-
公开(公告)号:US20220385639A1
公开(公告)日:2022-12-01
申请号:US17884068
申请日:2022-08-09
IPC分类号: H04L9/40 , H04L45/64 , H04L12/46 , H04L45/02 , H04L47/193
摘要: A mechanism to facilitate a private network (VPN)-as-a-service, preferably within the context of an overlay IP routing mechanism implemented within an overlay network. A network-as-a-service customer operates endpoints that are desired to be connected to one another securely and privately using the overlay IP (OIP) routing mechanism. The overlay provides delivery of packets end-to-end between overlay network appliances positioned at the endpoints. During such delivery, the appliances are configured such that the data portion of each packet has a distinct encryption context from the encryption context of the TCP/IP portion of the packet. By establishing and maintaining these distinct encryption contexts, the overlay network can decrypt and access the TCP/IP flow. This enables the overlay network provider to apply one or more TCP optimizations. At the same time, the separate encryption contexts ensure the data portion of each packet is never available in the clear at any point during transport.
-
公开(公告)号:US20210352017A1
公开(公告)日:2021-11-11
申请号:US17381106
申请日:2021-07-20
IPC分类号: H04L12/803 , H04L29/06 , H04L29/08 , H04L12/46
摘要: A mechanism to facilitate a private network (VPN)-as-a-service, preferably within the context of an overlay IP routing mechanism implemented within an overlay network. The overlay provides delivery of packets end-to-end between overlay network appliances positioned at the endpoints. During such delivery, the appliances are configured such that the data portion of each packet has a distinct encryption context from the encryption context of the TCP/IP portion of the packet. By establishing and maintaining these distinct encryption contexts, the overlay network can decrypt and access the TCP/IP flow. This enables the overlay network provider to apply one or more TCP optimizations. At the same time, the separate encryption contexts ensure the data portion of each packet is never available in the clear at any point during transport. According to another feature, data flows within the overlay directed to a particular edge region may be load-balanced while still preserving IPsec replay protection.
-
公开(公告)号:US10270809B2
公开(公告)日:2019-04-23
申请号:US14558536
申请日:2014-12-02
摘要: A mechanism to facilitate a private network (VPN)-as-a-service, preferably within the context of an overlay IP routing mechanism implemented within an overlay network. A network-as-a-service customer operates endpoints that are desired to be connected to one another securely and privately using the overlay IP (OIP) routing mechanism. The overlay provides delivery of packets end-to-end between overlay network appliances positioned at the endpoints. During such delivery, the appliances are configured such that the data portion of each packet has a distinct encryption context from the encryption context of the TCP/IP portion of the packet. By establishing and maintaining these distinct encryption contexts, the overlay network can decrypt and access the TCP/IP flow. This enables the overlay network provider to apply one or more TCP optimizations. At the same time, the separate encryption contexts ensure the data portion of each packet is never available in the clear at any point during transport.
-
公开(公告)号:US20170195161A1
公开(公告)日:2017-07-06
申请号:US15392649
申请日:2016-12-28
发明人: Ryan Ruel , Fardad Farahmand , Brandon O. Williams
CPC分类号: H04L29/06959 , H04L12/4633 , H04L29/06612 , H04L61/1511 , H04L61/2514 , H04L63/0272 , H04L63/0485 , H04L63/061 , H04L63/068 , H04L63/164 , H04L63/20
摘要: This disclosure relates to enhanced overlay network-based transport of traffic to and from customer branch office locations, facilitated through the use of the Internet-based overlay routing. A method of selecting an ingress edge region of the overlay network begins by mapping a service hostname to an IKEv2 destination of an outer IPsec tunnel associated with a first overlay network edge. An IKEv2 session is established from the first overlay network edge to the customer router. Upon tunnel establishment, a secondary lookup is performed to determine whether the first overlay network edge is an appropriate ingress region. Based on a response to the secondary lookup, a IKEv2 redirect is issued to a second overlay network edge. A new tunnel is then established from the second overlay network edge to the customer router. Thereafter, an additional lookup may also be performed to determine whether the second overlay network edge remains an appropriate ingress region.
