公开(公告)号：US11489948B2

公开(公告)日：2022-11-01

申请号：US16730851

申请日：2019-12-30

Applicant: CLOUDFLARE, INC.

Inventor： Michael John Vanderwater ,  Nicholas Alexander Wondra

IPC: H04L29/08 ,  H04L69/329 ,  H04L69/163 ,  H04W88/06 ,  H04L69/08 ,  H04L67/56

Abstract: Method and network elements (NEs) for enabling reliable application layer data transmission through an unreliable network are described. A proxy NE receives from a first NE through a first transport protocol connection first application layer data. The proxy NE transmits the first application layer data through a second transport protocol connection towards the second NE. The proxy NE receives from the first NE through the first transport protocol connection second application layer data that is destined to the second NE. Responsive to determining that there are no transport protocol connections for transmitting the second application layer date, the proxy NE stores the second application layer data in the first proxy NE. Responsive to determining that a third transport protocol connection is established towards the second NE, the proxy NE transmits the second application layer data through the third transport protocol connection towards the second NE.

公开(公告)号：US20220006671A1

公开(公告)日：2022-01-06

申请号：US17481177

申请日：2021-09-21

Applicant: CLOUDFLARE, INC.

Inventor： Nicholas Alexander Wondra ,  Achiel Paul van der Mandele ,  Alexander Forster ,  Eric Reeves ,  Joaquin Madruga ,  Rustam Xing Lalkaka ,  Marek Przemyslaw Majkowski

IPC: H04L12/46 ,  H04L29/12

Abstract: A GRE tunnel is configured between multiple computing devices of a distributed cloud computing network and a single origin router of the origin network. The GRE tunnel has a first GRE endpoint that has an IP address that is shared among the computing devices of the distribute cloud computing network and a second GRE endpoint that has a publicly routable IP address of the origin router. A first computing device receives an IP packet from a client that is destined to an origin server. The first computing device processes the received IP packet and encapsulates the IP packet inside an outer packet to generate a GRE encapsulated packet whose source address is the first GRE endpoint and the destination address is the second GRE endpoint. The GRE encapsulated packet is transmitted over the GRE tunnel to the single origin router.

公开(公告)号：US20210051044A1

公开(公告)日：2021-02-18

申请号：US16993181

申请日：2020-08-13

Applicant: CLOUDFLARE, INC.

Inventor： Nicholas Alexander Wondra ,  Achiel Paul van der Mandele ,  Alexander Forster ,  Eric Reeves ,  Joaquin Madruga ,  Rustam Xing Lalkaka ,  Marek Przemyslaw Majkowski

IPC: H04L12/46 ,  H04L29/12

Abstract: A GRE tunnel is configured between multiple computing devices of a distributed cloud computing network and a single origin router of the origin network. The GRE tunnel has a first GRE endpoint that has an IP address that is shared among the computing devices of the distribute cloud computing network and a second GRE endpoint that has a publicly routable IP address of the origin router. A first computing device receives an IP packet from a client that is destined to an origin server. The first computing device processes the received IP packet and encapsulates the IP packet inside an outer packet to generate a GRE encapsulated packet whose source address is the first GRE endpoint and the destination address is the second GRE endpoint. The GRE encapsulated packet is transmitted over the GRE tunnel to the single origin router.

公开(公告)号：US20240179026A1

公开(公告)日：2024-05-30

申请号：US18434031

申请日：2024-02-06

Applicant: CLOUDFLARE, INC.

Inventor： Nicholas Alexander Wondra ,  Achiel Paul van der Mandele ,  Alexander Forster ,  Eric Reeves ,  Joaquin Madruga ,  Rustam Xing Lalkaka ,  Marek Przemyslaw Majkowski

IPC: H04L12/46 ,  H04L101/618

CPC classification number: H04L12/4633 ,  H04L2101/618

Abstract: A GRE tunnel is configured between multiple computing devices of a distributed cloud computing network and a single origin router of the origin network. The GRE tunnel has a first GRE endpoint that has an IP address that is shared among the computing devices of the distribute cloud computing network and a second GRE endpoint that has a publicly routable IP address of the origin router. A first computing device receives an IP packet from a client that is destined to an origin server. The first computing device processes the received IP packet and encapsulates the IP packet inside an outer packet to generate a GRE encapsulated packet whose source address is the first GRE endpoint and the destination address is the second GRE endpoint. The GRE encapsulated packet is transmitted over the GRE tunnel to the single origin router.

公开(公告)号：US11894947B2

公开(公告)日：2024-02-06

申请号：US18067713

申请日：2022-12-18

Applicant: CLOUDFLARE, INC.

Inventor： Nicholas Alexander Wondra ,  Achiel Paul van der Mandele ,  Alexander Forster ,  Eric Reeves ,  Joaquin Madruga ,  Rustam Xing Lalkaka ,  Marek Przemyslaw Majkowski

IPC: H04L12/46 ,  H04L101/618

CPC classification number: H04L12/4633 ,  H04L2101/618

Abstract: A GRE tunnel is configured between multiple computing devices of a distributed cloud computing network and a single origin router of the origin network. The GRE tunnel has a first GRE endpoint that has an IP address that is shared among the computing devices of the distribute cloud computing network and a second GRE endpoint that has a publicly routable IP address of the origin router. A first computing device receives an IP packet from a client that is destined to an origin server. The first computing device processes the received IP packet and encapsulates the IP packet inside an outer packet to generate a GRE encapsulated packet whose source address is the first GRE endpoint and the destination address is the second GRE endpoint. The GRE encapsulated packet is transmitted over the GRE tunnel to the single origin router.

