Protecting communication link between content delivery network and content origin server

US 10,044,673 B2
Filed: 07/22/2015
Issued: 08/07/2018
Est. Priority Date: 07/22/2015
Status: Active Grant

First Claim

Patent Images

1. A method of protecting a website from attack, comprising:

providing a content delivery network (CDN) having a set of content servers (CS) to provide content delivery on behalf of a set of participating content providers, at least one of the set of participating content providers sourcing content for delivery by the CDN from an origin server;

providing a set of private Internet Protocol (IP) addresses assigned to the origin server for communication between the CDN and the origin server;

transmitting a request for content from the CDN to the origin server using a first IP address selected from the set of private IP addresses;

receiving the content at the CDN from the origin server in response to the request for content;

identifying a malicious attack on the first IP address;

in response to identifying the malicious attack, selecting a second IP address from the set of private IP addresses;

subsequent to selecting the second IP address, transmitting a request for additional content from the CDN to the origin server using the second IP address; and

receiving the additional content at the CDN from the origin server in response to the request for additional content.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A privatized link between an origin server and a content delivery network is provided. A privatized link can be direct connection that does not route over the internet. Another privatized link is one that rotates IP addresses. An origin server may be assigned to use a set of multiple IP addresses for communication with the content delivery network. However, at any given time, the origin server is only using a small number of IP addresses. When one of the IP addresses being used to communicate with the content delivery network comes under attack, the origin server switches to another IP address in the set in order to continue serving content to the content delivery network via an IP address that is not under attack.

Citations

13 Claims

1. A method of protecting a website from attack, comprising:
- providing a content delivery network (CDN) having a set of content servers (CS) to provide content delivery on behalf of a set of participating content providers, at least one of the set of participating content providers sourcing content for delivery by the CDN from an origin server;
  
  providing a set of private Internet Protocol (IP) addresses assigned to the origin server for communication between the CDN and the origin server;
  
  transmitting a request for content from the CDN to the origin server using a first IP address selected from the set of private IP addresses;
  
  receiving the content at the CDN from the origin server in response to the request for content;
  
  identifying a malicious attack on the first IP address;
  
  in response to identifying the malicious attack, selecting a second IP address from the set of private IP addresses;
  
  subsequent to selecting the second IP address, transmitting a request for additional content from the CDN to the origin server using the second IP address; and
  
  receiving the additional content at the CDN from the origin server in response to the request for additional content.
- View Dependent Claims (2, 3, 4, 12, 13)
- - 2. The method of claim 1, wherein the set of private IP addresses is noncontiguous.
  - 3. The method of claim 1, wherein the set of multiple IP addresses lie within a private IP address range allocated to the content delivery network.
  - 4. The method of claim 1, wherein the second IP address is based on a predetermined order of IP addresses to be selected from the set of private IP addresses.
  - 12. The method of claim 3, further comprising:
    - determining that the first IP address is not under attack; and
      
      in response to determining the first IP address is not under attack, selecting the first IP address to be associated with the origin server.
  - 13. The method of claim 12, wherein the first IP address is selected based on determining that the second IP address is under attack.

5. A communication system, comprising:
- a content delivery network (CDN) having a set of content servers (CS) to provide content delivery on behalf of a set of participating content providers, at least one of the set of participating content providers sourcing content for delivery by the CDN from an origin server;
  
  a set of private Internet Protocol (IP) addresses assigned to the origin server for communication between the CDN and the origin server; and
  
  wherein the CDN is configured to;
  
  transmit a request for content to the origin server using a first IP address selected from the set of private IP addresses;
  
  receive the content from the origin server in response to the request for content;
  
  identify a malicious attack on the first IP address;
  
  in response to identifying the malicious attack, select a second IP address from the set of private IP addresses;
  
  subsequent to selecting the second IP address, transmit a request for additional content to the origin server at the second IP address; and
  
  receive the additional content from the origin server in response to the request for additional content.
- View Dependent Claims (6, 7, 8, 9)
- - 6. The communication system of claim 5, wherein the set of private IP addresses is noncontiguous.
  - 7. The communication system of claim 6, wherein the set of private IP addresses are contiguous within a single routing prefix.
  - 8. The communication system of claim 5, wherein the second IP address is selected from the set of private IP addresses based on the first IP address.
  - 9. The communication system of claim 5, wherein the set of private IP addresses lies within a routing prefix address range allocated to the content delivery network.

10. A method of supplying content to a content delivery network (CDN), comprising:
- establishing a communication link between an origin server and the CDN using a first Internet Protocol (IP) address selected for the origin server from a set of private Internet Protocol (IP) addresses assigned to the origin server, the origin server to provide content to the CDN by responding to requests from the CDN directed to the first IP address;
  
  determining that the first IP address is under attack;
  
  in response to determining the first IP address is under attack, selecting a second IP address from the set of private Internet Protocol (IP) addresses assigned to the origin server; and
  
  establishing a communication link between the origin server and the CDN using the second IP address for the origin server, the origin server to provide content to the CDN by responding to requests from the CDN directed to the second IP address.
- View Dependent Claims (11)
- - 11. The method of claim 10, wherein the first and second IP addresses are selected according to a predetermined order known to both the CDN and the origin server.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Fastly Incorporated
Original Assignee
Fastly Incorporated
Inventors
Leach, Sean A., Bergman, Artur, Daly, Thomas J.
Primary Examiner(s)
Li, Meng

Application Number

US14/806,317
Publication Number

US 20170026338A1
Time in Patent Office

1,112 Days
Field of Search
US Class Current
CPC Class Codes

H04L 61/2539   Hiding addresses; Keeping a...

H04L 61/5007   Internet protocol [IP] addr...

H04L 61/5038   for local use, e.g. in LAN ...

H04L 61/5061   Pools of addresses

H04L 61/5092   by self-assignment, e.g. pi...

H04L 63/02   for separating internal fro...

H04L 63/1441   Countermeasures against mal...

H04L 67/02   based on web technology, e....

Protecting communication link between content delivery network and content origin server

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

13 Claims

Specification

Solutions

Use Cases

Quick Links

Protecting communication link between content delivery network and content origin server

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

13 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links