公开(公告)号：US20230308421A1

公开(公告)日：2023-09-28

申请号：US18197090

申请日：2023-05-14

申请人： Nicira, Inc.

发明人： Ajit Ramachandra Mayya ,  Parag Pritam Thakore ,  Stephen Craig Connors ,  Steven Michael Woo ,  Sunil Mukudan ,  Thomas Harold Speeter

IPC分类号： H04L9/40 ,  H04L12/66 ,  H04L12/46 ,  H04L45/42 ,  H04L49/35

CPC分类号： H04L63/0272 ,  H04L12/66 ,  H04L12/4633 ,  H04L12/4641 ,  H04L63/029 ,  H04L45/42 ,  H04L49/35 ,  H04L63/0281 ,  H04L67/10

摘要： In one aspect, a computerized system useful for implementing a virtual private network (VPN) including an edge device that automatically establishes an Internet Protocol Security (IPsec) tunnel alongside an unsecure Multipath Protocol (MP) tunnel with a gateway device in preparation for a transmission of a secure traffic communication. The edge device has a list of local subnets. The edge device sends the list of local subnets to the gateway during an initial MP tunnel establishment handshake message exchange between the edge device and the gateway device. Each subnet includes an indication of whether the subnet is reachable over the VPN. A gateway device that automatically establishes the IPsec tunnel alongside the unsecure MP tunnel with the edge device. An enterprise datacenter server that comprises an orchestrator module that receives a toggle the VPN command and enables the VPN on the orchestrator. The orchestrator informs the edge device the list of subnets is accessible over the VPN causing the edge device to update the gateway device with a new list of subnets of the edge device that accessible over the VPN.

公开(公告)号：US20220337553A1

公开(公告)日：2022-10-20

申请号：US17850112

申请日：2022-06-27

申请人： Nicira, Inc.

发明人： Ajit Ramachandra Mayya ,  Parag Pritam Thakore ,  Stephen Craig Connors ,  Alex Kompel ,  Thomas Harold Speeter

IPC分类号： H04L9/40 ,  H04L67/10 ,  H04L45/24 ,  H04L12/66 ,  H04L45/42 ,  H04L45/64 ,  H04L49/35 ,  H04L67/01

摘要： In one aspect, a computerized system useful for implementing a cloud-based multipath routing protocol to an Internet endpoint includes an edge device that provides an entry point into an entity's core network. The entity's core network includes a set of resources to be reliably accessed. The computerized system includes a cloud-edge device instantiated in a public-cloud computing platform. The cloud-edge device joins a same virtual routing and forwarding table as the edge device. The cloud-edge device receives a set of sources and destinations of network traffic that are permitted to access the edge device and the set of resources

公开(公告)号：US11677720B2

公开(公告)日：2023-06-13

申请号：US17068603

申请日：2020-10-12

申请人： Nicira, Inc.

发明人： Ajit Ramachandra Mayya ,  Parag Pritam Thakore ,  Stephen Craig Connors ,  Steven Michael Woo ,  Sunil Mukundan ,  Thomas Harold Speeter

IPC分类号： H04L9/40 ,  H04L12/66 ,  H04L12/46 ,  H04L45/42 ,  H04L49/35 ,  H04L67/10 ,  G06N20/00

CPC分类号： H04L63/0272 ,  H04L12/4633 ,  H04L12/4641 ,  H04L12/66 ,  H04L45/42 ,  H04L49/35 ,  H04L63/029 ,  H04L63/0281 ,  G06N20/00 ,  H04L67/10

摘要： In one aspect, a computerized system useful for implementing a virtual private network (VPN) including an edge device that automatically establishes an Internet Protocol Security (IPsec) tunnel alongside an unsecure Multipath Protocol (MP) tunnel with a gateway device in preparation for a transmission of a secure traffic communication. The edge device has a list of local subnets. The edge device sends the list of local subnets to the gateway during an initial MP tunnel establishment handshake message exchange between the edge device and the gateway device. Each subnet includes an indication of whether the subnet is reachable over the VPN. A gateway device that automatically establishes the IPsec tunnel alongside the unsecure MP tunnel with the edge device. An enterprise datacenter server that comprises an orchestrator module that receives a toggle the VPN command and enables the VPN on the orchestrator. The orchestrator informs the edge device the list of subnets is accessible over the VPN causing the edge device to update the gateway device with a new list of subnets of the edge device that accessible over the VPN.

