analog signal, converted from the digital signal, to a communication channel,
the FIR filer configured to change at least one operating parameter based on a bandwidth of the analog signal after transmission in the communication channel,
the bandwidth of the analog signal being estimated, using an estimator, based at least in part on raw sampling data generated by an analog-to-digital converter (ADC) operatively coupled to the transmitter.

US Pat. No. 10,063,383

APPARATUS, SYSTEM, AND METHOD FOR IMPROVING THE ENERGY EFFICIENCY OF LINK AGGREGATION GROUPS

Juniper Networks, Inc., ...

1. An apparatus comprising:a set of communication ports that facilitate communication with a network device via a set of communication links that collectively operate as a link aggregation group, wherein the set of communication links comprises:
at least one inactive communication link that, when active, operates at a first rate; and
at least one other inactive communication link that, when active, operates at a second rate that differs from the first rate; and
a link-management unit communicatively coupled to the set of communication ports that facilitate communication with the network device, wherein the link-management unit:
detects an amount of network traffic on one or more active communication links included in the set of communication links that are collectively operating as the link aggregation group;
determines that the amount of network traffic detected on the active communication links has increased above an upper threshold;
modifies, in response to determining that the amount of network traffic has increased above an upper threshold, the active communication links included in the set of communication links by:
selecting which of the inactive communication link and the other inactive communication link to activate based at least in part on:
the amount of network traffic detected on the active communication links; and
the first rate and the second rate; and
activating the selected inactive communication link to account for the increased amount of network traffic;
tracks an amount of network traffic exchanged with the network device via the link aggregate group over a certain period of time;
predicts, based at least in part on the tracked amount of network traffic exchanged with the network device, a number of active communication links needed to facilitate communication with the network device at a certain point in time; and
modifies the active communication links to coincide with the number of active communication links predicted to be needed to facilitate communication with the network device at the certain point in time.

US Pat. No. 10,063,415

NETWORK SERVICES USING POOLS OF PRE-CONFIGURED VIRTUALIZED NETWORK FUNCTIONS AND SERVICE CHAINS

Juniper Networks, Inc., ...

1. A method comprising:prior to receiving a request to perform a network service on network traffic from a subscriber device:
spawning, by an orchestration engine of a service provider network, a plurality of virtual network functions (VNFs) executed by virtual machines on a plurality of service nodes; and
assigning, by the orchestration engine, the plurality of service nodes to a plurality of service node pools, wherein each service node pool of the plurality of service node pools comprises idle service nodes that execute a particular type of VNF; and
in response to receiving the request to perform the network service on network traffic from the subscriber device:
selecting, by the orchestration engine, one or more service nodes from one or more service node pools of the plurality of service node pools required to perform the requested network service;
issuing instructions, by the orchestration engine, causing a software-defined network (SDN) controller of the service provider network to attach the selected one or more service nodes to the switch fabric of the service provider network to form a service chain providing the requested network service; and
issuing instructions, by the orchestration engine, causing the SDN controller to direct network traffic through the service chain so as to perform the requested network service on network traffic from the subscriber device.

US Pat. No. 10,042,722

SERVICE-CHAIN FAULT TOLERANCE IN SERVICE VIRTUALIZED ENVIRONMENTS

Juniper Networks, Inc., ...

1. A method comprising:determining, by a network device of a service provider network, that a failure has occurred at a service node included in a plurality of service nodes, the plurality of service nodes configured to apply one or more stateful services of a primary service chain to packet flows from a plurality of subscriber devices;
in response to determining that the failure has occurred, identifying, by the network device, one or more other service chains that also include the one or more stateful services applied by the failed service node;
in response to identifying the one or more other service chains that also include the one or more stateful services, configuring, by the network device, forwarding state of the network device to process the packet flows from the plurality of subscriber devices based on a first corrective action that bypasses the service node for the primary service chain and configuring the forwarding state of the network device to process the packet flows from the plurality of subscriber devices based on a second corrective action that bypasses the service node for at least one of the identified one or more other service chains, wherein the second corrective action is different than the first corrective action; and
in response to receiving a subscriber packet in the packet flows, processing the packet flows from the plurality of subscriber devices based on the forwarding state of the network device.

US Pat. No. 10,015,082

PROVIDING NON-INTERRUPT FAILOVER USING A LINK AGGREGATION MECHANISM

Juniper Networks, Inc., ...

1. A system comprising:a switch, connected to a first node and a second node, to:
receive traffic from a network,
identify a particular address associated with the traffic,
the particular address being associated with the first node and the second node, or with a client device,
determine that the particular address corresponds to an aggregate interface,
the aggregate interface being based on a first port and a second port,
the first port being associated with the first node, and
the second port being associated with the second node, and
provide the traffic to the first node, via the first port, and to the second node, via the second port, based on determining that the particular address corresponds to the aggregate interface;
the first node, associated with a first state indicating an availability to process or transport the traffic, to:
process the traffic,
detect a failure, associated with the first node, based on processing the traffic, and
output, based on detecting the failure, a notification indicating that the first node is changing from the first state to a second state,
the second state indicating an unavailability to process or transport the traffic; and
the second node, associated with the second state, to:
receive the notification,
cause a state, associated with the second node, to change from the second state to the first state based on receiving the notification,
process the traffic based on the change from the second state to the first state, and
output the traffic to the client device.

US Pat. No. 9,998,565

SELECTING AND MONITORING A PLURALITY OF SERVICES KEY PERFORMANCE INDICATORS USING TWAMP

Juniper Networks, Inc., ...

1. A method comprising:establishing a control connection between a two-way active measurement protocol (TWAMP) control client on a first network device in a network and a TWAMP server on a second network device in the network;
negotiating, by the TWAMP control client, a data session for a given service supported at the TWAMP server, the negotiation including selecting one or more service key performance indicators (KPIs) to be measured for the given service;
establishing, by the TWAMP control client, the data session for the given service with the TWAMP server;
sending, by a TWAMP session initiator on a third network device in the network, one or more TWAMP test packets to the TWAMP server over the data session for the given service; and
sending, by the TWAMP server in response to the one or more TWAMP test packets, service data measurements for the selected service KPIs for the given service over the data session to the TWAMP session initiator.

US Pat. No. 9,979,595

SUBSCRIBER MANAGEMENT AND NETWORK SERVICE INTEGRATION FOR SOFTWARE-DEFINED NETWORKS HAVING CENTRALIZED CONTROL

Juniper Networks, Inc., ...

1. A method comprising:by a centralized controller, dynamically establishing a control channel between the centralized controller and an access node in a software-defined network having a plurality of network nodes managed by the centralized controller;
receiving, by the centralized controller, a services indication message from a network node of the plurality of network nodes, wherein the services indication message indicates one or more network services provided by the network node in a software-defined network having a plurality of network nodes managed by the centralized controller;
establishing, by a centralized controller, a transport label switched path (LSP) between the access node and the network node to transport network packets between the access node and the network node;
receiving, by the centralized controller, an endpoint indication message from the access node via the control channel, wherein the endpoint indication message indicates that an endpoint has joined the network at the access node;
determining, by the centralized controller and based on the endpoint indication message, an authorization record for a subscriber associated with the endpoint;
determining, by the centralized controller and based on the authorization record, whether a pseudo wire is needed between the access node and the network node to provide to the endpoint a network service of the one or more network services;
responsive to determining that the pseudo wire is needed, outputting, by the centralized controller, a pseudo wire request message via the control channel to install forwarding state on the access node for creating the pseudo wire between the access node and the network node; and
outputting, by the centralized controller, a direct switch message via the control channel to configure the access node to map traffic received from the endpoint to the pseudo wire.

US Pat. No. 9,973,836

DETECTING A TRANSCEIVER USING A NOISE OPTICAL SIGNAL

Juniper Networks, Inc., ...

1. A system, comprising:a transceiver comprising:
a transmitter, and
an amplifier to transmit a noise signal of a plurality of wavelengths when the transmitter does not specify a wavelength;
an optical fiber connected with the transceiver and transporting the noise signal,
the optical fiber being associated with a particular wavelength;
a multiplexer to:
receive the noise signal via the optical fiber,
the multiplexer being connected to a plurality of optical fibers,
the plurality of optical fibers including the optical fiber,
filter the plurality of wavelengths based on the particular wavelength, and
pass a filtered signal, of the particular wavelength, to an optical channel monitor;
the optical channel monitor to:
detect the filtered signal and determine the particular wavelength; and
a controller device to:
cause the amplifier to transmit the noise signal, and
determine that the filtered signal is associated with the transceiver.

US Pat. No. 9,973,437

APPARATUS TO ACHIEVE QUALITY OF SERVICE (QOS) WITHOUT REQUIRING FABRIC SPEEDUP

Juniper Networks, Inc., ...

1. A device, comprising:one or more processors to:
store a count value for each of a plurality of output components;
add packets received from a network device to one or more input queues included in an input component;
selectively dequeue a packet from the input component, to be sent to an output component, based on whether the count value for the output component satisfies a threshold,
the packets including the packet, and
the plurality of output components including the output component;
send the packet to the output component when the packet is dequeued from the input component;
modify the packet after the packet is dequeued from the input component;
determine a change in size of the packet due to modifying the packet;
update the count value for the output component based on the change in size of the packet due to modifying the packet; and
output the packet to another network device via the output component.

US Pat. No. 9,967,185

INTERFACE FOR EXTENDING SERVICE CAPABILITIES OF A NETWORK DEVICE

Juniper Networks, Inc., ...

1. A method for providing one or more services to a packet traversing a service provider network, the method comprising:receiving, with a network switch of the service provider network, a packet associated with a client device of the service provider network;
determining, with the network switch, to apply one or more services to the packet associated with client device;
accessing, with a forwarding engine of the network switch, a forwarding structure to select a first logical interface to which to forward the packet, wherein the forwarding structure comprises a plurality of entries that each refer to one of a plurality of logical interfaces, wherein the first logical interface comprises one of the plurality of logical interfaces, wherein each of the plurality of logical interfaces correspond to a respective internal service component of the network switch, and wherein the first logical interface corresponds to a particular internal service component of the network switch;
forwarding, with the forwarding engine, the packet to the particular internal service component;
applying, with the particular internal service component, a tunnel header and metadata to the packet to form a tunnel packet, wherein the metadata specifies at least one network service to be applied when forwarding the packet within the service provider network; and
forwarding, by the network switch and through a network tunnel, the tunnel packet from the network switch to a service complex external to the network switch, the external service complex comprising a plurality of network devices for application of the one or more network services to the packet in accordance with the metadata.

US Pat. No. 9,967,036

PROCESSING DATA IN A COHERENT OPTICAL COMMUNICATION SYSTEM

Juniper Networks, Inc., ...

1. A method comprising:receiving a first analog electrical data stream transmitted by a photonics module in a coherent optical communication system, and a second analog electrical data stream transmitted by the photonics module that together represent a portion of an optical signal received by the photonics module;
sampling the first analog electrical data stream and the second analog electrical data stream at a sampling rate that is approximately twice or greater than twice a symbol rate of the first and second analog electrical data streams to convert the first analog electrical data stream to a first digital electrical data stream, and convert the second analog electrical data stream to a second digital electrical data stream;
digitally filtering the first digital electrical data stream and the second digital electrical data stream to output a first filtered digital electrical data stream and a second filtered electrical data stream, respectively, at a first effective sampling rate that is less than the sampling rate and less than twice the symbol rate of the first and second analog electrical data streams, and greater than or equal to the symbol rate of the first and second analog electrical data streams;
compensating for chromatic dispersion on at least the first and second filtered digital electrical data streams at a rate that is substantially equal to the first effective sampling rate to generate a compensated digital electrical data stream;
upsampling the compensated digital electrical data stream;
performing timing recovery using the upsampled compensated digital electrical data stream to generate a timing recovered digital electrical data stream at a second effective sampling rate;
digitally filtering the timing recovered digital electrical data stream at a third effective sampling rate, different than the first effective sampling rate, that is less than the sampling rate and less than twice the symbol rate of the first and second analog electrical data streams and greater than or equal to the symbol rate of the first and second analog electrical data streams; and
processing the digitally filtered timing recovered digital electrical data stream at a rate that is substantially equal to the third effective sampling rate to recover data in the optical signal received by the photonics module.

US Pat. No. 9,917,796

NETWORK DEVICE DATA PLANE SANDBOXES FOR THIRD-PARTY CONTROLLED PACKET FORWARDING PATHS

Juniper Networks, Inc., ...

1. A method comprising:
configuring, by a first application executed by a control plane of a network device and via a first interface executed by
a forwarding unit of the network device, an internal forwarding path of the forwarding unit with first instructions that determine
processing of packets received by the forwarding unit,

wherein the first application configures the internal forwarding path to include a sandbox that comprises a container for
instructions to be configured inline within the internal forwarding path, and

wherein at least a portion of the internal forwarding path is stored to a memory of the forwarding unit and is executable
by a packet processor of the forwarding unit;

configuring, by a second application executed by the control plane of the network device and via a second interface executed
by the forwarding unit of the network device, the sandbox with second instructions that determine processing of packets within
the sandbox; and

processing, by the packet processor in response to determining a packet received by the forwarding unit is associated with
a packet flow controlled at least in part by the second application, the packet by executing the second instructions configured
for the sandbox.

US Pat. No. 9,912,699

SELECTIVELY APPLYING INTERNET PROTOCOL SECURITY (IPSEC) ENCRYPTION BASED ON APPLICATION LAYER INFORMATION

Juniper Networks, Inc., ...

