| CPC H04L 63/0407 (2013.01) [H04L 43/0847 (2013.01); H04L 43/0864 (2013.01); H04L 47/10 (2013.01); H04L 47/20 (2013.01); H04L 63/0281 (2013.01); H04L 63/20 (2013.01)] | 20 Claims |
|
1. A method comprising:
establishing a subflow through a network between a first proxy node and a second proxy node, the subflow associated with a policy that is distinguishable from another policy associated with another subflow through the network;
receiving, at the first proxy node, a packet to be sent through the network, the packet including:
an encrypted portion including first data indicating that the packet is to be sent to an application; and
an unencrypted portion including at least a destination internet protocol (IP) address field, the destination IP address field including a first IP address corresponding with a frontend node that is configured to forward traffic to the application and to other applications;
associating, with the subflow, a second IP address corresponding with the second proxy node, the second IP address being distinguishable from another IP address that (i) corresponds with the second proxy node and that (ii) is associated with the other subflow;
altering the destination IP address field of the unencrypted portion of the packet to include the second IP address instead of the first IP address;
determining, by the first proxy node and based at least in part on the encrypted portion, that the packet is to be sent to the application; and
based at least in part on determining that the packet is to be sent to the application, sending the packet through the network via the subflow such that the packet is handled according to the policy.
|