US 12,113,773 B2
Dynamic path selection of VPN endpoint
Deepika Solanki, Pune (IN); Awan Kumar Sharma, Pune (IN); Yong Wang, Sunnyvale, CA (US); Sourabh Bhattacharya, Pune (IN); and Sarthak Ray, Pune (IN)
Assigned to VMware LLC, Palo Alto, CA (US)
Filed by VMware LLC, Palo Alto, CA (US)
Filed on Jan. 6, 2022, as Appl. No. 17/570,364.
Claims priority of application No. 202141025317 (IN), filed on Jun. 7, 2021; and application No. 202141025327 (IN), filed on Jun. 7, 2021.
Prior Publication US 2022/0394016 A1, Dec. 8, 2022
Int. Cl. H04L 9/40 (2022.01); H04L 12/46 (2006.01); H04L 45/24 (2022.01)
CPC H04L 63/0272 (2013.01) [H04L 12/4641 (2013.01); H04L 63/0428 (2013.01); H04L 45/24 (2013.01)] 20 Claims
OG exemplary drawing
 
1. A method comprising:
identifying a plurality of paths between a first site and a second site, wherein a security association (SA) is established for transmitting encrypted payload from the first site to the second site in a virtual private network (VPN) session;
selecting a path from the plurality of paths based on metrics that are obtained for the plurality of paths, the selected path defined by a first endpoint address of the first site and a second endpoint address of the second site;
sending a message from the first site to the second site to update the SA to switch from using an original path to using the selected path, the message indicating the first and second endpoint addresses, and the SA being associated with a shared security attribute between the first site and the second site; and
transmitting a packet comprising a payload that is encrypted according to the updated SA.