1. A device, comprising:
one or more processors, at least partially implemented in hardware, to:
receive one or more packets associated with a network traffic flow,
the network traffic flow including parameters related to at least one of:
a network layer information, or
a transport layer information;
determine to protect the one or more packets, associated with the network traffic flow, using Internet protocol security (IPsec)
based upon the parameters related to the at least one of the network layer information or the transport layer information;

identify an application associated with the network traffic flow;
compare the application to a list of stored applications to determine if the application is not required to be protected using
IPsec;

determine to not protect network traffic, associated with the application, using IPsec after determining to protect the one
or more packets using IPsec;

store a rule that indicates that the network traffic, associated with the network traffic flow, is not to be protected using
IPsec based on determining that the network traffic is not to be protected using IPsec;

transmit, to another device, a message indicating that the network traffic, associated with the network traffic flow, is not
to be protected using IPsec based on determining that the network traffic is not to be protected using IPsec; and

transmit, to the other device, the network traffic, associated with the network traffic flow, without using IPsec protection.

US Pat. No. 9,900,245

COMMUNICATING NETWORK PATH AND STATUS INFORMATION IN MULTI-HOMED NETWORKS

Juniper Networks, Inc., ...

1. A method comprising:
executing, on a layer three (L3) device, an operations, administration, and management (OAM) protocol to monitor a first layer
two (L2) network, wherein the L3 device operates within an L3 network, and wherein the L3 device couples the L3 network with
the first L2 network;

receiving, by the L3 device, an L3 connection status message indicating a connection status of the L3 network;
determining, by the L3 device and based on the L3 connection status message, a type of a network error within the L3 network;
generating, with the OAM protocol executing on the L3 device, an L2 frame indicating the network error;
sending, by the L3 device, the L2 frame to a first L2 device operating within the first L2 network, wherein the L2 frame is
a continuity check message used by the OAM protocol executing on the L3 device to detect connectivity failures between a sending
device and a destination device, and wherein the L2 frame includes a type-length-value (TLV) field that specifies the type
of the network error; and

receiving, by the L3 device, an L2 frame from the first L2 device that indicates whether the L3 device is within a preferred
network path to a second L2 device, wherein the second L2 device operates in a second L2 network, wherein the first and second
L2 networks are coupled by the L3 network, and wherein the L2 frame received from the first L2 device is a continuity check
message used by the OAM protocol executing on the first L2 device to detect connectivity failures between a sending device
and a destination device.

US Pat. No. 9,882,633

METHODS AND APPARATUS FOR SELF HEALING OF AN OPTICAL TRANSCEIVER IN A WAVELENGTH DIVISION MULTIPLEXING (WDM) SYSTEM

Juniper Networks, Inc., ...

6. An apparatus, comprising:
a first optical transceiver having an electrical portion and an optical portion operatively coupled to the electrical portion
of the first optical transceiver, the electrical portion including a switch, the first optical transceiver including a controller
and a variable optical attenuator (VOA), the controller being operatively coupled to the switch and the VOA,

the first optical transceiver configured to automatically identify a failure within the first optical transceiver,
the controller configured to send a first control signal to the switch in response to the failure from at least one of a transmitter
or a receiver of the first optical transceiver,

the switch configured to receive a plurality of electrical signals associated with a first plurality of electrical transmitters,
each electrical signal from the plurality of electrical signals uniquely associated with an electrical transmitter from the
first plurality of electrical transmitters, the switch configured to switch an electrical signal from the plurality of electrical
signals to a spare electrical transmitter within a second plurality of electrical transmitters such that the plurality of
electrical signals are transmitted via the second plurality of electrical transmitters in response to the first control signal,

the controller configured to send a second control signal to the VOA such that the VOA modulates with a signal representing
control information for a second optical transceiver to be operatively coupled to the first optical transceiver, the control
information associated with the failure within the first optical transceiver.

US Pat. No. 9,882,637

METHODS AND APPARATUS FOR MONITORING AND CONTROLLING THE PERFORMANCE OF OPTICAL COMMUNICATION SYSTEMS

Juniper Networks, Inc., ...

1. An apparatus, comprising:
an optical detector configured to sample asynchronously an optical signal from an optical component; and
a processor operatively coupled to the optical detector, the processor configured to calculate a metric value of the optical
signal without an extinction ratio of the optical signal being calculated, the metric value being proportional to the extinction
ratio of the optical signal,

the processor configured to calculate a calibration value associated with the optical signal,
the processor configured to define an error signal based on the metric value of the optical signal and the calibration value,
the processor configured to send the error signal to an optical transmitter such that the optical transmitter modifies an
output optical signal in response to the error signal.

US Pat. No. 9,860,162

SECURING INTER-AUTONOMOUS SYSTEM LINKS

Juniper Networks, Inc., ...

1. A method comprising, by an autonomous system boundary router (ASBR) device of a first autonomous system (AS), wherein the
ASBR device is between a first provider edge (PE) router of the first AS and a second PE router of a second, different AS,
and wherein the first PE router and the second PE router form a Multiprotocol Label Switching (MPLS) path:
receiving a first packet via an inter-AS interface of the ASBR device that is communicatively coupled to a routing device
external to the first AS;

determining that the first packet is encapsulated by an MPLS label;
selecting an inter-AS forwarding table based on the inter-AS interface by which the first packet was received;
forwarding the first packet according to forwarding information of the inter-AS forwarding table when the inter-AS forwarding
table includes the MPLS label;

receiving a second packet via an intra-AS interface of the ASBR device that is communicatively coupled to a routing device
internal to the first AS;

selecting an intra-AS forwarding table based on the intra-AS interface by which the second packet was received, wherein the
intra-AS forwarding table is associated with a plurality of interfaces of the ASBR device that are each coupled to routing
devices internal to the first AS; and

forwarding the second packet according to forwarding information of the intra-AS forwarding table.

US Pat. No. 9,853,854

NODE-PROTECTION AND PATH ATTRIBUTE COLLECTION WITH REMOTE LOOP FREE ALTERNATES

Juniper Networks, Inc., ...

1. A method comprising:
by the network device, for each of a plurality of candidate remote loop-free alternate (LFA) next hops, performing a forward
shortest path first (SPF) computation having a respective candidate remote LFA next hop as a root to compute a path segment
between the respective candidate remote LFA next hop and a destination network device in a network, wherein each of the candidate
remote LFA next hops comprises the tail-end node of a respective potential repair tunnel between the network device and the
candidate remote LFA next hop for forwarding network traffic from the network device to the destination network device;

storing, by the network device for each of the SPF computations, path attributes of respective path segments between each
of the plurality of candidate remote LFA next hops and the destination network device;

selecting, by the network device and based at least in part on the stored path attributes of the path segments and whether
the computed path segments include a primary next hop node, a remote LFA next hop from the plurality of candidate remote LFA
next hops to be stored as an alternate next hop for forwarding network traffic from the network device to the destination
network device, such that the selected remote LFA next hop provides node protection to the primary next hop node on a shortest
path from the network device to the destination device; and

updating, by the network device, forwarding information stored by the network device to install the selected remote LFA next
hop as the alternate next hop for forwarding network traffic from the network device to the destination network device.

US Pat. No. 9,843,508

RSVP MAKE-BEFORE-BREAK LABEL REUSE

Juniper Networks, Inc., ...

1. A method comprising:
receiving, by a router from an ingress router of a label switched path (LSP) established between the ingress router and an
egress router, a first message requesting establishment of a second LSP instance of the LSP, the second LSP instance having
a second path that at least partially overlaps a first path of a first LSP instance of the LSP;

determining, by the router, whether to reuse a first label previously allocated by the router for the first LSP instance as
a second label used to identify incoming traffic associated with the second LSP instance;

responsive to determining to reuse the first label as the second label, reusing, by the router, a label route installed in
a forwarding plane of the router for the first LSP instance to forward incoming traffic including the second label for the
second LSP instance without updating the label route;

sending, by the router to an upstream router along the second path of the second LSP instance, a second message including
the second label for the second LSP instance, wherein, responsive to determining to reuse the first label, the second label
included in the second message is the same as the first label previously allocated by the router; and

upon establishment of the second LSP instance and tear down of the first LSP instance by the ingress router, receiving, by
the router from the upstream router along the second path of the second LSP instance, incoming traffic including the second
label.

US Pat. No. 9,843,513

MULTICAST FLOW OVERLAY USING REGISTRATION OVER A RELIABLE TRANSPORT

Juniper Networks, Inc., ...

1. A method comprising:
exchanging, by a central routing device and with an ingress routing device that is communicatively coupled to at least one
source device, a plurality of targeted hello messages to establish a targeted neighbor connection between the central routing
device and the ingress routing device;

receiving, by the central routing device and from the ingress routing device using the targeted neighbor connection, a source-active
register message that specifies a source address and an identifier that are collectively associated with a multicast stream
provided by the at least one source device, wherein the source-active register message further indicates whether the multicast
stream is active or withdrawn at the ingress routing device;

updating, by the central routing device and based on the source-active register message, state information for multicast streams
that are active at the ingress routing device, wherein the central routing device adds the source address and the identifier
to the state information if the source-active register message indicates that the multicast stream is active, and wherein
the central routing device removes the source address and the identifier from the state information if the source-active register
message indicates that the multicast stream is withdrawn; and

after receiving the source-active register message, sending, by the central routing device and to the ingress routing device
using the targeted neighbor connection, a list-of-receivers register message that specifies an egress routing device and at
least the identifier that is associated with the multicast stream, wherein the list-of-receivers register message further
indicates whether or not the egress routing device requests receipt of data associated with the multicast stream, and wherein
the list-of-receivers register message is used by the ingress routing device to determine whether or not to send data associated
with the multicast stream to the egress routing device if the multicast stream is active.

US Pat. No. 9,838,306

RSVP MAKE-BEFORE-BREAK LABEL REUSE

Juniper Networks, Inc., ...

1. A method for establishing a second label switched path (LSP) instance of an LSP having a first LSP instance, the method
comprising:
determining, by each downstream router designated for the second LSP instance of the LSP, whether the downstream router is
part of the first LSP instance of the LSP and, if so, whether the first and second LSP instances for that downstream router
share a common link to a nexthop router;

if the first and second LSP instances on one or more of the downstream routers designated for the second instance of the LSP
share a common link to the nexthop router,

transmitting, from the downstream router, a first message to the nexthop router, wherein the first message includes a suggested
label; and

receiving, from the nexthop router, a second message, wherein the second message includes the suggested label; and
if the first and second LSP instances of the LSP do not share a common link to the nexthop router, installing an inactive
nexthop entry for the second LSP instance.

US Pat. No. 9,838,309

DISTRIBUTED NETWORK SUBNET

Juniper Networks, Inc., ...

1. A method comprising:
receiving, by a network device, configuration data defining a virtual integrated routing and bridging (VIRB) interface that
comprises a routing interface for a layer 2 (L2) bridge domain that provides L2 connectivity for a local network coupled to
the network device, wherein the routing interface is associated with a distributed network subnet for the local network coupled
to the network device;

sending, by the network device to a central allocator in response to determining the configuration data specifies a shared
VIRB for the VIRB interface, a request for a VIRB MAC address for the VIRB interface; and

layer 3 (L3) forwarding, by the network device after receiving the VIRB MAC address for the VIRB interface from the central
allocator, to one or more destination devices, one or more L3 packets encapsulated by respective L2 headers that each specifies
the VIRB MAC address for the VIRB interface as a destination MAC address.

US Pat. No. 9,838,354

PREDICTING FIREWALL RULE RANKING VALUE

Juniper Networks, Inc., ...

1. A firewall device, comprising:
a memory to store instructions; and
one or more processors of the firewall device to execute the instructions to:
obtain information regarding a plurality of firewall rules,
the information including information for a particular firewall rule of the plurality of firewall rules,
the information for the particular firewall rule including one or more match condition values and a ranking value,
 the particular firewall rule being applicable to packets that are associated with packet information that matches the one
or more match condition values associated with the particular firewall rule,

 a match condition value, of the one or more match condition values, being associated with a match count that identifies a
quantity of times that packets, received by the firewall device, are associated with packet information that matches the match
condition value, and

 the ranking value identifying a quantity of times that the particular firewall rule has been applied to the packets received
by the firewall device;

perform a linear regression analysis of match counts and ranking values associated with the plurality of firewall rules to
train a model that describes a relationship between the match counts and the ranking values associated with the plurality
of firewall rules;

automatically determine a size of a training set of match condition values and ranking values for the model, based on receiving
an indication for a desired accuracy of predictions made using the model, to reduce processing power used by the firewall
device to check the plurality of firewall rules;

determine that the particular firewall rule applies to a first packet received by the firewall device based on checking whether
the one or more match condition values match packet information associated with the first packet;

obtain a new firewall rule, associated with no ranking information, that includes a first match condition value, of the one
or more match condition values, and a second match condition value, of the one or more match condition values,

where the first match condition value is associated with a first firewall rule, of the plurality of firewall rules, and with
a first match count, and

where the second match condition value is associated with a second firewall rule, of the plurality of firewall rules, and
with a second match count,

the second firewall rule being different from the first firewall rule;
predict a particular ranking value, as a predicted ranking value, of the new firewall rule based on the first match count
and the second match count and based on analyzing the information regarding the plurality of firewall rules; and

perform an action on a second packet, with regard to the new firewall rule, based on the predicted ranking value.

US Pat. No. 9,838,111

NETWORK CONTROLLER HAVING PREDICTABLE ANALYTICS AND FAILURE AVOIDANCE IN PACKET-OPTICAL NETWORKS

Juniper Networks, Inc., ...

1. A method comprising:
receiving, with a software defined network (SDN) controller, state information from optical components of an optical transport
system having a plurality of interconnected packet-optical transport devices;

applying, with an analytics engine of the SDN controller, a set of rules to identify a failure of any of the optical components;
computing, with the SDN controller and in response to identifying the failure, at least one updated path through a routing
and switching network having a plurality of interconnected layer three (L3) routing components and layer two (L2) switching
components for communicating packet-based network traffic; and

responsive to the updated path, configuring, with the SDN controller, the packet-optical transport devices to operate at particular
wavelengths based upon changes in bandwidth requirements at each of the L3 routing components due to the updated path.

