Search

US-12627560-B2 - Software-defined traffic routing mesh network modifications

US12627560B2US 12627560 B2US12627560 B2US 12627560B2US-12627560-B2

Abstract

An architecture plan for a software-defined traffic routing mesh network that includes multiple tiers of network nodes for routing network data traffic between one or more client devices and an external network may be received. Network nodes for the multiple tiers may be procured via a computing device associated with a mesh network provider or via procurement network nodes that are associated with different independent entities. Subsequently, a configuration file may be generated based at least on the architecture plan and node information of the procured network nodes. The configuration file is then implemented to configure the procured network nodes into the mesh network. In some instances, a configuration command in the configuration file may be modified when the configuration command fails during the implementation of the configuration file. In other instances, the network nodes in the software-defined traffic routing mesh network may be further modified following deployment for use.

Inventors

  • George ZOULIAS
  • Blake Watson

Assignees

  • PERFECTA FEDERAL, LLC

Dates

Publication Date
20260512
Application Date
20230731

Claims (18)

  1. 1 . A computer-implemented method, comprising: receiving an architecture plan for a software-defined traffic routing mesh network that includes multiple tiers of network nodes for routing network data traffic between one or more client devices and an external network; procuring network nodes for the multiple tiers via a computing device associated with a mesh network provider or via procurement network nodes for one or more of the multiple tiers that are associated with different independent entities; generating a first configuration file based at least on the architecture plan and node information of procured network nodes, the first configuration file for configuring the network nodes in the multiple tiers into the software-defined traffic routing mesh network; implementing the first configuration file to upload corresponding sets of network connection configurations into each node of the procured network nodes to network each node with one or more other network nodes to create the software-defined traffic routing mesh network; receiving a modified architecture plan that modifies the software-defined traffic routing mesh network that includes the multiple tiers of the network node; using the modified architecture plan and the node information of the network nodes, generating a second configuration file for configuring the network nodes into a modified software-defined traffic routing mesh network; terminating the routing of network data traffic of at least one client device of the one or more client devices through the software-defined traffic routing mesh network; directing the network nodes in the software-defined traffic routing mesh network to boot or reboot, causing the network nodes to read configuration commands in the second configuration file that are identified for the network nodes, respectively; at each of the network nodes in the modified software-defined traffic routing mesh network, creating network interfaces with one or more other network nodes in accordance with the read configuration commands; and routing the network data traffic of the one or more client devices through the modified software-defined traffic routing mesh network.
  2. 2 . The computer-implemented method of claim 1 , wherein the implementing the configuration file includes: determining that a configuration command in the configuration file for configuring a network node of the network nodes failed to execute; providing an indication that the configuration command in the configuration file failed to execute for presentation via a user interface; in response to the providing the indication for presentation, receiving a modified configuration command for configuring the network node via the user interface; and executing the modified configuration command to configure the network node.
  3. 3 . The computer-implemented method of claim 2 , further comprising executing one or more remaining configuration commands in the configuration file to configure the multiple tiers of network nodes into the software-defined traffic routing mesh network.
  4. 4 . The computer-implemented method of claim 1 , wherein the software-defined traffic routing mesh network includes a-first plurality of operations network nodes, a plurality of maintenance network nodes, and at least one procurement network node, wherein each of the plurality of operations network nodes, the plurality of maintenance network nodes, and the at least one procurement network is organized into the multiple tiers.
  5. 5 . The computer-implemented method of claim 4 , wherein the implementing includes implementing the configuration file to configure the plurality of operations network nodes to provide a secure private network channel for routing the network data traffic between the one or more client devices and the external network through the multiple tiers.
  6. 6 . The computer-implemented method of claim 4 , wherein the external network includes the Internet, and wherein the multiple tiers comprise a tier of one or more exit network nodes that connect the plurality of operations network nodes to the Internet.
  7. 7 . The computer-implemented method of claim 4 , wherein the procuring further comprises procuring, via a computing device, at least one of a hardware component or a software component for each network node of the plurality of operations network nodes, the plurality of maintenance network nodes, and the at least one procurement network node that are in a first tier of the multiple tiers using corresponding online transactions.
  8. 8 . The computer-implemented method of claim 7 , wherein the procuring further comprises procuring, via at least a virtual private network (VPN) connection hop between the computing device and a procurement network node in the first tier that is associated with a first independent entity, at least one of a hardware component or at least one of a hardware component or a software component for each network node that is in a second tier of the multiple tiers using corresponding second online transactions, the second tier being associated with a second independent entity.
  9. 9 . The computer-implemented method of claim 8 , wherein the procuring further comprises procuring, via at least the VPN connection hop between the computing device and a procurement network node in the first tier that is associated with a first independent entity, and a second VPN connection hop between the procurement network node and an additional procurement network node in the second tier that is associated with a second independent entity, at least one of a hardware component or at least one of a hardware component or a software component for each network node that is in a third tier of the multiple tiers using corresponding third online transactions, the third tier being associated with a third independent entity.
