US20150195255A1 - Client-side http translator - Google Patents
Client-side http translator Download PDFInfo
- Publication number
- US20150195255A1 US20150195255A1 US14/613,255 US201514613255A US2015195255A1 US 20150195255 A1 US20150195255 A1 US 20150195255A1 US 201514613255 A US201514613255 A US 201514613255A US 2015195255 A1 US2015195255 A1 US 2015195255A1
- Authority
- US
- United States
- Prior art keywords
- compliant
- stream
- http
- client
- server
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Abandoned
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0464—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload using hop-by-hop encryption, i.e. wherein an intermediate entity decrypts the information and re-encrypts it before forwarding it
-
- H04L65/602—
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L65/00—Network arrangements, protocols or services for supporting real-time applications in data packet communication
- H04L65/60—Network streaming of media packets
- H04L65/75—Media network packet handling
- H04L65/762—Media network packet handling at the source
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/02—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L69/00—Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
- H04L69/08—Protocols for interworking; Protocol conversion
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Multimedia (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
- Computer And Data Communications (AREA)
Abstract
A network gateway device receives an HTTP compliant request stream from a client device over plural TCP connections, translates the HTTP compliant request stream received over the plural TCP connections into an HTTP non-compliant request stream for transmission over a lesser number of TCP connections, and transmits the HTTP non-compliant request stream to a server device over the lesser number of TCP connections. The network gateway device receives an HTTP non-compliant response stream from the server device over one or more TCP connections, translates the HTTP non-compliant response stream received over the one or more TCP connections into an HTTP compliant response stream for transmission over a greater number of TCP connections, and transmits the HTTP compliant response stream to a client device over the greater number of TCP connections.
Description
- The present application claims priority to and is a continuation of U.S. patent application Ser. No. 13/104,522, titled CLIENT-SIDE HTTP TRANSLATOR, filed May 10, 2011, and issued as U.S. Pat. No. 8,949,464, the entire contents of which are incorporated herein by reference in their entirety for all purposes.
- Information networks such as the Internet typically rely on communication protocols for coordinating information flows between computing devices on the network. The Hypertext Transfer Protocol (HTTP) is a commonly used application level protocol for communicating on the Internet within the Transmission Control Protocol (TCP) or User Datagram Protocol (UDP) transport layer of the Internet Protocol Suite. Recent advancements in application level protocols within the TCP framework, such as SPDY, HTTP-MPLEX, and others, and within the UDP framework, such as Asynchronous Reliable Delivery Protocol (ARDP), may not be supported by HTTP compliant clients. Thus, clients and servers may be unable to effectively communicate with each other or communications may be suboptimal if different or unsupported application level protocols are utilized among these clients and servers. For website operators and software developers, updating clients and servers to support such enhanced application level protocols can be prohibitively costly and time consuming, driving up costs for end users. As a result, a patchwork of interoperability exists for such enhanced protocols, which slows their adoption.
- A client-side HTTP translator is disclosed in the context of a network communications system and method. In at least one implementation, the network communications system includes a network gateway device. The network gateway device may be configured to receive from a client device via a client-side local area network, an HTTP compliant request stream including one or more HTTP compliant requests formatted according to an HTTP compliant application level protocol. The network gateway device may be configured to translate the HTTP compliant request stream into an encrypted HTTP non-compliant request stream including one or more HTTP non-compliant requests formatted according to an HTTP non-compliant application level protocol. The network gateway device may be configured to forward the HTTP non-compliant request stream to one or more server devices via a server-side wide area network. Claimed subject matter, however, is not limited by this summary as other implementations may be disclosed by the following written description and associated drawings.
-
FIG. 1 is a schematic diagram depicting an example network communications system according to one disclosed embodiment. -
FIG. 2 is a flow diagram depicting an example network communications method according to one disclosed embodiment. -
FIG. 3 is a schematic diagram depicting internal details of the example network communications system ofFIG. 1 according to one disclosed embodiment. -
FIGS. 4-9 are schematic diagrams depicting example modes of operation of the example network communications system and method ofFIGS. 1 and 2 . - A client-side HTTP translator is disclosed which facilitates network communications between client devices that support HTTP compliant application level protocols and server devices that support HTTP non-compliant application level protocols. The client-side HTTP translator may be implemented as a translator module of a network gateway device located between a client-side local area network (LAN) and a server-side wide area network (WAN). The network gateway device may serve a number of client devices of the client side LAN, and may be optionally implemented at or by a client device that is itself configured to function as a network gateway device for one or more other client devices of the client-side LAN.
