公开(公告)号：US10708193B2

公开(公告)日：2020-07-07

申请号：US16040822

申请日：2018-07-20

Applicant: Juniper Networks, Inc.

Inventor： Xiao Ping Zhu ,  Huaxiang Yin ,  Zheling Yang ,  Chao Chen

IPC: H04L12/911 ,  H04L12/26 ,  H04L29/06

Abstract: A device may comprise security processing units (SPUs) including a SPU to receive a session request. The SPU may identify global counter information and update counter information. The global counter information may include a global counter identifier and a global counter value. The update counter information may include an update counter identifier and an update counter value. The SPU may identify a global limit associated with the global counter, may determine that the global limit has not been met, and may cause the session to be created. The SPU may create a modified global counter value. The SPU may create a modified update counter value. The SPU may determine that a local update message is required based on the modified update counter value, and may provide the local update message to another SPU. The local update message may include the global counter identifier and the modified global counter value.

公开(公告)号：US10390290B1

公开(公告)日：2019-08-20

申请号：US15383116

申请日：2016-12-19

Applicant: Juniper Networks, Inc.

Inventor： Jing Zhang ,  Zengqiang Yuan ,  Mingming Quan ,  BinFang Sun ,  Lei Liang ,  Gaofeng Tian ,  Huaxiang Yin

IPC: H04W76/11 ,  H04W76/12 ,  H04W48/10 ,  H04L12/741 ,  H04L12/751 ,  H04L29/08 ,  H04L12/46 ,  H04W88/16

Abstract: A first processing device may receive, from a first network device, a tunneling protocol message associated with a tunnel to be established between the first network device and a second network device. The first processing device may determine, based on the tunneling protocol message, a device identifier of the second network device. The first processing device may determine that a second processing device is to process a flow associated with the first network device and the second network device based on the device identifier of the second network device. The first processing device may provide information that identifies that the second processing device is to process the flow to permit the second processing device to process the flow associated with the first network device and the second network device.

公开(公告)号：US10033616B1

公开(公告)日：2018-07-24

申请号：US14227524

申请日：2014-03-27

Applicant: Juniper Networks, Inc.

Inventor： Xiao Ping Zhu ,  Huaxiang Yin ,  Zheling Yang ,  Chao Chen

IPC: H04L12/26 ,  H04L12/911

Abstract: A device may comprise security processing units (SPUs) including a SPU to receive a session request. The SPU may identify global counter information and update counter information. The global counter information may include a global counter identifier and a global counter value. The update counter information may include an update counter identifier and an update counter value. The SPU may identify a global limit associated with the global counter, may determine that the global limit has not been met, and may cause the session to be created. The SPU may create a modified global counter value. The SPU may create a modified update counter value. The SPU may determine that a local update message is required based on the modified update counter value, and may provide the local update message to another SPU. The local update message may include the global counter identifier and the modified global counter value.

公开(公告)号：US09680804B2

公开(公告)日：2017-06-13

申请号：US14720038

申请日：2015-05-22

Applicant: Juniper Networks, Inc.

Inventor： Chao Chen ,  Xiao Ping Zhu ,  Huaxiang Yin ,  Zheling Yang

IPC: H04L9/00 ,  H04L29/06

CPC classification number: H04L63/0485 ,  H04L63/0236 ,  H04L63/0263 ,  H04L63/0876 ,  H04L63/1408 ,  H04L63/1433

Abstract: A device includes a security process unit (SPU) associated with a logical ring of SPUs. The SPU receives a packet with an address associated with a malicious source, and creates, based on the packet, an entry in a data structure associated with the SPU. The entry includes information associated with the packet. The SPU provides an install message to a next SPU in the logical ring. The install message instructs the next SPU to create the entry in another data structure, and forward the install message to another SPU. The SPU receives the install message from a last SPU, and sets a state of the entry to active in the data structure based on receiving the install message from the last SPU. The SPU performs a particular action on another packet, associated with the malicious source, based on the setting the state of the entry to active.

公开(公告)号：US20150256523A1

公开(公告)日：2015-09-10

申请号：US14720038

申请日：2015-05-22

Applicant: Juniper Networks, Inc.