-
5.发明申请Virtual private network (VPN)-as-a-service with delivery optimizations while maintaining end-to-end data security 审中-公开虚拟专用网络(VPN)-as-a-service,具有优化交付,同时保持端到端的数据安全公开(公告)号:US20150188943A1
公开(公告)日:2015-07-02
申请号:US14558536
申请日:2014-12-02
IPC分类号: H04L29/06
CPC分类号: H04L63/164 , H04L12/4633 , H04L63/0272 , H04L63/0471
摘要: A mechanism to facilitate a private network (VPN)-as-a-service, preferably within the context of an overlay IP routing mechanism implemented within an overlay network. A network-as-a-service customer operates endpoints that are desired to be connected to one another securely and privately using the overlay IP (OIP) routing mechanism. The overlay provides delivery of packets end-to-end between overlay network appliances positioned at the endpoints. During such delivery, the appliances are configured such that the data portion of each packet has a distinct encryption context from the encryption context of the TCP/IP portion of the packet. By establishing and maintaining these distinct encryption contexts, the overlay network can decrypt and access the TCP/IP flow. This enables the overlay network provider to apply one or more TCP optimizations. At the same time, the separate encryption contexts ensure the data portion of each packet is never available in the clear at any point during transport.
摘要翻译: 优选地在覆盖网络内实现的覆盖IP路由机制的上下文中促进私有网络(VPN)的一种服务的机制。 网络即服务客户使用覆盖IP(OIP)路由机制来操作期望彼此安全地和私下地连接的端点。 覆盖层提供在端点之间的覆盖网络设备之间端对端传递数据包。 在这种传送期间,设备被配置为使得每个分组的数据部分具有来自分组的TCP / IP部分的加密上下文的不同的加密上下文。 通过建立和维护这些不同的加密上下文,覆盖网络可以解密和访问TCP / IP流。 这使覆盖网络提供商能够应用一个或多个TCP优化。 同时,单独的加密上下文确保每个数据包的数据部分在传输过程中的任何时刻都不会清除。
-
公开(公告)号:US11924491B2
公开(公告)日:2024-03-05
申请号:US17706805
申请日:2022-03-29
发明人: Brandon O. Williams , Liza Alenchery , Yixin Jin
IPC分类号: H04N21/266 , H04L9/00 , H04L9/32 , H04L9/40 , H04L12/46 , H04L45/64 , H04N21/6334
CPC分类号: H04N21/26613 , H04L9/006 , H04L9/3242 , H04L12/4633 , H04L45/64 , H04L63/0272 , H04L63/061 , H04L63/0815 , H04L63/123 , H04N21/63345 , H04L2463/061
摘要: The techniques herein provide for enhanced overlay network-based transport of traffic, such as IPsec traffic, e.g., to and from customer branch office locations, facilitated through the use of the Internet-based overlay routing infrastructure. This disclosure describes a method of providing integrity protection for traffic on the overlay network.
-
公开(公告)号:US11411996B2
公开(公告)日:2022-08-09
申请号:US16391351
申请日:2019-04-23
摘要: A mechanism to facilitate a private network (VPN)-as-a-service, preferably within the context of an overlay IP routing mechanism implemented within an overlay network. A network-as-a-service customer operates endpoints that are desired to be connected to one another securely and privately using the overlay IP (OIP) routing mechanism. The overlay provides delivery of packets end-to-end between overlay network appliances positioned at the endpoints. During such delivery, the appliances are configured such that the data portion of each packet has a distinct encryption context from the encryption context of the TCP/IP portion of the packet. By establishing and maintaining these distinct encryption contexts, the overlay network can decrypt and access the TCP/IP flow. This enables the overlay network provider to apply one or more TCP optimizations. At the same time, the separate encryption contexts ensure the data portion of each packet is never available in the clear at any point during transport.