US Pat. No. 9,838,138

SELF-CALIBRATION OF PLUGGABLE OPTICAL MODULE

Juniper Networks, Inc., ...

1. A method for optical communication, the method comprising:
outputting, with a processor of an electronic device, a first electrical signal generated from a first digital signal to an
optical module coupled to the electronic device;

receiving, with one or more analog-to-digital converters (ADCs), a second electrical signal from the optical module, the second
electrical signal generated, by the optical module, from an optical-to-electrical conversion of a feedback optical signal
output by an optical output of the optical module and received by an optical input of the optical module, wherein the feedback
optical signal is generated, by the optical module, from an electrical-to-optical conversion of the first electrical signal;

converting, with the one or more ADCs, the second electrical signal into a second digital signal, wherein the first digital
signal and the second digital signal are different due to signal integrity degradation along a signal path through the optical
module;

performing pre-processing to correct polarization crosstalk effects on the second digital signal to generate a third digital
signal;

determining, with the processor of the electronic device, pre-compensation parameters based on the first digital signal, the
third digital signal, and an amount of pre-processing performed on the second digital signal; and

applying, with the processor of the electronic device, pre-compensation, based on the pre-compensation parameters, to a data
signal to compensate for the signal integrity degradation along the signal path.

US Pat. No. 9,838,427

DYNAMIC SERVICE HANDLING USING A HONEYPOT

Juniper Networks, Inc., ...

1. A system comprising:
a computing device configured to execute a honeypot; and
a network device configured to:
receive, from a client device, a service request to receive a service indicated in the service request from a server associated
with an address indicated in the service request; and

in response to obtaining a negative indication for the service that indicates the server does not offer the service, send
a representation of the service request to the computing device, wherein the negative indication for the service comprises
an expiry of a timer for the service request without the network device having received a positive indication for the service
from the server,

wherein the computing device is further configured to, in response to receiving the representation of the service request,
execute the honeypot to provide the service to the client device.

US Pat. No. 9,806,812

METHOD AND APPARATUS FOR DISTORTION CORRECTION IN OPTICAL COMMUNICATION LINKS

Juniper Networks, Inc., ...

1. A method, comprising:
sending, to an electrical detector of an optical transmitter and from an electrical serializer/deserializer operatively coupled
to the optical transmitter, an in-band signal such that the optical transmitter sends a first power error signal to a controller;

receiving, from the controller and at the electrical serializer/deserializer, a correction control signal based on the first
power error signal and a second power error signal; and

sending, to the optical transmitter and from the electrical serializer/deserializer, a pre-emphasized signal based on the
correction control signal,

the first power error signal, the second power error signal and the correction control signal being out-of-band.

US Pat. No. 9,787,583

METHODS AND APPARATUS FOR IMPLEMENTING CONNECTIVITY BETWEEN EDGE DEVICES VIA A SWITCH FABRIC

Juniper Networks, Inc., ...

1. A method, comprising:
operatively coupling a node within a switch fabric separate from an edge device network such that the node of the switch fabric
can be administrated without disruption, modification, or reconfiguration of edge devices of the edge device network;

operatively coupling to an edge device via the switch fabric so as to form the edge device network to facilitate communication
with the edge device via a multiprotocol label switching (MPLS) tunnel through the switch fabric, the edge device network
being formed such that the edge device of the edge device network can be administrated without disruption, modification, or
reconfiguration of the node operatively coupled to the switch fabric;

receiving a signal according to an auto-discovery protocol from a switch fabric device of the switch fabric; and
sending, to the edge device, a label included in the signal such that the edge device sends a data unit via a MPLS tunnel
associated with the label.

US Pat. No. 9,781,009

METHODS AND APPARATUS FOR STANDARD PROTOCOL VALIDATION MECHANISMS DEPLOYED OVER A SWITCH FABRIC SYSTEM

Juniper Networks, Inc., ...

15. An apparatus, comprising:
a memory storing processor-readable instructions: and
a fabric validation (FV) processor operatively coupled to the memory and configured to execute the processor-readable instructions,
the FV processor configured, in response to executing the processor-readable instructions, to receive a set of switch fabric
validation packets from a source device, the FV processor configured, in response to executing the processor-readable instructions,
to compare the set of switch fabric validation packets to a preset schedule indicating a timing and a number of switch fabric
validation packets to be received at the FV processor,

the FV processor configured, in response to executing the processor-readable instructions, to consolidate the set of switch
fabric validation packets into a consolidated switch fabric validation packet,

the FV processor configured, in response to executing the processor-readable instructions, to append, to the consolidated
switch fabric validation packet and when a switch fabric validation packet indicated in the preset schedule is not included
in the set of switch fabric validation packets from the source device, a status state indicator indicating a status of at
least one data path between the FV processor and the source device, to produce an appended consolidated switch fabric validation
packet,

the FV processor configured, in response to executing the processor-readable instructions, to send the appended consolidated
switch fabric validation packet to a validation gateway.

US Pat. No. 9,780,909

NETWORK TOPOLOGY OPTIMIZATION WITH FEASIBLE OPTICAL PATHS

Juniper Networks, Inc., ...

1. A method comprising:
obtaining, by a management device of a multi-layer network comprising a network layer and an underlying transport layer, data
describing a plurality of candidate links available for use as network links in network topologies for the network layer,
wherein each candidate link of the plurality of candidate links is associated with an optical path in the transport layer;

filtering, by the management device based at least on optical network data that describes optical characteristics of fibre
links of the transport layer, the plurality of candidate links by determining a plurality of filtered candidate links, from
the plurality of candidate links, that are each associated with an optical path in the transport layer that is a feasible
optical path for optical transport;

determining, by the management device after filtering the plurality of candidate links by determining a plurality of filtered
candidate links, a first solution comprising a network topology for the network layer that includes a first selected subset
of the filtered candidate links;

determining, by the management device after generating a modified network topology based at least on the network topology,
a second solution comprising the modified network topology for the network layer that includes a second selected subset of
the filtered candidate links; and

outputting, by the management device, topology data for one of the first solution or the second solution having a lowest total
cost, the lowest total cost including a total resource cost to the network for the one of the first solution or the second
solution.

US Pat. No. 9,766,667

COMPUTER CARD EJECTOR WITH LATCH

Juniper Networks, Inc., ...

1. A device comprising:
a card ejector comprising a pair of tapered lever arms coupled at a proximal end of the card ejector and coupled at a distal
end of the card ejector;

a cam block coupling the pair of tapered lever arms at the proximal end of the card ejector, the cam block rotatably coupled
to a card and configured to engage a card cage, and urge the card into or out of the card cage when a rotational force is
applied to the card ejector; and

a latching mechanism coupling the pair of tapered lever arms at the distal end of the card ejector, the latching mechanism
configured to automatically and releasably secure the distal end of the card ejector in a position near a face portion of
the card by engaging an opening in the face portion.

US Pat. No. 9,736,030

MONITORING NETWORK MANAGEMENT ACTIVITY

Juniper Networks, Inc., ...

1. A method comprising:
receiving, by a computing device and from a network device, a particular message;
extracting, by the computing device, a tag and a particular identifier from the particular message;
determining, by the computing device and based on the tag, that the particular message is for a log-in event that includes
logging into an application of the network device;

receiving, by the computing device and from the network device, one or more messages that are for one or more events, of a
network management activity that occurs during a session that is associated with the log-in event, until the computing device
receives a log-out message that is for a log-out event that is associated with the network management activity;

correlating, by the computing device and to obtain correlated messages, a plurality of messages associated with the session
based on the particular identifier and one or more other identifiers included in the one or more messages,

the plurality of messages including the one or more messages and the particular message;
determining, by the computing device, particular rules associated with a type of the application; and
creating, by the computing device, a record for the network management activity based on the correlated messages and by using
the particular rules.

US Pat. No. 9,762,319

REAL-TIME RAMAN GAIN MONITORING

Juniper Networks, Inc., ...

1. A method comprising:
determining, with a first optical node, a correction factor indicative of an amount of optical power loss that a Raman amplifier
in a second optical node causes in an optical signal having a first wavelength that is transmitted by the first optical node
and received by the second optical node;

transmitting, with the first optical node to the second optical node, information, based on the determined correction factor,
that is to be used for determining a gain of the Raman amplifier; and

transmitting, with the first optical node to the second optical node, an optical signal having a second wavelength that is
to be amplified by the Raman amplifier.

US Pat. No. 9,755,960

SESSION-AWARE SERVICE CHAINING WITHIN COMPUTER NETWORKS

Juniper Networks, Inc., ...

1. A method comprising:
receiving, by a network device of a service provider network, a subscriber packet of a packet flow sourced by a subscriber
device and destined to a packet data network;

determining whether the subscriber packet comprises a first packet of a new packet flow associated with a new subscriber session;
responsive to determining that the subscriber packet comprises a first packet of a new packet flow, assigning a value to a
session cookie to uniquely identify the new packet flow of the new subscriber session amongst other packet flows recorded
in a session table as associated with the service chain and updating the session table to record the new subscriber session
in association with the service chain, wherein the service chain comprises an ordered set of one or more stateful services
for application, by a set of service nodes, to a plurality of packet flows from a plurality of subscriber devices;

forming a tunnel packet by encapsulating the subscriber packet within a payload of the tunnel packet and constructing a header
of the tunnel packet for transport by a tunnel associated with the service chain, wherein forming the tunnel packet comprises
embedding the session cookie within the tunnel packet between the header and the payload of the tunnel packet; and

forwarding, by the network device, the tunnel packet toward the service nodes.

US Pat. No. 9,706,014

ROUTING PROTOCOL INTERFACE FOR GENERALIZED DATA DISTRIBUTION

Juniper Networks, Inc., ...

1. A method comprising:
dynamically registering, by an application executing on a network device and via an interface of a routing protocol process
executing on the network device, a new address family identifier that identifies application data for the application;

receiving, by a management interface process via an interface of the management interface process, a display function for
the new address family identifier;

receiving, by the routing protocol process from a peer network device, a routing protocol advertisement according to a routing
protocol, wherein the routing protocol advertisement includes data and includes the new address family identifier to identify
the data as application data for the application;

formatting, by the management interface process according to the display function for the new address family identifier, the
data to generate formatted data; and

outputting, by the management interface process for display at a display device, the formatted data.

US Pat. No. 9,699,035

TOPOLOGY DETERMINATION FOR AN OPTICAL NETWORK

Juniper Networks, Inc., ...

1. A device in an optical network, the device comprising:
a data communication network (DCN) interface that enables the device to send and receive data on a data communication network
separate from the optical network, wherein the DCN interface is configured to receive a message on the data communication
network, the message including data that identifies a first device in the optical network and indicates that the first device
previously received an optical pulse pattern from an optical fiber in the optical network; and

a topology unit configured to generate topology data using the message, the topology data indicating that a second device
is connected in the optical network to the first device when the received optical pulse pattern matches an optical pulse pattern
originated by the second device.

US Pat. No. 9,692,714

SWITCHING FABRIC TOPOLOGY BASED ON TRAVERSING ASYMMETRIC ROUTES

Juniper Networks, Inc., ...

1. A system, comprising:
a first set of 2N packet processors,
N being an integer greater than or equal to one;
a second set of 2N packet processors; and
a switching fabric to interconnect the first set of 2N packet processors and the second set of 2N packet processors,
the switching fabric including a first switching element having a size of at least 3N×3N, a second switching element having
a size of at least 3N×3N, a third switching element having a size of at least 3N×3N, and a fourth switching element having
a size of at least 3N×3N,

the first switching element being directly connected to the second switching element and the third switching element, and
being indirectly connected to the fourth switching element,

the second switching element being directly connected to the first switching element and the fourth switching element, and
being indirectly connected to the third switching element,

the third switching element being directly connected to the first switching element and the fourth switching element, and
being indirectly connected to the second switching element, and

the fourth switching element being directly connected to the second switching element and the third switching element, and
being indirectly connected to the first switching element.

US Pat. No. 9,647,924

PROPAGATING LDP MAC FLUSH AS TCN

Juniper Networks, Inc., ...

1. A method comprising:
determining, by a device, an identifier of a provider edge device affected by a topology change event;
generating, by the device, a first message based on the identifier of the provider edge device,
the first message including information to prompt the provider edge device to generate a second message based on the first
message, and

the second message being a topology change notification message; and
transmitting, by the device, the first message to the provider edge device,
the first message causing the provider edge device to generate the topology change notification message, and
the provider edge device determining not to generate a different topology change notification message based on a third message,
received by the provider edge device, when the third message does not include the identifier of the provider edge device.

US Pat. No. 9,673,567

APPARATUS, SYSTEM, AND METHOD FOR PREVENTING ELECTRIC SHOCK DURING MAINTENANCE OF TELECOMMUNICATION SYSTEMS

Juniper Networks, Inc., ...

1. An apparatus comprising:
a lock that comprises:
a locking mechanism that secures an electronic module to a telecommunication system; and
an ejection handle coupled to the locking mechanism such that application of physical force to the ejection handle ejects
the electronic module from the telecommunication system by undoing the locking mechanism; and

a cross-bar coupled to the lock and movable in conjunction with the ejection handle such that:
the cross-bar facilitates access to a row of power connectors arranged along a surface of the electronic module when the ejection
handle is positioned in a first position;

the cross-bar blocks access to the row of power connectors arranged along the surface of the electronic module when the ejection
handle is positioned in a second position; and

the cross-bar prevents insertion of a power cord into any power connector within the row of power connectors when the ejection
handle is positioned in the second position.

