US 12,218,822 B2
Hierarchical-context area network as a virtual private network infrastructure system
Karolis Kaciulis, Kaisiadorys (LT); Nikodemas Zaliauskas, Vilnius (LT); and Donatas Budvytis, Vilnius (LT)
Assigned to Netflow, UAB, Vilnius (LT)
Filed by Netflow, UAB, Vilnius (LT)
Filed on Mar. 28, 2023, as Appl. No. 18/191,340.
Prior Publication US 2024/0333628 A1, Oct. 3, 2024
Int. Cl. H04L 45/02 (2022.01); H04L 12/46 (2006.01); H04L 45/24 (2022.01)
CPC H04L 45/04 (2013.01) [H04L 12/4641 (2013.01); H04L 45/24 (2013.01)] 20 Claims
OG exemplary drawing
 
1. A method comprising:
operating a hierarchical-context area network as a virtual private network infrastructure (VPNI) network, wherein:
the hierarchical-context area network includes:
a first VPNI context area network (CAN), wherein the first VPNI CAN is a level-one context area network;
a second VPNI CAN, wherein the second VPNI CAN is a level-two context area network; and
a third VPNI CAN, wherein the third VPNI CAN is a level-one context area network, wherein the third VPNI CAN is allocated a shared IP address; and
operating the hierarchical-context area network includes:
receiving, by a first VPN server in the first VPNI CAN, from an end user device, via a VPN tunnel between the first VPN server and the end user device, a first protocol data unit addressed to an external device;
identifying, by the first VPN server, a second VPN server in the third VPNI CAN as a current point of egress for transmitting the first protocol data unit to the external device, wherein the second VPN server is associated with the shared IP address;
obtaining, by the second VPN server as the current point of egress, the first protocol data unit, from the first VPN server, via the second VPNI CAN;
identifying, by the second VPN server, available data transport pathways for transporting the first protocol data unit through the hierarchical-context area network, wherein the available data transport pathways include:
a first available data transport pathway that includes the second VPN server as the current point of egress for transporting the first protocol data unit through the hierarchical-context area network; and
a second available data transport pathway that includes the third VPN server as the current point of egress for transporting the first protocol data unit through the hierarchical-context area network;
pseudo-randomly identifying, by the second VPN server, an available data transport pathway from the available data transport pathways as a current data transport pathway; and
in response to a determination that the current data transport pathway is the first available data transport pathway, sending, by the second VPN server, to the external device, via the Internet, the first protocol data unit; or
in response to a determination that the current available data transport pathway is the second available data transport pathway:
sending, by the second VPN server, to the third VPN server, via the third VPNI CAN, the first protocol data unit; and
sending, by the third VPN server, to the external device, via the Internet, the first protocol data unit.