公开(公告)号：US11968269B1

公开(公告)日：2024-04-23

申请号：US18186019

申请日：2023-03-17

Applicant: Netskope, Inc.

Inventor： Parag Pritam Thakore ,  Sunil Mukundan ,  Anupam Rai

IPC: H04L67/141 ,  H04L12/46 ,  H04L45/02

CPC classification number: H04L67/141 ,  H04L12/4645 ,  H04L45/04

Abstract: A multi-tenant cloud native system for providing network connections between a plurality of gateway endpoints using tags and secure tunnels. The system includes an end-user device, a cloud control plane, and a cloud provider. The end-user device includes a client endpoint providing a request for establishing a network connection with a service endpoint of the gateway endpoint. Zones and tenants are identified from the request. Tags are assigned to the gateway endpoints in the network based on a tag policy. Connectivity of the tags and tunnels between the gateway endpoint are identified from network traffic of devices corresponding to the gateway endpoints. A database of devices with device addresses is identified to determine routes between the gateway endpoints. A secure tunnel is determined from the plurality of tunnels based on the tags corresponding to the tenant and the network connection is established via the secure tunnel using the routes.

公开(公告)号：US20240333626A1

公开(公告)日：2024-10-03

申请号：US18587699

申请日：2024-02-26

Applicant: Netskope, Inc.

Inventor： Parag Pritam Thakore ,  Sunil Mukundan ,  Anupam Rai

IPC: H04L45/02 ,  H04L12/46

CPC classification number: H04L45/02 ,  H04L12/4633

Abstract: A method for providing data exchange using secure tunnel in a multi-tenant cloud native control plane system. A request is received by cloud control plane for accessing data. The cloud control plane provisions network connection to service endpoint at cloud provider for providing access using data plane and control plane. The control plane identifies routing information of network traffic from multiple end-user devices to establish the connection. Resiliency of the network is identified based on control plane or data plane failure and maintains the connection. Network patterns are identified for network traffic. These patterns are used by the cloud control plane to determine network policy for data access and routing. The secure tunnel is chosen from multiple tunnels based on the network policy, routing information. Data packets are forwarded by the data plane on the secure tunnel and data access is provided to the client endpoint using the secure tunnel.

公开(公告)号：US11916775B1

公开(公告)日：2024-02-27

申请号：US18185967

申请日：2023-03-17

Applicant: Netskope, Inc.

Inventor： Parag Pritam Thakore ,  Sunil Mukundan ,  Anupam Rai

IPC: H04L45/02 ,  H04L12/46

CPC classification number: H04L45/02 ,  H04L12/4633

Abstract: A control plane system for providing data exchange between a plurality of gateway endpoints using a secure tunnel between the gateway endpoints. The system includes an end-user device, a cloud control plane, and a cloud provider. The end-user device includes a client endpoint providing a request for accessing data using a gateway device by sending data packets. The cloud control plane uses a data plane and a control plane for provisioning the request. The control plane is isolated from the data plane. Routing information of network traffic is received, a tenant associated with the request is identified and isolated. A network policy associated with the access to the data is identified based on the network patterns. The network policy specifies routing for access to the data and the secure tunnel. The access to the data is provided from the cloud provider to the client endpoint on the gateway device.

公开(公告)号：US20240348691A1

公开(公告)日：2024-10-17

申请号：US18642616

申请日：2024-04-22

Applicant: Netskope, Inc.

Inventor： Parag Pritam Thakore ,  Sunil Mukundan ,  Anupam Rai

IPC: H04L67/141 ,  H04L12/46 ,  H04L45/02

CPC classification number: H04L67/141 ,  H04L12/4645 ,  H04L45/04

Abstract: A multi-tenant cloud native system for providing network connections between a plurality of gateway endpoints using prioritized tags and secure tunnels. An end-user device includes a client endpoint for sending a request to a cloud control plane for establishing a network connection with a service endpoint of the gateway endpoint. Tags are assigned to the gateway endpoints in the network and are classified into one or more categories based on tag policies. One or more tags are prioritized for network connection in a prioritizing order. Connectivity of the tags and tunnels between the gateway endpoint are identified from network traffic of devices corresponding to the gateway endpoints. A database of devices with device addresses is identified to determine routes between the gateway endpoints. A secure tunnel is determined from the tunnels based on the tags and the network connection is established via the secure tunnel using the routes.