CPC H04L 61/2557 (2013.01) [H04L 61/256 (2013.01); H04L 61/4511 (2022.05); H04L 63/0272 (2013.01)] | 17 Claims |
1. A system comprising:
one or more processors; and
one or more computer-readable media storing computer-executable instructions that, when executed by the one or more processors, cause the one or more processors to perform operations comprising:
receiving, at a Domain Name System (DNS) and from a termination device, a DNS request to resolve a domain name on behalf of a source device into a destination Internet Protocol (IP) address associated with a destination device in a network;
receiving, from the termination device, context data associated with a network flow sent from the source device and destined for the destination device;
generating, by the DNS, a unique destination IP address that corresponds to the destination IP address of the destination device;
storing a mapping between the unique destination IP address and at least one of (i) the context data or (ii) network policy determined for the network flow;
sending the unique destination IP address from the DNS and to the termination device;
detecting the network flow in the network, wherein the network flow has the unique destination IP address in a destination address field;
applying the network policy to the network flow based at least in part on the mapping;
receiving, at the DNS and from the termination device, a second DNS request to resolve a second domain name into a second destination IP address to which a second network flow is destined, wherein the second network flow and the network flow were multiplexed by the source device into a single stream and sent to the termination device;
receiving, from the termination device, second context data associated with the second network flow;
generating, by the DNS, a second unique destination IP address that corresponds to the second destination IP address;
storing a second mapping between the second unique destination IP address and the second context data associated with the second network flow;
sending the second unique destination IP address from the DNS and to the termination device;
detecting the second network flow in the network, wherein the second network flow has the second unique destination IP address as a destination address; and
applying second network policy to the second network flow based at least in part on the second mapping, the second network policy being different than the network policy.
|