- The network gateway device, for example, may serve as a SPDY proxy, HTTP-MPLEX proxy, ARDP proxy, or a proxy for other suitable enhanced application level protocols not compliant with the HTTP application level protocol. As used herein, an HTTP compliant application level protocol is compliant with the defined HTTP specification, such as RFC 1945/HTTP/1.0 and RFC 2616/HTTP/1.1. Further, SPDY refers to an enhanced application level protocol that has been developed by GOOGLE™, of Santa Clara, Calif. HTTP-MPLEX is a name given to an enhanced application level protocol proposed by Dr. Robert Mattson, Department of Computer Science and Computer Engineering, La Trobe University, Bundoora, Victoria, Australia. ARDP refers to the Asynchronous Reliable Delivery Protocol, which is a UDP protocol developed by John Heidemann et al. of the Information Sciences Institute of the University of Southern California. Such enhanced application level protocols may be referred to as HTTP non-compliant application level protocols.
-
FIG. 1 is a schematic diagram depicting an examplenetwork communications system 100 according to one disclosed embodiment.Network communications system 100 may include a number of computing devices, such as anetwork gateway device 110, a plurality ofclient devices 170 includingexample client device 120, and a plurality ofserver devices 160 includingserver device 130.Network gateway device 110 may facilitate network communications betweenclient devices 170 andserver devices 160 via respective client-side LAN 140 and server-side WAN 150. In at least some implementations,network gateway device 110 may be configured as or may be integrated with a wired or wireless network/Internet router device. Thus, thenetworking gateway device 110 may be a modem or wireless router enhanced with mass storage and a processor configured to execute the routines described herein. However, in at least some implementations,network gateway device 110 may itself be a client device (e.g., operable by a human user) of client-side LAN 140. - In at least some implementations,
network gateway device 110 may communicate withserver device 160 via anetwork appliance 190. As one example,network appliance 190 may include or may be configured as an application delivery controller and/or load balancer that terminates connections (e.g., is a terminating node) betweenservers 160 andnetwork gateway device 110. Accordingly,network appliance 190 may be a computing device including one or more processors and a storage device having instructions stored thereon executable by the one or more processors to provide the functionality described herein. For example,network gateway device 110 andnetwork appliance 190 may communicate with each other via server-side WAN 150 using a secure communications protocol (e.g., a TLS protocol or alternative secure protocol) supported by both thenetwork gateway device 110 andnetwork appliance 190. -
Network gateway device 110 may include astorage device 112 havinginstructions 114 stored thereon executable by aprocessor 118 to perform one or more of the methods, processes, or functions described herein with respect to a network gateway device.Instructions 114 may comprise software and/or firmware ofnetwork gateway device 110. As previously stated,network gateway device 110 may be configured as a dedicated wired and/or wireless router. However, in other implementations,network gateway device 110 may be a client device of the client-side LAN. For example,instructions 114 may comprise, at least in part, an operating system of a client device or a portion thereof that runs across all user sessions of the client device. As another example,instructions 114 may comprise, at least in part, an application program (e.g., a browser program) of a client device. As yet another example,instructions 114 may comprise a plug-in of a client device (e.g., a set of instructions executable within a run-time environment of a browser program) to enable the client device to function as the network gateway device described herein. - In at least some implementations,
network gateway device 110 may be configured to function (e.g., by executing instructions 114) as an intermediate networking device (e.g., a wired and/or wireless router) positioned in a network path between a client device and a server, which provides proxy functionality for SPDY or other suitable enhanced application level protocols not compliant with the HTTP application level protocol. As one example,instructions 114 may include an HTTP translator module for translating between HTTP compliant and HTTP non-compliant data streams as described in greater detail with reference toFIG. 3 .Instructions 114 may further include one or more other suitable modules for providing additional functionality beyond HTTP translation, including routing functions, encryption/decryption functions, buffering, etc. - In at least some implementations,
network gateway device 110 may be configured to function as a terminating network node. For example, TCP and/or TLS (transport level security) (e.g., SSL (secure socket layer)) connections betweenclient device 120 andserver device 130 may terminate atnetwork gateway device 110.Network gateway device 110 may have its own IP address in at least some implementations. On the client-side ofnetwork gateway device 110, TCP and/or TLS connections of client-side LAN 140 withrespective client devices 170 may terminate atnetwork gateway device 110. On the server-side ofnetwork gateway device 110, TCP and/or TLS connections of server-side WAN 150 may terminate at server devices 160 (or alternatively at network appliance 190) and atnetwork gateway device 110.Network gateway device 110 may be configured to inspect, modify, reject, route, or re-route requests and responses betweenclient devices 170 andserver devices 160 that utilize TCP and/or TLS protocols. - As a non-limiting example,
network gateway device 110 may facilitate or support client-sidelocal area network 140 having one ormore client devices 170. For example,network gateway device 110 may be configured to receive from one ormore client devices 170 via client-sidelocal area network 140, one or more HTTP compliant request streams. Each HTTP compliant request stream may include one or more HTTP compliant requests formatted according to an HTTP compliant application level protocol by a respective client device.Network gateway device 110 may be configured to translate the one or more HTTP compliant request streams into one or more HTTP non-compliant request streams addressed to one ormore server devices 160. Each HTTP non-compliant request stream may include one or more HTTP non-compliant requests formatted according to an HTTP non-compliant application level protocol, such as SPDY, for example.Network gateway device 110 may be configured to route (e.g., send or forward) the one or more HTTP non-compliant request streams to the one ormore server devices 160 via server-sidewide area network 150. -
