Sankar Usha Ramamoorthi

6748437, Jun 8, 2004

Jan 10, 2000

09/480788

Hariprasad Mankude - Fremont CA
Sohrab Modi - Oakland CA
Kevin Fox - San Jose CA
Mahalingam Mani - Sunnyvale CA
Sankar Ramamoorthi - Cupertino CA

Sun Microsystems, Inc. - Santa Clara CA

G06F 1516

709227, 709105, 709219, 709236, 709238

A scalable cluster system that provides scalable services for client applications is provided with a forwarding list. The scalable services are transparent to the client application. To facilitate this transparent scalability, the system provides a forwarding list. For various operational reasons, such as tuning the system, an operator may change the work distribution weights between nodes of a scalable cluster system. Such a change in work distribution weights may change how packets are assigned to nodes. Forwarding lists are provided so that if the work distribution weights are changed while there are existing connections the forwarding lists allow packets from existing connections to go to the same node as earlier packets from the same connection.

7546635, Jun 9, 2009

Aug 11, 2004

10/916021

Robert M. Krohn - Palo Alto CA, US
Sankar Ramamoorthi - San Jose CA, US
Michael Freed - Fremont CA, US
Keith Holleman - Santa Clara CA, US

Juniper Networks, Inc. - Sunnyvale CA

G06F 9/00

726 11, 726 14, 709223, 709224, 709227, 709229, 709238, 709240, 709241, 709242, 370351, 370392, 370400, 370401, 370428

A network device receives control plane packets and data plane packets from a network. The network device includes a forwarding component that forwards the data plane packets in accordance with routing information maintained by a routing component. The forwarding component directs the control plane packets to a firewall component that processes the control plane packets to apply firewall services and detect network attacks. After processing, the firewall component loops the control plane packets back to the forwarding components for forwarding to the routing component. The firewall component may be a security service card.

8020200, Sep 13, 2011

Jun 1, 2009

12/476083

Robert M. Krohn - Palo Alto CA, US
Sankar Ramamoorthi - San Jose CA, US
Michael Freed - Pleasanton CA, US
Keith Holleman - Santa Clara CA, US

Juniper Networks, Inc. - Sunnyvale CA

G06F 9/00

726 11, 726 14, 709223, 709224, 709227, 709229, 709238, 709240, 709241, 709242, 370351, 370392, 370400, 370401, 370428

A network device receives control plane packets and data plane packets from a network. The network device includes a forwarding component that forwards the data plane packets in accordance with routing information maintained by a routing component. The forwarding component directs the control plane packets to a firewall component that processes the control plane packets to apply firewall services and detect network attacks. After processing, the firewall component loops the control plane packets back to the forwarding components for forwarding to the routing component. The firewall component may be a security service card.

8300532, Oct 30, 2012

Sep 23, 2008

12/235677

Anjan Venkatramani - Los Altos CA, US
Kannan Varadhan - San Jose CA, US
Jean-Marc Frailong - Los Altos CA, US
Sanjay Gupta - Santa Clara CA, US
Linda Sun - San Jose CA, US
Sankar Ramamoorthi - San Jose CA, US
Pradeep Sindhu - Los Altos Hills CA, US
Anand S. Athreya - San Jose CA, US
Chih-Wei Chao - Saratoga CA, US
Shuhua Ge - Fremont CA, US

Juniper Networks, Inc. - Sunnyvale CA

H04L 12/26
H04L 12/56

370235, 370392

A method may include receiving a packet at an ingress line interface in a forwarding plane of a network element, the packet including header information. The method may also include conducting a flow table lookup in the forwarding plane to identify an existing flow for the packet and determining, in the forwarding plane and based on the header information, whether a predicted flow can be identified for the packet if an existing flow can not be identified. The method may further include performing a service access control list (ACL) lookup in the forwarding plane if a predicted flow can not be identified; and forwarding the packet to one of a services plane or an egress line interface in the forwarding plane based on one of the existing flow, the predicted flow, or the service ACL lookup.