  10. 10 . The computer-implemented method of claim 1 , further comprising: receiving a request to modify a node-specific signature of a network node in the software-defined traffic routing mesh network; and performing at least one of activating a first service or deactivating a second service of the network node according to the request to change the node-specific signature of the network node to a different node-specific signature.
  11. 11 . The computer-implemented method of claim 10 , wherein the node-specific signature indicates that the network node is a web server, an application server, or a mail server.
  12. 12 . The computer-implemented method of claim 10 , wherein the first service or the second service is provided by a third-party software service or a software application installed on the network node.
  13. 13 . One or more non-transitory computer-readable media storing computer-executable instructions that upon execution cause one or more processors to perform acts comprising: receiving an architecture plan for a software-defined traffic routing mesh network that includes multiple tiers of network nodes for routing network data traffic between one or more client devices and an external network; procuring network nodes for the multiple tiers via a computing device associated with a mesh network provider or via procurement network nodes for one or more of the multiple tiers that are associated with different independent entities; generating a first configuration file based at least on the architecture plan and node information of procured network nodes, the first configuration file for configuring the network nodes in the multiple tiers into the software-defined traffic routing mesh network; implementing the first configuration file to upload corresponding sets of network connection configurations into each node of the procured network nodes to network each node with one or more other network nodes to create the software-defined traffic routing mesh network; receiving a modified architecture plan that modifies the software-defined traffic routing mesh network that includes the multiple tiers of the network node; using the modified architecture plan and the node information of the network nodes, generating a second configuration file for configuring the network nodes into a modified software-defined traffic routing mesh network; terminating the routing of network data traffic of at least one client device of the one or more client devices through the software-defined traffic routing mesh network; directing the network nodes in the software-defined traffic routing mesh network to boot or reboot, causing the network nodes to read configuration commands in the second configuration file that are identified for the network nodes, respectively; at each of the network nodes in the modified software-defined traffic routing mesh network, creating network interfaces with one or more other network nodes in accordance with the read configuration commands; and routing the network data traffic of the one or more client devices through the modified software-defined traffic routing mesh network.
  14. 14 . The one or more non-transitory computer-readable media of claim 13 , wherein the implementing the configuration file includes: determining that a configuration command in the configuration file for configuring a network node of the network nodes failed to execute; providing an indication that the configuration command in the configuration file failed to execute for presentation via a user interface; in response to the providing the indication for presentation, receiving a modified configuration command for configuring the network node via the user interface; and executing the modified configuration command to configure the network node.
  15. 15 . The one or more non-transitory computer-readable media of claim 13 , wherein the acts further comprise: receiving a request to modify a node-specific signature of a network node in the software-defined traffic routing mesh network; and performing at least one of activating a first service or deactivating a second service of the network node according to the request to change the node-specific signature of the network node to a different node-specific signature.
  16. 16 . A system, comprising: one or more processors; and memory including a plurality of computer-executable components that are executable by the one or more processors to perform a plurality of actions, the plurality of actions comprising: receiving an architecture plan for a software-defined traffic routing mesh network that includes multiple tiers of network nodes for routing network data traffic between one or more client devices and an external network; procuring network nodes for the multiple tiers via a computing device associated with a mesh network provider or via procurement network nodes for one or more of the multiple tiers that are associated with different independent entities; generating a first configuration file based at least on the architecture plan and node information of procured network nodes, the first configuration file for configuring the network nodes in the multiple tiers into the software-defined traffic routing mesh network; implementing the first configuration file to upload corresponding sets of network connection configurations into each node of the procured network nodes to network each node with one or more other network nodes to create the software-defined traffic routing mesh network; receiving a modified architecture plan that modifies the software-defined traffic routing mesh network that includes the multiple tiers of the network node; using the modified architecture plan and the node information of the network nodes, generating a second configuration file for configuring the network nodes into a modified software-defined traffic routing mesh network; terminating the routing of network data traffic of at least one client device of the one or more client devices through the software-defined traffic routing mesh network; directing the network nodes in the software-defined traffic routing mesh network to boot or reboot, causing the network nodes to read configuration commands in the second configuration file that are identified for the network nodes, respectively; at each of the network nodes in the modified software-defined traffic routing mesh network, creating network interfaces with one or more other network nodes in accordance with the read configuration commands; routing the network data traffic of the one or more client devices through the modified software-defined traffic routing mesh network; receiving a request to modify a node-specific signature of a network node in a software-defined traffic routing mesh network, the software-defined traffic routing mesh network including multiple tiers of network nodes for routing network data traffic between one or more client devices and an external network; and performing at least one of activating a first service or deactivating a second service of the network node according to the request to change the node-specific signature of the network node to a different node-specific signature.
  17. 17 . The system of claim 16 , wherein the node-specific signature indicates that the network node is a web server, an application server, or a mail server.
  18. 18 . The system of claim 16 , wherein the first service or the second service is provided by a third-party software service or a software application installed on the network node.

