Patents by Inventor Marek Przemyslaw Majkowski
Marek Przemyslaw Majkowski has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Publication number: 20240126569Abstract: A compute server receives a request that triggers execution of a code piece out of multiple code pieces. A single process at the compute server executes the code piece, which is run in an isolated execution environment. Each other code piece runs in other isolated execution environments respectively and executed by the single process. The code piece, when executed, modifies a response to the request. The response is generated based at least in part on the executed code piece. The generated response is transmitted.Type: ApplicationFiled: December 21, 2023Publication date: April 18, 2024Inventors: Kenton Taylor Varda, Zachary Aaron Bloom, Marek Przemyslaw Majkowski, Ingvar Stepanyan, Kyle Kloepper, Dane Orion Knecht, John Graham-Cumming, Dani Grant
-
Publication number: 20240129273Abstract: A map of IP addresses of a distributed cloud computing network to one or more groupings is stored. The IP addresses are anycast IP addresses for which compute servers of the distributed cloud computing network share. These IP addresses are to be used as source IP addresses when transmitting traffic to destinations external to the cloud computing network. The map is made available to external destinations. Traffic is received at the distributed cloud computing network that is destined to an external destination. An IP address is selected based on the characteristic(s) applicable for the traffic and the map. The distributed cloud computing network transmits the traffic to the external destination using the selected IP address.Type: ApplicationFiled: December 21, 2023Publication date: April 18, 2024Inventors: Marek Przemyslaw Majkowski, Braden Michael Ehrat, Sergi Isasi, Dane Orion Knecht, Dina Kozlov, Rustam Xing Lalkaka, Eric Reeves, Oliver Zi-gang Yu
-
TRAFFIC LOAD BALANCING BETWEEN A PLURALITY OF POINTS OF PRESENCE OF A CLOUD COMPUTING INFRASTRUCTURE
Publication number: 20240089315Abstract: Methods and system of traffic load balancing between a plurality of Points of Presence (PoP) of a cloud computing infrastructure are described. A first PoP of multiple PoPs of cloud computing infrastructure that provides a cloud computing service receives a packet. The packet includes as a destination address an anycast address advertised by the first PoP for reaching the cloud computing service. The first PoP identifies a network address of a second PoP that is different from the first PoP. The first PoP forwards the packets as an encapsulated packet to the second PoP to be processed in the second PoP according to the cloud computing service.Type: ApplicationFiled: November 21, 2023Publication date: March 14, 2024Inventors: David Paul WRAGG, Ólafur GUÐMUNDSSON, Lorenz Mathias BAUER, Arthur FABRE, Marek Przemyslaw MAJKOWSKI -
Patent number: 11894947Abstract: A GRE tunnel is configured between multiple computing devices of a distributed cloud computing network and a single origin router of the origin network. The GRE tunnel has a first GRE endpoint that has an IP address that is shared among the computing devices of the distribute cloud computing network and a second GRE endpoint that has a publicly routable IP address of the origin router. A first computing device receives an IP packet from a client that is destined to an origin server. The first computing device processes the received IP packet and encapsulates the IP packet inside an outer packet to generate a GRE encapsulated packet whose source address is the first GRE endpoint and the destination address is the second GRE endpoint. The GRE encapsulated packet is transmitted over the GRE tunnel to the single origin router.Type: GrantFiled: December 18, 2022Date of Patent: February 6, 2024Assignee: CLOUDFLARE, INC.Inventors: Nicholas Alexander Wondra, Achiel Paul van der Mandele, Alexander Forster, Eric Reeves, Joaquin Madruga, Rustam Xing Lalkaka, Marek Przemyslaw Majkowski
-
Patent number: 11882149Abstract: For each network resource request received at a server of a cloud-based service, a determination of whether that request originated from a second network resource is made. For each such request where the network resource originated from the second network resource, a referrer indication is logged that indicates the second network resource is a referrer to that network resource. A network resource relevance dataset is generated based on the referrer indications of the second network resources. A relevance metric is associated with each second network resource based on a total number of referrer indications. A search request is received from a client device. Based at least in part on the network resource relevance dataset, search results are determined. The search results are transmitted to the client device.Type: GrantFiled: August 8, 2022Date of Patent: January 23, 2024Assignee: CLOUDFLARE, INC.Inventors: Marek Przemyslaw Majkowski, Maciej Biłas, David Paul Wragg
-
