公开(公告)号：US20220070147A1

公开(公告)日：2022-03-03

申请号：US17008027

申请日：2020-08-31

Applicant: Equinix, Inc.

Inventor： Syed Hashim Iqbal ,  Muhammad Durrani

IPC: H04L29/06 ,  H04L12/46 ,  H04L12/66

Abstract: In one example, a method comprises receiving, by a computing device, configuration data defining: an external virtual domain for a network function, the external virtual domain connected to a public network and managed by a provider for the computing device; a virtual domain for the network function, the virtual domain separate from the external virtual domain, configured with a secure tunnel interface, connected to a customer network, and managed by a customer of the provider for the computing device; forwarding, by the external virtual domain implementing a route-based virtual private network, encrypted network traffic, received from the public network via a secure tunnel, to the secure tunnel interface configured in the virtual domain; decrypting, by the virtual domain, the encrypted network traffic to generate network traffic; and forwarding, by the virtual domain, the network traffic to the customer network.

公开(公告)号：US10893022B1

公开(公告)日：2021-01-12

申请号：US16228540

申请日：2018-12-20

Applicant: Equinix, Inc.

Inventor： Danjue Li ,  Muhammad Durrani ,  Chen Xi ,  Imam Sheikh

IPC: H04L29/06 ,  H04L12/745 ,  H04L29/08

Abstract: In one example, a method includes receiving, by a first network device via a routing protocol peering session with a peer router in a first autonomous system, a plurality of routing protocol routes to destination addresses, each routing protocol route specifying a network address prefix and an identifier of the autonomous system that originated the routing protocol route; receiving network address prefix ownership information from a distributed ledger storing a plurality of associations between respective network address prefixes and respective autonomous system identifiers of autonomous systems confirmed to own the respective network address prefixes; determining, based at least on the prefix ownership information, whether any of the plurality of routing protocol routes specifies an autonomous system identifier different than specified by the associations; and in response to determining that one of the routes specifies an autonomous system identifier different than specified by the plurality of associations, performing an action.

公开(公告)号：US11777899B1

公开(公告)日：2023-10-03

申请号：US17132986

申请日：2020-12-23

Applicant: Equinix, Inc.

Inventor： Muhammad Durrani ,  Syed Hashim Iqbal ,  Mustafa Arisoylu ,  Danjue Li ,  Rizwan Jamal

IPC: H04L61/5014 ,  H04L101/622

CPC classification number: H04L61/5014 ,  H04L2101/622

Abstract: In general, techniques are described for a hierarchical, distributed DHCP system for managing IP address assignment among distributed networks of computing devices. For example, a system may include a central DHCP server configured to manage a plurality of distributed DHCP servers, each distributed DHCP server configured to perform DHCP using IP addresses allocated from a common prefix for a tenant associated with computing devices managed by multiple DHCP servers. The central DHCP server allocates IP addresses to the distributed DHCP servers, e.g., on an on-demand basis from the common pool and may handle concurrent requests for IP addresses from distributed DHCP servers. Each of the distributed DHCP servers may store records for IP addresses and media access control (MAC) addresses for computing devices managed by that distributed DHCP server, and the DHCP servers may send these records to the central DHCP server to facilitate IP assignment coherency.

公开(公告)号：US11588731B1

公开(公告)日：2023-02-21

申请号：US17139606

申请日：2020-12-31

Applicant: Equinix, Inc.

Inventor： Juxiang Teng ,  Imam Sheikh ,  Muhammad Durrani

IPC: H04L45/586 ,  H04L45/00 ,  H04L61/2521 ,  H04L45/302 ,  H04L45/24

Abstract: In general, this disclosure describes a cloud exchange (or “cloud exchange”) that offers a cloud-to-cloud interface (CCI) for interconnecting cloud services to tenants within public clouds. As described herein, the cloud exchange may be configured with a cloud-to-cloud interface that enables tenant applications of a public cloud to subscribe to and communicate with cloud services, using an end-to-end layer 3 path, in some cases without requiring a separate routing protocol session with a public edge device for the public cloud. In some examples, the public cloud provides a virtual layer 2 connection from a tenant within a public cloud to a routing instance of the cloud exchange, and the cloud exchange uses the routing instance to route service traffic between the tenant and the cloud services.

公开(公告)号：US12095737B2

公开(公告)日：2024-09-17

申请号：US18152016

申请日：2023-01-09

Applicant: Equinix, Inc.

Inventor： Syed Hashim Iqbal ,  Muhammad Durrani

IPC: G06F21/53 ,  H04L9/40 ,  H04L12/46 ,  H04L12/66

CPC classification number: H04L63/0272 ,  H04L12/4633 ,  H04L12/66 ,  H04L63/0236 ,  H04L63/0263 ,  H04L63/0428

Abstract: In one example, a method comprises receiving, by a computing device, configuration data defining: an external virtual domain for a network function, the external virtual domain connected to a public network and managed by a provider for the computing device; a virtual domain for the network function, the virtual domain separate from the external virtual domain, configured with a secure tunnel interface, connected to a customer network, and managed by a customer of the provider for the computing device; forwarding, by the external virtual domain implementing a route-based virtual private network, encrypted network traffic, received from the public network via a secure tunnel, to the secure tunnel interface configured in the virtual domain; decrypting, by the virtual domain, the encrypted network traffic to generate network traffic; and forwarding, by the virtual domain, the network traffic to the customer network.

公开(公告)号：US11880705B2

公开(公告)日：2024-01-23

申请号：US18061731

申请日：2022-12-05

Applicant: Equinix, Inc.

