Network traffic data scrubbing with services offered via anycasted addresses
First Claim
1. A method of data scrubbing network traffic, the method comprising:
- assigning a first anycast Internet Protocol (“
IP”
) address to each of a plurality of servers;
assigning a second anycast IP address to each of one or more data scrubbing appliances in an at least one data scrubbing appliance network;
establishing, in a routing table at one or more network elements, a first route directing traffic that is addressed to the first anycast IP address to at the least one data scrubbing appliance network;
receiving, at the one or more data scrubbing appliances of the at least one data scrubbing appliance network, network traffic addressed to the first anycast IP address;
filtering, with the one or more data scrubbing appliances, the network traffic to block undesirable network traffic;
transmitting, with the one or more data scrubbing appliances, filtered network traffic from the one or more data scrubbing appliances to at least one data scrubbing router;
establishing one or more tunnels, via the at least one data scrubbing router, to at least one server router;
transmitting, via the one or more tunnels, the filtered network traffic to the at least one server router;
identifying, at the at least one server router, a respective unicast address for each of one or more servers of the plurality of servers assigned to the first anycast IP address;
load balancing the filtered network traffic between the one or more servers, via the at least one server router, wherein the filtered network traffic is routed directly to one or more of the respective unicast addresses of the one or more servers.
1 Assignment
0 Petitions
Accused Products
Abstract
Novel tools and techniques for filtering network traffic in an anycasting environment includes receiving network traffic addressed to a plurality of anycasted servers at an edge router, the plurality of anycasted servers comprising one or more anycasted servers. The network traffic is received from the edge server at least one data scrubbing appliance. The at least one data scrubbing appliance filters out undesirable traffic from the network traffic. The at least one data scrubbing appliance “on-ramps” the filtered network traffic to the plurality of anycasted servers. The filtered network traffic is transmitted to the plurality of anycasted servers in a load balanced manner.
-
Citations
20 Claims
-
1. A method of data scrubbing network traffic, the method comprising:
-
assigning a first anycast Internet Protocol (“
IP”
) address to each of a plurality of servers;assigning a second anycast IP address to each of one or more data scrubbing appliances in an at least one data scrubbing appliance network; establishing, in a routing table at one or more network elements, a first route directing traffic that is addressed to the first anycast IP address to at the least one data scrubbing appliance network; receiving, at the one or more data scrubbing appliances of the at least one data scrubbing appliance network, network traffic addressed to the first anycast IP address; filtering, with the one or more data scrubbing appliances, the network traffic to block undesirable network traffic; transmitting, with the one or more data scrubbing appliances, filtered network traffic from the one or more data scrubbing appliances to at least one data scrubbing router; establishing one or more tunnels, via the at least one data scrubbing router, to at least one server router; transmitting, via the one or more tunnels, the filtered network traffic to the at least one server router; identifying, at the at least one server router, a respective unicast address for each of one or more servers of the plurality of servers assigned to the first anycast IP address; load balancing the filtered network traffic between the one or more servers, via the at least one server router, wherein the filtered network traffic is routed directly to one or more of the respective unicast addresses of the one or more servers. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
-
-
18. A system for data scrubbing network traffic, the system comprising:
-
a plurality of servers, each comprising one or more processors, each of the plurality of servers having assigned thereto a first anycast Internet Protocol (“
IP”
) address;a plurality of data scrubbing appliances in communication with the plurality of servers, wherein the plurality of data scrubbing appliances has assigned thereto a second anycast IP address; one or more network elements having stored thereon a routing table, the routing table comprising a first route directing network traffic that is addressed to the first anycast IP address to one or more of the plurality of data scrubbing appliances; a first router in communication with one or more data scrubbing appliances of the plurality of data scrubbing appliances; a second router in communication with one or more servers of the plurality of servers and further in communication with the first router; wherein the plurality of data scrubbing appliances are configured to;
receive network traffic addressed to the first anycast IP address;filter the network traffic to block undesirable network traffic; transmit the filtered network traffic to the first router; wherein the first router is programmed to;
receive filtered network traffic from the one or more data scrubbing appliances;establish one or more tunnels to the second router; transmit, via the one or more tunnels, the filtered network traffic to the second router; wherein the second router is programmed to; identify a respective unicast address for each of the one or more servers assigned to the first anycast IP address; and load balancing the filtered network traffic to the plurality of servers, wherein the filtered network traffic is directly routed to one or more unicast addresses respectively corresponding to one or more servers of the plurality of servers. - View Dependent Claims (19, 20)
-
Specification