Patent number: 11853776Abstract: A compute server receives a first request from a client device that triggers execution of a first third-party code piece. The first request is directed to a first zone. A single process at the compute server executes the first third-party code piece. As a result of executing the first third-party code piece, a second request is generated that triggers execution of a second third-party code piece. The second request is directed to a second zone. The single process executes the second third-party code piece. A response is generated to the first request based at least in part on the executed first third-party code piece and the executed second third-party code piece. The generated response is transmitted to the client device.Type: GrantFiled: December 30, 2022Date of Patent: December 26, 2023Assignee: CLOUDFLARE, INC.Inventors: Kenton Taylor Varda, Zachary Aaron Bloom, Marek Przemyslaw Majkowski, Ingvar Stepanyan, Kyle Kloepper, Dane Orion Knecht, John Graham-Cumming, Dani Grant
-
Patent number: 11855958Abstract: A map of IP addresses of a distributed cloud computing network to one or more groupings is stored. The IP addresses are anycast IP addresses for which compute servers of the distributed cloud computing network share. These IP addresses are to be used as source IP addresses when transmitting traffic to destinations external to the cloud computing network. The map is made available to external destinations. Traffic is received at the distributed cloud computing network that is destined to an external destination. An IP address is selected based on the characteristic(s) applicable for the traffic and the map. The distributed cloud computing network transmits the traffic to the external destination using the selected IP address.Type: GrantFiled: September 6, 2022Date of Patent: December 26, 2023Assignee: CLOUDFLARE, INC.Inventors: Marek Przemyslaw Majkowski, Braden Michael Ehrat, Sergi Isasi, Dane Orion Knecht, Dina Kozlov, Rustam Xing Lalkaka, Eric Reeves, Oliver Zi-gang Yu
-
Traffic load balancing between a plurality of points of presence of a cloud computing infrastructure
Patent number: 11824923Abstract: Methods and system of traffic load balancing between a plurality of Points of Presence (PoP) of a cloud computing infrastructure are described. A first PoP of multiple PoPs of cloud computing infrastructure that provides a cloud computing service receives a packet. The packet includes as a destination address an anycast address advertised by the first PoP for reaching the cloud computing service. The first PoP identifies a network address of a second PoP that is different from the first PoP. The first PoP forwards the packets as an encapsulated packet to the second PoP to be processed in the second PoP according to the cloud computing service.Type: GrantFiled: September 21, 2021Date of Patent: November 21, 2023Assignee: CLOUDFLARE, INC.Inventors: David Paul Wragg, Ólafur GuÐmundsson, Lorenz Mathias Bauer, Arthur Fabre, Marek Przemyslaw Majkowski -
Patent number: 11799827Abstract: A first edge server of multiple edge servers of a distributed edge computing network receives a request from a client device regarding a resource hosted at an origin server according to an anycast implementation. The first edge server modifies the request to include identifying information for the first edge server prior to sending the request to the origin server. The origin server responds with a response packet that includes the identifying information of the first edge server. Instead of routing the response packet to the client device directly, one of the multiple edge servers receives the response packet due to the edge servers each having the same anycast address. If the edge server that receives the response packet is not the first edge server, that edge server transmits the response packet to the first edge server, who processes the response packet and transmits the response packet to the client device.Type: GrantFiled: September 29, 2022Date of Patent: October 24, 2023Assignee: CLOUDFLARE, INC.Inventors: Marek Przemyslaw Majkowski, Alexander Forster, Maciej Biłas
-
Publication number: 20230138161Abstract: A compute server receives a first request from a client device that triggers execution of a first third-party code piece. The first request is directed to a first zone. A single process at the compute server executes the first third-party code piece. As a result of executing the first third-party code piece, a second request is generated that triggers execution of a second third-party code piece. The second request is directed to a second zone. The single process executes the second third-party code piece. A response is generated to the first request based at least in part on the executed first third-party code piece and the executed second third-party code piece. The generated response is transmitted to the client device.Type: ApplicationFiled: December 30, 2022Publication date: May 4, 2023Inventors: Kenton Taylor Varda, Zachary Aaron Bloom, Marek Przemyslaw Majkowski, Ingvar Stepanyan, Kyle Kloepper, Dane Orion Knecht, John Graham-Cumming, Dani Grant
-
