US 12,170,644 B2
Binding flows to unique addresses or ports
Kyle Andrew Donald Mestery, Woodbury, MN (US); and Vincent E. Parla, North Hampton, NH (US)
Assigned to Cisco Technology, Inc., San Jose, CA (US)
Filed by Cisco Technology, Inc., San Jose, CA (US)
Filed on Feb. 23, 2022, as Appl. No. 17/678,472.
Prior Publication US 2023/0269217 A1, Aug. 24, 2023
Int. Cl. H04L 61/2557 (2022.01); H04L 9/40 (2022.01); H04L 61/256 (2022.01); H04L 61/4511 (2022.01)
CPC H04L 61/2557 (2013.01) [H04L 61/256 (2013.01); H04L 61/4511 (2022.05); H04L 63/0272 (2013.01)] 17 Claims
OG exemplary drawing
 
1. A system comprising:
one or more processors; and
one or more computer-readable media storing computer-executable instructions that, when executed by the one or more processors, cause the one or more processors to perform operations comprising:
receiving, at a Domain Name System (DNS) and from a termination device, a DNS request to resolve a domain name on behalf of a source device into a destination Internet Protocol (IP) address associated with a destination device in a network;
receiving, from the termination device, context data associated with a network flow sent from the source device and destined for the destination device;
generating, by the DNS, a unique destination IP address that corresponds to the destination IP address of the destination device;
storing a mapping between the unique destination IP address and at least one of (i) the context data or (ii) network policy determined for the network flow;
sending the unique destination IP address from the DNS and to the termination device;
detecting the network flow in the network, wherein the network flow has the unique destination IP address in a destination address field;
applying the network policy to the network flow based at least in part on the mapping;
receiving, at the DNS and from the termination device, a second DNS request to resolve a second domain name into a second destination IP address to which a second network flow is destined, wherein the second network flow and the network flow were multiplexed by the source device into a single stream and sent to the termination device;
receiving, from the termination device, second context data associated with the second network flow;
generating, by the DNS, a second unique destination IP address that corresponds to the second destination IP address;
storing a second mapping between the second unique destination IP address and the second context data associated with the second network flow;
sending the second unique destination IP address from the DNS and to the termination device;
detecting the second network flow in the network, wherein the second network flow has the second unique destination IP address as a destination address; and
applying second network policy to the second network flow based at least in part on the second mapping, the second network policy being different than the network policy.