公开(公告)号：US10104039B1

公开(公告)日：2018-10-16

申请号：US15719537

申请日：2017-09-28

Applicant: Cloudflare, Inc.

Inventor： Dane Orion Knecht ,  John Graham-Cumming ,  Dani Grant ,  Christopher Philip Branch ,  Tom Paseka

IPC: H04L29/12 ,  H04L29/08 ,  H04L12/46 ,  H04W28/02 ,  H04L29/06

Abstract: An edge server of a distributed edge compute and routing service receives a tunnel connection request from a tunnel client residing on an origin server, that requests a tunnel be established between the edge server and the tunnel client. The request identifies the hostname that is to be tunneled. An IP address is assigned for the tunnel. DNS record(s) are added or changed that associate the hostname with the assigned IP address. Routing rules are installed in the edge servers of the distributed edge compute and routing service to reach the edge server for the tunneled hostname. The edge server receives a request for a resource of the tunneled hostname from another edge server that received the request from a client, where the other edge server is not connected to the origin server. The request is transmitted from the edge server to the origin server over the tunnel.

公开(公告)号：US12192094B2

公开(公告)日：2025-01-07

申请号：US17509904

申请日：2021-10-25

Applicant: CLOUDFLARE, INC.

Inventor： Christopher Philip Branch

IPC: H04L45/12 ,  H04L9/40 ,  H04L45/02 ,  H04L45/74

Abstract: A client device establishes a first VPN connection with a VPN server. Traffic is sent from the client device through the first VPN connection that is destined to a different client device that has a second VPN connection with the VPN server. The client device receives a public network address of the different client device and routing metrics from the VPN server. Based at least in part on the routing metrics, the client device determines an optimal route to the different client device, where the optimal route is a connection between the client device and the different client device that does not traverse the VPN server. The client device establishes a VPN connection with the different client device and transmits traffic to that different client device using the VPN connection using the public network address of the different client device.

公开(公告)号：US11563685B2

公开(公告)日：2023-01-24

申请号：US17560121

申请日：2021-12-22

Applicant: CLOUDFLARE, INC.

Inventor： Christopher Philip Branch ,  Dane Orion Knecht

IPC: H04L45/745 ,  H04L12/46 ,  H04L67/10 ,  H04L67/01 ,  H04L67/56

Abstract: Method and apparatus for traffic optimization in virtual private networks (VPNs). A client device establishes a first VPN connection with a first server based on first VPN credentials. Traffic is transmitted and received through the first VPN connection to and from the first server. A second server is identified based on traffic optimization criteria that need to be satisfied by the VPN connection. Upon receipt of the identification of the second server the client device is to use the second server as a destination of a second VPN connection. The second VPN connection satisfies a set of traffic optimization goals for at least one flow from the flows forwarded through the first VPN connection. Based on the identification of the second server, the client device establishes the second VPN connection for the flow between the client device and the second server.

公开(公告)号：US11159420B2

公开(公告)日：2021-10-26

申请号：US16387431

申请日：2019-04-17

Applicant: CLOUDFLARE, INC.

Inventor： Christopher Philip Branch

IPC: H04L12/721 ,  H04L29/06 ,  H04L12/751 ,  H04L12/741

Abstract: A method and a VPN server for VPN route optimization are described. The VPN server establishes a first VPN connection with a first client device and a second VPN connection with a second client device. The VPN server determines that the first and second client devices are part of a same local network; and responsive to determining that the first and the second client devices are part of the same local network, transmits, to the first client device through the first VPN connection, a second public network address of the second client device, and to the second client device through the second VPN connection, a first public network address of the first client device. The transmission of the first and second public network addresses causes the first client device to determine an optimal route from the first client device to the second client device for the traffic in the VPN.

公开(公告)号：US20210203728A1

公开(公告)日：2021-07-01

申请号：US17138396

申请日：2020-12-30

Applicant: CLOUDFLARE, INC.

Inventor： Christopher Philip Branch

IPC: H04L29/08 ,  H04L7/00 ,  H04L29/06

Abstract: A TCP intermediate device receives a first SYN packet from a TCP client to establish a TCP connection between the TCP client and a TCP origin server. Prior to the TCP connection being fully established, the TCP intermediate device transmits a second SYN packet to the TCP origin server. The TCP intermediate device transmits a first SYN-ACK packet to the TCP client. The TCP intermediate device receives a first ACK packet from the TCP client. The TCP intermediate device receives a second SYN-ACK packet from the TCP origin server. The TCP intermediate device transmits a second ACK packet to the TCP origin server as part of establishing the third TCP connection.

公开(公告)号：US20200314212A1

公开(公告)日：2020-10-01

申请号：US16836613

申请日：2020-03-31

Applicant: CLOUDFLARE, INC.

