US 12,088,557 B1
Systems and methods for firewall deployment in a transit virtual private cloud network deployed in a cloud computing environment
Xiaobo Sherry Wei, Palo Alto, CA (US); and Shanshan Xu, Fremont, CA (US)
Assigned to Aviatrix Systems, Inc., Santa Clara, CA (US)
Filed by AVIATRIX SYSTEMS, INC., Santa Clara, CA (US)
Filed on Mar. 29, 2021, as Appl. No. 17/216,628.
Claims priority of provisional application 63/069,653, filed on Aug. 24, 2020.
Int. Cl. H04L 12/66 (2006.01); G06F 9/48 (2006.01); G06F 15/16 (2006.01); G06F 21/57 (2013.01); H04L 9/40 (2022.01); H04L 12/26 (2006.01); H04L 12/28 (2006.01); H04L 12/46 (2006.01); H04L 15/16 (2006.01); H04L 67/10 (2022.01)
CPC H04L 63/0272 (2013.01) [H04L 12/4641 (2013.01); H04L 12/66 (2013.01); H04L 63/0218 (2013.01); H04L 63/0236 (2013.01); H04L 63/029 (2013.01); H04L 67/10 (2013.01)] 13 Claims
OG exemplary drawing
 
1. A distributed cloud computing system comprising:
a computer processing unit (CPU) coupled to a memory implementing a controller configured to deploy a first gateway in a first virtual private cloud network (VPC) and a second gateway in a second VPC, wherein the second gateway is configured to connect to one or more firewall instances including at least a first firewall instance deployed within the second VPC, and wherein the first VPC and the second VPC are both located within a cloud computing network; and
a transit gateway communicatively coupled to the first gateway and the second gateway using a native VPC attachment, wherein network traffic is routed through the transit gateway between the first gateway and the second gateway, and wherein the second gateway, being logic, stored on non-transitory, computer-medium, that performs operations including:
receiving the network traffic by the second gateway from the first gateway,
providing the network traffic to the first firewall instance for inspection, and
routing the network traffic, after inspection of the network traffic, to a destination VPC deployed within the cloud computing network,
wherein the transit gateway comprises a plurality of gateways that are connected to a plurality of gateways of an on-premise location via a plurality of network tunnels,
wherein the second gateway comprises a plurality of interfaces including a first interface communicatively coupled to the transit gateway and a second interface communicatively coupled to at least the first firewall instance,
wherein the second gateway further comprises a third interface configured for operation as a high-availability (HA) gateway instance and a fourth interface configured for operation as a management interface or a public interface, and
wherein the first VPC includes the first gateway and a third gateway that are software instances deployed in an active-active configuration and communicatively coupled together over respective HA gateway instance interfaces and the second VPC includes the second gateway and a fourth gateway that are software instances deployed in an active-active configuration and communicatively coupled together over respective HA gateway instance interfaces.