Publication number: 20230124628Abstract: A GRE tunnel is configured between multiple computing devices of a distributed cloud computing network and a single origin router of the origin network. The GRE tunnel has a first GRE endpoint that has an IP address that is shared among the computing devices of the distribute cloud computing network and a second GRE endpoint that has a publicly routable IP address of the origin router. A first computing device receives an IP packet from a client that is destined to an origin server. The first computing device processes the received IP packet and encapsulates the IP packet inside an outer packet to generate a GRE encapsulated packet whose source address is the first GRE endpoint and the destination address is the second GRE endpoint. The GRE encapsulated packet is transmitted over the GRE tunnel to the single origin router.Type: ApplicationFiled: December 18, 2022Publication date: April 20, 2023Inventors: Nicholas Alexander Wondra, Achiel Paul van der Mandele, Alexander Forster, Eric Reeves, Joaquin Madruga, Rustam Xing Lalkaka, Marek Przemyslaw Majkowski
-
Publication number: 20230073959Abstract: For each network resource request received at a server of a cloud-based service, a determination of whether that request originated from a second network resource is made. For each such request where the network resource originated from the second network resource, a referrer indication is logged that indicates the second network resource is a referrer to that network resource. A network resource relevance dataset is generated based on the referrer indications of the second network resources. A relevance metric is associated with each second network resource based on a total number of referrer indications. A search request is received from a client device. Based at least in part on the network resource relevance dataset, search results are determined. The search results are transmitted to the client device.Type: ApplicationFiled: August 8, 2022Publication date: March 9, 2023Inventors: Marek Przemyslaw MAJKOWSKI, Maciej BILAS, David Paul WRAGG
-
Patent number: 11561805Abstract: A compute server receives a request from a client device that triggers execution of a third-party code piece. The compute server is one of multiple compute servers that are part of a distributed cloud computing network. The request may be an HTTP request and directed to a zone. A single process at the compute server executes the third-party code piece in an isolated execution environment. The single process is also executing other third-party code pieces in other isolated execution environments respectively. A response is generated to the request based at least in part on the executed third-party code piece, and the generated response is transmitted to the client device.Type: GrantFiled: December 7, 2020Date of Patent: January 24, 2023Assignee: CLOUDFLARE, INC.Inventors: Kenton Taylor Varda, Zachary Aaron Bloom, Marek Przemyslaw Majkowski, Ingvar Stepanyan, Kyle Kloepper, Dane Orion Knecht, John Graham-Cumming, Dani Grant
-
Publication number: 20230019293Abstract: A first edge server of multiple edge servers of a distributed edge computing network receives a request from a client device regarding a resource hosted at an origin server according to an anycast implementation. The first edge server modifies the request to include identifying information for the first edge server prior to sending the request to the origin server. The origin server responds with a response packet that includes the identifying information of the first edge server. Instead of routing the response packet to the client device directly, one of the multiple edge servers receives the response packet due to the edge servers each having the same anycast address. If the edge server that receives the response packet is not the first edge server, that edge server transmits the response packet to the first edge server, who processes the response packet and transmits the response packet to the client device.Type: ApplicationFiled: September 29, 2022Publication date: January 19, 2023Inventors: Marek Przemyslaw MAJKOWSKI, Alexander FORSTER, Maciej BILAS
-
Publication number: 20220417211Abstract: A map of IP addresses of a distributed cloud computing network to one or more groupings is stored. The IP addresses are anycast IP addresses for which compute servers of the distributed cloud computing network share. These IP addresses are to be used as source IP addresses when transmitting traffic to destinations external to the cloud computing network. The map is made available to external destinations. Traffic is received at the distributed cloud computing network that is destined to an external destination. An IP address is selected based on the characteristic(s) applicable for the traffic and the map. The distributed cloud computing network transmits the traffic to the external destination using the selected IP address.Type: ApplicationFiled: September 6, 2022Publication date: December 29, 2022Inventors: Marek Przemyslaw Majkowski, Braden Michael Ehrat, Sergi Isasi, Dane Orion Knecht, Dina Kozlov, Rustam Xing Lalkaka, Eric Reeves, Oliver Zi-gang Yu
-
