公开(公告)号：US20220368675A1

公开(公告)日：2022-11-17

申请号：US17319601

申请日：2021-05-13

Applicant: MICROSOFT TECHNOLOGY LICENSING, LLC

Inventor： Deepak NARULA ,  Shivakumar THANGAPANDI ,  Vikrant ARORA ,  Abhishek GUPTA ,  Amol WATE ,  Simran Rajkumar NAGRANI ,  Nilambari Narayan DESHPANDE ,  Ning WEI

IPC: H04L29/06 ,  H04L29/12 ,  H04L12/26

Abstract: The techniques described herein enable the establishment of two simultaneous virtual private network (VPN) connections for a VPN client operating on a remote computing device. The VPN client can establish first VPN connection with a first VPN server instance of a VPN gateway and a second VPN connection with a second VPN server instance of the VPN gateway. To establish two simultaneous VPN connections, the VPN client is configured to create and/or use two Transmission Control Protocol (TCP) sockets. In one example, a first VPN connection can be a primary VPN connection and a second VPN connection can be a dormant VPN connection configured as a backup in case of a service interruption with the first VPN connection. In another example, a data flow can be split across the first and second VPN connections, or alternate between using the first and second VPN connections, based on performance parameters.

公开(公告)号：US20230076070A1

公开(公告)日：2023-03-09

申请号：US17946956

申请日：2022-09-16

Applicant: MICROSOFT TECHNOLOGY LICENSING, LLC

Inventor： Abhishek GUPTA ,  Shivakumar THANGAPANDI ,  Vikrant ARORA

IPC: H04L9/40

Abstract: The techniques described herein increase the throughput of a single VPN connection by creating multiple outbound and/or inbound Security Associations (SAs). For instance, two or more different SAs can encrypt outbound data packets to be sent over the VPN connection to a remote device. Moreover, two or more different SAs can decrypt inbound data packets received over the VPN connection from the remote device. Each of the SAs can be bound to a different processing core via the use of a Security Parameter Index (SPI) identifier. Consequently, inbound data packets communicated over a single VPN connection from a remote device to a physical host in a VPN gateway can be distributed amongst multiple processing cores for decryption purposes. Further, outbound data packets to be communicated over the single VPN connection from the physical host to the remote device can be distributed amongst multiple processing cores for encryption purposes.

公开(公告)号：US20240406074A1

公开(公告)日：2024-12-05

申请号：US18212286

申请日：2023-06-21

Applicant: MICROSOFT TECHNOLOGY LICENSING, LLC

Inventor： Charumati Lakshmi Kavya BASUTI ,  Bhuvaneshwari Kumar IYER ,  Soumitra BANERJEE ,  Kiran GADWALA ,  Calum Sutherland LOUDON ,  Peter Louis WHITE ,  Harish Kumar CHANDRAPPA ,  Vikrant ARORA

IPC: H04L47/70 ,  H04L67/51

Abstract: A process performed by a control plane of a communications network. The control plane receives a request, the request comprising a network service design template specifying a communications network service to be deployed at a specified set of physical resources using a plurality of network functions and cloud functionality. Prior to deployment of the communications network service, the control plane interprets the network service design template and determines resources of the communications network that would be used for deploying the communications network service per the received request. The control plane returns details of these resources.

公开(公告)号：US20220368631A1

公开(公告)日：2022-11-17

申请号：US17319643

申请日：2021-05-13

Applicant: MICROSOFT TECHNOLOGY LICENSING, LLC

Inventor： Deepak NARULA ,  Shivakumar THANGAPANDI ,  Vikrant ARORA ,  Abhishek GUPTA ,  Amit Kumar NANDA ,  Akshat KALE

IPC: H04L12/741 ,  H04L12/46 ,  H04L29/12 ,  H04L12/707

Abstract: The techniques described herein enable the establishment of two simultaneous virtual private network (VPN) connections between a VPN gateway and a VPN client. The system is configured to update a routing table advertised to network resources when a VPN server instance fails and/or is taken offline. When a first VPN server instance fails and/or is taken offline, the first VPN server instance releases a claim of ownership on its range of IP addresses. After this release occurs, the second VPN server instance is configured to claim ownership of the range of IP addresses that used to be owned by the first VPN server instance. This updated claim of ownership is captured in an updated routing table that can then be advertised to the network resources. Consequently, the network resources use this updated routing table to correctly determine which VPN server instance to send data intended for the VPN client.

