What technology area does this patent fall under?

Primary CPC classification H04L45/74. Mapped technology areas include Electricity.

When was this patent published?

Publication date Tue Nov 19 2019 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.

What related patents are in patentsdb?

We list 12 related publications on this page (citations in our corpus or others sharing the same primary CPC).

Executing multiple virtual private network (VPN) endpoints associated with an endpoint pool address

US10484279B2 · US · B2

Patent metadata
Field	Value
Publication number	US-10484279-B2
Application number	US-201816051470-A
Country	US
Kind code	B2
Filing date	Jul 31, 2018
Priority date	Aug 30, 2016
Publication date	Nov 19, 2019
Grant date	Nov 19, 2019

How to read this patent

A practical reading order for non-experts. Skip the full description unless you need deep technical detail.

Title
What the patent document calls the invention.
Abstract
A short plain-language summary of the technical disclosure.
Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
Key dates
Filing, priority, publication, and grant dates set the timeline.
First independent claim
The legal scope of protection — read this for what is actually claimed.
CPC / IPC classifications
Technology tags used to group this patent with similar filings.
Citations and related patents
Prior art links and similar publications in this corpus.

Abstract

Official abstract text for this publication.

Techniques for executing multiple Virtual Private Network (VPN) endpoints associated with an Endpoint Pool Address are disclosed. A VPN endpoint manager determines traffic attributes of traffic addressed to the Endpoint Pool Address. The VPN endpoint manager selects a quantity of VPN endpoints to be executed for processing the traffic based on the traffic attributes. The VPN endpoint manager causes execution of a plurality of VPN endpoints corresponding to the selected quantity. The VPN endpoint manager selects one VPN endpoint, from the VPN endpoint pool, to process each data packet addressed to the Endpoint Pool Address. The VPN endpoint manager may select different VPN endpoints to process data packets of different VPN sessions. The VPN endpoint manager may transfer a VPN session from one VPN endpoint to another VPN endpoint. The VPN endpoints in the VPN endpoint pool operate concurrently to process data packets addressed to the Endpoint Pool Address.

First claim

Opening claim text (preview).