US Pat. No. 9,667,550

ADVERTISING TRAFFIC ENGINEERING INFORMATION WITH THE BORDER GATEWAY PROTOCOL FOR TRAFFIC ENGINEERED PATH COMPUTATION

Juniper Networks, Inc., ...

1. A method comprising:
receiving, with a network device from an area border router logically located within a second routing protocol domain, a routing
protocol advertisement for an exterior gateway routing protocol;

decoding traffic engineering information for a traffic engineering link from the routing protocol advertisement, wherein the
decoded traffic engineering information includes at least one router identifier for an anchor node of the traffic engineering
link;

determining, by the network device, a first traffic engineered path for a label-switched path (LSP) from a source router logically
located within the first routing protocol domain to a destination router logically located within the second routing protocol
domain;

determining, by the network device, a second traffic engineered path for a bypass LSP for the LSP by selecting, in response
to determining that at least one router identifier for the anchor node of the traffic engineering link is an area border router
for the first routing protocol domain, the traffic engineering link for inclusion in the second traffic engineered path based
on the decoded traffic engineering information; and

establishing, by the network device, the LSP along the first traffic engineered path and the bypass LSP along the second traffic
engineered path.

US Pat. No. 9,621,449

APPLICATION-LAYER TRAFFIC OPTIMIZATION SERVICE MAP UPDATES

Juniper Networks, Inc., ...

1. A method comprising:
aggregating, by an application-layer traffic optimization (ALTO) server that stores network topology information for a network
of a plurality of endpoints that provides a service, the plurality of endpoints into a plurality of provider-defined identifiers
(PIDs), wherein each PID of the plurality of PIDs includes one or more endpoints of the plurality of endpoints;

generating, by the ALTO server, an ALTO map for the service that includes representations of each of the PIDs and outputting
the ALTO map to a client of the ALTO server;

receiving, by the ALTO server, a status update for an endpoint of the plurality of endpoints that comprises information indicating
a condition of the endpoint that affects a performance of the endpoint with respect to the service;

generating, by the ALTO server and based on the status update for the endpoint, an updated ALTO map and an incremental map
revision, wherein the incremental map revision is based at least on a difference between the ALTO map and the updated ALTO
map and enables the client of the ALTO server to conform the ALTO map to the updated ALTO map to account for the received
information for the endpoint without receiving the updated ALTO map from the ALTO server; and

sending, by the ALTO server to the client, the incremental map revision without sending the updated ALTO map.

US Pat. No. 9,596,179

OPTIMIZING PRIVATE VIRTUAL LOCAL AREA NETWORKS (VLANS)

Juniper Networks, Inc., ...

1. A method comprising:
receiving, by a network device in a private virtual local area network (VLAN), a first packet;
storing, by the network device and in a media access control (MAC) address table, a MAC address of the first packet;
receiving, by the network device, a second packet;
determining, by the network device, that a MAC address of the second packet matches a MAC address entry in the MAC address
table;

determining, by the network device, that a classified VLAN signature of the second packet is not a primary VLAN signature
after determining that the MAC address of the second packet matches the MAC address entry; and

flooding, by the network device, the second packet, as unknown unicast traffic, based on determining that the classified VLAN
signature of the second packet is not the primary VLAN signature.

US Pat. No. 9,497,124

SYSTEMS AND METHODS FOR LOAD BALANCING MULTICAST TRAFFIC

Juniper Networks, Inc., ...

1. A computer-implemented method comprising:
identifying a single logical switch that comprises a plurality of physical switches, wherein:
the plurality of physical switches comprises at least a first switch and a second switch;
an ingress port of the single logical switch at the first switch is connected to an egress port of the single logical switch
at the second switch by a first path that extends from the first switch to the second switch; and

the ingress port of the single logical switch at the first switch is also connected to the egress port of the single logical
switch at the second switch by a second path that extends from the first switch to the second switch;

calculating a plurality of multicast distribution trees for distributing multicast traffic from ingress ports of the single
logical switch to egress ports of the single logical switch by:

selecting a first root switch from the plurality of physical switches;
selecting a second root switch from the plurality of physical switches;
generating a first bi-directional tree that is rooted on the first root switch and that includes the first path; and
generating a second bi-directional tree that is rooted on the second root switch and that includes the second path, wherein
the first root switch is different than the second root switch;

receiving a plurality of multicast packets at the ingress port of the single logical switch at the first switch;
using, at each physical switch along the first path, the first bi-directional tree to transmit a first portion of the plurality
of multicast packets to the egress port of the single logical switch at the second switch; and

using, at each physical switch along the second path, the second bi-directional tree to transmit a second portion of the plurality
of multicast packets to the egress port of the single logical switch at the second switch.

US Pat. No. 9,479,479

DETECTOR TREE FOR DETECTING RULE ANOMALIES IN A FIREWALL POLICY

Juniper Networks, Inc., ...

1. A device, comprising:
one or more processors to:
receive rule information associated with a firewall policy,
the rule information including a set of rules;
add a rule, of the set of rules, to a detector tree associated with the firewall policy,
the rule being added to the detector tree as a first leaf node based on a source address, associated with the rule, and as
a second leaf node based on a destination address associated with the rule;

identify one or more other rules to which the rule is to be compared based on adding the rule as the first leaf node and as
the second leaf node,

the one or more other rules being included in the set of rules;
compare the rule and the one or more other rules;
detect a rule anomaly based on comparing the rule to the one or more other rules,
the rule anomaly being associated with a conflict between the rule and another rule of the one or more other rules;
add, to the first leaf node and based on detecting the rule anomaly, information identifying the rule anomaly and information
identifying a first node associated with the other rule and included in the detector tree; and

add, to the second leaf node and based on detecting the rule anomaly, the information identifying the rule anomaly and information
identifying a second node associated with the other rule and included in the detector tree.

US Pat. No. 9,479,538

COMBINING NETWORK ENDPOINT POLICY RESULTS

Juniper Networks, Inc., ...

1. A method comprising:
identifying, by a device, a plurality of results relating to policies associated with an endpoint,
the plurality of results including a first result and a second result,
the plurality of results being associated with a plurality of states, and
the plurality of states including:
a first state,
a second state that is different from the first state, and
a third state that is different from the first state and the second state; generating, by the device, a particular result
based on the plurality of results,

the particular result including a value that corresponds to one of the first state or the second state; and
providing, by the device, the particular result.

US Pat. No. 10,742,548

PER PATH AND PER LINK TRAFFIC ACCOUNTING

Juniper Networks, Inc., ...

1. A first device, comprising:one or more memories; and
one or more processors, communicatively coupled to the one or more memories, to:
receive a packet that includes information identifying a path through a network,
the packet being received from an external network,
the first device being a point of ingress for the network;
configure a header of the packet to include a set of packet accounting identifiers that identifies the first device and the path, and to include, in the header of the packet, an indicator that indicates a presence of the set of packet accounting identifiers in the header of the packet and indicates that the set of packet accounting identifiers is to be used to account for traffic and not for traffic forwarding;
configure the header of the packet to include a set of packet forwarding identifiers, different from the set of packet accounting identifiers, that identifies a set of devices associated with the path and via which the packet is to be forwarded,
increment a value of a per-path packet counter associated with the set of packet accounting identifiers, the per-path packet counter to be used to record a quantity of packets associated with the path;
provide the packet to a second device, of the set of devices associated with the path, via a link between the first device and the second device,
the link carrying packet traffic associated with a plurality of paths including the path;
compare the value of the per-path packet counter to eat least one per-path packet threshold; and
perform an action based on comparing the value of the per-path packet counter to the at least one per-path packet threshold.

US Pat. No. 10,742,553

FORWARDING INFORMATION BASE CACHING

Juniper Networks, Inc., ...

1. A network device, comprising:one or more memories; and
one or more processors to:
determine a control plane session type associated with a control plane session,
wherein the control plane session is associated with the network device;
determine whether the control plane session type is associated with a forwarding information base (FIB) cache on the network device;
obtain, based on determining that the control plane session type is associated with the FIB cache, forwarding information associated with the control plane session,
wherein the forwarding information is stored in a FIB, associated with the FIB cache, on the network device;
store the forwarding information in the FIB cache;
process the control plane session using the forwarding information stored in the FIB cache;
determine another control plane session type associated with another control plane session between the network device and another network device,
wherein the other control plane session type is different from the control plane type;
determine whether the other control plane session type is associated with the FIB cache; and
process, based on determining that the other control plane session type is not associated with the FIB cache, a packet using forwarding information, associated with the other control plane session, stored in the FIB.

US Pat. No. 10,742,557

EXTENDING SCALABLE POLICY MANAGEMENT TO SUPPORTING NETWORK DEVICES

Juniper Networks, Inc., ...

1. A method comprising:obtaining, by a policy controller, a policy to be enforced by a supporting network device of a switch fabric coupled to a server;
identifying, by the policy controller, a port of the supporting network device to which the server is coupled via the switch fabric;
identifying, by the policy controller, a workload executed by the server to which the policy is associated;
converting, by the policy controller, the policy into configuration data supported by the supporting network device, the configuration data indicating that a portion of the policy is to be enforced at the identified port; and
configuring, by the policy controller and based on the configuration data supported by the supporting network device, the supporting network device to enforce the portion of the policy with respect to network traffic passing between the supporting network device and the workload executed by the server via the identified port.

US Pat. No. 10,680,831

SINGLE POINT OF MANAGEMENT FOR MULTI-CLOUD ENVIRONMENT INCLUDING ROUTE PROPAGATION, SECURITY, AND APPLICATION DEPLOYMENT

Juniper Networks, Inc., ...

1. A system comprising:a plurality of virtual computing environments (VCEs) in a multi-cloud network;
a plurality of connect gateway routers, wherein each connect gateway router is associated with a logical endpoint within a logical tunnel mesh for respective VCEs; and
a single software-defined networking (SDN) controller, executing on processing circuitry, configured to:
establish the logical tunnel mesh to interconnect the plurality of VCEs in the multi-cloud network via respective connect gateway routers, wherein to establish the logical tunnel mesh, the SDN controller is configured to determine one or more logical tunnels from the logical tunnel mesh to establish one or more communication links between a first VCE and a second VCE of the plurality of VCEs in the multicloud network; and
advertise the one or more logical tunnels to the first VCE and the second VCE.

US Pat. No. 10,644,948

HYPERVISOR DETECTION OF VIRTUAL MACHINE AND NETWORK INTERFACE COMPATIBILITY

Juniper Networks, Inc., ...

1. A device, comprising:a memory; and
one or more processors to:
receive information associated with a set of types of virtual network interface cards (vNICs),
a hypervisor, of the device, being capable of connecting a vNIC, to a virtual bus, to connect a virtual machine, of the device, to a network;
connect the vNIC, to the virtual bus, based on the information associated with the set of types of vNICs,
the vNIC being associated with a type of the set of types;
determine that the virtual machine detected the vNIC after connecting the vNIC to the virtual bus;
determine a difference between a current time and a time at which the virtual machine detected the vNIC; and
determine whether a threshold amount of time has elapsed based on whether the difference satisfies the threshold amount of time;
determine whether the virtual machine is compatible with the vNIC based on whether the threshold amount of time has elapsed; and
selectively connect another vNIC, to the virtual bus, based on determining whether the virtual machine is compatible with the vNIC,
the other vNIC being associated with another type of the set of types, and
the other type being different than the type.

US Pat. No. 10,645,475

DATA CENTER ARCHITECTURE UTILIZING OPTICAL SWITCHES

Juniper Networks, Inc., ...

1. A method for routing data in a switch network, the method comprising:receiving, by a plurality of edge switches, data packets from a plurality of host devices, the plurality of edge switches arranged in a first switch level, the switch network further comprising a second switch level and an optical switch level arranged between the first switch level and the second switch level, the second switch level comprising a plurality of electronic switches, the optical switch level comprising one or more optical switches that are configured to change connections between the first switch level and the second switch level;
changing connections between the first switch level and the second switch level of electronic switches using the one or more optical switches in the optical switch level; and
receiving, by a plurality of spine switches in the second switch level of electronic switches, the data packets using the connections changed by the one or more optical switches in the optical switch level.

US Pat. No. 10,642,667

APPARATUS, SYSTEM, AND METHOD FOR EFFICIENTLY SHARING DATA BETWEEN PROCESSES

Juniper Networks, Inc., ...

1. A method comprising:identifying a data object that:
was generated by a producer process running on a computing device; and
is to be accessed by a consumer process running on the computing device;
determining at least one structural characteristic of the data object that indicates how data is stored within the data object;
storing, within a portion of shared memory on the computing device that is accessible to both the producer process and the consumer process:
the data object; and
the structural characteristic of the data object;
disclosing, to the consumer process, locations of both the data object and the structural characteristic of the data object within the shared memory such that the consumer process is able to extract the data in the data object from the shared memory; and
accessing, by the consumer process, the data in the data object by extracting the data object from the shared memory, wherein extracting the data object from the shared memory comprises receiving the data in the data object via an application program interface that operates as part of the data object within the shared memory.

US Pat. No. 10,644,821

METHODS AND APPARATUS FOR ADAPTIVE COMPENSATION OF SIGNAL BANDWIDTH NARROWING THROUGH FINITE IMPULSE RESPONSE FILTERS

Juniper Networks, Inc., ...

1. A processor-readable non-transitory medium storing code representing instructions to be executed by a processor, the code comprising code to cause the processor to:receive a first signal at a network management device, the first signal representing a bandwidth of an analog signal received at an analog-to-digital converter (ADC) operatively coupled to a transmitter, the analog signal being transmitted by a transmitter operatively coupled to a finite impulse response (FIR) filter configured to receive a digital signal that is converted to the analog signal, the first signal being generated based at least in part on raw sampling data generated by the ADC; and
send a control signal representing the bandwidth of the analog signal to the FIR filter so as to change at least one operating parameter of the FIR filter.

