Optimized prefetching of compound data
Granted: October 1, 2013
Patent Number:
8549108
Access to compound data over a wide-area network is optimized by analyzing metadata within compound data to identify internal and external data streams to be prefetched. Upon receiving or intercepting a network packet including an access request for a data resource, metadata in this data resource is analyzed to identify associated data streams and their storage locations within and/or outside of the data resource. Data streams may be proactively or reactively prefetched. Proactive…
Method and apparatus for acceleration by prefetching associated objects
Granted: September 10, 2013
Patent Number:
8533310
Association information is used to build association trees to associate base pages and embedded objects at a proxy. An association tree has a root node containing a URL for a base page, and zero or more leaf nodes each containing a URL for an embedded object. In most cases, an association tree will maintain the invariant that all leaves contain distinct URLs. However, it is also possible to have an association tree in which the same URL appears in multiple nodes. An association tree may…
Integrating WAN optimization devices with content delivery networks
Granted: August 20, 2013
Patent Number:
8516158
WAN optimization devices and content delivery networks together optimize network traffic on both private networks and public WANs such as the internet. A WAN optimization device intercepts and optimizes network traffic from clients within a private network. The WAN optimization device communicates this first optimized network traffic to the nearest edge computer in the content delivery network via a public WAN, such as the internet. This edge computer further optimizes the network…
Method and apparatus for distributing licenses
Granted: August 20, 2013
Patent Number:
8516090
A method and apparatus are provided for distributing or redistributing licenses from a failed or unavailable license controller to one or more backup license controllers. Each controller has an initial count of licenses it can serve or allocate to clients desiring access to licensed electronic content. Each controller maintains a set of data that identifies the initial license counts and that also identifies backup relationships between controllers. Each such relationship for a given…
Service curve mapping
Granted: August 13, 2013
Patent Number:
8509070
A method for configuring service curves for managing the output port of a networking device includes the following steps. A multitude of traffic classes is defined, each traffic class being characterized by a bandwidth and a delay priority. A multitude of traffic service curves is computed, each of the plurality of traffic service curves is associated with a different one of the multitude of traffic classes. At least one of the multitude of traffic classes service curves is characterized…
Content-based segmentation scheme for data compression in storage and transmission including hierarchical segment representation
Granted: August 13, 2013
Patent Number:
8508389
In a coding system, input data within a system is encoded. The input data might include sequences of symbols that repeat in the input data or occur in other input data encoded in the system. The encoding includes determining a target segment size, determining a window size, identifying a fingerprint within a window of symbols at an offset in the input data, determining whether the offset is to be designated as a cut point and segmenting the input data as indicated by the set of cut…
Connection based anomaly detection
Granted: August 6, 2013
Patent Number:
8504879
A system for detecting network intrusions and other conditions in a network is described. The system includes a plurality of collector devices that are disposed to collect data and statistical information on packets that are sent between nodes on a network. An aggregator device is disposed to receive data and statistical information from the plurality of collector devices. The aggregator device produces a connection table that maps each node on the network to a record that stores…
Virtualized data storage applications and optimizations
Granted: August 6, 2013
Patent Number:
8504670
Virtual storage arrays consolidate branch data storage at data centers connected via wide area networks. Virtual storage arrays appear to storage clients as local data storage, but actually store data at the data center. Virtual storage arrays may prioritize storage client and prefetching requests for communication over the WAN and/or SAN based on their associated clients, servers, storage clients, and/or applications. A virtual storage array may transfer large data sets from a data…
Identifying and analyzing network configuration differences
Granted: July 23, 2013
Patent Number:
8493883
A contextual and semantic analysis of network entities facilitates a mapping and comparison of the entities between network models. The system includes a plurality of refine handler and match handler pairs that use rules that are specific to the type of network entities being analyzed. The refine handler analyzes the network model to identify the entities for which its rules apply, and the match handler processes these identified entities to establish a pairing between corresponding…
Selective monitoring of software applications
Granted: July 23, 2013
Patent Number:
8495577
An application monitoring system autonomously selects routines for performance monitoring based on characteristics of the content of the routines. These characteristics are preferably related to aspects of routines that are likely candidates for performance improvement, such as repetitive loops, event waits, synchronized blocks, and on. Routines that appear to be relatively un-improvable are excluded from initial monitoring, and routines that are subsequently determined to be relatively…
End-to end analysis of transactions in networks with traffic-altering devices