Inventor： Christopher Philip Branch ,  Naga Sunil Tripirineni ,  Rustam Xing Lalkaka ,  Nick Wondra ,  Mohd Irtefa ,  Matthew Browning Prince ,  Andrew Taylor Plunk ,  Oliver Yu ,  Vlad Krasnov

IPC: H04L29/08 ,  H04L29/06 ,  H04L12/46

Abstract: A request is received from a client device over a Virtual Private Network (VPN) tunnel. The request is received at a first one of a plurality of edge servers of a distributed cloud computing network. A destination of the request is determined and an optimized route for transmitting the request toward an origin server is determined. The optimized route is based at least in part on probe data between edge servers of the distributed cloud computing network. The request is transmitted to a next hop as defined by the optimized route.

公开(公告)号：US10374953B1

公开(公告)日：2019-08-06

申请号：US16253819

申请日：2019-01-22

Applicant: CLOUDFLARE, INC.

Inventor： Christopher Philip Branch ,  Dane Orion Knecht

IPC: H04L12/741 ,  H04L12/46 ,  H04L29/08 ,  H04L29/06

Abstract: Method and apparatus for traffic optimization in virtual private networks (VPNs). A client device establishes a first VPN connection with a first server based on first VPN credentials. Traffic is transmitted and received through the first VPN connection to and from the first server. A second server is identified based on traffic optimization criteria that need to be satisfied by the VPN connection. Upon receipt of the identification of the second server the client device is to use the second server as a destination of a second VPN connection. The second VPN connection satisfies a set of traffic optimization goals for at least one flow from the flows forwarded through the first VPN connection. Based on the identification of the second server, the client device establishes the second VPN connection for the flow between the client device and the second server.

公开(公告)号：US20240163350A1

公开(公告)日：2024-05-16

申请号：US18419265

申请日：2024-01-22

Applicant: CLOUDFLARE, INC.

Inventor： Christopher Philip Branch ,  Naga Sunil Tripirineni ,  Rustam Xing Lalkaka ,  Nick Wondra ,  Mohd Irtefa ,  Matthew Browning Prince ,  Andrew Taylor Plunk ,  Oliver Yu ,  Vlad Krasnov

IPC: H04L67/63 ,  H04L9/40 ,  H04L12/46 ,  H04L67/10

CPC classification number: H04L67/63 ,  H04L12/4633 ,  H04L12/4641 ,  H04L63/0272 ,  H04L67/10

Abstract: A request is received from a client device over a Virtual Private Network (VPN) tunnel. The request is received at a first one of a plurality of edge servers of a distributed cloud computing network. A destination of the request is determined and an optimized route for transmitting the request toward an origin server is determined. The optimized route is based at least in part on probe data between edge servers of the distributed cloud computing network. The request is transmitted to a next hop as defined by the optimized route.

公开(公告)号：US11863448B2

公开(公告)日：2024-01-02

申请号：US18158694

申请日：2023-01-24

Applicant: CLOUDFLARE, INC.

Inventor： Christopher Philip Branch ,  Dane Orion Knecht

IPC: H04L45/745 ,  H04L12/46 ,  H04L67/10 ,  H04L67/01 ,  H04L67/56

CPC classification number: H04L45/745 ,  H04L12/4633 ,  H04L12/4641 ,  H04L67/01 ,  H04L67/10 ,  H04L67/56

Abstract: Traffic optimization in virtual private networks (VPNs) is described. A client device establishes a first VPN connection with a first server according to a first VPN route configuration that specifies a first VPN route to the first server. Flow(s) of traffic is forwarded through the first VPN connection to the first server. The client device receives a second VPN route configuration that specifies a second VPN route to a second server of the plurality of servers for establishing a second VPN connection, where the second VPN connection satisfies a set of traffic optimization criteria. The client device establishes the second VPN connection with the second server according to the second VPN route configuration. Traffic is forwarded through the second VPN connection to the second server.

公开(公告)号：US11316825B2

公开(公告)日：2022-04-26

申请号：US16883116

申请日：2020-05-26

Applicant: CLOUDFLARE, INC.

Inventor： Dane Orion Knecht ,  John Graham-Cumming ,  Dani Grant ,  Christopher Philip Branch ,  Tom Paseka

IPC: H04L61/2592 ,  H04L61/4511 ,  H04L67/02 ,  H04L67/01 ,  H04L12/46 ,  H04L67/1031 ,  H04L67/10 ,  H04L67/1017 ,  H04L61/5007

Abstract: An edge server of a distributed edge compute and routing service receives a tunnel connection request from a tunnel client residing on an origin server, that requests a tunnel be established between the edge server and the tunnel client. The request identifies the hostname that is to be tunneled. An IP address is assigned for the tunnel. DNS record(s) are added or changed that associate the hostname with the assigned IP address. Routing rules are installed in the edge servers of the distributed edge compute and routing service to reach the edge server for the tunneled hostname. The edge server receives a request for a resource of the tunneled hostname from another edge server that received the request from a client, where the other edge server is not connected to the origin server. The request is transmitted from the edge server to the origin server over the tunnel.