8615009, Dec 24, 2013

Apr 22, 2010

12/765636

Sankar Ramamoorthi - San Jose CA, US
Satyadeva Konduru - San Jose CA, US
Gregory Kotlyar - San Jose CA, US
Satish Raghunath - Sunnyvale CA, US
Sivakumar Venkatesan - Sunnyvale CA, US
Ramakanth Gunuganti - San Jose CA, US

Juniper Networks, Inc. - Sunnyvale CA

H04L 12/28

370389

An example network device includes a network interface and a control unit that receives a packet having header information. The control unit includes a forwarding structure having a plurality of entries that each refers to one of a plurality of logical interfaces, a forwarding engine configured to access the forwarding structure to select a first logical interface to which to forward the packet based on the header information, wherein the first logical interface comprises a pseudo-device interface (PDI). The control unit also includes a PDI module that tunnels the packet to an external service complex (ESC) by at least applying a set of metadata to the packet, encapsulating the packet with a header, and forwarding the packet to the ESC via the network interface, and wherein the metadata allows the ESC to determine a set of services to be applied to the packet based on the metadata.

8646090, Feb 4, 2014

Oct 3, 2007

11/866424

Ravi Gadde - San Jose CA, US
Satyadeva Konduru - Sunnyvale CA, US
Umesh Mangla - San Jose CA, US
Sankar Ramamoorthi - San Jose CA, US

Juniper Networks, Inc. - Sunnyvale CA

G06F 9/00

726 26, 726 13

By using an extended bitmap window and arrival sequence numbers, a multiprocessor system may perform anti-replay checks on incoming packets in a similar order as a single processor system. In one implementation, a device may provide an anti-replay check window that includes an original window and an extension window, the original window being contiguous to the extension window. In addition, the device may receive a packet with an anti-replay sequence number and receive another packet whose anti-replay sequence number is within a range of the original window. In addition, the device may determine if the packet has arrived before the other packet by less than a threshold if the anti-replay sequence number of the packet falls within a range of the extension window. Further, the device may retain the packet if the packet has arrived before the other packet by less than the threshold.

6667980, Dec 23, 2003

Jan 10, 2000

09/480147

Sohrab F. Modi - Oakland CA
Sankar Ramamoorthi - San Jose CA
Mahalingam Mani - Sunnyvale CA
Brian M. Oki - San Jose CA
Kevin C. Fox - San Jose CA
Hariprasad B. Mankude - Fremont CA

Sun Microsystems, Inc. - Santa Clara CA

H04L 1256

37039532, 370428

One embodiment of the present invention provides a system that uses a packet distribution table to distribute packets to server nodes in a cluster of nodes that operate in concert to provide at least one service. The system operates by receiving a packet at an interface node in the cluster of nodes. This packet includes a source address specifying a location of a client that the packet originated from, and a destination address specifying a service provided by the cluster of nodes (and possibly a protocol). The system uses the destination address to lookup a packet distribution table. The system then performs a function that maps the source address to an entry in the packet distribution table, and retrieves an identifier specifying a server node from the entry in the packet distribution table. Next, the system forwards the packet to the server node specified by the identifier so that the server node can perform a service for the client. In this way, packets directed to a service specified by a single destination address are distributed across multiple server nodes in a manner specified by the packet distribution table.

20230084909, Mar 16, 2023

Oct 27, 2022

18/050188

- Sunnyvale CA, US
Mohit JOSHI - Bangalore, IN
Suresh VISHWANATHAN - Bangalore, IN
Sankar RAMAMOORTHI - San Jose CA, US

H04L 47/22
H04L 47/2483
H04L 45/50

A first network device may receive first traffic of a session that involves a service. The first network device may identify that the service is configured for distributed node processing. The first network device may identify a second network device that is configured for distributed node processing. The first network device may identify a state machine that is associated with the service. The first network device may determine, based on the state machine, a first function and a second function, wherein the first function is identified by a first label and the second function is identified by a second label. The first network device may process the first traffic based on the first function. The first network device may provide, to the second network device, the first traffic and the second label to permit the second network device to process second traffic in association with the second function.