公开(公告)号：US20220400166A1

公开(公告)日：2022-12-15

申请号：US17893003

申请日：2022-08-22

Applicant: CLOUDFLARE, INC.

Inventor： Christopher Philip Branch ,  Naga Sunil Tripirineni ,  Rustam Xing Lalkaka ,  Nick Wondra ,  Mohd Irtefa ,  Matthew Browning Prince ,  Andrew Taylor Plunk ,  Oliver Yu ,  Vlad Krasnov

IPC: H04L67/63 ,  H04L9/40 ,  H04L67/10 ,  H04L12/46

Abstract: A request is received from a client device over a Virtual Private Network (VPN) tunnel. The request is received at a first one of a plurality of edge servers of a distributed cloud computing network. A destination of the request is determined and an optimized route for transmitting the request toward an origin server is determined. The optimized route is based at least in part on probe data between edge servers of the distributed cloud computing network. The request is transmitted to a next hop as defined by the optimized route.

公开(公告)号：US20220006671A1

公开(公告)日：2022-01-06

申请号：US17481177

申请日：2021-09-21

Applicant: CLOUDFLARE, INC.

Inventor： Nicholas Alexander Wondra ,  Achiel Paul van der Mandele ,  Alexander Forster ,  Eric Reeves ,  Joaquin Madruga ,  Rustam Xing Lalkaka ,  Marek Przemyslaw Majkowski

IPC: H04L12/46 ,  H04L29/12

Abstract: A GRE tunnel is configured between multiple computing devices of a distributed cloud computing network and a single origin router of the origin network. The GRE tunnel has a first GRE endpoint that has an IP address that is shared among the computing devices of the distribute cloud computing network and a second GRE endpoint that has a publicly routable IP address of the origin router. A first computing device receives an IP packet from a client that is destined to an origin server. The first computing device processes the received IP packet and encapsulates the IP packet inside an outer packet to generate a GRE encapsulated packet whose source address is the first GRE endpoint and the destination address is the second GRE endpoint. The GRE encapsulated packet is transmitted over the GRE tunnel to the single origin router.

公开(公告)号：US20210051044A1

公开(公告)日：2021-02-18

申请号：US16993181

申请日：2020-08-13

Applicant: CLOUDFLARE, INC.

Inventor： Nicholas Alexander Wondra ,  Achiel Paul van der Mandele ,  Alexander Forster ,  Eric Reeves ,  Joaquin Madruga ,  Rustam Xing Lalkaka ,  Marek Przemyslaw Majkowski

IPC: H04L12/46 ,  H04L29/12

Abstract: A GRE tunnel is configured between multiple computing devices of a distributed cloud computing network and a single origin router of the origin network. The GRE tunnel has a first GRE endpoint that has an IP address that is shared among the computing devices of the distribute cloud computing network and a second GRE endpoint that has a publicly routable IP address of the origin router. A first computing device receives an IP packet from a client that is destined to an origin server. The first computing device processes the received IP packet and encapsulates the IP packet inside an outer packet to generate a GRE encapsulated packet whose source address is the first GRE endpoint and the destination address is the second GRE endpoint. The GRE encapsulated packet is transmitted over the GRE tunnel to the single origin router.

公开(公告)号：US12028434B2

公开(公告)日：2024-07-02

申请号：US17734944

申请日：2022-05-02

Applicant: CLOUDFLARE, INC.

Inventor： Alex Krivit ,  Rustam Xing Lalkaka ,  Samantha Aki Shugaeva ,  Edward H. Wang ,  Yuchen Wu

IPC: H04L67/5681

CPC classification number: H04L67/5681

Abstract: An intermediary server receives a request from a client that identifies an asset that is handled by an origin server. The intermediary server generates an informational response that includes one or more link header fields that reference one or more pieces of content respectively that are predicted by the intermediary server to be linked within a final response for the asset. The intermediary server transmits the generated informational response to the client prior to a final response for the request. The intermediary server transmits the request to the origin server and receives a final response to the request. The intermediary server transmits the final response to the request to the client.

公开(公告)号：US20240129273A1

公开(公告)日：2024-04-18

申请号：US18392521

申请日：2023-12-21

Applicant: CLOUDFLARE, INC.

Inventor： Marek Przemyslaw Majkowski ,  Braden Michael Ehrat ,  Sergi Isasi ,  Dane Orion Knecht ,  Dina Kozlov ,  Rustam Xing Lalkaka ,  Eric Reeves ,  Oliver Zi-gang Yu

IPC: H04L61/5007

CPC classification number: H04L61/5007

Abstract: A map of IP addresses of a distributed cloud computing network to one or more groupings is stored. The IP addresses are anycast IP addresses for which compute servers of the distributed cloud computing network share. These IP addresses are to be used as source IP addresses when transmitting traffic to destinations external to the cloud computing network. The map is made available to external destinations. Traffic is received at the distributed cloud computing network that is destined to an external destination. An IP address is selected based on the characteristic(s) applicable for the traffic and the map. The distributed cloud computing network transmits the traffic to the external destination using the selected IP address.

公开(公告)号：US11882199B2

公开(公告)日：2024-01-23

申请号：US17893003

申请日：2022-08-22

Applicant: CLOUDFLARE, INC.