US Pat. No. 10,644,824

WAVELENGTH PROVISIONING FOR CUSTOMER PREMISE EQUIPMENT (CPE) IN DENSE WAVELENGTH-DIVISION MULTIPLEX (DWDM) NETWORKS

Juniper Networks, Inc., ...

1. A method, comprising:sending, from an edge router to a first customer router disposed at a first customer premise, a first link layer discovery protocol (LLDP) signal while a first transmitter of the first customer router is maintained in an OFF state, the first LLDP signal including information of a first designated wavelength from a dense wavelength division multiplexing (DWDM) scheme to be used by the first customer router;
receiving, at the edge router and from the first customer router using the first transmitter, a first optical signal at the first designated wavelength in response to receiving the first LLDP signal;
sending, from the edge router to a second customer router disposed at a second customer premise, a second LLDP signal while a second transmitter of the second customer router is maintained in an OFF state, the second LLDP signal including information of a second designated wavelength from the DWDM scheme to be used by the second customer router; and
receiving, at the edge router and from the second customer router using the second transmitter, a second optical signal at the second designated wavelength in response to receiving the second LLDP signal.

US Pat. No. 10,645,095

SELECTIVE VERIFICATION OF SIGNATURES BY NETWORK NODES

Juniper Networks, Inc., ...

1. A network node, comprising:a memory; and
one or more processors to:
receive a message associated with a plurality of valid signatures,
the plurality of valid signatures including a respective signature corresponding to each node that transmitted the message across a node group boundary, and
the plurality of valid signatures including:
one or more first signatures which were not validated by a sender of the message, and
one or more second signatures which were not validated by a trusted node,
 the one or more first signatures being different than the one or more second signatures;
determine that a recipient node is not permitted to receive a valid signature chain, the valid signature chain including the plurality of valid signatures; and
provide the message to the recipient node without providing the valid signature chain based on determining that the recipient node is not permitted to receive the valid signature chain.

US Pat. No. 10,571,638

APPARATUS SYSTEM, AND METHOD FOR MITIGATING ELECTROMAGNETIC NOISE IN CONNECTION WITH OPTICAL MODULES IN TELECOMMUNICATIONS DEVICES

Juniper Networks, Inc., ...

1. An apparatus comprising:a cage that:
is coupled to a circuit board of a telecommunications device; and
includes a compartment dedicated to housing an optical module that facilitates communication for the telecommunications device;
a heatsink that includes a pedestal, wherein the heatsink:
sits on top of the cage in a base position such that the pedestal extends into the compartment of the cage via an opening of the cage when the optical module is not installed in the cage;
is lifted from the base position to an elevated position as the optical module is installed into the cage due to physical contact between the pedestal and the optical module;
absorbs heat generated by the optical module during operation in the telecommunications device by way of the physical contact between the pedestal and the optical module;
a gasket that:
resides between the heatsink and the cage;
fills space between the heatsink and the cage;
extends from the opening of the cage to a first wall of the cage beyond a first edge of the heatsink;
extends from the opening of the cage to a second wall of the cage beyond a second edge of the heatsink;
reduces electromagnetic noise in connection with the operation of the optical module in the telecommunications device; and
is adhered to the heatsink by an adhesive that holds the gasket against the heatsink even when the optical module is removed from the cage.

US Pat. No. 10,558,542

INTELLIGENT DEVICE ROLE DISCOVERY

Juniper Networks, Inc., ...

1. A method of modeling services in a network, comprising:identifying externally mapped attributes in a vendor neutral yang model of a network service;
assigning an attribute type to one or more of the externally mapped attributes, wherein assigning includes determining, by a learning system, the attribute type of one or more of the externally mapped attributes based on an analysis of attribute types assigned to the externally mapped attributes of other network services;
constructing a separate dependency graph for each of the externally mapped attributes; and
building a separate hidden service model for each of the externally mapped attributes, wherein the externally mapped attribute for each hidden service model is a merge attribute for that hidden service model.

US Pat. No. 10,560,370

INTELLIGENT EXCEPTION RECOVERY IN NETWORK SERVICES

Juniper Networks, Inc., ...

1. A method, comprising:configuring, based on first network service configuration information, a first network service, the first network service including an endpoint and a plurality of externally mapped attributes, including one or more service level attributes and an endpoint attribute associated with the endpoint, the first network service configuration information including current values for each of the externally mapped attributes;
detecting an exception in the first network service;
modifying the first network service based on a second network service, the second network service including an endpoint and a plurality of externally mapped attributes, including one or more service level attributes, wherein modifying the first network service includes assigning the current value of the endpoint attribute of the first network service to the endpoint attribute of the second network service; and
validating the externally mapped attributes of the second network service, wherein validating includes comparing values assigned to the service level attributes of the second network service to values of service level attributes of similar network services maintained by a learning engine and generating a validation error if values for one or more of the externally mapped attributes of the second network service are not consistent with a service model.

US Pat. No. 10,551,575

OPTICAL COUPLER INCLUDING A FARADAY ROTATOR LAYER AND AT LEAST ONE GRATING COUPLER

Juniper Networks, Inc., ...

1. A device, comprising:a Faraday rotator layer configured to:
receive first light having a first polarization orientation,
receive second light having a second polarization orientation orthogonal to the first polarization orientation, the first light and the second light being coincident along a single optical path,
propagate the first light through the Faraday rotator layer to form third light, the third light having a third polarization orientation angled by forty-five degrees with respect to the first polarization orientation, and
propagate the second light through the Faraday rotator layer to form fourth light, the fourth light having a fourth polarization orientation angled by forty-five degrees with respect to the second polarization orientation; and
a planar redirection layer including a dual-polarization grating coupler, the planar redirection layer configured to redirect the third light to propagate along a first redirected path within the planar redirection layer and redirect the fourth light to propagate along a second redirected path within the planar redirection layer, the second redirected path being angled with respect to the first redirected path, the dual-polarization grating coupler including a region in which a refractive index varies periodically in two directions, a first of the two directions being orthogonal to the first redirected path, a second of the two directions being orthogonal to the second redirected path, the periodic variations in refractive index being curved in shape, with a curvature configured to focus the redirected third light onto a longitudinal end of a first waveguide, the curvature further configured to focus the redirected fourth light onto a longitudinal end of a second waveguide.

US Pat. No. 10,547,549

PROCESSING DATA FLOWS BASED ON INFORMATION PROVIDED VIA BEACONS

Juniper Networks, Inc., ...

1. A method comprising:performing, by a service plane component of a network device, a service on an initial group of packets associated with a data flow;
determining, by the service plane component, that a subsequent group of packets of the data flow do not need to be serviced based on a result of performing the service on the initial group of packets;
providing, by the service plane component and based on determining that the subsequent group of packets do not need to be serviced, an offload request to a forwarding plane component of the network device to cause the forwarding plane component to bypass the service plane component when transmitting the subsequent group of packets towards a destination device;
receiving, by the service plane component based on providing the offload request and without receiving the subsequent group of packets, a beacon from the forwarding plane component,
the beacon including:
first information indicating whether a message has been received by the forwarding plane component,
the message including:
 the offload request,
 a request for the forwarding plane component to discontinue offloading the data flow, or
 an indication that the data flow has ended, or
second information indicating that the data flow has ended; and
selectively:
resending, by the service plane component, the message based on the beacon including the first information and the first information indicating that the message has not been received by the forwarding plane component, or
processing, by the service plane component, ended data flow based on the beacon including the second information.

US Pat. No. 10,547,408

METHODS AND APPARATUS FOR IMPROVING THE SKEW TOLERANCE OF A COHERENT OPTICAL TRANSPONDER IN AN OPTICAL COMMUNICATION SYSTEM

Juniper Networks, Inc., ...

1. An apparatus, comprising:a memory; and
a processor operatively coupled to the memory, the processor configured to be operatively coupled to a first optical transponder and a second optical transponder,
the processor configured to receive, from the second optical transponder, a first signal representing a skew value of an optical signal and a second signal representing a bit-error-rate (BER) value of the optical signal, the optical signal transmitted from the first optical transponder and received at the second optical transponder, the skew value associated with a skew between an in-phase component of the optical signal and a quadrature component of the optical signal,
the processor configured to determine, based on at least one of the skew value or the BER value, if a performance degradation of the first optical transponder satisfies a threshold,
when the performance degradation of the first optical transponder satisfies the threshold,
the processor sending a first control signal to the first optical transponder to adjust a wavelength characteristic of a transmitter channel from a plurality of transmitter channels of the first optical transponder,
the processor sending a second control signal to a Wavelength Selective Switch (WSS) operatively coupled to the first optical transponder to adjust, based on the wavelength characteristic of the transmitter channel, a wavelength characteristic of the WSS,
the processor sending a third control signal to the first optical transponder to adjust, based on the performance degradation, at least one of a pulse shaping of the first optical transponder or a data baud rate of the first optical transponder.

US Pat. No. 10,476,792

MEDIA ACCESS CONTROL ADDRESS AND INTERNET PROTOCOL ADDRESS BINDING PROXY ADVERTISEMENT FOR NETWORK DEVICES OF A NETWORK

Juniper Networks, Inc., ...

15. A method, comprising:transmitting, by a device, a request for Internet Protocol (IP)/media access control (MAC) binding information associated with a host device;
receiving, by the device, a response, to the request for IP/MAC binding information, identifying the IP/MAC binding information; and
advertising, by the device, route information for directing network traffic for a network based on receiving the response identifying the IP/MAC binding information,
the route information identifying the IP/MAC binding information associated with the host device.

US Pat. No. 10,474,518

OBTAINING HISTORICAL INFORMATION IN A DEVICE CORE DUMP

Juniper Networks, Inc., ...

1. A device, comprising:one or more memories, and
one or more processors, communicatively coupled to the one or more memories, to:
gather, from a kernel of the device, information related to an operation of the device during each of a plurality of time intervals;
store, for each time interval of the plurality of time intervals, the information in a respective slot of a circular buffer that includes a plurality of slots,
the circular buffer being used to store a historical record of the information in at least two slots of the plurality of slots,
the historical record to be provided from the circular buffer during a dump of the device;
compare first information stored in a first slot of the at least two slots and second information stored in a second slot of the at least two slots;
obtain, based on comparing the first information and the second information, result data for diagnosing or debugging the dump of the device; and
provide the result data and the historical record during the dump of the device based on storing the historical record of the information in the at least two slots of the plurality of slots.

US Pat. No. 10,469,360

REVERSE METRIC ADVERTISEMENT FOR BORDER GATEWAY PROTOCOL ROUTE REFLECTION INHIERARCHICAL NETWORKS

Juniper Networks, Inc., ...

1. A method comprising:by a first network device positioned on a border of a first area of a multi-area hierarchical network and a second area of the multi-area hierarchical network, determining a first cost associated with sending network traffic from a client group to the first network device, wherein the client group is positioned in the first area, the first area and the second area being distinct routing domains of the multi-area hierarchical network, wherein determining the first cost associated with sending network traffic from a client group to the first network device comprises performing a modified shortest-path first (SPF) path selection process with the first network device as a source, wherein the modified SPF path selection process utilizes a cost of an incoming interface of the first network device rather than an outgoing interface of the first network device to determine the first cost; and
outputting, by the first network device to a second network device positioned in the second area, a routing advertisement message that specifies (1) the first cost and (2) a second cost associated with sending network traffic from the first network device to the client group, the first cost being different from the second cost, wherein the routing advertisement message specifies the first cost in a sub-type-length-value (sub-TLV) of the routing advertisement message designated for carrying the first cost determined using the modified SPF path selection process.

US Pat. No. 10,469,453

GRANULAR OFFLOADING OF A PROXIED SECURE SESSION

Juniper Networks, Inc., ...

1. A device, comprising:a memory; and
one or more processors to:
receive encrypted traffic associated with a secure session;
determine, based on the encrypted traffic and before forwarding the encrypted traffic, information associated with an offload service to be applied to the encrypted traffic associated with the secure session,
the information associated with the offload service indicating whether the encrypted traffic is permitted to bypass inspection by one or more security services;
determine, based on the information associated with the offload service, whether a threshold amount of data has been inspected;
determine whether another threshold, associated with the secure session, has been satisfied,
the other threshold including a period of time during which the encrypted traffic, associated with the secure session, is to be inspected; and
selectively permit the encrypted traffic, associated with the secure session, to bypass inspection by the one or more security services based on whether the threshold amount of data has been inspected and based on whether the other threshold, associated with the secure session, has been satisfied.

US Pat. No. 10,466,420

PHOTONIC INPUT/OUTPUT COUPLER ALIGNMENT

Juniper Networks, Inc., ...

1. A method comprising:actively aligning an optical connector with a first loopback alignment feature formed in a substrate of a photonic chip by coupling light from a light source external to the photonic chip via a first channel of the optical connector into the first loopback alignment feature and measuring light received from the first loopback alignment feature via a second channel of the optical connector with a detector external to the photonic chip, the loopback alignment feature being optically unconnected to a photonic integrated circuit (PIC) formed in the substrate of the photonic chip;
actively aligning the optical connector with a second loopback alignment feature formed, unconnected to the PIC, in the substrate of the photonic chip by coupling light from the light source via the first channel of the optical connector into the second loopback alignment feature and measuring light received from the second loopback alignment feature via the second channel of the optical connector with the detector;
following active alignment of the optical connector with the first and second loopback alignment features, moving the optical connector, based on known positions of the first and second loopback alignment features relative to input/output couplers of the PIC, to a position aligned with the input/output couplers of the PIC; and
locking the optical connector in place in the position aligned with the input/output couplers of the PIC.

