公开(公告)号：US11968110B2

公开(公告)日：2024-04-23

申请号：US17823860

申请日：2022-08-31

Applicant: Google LLC

Inventor： Hui Liu ,  Leslie Choong ,  Hongkun Yang ,  Shishir Agrawal ,  Raj Yavatkar ,  Tianqiong Luo ,  Gargi Adhav ,  Steffen Smolka

IPC: H04L12/28 ,  H04L41/12 ,  H04L45/02 ,  H04L45/74

CPC classification number: H04L45/02 ,  H04L41/12 ,  H04L45/74

Abstract: A method for providing cloud network reachability analysis includes receiving a reachability query requesting a reachability status of a target including a packet header associated with a data packet. The packet header includes a source IP address and a destination IP address. The method also includes generating one or more simulated forwarding paths for the data packet based on the packet header using a data plane model. Each simulated forwarding path includes corresponding network configuration information. The method includes determining the reachability status of the target based on the one or more simulated forwarding paths and providing the determined reachability status and the one or more simulated forwarding paths to a user device associated with the reachability query which causes the user device to present the network configuration information for each simulated forwarding path.

公开(公告)号：US11765044B2

公开(公告)日：2023-09-19

申请号：US17814158

申请日：2022-07-21

Applicant: Google LLC

Inventor： Gargi Adhav ,  Hui Liu ,  Vishal Gupta ,  Vikas Aggarwal ,  Kan Cai ,  Xiaoyu Zhang

IPC: H04L12/00 ,  H04L41/14 ,  H04L41/28 ,  H04L9/40

CPC classification number: H04L41/145 ,  H04L41/28 ,  H04L63/0263 ,  H04L63/0272

Abstract: A system for simulating network configurations includes data processing hardware and memory hardware in communication with the data processing hardware. The memory hardware stores instructions that when executed on the data processing hardware cause the data processing hardware to perform operations. The operations includes receiving one or more parameter changes for a production network model of a network. The operations also include generating a simulation network model including the one or more parameter changes. Another operation includes analyzing the simulated network flow within the simulation network model. The operations also include generating a report including an impact of the parameter changes on the network. The operations may also include receiving a production network log including a recorded workflow for the production network model and simulating the production workflow of the production network log within the simulation network model to generate a simulated network log.

公开(公告)号：US20230239266A1

公开(公告)日：2023-07-27

申请号：US17581357

申请日：2022-01-21

Applicant: Google LLC

Inventor： Mukta Gupta ,  Alok Kumar ,  Gargi Adhav ,  Yuquan Jiang ,  Aakash Bhushan Arora ,  Shijeesh Nharappadath Sankaranathan ,  Marco Leogrande ,  Salomon Sonny Ben-Shimon

IPC: H04L61/256 ,  H04L61/5007 ,  H04L61/2517 ,  G06F9/455

CPC classification number: H04L61/256 ,  H04L61/2007 ,  H04L61/2517 ,  G06F9/45558 ,  G06F2009/45595 ,  G06F2009/4557

Abstract: Aspects of the disclosure provide for a proxyless NAT infrastructure with dynamic port allocation. A proxyless NAT infrastructure is configured to perform NAT between a network of virtual machines (VMs) and a device external to the network, without a device, such as a NAT server or a router, acting as a proxy. A system can include a control plane for provisioning VMs of a network, including configuring each VM to perform NAT and initially assigning a number of ports for communicating with other devices. The control plane maintains a feedback loop—receiving data characterizing port usage and network traffic at ports allocated to the various VMs and scaling the port allocation for each VM based on the received data. The control plane can allocate additional ports as determined to be needed by a VM, and later retrieve the ports to be reused for other VMs.

公开(公告)号：US20230144202A1

公开(公告)日：2023-05-11

申请号：US17768640

申请日：2020-10-30

Applicant: Google LLC

Inventor： Gargi Adhav ,  Vineet Goel ,  Pavlin Radoslavov

IPC: H04L9/40 ,  H04L67/104 ,  H04L12/46

CPC classification number: H04L63/0272 ,  H04L67/1059 ,  H04L12/4641

Abstract: The present disclosure provides for automatic peering between virtual networks, such as virtual private clouds (VPCs). A VPC may be configured to operate in an “auto-peering” mode, allowing for automatic peering to be turned on or off. When auto-peering is turned on, that VPC may seek connections with other VPCs, such as other VPCs matching one or more predefined policies. In addition, the particular VPC with auto-peering turned on may be open to accept connection requests from other VPCs matching one or more predefined policies. The policies for requesting connection may be the same as or different than the policies for accepting connection requests. According to some examples, the VPC may be set to a “listening” mode, in which it is open to peering with any other VPC that matches a predefined policy, but is not actively seeking to establish other connections.

公开(公告)号：US20220166756A1

公开(公告)日：2022-05-26

申请号：US17121082

申请日：2020-12-14

Applicant: Google LLC

Inventor： Vishal Gupta ,  Vikas Aggarwal ,  Kan Cai ,  Gargi Adhav ,  Xiaoyu Zhang

IPC: H04L29/06 ,  H04L12/891 ,  H04L12/803 ,  H04L12/825 ,  H04L12/24

Abstract: Aspects of the disclosed technology comprise generating firewall rules based on traffic, outputting the generated firewall rules to an output file, and using the output file to set firewall rules in a network. The firewall rules may be generated without a priori knowledge of the network; alternatively no firewall rules are required. Generated rules may be tuned for user preferences to adjust for the number of generated firewall rules, and their over or under inclusiveness to non-historic traffic data.