Inventor： Christopher Philip Branch ,  Naga Sunil Tripirineni ,  Rustam Xing Lalkaka ,  Nick Wondra ,  Mohd Irtefa ,  Matthew Browning Prince ,  Andrew Taylor Plunk ,  Oliver Yu ,  Vlad Krasnov

IPC: H04L67/10 ,  H04L12/46 ,  H04L29/06 ,  H04L9/32 ,  H04L67/63 ,  H04L9/40

CPC classification number: H04L67/63 ,  H04L12/4633 ,  H04L12/4641 ,  H04L63/0272 ,  H04L67/10

Abstract: A request is received from a client device over a Virtual Private Network (VPN) tunnel. The request is received at a first one of a plurality of edge servers of a distributed cloud computing network. A destination of the request is determined and an optimized route for transmitting the request toward an origin server is determined. The optimized route is based at least in part on probe data between edge servers of the distributed cloud computing network. The request is transmitted to a next hop as defined by the optimized route.

公开(公告)号：US20220417211A1

公开(公告)日：2022-12-29

申请号：US17903828

申请日：2022-09-06

Applicant: CLOUDFLARE, INC.

Inventor： Marek Przemyslaw Majkowski ,  Braden Michael Ehrat ,  Sergi Isasi ,  Dane Orion Knecht ,  Dina Kozlov ,  Rustam Xing Lalkaka ,  Eric Reeves ,  Oliver Zi-gang Yu

IPC: H04L61/5007

Abstract: A map of IP addresses of a distributed cloud computing network to one or more groupings is stored. The IP addresses are anycast IP addresses for which compute servers of the distributed cloud computing network share. These IP addresses are to be used as source IP addresses when transmitting traffic to destinations external to the cloud computing network. The map is made available to external destinations. Traffic is received at the distributed cloud computing network that is destined to an external destination. An IP address is selected based on the characteristic(s) applicable for the traffic and the map. The distributed cloud computing network transmits the traffic to the external destination using the selected IP address.

公开(公告)号：US20210281584A1

公开(公告)日：2021-09-09

申请号：US16810187

申请日：2020-03-05

Applicant: CLOUDFLARE, INC.

Inventor： Jonathan Philip Levine ,  Rustam Xing Lalkaka ,  Evan Johnson

IPC: H04L29/06 ,  H04L29/08

Abstract: An edge server receives a request from a client network application for a web page hosted at an origin server. The edge server transmits the requested web page in a response. The edge server accesses an edge server request log to retrieve a log entry associated with the request for the web page, where the log entry associated with the request for the web page includes information regarding the request and the response. The edge server retrieves one or more characteristics of an asset of the web page, where each characteristics has an expected value. The edge server determines whether the origin server is compromised when a value for a characteristic is not within a threshold range of the expected value for the characteristic of the asset and performs a mitigation action in response.

公开(公告)号：US20240179026A1

公开(公告)日：2024-05-30

申请号：US18434031

申请日：2024-02-06

Applicant: CLOUDFLARE, INC.

Inventor： Nicholas Alexander Wondra ,  Achiel Paul van der Mandele ,  Alexander Forster ,  Eric Reeves ,  Joaquin Madruga ,  Rustam Xing Lalkaka ,  Marek Przemyslaw Majkowski

IPC: H04L12/46 ,  H04L101/618

CPC classification number: H04L12/4633 ,  H04L2101/618

Abstract: A GRE tunnel is configured between multiple computing devices of a distributed cloud computing network and a single origin router of the origin network. The GRE tunnel has a first GRE endpoint that has an IP address that is shared among the computing devices of the distribute cloud computing network and a second GRE endpoint that has a publicly routable IP address of the origin router. A first computing device receives an IP packet from a client that is destined to an origin server. The first computing device processes the received IP packet and encapsulates the IP packet inside an outer packet to generate a GRE encapsulated packet whose source address is the first GRE endpoint and the destination address is the second GRE endpoint. The GRE encapsulated packet is transmitted over the GRE tunnel to the single origin router.

公开(公告)号：US11894947B2

公开(公告)日：2024-02-06

申请号：US18067713

申请日：2022-12-18

Applicant: CLOUDFLARE, INC.

Inventor： Nicholas Alexander Wondra ,  Achiel Paul van der Mandele ,  Alexander Forster ,  Eric Reeves ,  Joaquin Madruga ,  Rustam Xing Lalkaka ,  Marek Przemyslaw Majkowski

IPC: H04L12/46 ,  H04L101/618

CPC classification number: H04L12/4633 ,  H04L2101/618

Abstract: A GRE tunnel is configured between multiple computing devices of a distributed cloud computing network and a single origin router of the origin network. The GRE tunnel has a first GRE endpoint that has an IP address that is shared among the computing devices of the distribute cloud computing network and a second GRE endpoint that has a publicly routable IP address of the origin router. A first computing device receives an IP packet from a client that is destined to an origin server. The first computing device processes the received IP packet and encapsulates the IP packet inside an outer packet to generate a GRE encapsulated packet whose source address is the first GRE endpoint and the destination address is the second GRE endpoint. The GRE encapsulated packet is transmitted over the GRE tunnel to the single origin router.