US Pat. No. 10,419,356

APPARATUS, SYSTEM, AND METHOD FOR DISCOVERING NETWORK PATH MAXIMUM TRANSMISSION UNITS

Juniper Networks, Inc, S...

1. A method comprising:forwarding, along a network path, a test packet that is:
destined for a particular invalid port on a destination device, the particular invalid port being:
not configured to handle packets; and
designated for use in discovering path maximum transmission units; and
fragmented by an intermediary device within the network path according to a maximum transmission unit value of a network interface on the intermediary device;
receiving an error packet sent by the destination device in response to having determined that the test packet is destined for the particular invalid port;
determining a path maximum transmission unit value of the network path by identifying, within the error packet, a size of a largest fragmented segment of the test packet received by the destination device; and
forwarding, along the network path, packets sized to comply with the path maximum transmission unit value such that the packets remain unfragmented upon reaching the destination device.

US Pat. No. 10,382,341

LABEL SWITCHED PATH PREEMPTION AVOIDANCE

Juniper Networks, Inc., ...

1. A method comprising:determining, by a router, whether a link is congested based at least in part on an amount of available bandwidth on the link; and
responsive to determining that the link is congested:
setting, by the router, a bandwidth subscription for the link, wherein the bandwidth subscription specifies a respective amount of bandwidth available for each different label switched path priority level from a plurality of different label switched path priority levels such that the amount of available bandwidth on the link for label switched paths having priority levels that satisfy a lower priority level threshold is less than an amount of available bandwidth on the link and less than the amount of available bandwidth on the link for label switched paths having priority levels that do not satisfy the lower priority level threshold; and
responsive to setting the bandwidth subscription, sending, by the router and to at least one other router in a network, an indication that a first amount of bandwidth is available for the label switched paths having priority levels that satisfy the lower priority level threshold and that a second amount of bandwidth is available for the label switched paths having priority levels that do not satisfy the lower priority level threshold, wherein the first amount of bandwidth is less than the second amount of bandwidth, and wherein the first amount of bandwidth is less than the amount of available bandwidth on the link.

US Pat. No. 10,296,406

ESTIMATING BIT ERROR RATE

Juniper Networks, Inc., ...

1. A device, comprising:one or more memories; and
one or more processors, communicatively couple to the one or more memories, to:
identify a quantity of bit errors that occur in a bit stream during a time interval;
select an approach for determining an estimated bit error rate (BER) for the bit stream based on the quantity of bit errors,
a first approach being selected when the device detects errors more frequently than a BER identified by an accuracy threshold,
the first approach to determine the estimated BER for the bit stream based on a previously determined BER, or
a second approach being selected when the device detects errors less frequently than the BER identified by the accuracy threshold,
the second approach to determine the estimated BER for the bit stream based on a sliding window;
determine the estimated BER for the bit stream using the selected approach; and
selectively perform an action based on whether the estimated BER satisfies the accuracy threshold,
the action including at least one of:
providing information to another device indicating that the estimated BER satisfies the accuracy threshold,
rerouting the bit stream to the another device, or
providing a link failure state indication to the another device.

US Pat. No. 10,291,750

AGGREGATING DATA SESSIONS BETWEEN AUTONOMOUS SYSTEMS

Juniper Networks, Inc., ...

1. A method comprising:receiving, by an autonomous system boundary router (ASBR) of a first autonomous system (AS) communicatively coupled to a second AS via a Transmission Control Protocol (TCP) gateway connection, a plurality of TCP data segments from a plurality of TCP connections coupling network devices of the first AS and network devices of the second AS;
adding, by the ASBR, a connection identifier to each of the plurality of TCP data segments, wherein the connection identifier is associated with connection flow information of at least one of the plurality of TCP connections;
appending, by the ASBR, the plurality of TCP data segments and their connection identifiers to form an appended TCP data segment, wherein appending the plurality of TCP data segments comprises:
adding, by the ASBR, TCP gateway connection sequence numbers to each of the plurality of TCP data segments, and
maintaining, by the ASBR and based on the TCP gateway connection sequence numbers, a sequence number list of TCP data segments to be acknowledged; and
transmitting, by the ASBR and via the TCP gateway connection, the appended TCP data segment to another ASBR of the second AS.

US Pat. No. 10,291,522

APPLICATIONS-AWARE TARGETED LDP SESSIONS

Juniper Networks, Inc., ...

1. A method comprising:receiving, by a network device, a Label Distribution Protocol (LDP) initialization message to initiate a targeted LDP session with a peer network device, the LDP initialization message including a Targeted Applications Capability (TAC) field specifying one or more applications for which the targeted LDP session is to be used for advertising forwarding equivalence class (FEC)-label bindings between the network device and the peer network device;
determining, by the network device and in response to receiving the LDP initialization message, one or more common applications among the one or more applications specified by the TAC field and one or more applications supported by the network device; and
allowing, by the network device, the targeted LDP session to be established for sending only FEC-label bindings of types corresponding to the one or more common applications.

US Pat. No. 10,277,500

APPLICATION-LAYER TRAFFIC OPTIMIZATION SERVICE ENDPOINT TYPE ATTRIBUTE

Juniper Networks, Inc., ...

1. A method comprising:obtaining, by an application-layer traffic optimization (ALTO) server, a first provider-defined identifier (PID)-type attribute that identifies an endpoint type for a first endpoint;
obtaining, by the ALTO server, a second PID-type attribute that identifies an endpoint type for a third endpoint;
generating, by the ALTO server, an ALTO network map that includes a first PID, a second PID, and a third PID, wherein the first PID specifies the first endpoint and includes a PID-type field that specifies the first PID-type attribute, wherein the second PID specifies a second endpoint, and wherein the third PID specifies the third endpoint and includes a PID-type field that specifies the second PID-type attribute;
determining, by the ALTO server based on the first PID-type attribute specified by the first PID, a first provider-defined cost to exchange content between the first endpoint of the first PID and the second endpoint specified by the second PID;
determining, by the ALTO server based on the second PID-type attribute specified by the third PID, a second provider-defined cost to exchange content between the third endpoint specified by the third PID and the second endpoint specified by the second PID, wherein the second provider-defined cost is greater than the first provider-defined cost;andoutputting, by the ALTO server, an indication of the first provider-defined cost and an indication of the second provider-defined cost.

US Pat. No. 10,249,596

FAN-OUT IN BALL GRID ARRAY (BGA) PACKAGE

Juniper Networks, Inc., ...

1. A device comprising:a set of at least four integrated circuits (ICs);
a first multi-chip module (MCM) substrate comprising a communication link and a first ball grid array (BGA), wherein the first BGA comprises a first pitch indicative of a distance between balls of the first BGA, wherein each IC of the set of at least four ICs is coplanar mounted to a surface of the first MCM substrate, wherein the communication link couples a first IC of the set of at least four ICs to a second IC of the set of at least four ICs, and wherein the first MCM substrate comprises organic, non-silicon insulating material;
a second MCM substrate coupled to the first MCM substrate with the first BGA, the second MCM substrate comprising a second BGA, wherein the second BGA comprises a second pitch indicative of a distance between balls of the second BGA, wherein the second pitch is greater than the first pitch, and wherein the second MCM substrate comprises organic, non-silicon insulating material; and
a printed circuit board (PCB) coupled to the second MCM substrate with the second BGA.

US Pat. No. 10,250,634

APPARATUS, SYSTEM, AND METHOD FOR PROTECTING AGAINST DENIAL OF SERVICE ATTACKS USING ONE-TIME COOKIES

Juniper Networks, Inc, S...

1. An apparatus comprising:a storage device that stores a set of cookies that facilitate authenticating packets received from a node within a network; and
a processing unit communicatively coupled to the storage device, wherein the processing unit:
receives, from the node within the network, at least one time-synchronization packet that is formatted in a time-synchronization protocol as part of a time-synchronization operation;
identifies a cookie included in the time-synchronization packet received from the node;
searches the set of cookies stored in the storage device for the cookie included in the time-synchronization packet received from the node;
identifies, within the set of cookies stored in the storage device, the cookie included in the time-synchronization packet received from the node;
protects against a Denial of Service (DoS) attack by authenticating the legitimacy of the time-synchronization packet by:
confirming that the cookie included in the time-synchronization packet is identified in the set of cookies stored in the storage device; and
ensuring that the time-synchronization packet did not originate from a malicious node masquerading as a trusted peer; and
synchronizes the apparatus with the node based at least in part on a time-synchronization calculation that accounts for the time-synchronization packet.

US Pat. No. 10,250,500

PERFORMING A SERVICE ON A PACKET

Juniper Networks, Inc., ...

1. A first device, comprising:a memory; and
one or more processors to:
receive first route information from a second device,
the first route information identifying the second device as a next hop for a packet to be sent toward a destination other than the first device, and
the first route information including a source identifier that identifies a source from which the packet is provided;
generate second route information based on receiving the first route information,
the second route information identifying the first device as the next hop for the packet when the packet is to be sent toward the destination;
provide the second route information to a third device based on generating the second route information,
the third device being the source of the packet;
receive the packet from the third device after providing the second route information to the third device;
perform a service on the packet based on receiving the packet from the third device,
the service being performed on the packet prior to providing the packet to the second device,
the first device performing the service based on the first device being identified by the second route information as the next hop for the packet; and
perform an action related to the packet based on performing the service on the packet,
the action including:
providing the packet toward the destination, via the second device, according to the first route information, or
dropping the packet.

US Pat. No. 10,230,709

METHOD, SYSTEM, AND APPARATUS FOR DELEGATING CONTROL OVER THE CONFIGURATION OF MULTI-TENANT NETWORK DEVICES

Juniper Networks, Inc., ...

1. A method comprising:providing a framework that enables a customer entity of a service provider to configure, via a customer portal, a network device of the service provider that directs network traffic of the customer entity;
creating, for the customer entity by way of the framework, a virtual network that includes at least a portion of the network device of the service provider;
authenticating the customer entity by:
obtaining at least one user credential from the customer entity via the customer portal;
confirming that the user credential obtained from the customer entity corresponds to at least one reference credential stored in connection with the virtual network; and
in response to confirming that the user credential corresponds to the reference credential, providing the customer entity with an authentication token that includes identification information that identifies:
the customer entity; and
a role of a user representing the customer entity;
detecting an attempt by the customer entity to configure at least a portion of the virtual network via the customer portal by receiving, from the customer entity via the customer portal, the authentication token and a configuration request that identifies the portion of the virtual network to be configured;
determining that the customer entity has authorization to configure the portion of the virtual network by:
determining that the portion of the virtual network belongs to the customer entity identified by the authentication token; and
determining that the role of the user representing the customer entity provides the user with authorization to configure the portion of the virtual network on behalf of the customer entity; and
in response to detecting the attempt by the customer entity, performing a configuration operation that configures the portion of the virtual network as directed by the customer entity via the customer portal.

US Pat. No. 10,211,917

METHODS AND APPARATUS FOR PREDICTING AND MONITORING PERFORMANCE OF A COHERENT OPTICAL TRANSCEIVER

Juniper Networks, Inc., ...

13. A method, comprising:measuring, in response to a varying control parameter, a plurality of receiver optical power (ROP) values of a first optical transceiver that is operatively coupled to a network;
measuring, in response to a varying control parameter, a plurality of bit error rate (BER) values of a plurality of digital modulated signals at an input port of the first optical transceiver;
determining an estimated optical signal noise ratio (OSNR) value of the plurality of digital modulated signals at the input port of the first optical transceiver based on the plurality of ROP values and the plurality of BER values; and
sending a signal indicating the estimated OSNR value such that a planned route is selected for sending data signals via one of the first optical transceiver and a second optical transceiver based on the estimated OSNR value, the second optical transceiver operatively coupled to the network.

US Pat. No. 10,205,787

METHOD, SYSTEM, AND APPARATUS FOR REDUCING THE SIZE OF ROUTE UPDATES

Juniper Networks, Inc., ...

1. A method comprising:establishing a communication session between a plurality of network nodes to enable the plurality of network nodes to exchange route updates with one another;
providing, by one of the network nodes, at least a portion of an adaptive compression algorithm to another one of the network nodes;
notifying the other network node of a window size of the adaptive compression algorithm;
during the communication session:
detecting, at the network node, at least one route update to send to the other network node;
identifying a minimum threshold that represents a certain amount of data needed to apply the adaptive compression algorithm;
determining that the route update does not yet reach the certain amount of data required by the minimum threshold;
waiting until the certain amount of data is reached in connection with the route update; and
once the certain amount of data is reached in connection with the route update, compressing, at the network node, the route update to reduce an amount of data included in the route update by:
identifying a certain pattern of data included in the route update; and
applying, to the route update, the adaptive compression algorithm with the notified window size to remove the certain pattern of data from the route update; and
upon compressing the route update, sending the compressed route update to the other network node to enable the other network node to forward traffic along a path whose route is advertised in the compressed route update.

US Pat. No. 10,200,509

RELATIVE AIRTIME FAIRNESS IN A WIRELESS NETWORK

Juniper Networks, Inc., ...

1. A device, comprising:one or more processors to:
generate a frame that includes data to be provided to a client device,
the data being associated with a data rate corresponding to the client device;
determine rate information associated with a set of client devices,
the rate information identifying the data rate and one or more other data rates,
the data rate being different than the one or more other data rates,
the one or more other data rates including another data rate at which other data is to be provided to a different client device, and
the set of client devices including the client device and the different client device;
determine, based on the data rate, the other data rate, and a frame size of the frame, a relative frame transmission time (RFTT) associated with the frame;
determine a frame scheduling number (FSN), associated with the frame, based on the RFTT;
schedule the frame for provision to the client device based on the FSN; and
provide the frame to the client device based on scheduling the FSN,
the frame being provided to cause relative airtime fairness between a first group of frames, corresponding to the data rate, and a second group of frames, corresponding to the one or more other data rates, to be achieved,
the first group of frames including the frame.