公开(公告)号：US20220385637A1

公开(公告)日：2022-12-01

申请号：US17518382

申请日：2021-11-03

Applicant: MICROSOFT TECHNOLOGY LICENSING, LLC

Inventor： Shivakumar THANGAPANDI ,  Abhishek GUPTA ,  Vikrant ARORA ,  Arun VENKATACHALAM

IPC: H04L29/06

Abstract: The techniques described herein enable a virtual private network (VPN) gateway to select a VPN connection, from multiple VPN connections established between a network VPN gateway and a remote VPN gateway, based on performance factors such as throughput. A system may measure throughput in megabytes per second (Mbps). More specifically, a VPN gateway (e.g., a remote VPN gateway or a network VPN gateway) can configure a routing preference that selects a VPN connection that is more performant based on a cryptographic algorithm that is used for the VPN connection. The VPN gateway can update the routing preference to select an alternative VPN connection when the performance of the VPN connection suffers.

公开(公告)号：US20190068505A1

公开(公告)日：2019-02-28

申请号：US15851120

申请日：2017-12-21

Applicant: Microsoft Technology Licensing, LLC

Inventor： Vikrant ARORA ,  Dinesh Kumar GOVINDASAMY ,  Madhan Raj MOOKKANDY ,  Sandeep BANSAL ,  Nicholas D. WOOD ,  George KUDRAYVTSEV

IPC: H04L12/803 ,  H04L12/721 ,  H04L12/841 ,  H04L29/12

Abstract: Methods and devices for load balancing of connections may include receiving, at a management component on a container host on a computer device, at least one data packet based on a destination IP address of the data packet that corresponds to a plurality of container hosts. The methods and devices may include selecting a destination container from at least one container host on the computer device and other computer devices in communication with the computer device over a virtual network to balance a data load and translating the source IP address of the at least one data packet to a local IP address of the container host. The methods and devices may include changing the destination IP address of the at least one data packet to a virtual IP address of the selected destination container so that the at least one data packet is transformed to a proxy data packet.

公开(公告)号：US20230336465A1

公开(公告)日：2023-10-19

申请号：US17720133

申请日：2022-04-13

Applicant: Microsoft Technology Licensing, LLC

Inventor： Guy LEWIN ,  Vikrant ARORA ,  Ofir YAKOVIAN

IPC: H04L45/00 ,  H04L45/745 ,  H04L12/46

CPC classification number: H04L45/38 ,  H04L45/745 ,  H04L45/566 ,  H04L12/4633

Abstract: Policy-based routing of internet protocol (IP) packets using flow context. A system intercepts an event associated with creation of a network connection by an operating system (OS). The system identifies a flow context, including a flow tuple, associated with the network connection. Based on the flow context, and based on a flow-based routing policy, the system determines a provider associated with the network connection. The system records, in a state database, an association between the flow tuple and the provider, and instructs the OS to initiate the network connection. After the creation of the network connection, the system intercepts an IP packet associated with the network connection. Based on a header of the IP packet, the system identifies the flow tuple and, based on a result of querying the state database for the flow tuple, and initiates a provider-based action for the IP packet.

公开(公告)号：US20200036578A1

公开(公告)日：2020-01-30

申请号：US16235025

申请日：2018-12-28

Applicant: Microsoft Technology Licensing, LLC

Inventor： Nalin Raj GUPTA ,  Mohit GARG ,  Ashok Kumar NANDOORI ,  Ning WEI ,  Abhishek AGARWAL ,  Vikrant ARORA

IPC: H04L12/24 ,  H04L12/26 ,  H04L12/66 ,  H04L12/803 ,  H04L12/863 ,  H04L12/947

Abstract: Techniques are disclosed for managing gateway switchovers. An indication is received that a primary gateway will be switched to a backup gateway. In response to the indication, a response is made to a periodic health probe that a gateway switchover has been initiated. Incoming data traffic is forwarded from the primary gateway to the backup gateway. Subsequent to an elapsed time delay, a response is made to the periodic health probe that the primary gateway will no longer accept incoming data traffic. The time delay may be based at least in part on one or more of a time interval of the periodic poll and a time to effect the gateway switchover. The forwarding of the incoming data traffic from the primary gateway to the backup gateway is terminated.