Method and system of resiliency in cloud-delivered SD-WAN

US 10,523,539 B2
Filed: 09/11/2017
Issued: 12/31/2019
Est. Priority Date: 06/22/2017
Status: Active Grant

First Claim

Patent Images

1. A system comprising:

a first device at an edge of a branch first network;

a second device operating as an access point to a second network; and

at least two links between the first device and the second device, wherein (i) a tunnel is established on an active first link of the at least two links, (ii) no tunnel is established on a backup second link of the at least two links, and (iii) probe packets are used to monitor a state of the backup second link in order to ensure that the second link can become active when needed to replace the first link;

wherein if the first link becomes inactive, a second tunnel is established on the second link and the second link becomes the active link.

View all claims

5 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In one aspect, a computerized method includes the step of providing process monitor in a Gateway. The method includes the step of, with the process monitor, launching a Gateway. Daemon (GWD). The GWD runs a GWD process that implements a Network Address Translation (NAT) process. The NAT process includes receiving a set of data packets from one or more Edge devices and forwarding the set of data packets to a public Internet. The method includes the step of receiving another set of data packets from the public Internet and forwarding the other set of data packets to the one or more Edge devices. The method includes the step of launching a Network Address Translation daemon (NATD). The method includes the step of detecting that the GWD process is interrupted; moving the NAT process to the NATD.

Citations

18 Claims

1. A system comprising:
- a first device at an edge of a branch first network;
  
  a second device operating as an access point to a second network; and
  
  at least two links between the first device and the second device, wherein (i) a tunnel is established on an active first link of the at least two links, (ii) no tunnel is established on a backup second link of the at least two links, and (iii) probe packets are used to monitor a state of the backup second link in order to ensure that the second link can become active when needed to replace the first link;
  
  wherein if the first link becomes inactive, a second tunnel is established on the second link and the second link becomes the active link.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
- - 2. The system of claim 1, wherein the first device is an edge device and the second device is a gateway device.
  - 3. The system of claim 1 further comprising a cloud web security service in the second network.
  - 4. The system of claim 3, wherein the cloud web security service performs security scanning for data traffic from the enterprise first network prior to the data traffic being sent to the public Internet.
  - 5. The system of claim 3, wherein the cloud web security service performs service insertion for data traffic from the enterprise first network prior to the data traffic being sent to the public Internet.
  - 6. The system of claim 3 further comprising a tunnel from the second device to the cloud web service.
  - 7. The system of claim 1, wherein the second device performs network address translation for data traffic sent from the first device to the second network.
  - 8. The system of claim 1, wherein the probe packets are ICMP probe packets.
  - 9. The system of claim 1, wherein states of the active first link and the backup second link are both included in a link state machine.
  - 10. The system of claim 9, wherein the link state machine determines availability of links for failover.
  - 11. The system of claim 10, wherein the availability is reported as a link status by a centralized configuration and management application.
  - 12. The system of claim 9, wherein the link state machine establishes a set of flags to determine eligibility of the links.
  - 13. The system of claim 1, wherein using probe packets without an established tunnel on the backup second link saves bandwidth consumption on the second link.
  - 14. The system of claim 1, wherein the first device executes in a virtual machine located in a branch office.
  - 15. The system of claim 1, wherein the first link uses a first Internet service provider and the second link uses a second Internet service provider.

16. A system comprising:
- a first device at an edge of a branch location of an enterprise network;
  
  a second device operating as an access point to a public cloud network; and
  
  at least two links between the first device and the second device, wherein (i) a tunnel is established on an active first link of the at least two links, (ii) no tunnel is established on an inactive backup second link of the at least two links, and (iii) probe packets are used to monitor a state of the inactive backup second link in order to ensure that the second link can become active when needed to replace the first link;
  
  wherein if the first link becomes inactive, a second tunnel is established on the second link and the second link becomes the active link.
- View Dependent Claims (17, 18)
- - 17. The system of claim 16, wherein the first device is an edge device and the second device is a gateway device.
  - 18. The system of claim 16, wherein using probe packets without an established tunnel on the backup second link saves bandwidth consumption on the second link.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Nicira Incorporated (Broadcom, Inc.)
Original Assignee
Nicira Incorporated (Broadcom, Inc.)
Inventors
Mayya, Ajit Ramachandra, Thakore, Parag Pritam, Connors, Stephen Craig, Woo, Steven Michael, Mukundan, Sunil, Speeter, Thomas Harold
Primary Examiner(s)
Shin, Kyung H

Application Number

US15/701,115
Publication Number

US 20180375824A1
Time in Patent Office

841 Days
Field of Search
US Class Current
CPC Class Codes

H04L 12/2854   Wide area networks, e.g. pu...

H04L 12/2856   Access arrangements, e.g. I...

H04L 12/66   Arrangements for connecting...

H04L 41/12   Discovery or management of ...

H04L 41/5032   Generating service level re...

H04L 43/045   for graphical visualisation...

H04L 43/08   Monitoring or testing based...

H04L 43/0829   Packet loss

H04L 43/087   Jitter

H04L 43/12   Network monitoring probes

H04L 43/16   Threshold monitoring

H04L 43/55   Testing of service level qu...

H04L 45/123   Evaluation of link metrics ...

H04L 45/124   using a combination of metrics

H04L 45/125   based on throughput or band...

H04L 45/22   Alternate routing

H04L 45/302   Route determination based o...

H04L 45/70   Routing based on monitoring...

H04L 47/22   Traffic shaping

H04L 47/781   Centralised allocation of r...

H04L 61/25 : of the same type

H04W 76/22 : Manipulation of transport t...

H04W 76/30 : Connection release

View All

Method and system of resiliency in cloud-delivered SD-WAN

First Claim

5 Assignments

0 Petitions

Accused Products

Abstract

Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system of resiliency in cloud-delivered SD-WAN

First Claim

5 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links