公开(公告)号：US20210328835A1

公开(公告)日：2021-10-21

申请号：US17361292

申请日：2021-06-28

申请人： Nicira, Inc.

发明人： Ajit Ramachandra Mayya ,  Parag Pritam Thakore ,  Stephen Craig Connors ,  Steven Michael Woo ,  Sunil Mukundan ,  Thomas Harold Speeter ,  Vipin Kumar

IPC分类号： H04L12/66 ,  H04L29/08 ,  H04L12/851 ,  H04L12/715 ,  H04L12/24 ,  H04L12/26 ,  H04L12/751

摘要： In one aspect, A computerized method of a gateway distributing routes learned through routing protocols (RP) into a Border Gateway Protocol (BGP) includes the step of providing a first gateway that receives a route over a routing protocol. The method includes the step of with the first gateway, redistributing the route to one or more peer routers as a BGP route based on one or more specified criteria. The method includes the step of setting a gateway precedence based on the redistribution of the route to the one or more peer routers as the BGP route. The method includes the step of, based on the gateway precedence, setting a second gateway to automatically redistribute the route with different priorities to influence steering of traffic to a preferred gateway.

公开(公告)号：US20210029088A1

公开(公告)日：2021-01-28

申请号：US17068603

申请日：2020-10-12

申请人： Nicira, Inc.

发明人： Ajit Ramachandra Mayya ,  Parag Pritam Thakore ,  Stephen Craig Connors ,  Steven Michael Woo ,  Sunil Mukundan ,  Thomas Harold Speeter

IPC分类号： H04L29/06 ,  H04L12/66 ,  H04L12/46 ,  H04L12/717 ,  H04L12/931

摘要： In one aspect, a computerized system useful for implementing a virtual private network (VPN) including an edge device that automatically establishes an Internet Protocol Security (IPsec) tunnel alongside an unsecure Multipath Protocol (MP) tunnel with a gateway device in preparation for a transmission of a secure traffic communication. The edge device has a list of local subnets. The edge device sends the list of local subnets to the gateway during an initial MP tunnel establishment handshake message exchange between the edge device and the gateway device. Each subnet includes an indication of whether the subnet is reachable over the VPN. A gateway device that, automatically establishes the IPsec tunnel alongside the unsecure MP tunnel with the edge device. An enterprise datacenter server that comprises an orchestrator module that receives a toggle the VPN command and enables the VPN on the orchestrator. The orchestrator informs the edge device the list of subnets is accessible over the VPN causing the edge device to update the gateway device with a new list of subnets of the edge device that accessible over the VPN.

公开(公告)号：US20200014661A1

公开(公告)日：2020-01-09

申请号：US16576751

申请日：2019-09-19

申请人： Nicira, Inc.

发明人： Ajit Ramachandra Mayya ,  Parag Pritam Thakore ,  Stephen Craig Connors ,  Alex Kompel ,  Thomas Harold Speeter

IPC分类号： H04L29/06 ,  H04L29/08 ,  H04L12/707 ,  H04L12/66 ,  H04L12/717 ,  H04L12/715 ,  H04L12/931

摘要： In one aspect, a computerized system useful for implementing a cloud-based multipath routing protocol to an Internet endpoint includes an edge device that provides an entry point into an entity's core network. The entity's core network includes a set of resources to be reliably accessed. The computerized system includes a cloud-edge device instantiated in a public-cloud computing platform. The cloud-edge device joins a same virtual routing and forwarding table as the edge device. The cloud-edge device receives a set of sources and destinations of network traffic that are permitted to access the edge device and the set of resources.

公开(公告)号：US10135789B2

公开(公告)日：2018-11-20

申请号：US15097282

申请日：2016-04-12

申请人： Nicira, Inc.

发明人： Ajit Ramachandra Mayya ,  Parag Pritam Thakore ,  Stephen Craig Connors ,  Steven Michael Woo ,  Sunil Mukundan ,  Thomas Harold Speeter

IPC分类号： H04L29/06 ,  H04L12/66 ,  H04L12/46 ,  H04L12/717 ,  H04L12/931 ,  H04L29/08 ,  G06N99/00

摘要： In one aspect, a computerized system useful for implementing a virtual private network (VPN) including an edge device that automatically establishes an Internet Protocol Security (IPsec) tunnel alongside an unsecure Multipath Protocol (MP) tunnel with a gateway device in preparation for a transmission of a secure traffic communication. The edge device has a list of local subnets. The edge device sends the list of local subnets to the gateway during an initial MP tunnel establishment handshake message exchange between the edge device and the gateway device. Each subnet includes an indication of whether the subnet is reachable over the VPN. A gateway device that automatically establishes the IPsec tunnel alongside the unsecure MP tunnel with the edge device. An enterprise datacenter server that comprises an orchestrator module that receives a toggle the VPN command and enables the VPN on the orchestrator. The orchestrator informs the edge device the list of subnets is accessible over the VPN causing the edge device to update the gateway device with a new list of subnets of the edge device that accessible over the VPN.

