News Column

Researchers Submit Patent Application, "Cloud Service Packet Redirection Method and System and Cloud Gateway", for Approval

June 2, 2014



By a News Reporter-Staff News Editor at Internet Weekly News -- From Washington, D.C., VerticalNews journalists report that a patent application by the inventors Yao, Ziyang (Nanjing, CN); Zhang, Wei (Nanjing, CN), filed on October 4, 2013, was made available online on May 22, 2014.

No assignee for this patent application has been made.

News editors obtained the following quote from the background information supplied by the inventors: "With development of cloud computing technologies, more and more cloud service providers provide various cloud services for enterprises. For example, a cloud storage service provider provides a cheap and safe storage space for an enterprise, and a small and medium-sized enterprise may store data as required by virtue of cloud storage, so that expensive lump-sum storage hardware investment is avoided; and a cloud computing service provider provides an extensible computing resource for an enterprise, and the enterprise may increase a required computing resource according to its own business growth requirement, and so on.

"When an enterprise uses a resource and a service provided by a cloud service provider, a biggest concern is that the enterprise lacks control over a cloud-side resource. To speed up using of a cloud service by an enterprise, the cloud service provider deploys a cloud gateway inside the enterprise. On the cloud gateway, the enterprise can monitor cloud service traffic and perform actions such as user access authentication, cloud resource access right management, active directory (Active Directory, AD) policy synchronization, and data encryption to ensure security for the enterprise to use the cloud service.

"To implement various functions of an enterprise cloud gateway, an enterprise egress router needs to redirect cloud service traffic to the cloud gateway. In an existing cloud service packet redirection solution, the cloud gateway analyzes a Web (network) packet, distinguishes a cloud service from an ordinary webpage Web service according to domain name information of the Web packet, forwards a packet of an ordinary Web service directly, and performs further processing on a cloud service packet. Only a part of Web packets are cloud service packets, and if all Web packets are redirected to the cloud gateway simply, the cloud gateway needs to parse all the Web packets, thereby increasing a processing overhead of the cloud gateway."

As a supplement to the background information on this patent application, VerticalNews correspondents also obtained the inventors' summary information for this patent application: "Embodiments of the present invention provide a cloud service packet redirection method and system, and a cloud gateway, so that the cloud gateway does not need to parse a large number of Web packets, thereby reducing a processing overhead of the cloud gateway.

"In a first aspect, a cloud service packet redirection method is provided, where the method includes:

"receiving, by a cloud gateway, a domain name system DNS packet that is forwarded by a router in a redirection manner; if the cloud gateway determines that the DNS packet is a cloud service-related DNS packet, maintaining, by the cloud gateway, a record in a cloud IP table of the cloud gateway according to the cloud service-related DNS packet, where one record in the cloud IP table corresponds to one or more policy routes of the router; and sending, by the cloud gateway, policy route configuration information to the router according to information of the record maintained in the cloud IP table to instruct the router to maintain a policy route, where the policy route instructs the router to redirect, to the cloud gateway, a cloud service packet that is indicated by the cloud service-related DNS packet.

"In a first possible implementation manner of the first aspect, the maintaining, by the cloud gateway, a record in a cloud IP table of the cloud gateway according to the cloud service-related DNS packet is specifically implemented as follows: obtaining, by the cloud gateway, domain name information, IP address information, and DNS entry survival time information of the cloud service-related DNS packet; querying, by the cloud gateway, the record in the cloud IP table of the cloud gateway according to the domain name information and the IP address information of the cloud service-related DNS packet, where the record in the cloud IP table includes domain name information, IP address information, DNS entry survival time information, and ACL entry identifier information, and the ACL entry identifier information is used to identify a policy route of the router that corresponds to the record in the cloud IP table; if no record that corresponds to the domain name information and the IP address information of the cloud service-related DNS packet exists in the cloud IP table, adding, by the cloud gateway, a first record in the cloud IP table, where the first record includes the domain name information, the IP address information, and the DNS entry survival time information of the cloud service-related DNS packet; or if a record that corresponds to the domain name information and the IP address information of the cloud service-related DNS packet exists in the cloud IP table, updating, by the cloud gateway, DNS entry survival time information of the existing record according to the DNS entry survival time information of the cloud service-related DNS packet.

"With reference to the first possible implementation manner of the first aspect, in a second possible implementation manner, the sending, by the cloud gateway, policy route configuration information to the router according to information of the record maintained in the cloud IP table to instruct the router to maintain a policy route is specifically implemented as follows: if the cloud gateway adds the first record in the cloud IP table, sending, by the cloud gateway, first policy route configuration information to the router to instruct the router to add a policy route that corresponds to the first record, where the first policy route configuration information includes action information indicating addition of the policy route, and IP address information and ACL entry identifier information of the first record.

"With reference to the first aspect or the first or second possible implementation manner of the first aspect, in a third possible implementation manner, the method further includes: aging, by the cloud gateway, DNS entry survival time of all records in the cloud IP table with time; and deleting, by the cloud gateway, a second record whose DNS entry survival time is 0 in the cloud IP table.

"With reference to the third possible implementation manner of the first aspect, in a fourth possible implementation manner, the sending, by the cloud gateway, policy route configuration information to the router according to information of the record maintained in the cloud IP table to instruct the router to maintain a policy route is specifically implemented as follows: if the cloud gateway deletes the second record, sending, by the cloud gateway, second policy route configuration information to the router to instruct the router to delete a policy route that corresponds to the second record, where the second policy route configuration information includes action information indicating deletion of the policy route, and IP address information and ACL entry identifier information of the second record.

