公开(公告)号：US08356346B2

公开(公告)日：2013-01-15

申请号：US13016967

申请日：2011-01-29

申请人： Sanchaita Datta ,  Bhaskar Ragula

发明人： Sanchaita Datta ,  Bhaskar Ragula

IPC分类号： G06F15/16

CPC分类号： H04L63/0428 ,  H04L63/164

摘要： To help maintain secure and convenient connectivity for users when IP addresses change, devices connected between sites by using multiple virtual private network security associations update one another when the security association IP addresses change. The device whose WAN interface IP address changed transmits an address change notification message to the other device over a WAN interface whose IP address did not change. The message indicates which IP address(es) changed and new value(s) to use. The devices can then continue the same secure virtual private network session (from a user point of view above the security association level) by using the new value(s) for the changed IP address(es). Use of the new value for the changed IP address is transparent to (unseen by) VPN applications that are running in the LANs. IPSec sessions and load balancing may be provided.

摘要翻译： 为了在IP地址更改时为用户维护安全，方便的连接，当安全关联IP地址发生变化时，使用多个虚拟专用网络安全关联的站点之间连接的设备会相互更新。 其WAN接口IP地址更改的设备通过IP地址未更改的WAN接口向其他设备发送地址更改通知消息。 该消息指示哪些IP地址已更改和要使用的新值。 然后，设备可以通过使用改变的IP地址的新值来继续相同的安全虚拟专用网络会话（从安全关联级上方的用户角度）。 对于更改的IP地址使用新值对于在LAN中运行的VPN应用程序是透明的（看不见）。 可以提供IPSec会话和负载平衡。

公开(公告)号：US10164822B2

公开(公告)日：2018-12-25

申请号：US15216499

申请日：2016-07-21

申请人： FatPipe, Inc.

发明人： Sanchaita Datta ,  Bhaskar Ragula ,  Sankhadip Sengupta

IPC分类号： H04W4/00 ,  H04B7/00 ,  H04L12/24 ,  H04L12/803 ,  H04L29/12 ,  H04L29/06

摘要： Failover controllers help maintain user-perceived continuous connectivity for users of a geographically dispersed flat network when part of that network becomes unavailable, even though flat network packets are not WAN-routable. One such controller has local and remote flat network ports, at least one WAN port, and failover capability to WAN(s) utilizing encapsulation when the flat network is partially or fully unavailable. The failover procedure uses a packet origin table built automatically from incoming packets and from double-tunneled ARP requests. A monitor indicates whether the flat network is fully available (up) or not fully available (down). Controller software updates the packet origin table, and directs packets between ports depending on flatnet status, the packet origin table's content, and any packet handling enhancements such as load balancing, affinity enforcement, quality of service maintenance, packet traffic shaping, packet policy application, firewall operation, reverse firewall operation, encryption/decryption, and/or compression/decompression.

公开(公告)号：US10965649B2

公开(公告)日：2021-03-30

申请号：US15338341

申请日：2016-10-29

申请人： FatPipe, Inc.

发明人： Sanchaita Datta ,  Bhaskar Ragula ,  Xiaoxiong Fan ,  Sankhadip Sengupta

IPC分类号： H04L29/06

摘要： Instead of specifying actual transport layer IP addresses as a basis for a secure tunnel's security association, an approach described herein specifies virtual addresses. Then suitable network appliances intercept and modify packets in order to map between the virtual addresses and actual addresses. The virtual addresses satisfy IPsec or another authentication procedure that checks packets using the security association. The actual addresses are used by transport layer protocols. This overlay approach permits a session to failover from one network connection to another without requiring restoration of the session in a newly created secure tunnel after one of the network interfaces becomes unavailable, thereby obsoleting the security association based in part on the IP address of the now unavailable interface. This innovative approach also allows the use of parallel paths and the use of one-to-many or many-to-one path topologies, which would otherwise not be permitted.

公开(公告)号：US10819536B1

公开(公告)日：2020-10-27

申请号：US16439555

申请日：2019-06-12

申请人： FatPipe, Inc.

发明人： Sanchaita Datta ,  Bhaskar Ragula ,  Xiaoxiong Fan ,  Sankhadip Sengupta

IPC分类号： H04L12/46

摘要： Tools and technologies geographically extend local area networks by transparently inserting transmission of encapsulated local area network frames over wide area network connections. Some devices receive frames from a switch or other physically addressed device using layer 2 protocols, encapsulate them, and send them over a wide area network to a similar remote device which decapsulates the frames and forwards them using layer 2 protocols. Load balancing, quality of service, compression, encryption, and other packet processing may be performed on the encapsulated packets.

公开(公告)号：US10374830B1

公开(公告)日：2019-08-06

申请号：US15648734

申请日：2017-07-13

申请人： FatPipe, Inc.

发明人： Sanchaita Datta ,  Bhaskar Ragula ,  Xiaoxiong Fan ,  Sankhadip Sengupta

IPC分类号： H04L12/46

摘要： Tools and technologies geographically extend local area networks by transparently inserting transmission of encapsulated local area network frames over wide area network connections. Some devices receive frames from a switch or other physically addressed device using layer 2 protocols, encapsulate them, and send them over a wide area network to a similar remote device which decapsulates the frames and forwards them using layer 2 protocols. Load balancing, quality of service, compression, encryption, and other packet processing may be performed on the encapsulated packets.

公开(公告)号：US08780811B1

公开(公告)日：2014-07-15

申请号：US14172708

申请日：2014-02-04

申请人： FatPipe, Inc.

发明人： Sanchaita Datta ,  Bhaskar Ragula ,  Sankhadip Sengupta

IPC分类号： H04W4/00 ,  H04B7/00 ,  H04L12/24

CPC分类号： H04L41/0654 ,  H04L41/0659 ,  H04L47/125 ,  H04L61/103 ,  H04L61/2592 ,  H04L63/0428

摘要： Failover controllers help maintain user-perceived continuous connectivity for users of a geographically dispersed flat network when part of that network becomes unavailable, even though flat network packets are not WAN-routable. One such controller has local and remote flat network ports, at least one WAN port, and failover capability to WAN(s) utilizing encapsulation when the flat network is partially or fully unavailable. The failover procedure uses a packet origin table built automatically from incoming packets and from double-tunneled ARP requests. A monitor indicates whether the flat network is fully available (up) or not fully available (down). Controller software updates the packet origin table, and directs packets between ports depending on flatnet status, the packet origin table's content, and any packet handling enhancements such as load balancing, affinity enforcement, quality of service maintenance, packet traffic shaping, packet policy application, firewall operation, reverse firewall operation, encryption/decryption, and/or compression/decompression.

摘要翻译： 故障转移控制器有助于在部分网络变得不可用时，维护用户感知到的地理上分散的平面网络的用户的连续连接，即使平坦的网络数据包不能WAN可路由。 一个这样的控制器具有本地和远程平面网络端口，至少一个WAN端口，以及当扁平网络部分或完全不可用时利用封装的WAN的故障切换能力。 故障切换过程使用从传入数据包和双隧道ARP请求自动构建的数据包原始表。 监视器指示扁平网络是否完全可用（向上）还是不完全可用（向下）。 控制器软件更新数据包原始表，并根据平面网络状态，数据包原始表的内容以及任何数据包处理增强功能，如负载平衡，亲和力强制，服务质量维护，数据包流量整形，数据包策略应用， 防火墙操作，反向防火墙操作，加密/解密和/或压缩/解压缩。