Protecting communications between a content delivery network and an origin server
First Claim
1. A method of operating a content delivery network, the method comprising:
- assigning a plurality of network addresses allocated to the content delivery network to an origin to establish a privatized link between the content delivery network and the origin, whereby the content delivery network uses a first network address of the plurality of network addresses as the network address of the origin when requesting content from the origin;
in a content server of the content delivery network, receiving requests for content potentially cached by the content server;
in response to the requests, transmitting origin requests to the origin using the first network address from the plurality of network addresses to obtain the requested content from the origin;
in response to an attack on the first network address, selecting a second network address from the plurality of network addresses based on a predetermined order; and
transmitting subsequent origin requests to the origin using the second network address to obtain the requested content from the origin.
2 Assignments
0 Petitions
Accused Products
Abstract
A privatized link between an origin server and a content delivery network is provided. A privatized link can be direct connection that does not route over the internet. Another privatized link is one that rotates IP addresses. An origin server may be assigned to use a set of multiple IP addresses for communication with the content delivery network. However, at any given time, the origin server is only using a small number of IP addresses. When one of the IP addresses being used to communicate with the content delivery network comes under attack, the origin server switches to another IP address in the set in order to continue serving content to the content delivery network via an IP address that is not under attack.
-
Citations
21 Claims
-
1. A method of operating a content delivery network, the method comprising:
-
assigning a plurality of network addresses allocated to the content delivery network to an origin to establish a privatized link between the content delivery network and the origin, whereby the content delivery network uses a first network address of the plurality of network addresses as the network address of the origin when requesting content from the origin; in a content server of the content delivery network, receiving requests for content potentially cached by the content server; in response to the requests, transmitting origin requests to the origin using the first network address from the plurality of network addresses to obtain the requested content from the origin; in response to an attack on the first network address, selecting a second network address from the plurality of network addresses based on a predetermined order; and transmitting subsequent origin requests to the origin using the second network address to obtain the requested content from the origin. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A computing apparatus comprising:
-
one or more computer readable storage media; a processing system operatively coupled to the one or more computer readable storage media; and program instructions stored on the one or more computer readable storage media for implementing a content server in a content delivery network, wherein the content server, when read and executed by the processing system, direct the computing apparatus to at least; receive requests for content potentially cached by the content delivery network; in response to the requests, transmit origin requests to an origin to obtain the requested content from the origin, the origin requests sent to a first network address from a plurality of network addresses allocated to the content delivery network and assigned to the origin to establish a privatized link between the content delivery network and the origin; and in response to an attack on the network address, transmit subsequent origin requests to the origin using a second network address from the plurality of network addresses to obtain the requested content from the origin, the second network address selected from the plurality of network addresses based on a predetermined order. - View Dependent Claims (12, 13, 14, 15, 16, 17)
-
-
18. A method of operating an origin server, the method comprising:
-
receiving a plurality of network addresses from a content delivery network; selecting a first network address from the plurality of network addresses as a private network address for the origin server to establish a privatized link between the content delivery network and the origin server; receiving requests for content from a content server in the content delivery network, wherein the requests are sent to the first network address; in response to the requests, transmitting the requested content to the content server using the first network address; in response to an attack on the first network address, switching the private network address to a second network address from the plurality of network addresses according to a predetermined order; and replying to subsequent requests with the requested content using the second network address. - View Dependent Claims (19, 20, 21)
-
Specification