Network gateway device 110 may be further configured to receive from the one ormore server devices 160 via server-sidewide area network 150, one or more HTTP non-compliant response streams. Each HTTP non-compliant response stream may include one or more HTTP non-compliant responses formatted according to the HTTP non-compliant application level protocol.Network gateway device 110 may be configured to translate the one or more HTTP non-compliant response streams into one or more HTTP compliant response streams addressed to the one ormore client devices 170. Each HTTP compliant response stream may include one or more HTTP compliant responses formatted according to the HTTP compliant application level protocol.Network gateway device 110 may be configured to route (e.g., send or forward) the one or more HTTP compliant response streams to the one ormore client devices 170 via client-sidelocal area network 140. -
Client device 120 may include astorage device 122 havinginstructions 124 stored thereon executable by aprocessor 128 to perform one or more of the methods, processes, or functions described herein with respect to a client device.Instructions 124 ofclient device 120 may include a browser program (e.g., web browser or file browser) for requesting, processing, and presenting information resources obtained fromserver devices 160. A browser program ofclient device 120 may support one or more HTTP compliant application level protocols in addition to or exclusive of an HTTP non-compliant application level protocol supported byserver device 130. As one example, a browser program ofinstructions 124 may be configured to send HTTP compliant requests over an HTTP compliant application level protocol specified number of TCP connections (e.g., up to six TCP connections) with another network device suchnetwork gateway device 110 orserver devices 160.Network gateway device 110 may be configured to establish one or more TCP connections withclient device 120 in response to receiving a TCP establishment request fromclient device 120 via client-side LAN 140.Client device 120 may be configured as, for example, a personal computer, mobile device, or other suitable electronic device that may be operated by a human user. -
Server device 130 may include astorage device 132 havinginstructions 134 stored thereon executable by aprocessor 138 to perform one or more of the methods, processes, or functions described herein with respect to a server device. As one example,server device 130 may be configured to receive requests forinformation resources 136 stored atserver device 130, and respond to such requests with the requested information resources.Server device 130 may support an HTTP non-compliant application level protocol in addition to or exclusive of an HTTP compliant application level protocol.Server device 130 may be configured to establish one or more TCP connections withnetwork gateway device 110 in response to receiving a TCP establishment request fromnetwork gateway device 110 via server-side WAN 150.Server device 150 may be an Internet server and server-side WAN 150 may include the Internet or portion thereof, for example. -
FIG. 2 is a flow diagram depicting an examplenetwork communications method 200 according to one disclosed embodiment. As one example,method 200 may be performed, at least in part, by previously describednetwork gateway device 110 ofFIG. 1 . Accordingly,method 200 may be implemented as instructions (e.g., instructions 114) executed by a processor of a network gateway device or other suitable computing device, in at least some implementations. - At 210, the method may include receiving an indication that a server device supports an HTTP non-compliant application level protocol and/or an indication that a client device supports an HTTP compliant application level protocol. For example, a browser program at the client device may support an HTTP compliant application level protocol, and a server device may support an HTTP non-compliant application level protocol such as SPDY. The request may be received from the server device via a server load balancer, application delivery controller, or other intermediate networking appliance.
- An indication that the client device supports the HTTP compliant application level protocol may be received as part of an initial TCP connection establishment request or as part of an HTTP compliant request received from the client device via a client-side LAN. The indication that the client device supports an HTTP compliant application level protocol may be received as a message that includes one or more of an IP address of the client device, client specific ID number or token, etc. and/or browser program identifier (e.g., browser program type and/or version number).
- An indication that the server device supports the HTTP non-compliant application level protocol may be received as part of an initial TCP connection establishment response or as part of a response received from the server device. Such a response may include an HTTP non-compliant response, or an initial HTTP compliant response, for example, if the server device also supports an HTTP compliant application level protocol. The indication that the server device supports the HTTP non-compliant application level protocol may be received as a message that includes one or more of an IP address of the server device, a Universal Resource Locator (URL) or other information resource identifier of a information resource residing at the server device, a server specific ID number or token, or other suitable identifier.
- The indication received from the client device may be stored at a database in association with the client identifier or browser program identifier where it may be available for reference. For subsequent sessions, for example, the database may be referenced to receive the indication that the client device supports the HTTP compliant application level protocol rather than or in addition to receiving the indication from the client device. Similarly, the indication received from the server device may be stored in a database in association with the server identifier or information resource identifier where it may be referenced to identify whether the server device supports the HTTP non-compliant application level protocol. Accordingly, the particular application level protocol supported by each of the client device and the server device may be identified from indications provided in previous sessions based on information contained in a database.
