Abstract: A method of providing infrastructure protection for a network that includes IP addresses as low as a single IP address. An end user sends traffic to an IP address of a projected server publicly available as an anycast address, and sends traffic to the protected network. The traffic is routed via one of several scrubbing centers using the public IP address as anycast address, and the scrubbing center provides infrastructure protection by scanning and filtering the incoming traffic for illegitimate data. After filtering, the legitimate traffic is encapsulated, e.g., via including virtual GRE tunnel information that includes a secret IP address known only to the scrubbing center and the protected server that receives the network traffic. The protected server decapsulates the network packet and responds back to the end user via the scrubbing network.

Abstract: A method of providing infrastructure protection for a server of a network organization, the method including announcing, as an internet protocol (IP) address associated with a server of a plurality of servers, a first anycast IP address, the first anycast IP address being one of a plurality of anycast IP addresses that each serve as an anycast address for a scrubbing center network. Each of the plurality of anycast IP addresses is allocated to a respective server of the plurality of servers by the scrubbing center network. The scrubbing center network may receive an incoming network packet intended for the server, the incoming network packet identified using the first anycast IP address. The scrubbing center network may determine whether the incoming network packet is legitimate and if so, the incoming network packet may be routed to the server using a generic routing encapsulation (GRE) tunnel.

Abstract: A method of providing infrastructure protection for a server of a network organization, the method including announcing, as an internet protocol (IP) address associated with a server of a plurality of servers, a first anycast IP address, the first anycast IP address being one of a plurality of anycast IP addresses that each serve as an anycast address for a network of edge servers. Each of the plurality of anycast IP addresses is allocated to a respective server of the plurality of servers by the network of edge servers. The network of edge servers may receive an incoming network packet intended for the server, the incoming network packet identified using the first anycast IP address. The network of edge servers may determine whether the incoming network packet is legitimate and if so, the incoming network packet may be routed to the server using a generic routing encapsulation (GRE) tunnel.

Abstract: A method of providing infrastructure protection for a server of a network organization, the method including announcing an internet protocol (IP) address range associated with the network organization using a border gateway protocol (BGP) on an edge server of a distributed network of edge servers. The method further including receiving an incoming network packet intended for the server of the network organization identified using a public IP address within the IP address range, the public IP address serving as a first anycast address for a distributed network of edge servers. The method further including determining, by the distributed network, whether the incoming network packet is legitimate. The method further including responsive to determining that the incoming network packet is legitimate, routing, by a processor using generic routing encapsulation (GRE), the incoming network packet to the server at a private IP address.

Abstract: A method of providing infrastructure protection for a server of a network organization, the method including announcing an IP address range associated with the network organization using a border gateway protocol on an edge router of a scrubbing center associated with the network organization. The method further including receiving an incoming network packet intended for a server of the network organization identified using a public IP address within the IP address range, the public IP address serving as a first anycast address for a plurality of scrubbing centers in a distributed network of scrubbing servers, the plurality of scrubbing centers including the scrubbing center. The method further including determining, by the scrubbing center, whether the incoming network packet is legitimate. The method further including, responsive to determining that the incoming network packet is legitimate, routing, by a processor, the incoming network packet to the server at a private IP address.

Abstract: A method of providing infrastructure protection for a server of a network organization, the method including announcing an internet protocol (IP) address range associated with the network organization using a border gateway protocol (BGP) on an edge server of a distributed network of edge servers. The method further including receiving an incoming network packet intended for the server of the network organization identified using a public IP address within the IP address range, the public IP address serving as a first anycast address for a distributed network of edge servers. The method further including determining, by the distributed network, whether the incoming network packet is legitimate. The method further including responsive to determining that the incoming network packet is legitimate, routing, by a processor using generic routing encapsulation (GRE), the incoming network packet to the server at a private IP address.

Abstract: A method of providing infrastructure protection for a server of a network organization, the method including announcing an IP address range associated with the network organization using a border gateway protocol on an edge router of a scrubbing center associated with the network organization. The method further including receiving an incoming network packet intended for a server of the network organization identified using a public IP address within the IP address range, the public IP address serving as a first anycast address for a plurality of scrubbing centers in a distributed network of scrubbing servers, the plurality of scrubbing centers including the scrubbing center. The method further including determining, by the scrubbing center, whether the incoming network packet is legitimate. The method further including, responsive to determining that the incoming network packet is legitimate, routing, by a processor, the incoming network packet to the server at a private IP address.

Abstract: A method of providing infrastructure protection for a network that includes IP addresses as low as a single IP address. An end user sends traffic to an IP address of a projected server publicly available as an anycast address, and sends traffic to the protected network. The traffic is routed via one of several scrubbing centers using the public IP address as anycast address, and the scrubbing center provides infrastructure protection by scanning and filtering the incoming traffic for illegitimate data. After filtering, the legitimate traffic is encapsulated, e.g., via including virtual GRE tunnel information that includes a secret IP address known only to the scrubbing center and the protected server that receives the network traffic. The protected server decapsulates the network packet and responds back to the end user via the scrubbing network.

Abstract: A method of providing infrastructure protection for a network that includes IP addresses as low as a single IP address. An end user sends traffic to an IP address of a projected server publicly available as an anycast address, and sends traffic to the protected network. The traffic is routed via one of several scrubbing centers using the public IP address as anycast address, and the scrubbing center provides infrastructure protection by scanning and filtering the incoming traffic for illegitimate data. After filtering, the legitimate traffic is encapsulated, e.g., via including virtual GRE tunnel information that includes a secret IP address known only to the scrubbing center and the protected server that receives the network traffic. The protected server decapsulates the network packet and responds back to the end user via the scrubbing network.

Abstract: A method of providing infrastructure protection for a network that includes IP addresses as low as a single IP address. An end user sends traffic to an IP address of a projected server publicly available as an anycast address, and sends traffic to the protected network. The traffic is routed via one of several scrubbing centers using the public IP address as anycast address, and the scrubbing center provides infrastructure protection by scanning and filtering the incoming traffic for illegitimate data. After filtering, the legitimate traffic is encapsulated, e.g., via including virtual GRE tunnel information that includes a secret IP address known only to the scrubbing center and the protected server that receives the network traffic. The protected server decapsulates the network packet and responds back to the end user via the scrubbing network.