Description

CROSS-REFERENCE TO RELATED PATENT APPLICATION This application claims priority to U.S. Provisional Patent Application No. 63/451,853, filed on Mar. 13, 2023, entitled “Software-Defined Traffic Routing Mesh Network Modifications,” which is hereby incorporated by reference in its entirety. BACKGROUND The Internet has become an integral part of daily life for most people, and many people are at least somewhat familiar with the notion that their online activities on the Internet leave digital signatures that can be traced. For example, when a user visits a website, information such as the user's Internet Protocol (IP) address, an approximate physical location of the user, the user's time zone and language preference may be collected by an Internet Service Provider (ISP) or a third-party monitoring entity. In addition, the operating system, browser type, software, fonts, audio stack, and plug-ins of the user may be determined to provide a digital signature of the user. Various entities, including private companies and government organizations, may monitor and track such digital activities and signatures. For example, a company may track the digital signatures of website visitors to enhance marketing capabilities by identifying the information of individuals and organizations that visited a website, the identities of such individuals and organizations, as well as the locations of such individuals and organizations. Accordingly, Internet research and other activities conducted by some individuals and organizations that are sensitive in nature may require some degree of obfuscation. For example, a law firm may need to explore information related to a potential lawsuit without leaving digital traces that can be attributed to their firm. Similarly, an investment banking organization may need to conduct private due diligence research in anticipation of financing a start-up or prior to participating in a merger or acquisition. While conducting investigative work, federal and state government agencies may have legitimate needs to cloak their digital signatures so that criminal organizations are not tipped off to their identities. This is because some criminal organizations may have sufficient technological capabilities to detect and identify digital signatures associated with law enforcement activities. To prevent online tracking, anonymity networks like the Onion Router (Tor) and the Invisible Internet Project (i2p) have emerged to conceal user identities by removing links between a user's IP address, the user's digital fingerprint, and the user's online activities. In addition, to establish a secure and private online presence, virtual private networks (VPNs) are available for use that can provide tunneling and encryption of transmitted data. While such anonymity networks and VPNs support privacy and secure Internet services such as web browsing and Voice over Internet Protocol (VOIP) for individuals, these solutions have some deficiencies when used by organizations. Anonymity networks can be slow, and activity logs of the associated cyber activities are often inaccessible. While an organization may want to obscure Internet traffic from some entities that are monitoring activity, from a defensibility perspective, the organization may need to know and be able to audit the cyber activities engaged in by their employees. SUMMARY Described herein is a software-defined traffic routing mesh network that utilizes secure private network connections, such as virtual private networks (VPNs) connections, and a high availability (HA) mesh topology to route network data traffic while modifying the digital signature of the internet traffic. Accordingly, incoming and outgoing network data traffic from client devices may be obfuscated so that the network data traffic of the client devices may appear to come from network locations that are different from the actual network locations of the client devices. For example, the software-defined traffic routing mesh network may include exit network nodes to the Internet that provide points of presence (POP) at various locations around the world, such that the network infrastructure behind the network data traffic and the origins of network data traffic are obfuscated from a monitoring entity. Furthermore, the use of POP at various locations may enable network data traffic from the client devices to blend in with local network data traffic at the various locations, thereby further obfuscating sensitive network data traffic from the attention of the monitoring entities. In some instances, the software-defined traffic routing mesh network may further modify the language packs, web browsers, and/or operating systems associated with the network data traffic of the client devices as the network data traffic is routed through the mesh network. This may further obfuscate the nature of the network data traffic or blend the network data traffic with local network data traffic at various locations. Nev