Granted: July 23, 2013
Patent Number:
8493871
In a network that includes intermediary nodes, such as WAN accelerators, that transform messages between nodes, an end-to-end path of the messages is determined. The determined end-to-end path is used in subsequent analysis of message traces, to identify timing and other factors related to the performance of the network relative to the propagation of these messages, including the propagation of the transformed messages. A variety of techniques are presented for determining the path of…
Aggregator for connection based anomaly detection
Granted: July 2, 2013
Patent Number:
8479057
A system for detecting network intrusions and other conditions in a network is described. The system includes a plurality of collector devices that are disposed to collect data and statistical information on packets that are sent between nodes on a network. An aggregator device is disposed to receive data and statistical information from the plurality of collector devices. The aggregator device produces a connection table that maps each node on the network to a record that stores…
Reducing latency of split-terminated secure communication protocol sessions
Granted: July 2, 2013
Patent Number:
8478986
A method is provided for establishing a split-terminated secure communication connection between a client and a server. A first network intermediary intercepts a secure communication connection request directed from the client to the server. A second intermediary having a digital certificate in the name of the server (and a corresponding private key) acts in place of the server to establish a first secure communication session with the client, during which it receives a secret from the…
Interception of a cloud-based communication connection
Granted: June 25, 2013
Patent Number:
8473620
Methods and apparatus are provided for intercepting a client-server communication connection in a computing environment. A first network intermediary configured to facilitate optimization of client-server transactions may be installed in a path of communications between the client and the server. A second network intermediary configured to cooperate with the first network intermediary is not in the path of communications between the client and the server. The first network intermediary…
Impact scoring and reducing false positives
Granted: June 25, 2013
Patent Number:
8472328
Some embodiments of the present invention provide systems and methods for detecting anomalies in network traffic. Some embodiments detect anomalies based on time-series activity in network traffic. Upon detection of an anomaly, significant changes can be analyzed to identify abnormal changes in network traffic across different network entities. The identified changes can then be used to determine the cause and the impact of the detected anomaly on the network traffic.
Cross-session protocol acceleration and its application to storage area network file systems
Granted: June 11, 2013
Patent Number:
8463941
Protocol acceleration is performed between clients and servers over a network wherein transport connections are established between clients/servers and/or their proxies for acceleration of traffic that uses certain protocols. A first transport connection for a first application protocol and a second transport connection for a second application protocol can be made between two proxies, wherein a client-side proxy is in communication with a client and a server-side proxy is in…
Throttling of predictive ACKs in an accelerated network communication system
Granted: June 11, 2013
Patent Number:
8463843
In a system where transactions are accelerated with asynchronous writes that require acknowledgements, with pre-acknowledging writes at a source of the writes, a destination-side transaction accelerator includes a queue for queue writes to a destination, at least some of the writes being pre-acknowledged by a source-side transaction accelerator prior to the write completing at the destination, a memory for storing a status of a destination-side queue and possibly other determinants, and…
Cooperative operation of network transport and network quality of service modules
Granted: June 11, 2013
Patent Number:
8462629
Methods, systems, and apparatus provide efficient and flexible networking quality of service as well as transport protocol design. A hybrid transport/network quality of service (HTNQ) scheme improves the performance of TCP over specific links or network paths that are subject to high latency, a high bandwidth-delay product, high packet loss, and/or bit errors. A callback mechanism can be used between a packet scheduler and a transport module to control the transmission rate of packets…
Address manipulation to provide for the use of network tools even when transaction acceleration is in use over a network
Granted: May 21, 2013
Patent Number:
8447802
In address-manipulation enabled transaction accelerators, the transaction accelerators include outer-connection addressing information in packets emitted over an inner connection between transaction accelerators and inner-connection addressing information is added in packets sent over the inner connection. The inner-connection addressing information can be carried in TCP option fields, directly in other fields, or indirectly through data structures maintained by the endpoints processing…
Method and apparatus for split-terminating a secure network connection, with client authentication
Granted: May 7, 2013
Patent Number:
8438628
A method and apparatus are provided for split-terminating a secure client-server communication connection, with client authentication. During handshaking between the client and the server, cooperating network intermediaries relay the handshaking messages, without altering the messages. At least one of the intermediaries possesses a private key of the server, and extracts a set of data fields from the handshaking messages, including a Client-Key-Exchange message that can be decrypted with…