- At 212, the method may include sending an indication of one or more supported application level protocols (e.g., supported by the network gateway device) to the client device via the client-side LAN and/or sending an indication of one or more supported application level protocols (e.g., supported by the network gateway device) to the server device via the server-side WAN. As one example, the previously described network gateway device may select one or more application level protocols from the one or more application protocols supported by the client device and/or server device based on the indications received at 210.
- The network gateway device may send a message that indicates one or more supported application level protocols to the client device via the client-side LAN. The client device may receive the indication of the one or more supported application level protocols, and may send requests for information resources that are formatted according to a select one of the supported application level protocols. Similarly, the network gateway device may send a message that indicates one or more supported application level protocols to the server device via the server-side WAN. The server device receives the indication of the one or more supported application level protocols, and may send responses formatted according to a select one of the supported application level protocols. The responses may include the information resources requested by the client device via the network gateway server.
- At 214, the method includes receiving a request stream from the client device via the client-side LAN over one or more TCP connections with the client device. In at least some implementations, the request stream may include an HTTP compliant request stream including one or more HTTP compliant requests formatted according to an HTTP compliant application level protocol. The HTTP compliant request stream may include multiple HTTP compliant requests received in parallel or series from the client device over one or more TCP connections. The method at 214 may further include receiving a plurality of request streams (e.g., HTTP compliant request streams) from a plurality of client devices via the client-side LAN. The one or more requests of each request stream may include requests for information resources residing at one or more server devices
- At 216, the method includes translating the HTTP compliant request stream into an HTTP non-compliant request stream including one or more HTTP non-compliant requests formatted according to an HTTP non-compliant application level protocol. In at least some implementations, translating the HTTP compliant request stream into the HTTP non-compliant request stream may include multiplexing or demultiplexing the HTTP compliant request stream from an HTTP compliant application level protocol specified number of TCP connections of the client-side LAN to an HTTP non-compliant application level protocol specified number of TCP connections of the server-side WAN. For example, an HTTP compliant request stream received from a client device over six TCP connections via the client-side LAN may be multiplexed for transmission to a server device over a lesser number of TCP connections (e.g., a single TCP connection in the case of SPDY) via the server-side WAN.
- In at least some implementations, translating the HTTP compliant request stream into the HTTP non-compliant request stream may include compressing respective headers of the one or more HTTP compliant requests to the one or more HTTP non-compliant requests. In at least some implementations, the method may further include decrypting the HTTP compliant request stream prior to translating the HTTP compliant request stream into the HTTP non-compliant request stream.
- At 218, the method includes forwarding or sending the HTTP non-compliant request stream to one or more server devices via a server-side WAN. As previously discussed, the one or more HTTP non-compliant requests of the HTTP non-compliant request stream may be sent to the one or more server devices over an application protocol specified number of TCP connections (e.g., a single TCP connection per server device for SPDY). In at least some implementations, the method may further include encrypting or re-encrypting the HTTP non-compliant request stream prior to forwarding or sending the HTTP non-compliant request stream to the one or more server devices. The one or more server devices may receive, decrypt, process, and respond to the one or more HTTP non-compliant requests of the HTTP non-compliant request stream by sending an HTTP non-compliant response stream via the server-side WAN over one or more TCP connections with the network gateway device.
- At 220, the method includes receiving from the one or more server devices via the server-side WAN, an HTTP non-compliant response stream including one or more HTTP non-compliant responses formatted according to an HTTP non-compliant application level protocol. The one or more HTTP non-compliant responses may be responsive to the one or more HTTP non-compliant requests sent or forwarded to the one or more server devices by the network gateway device. In at least some implementations, HTTP non-compliant responses may be received from the one or more server devices over the application protocol specified number of TCP connections between the network gateway device and the one or more server devices.
- At 222, the method includes translating the HTTP non-compliant response stream into one or more an HTTP compliant response stream including one or more HTTP compliant requests formatted according to the HTTP compliant application level protocol. In at least some implementations, translating the HTTP non-compliant response stream into the HTTP compliant response stream may include multiplexing or demultiplexing the HTTP non-compliant response stream from an HTTP non-compliant application level protocol specified number of TCP connections of the server-side WAN to an HTTP compliant application level protocol specified number of TCP connections of the client-side LAN. For example, an HTTP non-compliant response stream received from a server device over a single TCP connection via the server-side WAN may be demultiplexed for transmission to a client device over a greater number of TCP connections (e.g., two, three, or more TCP connections) via the client-side LAN.
- In at least some implementations, translating the HTTP non-compliant response stream into the HTTP compliant response stream may include uncompressing respective headers of the one or more HTTP non-compliant responses to obtain the one or more HTTP compliant responses. In at least some implementations, the method may further include decrypting the HTTP non-compliant response stream prior to translating the HTTP non-compliant response stream into the HTTP compliant response stream.
