公开(公告)号：US20230239266A1

公开(公告)日：2023-07-27

申请号：US17581357

申请日：2022-01-21

Applicant: Google LLC

Inventor： Mukta Gupta ,  Alok Kumar ,  Gargi Adhav ,  Yuquan Jiang ,  Aakash Bhushan Arora ,  Shijeesh Nharappadath Sankaranathan ,  Marco Leogrande ,  Salomon Sonny Ben-Shimon

IPC: H04L61/256 ,  H04L61/5007 ,  H04L61/2517 ,  G06F9/455

CPC classification number: H04L61/256 ,  H04L61/2007 ,  H04L61/2517 ,  G06F9/45558 ,  G06F2009/45595 ,  G06F2009/4557

Abstract: Aspects of the disclosure provide for a proxyless NAT infrastructure with dynamic port allocation. A proxyless NAT infrastructure is configured to perform NAT between a network of virtual machines (VMs) and a device external to the network, without a device, such as a NAT server or a router, acting as a proxy. A system can include a control plane for provisioning VMs of a network, including configuring each VM to perform NAT and initially assigning a number of ports for communicating with other devices. The control plane maintains a feedback loop—receiving data characterizing port usage and network traffic at ports allocated to the various VMs and scaling the port allocation for each VM based on the received data. The control plane can allocate additional ports as determined to be needed by a VM, and later retrieve the ports to be reused for other VMs.

公开(公告)号：US11799822B2

公开(公告)日：2023-10-24

申请号：US17581357

申请日：2022-01-21

Applicant: Google LLC

Inventor： Mukta Gupta ,  Alok Kumar ,  Gargi Adhav ,  Yuquan Jiang ,  Aakash Bhushan Arora ,  Shijeesh Nharappadath Sankaranathan ,  Marco Leogrande ,  Salomon Sonny Ben-Shimon

IPC: H04L61/256 ,  G06F9/455 ,  H04L61/2517 ,  H04L61/5007

CPC classification number: H04L61/256 ,  G06F9/45558 ,  H04L61/2517 ,  H04L61/5007 ,  G06F2009/4557 ,  G06F2009/45595

Abstract: Aspects of the disclosure provide for a proxyless NAT infrastructure with dynamic port allocation. A proxyless NAT infrastructure is configured to perform NAT between a network of virtual machines (VMs) and a device external to the network, without a device, such as a NAT server or a router, acting as a proxy. A system can include a control plane for provisioning VMs of a network, including configuring each VM to perform NAT and initially assigning a number of ports for communicating with other devices. The control plane maintains a feedback loop-receiving data characterizing port usage and network traffic at ports allocated to the various VMs and scaling the port allocation for each VM based on the received data. The control plane can allocate additional ports as determined to be needed by a VM, and later retrieve the ports to be reused for other VMs.

公开(公告)号：US20230269229A1

公开(公告)日：2023-08-24

申请号：US17679814

申请日：2022-02-24

Applicant: Google LLC

Inventor： Ujjwal Jain ,  Yuquan Jiang ,  Ines Clara Envid Lazaro ,  Rodney Chu ,  Uday Ramakrishna Naik

IPC: H04L9/40

CPC classification number: H04L63/0263 ,  H04L63/105 ,  H04L63/20

Abstract: Methods, systems, and apparatus include computer programs encoded on a computer-readable storage medium for firewall policies with improved efficiency. A policy can be defined that specifies a set of firewall rules, where the set of firewall rules provides a respective firewall rule for each layer of a plurality of layers within a hierarchical structure of a network, the network including a plurality of elements. Determining, for a first element within the network, a position within a first layer of the hierarchical structure. In response to receiving a data transmission request to or from the first element, applying the set of firewall rules in accordance with the first layer of the hierarchical structure, where applying the set of firewall rules comprises sequentially applying each respective firewall rule at each layer from an upper layer within the network to the first layer within the network.