Computing aware-session management method and communication apparatus
US-2023300210-A1 · Sep 21, 2023 · US
Configuring application availability using anycast addressing
US12425327B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-12425327-B2 |
| Application number | US-202318499121-A |
| Country | US |
| Kind code | B2 |
| Filing date | Oct 31, 2023 |
| Priority date | Oct 31, 2023 |
| Publication date | Sep 23, 2025 |
| Grant date | Sep 23, 2025 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
Anycast addressing is utilized to support the connection of multiple application connectors fronting an application(s) to a network element and anycast routing of network traffic destined for the application(s). When an application is indicated for onboarding in a tenant's network fabric, a network controller allocates virtual and anycast addresses to the application. Allocation of anycast addresses is per domain name and port/protocol combination. Upon determining that the application is available, the application connector(s) advertises reachability of the application via the anycast address. The network controller orchestrates configuration of a domain name system entry that resolves the application name to its virtual Internet Protocol (IP) address and destination network address translation rules that translate the virtual IP address to the anycast address and the anycast address to the application's private IP address. Application network traffic can thus be forwarded to the application via any application connector that advertised the anycast address.
First claim
Opening claim text (preview).
The invention claimed is: 1. A method comprising: configuring reachability of one or more instances of a first application in a network via anycast routing based on indication of deployment of the one or more instances of the first application in the network, wherein configuring reachability of the one or more instances of the first application in the network via anycast routing comprises: allocating an anycast Internet Protocol (IP) address for a name of the first application and a port number and protocol associated with the first application, wherein the anycast IP address is shared across the one or more instances of the first application that share the name, port number, and protocol; and setting a domain name system (DNS) entry to resolve the name of the first application to an IP address of the first application; configuring a first destination network address translation (NAT) rule to translate the IP address of the first application to the anycast IP address; and configuring a second destination NAT rule to translate the anycast IP address to a private IP address of a particular instance of the first application based on detected network traffic matching to the anycast IP address, the port number, and the protocol, wherein the second destination NAT rule also indicates the port number and the protocol. 2. The method of claim 1 , further comprising load balancing network traffic of the first application that indicates the anycast IP address as a destination address across the one or more instances of the first application. 3. The method of claim 2 , wherein load balancing the network traffic of the first application is based on equal-cost multi-path routing. 4. The method of claim 1 , further comprising advertising reachability of the first application via the anycast IP address to one or more network elements. 5. The method of claim 4 , wherein advertising reachability of the first application comprises advertising a route to the anycast IP address to the one or more network elements in accordance with the Border Gateway Protocol (BGP). 6. The method of claim 1 , wherein allocating the anycast IP address to the first application comprises allocating the anycast IP address from a network address aggregate of routable address space of the network, wherein the network address aggregate was allocated to a proxy of the first application. 7. The method of claim 1 , wherein the name of the first application is a fully qualified domain name of the first application. 8. The method of claim 1 , wherein the IP address of the first application is a virtual IP address allocated to the first application from routable address space of the network. 9. The method of claim 8 , further comprising allocating the virtual IP address from the routable address space of the network for the name of the first application. 10. A non-transitory machine-readable medium having program code stored thereon, the program code comprising instructions to: assign, based on detecting deployment of an application with a first application name in a network, an anycast address to application instances associated with a first application name and a port number and protocol of the application; configure network address translation (NAT) rules to route network traffic of the application via anycast routing, wherein the instructions to configure the NAT rules comprise instructions to, for each instance of the application having a corresponding private network address: configure a first destination NAT rule to translate a network address of the application to the anycast address; and configure a second destination NAT rule to translate the anycast address to the corresponding private network address of a particular instance of the application based on detected network traffic matching to the anycast address, the port number, and the protocol, wherein the second destination NAT rule also indicates the port number and the protocol; and route, based on detecting network traffic indicating the first application name, the network traffic to the application via anycast routing according to the first and second destination NAT rules. 11. The non-transitory machine-readable medium of claim 10 , wherein the instructions to route the network traffic to the application comprise instructions to load balance the network traffic across the application instances. 12. The non-transitory machine-readable medium of claim 10 , wherein the first application name is a fully qualified domain name (FQDN), wherein the instructions to assign the anycast address to the application instances associated with the first application name comprise instructions to assign the anycast address to application instances associated with the FQDN and the port number and the protocol of the application. 13. The non-transitory machine-readable medium of claim 10 , wherein the instructions to assign the anycast address to application instances associated with the first application name and the port number and the protocol comprise instructions to assign the anycast address from a network address aggregate of routable address space of the network, wherein the network address aggregate was allocated to a proxy of the application. 14. The non-transitory machine-readable medium of claim 10 , wherein the program code further comprises instructions to advertise reachability of the application via the anycast address to one or more network elements, wherein the instructions to advertise reachability of the application comprise instructions to advertise a route to the anycast address to the one or more network elements in accordance with the Border Gateway Protocol (BGP). 15. A system comprising: one or more network elements deployed across one or more networks of a tenant, wherein the one or more network elements front a corresponding one or more instances of an application; and a network controller that communicates with the one or more network elements, wherein the network controller comprises a processor and a machine-readable medium having instructions stored thereon that are executable by the processor to cause the network controller to: configure reachability of a first application via anycast routing based on detecting deployment of the first application, wherein the instructions to configure reachability of the first application via anycast routing comprise instructions to: allocate an anycast Internet Protocol (IP) address for a name of the first application and a port number and protocol associated with the first application; for each of the instances of the first application: set a domain name system (DNS) entry to resolve the name of the first application to a virtual IP address assigned to a particular instance of the application; configure a first destination network address translation (NAT) rule to translate the virtual IP address to the anycast IP address; and configure a second destination NAT rule to translate the anycast IP address to a private IP address of the particular instance of the first application based on detected network traffic matching to the anycast IP address, the port number, and the protocol, wherein the second destination NAT rule also indicates the port number and the protocol. 16. The system of claim 15 , further comprising instructions executable by the processor to cause the network controller to configure a load balancing rule to load balance network traffic destined for the first application across the one or more network elements that front the corresponding one or more instances of the first application. 1
Assignees
Inventors
Classifications
Address processing for routing · CPC title
Internet protocol [IP] addresses · CPC title
using domain name system [DNS] · CPC title
- H04L61/2514Primary
between local and global IP addresses · CPC title
Hiding addresses; Keeping addresses anonymous · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US12425327B2 cover?
- Anycast addressing is utilized to support the connection of multiple application connectors fronting an application(s) to a network element and anycast routing of network traffic destined for the application(s). When an application is indicated for onboarding in a tenant's network fabric, a network controller allocates virtual and anycast addresses to the application. Allocation of anycast addr…
- Who is the assignee on this patent?
- Palo Alto Networks Inc
- What technology area does this patent fall under?
- Primary CPC classification H04L61/2514. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Sep 23 2025 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 7 related publications on this page (citations in our corpus or others sharing the same primary CPC).