公开(公告)号：US12273316B2

公开(公告)日：2025-04-08

申请号：US18392521

申请日：2023-12-21

Applicant: CLOUDFLARE, INC.

Inventor： Marek Przemyslaw Majkowski ,  Braden Michael Ehrat ,  Sergi Isasi ,  Dane Orion Knecht ,  Dina Kozlov ,  Rustam Xing Lalkaka ,  Eric Reeves ,  Oliver Zi-gang Yu

IPC: H04L61/5007

Abstract: A map of IP addresses of a distributed cloud computing network to one or more groupings is stored. The IP addresses are anycast IP addresses for which compute servers of the distributed cloud computing network share. These IP addresses are to be used as source IP addresses when transmitting traffic to destinations external to the cloud computing network. The map is made available to external destinations. Traffic is received at the distributed cloud computing network that is destined to an external destination. An IP address is selected based on the characteristic(s) applicable for the traffic and the map. The distributed cloud computing network transmits the traffic to the external destination using the selected IP address.

公开(公告)号：US20240163350A1

公开(公告)日：2024-05-16

申请号：US18419265

申请日：2024-01-22

Applicant: CLOUDFLARE, INC.

Inventor： Christopher Philip Branch ,  Naga Sunil Tripirineni ,  Rustam Xing Lalkaka ,  Nick Wondra ,  Mohd Irtefa ,  Matthew Browning Prince ,  Andrew Taylor Plunk ,  Oliver Yu ,  Vlad Krasnov

IPC: H04L67/63 ,  H04L9/40 ,  H04L12/46 ,  H04L67/10

CPC classification number: H04L67/63 ,  H04L12/4633 ,  H04L12/4641 ,  H04L63/0272 ,  H04L67/10

Abstract: A request is received from a client device over a Virtual Private Network (VPN) tunnel. The request is received at a first one of a plurality of edge servers of a distributed cloud computing network. A destination of the request is determined and an optimized route for transmitting the request toward an origin server is determined. The optimized route is based at least in part on probe data between edge servers of the distributed cloud computing network. The request is transmitted to a next hop as defined by the optimized route.

公开(公告)号：US11855958B2

公开(公告)日：2023-12-26

申请号：US17903828

申请日：2022-09-06

Applicant: CLOUDFLARE, INC.

Inventor： Marek Przemyslaw Majkowski ,  Braden Michael Ehrat ,  Sergi Isasi ,  Dane Orion Knecht ,  Dina Kozlov ,  Rustam Xing Lalkaka ,  Eric Reeves ,  Oliver Zi-gang Yu

IPC: H04L29/08 ,  H04L29/06 ,  H04L61/5007

CPC classification number: H04L61/5007

Abstract: A map of IP addresses of a distributed cloud computing network to one or more groupings is stored. The IP addresses are anycast IP addresses for which compute servers of the distributed cloud computing network share. These IP addresses are to be used as source IP addresses when transmitting traffic to destinations external to the cloud computing network. The map is made available to external destinations. Traffic is received at the distributed cloud computing network that is destined to an external destination. An IP address is selected based on the characteristic(s) applicable for the traffic and the map. The distributed cloud computing network transmits the traffic to the external destination using the selected IP address.

公开(公告)号：US11647031B2

公开(公告)日：2023-05-09

申请号：US17667372

申请日：2022-02-08

Applicant: CLOUDFLARE, INC.

Inventor： Jonathan Philip Levine ,  Rustam Xing Lalkaka ,  Evan Johnson

IPC: H04L9/40 ,  H04L67/02

CPC classification number: H04L63/1416 ,  H04L63/1433 ,  H04L63/1441 ,  H04L63/1483 ,  H04L67/02

Abstract: An edge server receives a request from a client network application for a web page hosted at an origin server. The edge server transmits the requested web page in a response. The edge server accesses an edge server request log to retrieve a log entry associated with the request for the web page, where the log entry associated with the request for the web page includes information regarding the request and the response. The edge server retrieves one or more characteristics of an asset of the web page, where each characteristics has an expected value. The edge server determines whether the origin server is compromised when a value for a characteristic is not within a threshold range of the expected value for the characteristic of the asset and performs a mitigation action in response.

公开(公告)号：US20230124628A1

公开(公告)日：2023-04-20

申请号：US18067713

申请日：2022-12-18

Applicant: CLOUDFLARE, INC.

Inventor： Nicholas Alexander Wondra ,  Achiel Paul van der Mandele ,  Alexander Forster ,  Eric Reeves ,  Joaquin Madruga ,  Rustam Xing Lalkaka ,  Marek Przemyslaw Majkowski

IPC: H04L12/46

Abstract: A GRE tunnel is configured between multiple computing devices of a distributed cloud computing network and a single origin router of the origin network. The GRE tunnel has a first GRE endpoint that has an IP address that is shared among the computing devices of the distribute cloud computing network and a second GRE endpoint that has a publicly routable IP address of the origin router. A first computing device receives an IP packet from a client that is destined to an origin server. The first computing device processes the received IP packet and encapsulates the IP packet inside an outer packet to generate a GRE encapsulated packet whose source address is the first GRE endpoint and the destination address is the second GRE endpoint. The GRE encapsulated packet is transmitted over the GRE tunnel to the single origin router.

公开(公告)号：US11128491B2

公开(公告)日：2021-09-21

申请号：US16993181

申请日：2020-08-13

Applicant: CLOUDFLARE, INC.

Inventor： Nicholas Alexander Wondra ,  Achiel Paul van der Mandele ,  Alexander Forster ,  Eric Reeves ,  Joaquin Madruga ,  Rustam Xing Lalkaka ,  Marek Przemyslaw Majkowski

IPC: G06F15/16 ,  H04L12/46 ,  H04L29/12

Abstract: A GRE tunnel is configured between multiple computing devices of a distributed cloud computing network and a single origin router of the origin network. The GRE tunnel has a first GRE endpoint that has an IP address that is shared among the computing devices of the distribute cloud computing network and a second GRE endpoint that has a publicly routable IP address of the origin router. A first computing device receives an IP packet from a client that is destined to an origin server. The first computing device processes the received IP packet and encapsulates the IP packet inside an outer packet to generate a GRE encapsulated packet whose source address is the first GRE endpoint and the destination address is the second GRE endpoint. The GRE encapsulated packet is transmitted over the GRE tunnel to the single origin router.