DISTRIBUTED TUNNELING FOR VPN
First Claim
1. A method comprising:
- receiving, at a computing device, a packet for a virtual private network (VPN) connection, said packet comprises an encrypted portion and an unencrypted portion;
identifying a destination address from the unencrypted portion of the packet;
identifying an overlay logical network based on the identified destination address;
encapsulating the packet for the overlay logical network, said encapsulated packet comprising said encrypted portion and said unencrypted portion; and
forwarding the encapsulated packet.
1 Assignment
0 Petitions
Accused Products
Abstract
A novel method of providing virtual private access to a software defined data center (SDDC) is provided. The SDDC uses distributed VPN tunneling to allow external access to application services hosted in the SDDC. The SDDC includes host machines for providing computing and networking resources and a VPN gateway for providing external access to those resources. The host machines that host the VMs running the applications that VPN clients are interested in connecting performs the VPN encryption and decryption. The VPN gateway does not perform any encryption and decryption operations. The packet structure is such that the VPN gateway can read the IP address of the VM without decrypting the packet.
-
Citations
20 Claims
-
1. A method comprising:
-
receiving, at a computing device, a packet for a virtual private network (VPN) connection, said packet comprises an encrypted portion and an unencrypted portion; identifying a destination address from the unencrypted portion of the packet; identifying an overlay logical network based on the identified destination address; encapsulating the packet for the overlay logical network, said encapsulated packet comprising said encrypted portion and said unencrypted portion; and forwarding the encapsulated packet. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A method comprising:
-
receiving, at a computing device, a packet encapsulated according to an overlay logical network, wherein an encapsulated payload of the packet comprises an encrypted portion and an unencrypted portion; identifying a destination address from said unencrypted portion of the encapsulated payload; attaching an outer header for a virtual private network (VPN) connection to the packet, the outer header identifying a VPN client based on the identified destination address; and forwarding the packet with the attached outer header to the VPN client. - View Dependent Claims (10, 11, 12, 13)
-
-
14. A method comprising:
-
receiving, at a host machine of a data center, a packet from a virtual machine hosted by the host machine; identifying a destination address from the packet; identifying a virtual private network (VPN) connection based on the identified destination address; encrypting the packet for the VPN connection, the encrypted packet comprising a encrypted portion and an unencrypted portion, wherein the unencrypted portion comprises the identified destination address; and encapsulating the packet according to an overlay logical network for tunneling the packet to an edge node of a data center that comprises the host machine. - View Dependent Claims (15, 16, 17, 18, 19, 20)
-
Specification