Inventor： Chao CHEN ,  Xiao Ping Zhu ,  Huaxiang Yin ,  Zheling Yang

IPC: H04L29/06

CPC classification number: H04L63/0485 ,  H04L63/0236 ,  H04L63/0263 ,  H04L63/0876 ,  H04L63/1408 ,  H04L63/1433

Abstract: A device includes a security process unit (SPU) associated with a logical ring of SPUs. The SPU receives a packet with an address associated with a malicious source, and creates, based on the packet, an entry in a data structure associated with the SPU. The entry includes information associated with the packet. The SPU provides an install message to a next SPU in the logical ring. The install message instructs the next SPU to create the entry in another data structure, and forward the install message to another SPU. The SPU receives the install message from a last SPU, and sets a state of the entry to active in the data structure based on receiving the install message from the last SPU. The SPU performs a particular action on another packet, associated with the malicious source, based on the setting the state of the entry to active.

Abstract translation: 设备包括与SPU的逻辑环相关联的安全处理单元（SPU）。 SPU接收到具有与恶意源相关联的地址的分组，并且基于分组创建与SPU相关联的数据结构中的条目。 该条目包括与该数据包相关联的信息。 SPU向逻辑环中的下一个SPU提供安装消息。 安装消息指示下一个SPU在另一个数据结构中创建条目，并将安装消息转发到另一个SPU。 SPU从最后一个SPU接收到安装消息，并根据接收到最后一个SPU的安装消息，将该条目的状态设置为数据结构中的活动状态。 基于将条目的状态设置为活动状态，SPU对与恶意源相关联的另一个数据包执行特定操作。

公开(公告)号：US10171436B2

公开(公告)日：2019-01-01

申请号：US15620408

申请日：2017-06-12

Applicant: Juniper Networks, Inc.

Inventor： Chao Chen ,  Xiao Ping Zhu ,  Huaxiang Yin ,  Zheling Yang

IPC: H04L9/00 ,  H04L29/06

Abstract: A device includes a security process unit (SPU) associated with a logical ring of SPUs. The SPU receives a packet with an address associated with a malicious source, and creates, based on the packet, an entry in a data structure associated with the SPU. The entry includes information associated with the packet. The SPU provides an install message to a next SPU in the logical ring. The install message instructs the next SPU to create the entry in another data structure, and forward the install message to another SPU. The SPU receives the install message from a last SPU, and sets a state of the entry to active in the data structure based on receiving the install message from the last SPU. The SPU performs a particular action on another packet, associated with the malicious source, based on the setting the state of the entry to active.

公开(公告)号：US09043911B1

公开(公告)日：2015-05-26

申请号：US14147251

申请日：2014-01-03

Applicant: Juniper Networks, Inc.

Inventor： Chao Chen ,  Xiao Ping Zhu ,  Huaxiang Yin ,  Zheling Yang

IPC: H04L29/06

CPC classification number: H04L63/0485 ,  H04L63/0236 ,  H04L63/0263 ,  H04L63/0876 ,  H04L63/1408 ,  H04L63/1433

Abstract: A device includes a security process unit (SPU) associated with a logical ring of SPUs. The SPU receives a packet with an address associated with a malicious source, and creates, based on the packet, an entry in a data structure associated with the SPU. The entry includes information associated with the packet. The SPU provides an install message to a next SPU in the logical ring. The install message instructs the next SPU to create the entry in another data structure, and forward the install message to another SPU. The SPU receives the install message from a last SPU, and sets a state of the entry to active in the data structure based on receiving the install message from the last SPU. The SPU performs a particular action on another packet, associated with the malicious source, based on the setting the state of the entry to active.

Abstract translation: 设备包括与SPU的逻辑环相关联的安全处理单元（SPU）。 SPU接收到具有与恶意源相关联的地址的分组，并且基于分组创建与SPU相关联的数据结构中的条目。 该条目包括与该数据包相关联的信息。 SPU向逻辑环中的下一个SPU提供安装消息。 安装消息指示下一个SPU在另一个数据结构中创建条目，并将安装消息转发到另一个SPU。 SPU从最后一个SPU接收到安装消息，并根据接收到最后一个SPU的安装消息，将该条目的状态设置为数据结构中的活动状态。 基于将条目的状态设置为活动状态，SPU对与恶意源相关联的另一个数据包执行特定操作。