- At 224, the method may include forwarding the HTTP compliant response stream to the client device via the client-side local area network. The client device may receive the HTTP compliant response stream via the client-side LAN, and processes the HTTP compliant response stream at a browser program, for example, that supports the HTTP compliant application level protocol. In at least some implementations, the method may further include encrypting or re-encrypting the HTTP compliant response stream prior to forwarding the HTTP compliant response stream to the client device.
- In at least some implementations,
method 200 may further include identifying a performance parameter of an existing TCP connection between the network gateway device and the server device, and initiating a new TCP connection with the server device based, at least in part, on the performance parameter of the existing TCP connection exceeding a threshold. The performance parameter may include, for example, one or more of a round trip time, packet loss, TCP receive window, or congestion window. As one example, if the round trip time (e.g., as measured by or at the network gateway device) of a pre-existing TCP connection between the network gateway device and the server device exceeds a threshold round trip time or packet loss exceeds a threshold packet loss, then the network gateway device may open a new TCP connection to the server device. As another example, if the TCP receive window for a given TCP connection (e.g., as measured by or at the client device, and communicated to the network gateway device) is less than a threshold TCP receive window or if a congestion window (e.g., as measured by or at the network gateway device) is less than a threshold congestion window, then the network gateway device may open a new TCP connection to the server device. -
FIG. 3 is a schematic diagram depicting the internal details of the examplenetwork communications system 100 ofFIG. 1 according to one disclosed embodiment.FIG. 3 depicts anetwork gateway device 310 including a client-side module 312, atranslator module 314, and a server-side module 318, which may collectively correspond to previously describedinstructions 114 ofnetwork gateway device 110.FIG. 3 depicts twoclient devices server devices network gateway device 310. Other example modes of operation ofnetwork gateway device 310 are described in greater detail with reference toFIGS. 4-9 . - In
FIG. 3 , an HTTP compliant program 324 (i.e., a program enabled to communicate by an HTTP compliant protocol) ofclient device 320 is depicted sending HTTPcompliant requests 322 of an HTTP compliant request stream including two HTTP requests (e.g., HTTP_1A and HTTP_2A) tonetwork gateway device 310, for example, over one or more TCP connections of a client-side LAN. As one example, the request stream may be transmitted byclient device 320 sending a first request (HTTP_1A) tonetwork gateway device 310 over a first TCP connection and a second request (HTTP_2A) tonetwork gateway device 310 over a second TCP connection. As another example, the first request (HTTP_1A) may be sent byclient device 320 over a TCP connection followed by the second request (HTTP_2A) sent byclient device 320 over the same TCP connection.Client device 321 is also depicted sending an HTTP compliant request (e.g., HTTP_3A) tonetwork gateway device 310 via the client-side LAN. InFIG. 3 , communications associated withclient device 321 are depicted using broken lines to enable such communications to be distinguished from communications associated withclient device 320. -
Network gateway device 310 receives the HTTP compliant requests at client-side module 312. Anencryption terminator 362 of client-side module 312 may be configured to decrypt HTTP compliant requests of an HTTP compliant request stream, for example, if the request stream was encrypted by a client device.Encryption terminator 362 may support any type of encryption. For example,encryption terminator 362 may support SSL (secure socket layer), TLS (transport layer security), or other suitable encryption protocol or secure protocol. Buffer 364 of client-side module 312 may buffer the HTTP compliant requests before the HTTP compliant requests are processed bytranslator module 314. -
Translator module 314 may be configured to translate HTTP compliant requests received via client-side module 312 into HTTP non-compliant requests that may be sent or forwarded to respective server devices.Translator module 314 may comprise a number of modules, including one or more of arules engine 376,stream composer module 374,rewriter module 378,stream decomposer module 366, protocol module 380, androuting module 379. -
Rules engine 376 may be configured to examine HTTP compliant requests and determine whether to apply a particular rule of a defined ruleset, for example, in response to satisfaction of a given condition by an HTTP compliant request.Rules engine 376 may apply such rules by instructing one or more of the other modules oftranslator module 314. -
Stream composer module 374 may be configured to translate an HTTP compliant request stream to an HTTP non-compliant request stream by multiplexing or demultiplexing the HTTP compliant request stream from an HTTP compliant application level protocol specified number of TCP connections (e.g., six TCP connections) received over the client-side LAN to an HTTP non-compliant application level protocol specified number of TCP connections (e.g., a single TCP connection per target server device in the case of SPDY) for the HTTP non-compliant request stream to be sent over the server-side WAN. - For example,