US Pat. No. 10,193,698

AVOIDING INTERDICTED CERTIFICATE CACHE POISONING FOR SECURE SOCKETS LAYER FORWARD PROXY

Juniper Networks, Inc., ...

1. A method, comprising:receiving, by a device, a message associated with establishing a secure session, the message including a first certificate chain associated with a server device, the first certificate chain including a plurality of certificates;
providing, by the device, information associated with each of the plurality of certificates included in the first certificate chain as an input to a cryptographic hash function;
receiving, by the device, a first certificate fingerprint as an output of the cryptographic hash function;
determining, by the device, that the device stores or has access to a certificate cache entry associated with the first certificate chain;
identifying, by the device and based on determining that the device stores or has access to the certificate cache entry, a second certificate fingerprint associated with the certificate cache entry, the second certificate fingerprint being based on a second certificate chain that has been validated;
determining, by the device, whether the first certificate fingerprint matches the second certificate fingerprint; and
identifying and providing, by the device, a stored interdicted certificate associated with the second certificate chain or the second certificate fingerprint based on determining that the first certificate fingerprint matches the second certificate fingerprint; orgenerating and providing, by the device, a generated interdicted certificate, associated with the first certificate chain, based on determining that the first certificate fingerprint does not match the second certificate fingerprint.

US Pat. No. 10,193,746

DEADLOCK AVOIDANCE USING MODIFIED ETHERNET CONNECTIVITY FAULT MANAGEMENT SIGNALING

Juniper Networks, Inc., ...

1. A first maintenance endpoint (MEP) device, comprising:a memory; and
one or more processors to:
identify that a first interface of the first MEP device is associated with a connectivity failure;
provide, to a second MEP device, a first continuity check message (CCM), that includes a MEP identifier of the first MEP device, based on identifying that the first interface of the first MEP device is associated with the connectivity failure,
the first CCM to cause the second MEP device to invoke an action profile,
the second MEP device to designate a second interface of the second MEP device as being offline based on the action profile;
receive, from the second MEP device, a second CCM, that includes the MEP identifier of the first MEP device and information indicating that the second interface of the second MEP device is offline, based on the second MEP device designating the second interface of the second MEP device as being offline; and
execute a rule to avoid a deadlock situation based on the second CCM including the MEP identifier of the first MEP device.

US Pat. No. 10,181,999

OPTIMIZING INFORMATION RELATED TO A ROUTE AND/OR A NEXT HOP FOR MULTICAST TRAFFIC

Juniper Networks, Inc., ...

1. A first device, comprising:a memory; and
one or more processors to:
receive information that identifies a second device,
the second device being connected to the first device or a third device via an ingress interface of the first device or the third device;
determine whether the second device is connected to the first device or the third device,
the second device being local to the first device when connected to the first device,
the second device being remote to the first device when connected to the third device;
store first route information or second route information based on determining whether the second device is connected to the first device or the third device,
the first route information identifying a route associated with the second device,
the first route information being stored when the second device is local,
the second route information identifying an aggregated route for multiple devices,
the second route information being stored when the second device is remote, and
the multiple devices including the second device; and
provide traffic received from the second device using the first route information or the second route information after storing the first route information or the second route information.

US Pat. No. 10,182,007

APPARATUS, SYSTEM, AND METHOD FOR FACILITATING CONTROLLER-BASED MULTICAST SIGNALING

Juniper Networks, Inc., ...

1. A method comprising:receiving, at an upstream router of a multicast distribution tree, a packet that is destined for a receiver within a MultiProtocol Label Switching (MPLS) network that comprises a plurality of controllers responsible for assigning tree labels to multicast distribution trees;
identifying within the packet:
a context label that specifies a controller included in the plurality of controllers; and
a tree label that:
specifies the multicast distribution tree; and
is assigned by the controller specified in the context label;
identifying, at the upstream router, a plurality of forwarding tables that each correspond to one of the plurality of controllers;
identifying, within the plurality of forwarding tables at the upstream router, a forwarding table that corresponds to the controller specified in the context label identified within the packet;
searching the forwarding table that corresponds to the controller for the tree label that specifies the multicast distribution tree;
identifying, based at least in part on the search of the forwarding table, a downstream router of the multicast distribution tree that is to receive the packet on the way to the receiver within the MPLS network; and
forwarding the packet to the downstream router of the multicast distribution tree on the way to the receiver.

US Pat. No. 10,178,007

DETERMINING LIVENESS OF PROTOCOLS AND INTERFACES

Juniper Networks, Inc., ...

1. For use with a data forwarding node of a data communications network, a method comprising:a) receiving, by the data forwarding node, status information indicating a state of each of at least two different kinds of routing protocols being run locally on the data forwarding node;
b) composing, by the data forwarding node, an aggregated message including at least two indicators, each indicator identifying (1) a different one of the at least two different kinds of routing protocols being run on the data forwarding node and (2) the corresponding status information indicating a state of each of the at least two different kinds of routing protocols, as data within the aggregated message;
c) sending, by the data forwarding node, the aggregated message towards a neighbor data forwarding node which runs at least one routing protocol that peers with at least one of the at least two different kinds of routing protocols being run on the data forwarding node;
d) maintaining, by the data forwarding node, a first timer tracking a send time interval, wherein the acts of composing the aggregated message and sending the aggregated message are performed after each recurring expiration of the first timer; and
e) restarting, by the data forwarding node, the first timer after the aggregated message is sent,
wherein a single dead time interval associated with all of the at least two different kinds of routing protocols is provided to the neighbor data forwarding node, wherein the send time interval is less than the single dead time interval, and wherein the single dead time interval defines a time interval after which, if no further aggregated message is received by the neighbor data forwarding node from the data forwarding node after the neighbor forwarding node has received the sent aggregated message, all of the at least two different kinds of routing protocols are declared as down.

US Pat. No. 10,164,795

FORMING A MULTI-DEVICE LAYER 2 SWITCHED FABRIC USING INTERNET PROTOCOL (IP)-ROUTER / SWITCHED NETWORKS

Juniper Networks, Inc., ...

1. A method, comprising:defining, by a processor included in a first node, a virtual-extensible-local-area-network (VXLAN) tunnel between the first node that is from a first plurality of nodes and included in a first layer-two network, and a second node that is from a second plurality of nodes and included in a second layer-two network, the VXLAN tunnel traversing at least one node of a layer-three network, the first node including an application specific integrated circuit (ASIC) configured to execute a first application and not a second application, the second node including an ASIC configured to execute the second application and not the first application;
assigning, at the first node, a node prefix to each node from the first plurality of nodes included in the first layer-two network;
advertising, from the first node and via the VXLAN tunnel, the node prefix to the second node in the second layer-two network without advertising a node identifier uniquely associated with each node from the first plurality of nodes to the second node in the second layer-two network;
receiving, at the first node, a layer-two data unit that is sent from a third node that is from the first plurality of nodes and included in the first layer-two network, to a fourth node that is from the second plurality of nodes and included in the second layer-two network;
encapsulating, at the first node, the layer-two data unit to define an encapsulated data unit that includes a VXLAN header;
sending the encapsulated data unit from the first node towards the fourth node via the VXLAN tunnel.

US Pat. No. 10,153,967

DETERMINISTIC AND OPTIMIZED BIT INDEX EXPLICIT REPLICATION (BIER) FORWARDING

Juniper Networks, Inc., ...

1. A network device, comprising:one or more processors to:
create a plurality of forwarding tables,
each of the plurality of forwarding tables including information associated with a set of destinations;
determine, for each of the plurality of forwarding tables, next hops for the set of destinations;
determine, for each of the plurality of forwarding tables, equal cost multipath next hops for the set of destinations;
populate the plurality of forwarding tables with information associated with the determined next hops and the determined equal cost multipath next hops,
a first forwarding table, of the plurality of forwarding tables, including a first entry indicating a first next hop as an equal cost multipath next hop for a particular destination of the set of destinations, and
a second forwarding table, of the plurality of forwarding tables, including a second entry indicating a second next hop as an equal cost multipath next hop for the particular destination; and
combine the plurality of forwarding tables into a single forwarding table,
the single forwarding table being used to forward a multicast packet toward a plurality of destinations,
the plurality of destinations including the particular destination, and
the single forwarding table, based on combining the plurality of forwarding tables, including a third entry indicating the first next hop and the second next hop as equal cost multipath next hops for the particular destination.

US Pat. No. 10,128,634

INTEGRATED WAVELENGTH LOCKER

Juniper Networks, Inc., ...

1. A wavelength locker comprising:an athermal asymmetric Mach-Zehnder interferometer (AMZI) comprising an input coupler, two waveguide arms, and an output coupler having at least two output ports;
placed at the at least two output ports, at least two respective photodetectors for measuring at least two respective optical interference signals exiting the at least two output ports;
a temperature sensor to measure a temperature of the AMZI and a strain gauge to measure a strain in the AMZI; and
circuitry configured to adjust a locking condition based on the measured temperature and strain, and to tune a frequency of light coupled into the AMZI, based on a feedback parameter derived from the measured optical interference signals, to satisfy the adjusted locking condition.

US Pat. No. 10,129,207

NETWORK ADDRESS TRANSLATION WITHIN NETWORK DEVICE HAVING MULTIPLE SERVICE UNITS

Juniper Networks, Inc., ...

1. A method comprising:receiving, with a network device having a plurality of service units, outbound packets of a communication session for a subscriber, wherein each outbound packet includes a private source network address and source port, and wherein each of the plurality of service units is configured to perform network address translation (NAT) in parallel on packets of different communication sessions;
applying a service unit selection function to at least a portion of a header of the outbound packet to produce a result;
selecting, from the plurality of service units performing NAT in parallel and based on the result, a first one of the service units to perform NAT for the packets of the communication session;
selecting, with the network device, a public network address for network address translation of the outbound packet for the communication session;
determining, with the network device, a port for network address translation that, when the service unit selection function is applied to the portion of the header after the private source network address and source port of the inbound packet are replaced with the selected public network address and the determined port, causes the network device to direct subsequently received inbound packets having the selected public network address and the determined port to the same first one of the service units;
generating a translated packet from the packet, wherein the translated packet includes the selected public network address and the determined port in place of the private source address and source port; and
forwarding the translated packet from the network device to a public network.

US Pat. No. 10,122,118

APPARATUS, SYSTEM, AND METHOD FOR ACHIEVING POWER CONNECTIONS IN SPACE-LIMITED COMPUTING ENVIRONMENTS

Juniper Networks, Inc., ...

1. An apparatus comprising:a right-angle power plug that:
plugs into a computing device; and
facilitates feeding electrical power to the computing device when plugged into the computing device;
at least one power cable that is electrically coupled to the right-angle power plug at a right angle such that the power cable runs perpendicular to the right-angle power plug; and
wherein the right-angle power plug includes a body that:
houses an interface at which the power cable is electrically coupled to the right-angle power plug; and
includes a cable management solution that:
facilitates holding, to the body of the right-angle power plug, at least one additional power cable that is electrically coupled to an additional power plug; and
includes at least one groove that is fitted to hold the additional power cable that is electrically coupled to the additional power plug; and
includes at least one hole that:
is fitted to accept at least one retention screw that secures the right-angle power plug to the computing device; and
intersects with the groove of the cable management solution such that the retention screw, when fully tightened to secure the right-angle power plug to the computing device, is recessed into the groove.

US Pat. No. 10,121,727

APPARATUS, SYSTEM, AND METHOD FOR IMPROVING THE THERMAL CONDUCTION OF HEAT SINKS

Juniper Networks, Inc., ...

1. An apparatus comprising:a cage designed to hold an optical module;
a ramp that is secured to the cage and supports a heat sink such that the heat sink is capable of moving along the ramp; and
at least one spring having one end coupled to the ramp and another end coupled to the heat sink, wherein:
prior to insertion of the optical module into the cage, the spring exerts a force at least partially directed along an axis of insertion of the optical module; and
insertion of the optical module into the cage moves the heat sink along the ramp such that the force exerted by the spring:
rotates away from the axis of insertion; and
presses the heat sink against a surface of the optical module.

US Pat. No. 10,114,713

SYSTEMS AND METHODS FOR PREVENTING SPLIT-BRAIN SCENARIOS IN HIGH-AVAILABILITY CLUSTERS

Juniper Networks, Inc., ...

1. A computer-implemented method comprising:detecting, at a standby node of a high-availability cluster, a partitioning event that isolates the standby node from an active node of the high-availability cluster;
after the partitioning event has occurred:
broadcasting, from a health-status server, a cluster-health message to at least the standby node, wherein:
the health-status server is separate and distinct from the standby node and the active node;
the cluster-health message comprises at least a health status of the active node;
the health status of the active node is based at least in part on whether the health-status server received a node-health message from the active node after the partitioning event occurred;
reacting, at the standby node, to the partitioning event such that the partitioning event does not result in a split-brain scenario within the high-availability cluster by performing, based at least in part on whether the standby node received the cluster-health message from the health-status server, at least one of:
leaving the high-availability cluster;
assuming at least one computing task assigned to the active node.

US Pat. No. 10,110,470

PREVENTING DATA TRAFFIC LOOPS ASSOCIATED WITH DESIGNATED FORWARDER SELECTION

Juniper Networks, Inc., ...