公开(公告)号：US20240048408A1

公开(公告)日：2024-02-08

申请号：US18382311

申请日：2023-10-20

申请人： Nicira, Inc.

发明人： Ajit Ramachandra Mayya ,  Parag Pritam Thakore ,  Stephen Craig Connors ,  Steven Michael Woo ,  Sunil Mukundan ,  Thomas Harold Speeter ,  Vipin Kumar

IPC分类号： H04L12/66 ,  H04L41/5041 ,  H04L41/50 ,  H04L43/0894 ,  H04L45/02 ,  H04L47/24 ,  H04L69/325

CPC分类号： H04L12/66 ,  H04L41/5041 ,  H04L41/5096 ,  H04L43/0894 ,  H04L45/04 ,  H04L47/24 ,  H04L69/325 ,  H04L45/02 ,  H04L2012/4629

摘要： In one aspect, A computerized method of a gateway distributing routes learned through routing protocols (RP) into a Border Gateway Protocol (BGP) includes the step of providing a first gateway that receives a route over a routing protocol. The method includes the step of with the first gateway, redistributing the route to one or more peer routers as a BGP route based on one or more specified criteria. The method includes the step of setting a gateway precedence based on the redistribution of the route to the one or more peer routers as the BGP route. The method includes the step of, based on the gateway precedence, setting a second, gateway to automatically redistribute the route with different priorities to influence steering of traffic to a preferred gateway,

公开(公告)号：US11444872B2

公开(公告)日：2022-09-13

申请号：US16699719

申请日：2019-12-01

申请人： Nicira, Inc.

发明人： Ajit Ramachandra Mayya ,  Parag Pritam Thakore ,  Stephen Craig Connors ,  Sunil Mukundan ,  Thomas Harold Speeter

IPC分类号： H04L12/741 ,  H04L12/66 ,  H04L12/46 ,  H04L12/717 ,  H04L29/06 ,  H04L12/931 ,  H04L12/725 ,  H04L12/26 ,  H04L45/745 ,  H04L43/028 ,  H04L45/42 ,  H04L9/40 ,  H04L49/35 ,  H04L45/302 ,  H04L67/10 ,  G06N20/00

摘要： In one aspect, a computerized method of an application routing service includes the step of using a deep-packet inspection (DPI) technique on a first network flow to identify an application. The method includes the step of storing an Internet-protocol (IP) address and a port number used by the application and an identity of the application in a database. The method includes the step of detecting a second network flow. The method includes the step of identifying the IP address and the port number of the application in the second network flow. The method includes the step of looking up the IP address and the port number in the database. The method includes the step of identifying the application based on the IP address and the port number.

公开(公告)号：US11050588B2

公开(公告)日：2021-06-29

申请号：US16656555

申请日：2019-10-17

申请人： Nicira, Inc.

发明人： Ajit Ramachandra Mayya ,  Parag Pritam Thakore ,  Stephen Craig Connors ,  Steven Michael Woo ,  Sunil Mukundan ,  Thomas Harold Speeter ,  Vipin Kumar

IPC分类号： H04L12/66 ,  H04L29/08 ,  H04L12/851 ,  H04L12/715 ,  H04L12/24 ,  H04L12/26 ,  H04L12/751 ,  H04L12/723 ,  H04L12/46

摘要： In one aspect, A computerized method of a gateway distributing routes learned through routing protocols (RP) into a Border Gateway Protocol (BGP) includes the step of providing a first gateway that receives a route over a routing protocol. The method includes the step of with the first gateway, redistributing the route to one or more peer routers as a BGP route based on one or more specified criteria. The method includes the step of setting a gateway precedence based on the redistribution of the route to the one or more peer routers as the BGP route. The method includes the step of, based on the gateway precedence, setting a second gateway to automatically redistribute the route with different priorities to influence steering of traffic to a preferred gateway.