Inventor： Syed Hashim Iqbal ,  Muhammad Durrani ,  Janardhana Achladi ,  Rizwan Jamal

IPC: G06F9/455 ,  H04L41/0803 ,  H04L41/0893 ,  H04L61/256 ,  H04L9/40 ,  H04L12/46

CPC classification number: G06F9/45558 ,  H04L12/4641 ,  H04L41/0803 ,  H04L41/0893 ,  H04L61/2571 ,  H04L63/0884 ,  H04L63/101 ,  H04L63/168 ,  G06F2009/45595

Abstract: Techniques for virtualized network functions (VNFs) that provide for domain isolation of networks coupled to the VNF are described. A virtual network function (VNF) includes a cloud virtual domain coupling the VNF to a cloud service, a management virtual domain coupling the VNF to a management service, and an external virtual domain having a public Internet Protocol (IP) address. The external virtual domain receives an authentication request providing access credentials for a VNF customer from a cloud client device, provides the authentication request to the management service via the management virtual domain, receives an authentication response from the management service, and, in response to determining that the VNF customer access credentials are valid, initiates application of a policy that allows the cloud client device to configure the cloud virtual domain or the cloud service and disallows configuration of the external virtual domain and the management virtual domain.

公开(公告)号：US11552930B2

公开(公告)日：2023-01-10

申请号：US17008027

申请日：2020-08-31

Applicant: Equinix, Inc.

Inventor： Syed Hashim Iqbal ,  Muhammad Durrani

IPC: H04L12/46 ,  G06F21/71 ,  H04L12/66 ,  H04L9/40

Abstract: In general, this disclosure describes techniques for using virtual domains. In one example, a method comprises receiving, by a computing device, configuration data defining: an external virtual domain for a network function, the external virtual domain connected to a public network and managed by a provider for the computing device; a virtual domain for the network function, the virtual domain separate from the external virtual domain, configured with a secure tunnel interface, connected to a customer network, and managed by a customer of the provider for the computing device; forwarding, by the external virtual domain implementing a route-based virtual private network, encrypted network traffic, received from the public network via a secure tunnel, to the secure tunnel interface configured in the virtual domain; decrypting, by the virtual domain, the encrypted network traffic to generate network traffic; and forwarding, by the virtual domain, the network traffic to the customer network.

公开(公告)号：US20210359948A1

公开(公告)日：2021-11-18

申请号：US17321229

申请日：2021-05-14

Applicant: Equinix, Inc.

Inventor： Muhammad Durrani ,  Rizwan Jamal ,  David McCullough ,  Muhammad Zeeshan Nasir Syed ,  Mithun Thai Valaphil ,  Sudhanva Gnaneshwar ,  Vivek Bansal

IPC: H04L12/813 ,  H04L29/08 ,  H04L12/66

Abstract: In an example, a system includes a first cloud exchange network for a first cloud exchange, the first cloud exchange network located within a first data center and configured with a first dedicated virtual gateway, the first dedicated virtual gateway configured to interface with a first virtual connector to a customer network, with a second virtual connector to a first cloud service provider (CSP) network, and with a third virtual connector to a second CSP network. Network traffic among the customer network, the first CSP network, and the second CSP network is routed through the first dedicated virtual gateway. The first dedicated virtual gateway dynamically polices the network traffic based on an aggregate bandwidth subscription configured in the first cloud exchange network that limits a total bandwidth that may be used over the first cloud exchange network between the customer network, the first CSP network, and the second CSP network.

公开(公告)号：US20210084068A1

公开(公告)日：2021-03-18

申请号：US17009283

申请日：2020-09-01

Applicant: Equinix, Inc.

Inventor： Juxiang Teng ,  Muhammad Durrani ,  Rupinder Singh Randhawa

IPC: H04L29/06 ,  H04L12/46 ,  H04L12/733 ,  H04L12/66

Abstract: The techniques described in this disclosure provide resilient and reactive on-demand Distributed Denial-of-Service (DDoS) mitigation services using an exchange. For example, an exchange comprises a first virtual network for switching mixed traffic (including dirty (DDoS) traffic and clean (non-DDoS) traffic)) from one or more networks to one or more DDoS scrubbing centers; and a second virtual network for switching the clean traffic from the one or more DDoS scrubbing centers to the one or more networks, wherein the exchange is configured to receive the mixed traffic from the one or more networks and switch, using the first virtual network, the mixed traffic to a selected DDoS scrubbing center of the one or more DDoS scrubbing centers, and wherein the exchange is configured to receive the clean traffic from the selected DDoS scrubbing center and switch, using the second virtual network, the clean traffic to the one or more networks.

公开(公告)号：US12120128B1

公开(公告)日：2024-10-15

申请号：US16945089

申请日：2020-07-31

Applicant: Equinix, Inc.

Inventor： Syed Hashim Iqbal ,  Muhammad Durrani

IPC: H04L29/06 ,  G06N5/04 ,  G06N20/00 ,  H04L9/40 ,  H04L45/02 ,  H04L67/141

CPC classification number: H04L63/126 ,  G06N5/04 ,  G06N20/00 ,  H04L45/02 ,  H04L63/101 ,  H04L67/141

Abstract: In general, techniques are described for distributed route and packet flow evaluation within a cloud exchange fabric. In some examples, a routing engine is operative to: establish sessions between a first network and a second network to exchange message data identifying destinations in the second network; and verify routing information comprising routes from endpoints in the first network to the destinations based upon the message data, including, for each route of the routes: evaluating a source or a destination for indicia of illegitimate origination, and in response to detecting an illegitimate endpoint at the at least one of a source or a destination based upon identifying one or more of the indicia of illegitimate origination, dropping a corresponding route from the routing information.