Patent number: 11533197Abstract: A GRE tunnel is configured between multiple computing devices of a distributed cloud computing network and a single origin router of the origin network. The GRE tunnel has a first GRE endpoint that has an IP address that is shared among the computing devices of the distribute cloud computing network and a second GRE endpoint that has a publicly routable IP address of the origin router. A first computing device receives an IP packet from a client that is destined to an origin server. The first computing device processes the received IP packet and encapsulates the IP packet inside an outer packet to generate a GRE encapsulated packet whose source address is the first GRE endpoint and the destination address is the second GRE endpoint. The GRE encapsulated packet is transmitted over the GRE tunnel to the single origin router.Type: GrantFiled: September 21, 2021Date of Patent: December 20, 2022Assignee: CLOUDFLARE, INC.Inventors: Nicholas Alexander Wondra, Achiel Paul van der Mandele, Alexander Forster, Eric Reeves, Joaquin Madruga, Rustam Xing Lalkaka, Marek Przemyslaw Majkowski
-
Patent number: 11489810Abstract: A first edge server of multiple edge servers of a distributed edge computing network receives a request from a client device regarding a resource hosted at an origin server according to an anycast implementation. The first edge server modifies the request to include identifying information for the first edge server prior to sending the request to the origin server. The origin server responds with a response packet that includes the identifying information of the first edge server. Instead of routing the response packet to the client device directly, one of the multiple edge servers receives the response packet due to the edge servers each having the same anycast address. If the edge server that receives the response packet is not the first edge server, that edge server transmits the response packet to the first edge server, who processes the response packet and transmits the response packet to the client device.Type: GrantFiled: December 22, 2020Date of Patent: November 1, 2022Assignee: CLOUDFLARE, INC.Inventors: Marek Przemyslaw Majkowski, Alexander Forster, Maciej Biłas
-
Publication number: 20220286424Abstract: A map of IP addresses of a distributed cloud computing network to one or more groupings is stored. The IP addresses are anycast IP addresses for which compute servers of the distributed cloud computing network share. These IP addresses are to be used as source IP addresses when transmitting traffic to destinations external to the cloud computing network. The map is made available to external destinations. Traffic is received at the distributed cloud computing network that is destined to an external destination. An IP address is selected based on the characteristic(s) applicable for the traffic and the map. The distributed cloud computing network transmits the traffic to the external destination using the selected IP address.Type: ApplicationFiled: August 23, 2021Publication date: September 8, 2022Inventors: Marek Przemyslaw Majkowski, Braden Michael Ehrat, Sergi Isasi, Dane Orion Knecht, Dina Kozlov, Rustam Xing Lalkaka, Eric Reeves, Oliver Zi-gang Yu
-
Patent number: 11438302Abstract: A map of IP addresses of a distributed cloud computing network to one or more groupings is stored. The IP addresses are anycast IP addresses for which compute servers of the distributed cloud computing network share. These IP addresses are to be used as source IP addresses when transmitting traffic to destinations external to the cloud computing network. The map is made available to external destinations. Traffic is received at the distributed cloud computing network that is destined to an external destination. An IP address is selected based on the characteristic(s) applicable for the traffic and the map. The distributed cloud computing network transmits the traffic to the external destination using the selected IP address.Type: GrantFiled: August 23, 2021Date of Patent: September 6, 2022Assignee: CLOUDFLARE, INC.Inventors: Marek Przemyslaw Majkowski, Braden Michael Ehrat, Sergi Isasi, Dane Orion Knecht, Dina Kozlov, Rustam Xing Lalkaka, Eric Reeves, Oliver Zi-Gang Yu
-
Patent number: 11411987Abstract: A method and system for detection of security threats on network resources based on referrer indications are presented. A determination that a second request originated from a first network resource is performed based on second request information associated with a second request for a second network resource. In response to determining that the second request originated from the first network resource, a referrer indication that the first network resource is a referrer to the second network resource is logged. A third request for a third network resource is received. A determination that the third request is part of a cyber-attack on a second server is performed based at least in part on the referrer indication.Type: GrantFiled: March 24, 2020Date of Patent: August 9, 2022Assignee: CLOUDFLARE, INC.Inventors: Marek Przemyslaw Majkowski, Maciej Biłas, David Paul Wragg