What is claimed is: 1. A non-transitory computer readable medium comprising instructions which, when executed by one or more hardware processors, cause performance of operations comprising: receiving a first set of data packets that (a) is addressed to a particular address and (b) corresponds to a first Virtual Private Network (VPN) session assigned to a first VPN endpoint of a plurality of VPN endpoints associated with the particular address; directing the first set of data packets to the first VPN endpoint based on a first assignment of the first VPN session to the first VPN endpoint, the first VPN endpoint decapsulating the first set of data packets; determining that a session transfer criterion is satisfied; responsive to detecting that the session transfer criterion is satisfied, re-assigning the first VPN session to obtain a second assignment of the first VPN session to a second VPN endpoint of the plurality of VPN endpoints associated with the particular address; receiving a second set of data packets that (a) is addressed to the particular address and (b) corresponds to the first VPN session; directing the second set of data packets to the second VPN endpoint based on the second assignment of the first VPN session to the second VPN endpoint, the second VPN endpoint decapsulating the second set of data packets; receiving a third set of data packets that (a) is addressed to the particular address and (b) does not correspond to any existing VPN session; determining a third assignment of a new VPN session associated with the third set of data packets to a third VPN endpoint of the plurality of VPN endpoints associated with the particular address; directing the third set of data packets to the third VPN endpoint based on the third assignment of the new VPN session to the third VPN endpoint. 2. The non-transitory computer readable medium of claim 1 , wherein the first set of data packets and the second set of data packets are received from a same source device, and wherein the first VPN session is not interrupted for the source device by the re-assignment of the first VPN session from the first VPN endpoint to the second VPN endpoint. 3. The non-transitory computer readable medium of claim 1 , wherein the first VPN session is not terminated or paused between a first time at which the first set of data packets was received and a second time at which the second set of data packets was received. 4. The non-transitory computer readable medium of claim 1 , wherein the operations further comprise: receiving a fourth set of data packets that (a) is addressed to the particular address and (b) corresponds to a second VPN session; directing the fourth set of data packets to a fourth VPN endpoint, of the plurality of VPN endpoints associated with the particular address, based on a fourth assignment of the second VPN session to the fourth VPN endpoint. 5. The non-transitory computer readable medium of claim 1 , wherein the operations further comprise: receiving a fourth set of data packets that (a) is addressed to the particular address and (b) corresponds to a second VPN session assigned to the first VPN endpoint; before determining that the session transfer criterion is satisfied: directing the fourth set of data packets to the first VPN endpoint based on a fourth assignment of the second VPN session to the first VPN endpoint; subsequent to determining that the session transfer criterion is satisfied: continuing to direct the fourth set of data packets to the first VPN endpoint based on the fourth assignment of the second VPN session to the first VPN endpoint. 6. The non-transitory computer readable medium of claim 1 , wherein the operations further comprise: receiving a fourth set of data packets that (a) is addressed to the particular address and (b) corresponds to a second VPN session assigned to the second VPN endpoint; before determining that the session transfer criterion is satisfied: directing the fourth set of data packets to the second VPN endpoint based on a fourth assignment of the second VPN session to the second VPN endpoint; subsequent to determining that the session transfer criterion is satisfied: continuing to direct the fourth set of data packets to the second VPN endpoint based on the fourth assignment of the second VPN session to the second VPN endpoint. 7. The non-transitory computer readable medium of claim 1 , wherein the operations further comprise: prior to directing the second set of data packets to the second VPN endpoint based on the second assignment of the first VPN session to the second VPN endpoint: retrieving a state of the first VPN session from a first data repository associated with the first VPN endpoint; causing storage of the state of the first VPN session at a second data repository associated with the second VPN endpoint. 8. The non-transitory computer readable medium of claim 7 , wherein the state of the first VPN session comprises one or more of: (a) a client identifier of a client that is associated with the first VPN session; (b) a tenant identifier of a tenant associated with the first VPN session; (c) a first parameter that is negotiated for the first VPN session, the first parameter comprising one or more of: a hashing algorithm, an encryption protocol, an authentication protocol; (d) a second parameter that is configured for the first VPN session, the second parameter comprising one or more of: a hashing algorithm, an encryption protocol, an authentication protocol; (e) a session key for processing data corresponding to the first VPN session; (f) a counter that counts a number of data packets, corresponding to the first VPN session, that have been transmitted; and (g) a parameter or attribute of data packets corresponding to the first VPN session. 9. The non-transitory computer readable medium of claim 1 , wherein re-assigning the first VPN session to obtain the second assignment of the first VPN session to the second VPN endpoint of the plurality of VPN endpoints associated with the particular address comprises: removing storage of a first association between the first VPN endpoint and a session identifier of the first VPN session; storing a second association between the second VPN endpoint and the session identifier of the first VPN session. 10. The non-transitory computer readable medium of claim 1 , wherein re-assigning the first VPN session to obtain the second assignment of the first VPN session to the second VPN endpoint of the plurality of VPN endpoints associated with the particular address comprises: modifying a session-to-endpoint mapping from (a) indicating that the first VPN session is mapped to the first VPN endpoint to (b) indicating that the first VPN session is mapped to the second VPN endpoint. 11. The non-transitory computer readable medium of claim 1 , wherein the operations further comprise: subsequent to determining that the session transfer criterion is satisfied: retrieving a state of the first VPN session from a first data repository associated with the first VPN endpoint; subsequent to retrieving the state of the first VPN session from the first data repository associated with the first VPN endpoint and prior to re-assigning the first VPN session to obtain the second assignment of the first VPN session to the second VPN endpoint of the plurality of VPN endpoints associated with the particular address: receiving data packets corresponding to the first VPN session; storing the data packets corresponding to the first VPN session in a queue; subsequent to re-assigning the first VPN session to obtain the second assignment of the first VPN session to the second VPN endpoint of the plurality of

Assignees

Oracle Int Corp

Inventors

Classifications

H04L47/18
End to end · CPC title
H04L45/74Primary
Address processing for routing · CPC title
H04L69/22
Parsing or analysis of headers · CPC title
H04L45/308
Route determination based on user's profile, e.g. premium users · CPC title
H04L12/4641Primary
Virtual LANs, VLANs, e.g. virtual private networks [VPN] (LAN interconnection over a bridge based backbone H04L12/462; encapsulation techniques H04L12/4633; routing of packets H04L45/00; packet switches H04L49/00; virtual private networks for security H04L63/0272) · CPC title

Patent family

Related publications grouped by family.

View patent family 61243871

External sources

Frequently asked questions

Answers are generated from the same data shown on this page.

What does patent US10484279B2 cover?: Techniques for executing multiple Virtual Private Network (VPN) endpoints associated with an Endpoint Pool Address are disclosed. A VPN endpoint manager determines traffic attributes of traffic addressed to the Endpoint Pool Address. The VPN endpoint manager selects a quantity of VPN endpoints to be executed for processing the traffic based on the traffic attributes. The VPN endpoint manager ca…
Who is the assignee on this patent?: Oracle Int Corp
What technology area does this patent fall under?: Primary CPC classification H04L45/74. Mapped technology areas include Electricity.
When was this patent published?: Publication date Tue Nov 19 2019 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
What related patents are in patentsdb?: We list 12 related publications on this page (citations in our corpus or others sharing the same primary CPC).