公开(公告)号：US11757928B2

公开(公告)日：2023-09-12

申请号：US17009283

申请日：2020-09-01

Applicant: Equinix, Inc.

Inventor： Juxiang Teng ,  Muhammad Durrani ,  Rupinder Singh Randhawa

IPC: H04L29/06 ,  H04L9/40 ,  H04L12/46 ,  H04L45/122 ,  H04L12/66

CPC classification number: H04L63/1458 ,  H04L12/4641 ,  H04L12/66 ,  H04L45/122 ,  H04L63/0236 ,  H04L63/20 ,  H04L2463/141

Abstract: The techniques described in this disclosure provide resilient and reactive on-demand Distributed Denial-of-Service (DDoS) mitigation services using an exchange. For example, an exchange comprises a first virtual network for switching mixed traffic (including dirty (DDoS) traffic and clean (non-DDoS) traffic)) from one or more networks to one or more DDoS scrubbing centers; and a second virtual network for switching the clean traffic from the one or more DDoS scrubbing centers to the one or more networks, wherein the exchange is configured to receive the mixed traffic from the one or more networks and switch, using the first virtual network, the mixed traffic to a selected DDoS scrubbing center of the one or more DDoS scrubbing centers, and wherein the exchange is configured to receive the clean traffic from the selected DDoS scrubbing center and switch, using the second virtual network, the clean traffic to the one or more networks.

公开(公告)号：US20230231817A1

公开(公告)日：2023-07-20

申请号：US18186682

申请日：2023-03-20

Applicant: Equinix, Inc.

Inventor： Muhammad Durrani ,  Jayanthi Jayaraman ,  Syed Hashim Iqbal ,  Janardhana Achladi ,  Rizwan Jamal ,  John Hanahan

IPC: H04L47/70 ,  H04L47/80

CPC classification number: H04L47/823 ,  H04L47/80

Abstract: Techniques for tenant-driven dynamic resource allocation in network functions virtualization infrastructure (NFVI). In one example, an orchestration system is operated by a data center provider for a data center and that orchestration system comprises processing circuitry coupled to a memory; logic stored in the memory and configured for execution by the processing circuitry, wherein the logic is operative to: compute an aggregate bandwidth for a plurality of flows associated with a tenant of the data center provider and processed by a virtual network function, assigned to the tenant, executing on a server of the data center; and modify, based on the aggregate bandwidth, an allocation of compute resources of the server executing the virtual network function.

公开(公告)号：US20230224278A1

公开(公告)日：2023-07-13

申请号：US18152016

申请日：2023-01-09

Applicant: Equinix, Inc.

Inventor： Syed Hashim Iqbal ,  Muhammad Durrani

IPC: H04L9/40 ,  H04L12/66 ,  H04L12/46

CPC classification number: H04L63/0272 ,  H04L12/66 ,  H04L12/4633 ,  H04L63/0236 ,  H04L63/0263 ,  H04L63/0428

Abstract: In one example, a method comprises receiving, by a computing device, configuration data defining: an external virtual domain for a network function, the external virtual domain connected to a public network and managed by a provider for the computing device; a virtual domain for the network function, the virtual domain separate from the external virtual domain, configured with a secure tunnel interface, connected to a customer network, and managed by a customer of the provider for the computing device; forwarding, by the external virtual domain implementing a route-based virtual private network, encrypted network traffic, received from the public network via a secure tunnel, to the secure tunnel interface configured in the virtual domain; decrypting, by the virtual domain, the encrypted network traffic to generate network traffic; and forwarding, by the virtual domain, the network traffic to the customer network.

公开(公告)号：US20230101909A1

公开(公告)日：2023-03-30

申请号：US18061731

申请日：2022-12-05

Applicant: Equinix, Inc.

Inventor： Syed Hashim Iqbal ,  Muhammad Durrani ,  Janardhana Achladi ,  Rizwan Jamal

IPC: G06F9/455 ,  H04L41/0803 ,  H04L41/0893 ,  H04L61/256 ,  H04L9/40 ,  H04L12/46

Abstract: Techniques for virtualized network functions (VNFs) that provide for domain isolation of networks coupled to the VNF are described. A virtual network function (VNF) includes a cloud virtual domain coupling the VNF to a cloud service, a management virtual domain coupling the VNF to a management service, and an external virtual domain having a public Internet Protocol (IP) address. The external virtual domain receives an authentication request providing access credentials for a VNF customer from a cloud client device, provides the authentication request to the management service via the management virtual domain, receives an authentication response from the management service, and, in response to determining that the VNF customer access credentials are valid, initiates application of a policy that allows the cloud client device to configure the cloud virtual domain or the cloud service and disallows configuration of the external virtual domain and the management virtual domain.

公开(公告)号：US11611517B2

公开(公告)日：2023-03-21

申请号：US16888280

申请日：2020-05-29

Applicant: Equinix, Inc.

Inventor： Muhammad Durrani ,  Jayanthi Jayaraman ,  Syed Hashim Iqbal ,  Janardhana Achladi ,  Rizwan Jamal ,  John Hanahan

IPC: G06F9/455 ,  H04L29/12 ,  H04L12/911 ,  H04L12/24 ,  H04L47/70 ,  H04L47/80

Abstract: Techniques for tenant-driven dynamic resource allocation in network functions virtualization infrastructure (NFVI). In one example, an orchestration system is operated by a data center provider for a data center and that orchestration system comprises processing circuitry coupled to a memory; logic stored in the memory and configured for execution by the processing circuitry, wherein the logic is operative to: compute an aggregate bandwidth for a plurality of flows associated with a tenant of the data center provider and processed by a virtual network function, assigned to the tenant, executing on a server of the data center; and modify, based on the aggregate bandwidth, an allocation of compute resources of the server executing the virtual network function.