公开(公告)号：US11784912B2

公开(公告)日：2023-10-10

申请号：US15930999

申请日：2020-05-13

Applicant: CLOUDFLARE, INC.

Inventor： Braden Ehrat ,  Jay A. Kreibich ,  Jérôme Fleury ,  Michael Vanderwater ,  Nicholas Alexander Wondra ,  Richard Thompson

IPC: H04L12/721 ,  H04L29/12 ,  H04L45/00 ,  H04L45/44 ,  H04L61/5007

CPC classification number: H04L45/14 ,  H04L45/44 ,  H04L61/5007

Abstract: A request from a client device is received at a first one of a plurality of compute nodes at a first one of a plurality of data centers of a distributed cloud computing network. A destination of the request is determined. An optimized route for transmitting the request toward an origin server that corresponds with the destination of the request is determined, where the optimized route is based on at least in part on probe data between data centers of the distributed cloud computing network for a plurality of transit connections, and where the optimized route has an IP address that encodes an identification of which of the plurality of transit connections is to be used to deliver the request. The request is transmitted to a next hop as defined by the optimized route over the identified one of the plurality of transit connections.

公开(公告)号：US20230134974A1

公开(公告)日：2023-05-04

申请号：US18147573

申请日：2022-12-28

Applicant: CLOUDFLARE, INC.

Inventor： Braden Ehrat ,  Jay A. Kreibich ,  Jérôme Fleury ,  Michael Vanderwater ,  Nicholas Alexander Wondra ,  Richard Thompson

IPC: H04L45/00 ,  H04L45/44 ,  H04L61/5007

Abstract: A request from a client device is received at a first one of a plurality of compute nodes at a first one of a plurality of data centers of a distributed cloud computing network. A destination of the request is determined. An optimized route for transmitting the request toward an origin server that corresponds with the destination of the request is determined, where the optimized route is based on at least in part on probe data between data centers of the distributed cloud computing network for a plurality of transit connections, and where the optimized route has an IP address that encodes an identification of which of the plurality of transit connections is to be used to deliver the request. The request is transmitted to a next hop as defined by the optimized route over the identified one of the plurality of transit connections.

公开(公告)号：US20230045949A1

公开(公告)日：2023-02-16

申请号：US17977381

申请日：2022-10-31

Applicant: CLOUDFLARE, INC.

Inventor： Nicholas Alexander Wondra

IPC: H04L9/40 ,  H04L12/46 ,  H04L67/10

Abstract: Traffic is received at an interface of a compute server. Identity information associated with the traffic is determined including an identifier of a customer to which the traffic is attributable. An egress policy configured for the first customer is used to determine whether the traffic is allowed to be transmitted to a destination where that destination is a resource of a second customer. If the traffic is allowed to be transmitted, the traffic and identity information is transmitted over a cross-customer GRE tunnel to a namespace of the second costumer on the compute server. An ingress policy configured for the second customer is used to determine whether the traffic is allowed to be transmitted to the destination, and if it is, then the traffic is transmitted.

公开(公告)号：US20220303244A1

公开(公告)日：2022-09-22

申请号：US17700058

申请日：2022-03-21

Applicant: CLOUDFLARE, INC.

Inventor： Nicholas Alexander Wondra ,  Igor Postelnik ,  Michael John Vanderwater ,  Adam Simon Chalmers ,  Nuno Miguel Lourenço Diegues ,  Arég Harutyunyan ,  Erich Alfred Heine

IPC: H04L9/40 ,  H04L12/46 ,  H04L67/10

Abstract: A unified network service that connects multiple disparate private networks and end user client devices operating on separate networks is described. The multiple disparate private networks and end user client devices connect to a distributed cloud computing network that provides routing services, security services, and performance services, and that can be controlled consistently regardless of the connection type. The unified network service provides uniform access control at the L3 layer (e.g., at the IP layer) or at a higher layer using user identity information (e.g., a zero-trust model). The disparate private networks are run on top of the distributed cloud computing network. The virtual routing layer of the distributed cloud computing network allows customers of the service to have private resources visible only to client devices (e.g., user devices of the customer and/or server devices of the customer) of the organization while using address space that potentially overlaps with other customers of the distributed cloud computing network.

公开(公告)号：US12294471B2

公开(公告)日：2025-05-06

申请号：US18434031

申请日：2024-02-06

Applicant: CLOUDFLARE, INC.

Inventor： Nicholas Alexander Wondra ,  Achiel Paul van der Mandele ,  Alexander Forster ,  Eric Reeves ,  Joaquin Madruga ,  Rustam Xing Lalkaka ,  Marek Przemyslaw Majkowski

IPC: H04L12/46 ,  H04L101/618

Abstract: A first computing device of a distributed cloud computing network receives an IP packet that is destined to an origin server of an origin network. The first computing device processes the received IP packet and encapsulates the IP packet inside an outer packet to generate an encapsulated packet, where the outer packet has a source IP address that is advertised as an anycast IP address at the distributed cloud computing network, and a destination IP address of an origin router of the origin network. The encapsulated packet is transmitted to the origin router.