Yi Sum Sun

US Patent:

7546371, Jun 9, 2009

Filed:

Jan 9, 2007

Appl. No.:

11/621368

Inventors:

Yonghui Cheng - Santa Clara CA, US
Yi Sun - San Jose CA, US

Assignee:

Juniper Networks, Inc. - Sunnyvale CA

International Classification:

G06F 15/16
G06F 12/00

US Classification:

709227, 709213, 709229

Abstract:

A network device is described in which a dedicated resource scheduler monitors memory consumption to provide for improved processing of communication sessions. The scheduler maintains a dependency list of communication sessions, and reserves memory for communication sessions as requests for memory are received. The amount of memory reserved is determined based on the amount of memory currently reserved for the communication sessions in the dependency list. The network device may control ongoing communication sessions by way of window manipulation. Communication sessions are processed in a first mode when available memory has not reached a predetermined amount, while communication sessions are processed in a second mode when available memory reaches a predetermined amount.

US Patent:

7930408, Apr 19, 2011

Filed:

Jun 2, 2009

Appl. No.:

12/476315

Inventors:

Yonghui Cheng - Santa Clara CA, US
Yi Sun - San Jose CA, US

Assignee:

Juniper Networks, Inc. - Sunnyvale CA

International Classification:

G06F 15/16
G06F 12/00

US Classification:

709227, 713188

Abstract:

A network device is described in which a dedicated resource scheduler monitors memory consumption to provide for improved processing of communication sessions. The scheduler maintains a dependency list of communication sessions, and reserves memory for communication sessions as requests for memory are received. The amount of memory reserved is determined based on the amount of memory currently reserved for the communication sessions in the dependency list. The network device may control ongoing communication sessions by way of window manipulation. Communication sessions are processed in a first mode when available memory has not reached a predetermined amount, while communication sessions are processed in a second mode when available memory reaches a predetermined amount.

US Patent:

8150977, Apr 3, 2012

Filed:

Apr 1, 2011

Appl. No.:

13/078688

Inventors:

Yonghui Cheng - Santa Clara CA, US
Yi Sun - San Jose CA, US

Assignee:

Juniper Networks, Inc. - Sunnyvale CA

International Classification:

G06F 15/16
G06F 12/00

US Classification:

709227

Abstract:

A network device is described in which a dedicated resource scheduler monitors memory consumption to provide for improved processing of communication sessions. The scheduler maintains a dependency list of communication sessions, and reserves memory for communication sessions as requests for memory are received. The amount of memory reserved is determined based on the amount of memory currently reserved for the communication sessions in the dependency list. The network device may control ongoing communication sessions by way of window manipulation. Communication sessions are processed in a first mode when available memory has not reached a predetermined amount, while communication sessions are processed in a second mode when available memory reaches a predetermined amount.

US Patent:

8526326, Sep 3, 2013

Filed:

Aug 27, 2008

Appl. No.:

12/199556

Inventors:

Monty S. Gill - San Jose CA, US
Yi Sun - San Jose CA, US

Assignee:

Juniper Networks, Inc. - Sunnyvale CA

International Classification:

H04L 12/28

US Classification:

370254, 370412, 711150, 711154

Abstract:

In general, the present disclosure describes techniques for both removing memory buffers from and adding memory buffers to a list (e. g. , a linked list) of available buffers, for use by a network device, without locking the list during access. One example method includes allocating a list of memory buffers that are each available for use by multiple modules executed within the network device, wherein the list includes a first end and a second, opposite end, and removing a first memory buffer from the first end of the list by a first module of the multiple modules without locking the list. The method further includes adding the first memory buffer to the second end of the list by a second module of the multiple modules without locking the list.

US Patent:

20060277301, Dec 7, 2006

Filed:

Jun 6, 2005

Appl. No.:

11/145833

Inventors:

Hitoshi Takanashi - Fremont CA, US
Yi Sun - San Jose CA, US

International Classification:

G06F 15/173

US Classification:

709225000

Abstract:

A technique includes selectively preventing decryption of a file by a client based on whether a network connection exists between the client and a server.

US Patent:

20130091264, Apr 11, 2013

Filed:

Oct 4, 2012

Appl. No.:

13/645238

Inventors:

Meng Xu - Los Altos CA, US
Yi Sun - San Jose CA, US

Assignee:

VARMOUR NETWORKS, INC. - Santa Clara CA

International Classification:

G06F 15/173

US Classification:

709223

Abstract:

A method and apparatus is disclosed herein for migrating session information between security gateways are disclosed. In one embodiment, receiving, at a first security gateway, session information associated with a session corresponding to a network connection, the session information having been transferred from a second security gateway, the first and second security gateway being separate physical devices; and thereafter performing security processing for the session at the first security gateway.

US Patent:

20130250956, Sep 26, 2013

Filed:

Mar 20, 2013

Appl. No.:

13/847881

Inventors:

Yi Sun - San Jose CA, US
Meng Xu - Los Altos CA, US

International Classification:

H04L 12/46

US Classification:

370392, 370401

Abstract:

A method and apparatus is disclosed herein for IP packet tunneling in a network. In one embodiment, the method comprises receiving, at a first network device, a first IP packet of a IP connection; creating a second IP packet by replacing information in a field in the first IP packet with a session ID identifying the IP connection; and forwarding, by the first network device, the second IP packet to the second network device in the distributed network environment.

US Patent:

20130254871, Sep 26, 2013

Filed:

Mar 22, 2013

Appl. No.:

13/849315

Inventors:

Yi Sun - San Jose CA, US
Meng Xu - Los Altos CA, US
Lee Cheung - Foster City CA, US
Sean Wang - Santa Clara CA, US

International Classification:

H04L 29/06

US Classification:

726 12, 726 11

Abstract:

A method and apparatus is disclosed herein for distributed zone-based security. In one embodiment, the method comprises: determining an ingress security zone associated with an ingress of a first network device based on a first key and a media access control (MAC) address of a source of a packet; determining an egress security zone of a second network device based on a MAC address of a destination for the packet and a second key; performing a policy lookup based on the ingress security zone and the egress security zone to identify a policy to apply to the packet; and applying the policy to the packet.