公开(公告)号：US11520615B1

公开(公告)日：2022-12-06

申请号：US16836777

申请日：2020-03-31

Applicant: Equinix, Inc.

Inventor： Syed Hashim Iqbal ,  Muhammad Durrani ,  Janardhana Achladi ,  Rizwan Jamal

IPC: G06F9/455 ,  H04L41/0803 ,  H04L41/0893 ,  H04L61/256 ,  H04L9/40 ,  H04L12/46

Abstract: Techniques for virtualized network functions (VNFs) that provide for domain isolation of networks coupled to the VNF are described. A virtual network function (VNF) includes a cloud virtual domain coupling the VNF to a cloud service, a management virtual domain coupling the VNF to a management service, and an external virtual domain having a public Internet Protocol (IP) address. The external virtual domain receives an authentication request providing access credentials for a VNF customer from a cloud client device, provides the authentication request to the management service via the management virtual domain, receives an authentication response from the management service, and, in response to determining that the VNF customer access credentials are valid, initiates application of a policy that allows the cloud client device to configure the cloud virtual domain or the cloud service and disallows configuration of the external virtual domain and the management virtual domain.

公开(公告)号：US11985133B1

公开(公告)日：2024-05-14

申请号：US17131394

申请日：2020-12-22

Applicant: Equinix, Inc.

Inventor： Syed Hashim Iqbal ,  Muhammad Durrani

IPC: H04L9/40

CPC classification number: H04L63/102 ,  H04L63/1408

Abstract: This disclosure describes techniques that include filtering or gating access to a network based on attributes or an evaluation of the network destination. In one example, this disclosure describes a method that includes receiving, by a computing system and from a client device, a request for information about a network destination; identifying, by the computing system and based on the request, an address associated with the network destination; evaluating, by the computing system, the address to determine whether the address passes a plurality of tests; responsive to determining that the address passes the plurality of tests, storing the address, by the computing system, as one of a plurality of scrutinized addresses; outputting, by the computing system and to the client device, the address.

公开(公告)号：US11711317B1

公开(公告)日：2023-07-25

申请号：US17645113

申请日：2021-12-20

Applicant: Equinix, Inc.

Inventor： John Brant Hanahan ,  Muhammad Durrani ,  Vikrant Yadav ,  Sathish Chandra Sanga

IPC: H04L47/21 ,  H04L47/70 ,  H04L67/00 ,  H04L47/74 ,  H04L67/01

CPC classification number: H04L47/827 ,  H04L47/745 ,  H04L47/821 ,  H04L47/825 ,  H04L67/01 ,  H04L67/34

Abstract: In general, techniques are described for network connectivity for non-colocated customers of a cloud exchange. A programmable network platform for the cloud exchange comprises processing circuitry configured to: configure a virtual network device in the data center to run a network service for a customer; receive, from the customer, a request for a remote port and network information for a network service provider connectivity service for the customer; assign, in response to receiving the request for the remote port, a remote port of the cloud exchange to the customer; and configure, in response to receiving the request for the remote port using the network information, the cloud exchange to connect the network service provider connectivity service to the virtual network device via the remote port of the cloud exchange.

公开(公告)号：US11228573B1

公开(公告)日：2022-01-18

申请号：US15917203

申请日：2018-03-09

Applicant: Equinix, Inc.

Inventor： Venkatachalam Rangasamy ,  Muhammad Durrani ,  Ashwin Kamath

IPC: H04L29/06 ,  G06F9/54 ,  H04L29/08 ,  G06F21/62 ,  H04L9/08 ,  H04L9/32 ,  H04L12/46

Abstract: An Application Programming Interface (API) exchange located within a data center is configured to receive, from a customer, a request for access to one or more APIs corresponding to respective service provider networks and to which the API exchange provides access. Based on the request for access, the API exchange bundles the one or more APIs into an API bundle, generates a unique subscription key for accessing the API bundle, and sends the unique subscription key to the customer. The API exchange receives, from the customer, a service request for invoking a requested API of the API bundle, the service request including the unique subscription key. Upon authorizing the service request to access the API bundle based on the unique subscription key, the API exchange sends the service request to the service provider network corresponding to the requested API.

公开(公告)号：US11218424B1

公开(公告)日：2022-01-04

申请号：US17138469

申请日：2020-12-30

Applicant: Equinix, Inc.

Inventor： John Brant Hanahan ,  Muhammad Durrani ,  Vikrant Yadav ,  Sathish Chandra Sanga

IPC: H04L29/08 ,  H04L12/911 ,  H04L29/06

Abstract: In general, techniques are described for network connectivity for non-colocated customers of a cloud exchange. A programmable network platform for the cloud exchange comprises processing circuitry configured to: configure a virtual network device in the data center to run a network service for a customer; receive, from the customer, a request for a remote port and network information for a network service provider connectivity service for the customer; assign, in response to receiving the request for the remote port, a remote port of the cloud exchange to the customer; and configure, in response to receiving the request for the remote port using the network information, the cloud exchange to connect the network service provider connectivity service to the virtual network device via the remote port of the cloud exchange.