7. A non-transitory computer-readable medium storing instructions, the instructions comprising:one or more instructions that, when executed by one or more processors, cause the one or more processors to:
receive, from multiple provider edge devices, multiple route identifiers that include multiple range identifiers or multiple configuration identifiers,
the multiple range identifiers or the multiple configuration identifiers being included in a type-length-value (TLV) element of the multiple route identifiers,
a first range identifier included in a first route identifier of the multiple route identifiers being different than a second range identifier included in a second route identifier of the multiple route identifiers,
a first configuration identifier included in the first route identifier being different than a second configuration identifier included in the second route identifier;
extract the multiple range identifiers or the multiple configuration identifiers from the TLV element of the multiple route identifiers;
identify the multiple range identifiers or the multiple configuration identifiers based on extracting the multiple range identifiers or the multiple configuration identifiers; and
elect a designated forwarder from among the multiple provider edge devices using an algorithm,
the algorithm being a same algorithm used by the multiple provider edge devices to elect a same designated forwarder.

US Pat. No. 10,084,690

USING A FIREWALL FILTER TO SELECT A MEMBER LINK OF A LINK AGGREGATION GROUP

Juniper Networks, Inc., ...

1. A device, comprising:a memory; and
a one or more processors to:
store, in a data structure, a set of link identifiers, that identifies a set of member links included in a link aggregation group, in association with a set of packet parameters,
the set of packet parameters being associated with a network packet;
receive the network packet;
determine a particular packet parameter, of the set of packet parameters, associated with the network packet;
determine, based on the data structure, a first link identifier, of the set of link identifiers, that identifies a first member link of the set of member links;
determine whether a quantity of network packets of a first set of network packets satisfies a threshold,
the first set of network packets being network packets that are associated with the particular packet parameter and that have been routed via the first member link; and
selectively route the network packet based on determining whether the quantity of network packets of the first set of network packets satisfies the threshold,
the network packet being routed via the first member link when the quantity of network packets of the first set of network packets satisfies the threshold.

US Pat. No. 10,084,798

SELECTIVE VERIFICATION OF SIGNATURES BY NETWORK NODES

Juniper Networks, Inc., ...

1. A network node, comprising:a memory; and
one or more processors to:
receive a message that is associated with one or more first signatures and one or more second signatures,
the one or more first signatures having been validated by a particular node;
determine that the particular node is a trusted node,
the network node not to validate signatures that have been validated by the trusted node;
determine that the one or more first signatures have been validated by the particular node;
determine that the one or more second signatures have not been validated by the particular node,
the one or more first signatures being different than the one or more second signatures;
validate the one or more second signatures and not the one or more first signatures based on determining that the one or more first signatures have been validated by the particular node and that the one or more second signature have not been validated by the particular node; and
sign or provide the message, without validating the one or more first signatures and after validating the one or more second signatures, based on determining that the one or more first signatures have been validated by the particular node and that the one or more second signatures have not been validated by the particular node.

US Pat. No. 10,063,494

DISTRIBUTED MULTI-STAGE SWITCH FABRIC

Juniper Networks, Inc., ...

1. An apparatus, comprising:a first interface card including a plurality of midplane connector ports, a plurality of first stage switch fabric modules, and a plurality of third stage switch fabric modules; and
a second interface card including a plurality of second stage switch fabric modules and a retiming stage module operatively coupled to a midplane connector port of the plurality of midplane connector ports, the retiming stage module configured to receive data from a first stage switch fabric module from the plurality of first stage switch fabric modules via the midplane connector port, the retiming stage module configured to retime the data from the first stage switch fabric module, the retiming stage module configured to send the retimed data to at least one second stage switch fabric from the plurality of second stage switch fabric modules.

US Pat. No. 9,990,496

ANALYZING A PASSWORD-PROTECTED FILE FOR MALWARE

Juniper Networks, Inc., ...

1. A device, comprising:a memory; and
one or more processors to:
identify a set of contextual terms associated with a password-protected file;
store the set of contextual terms in a password dictionary in the memory;
prioritize the set of contextual terms in the password dictionary to form a set of prioritized terms;
apply a prioritized term, of the set of prioritized terms, as a password to attempt to access the password-protected file;
determine whether the prioritized term was successfully applied as the password to access the password-protected file;
update, based on determining that the prioritized term was successfully applied as the password, a priority of the prioritized term in the password dictionary, the password dictionary indicating an order in which the set of prioritized terms are to be applied to attempt to access a password-protected set of files; and
analyze, when the password-protected file is protected by the prioritized term as the password, the password-protected file to determine whether the password-protected file contains malware.

US Pat. No. 9,985,875

ROUTE SIGNALLING BASED RESILIENT APPLICATION OVERLAY NETWORK

Juniper Networks, Inc., ...

1. A method, comprising:receiving configuration information defining events that cause a transition from a master redundancy state to a standby redundancy state in service delivery gateways, including receiving configuration information defining a first event that causes a transition from a first master redundancy state to a first standby redundancy state in service delivery gateways;
in response to receiving the configuration information, storing a plurality of signal-routes, including a first signal-route, wherein each signal-route is a route used by applications to signal changes in application state and wherein each signal-route is associated with one or more of the defined events; and
in response to detecting occurrence of the first event in a first service delivery gateway:
transitioning, within the first service delivery gateway, from the first master redundancy state to the first standby redundancy state;
making a change in a set of available signal-routes stored in the first service delivery gateway, wherein making a change in a set of available signal-routes includes adding the first signal-route to or removing the first signal-route from the set of available signal routes in the first service delivery gateway; and
advertising, from the first service delivery gateway and to peer network devices, the change in the first signal-route.

US Pat. No. 9,898,317

PHYSICAL PATH DETERMINATION FOR VIRTUAL NETWORK PACKET FLOWS

Juniper Networks, Inc., ...

1. A system comprising:
a first set of elements and a second set of elements that implement one or more virtual networks;
a first server device and a second server device each connected to a switch fabric;
a first virtual network controller node device configured to store route data and to store, to a first configuration database
using an interface protocol, configuration information for the first set of elements and to send the route data and configuration
information for the first set of elements to the first set of elements to control virtual switching operation of the first
set of elements to implement a first one or more overlay networks, over the switch fabric, for tunneling packets among elements
of the first set of elements for the one or more virtual networks, wherein the first set of elements includes the first server
device; and

a second virtual network controller node device configured to store route data and to store, to a second configuration database
using the interface protocol, configuration information for the second set of elements and to send the route data and configuration
information for the second set of elements to the second set of elements to control virtual switching operation of the second
set of elements to implement a second one or more overlay networks, over the switch fabric, for tunneling packets among elements
of the second set of elements for the one or more virtual networks, wherein the second set of elements includes the second
server device,

wherein the first virtual network controller node device and the second virtual network controller node device are peers according
to a peering protocol by which the first virtual network controller node device and the second virtual network controller
node device exchange information relating to the virtual switching operation of the first set of elements and the second set
of elements, the information including the route data for the first set of elements and the route data for the second set
of elements.

US Pat. No. 9,838,307

SIMPLE HIERARCHICAL LABEL-SWITCHED PATHS

Juniper Networks, Inc., ...

1. A method, comprising:
identifying, by a device, a portion of a label-switched path (LSP) on which a simple hierarchical LSP (sH-LSP) is to be used
for transferring traffic via a network;

determining, by the device, attribute information associated with the sH-LSP,
the attribute information including information associated with one or more characteristics of the sH-LSP;
providing, by the device, an indication associated with identifying an available sH-LSP or creating a sH-LSP,
the indication including the attribute information associated with the sH-LSP, and
the indication being provided to cause the sH-LSP to be created on the portion of the LSP or an available sH-LSP, associated
with the portion of the LSP, to be identified;

receiving, by the device and based on providing the indication, an identifier associated with the sH-LSP; and
causing, by the device, the LSP to be set up based on the identifier associated with the sH-LSP.

US Pat. No. 9,838,873

SECURE WIRELESS LOCAL AREA NETWORK (WLAN) FOR DATA AND CONTROL TRAFFIC

Juniper Networks, Inc., ...

1. A method comprising:
receiving, by a first device, first capability information associated with a second device associated with a portion of a
wireless local area network (WLAN);

determining, by the first device and based on the first capability information, that the second device is not capable of providing
security;

selecting, by the first device, a third device associated with the portion of the WLAN based on determining that the second
device is not capable of providing the security;

receiving, by the first device and based on a protocol being executed in hall the portion of the WLAN, second capability information
associated with the third device; and

determining, by the first device and based on the second capability information, whether the third device is capable of providing
the security,

when the first device determines, based on the second capability information, that the third device is not capable of providing
the security, the method further comprises:

reverting the portion of the WLAN to a centralized WLAN architecture,
the centralized WLAN architecture comprising an overlay over a wired network, and
the portion of the WLAN being a distributed WLAN architecture.

US Pat. No. 9,740,862

IDENTIFYING MALWARE BASED ON A RELATIONSHIP BETWEEN A DOWNLOADER FILE AND A DOWNLOADED FILE

Juniper Networks, Inc., ...

1. A non-transitory computer-readable medium storing instructions, the instructions comprising:
one or more instructions that, when executed by one or more processors, cause the one or more processors to:
analyze a first file for malware;
determine that the first file causes a second file to be downloaded,
the second file being different from the first file;
store linkage information that identifies a relationship between the first file and the second file based on determining that
the first file causes the second file to be downloaded;

analyze the second file for malware;
determine a malware base score based on analyzing the first file for malware;
determine a malware feedback score based on analyzing the second file for malware and based on the linkage information;
determine a first malware score for the first file based on the malware base score and malware feedback score; and
determine a second malware score for the second file based on analyzing the first file for malware and based on the linkage
information.

US Pat. No. 9,742,668

PACKET FORWARDING PATH PROGRAMMING USING A HIGH-LEVEL DESCRIPTION LANGUAGE

Juniper Networks, Inc., ...

1. A method comprising:
receiving, by a forwarding component of a network device from a control unit of the network device, program text for a program
that conforms to a syntax for a high-level forwarding path description language (FPDL), wherein the program text defines a
forwarding path element;

compiling, by the forwarding component, the program text to a platform-independent intermediate representation;
compiling, by the forwarding component in response to a request from the control unit, the intermediate representation to
generate a forwarding path block having one or more forwarding structures for execution by the forwarding component to process
packets;

installing, by the forwarding component, the forwarding path block to an internal packet forwarding path of the forwarding
component, the forwarding path element comprising one of a lookup tree, a lookup table, a rate limiter, and a counter;

receiving, by the forwarding component, a packet; and
processing, by the forwarding component, the received packet by executing the forwarding path block including the forwarding
path element.

US Pat. No. 9,774,520

SERVICE AWARE PATH SELECTION WITH A NETWORK ACCELERATION DEVICE

Juniper Networks, Inc., ...

1. A method comprising:
receiving, with a first intermediate network acceleration device, network traffic from a first network for delivery to a second
network;

receiving, with the first intermediate network acceleration device, a communication from a second intermediate network acceleration
device, wherein the communication indicates one or more network acceleration services supported by the second intermediate
network acceleration device;

comparing, with the first intermediate network acceleration device, the one or more network acceleration services supported
by the second intermediate network acceleration device to one or more network acceleration services supported by the first
intermediate network acceleration device to select network acceleration services supported by both the first intermediate
network acceleration device and the second intermediate network acceleration device, wherein the first intermediate network
acceleration device supports at least one network acceleration service not supported by the second intermediate network acceleration
device;

applying, by the first intermediate network acceleration device, the set of network acceleration services supported by both
the first intermediate network acceleration device and the second intermediate network acceleration device to the network
traffic; and

forwarding, with the first intermediate network acceleration device, the network traffic to the second intermediate network
acceleration device.

US Pat. No. 9,755,962

REDUCING LINK STATE PROTOCOL TRAFFIC DURING GRACEFUL RESTART

Juniper Networks, Inc., ...

1. A method comprising:
receiving, by a first routing device that is communicatively coupled to a second routing device via a link on which a flood
reduction technique is used, a first set of data from the second routing device indicative of a first link state for the second
routing device according to a link-state protocol, wherein the first set of data is associated with a first sequence number
and with a first checksum;

storing, by the first routing device, data representative of the first link state and the first sequence number;
after receiving the first set of data, receiving, by the first routing device, a second set of data from the second routing
device indicating that the second routing device will be performing a graceful restart;

after receiving the second set of data, receiving, by the first routing device, a third set of data from the second routing
device representative of a second link state for the second routing device, wherein the third set of data is associated with
a second sequence number that is different than the first sequence number, and wherein the third set of data is associated
with a second checksum;

in response to the second set of data and the third set of data, determining, by the first routing device, whether the second
link state is the same as the first link state despite the difference between the first sequence number and the second sequence
number, wherein determining whether the second link state is the same as the first link state comprises calculating a third
checksum using the stored first link state after replacing the first sequence number with the second sequence number; and

avoiding, by the first routing device, sending a request for a current link state to the second routing device when the second
link state is determined to be the same as the first link state despite the difference between the first sequence number and
the second sequence number, wherein avoiding sending the request comprises avoiding sending the request when the third checksum
is the same as the second checksum.

US Pat. No. 9,647,937

POLICY CONTROL USING SOFTWARE DEFINED NETWORK (SDN) PROTOCOL

Juniper Networks, Inc., ...

1. A method comprising:
detecting, with a flow control unit of a data plane within a network device, a new packet flow;
accessing, with a policy engine of a control plane within the network device, a plurality of policies stored within a policy
database within the control plane within the network device to determine whether one or more of the policies stored within
the policy database within the control plane within the network device specify criteria that match attributes of the new packet
flow;

outputting, in response to failing to identify in the policy database within the control plane within the network device the
one or more policies that specify criteria that match attributes of the new packet flow, a message from the control plane
within the network device to a policy server external to the network device to request a policy from the policy server, wherein
outputting the message comprises constructing the message with the control plane within the network device to conform to a
software defined networking (SDN) protocol as if the data plane within the network device were directly exposed to an external
device by the SDN protocol;

receiving, with the control plane within the network device, a response message from the policy server, wherein the response
message conforms to the SDN protocol and specifies at least one new policy; and

installing the policy within the policy database within the control plane within the network device.