FIG. 3 depictsstream composer module 374 multiplexing HTTP compliant requests HTTP_1A and HTTP_2A of an HTTP compliant request stream to HTTP non-compliant request HTTP+_4A of an HTTP non-compliant request stream. As another example,stream composer module 374 may be instructed to demultiplex an HTTP compliant request stream to an HTTP non-compliant request stream having a greater number of TCP connections. For example, exemplary methods that may be used bytranslator module 314 to increase parallelism in TCP connections are described in co-pending U.S. patent application Ser. No. 13/004,894, entitled INFORMATION RESOURCE MODIFICATION FOR HIGHER NETWORK CONNECTION CONCURRENCE, filed Jan. 12, 2011, the entire disclosure of which is herein incorporated by reference. As yet another example,stream composer module 374 may be instructed not to vary the number of TCP connections between an HTTP compliant request stream received over a client-side LAN and an HTTP non-compliant request stream sent to a server device over a server-side WAN. For example, HTTP compliant request HTTP_3A received over a single TCP connection via the client-side LAN may be translated to HTTP non-compliant request HTTP+_5A sent toserver device 331 over a single TCP connection via the server-side WAN. HTTP non-compliant requests HTTP+_4A and HTTP+_5A are examples of enhanced HTTP non-compliant request streams. - Alternatively or additionally,
stream composer module 374 may be configured to translate the HTTP compliant request stream to the HTTP non-compliant request stream by compressing respective headers of the one or more HTTP compliant requests to the one or more HTTP non-compliant requests of the HTTP non-compliant request stream.Stream composer module 374 may be configured to receive instructions fromrules engine 376 and may perform actions in response thereto or based on default instructions. -
Rewriter module 378 may be configured to modify (e.g., rewrite) one or more of a URL, a header, or a data payload of an HTTP compliant request of an HTTP compliant request stream.Rewriter module 378 may modify the HTTP compliant request stream in response to instructions received fromrules engine 376 or based on default rules. As one example,rewriter module 378 may be configured to modify respective headers of the HTTP compliant request stream to remove or add an IP address of the originating client device, an IP address of a target server device, a header map, and/or a cookie. Another example of modifying an HTTP compliant request stream includes rejecting certain HTTP compliant requests (e.g., refuse connections originating from or addressed to a particular geographic region or IP address).Rewriter module 378 may modify an HTTP compliant request stream by filtering one or more HTTP compliant requests from the HTTP compliant request stream. -
Routing module 379 may be configured to route (e.g., send or forward) requests received from a plurality of client devices to respective target server devices by applying any suitable routing process.Routing module 379 may route communications in response to instructions received fromrules engine 376 or based on default rules. - Protocol module 380 may be configured to select an HTTP compliant protocol and/or an HTTP non-compliant protocol to be applied to each of the client-side LAN communications and the server-side WAN communications from a plurality of protocols supported by the network gateway device (e.g., as indicated by the network gateway device at 212 of method 200). Protocol module 380 may select a protocol in response to instructions received from
rules engine 376 or based on default rules. Hence, the network gateway device may be configured to translate between a variety of HTTP compliant protocols and a variety of enhanced protocols (e.g., HTTP non-compliant protocols) in at least some implementations. - As one example, protocol module 380 may be configured to receive an indication, such as a message, token, data element, etc., from either
client device 320 orserver device 330. Protocol module 380 may be configured to store the indication received fromclient device 120 orserver device 330 where it may be referenced by protocol module 380. For subsequent sessions, for example,network gateway device 310 may be configured to receive the indication for the client device or server device from a database based on a client identifier or a server identifier, for example.Network gateway device 110 may be configured to send an indication of one or more supported application level protocols toclient device 320 orserver device 330. As one example, the indication may be a message sent from the server device to the network gateway device indicating that the server device is able to interpret data sent according to the SPDY protocol or other suitable HTTP non-compliant protocol. - Another
encryption terminator 370 of server-side module 318 may be configured to encrypt or re-encrypt the HTTP non-compliant request stream. As similarly described with reference toencryption terminator 362 of the client-side module 312,encryption terminator 370 may support any type of encryption, including SSL, TLS, or other suitable encryption protocol or secure protocol. Server-side module 318 may be configured to send respective requests of HTTP non-compliant request stream to one or more server devices such asserver devices network appliance 190. In these implementations, the TLS protocol or other suitable secure protocol applied byencryption terminator 370 may be supported by bothnetwork gateway device 310 and the intermediate network appliance. Thus, the secure protocol may be periodically changed according to a message sent from the intermediate network appliance to thenetwork gateway device 310. Further, security is enhanced since the secure protocol may be a proprietary protocol, and/or may be known only to the network gateway device and the intermediate network appliance. - In
