Determining the likelihood of traffic being legitimately received at a proxy server in a cloud-based proxy service
First Claim
1. A method for determining a likelihood of a packet having a particular source address being received at a particular one of a plurality of proxy servers that are anycasted to a same IP address, wherein the proxy servers are part of a cloud-based proxy service and are situated between a plurality of client computing devices accessing network resources and a plurality of origin servers that serve network resources, the method comprising:
- receiving, from each of the plurality of proxy servers, one or more messages that indicate source IP addresses of packets received at that proxy server that are directed to the same IP address, wherein the proxy servers receive traffic at the same IP address as a result of one or more domains resolving to the same IP address, and wherein a first proxy server of the proxy servers receives packets directed to the same IP address as a result of an anycast protocol implementation selecting the first proxy server of the proxy servers as the closest in terms of routing protocol metric used to route traffic to the proxy servers;
determining, based on an historical analysis of the source IP addresses of packets received at the plurality of proxy servers as a result of the anycast protocol implementation as indicated in the one or more messages from each of the plurality of proxy servers, a likelihood of a packet having a particular source IP address being legitimately received at each of the proxy servers, wherein packets are likely to be legitimately received at each of the proxy servers when probabilities for each source-destination IP address pair determined using the historical analysis are above a threshold value;
transmitting, to each of the proxy servers, a message that indicates which source IP addresses of packets are not likely to be legitimately received at that proxy server based on the probabilities for each source-destination IP address pair determined using the historical analysis; and
responsive to a network event that affects the likelihood of a packet having a particular source IP address being legitimately received at each of the proxy servers, transmitting a message to the proxy servers that indicates a suspension of any rate limits that have been installed as a result of transmitting the messages to the proxy servers that indicate which source IP addresses of packets are not likely to be legitimately received at the proxy servers.
1 Assignment
0 Petitions
Accused Products
Abstract
Message(s) are received from each one of multiple proxy servers, which are anycasted to the same IP address, that indicate source IP addresses of packets that are received that are directed to that same IP address. These proxy servers receive the packets as result of domain(s) resolving to that same IP address, and a particular one of the proxy servers receives the packets as a result of an anycast protocol implementation selecting that proxy server. Based on these message(s) from each of the proxy servers, a determination of the likelihood of a packet having a particular source IP address being legitimately received at each of the proxy servers is determined. A message is transmitted to each of the proxy servers that indicates which source IP addresses of packets are not likely to be legitimately received at that proxy server.
-
Citations
18 Claims
-
1. A method for determining a likelihood of a packet having a particular source address being received at a particular one of a plurality of proxy servers that are anycasted to a same IP address, wherein the proxy servers are part of a cloud-based proxy service and are situated between a plurality of client computing devices accessing network resources and a plurality of origin servers that serve network resources, the method comprising:
-
receiving, from each of the plurality of proxy servers, one or more messages that indicate source IP addresses of packets received at that proxy server that are directed to the same IP address, wherein the proxy servers receive traffic at the same IP address as a result of one or more domains resolving to the same IP address, and wherein a first proxy server of the proxy servers receives packets directed to the same IP address as a result of an anycast protocol implementation selecting the first proxy server of the proxy servers as the closest in terms of routing protocol metric used to route traffic to the proxy servers; determining, based on an historical analysis of the source IP addresses of packets received at the plurality of proxy servers as a result of the anycast protocol implementation as indicated in the one or more messages from each of the plurality of proxy servers, a likelihood of a packet having a particular source IP address being legitimately received at each of the proxy servers, wherein packets are likely to be legitimately received at each of the proxy servers when probabilities for each source-destination IP address pair determined using the historical analysis are above a threshold value; transmitting, to each of the proxy servers, a message that indicates which source IP addresses of packets are not likely to be legitimately received at that proxy server based on the probabilities for each source-destination IP address pair determined using the historical analysis; and responsive to a network event that affects the likelihood of a packet having a particular source IP address being legitimately received at each of the proxy servers, transmitting a message to the proxy servers that indicates a suspension of any rate limits that have been installed as a result of transmitting the messages to the proxy servers that indicate which source IP addresses of packets are not likely to be legitimately received at the proxy servers. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. An apparatus, comprising:
