REDUCING LATENCY OF SPLIT-TERMINATED SECURE COMMUNICATION PROTOCOL SESSIONS
Granted: March 26, 2009
Application Number:
20090083538
A method is provided for establishing a split-terminated secure communication connection between a client and a server. A first network intermediary intercepts a secure communication connection request directed from the client to the server. A second intermediary having a digital certificate in the name of the server (and a corresponding private key) acts in place of the server to establish a first secure communication session with the client, during which it receives a secret from the…
SERVICE CURVE MAPPING
Granted: January 8, 2009
Application Number:
20090010166
A method for configuring service curves for managing the output port of a networking device includes the following steps. A multitude of traffic classes is defined, each traffic class being characterized by a bandwidth and a delay priority. A multitude of traffic service curves is computed, each of the plurality of traffic service curves is associated with a different one of the multitude of traffic classes. At least one of the multitude of traffic classes service curves is characterized…
TRANSACTION ACCELERATOR FOR CLIENT-SERVER COMMUNICATIONS SYSTEMS
Granted: December 25, 2008
Application Number:
20080320106
In a network having transaction acceleration, for an accelerated transaction, a client directs a request to a client-side transaction handler that forwards the request to a server-side transaction handler, which in turn provides the request, or a representation thereof, to a server for responding to the request. The server sends the response to the server-side transaction handler, which forwards the response to the client-side transaction handler, which in turn provides the response to…
TRANSACTION ACCELERATOR FOR CLIENT-SERVER COMMUNICATIONS SYSTEMS
Granted: December 25, 2008
Application Number:
20080320151
Self-discovering transaction accelerators improve communications between a client and a server. A client directs a message to a server. A client-side transaction accelerator intercepts the message, terminates the connection with the client, and accelerates the request by replacing segments of data with references. The accelerated request is forwarded to a server-side transaction accelerator through a new connection. The server-side transaction accelerator reconstructs the message by…
COOPERATIVE PROXY AUTO-DISCOVERY AND CONNECTION INTERCEPTION
Granted: December 25, 2008
Application Number:
20080320154
In a network supporting transactions between clients and servers and proxies that are interposable in a network path between at least one client and at least one server, wherein a pair of proxies can modify a packet stream between a client and a server such that packet data from the client to the server is transformed at a client-side proxy of the proxy pair and untransformed at a server-side proxy of proxy pair and such that packet data from the server to the client is transformed at…
HYBRID SEGMENT-ORIENTED FILE SERVER AND WAN ACCELERATOR
Granted: November 13, 2008
Application Number:
20080281908
In a network including WAN accelerators and segment-oriented file servers, a method comprises responding to a client request to manipulate a file via a network file protocol by receiving a first request at a first WAN accelerator, wherein the request is a request to open a file located at a file server that is a segment-oriented file server, sending a local request for the file, corresponding to the first request, from the WAN accelerator to the file server, using a segment-aware network…
METHOD AND APPARATUS FOR ACCELERATION BY PREFETCHING ASSOCIATED OBJECTS
Granted: September 11, 2008
Application Number:
20080222244
Association information is used to build association trees to associate base pages and embedded objects at a proxy. An association tree has a root node containing a URL for a base page, and zero or more leaf nodes each containing a URL for an embedded object. In most cases, an association tree will maintain the invariant that all leaves contain distinct URLs. However, it is also possible to have an association tree in which the same URL appears in multiple nodes. An association tree may…
DATA SEGMENTATION USING SHIFT-VARYING PREDICATE FUNCTION FINGERPRINTING
Granted: July 3, 2008
Application Number:
20080159331
Shift-varying segmentation uses a shift-varying predicate function to evaluate input data within a sliding window to determine if the current sliding window position should be a segment boundary. The shift-varying predicate function is a function of both the input data within the sliding window and the position of the sliding window relative to a previous segment boundary or the beginning of the input data. The shift-varying predicate function includes a containment property and may…
THROTTLING OF PREDICTIVE ACKS IN AN ACCELERATED NETWORK COMMUNICATION SYSTEM
Granted: January 3, 2008
Application Number:
20080005274
In a system where transactions are accelerated with asynchronous writes that require acknowledgements, with pre-acknowledging writes at a source of the writes, a destination-side transaction accelerator includes a queue for queue writes to a destination, at least some of the writes being pre-acknowledged by a source-side transaction accelerator prior to the write completing at the destination, a memory for storing a status of a destination-side queue and possibly other determinants, and…
Cooperative Operation of Network Transport and Network Quality of Service Modules
Granted: December 27, 2007
Application Number:
20070297414
Methods, systems, and apparatus provide efficient and flexible networking quality of service as well as transport protocol design. A hybrid transport/network quality of service (HNTQ) scheme improves the performance of TCP over specific links or network paths that are subject to high latency, a high bandwidth-delay product, high packet loss, and/or bit errors. A callback mechanism can be used between a packet scheduler and a transport module to control the transmission rate of packets…