公开(公告)号：US20200322249A1

公开(公告)日：2020-10-08

申请号：US16840084

申请日：2020-04-03

Applicant: Google LLC

Inventor： Hui Liu ,  Leslie Choong ,  Hongkun Yang ,  Shishir Agrawal ,  Raj Yavatkar ,  Tianqiong Luo ,  Gargi Adhav ,  Steffen Smolka

IPC: H04L12/751 ,  H04L12/741 ,  H04L12/24

Abstract: A method for providing cloud network reachability analysis includes receiving a reachability query requesting a reachability status of a target including a packet header associated with a data packet. The packet header includes a source IP address and a destination IP address. The method also includes generating one or more simulated forwarding paths for the data packet based on the packet header using a data plane model. Each simulated forwarding path includes corresponding network configuration information. The method includes determining the reachability status of the target based on the one or more simulated forwarding paths and providing the determined reachability status and the one or more simulated forwarding paths to a user device associated with the reachability query which causes the user device to present the network configuration information for each simulated forwarding path.

公开(公告)号：US20240291720A1

公开(公告)日：2024-08-29

申请号：US18660306

申请日：2024-05-10

Applicant: Google LLC

Inventor： Hongkun Yang ,  Hui Liu ,  Gargi Adhav ,  Alan Tang

IPC: H04L41/12 ,  H04L41/082 ,  H04L41/084 ,  H04L41/085 ,  H04L43/045

CPC classification number: H04L41/12 ,  H04L41/082 ,  H04L41/0846 ,  H04L41/085 ,  H04L43/045

Abstract: A method includes obtaining a stream of consecutive network configuration snapshots each including network configuration information. The method also includes determining that first network configuration information of a first network configuration snapshot of the network from the stream of consecutive network configuration snapshots for the network is not the same as second network configuration information of a second network configuration snapshot of the network from the stream of consecutive network configuration snapshots for the network. The method also includes generating a reachability differentiation graph that identifies a net change to reachability from the first network configuration information and the second network configuration information based on determining that the first network configuration information is not the same as the second network configuration information.

公开(公告)号：US20240259292A1

公开(公告)日：2024-08-01

申请号：US18609432

申请日：2024-03-19

Applicant: Google LLC

Inventor： Hui Liu ,  Leslie Choong ,  Hongkun Yang ,  Shishir Agrawal ,  Raj Yavatkar ,  Tianqiong Luo ,  Gargi Adhav ,  Steffen Smolka

IPC: H04L45/02 ,  H04L41/12 ,  H04L45/74

CPC classification number: H04L45/02 ,  H04L41/12 ,  H04L45/74

Abstract: A method includes receiving, from a user device, a reachability request requesting a reachability status of network traffic from a first VM of a VPC to a second VM of the VPC. The method also includes obtaining network configuration information defining a configuration of a network connecting the first VM and the second VM, generating, using the network configuration information associated with the VPC, a simulated path between the first VM and the second VM, and, determining, based on the simulated path, that the second VM is unreachable from the first VM. The method further includes, based on determining that the second VM is unreachable from the first VM, generating a reachability report, the reachability report including each hop of the plurality of hops of the simulated path, and a rationale that the second VM is unreachable from the first VM, and providing the reachability report to the user device.

公开(公告)号：US20240187379A1

公开(公告)日：2024-06-06

申请号：US18443233

申请日：2024-02-15

Applicant: Google LLC

Inventor： Kan Cai ,  Vikas Aggarwal ,  Gargi Adhav ,  Rajendra Yavatkar ,  Ning Zhao ,  Vishal Gupta

IPC: H04L9/40 ,  G06F9/54 ,  G06N20/00 ,  H04L41/14 ,  H04L41/16 ,  H04L43/026

CPC classification number: H04L63/0263 ,  G06F9/547 ,  G06N20/00 ,  H04L41/145 ,  H04L41/16 ,  H04L43/026 ,  H04L63/1425

Abstract: A firewall intelligence system, includes a data storage storing a set of firewall rules for a network; a recommendation engine that receives, from a log service, traffic logs detailing traffic for the network and firewall logs detailing the usage of firewall rules in response to the traffic for the network, accesses, from the data storage, the set of firewall rules for the network; processes the set of firewall rules to evaluate the firewall rules against a set of quantitative evaluation rules to determine one or more firewall rule recommendations, wherein each firewall rule recommendation is a recommendation to change at least one of the firewall rules in the set of firewall rules; and a front end API that provides data describing the one or more firewall rule recommendations to a user device.

公开(公告)号：US11799822B2

公开(公告)日：2023-10-24

申请号：US17581357

申请日：2022-01-21

Applicant: Google LLC

Inventor： Mukta Gupta ,  Alok Kumar ,  Gargi Adhav ,  Yuquan Jiang ,  Aakash Bhushan Arora ,  Shijeesh Nharappadath Sankaranathan ,  Marco Leogrande ,  Salomon Sonny Ben-Shimon

IPC: H04L61/256 ,  G06F9/455 ,  H04L61/2517 ,  H04L61/5007

CPC classification number: H04L61/256 ,  G06F9/45558 ,  H04L61/2517 ,  H04L61/5007 ,  G06F2009/4557 ,  G06F2009/45595

Abstract: Aspects of the disclosure provide for a proxyless NAT infrastructure with dynamic port allocation. A proxyless NAT infrastructure is configured to perform NAT between a network of virtual machines (VMs) and a device external to the network, without a device, such as a NAT server or a router, acting as a proxy. A system can include a control plane for provisioning VMs of a network, including configuring each VM to perform NAT and initially assigning a number of ports for communicating with other devices. The control plane maintains a feedback loop-receiving data characterizing port usage and network traffic at ports allocated to the various VMs and scaling the port allocation for each VM based on the received data. The control plane can allocate additional ports as determined to be needed by a VM, and later retrieve the ports to be reused for other VMs.