-
a plurality of proxy servers that are anycasted to a same IP address, each of the plurality of proxy servers running on one or one or more physical devices, wherein each of the plurality of proxy servers is configured to perform the following; receive packets at the same IP address as a result of one or more domains resolving to the same IP address, wherein this proxy server receives the packets at the same IP address as a result of an anycast protocol implementation selecting this one of the plurality of proxy servers as the closest in terms of routing protocol metric used to route traffic to the plurality of proxy servers; transmit one or more messages to a central server computer that indicate source IP addresses of the received packets; and receive, from the central server computer, a message that indicate source IP addresses of packets that are not likely to be legitimately received at that proxy server; and install, based on the received message, one or more rules to rate limit packets that are received having a source IP address that is not likely to be legitimately received at that proxy server; and the central server computer coupled with the plurality of proxy servers, wherein the central server computer is configured to perform the following; receive, from each of the plurality of proxy servers, the one or more messages that indicate source IP addresses of the received packets; determine, based on an historical analysis of the source IP addresses of packets received at the plurality of proxy servers as a result of the anycast protocol implementation as indicated in the one or more messages received from the plurality of proxy servers, a likelihood of a packet having a particular source IP address being legitimately received at each of the proxy servers, wherein packets are likely to be legitimately received at each of the proxy servers when probabilities for each source-destination IP address pair determined using the historical analysis are above a threshold value; transmit, to each of the proxy servers, the message that indicates which source IP addresses of packets are not likely to be legitimately received at that proxy server based on the probabilities for each source IP address determined using the historical analysis; and responsive to a network event that affects the likelihood of a packet having a particular source IP address being legitimately received at each of the proxy servers, transmit a message to the proxy servers that indicates a suspension of any rate limits that have been installed as a result of transmitting the messages to the proxy servers that indicate which source IP addresses of packets are not likely to be legitimately received at the proxy servers. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
-
-
17. A non-transitory computer-readable storage medium that provides instructions that, if executed by a processor, will cause said processor to perform operations for determining a likelihood of a packet having a particular source address being received at a particular one of a plurality of proxy servers that are anycasted to a same IP address, wherein the proxy servers are part of a cloud-based proxy service and are situated between a plurality of client computing devices accessing network resources and a plurality of origin servers that serve network resources, the operations comprising:
-
receiving, from each of the plurality of proxy servers, one or more messages that indicate source IP addresses of packets received at that proxy server that are directed to the same IP address, wherein the proxy servers receive traffic at the same IP address as a result of one or more domains resolving to the same IP address, and wherein a first proxy server of the proxy servers receives packets directed to the same IP address as a result of an anycast protocol implementation selecting the first proxy server of the proxy servers as the closest in terms of routing protocol metric used to route traffic to the proxy servers; determining, based on an historical analysis of the source IP addresses of packets received at the plurality of proxy servers as a result of the anycast protocol implementation as indicated in the one or more messages from each of the plurality of proxy servers, a likelihood of a packet having a particular source IP address being legitimately received at each of the proxy servers, wherein packets are likely to be legitimately received at each of the proxy servers when probabilities for each source-destination IP address pair determined using the historical analysis are above a threshold value; transmitting, to each of the proxy servers, a message that indicates which source IP addresses of packets are not likely to be legitimately received at that proxy server based on the probabilities for each source IP address determined using the historical analysis; and responsive to a network event that affects the likelihood of a packet having a particular source IP address being legitimately received at each of the proxy servers, transmitting a message to the proxy servers that indicates a suspension of any rate limits that have been installed as a result of transmitting the messages to the proxy servers that indicate which source IP addresses of packets are not likely to be legitimately received at the proxy servers. - View Dependent Claims (18)
-
Specification