Distributed VPN Service
First Claim
Patent Images
1. A system comprising:
- a plurality of host machines for providing computing and network resource, wherein the host machines are computing devices interconnected by an internal network;
a set of edge nodes for providing access of said plurality of host machines from devices external to said internal network,wherein at least one of said set of edge nodes is responsible for negotiating a key for encrypting a set of outgoing packets from a particular host machine in the plurality of host machines to an external device outside of said internal network,wherein the negotiated encryption key is provided to said particular host machine in order for said particular host machine to encrypts said set of outgoing packets.
1 Assignment
0 Petitions
Accused Products
Abstract
For a network that includes host machines for providing computing and networking resources and a VPN gateway for providing external access to those resources, a novel method that distributes encryption keys to the hosts to encrypt/decrypt the complete payload originating/terminating at those hosts is described. These encryption keys are created or obtained by the VPN gateway based on network security negotiations with the external networks/devices. These negotiated keys are then distributed to the hosts via control plane of the network. In some embodiments, this creates a complete distributed mesh framework for processing crypto payloads.
-
Citations
21 Claims
-
1. A system comprising:
-
a plurality of host machines for providing computing and network resource, wherein the host machines are computing devices interconnected by an internal network; a set of edge nodes for providing access of said plurality of host machines from devices external to said internal network, wherein at least one of said set of edge nodes is responsible for negotiating a key for encrypting a set of outgoing packets from a particular host machine in the plurality of host machines to an external device outside of said internal network, wherein the negotiated encryption key is provided to said particular host machine in order for said particular host machine to encrypts said set of outgoing packets. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A computing device serving as one of a plurality of host machines in a datacenter, the computing device comprising:
-
a set of processing units; and a machine readable medium storing a program for execution by at least one of the processing units, the program sets of instructions for; receiving an encryption key from an edge node of a datacenter, wherein the edge node negotiated the key for encrypting a set of outgoing packets from the computing device to an external device outside of the datacenter; and using the received key to encrypt the set of outgoing packets. - View Dependent Claims (12, 13, 14, 15, 16, 17)
-
-
18. A method comprising:
-
negotiating, at an edge node of a datacenter that comprises a plurality of host machines, a key for encrypting a set of outgoing packets from a particular host machine to an external device outside of the datacenter; and providing the negotiated key to the particular host machine for encrypting the set of outgoing packets. - View Dependent Claims (19, 20, 21)
-
Specification