FIG. 3 , the HTTP non-compliant request stream (HTTP+_4A) associated withclient device 320 is sent toserver device 330 where the HTTP non-compliant request stream is received atserver program 334 as HTTP+REQS 332. HTTP non-compliant request stream (HTTP+_5A) associated withclient device 321 is sent toserver device 331.Server devices server program 334 may be sent tonetwork gateway device 310 via server-side WAN. - HTTP non-compliant response streams (e.g., HTTP+_4B and HTTP+_5B) each including one or more HTTP non-compliant responses may be received by server-
side module 318 ofnetwork gateway device 310 via the server-side WAN. HTTP non-compliant responses HTTP+_4B and HTTP_+5B are examples of an enhanced HTTP non-compliant response stream.Encryption terminator 370 of server-side module 318 may be configured to decrypt the HTTP non-compliant response streams, for example, if the HTTP non-compliant response streams were encrypted by the server devices. Abuffer 372 of server-side module 318 may be configured to buffer the HTTP non-compliant response streams. -
Translator module 314 may be configured to translate HTTP non-compliant responses received via server-side module 318 into HTTP compliant responses that may be sent or forwarded to respective client devices.Rules engine 376 may be configured to examine HTTP non-compliant responses and determine whether to apply a particular rule of a defined ruleset, for example, in response to satisfaction of a given condition by an HTTP non-compliant response.Rules engine 376 may apply such rules by instructing one or more of the other modules oftranslator module 314. -
Stream decomposer module 366 may be configured to translate an HTTP non-compliant response stream to an HTTP compliant response stream by multiplexing or demultiplexing the HTTP non-compliant response stream from an HTTP non-compliant application level protocol specified number of TCP connections (e.g., a single TCP connection in the case of SPDY) received over the server-side WAN to an HTTP compliant application level protocol specified number of TCP connections (e.g., a greater number of TCP connection per target client device) for the HTTP compliant response stream to be sent over the client-side LAN. - For example,
FIG. 3 depictsstream decomposer module 366 demultiplexing HTTP non-compliant response HTTP+_4B of an HTTP non-compliant response stream to HTTP compliant responses HTTP_1B and HTTP_2B of an HTTP compliant response stream. As another example,stream decomposer module 366 may be instructed to multiplex an HTTP non-compliant response stream to an HTTP compliant response stream having a greater number of TCP connections. As yet another example,stream composer module 374 may be instructed not to vary the number of TCP connections between an HTTP non-compliant response stream received over a server-side WAN and an HTTP compliant response stream sent to a client device over a client-side LAN. For example, HTTP non-compliant response HTTP+_5B received over a single TCP connection via the server-side WAN may be translated to HTTP compliant response HTTP_3A sent toclient device 321 over a single TCP connection via the client-side LAN. - Alternatively or additionally,
stream decomposer module 366 may be configured to translate the HTTP non-compliant response stream to the HTTP compliant response stream by uncompressing respective headers of the one or more HTTP non-compliant responses to the one or more HTTP compliant responses of the HTTP compliant response stream.Stream decomposer module 366 may be configured to receive instructions fromrules engine 376 and may perform actions in response thereto or based on default instructions. -
Rewriter module 378 may be configured to modify (e.g., rewrite) one or more of a URL, a header, or a data payload of an HTTP non-compliant response of an HTTP non-compliant response stream.Rewriter module 378 may modify the HTTP non-compliant response stream in response to instructions received fromrules engine 376 or based on default rules. As one example,rewriter module 378 may be configured to modify respective headers of the HTTP non-compliant response stream to remove or add an IP address of the originating client device, an IP address of a target server device, a header map, and/or a cookie. Another example of modifying an HTTP non-compliant response stream includes rejecting certain HTTP non-compliant response (e.g., refuse connections originating from or addressed to a particular geographic region or IP address).Rewriter module 378 may modify an HTTP non-compliant response stream by filtering one or more HTTP non-compliant responses from the HTTP non-compliant response stream. -
Routing module 379 may be configured to route responses received from a plurality of server devices to respective target client devices by applying any suitable routing process.Routing module 379 may route communications in response to instructions received fromrules engine 376 or based on default rules.Encryption terminator 362 of client-side module 312 may be configured to encrypt or re-encrypt the HTTP compliant response stream. Client-side module 312 may be configured to send respective responses of HTTP compliant response stream to one or more client devices such asclient devices Client device 320, for example, may receive HTTP compliant responses HTTP RESPS 390 (e.g., HTTP_5B) fromnetwork gateway device 310. - The protocol translation performed by the network gateway device described herein may provide protocol scrubbing of communications translated by the network gateway device. For example, the network gateway device may exclude, reject, or filter values or elements of the translated communications that are unsupported (e.g., non compliant with the respective protocol specification) by any of the protocols (e.g., HTTP compliant or HTTP non-compliant such as SPDY, etc.) translated to or from by the network gateway device. The values or elements of the communications that are excluded, rejected, or filtered may take the form of attack vectors such as computer viruses, computer worms, malicious software, etc.
