Abstract: The techniques described herein enable the establishment of two simultaneous virtual private network (VPN) connections for a VPN client operating on a remote computing device. The VPN client can establish first VPN connection with a first VPN server instance of a VPN gateway and a second VPN connection with a second VPN server instance of the VPN gateway. To establish two simultaneous VPN connections, the VPN client is configured to create and/or use two Transmission Control Protocol (TCP) sockets. In one example, a first VPN connection can be a primary VPN connection and a second VPN connection can be a dormant VPN connection configured as a backup in case of a service interruption with the first VPN connection. In another example, a data flow can be split across the first and second VPN connections, or alternate between using the first and second VPN connections, based on performance parameters.

Abstract: The techniques described herein enable the establishment of two simultaneous virtual private network (VPN) connections between a VPN gateway and a VPN client. The system is configured to update a routing table advertised to network resources when a VPN server instance fails and/or is taken offline. When a first VPN server instance fails and/or is taken offline, the first VPN server instance releases a claim of ownership on its range of IP addresses. After this release occurs, the second VPN server instance is configured to claim ownership of the range of IP addresses that used to be owned by the first VPN server instance. This updated claim of ownership is captured in an updated routing table that can then be advertised to the network resources. Consequently, the network resources use this updated routing table to correctly determine which VPN server instance to send data intended for the VPN client.

Abstract: The techniques described herein enable the establishment of two simultaneous virtual private network (VPN) connections between a VPN gateway and a VPN client. The system is configured to update a routing table advertised to network resources when a VPN server instance fails and/or is taken offline. When a first VPN server instance fails and/or is taken offline, the first VPN server instance releases a claim of ownership on its range of IP addresses. After this release occurs, the second VPN server instance is configured to claim ownership of the range of IP addresses that used to be owned by the first VPN server instance. This updated claim of ownership is captured in an updated routing table that can then be advertised to the network resources. Consequently, the network resources use this updated routing table to correctly determine which VPN server instance to send data intended for the VPN client.

Abstract: The techniques described herein enable the establishment of two simultaneous virtual private network (VPN) connections for a VPN client operating on a remote computing device. The VPN client can establish first VPN connection with a first VPN server instance of a VPN gateway and a second VPN connection with a second VPN server instance of the VPN gateway. To establish two simultaneous VPN connections, the VPN client is configured to create and/or use two Transmission Control Protocol (TCP) sockets. In one example, a first VPN connection can be a primary VPN connection and a second VPN connection can be a dormant VPN connection configured as a backup in case of a service interruption with the first VPN connection. In another example, a data flow can be split across the first and second VPN connections, or alternate between using the first and second VPN connections, based on performance parameters.

Abstract: An overlay network refers to a network that is implemented as various different virtual resources on a physical network referred to as an underlay network. Diagnostics are performed on the overlay network by injecting diagnostic packets from a source endpoint targeting a target endpoint. These endpoints can be in the overlay network, on-premises with the other endpoint but in a different overlay network, or off-premises form the other endpoint. The diagnostic packets include a data packet encapsulated with a diagnostic encapsulation header that can be removed by a network element in the underlay network to allow processing of the data packet, and then added back on. The network element maintains trace information that is a record of receipt of the diagnostic packet and operations performed on the diagnostic packet. A tracing service collects and analyzes this trace information from the various network elements.

Abstract: An overlay network refers to a network that is implemented as various different virtual resources on a physical network referred to as an underlay network. Diagnostics are performed on the overlay network by injecting diagnostic packets from a source endpoint targeting a target endpoint. These endpoints can be in the overlay network, on-premises with the other endpoint but in a different overlay network, or off-premises form the other endpoint. The diagnostic packets include a data packet encapsulated with a diagnostic encapsulation header that can be removed by a network element in the underlay network to allow processing of the data packet, and then added back on. The network element maintains trace information that is a record of receipt of the diagnostic packet and operations performed on the diagnostic packet. A tracing service collects and analyzes this trace information from the various network elements.

Abstract: A service is provided that supports a plurality of tenants. Server(s) of the service are communicatively coupled with a plurality of gateways of the service. Each gateway is configured to support at least one tenant. The server(s) of the service include a network interface, a tenant mapper, and a gateway interface. The network interface is configured to receive connection strings from client devices. Each received connection string includes a service portion that maps to the same public IP address of the service, and also includes a corresponding tenant portion that identifies a tenant. The tenant mapper maps the tenant portions of the connection strings to corresponding gateways. The gateway interface is configured to enable the gateways to establish tunnels between the corresponding client devices and identified tenants. Accordingly, clients are enabled to access multiple tenants of the service via a same public IP address.

Abstract: A service is provided that supports a plurality of tenants. Server(s) of the service are communicatively coupled with a plurality of gateways of the service. Each gateway is configured to support at least one tenant. The server(s) of the service include a network interface, a tenant mapper, and a gateway interface. The network interface is configured to receive connection strings from client devices. Each received connection string includes a service portion that maps to the same public IP address of the service, and also includes a corresponding tenant portion that identifies a tenant. The tenant mapper maps the tenant portions of the connection strings to corresponding gateways. The gateway interface is configured to enable the gateways to establish tunnels between the corresponding client devices and identified tenants. Accordingly, clients are enabled to access multiple tenants of the service via a same public IP address.