-
公开(公告)号:US20200153882A1
公开(公告)日:2020-05-14
申请号:US16747267
申请日:2020-01-20
摘要: A method of multicasting real-time video is described. The method begins by establishing a multicast network of machines capable of ingress, forwarding and broadcasting traffic, together with a mapping infrastructure. The multicast network preferably comprises a portion of an overlay network, such as a content delivery network (CDN). A video stream is published to the multicast network by (a) using the mapping infrastructure to find an ingress node in the multicast network, and then receiving the video stream from a publisher at the ingress node. One or more subscribers then subscribe to the video stream. In particular, and for subscriber, this subscription is carried out by (a) using the mapping infrastructure to find an egress node for the requesting client, and then delivering the video stream to the subscriber from the egress node. Preferably, the publisher and each subscriber use WebRTC to publish or consume the video stream, and video stream is consumed in a videoconference.
-
公开(公告)号:US20170195217A1
公开(公告)日:2017-07-06
申请号:US15393299
申请日:2016-12-29
发明人: Vinodkumar Parasmal , Parthasarathy Narayanan , Maswood Ahmed Basheer Ahamed , Brandon O. Williams
IPC分类号: H04L12/725 , H04L29/08 , H04W28/02 , H04L29/06 , H04L12/813 , H04L12/707 , H04L12/851
CPC分类号: H04L45/302 , H04L12/4633 , H04L45/64 , H04L47/20 , H04L47/24 , H04L65/80 , H04L67/02 , H04L67/1002 , H04L67/2842 , H04L67/289 , H04L67/322 , H04W28/0268
摘要: The techniques herein provide for enhanced overlay network-based transport of traffic, such as IPsec traffic, e.g., to and from customer branch office locations, facilitated through the use of the Internet-based overlay routing infrastructure. This disclosure in particular describes a method of managing and enforcing quality-of-service (QoS) in an Internet-based overlay network shared by a set of content provider customer entities. For each entity having a customer branch, the customer branch is coupled to the Internet-based overlay routing network. A quality-of-service (QoS) policy is configured for the customer. According to the method, utilization of the Internet-based overlay network against the configured QoS policy is then monitored. The QoS is then enforced for the customer and at least one other customer, based in part on the QoS policies.
-
10.发明申请Virtual private network (VPN)-as-a-service with load-balanced tunnel endpoints 有权具有负载均衡的隧道端点的虚拟专用网(VPN)-as-a-service公开(公告)号:US20150188823A1
公开(公告)日:2015-07-02
申请号:US14559745
申请日:2014-12-03
IPC分类号: H04L12/803 , H04L29/08 , H04L29/06 , H04L12/46 , H04L12/931
CPC分类号: H04L47/125 , H04L12/4633 , H04L63/0272 , H04L63/164 , H04L67/1023
摘要: A mechanism to facilitate a private network (VPN)-as-a-service, preferably within the context of an overlay IP routing mechanism implemented within an overlay network. The overlay provides delivery of packets end-to-end between overlay network appliances positioned at the endpoints. During such delivery, the appliances are configured such that the data portion of each packet has a distinct encryption context from the encryption context of the TCP/IP portion of the packet. By establishing and maintaining these distinct encryption contexts, the overlay network can decrypt and access the TCP/IP flow. This enables the overlay network provider to apply one or more TCP optimizations. At the same time, the separate encryption contexts ensure the data portion of each packet is never available in the clear at any point during transport. According to another feature, data flows within the overlay directed to a particular edge region may be load-balanced while still preserving IPsec replay protection.
摘要翻译: 优选地在覆盖网络内实现的覆盖IP路由机制的上下文中促进私有网络(VPN)的一种服务的机制。 覆盖层提供在端点之间的覆盖网络设备之间端对端传递数据包。 在这种传送期间,设备被配置为使得每个分组的数据部分具有来自分组的TCP / IP部分的加密上下文的不同的加密上下文。 通过建立和维护这些不同的加密上下文,覆盖网络可以解密和访问TCP / IP流。 这使覆盖网络提供商能够应用一个或多个TCP优化。 同时,单独的加密上下文确保每个数据包的数据部分在传输过程中的任何时刻都不会清除。 根据另一特征,定向到特定边缘区域的覆盖内的数据流可以是负载平衡的,同时保持IPsec重放保护。
-
-
-
-
-
-
-
-
-
搜索结果
35 条记录 (耗时 0.017 秒)
