Application services based on dynamic split tunneling
First Claim
Patent Images
1. Logic encoded in a tangible, non-transitory computer readable medium for execution by a hardware processor, and when executed operable to:
- obtain data representative of a first fully qualified domain name (FQDN) corresponding to a first service and associated with a first network;
receive virtual private network (VPN) configuration data from a security device associated with the first network and a second network;
dynamically create a first tunnel solely for routing traffic directed to the first FQDN;
route traffic directed to the first FQDN onto the first tunnel that is dynamically created using the VPN configuration data; and
route traffic not directed to the first FQDN elsewhere.
1 Assignment
0 Petitions
Accused Products
Abstract
In an example embodiment, a method of dynamically tunneling specific, or per application, services on demand without having to build complex split tunneling policies on Virtual Private Network (VPN) terminators. In particular embodiments, the method can allow for tunneling to multiple data centers on devices with limited, e.g., single, concentrator capabilities.
12 Citations
21 Claims
-
1. Logic encoded in a tangible, non-transitory computer readable medium for execution by a hardware processor, and when executed operable to:
-
obtain data representative of a first fully qualified domain name (FQDN) corresponding to a first service and associated with a first network; receive virtual private network (VPN) configuration data from a security device associated with the first network and a second network; dynamically create a first tunnel solely for routing traffic directed to the first FQDN; route traffic directed to the first FQDN onto the first tunnel that is dynamically created using the VPN configuration data; and route traffic not directed to the first FQDN elsewhere. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A computer implemented method, comprising:
-
receiving virtual private network (VPN) configuration data from a security device associated with a first network and a second network; dynamically creating a plurality of tunnels for routing Domain Name System (DNS) requests; selectively routing DNS requests for sub-domains associated with the first network through a first tunnel associated with the first network; selectively routing DNS requests for sub-domains associated with the second network through a second tunnel associated with the second network; associating service Internet Protocol (IP) addresses for sub-domains associated with the first and second networks to dummy service IP addresses; replacing the service IP addresses in DNS responses for sub-domains associated with the first and second networks with the dummy service IP addresses; and forwarding the DNS responses with the dummy service IP addresses. - View Dependent Claims (12, 13)
-
-
14. A network device comprising:
-
a hardware processor; and logic operable to; obtain data representative of a first fully qualified domain name (FQDN) corresponding to a first service and associated with a first network; receive virtual private network (VPN) configuration data from a security device associated with the first network and a second network; dynamically create a first tunnel solely for routing traffic directed to the first FQDN; route traffic directed to the first FQDN onto the first tunnel that is dynamically created using the VPN configuration data; and route traffic not directed to the first FQDN elsewhere. - View Dependent Claims (15, 16, 17, 18, 19, 20, 21)
-
Specification