"In a second aspect, a cloud gateway is provided, where the cloud gateway includes: a receiving unit, adapted to receive a domain name system DNS packet that is forwarded by a router in a redirection manner; a determining unit, adapted to determine whether the DNS packet received by the receiving unit is a cloud service-related DNS packet; a maintaining unit, adapted to: if the determining unit determines that the DNS packet is a cloud service-related DNS packet, maintain a record in a cloud IP table of the cloud gateway according to the cloud service-related DNS packet, where one record in the cloud IP table corresponds to one or more policy routes of the router; and a sending unit, adapted to send policy route configuration information to the router according to information of the record maintained in the cloud IP table to instruct the router to maintain a policy route, where the policy route instructs the router to redirect, to the cloud gateway, a cloud service packet that is indicated by the cloud service-related DNS packet.

"In a first possible implementation manner of the second aspect, the maintaining unit is specifically adapted to: obtain domain name information, IP address information, and DNS entry survival time information of the cloud service-related DNS packet; query the record in the cloud IP table of the cloud gateway according to the domain name information and the IP address information of the cloud service-related DNS packet, where the record in the cloud IP table includes domain name information, IP address information, DNS entry survival time information, and ACL entry identifier information, and the ACL entry identifier information is used to identify a policy route of the router that corresponds to the record in the cloud IP table; if no record that corresponds to the domain name information and the IP address information of the cloud service-related DNS packet exists in the cloud IP table, add a first record in the cloud IP table, where the first record includes the domain name information, the IP address information, and the DNS entry survival time information of the cloud service-related DNS packet; or if a record that corresponds to the domain name information and the IP address information of the cloud service-related DNS packet exists in the cloud IP table, update DNS entry survival time information of the existing record according to the DNS entry survival time information of the cloud service-related DNS packet.

"With reference to the second aspect or the first possible implementation manner of the second aspect, in a second possible implementation manner, specifically, the maintaining unit is further adapted to age DNS entry survival time of all records in the cloud IP table with time, and delete a second record whose DNS entry survival time is 0 in the cloud IP table.

"With reference to the second possible implementation manner of the second aspect, in a third possible implementation manner, the sending unit is specifically adapted to: if the maintaining unit adds the first record in the cloud IP table, send first policy route configuration information to the router to instruct the router to add a policy route that corresponds to the first record, where the first policy route configuration information includes action information indicating addition of the policy route, and IP address information and ACL entry identifier information of the first record; and if the maintaining unit deletes the second record, send second policy route configuration information to the router to instruct the router to delete a policy route that corresponds to the second record, where the second policy route configuration information includes action information indicating deletion of the policy route, and IP address information and ACL entry identifier information of the second record.

"In a third aspect, a system is provided, where the system includes a router and the cloud gateway provided in the second aspect or in any possible implementation manner of the second aspect, where the router is adapted to forward a domain name system DNS packet to the cloud gateway in a redirection manner; and configure a policy route and redirect a cloud service packet to the cloud gateway according to the policy route.

"In the embodiments of the present invention, a cloud service-related DNS packet is determined among DNS packets forwarded by a router, a cloud IP table of a cloud gateway is maintained according to the cloud service-related DNS packet, and a policy route of the router is determined according to maintenance information in the cloud IP table, so that the cloud gateway does not need to parse a large number of Web packets, thereby reducing a processing overhead of the cloud gateway.

BRIEF DESCRIPTION OF DRAWINGS

"To describe the technical solutions in the embodiments of the present invention more clearly, the following briefly introduces the accompanying drawings required for describing the embodiments. Apparently, the accompanying drawings in the following description show merely some embodiments of the present invention, and persons of ordinary skill in the art may still derive other drawings from these accompanying drawings without creative efforts.

"FIG. 1 is a schematic diagram of an application scenario according to an embodiment of the present invention;

"FIG. 2 is a flowchart of a cloud service packet redirection method according to an embodiment of the present invention;

"FIG. 3 is a flowchart of another cloud service packet redirection method according to an embodiment of the present invention;

"FIG. 4 is a flowchart of another cloud service packet redirection method according to an embodiment of the present invention;

"FIG. 5 is a schematic block diagram of a cloud gateway according to an embodiment of the present invention;

"FIG. 6 is a schematic structural diagram of a cloud gateway according to an embodiment of the present invention; and

"FIG. 7 is a schematic block diagram of a system according to an embodiment of the present invention."

For additional information on this patent application, see: Yao, Ziyang; Zhang, Wei. Cloud Service Packet Redirection Method and System and Cloud Gateway. Filed October 4, 2013 and posted May 22, 2014. Patent URL: http://appft.uspto.gov/netacgi/nph-Parser?Sect1=PTO2&Sect2=HITOFF&u=%2Fnetahtml%2FPTO%2Fsearch-adv.html&r=629&p=13&f=G&l=50&d=PG01&S1=20140515.PD.&OS=PD/20140515&RS=PD/20140515

Keywords for this news article include: Patents, Internet.

Our reports deliver fact-based news of research and discoveries from around the world. Copyright 2014, NewsRx LLC


For more stories covering the world of technology, please see HispanicBusiness' Tech Channel



Source: Internet Weekly News


Story Tools






HispanicBusiness.com Facebook Linkedin Twitter RSS Feed Email Alerts & Newsletters