Systems and methods for improving digital user experience
US-10728117-B1 · Jul 28, 2020 · US
Detection of network hops and latency through an opaque tunnel and detection misconfiguration of tunnels
US11637766B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-11637766-B2 |
| Application number | US-202117149026-A |
| Country | US |
| Kind code | B2 |
| Filing date | Jan 14, 2021 |
| Priority date | Jan 14, 2021 |
| Publication date | Apr 25, 2023 |
| Grant date | Apr 25, 2023 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
Techniques for using traceroute with tunnels and cloud-based systems for determining measures of network performance are presented. Systems and methods include requesting a trace to a destination with a signature inserted into a trace packet; receiving a response to the trace packet; when the response does not include tunnel info, providing details in the response to a service where the details include parameters associated with a service path between the client and the destination; and, when the response includes tunnel info, segmenting the service path into a plurality of legs, causing a trace for each of the plurality of legs, and aggregating details for each of the plurality of legs based on the causing.
First claim
Opening claim text (preview).
What is claimed is: 1. A method implemented by a client comprising: requesting a trace to a destination with a signature inserted into a trace packet; receiving a response to the trace packet; determining whether the response includes tunnel info; in response to determining that the response includes the tunnel info, segmenting a service path between the client and the destination into a plurality of legs, causing a trace for each of the plurality of legs, aggregating details for each of the plurality of legs based on responses to the trace for each of the plurality of legs, and including a second signature in a second trace packet to an egress router to detect a network path, wherein the aggregating details includes aggregating network hops, packet drops, and latency for each of the plurality of legs; receiving a response from the second trace packet; when the response does not include a flag, utilizing details from the response for a leg between the client and the egress router; and when the response includes the flag, determining the second trace packet went on a wrong network path where the second trace packet was sent over a tunnel to a tunnel server. 2. The method of claim 1 , wherein a tunnel server intercepts the trace packet responsive to detection of the signature, and wherein the tunnel server responds to the trace packet with the response with the tunnel info upon determination of the presence of a tunnel. 3. The method of claim 1 , wherein the plurality of legs include three legs. 4. The method of claim 3 , wherein a first leg is between the client and a tunnel client, a second leg is between the tunnel client and a tunnel server, and a third leg is between the tunnel server and the destination, and wherein the client, knowing there is a tunnel based on the response, requests the tunnel server to trace the tunnel. 5. The method of claim 3 , wherein a first leg is between the client and an egress router, a second leg is between the egress router and a tunnel server, and a third leg is between the tunnel server and the destination. 6. The method of claim 1 , wherein at least one of the plurality of legs includes a reverse trace from a tunnel server. 7. The method of claim 1 , wherein the tunnel info includes a type of tunnel including any of Generic Routing Encapsulation (GRE) and Internet Protocol (IP) Security (IPsec). 8. A non-transitory computer-readable medium comprising instructions that, when executed, cause one or more processors associated with a client to perform steps of: requesting a trace to a destination with a signature inserted into a trace packet; receiving a response to the trace packet; determining whether the response includes tunnel info; in response to determining that the response does not include the tunnel info, providing details obtained from the response to a service where the details include parameters associated with a service path between the client and the destination; in response to determining that the response includes the tunnel info, segmenting the service path into a plurality of legs, causing a trace for each of the plurality of legs, aggregating details for each of the plurality of legs based on responses to the trace for each of the plurality of legs, and including a second signature in a second trace packet to an egress router to detect a network path, wherein the aggregating details includes aggregating network hops, packet drops, and latency for each of the plurality of legs; receiving a response from the second trace packet; when the response does not include a flag, utilizing details from the response for a leg between the client and the egress router; and when the response includes the flag, determining the second trace packet went on a wrong network path where the second trace packet was sent over a tunnel to a tunnel server. 9. The non-transitory computer-readable medium of claim 8 , wherein a tunnel server intercepts the trace packet responsive to detection of the signature, and wherein the tunnel server responds to the trace packet with the response with the tunnel info upon determination of the presence of a tunnel. 10. The non-transitory computer-readable medium of claim 8 , wherein the plurality of legs include three legs. 11. The non-transitory computer-readable medium of claim 8 , wherein at least one of the plurality of legs includes a reverse trace from a tunnel server. 12. The non-transitory computer-readable medium of claim 8 , wherein the tunnel info includes a type of tunnel including any of Generic Routing Encapsulation (GRE) and Internet Protocol (IP) Security (IPsec). 13. A client comprising: one or more processors and memory comprising instructions that, when executed, cause the one or more processors to request a trace to a destination with a signature inserted into a trace packet; receive a response to the trace packet; determining whether the response includes tunnel info; in response to determining that the response does not include the tunnel info, provide details obtained from the response to a service where the details include parameters associated with a service path between the client and the destination; and in response to determining that the response includes the tunnel info, segment the service path into a plurality of legs, cause a trace for each of the plurality of legs, aggregate details for each of the plurality of legs based on responses to the trace for each of the plurality of legs, and include a second signature in a second trace packet to an egress router to detect a network path, wherein the aggregating details includes aggregating network hops, packet drops, and latency for each of the plurality of legs; receive a response from the second trace packet; when the response does not include a flag, utilize details from the response for a leg between the client and the egress router; and when the response includes the flag, determine the second trace packet went on a wrong network path where the second trace packet was sent over a tunnel to a tunnel server. 14. The client of claim 13 , wherein a tunnel server intercepts the trace packet responsive to detection of the signature, and wherein the tunnel server responds to the trace packet with the response with the tunnel info upon determination of the presence of a tunnel.
Assignees
Inventors
Classifications
by reconfiguring faulty entities · CPC title
- H04L43/103Primary
with adaptive polling, i.e. dynamically adapting the polling rate · CPC title
Delays · CPC title
Checking the configuration · CPC title
Interconnection of networks using encapsulation techniques, e.g. tunneling · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US11637766B2 cover?
- Techniques for using traceroute with tunnels and cloud-based systems for determining measures of network performance are presented. Systems and methods include requesting a trace to a destination with a signature inserted into a trace packet; receiving a response to the trace packet; when the response does not include tunnel info, providing details in the response to a service where the details…
- Who is the assignee on this patent?
- Zscaler Inc
- What technology area does this patent fall under?
- Primary CPC classification H04L43/103. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Apr 25 2023 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 12 related publications on this page (citations in our corpus or others sharing the same primary CPC).