SERVICE CURVE MAPPING
Granted: December 27, 2007
Application Number:
20070297348
A method for configuring service curves for managing the output port of a networking device includes the following steps. A multitude of traffic classes is defined, each traffic class being characterized by a bandwidth and a delay priority. A multitude of traffic service curves is computed, each of the plurality of traffic service curves is associated with a different one of the multitude of traffic classes. At least one of the multitude of traffic classes service curves is characterized…
SELECTING PROXIES FROM AMONG AUTODISCOVERED PROXIES
Granted: December 6, 2007
Application Number:
20070283023
Network devices include proxies and where multiple proxies are present on a network, they can probe to determine the existence of other proxies. Where more than two proxies are present and thus different proxy pairings are possible, the proxies are programmed to determine which proxies should form a proxy pair. Marked probe packets are used by proxies to discover each other and probing is done such a connection can be eventually formed even if some probe packets fail due to the marking.…
ADDRESS MANIPULATION FOR NETWORK TRANSPARENCY AND TROUBLESHOOTING
Granted: December 6, 2007
Application Number:
20070283024
In address-manipulation enabled transaction accelerators, the transaction accelerators include outer-connection addressing information in packets emitted over an inner connection between transaction accelerators and inner-connection addressing information is added in packets sent over the inner connection. The inner-connection addressing information can be carried in TCP option fields, directly in other fields, or indirectly through data structures maintained by the endpoints processing…
Congestion management over lossy network connections
Granted: April 19, 2007
Application Number:
20070086335
A network stack includes a packet loss analyzer that distinguishes between packet losses due to congestion and due to lossyness of network connections. The loss analyzer observes the packet loss patterns for comparison with a packet loss model. The packet loss model may be based on a Forward Error Correction (FEC) system. The loss analyzer determines if lost packets could have been recovered by a receiving network device, if FEC had been used. If the lost packets could have been…
Automatic framing selection
Granted: March 22, 2007
Application Number:
20070064717
Network traffic is monitored and an optimal framing heuristic is automatically determined and applied. Framing heuristics specify different rules for framing network traffic. While a framing heuristic is applied to the network traffic, alternative framing heuristics are speculatively evaluated for the network traffic. The results of these evaluations are used to rank the framing heuristics. The framing heuristic with the best rank is selected for framing subsequent network traffic. Each…
Serial clustering
Granted: March 8, 2007
Application Number:
20070053297
Serial clustering uses two or more network devices connected in series via a local and/or wide-area network to provide additional capacity when network traffic exceeds the processing capabilities of a single network device. When a first network device reaches its capacity limit, any excess network traffic beyond that limit is passed through the first network device unchanged. A network device connected in series with the first network device intercepts and will process the excess network…
Split termination for secure communication protocols
Granted: February 15, 2007
Application Number:
20070038853
Transaction accelerators can be configured to terminate secure connections. A server-side accelerator intercepts a secure connection request from a client and directed to a server. The server-side accelerator responds to secure connection request in place of the server, thereby establishing a secure connection between the client and the server-side accelerator. Alternatively, the server-side accelerator monitors the establishment of a secure connection between the client and the server.…
Connection forwarding
Granted: November 2, 2006
Application Number:
20060248194
Two or more network traffic processors connected with the same LAN and WAN are identified as neighbors. Neighboring network traffic processors cooperate to overcome asymmetric routing, thereby ensuring that related sequences of network traffic are processed by the same network proxy. A network proxy can be included in a network traffic processor or as a standalone unit. A network traffic processor that intercepts a new connection initiation by a client assigns a network proxy to handle…
Rules-based transaction prefetching using connection end-point proxies
Granted: September 21, 2006
Application Number:
20060212524
Network proxies reduce server latency in response to series of requests from client applications. Network proxies intercept messages clients and a server. Intercepted client requests are compared with rules. When client requests match a rule, additional request messages are forwarded to the server on behalf of a client application. In response to the additional request messages, the server provides corresponding response messages. A network proxy intercepts and caches the response…
Reliability and availablity of distributed servers
Granted: September 21, 2006
Application Number:
20060212935
A system of network proxies distributes data to multiple servers. Each network proxy is associated with a server. A network proxy intercepts a client request for data. If the network proxy determines that the request can be served using a copy of data stored on the local server, rather than the data stored on a remote server, it diverts the request to the local server. If the network proxy determines that the request cannot be served using a data from the local server, the network proxy…