-
FIGS. 4-9 are schematic diagrams depicting example modes of operation of examplenetwork communications system 100 ofFIG. 1 and examplenetwork communications method 200 ofFIG. 2 . - In
FIG. 4 ,network gateway device 420 receives a plurality of HTTP compliant requests fromclient device 410 over a plurality of TCP connections of a client-side LAN.Network gateway device 420 translates the plurality of HTTP compliant requests into a plurality of HTTP non-compliant requests, and sends the HTTP non-compliant requests toserver device 430 over a plurality of TCP connections via the server-side WAN. InFIG. 4 , the number of TCP connections over which the HTTP compliant requests directed to information resources ofserver device 430, which are received fromclient device 410 atnetwork gateway device 420, are equal to the number of TCP connections over which the HTTP non-compliant requests are sent bynetwork gateway device 420 toserver device 430 via the server-side WAN. - In
FIG. 5 ,network gateway device 520 receives a plurality of HTTP compliant requests fromclient device 510 over a plurality of TCP connections via client-side LAN.Network gateway device 520 translates the plurality of HTTP compliant requests into one or more HTTP non-compliant requests, and sends the one or more HTTP non-compliant requests toserver device 530 over a single TCP connection via the server-side WAN. InFIG. 5 , the number of TCP connections over which the HTTP compliant requests directed to information resources ofserver device 530, which are received fromclient device 510 atnetwork gateway device 520, are greater than the number of TCP connections over which the HTTP non-compliant requests are sent bynetwork gateway device 520 toserver device 530 via the server-side WAN. Accordingly,FIG. 5 depicts an example mode of operation wherenetwork gateway device 520 multiplexes HTTP compliant requests over an individual TCP connection by translating the HTTP compliant requests to an HTTP non-compliant application level protocol. - In
FIG. 6 ,network gateway device 620 receives one or more HTTP compliant requests fromclient device 610 over one or more TCP connections via client-side LAN.Network gateway device 620 translates the one or more HTTP compliant requests into a plurality of HTTP non-compliant requests, and sends the plurality of HTTP non-compliant requests toserver device 630 over a plurality of TCP connections via the server-side WAN. InFIG. 6 , the number of TCP connections over which the HTTP compliant requests directed to information resources ofserver device 630, which are received fromclient device 610 atnetwork gateway device 620, are less than the number of TCP connections over which the HTTP non-compliant requests are sent bynetwork gateway device 620 toserver device 630 via the server side WAN. Accordingly,FIG. 6 depicts an example mode of operation wherenetwork gateway device 620 increases parallelism on behalf ofclient device 610. - In
FIG. 7 ,network gateway device 720 receives a plurality of HTTP compliant requests from a plurality ofclient devices FIG. 7 , requests that are directed toserver device 730 are depicted by broken lines and requests that are directed toserver device 732 are depicted by solid lines.Network gateway device 720 translates the plurality of HTTP compliant requests into a plurality of HTTP non-compliant requests, and routes the plurality of HTTP non-compliant requests to a plurality oftarget server devices FIG. 7 , the number of TCP connections over which the HTTP compliant requests directed to information resources ofserver devices client devices network gateway device 720, are equal to the number of TCP connections over which the HTTP non-compliant requests are sent bynetwork gateway device 720 toserver devices - In
FIG. 8 ,network gateway device 820 receives a plurality of HTTP compliant requests from a plurality ofclient devices FIG. 8 , requests that are directed toserver device 830 are depicted by broken lines and requests that are directed toserver device 832 are depicted by solid lines.Network gateway device 820 translates the plurality of HTTP compliant requests into a plurality of HTTP non-compliant requests, and routes the plurality of HTTP non-compliant requests to a plurality oftarget server devices FIG. 8 , the number of TCP connections over which the HTTP compliant requests directed to information resources ofserver device 830, which are received fromclient devices network gateway device 820, are greater than the number of TCP connections over which the HTTP non-compliant requests are sent bynetwork gateway device 820 toserver device 830 via the server-side WAN. Accordingly,FIG. 8 depicts an example mode of operation wherenetwork gateway device 820 multiplexes HTTP compliant requests of a plurality of client devices over an individual TCP connection by translating the HTTP compliant requests to an HTTP non-compliant application level protocol. - In
FIG. 9 ,network gateway device 920 receives a plurality of HTTP compliant requests from a plurality ofclient devices FIG. 9 , requests that are directed toserver device 930 are depicted by broken lines and requests that are directed toserver device 932 are depicted by solid lines.Network gateway device 920 translates the plurality of HTTP compliant requests into a plurality of HTTP non-compliant requests, and routes the plurality of HTTP non-compliant requests to a plurality oftarget server devices FIG. 9 , the number of TCP connections over which the HTTP compliant requests directed to information resources ofserver device 932, which are received fromclient device 912 atnetwork gateway device 920, are less than the number of TCP connections over which the HTTP non-compliant requests are sent bynetwork gateway device 920 toserver device 932 via the server side WAN. However,FIG. 9 further depicts number of TCP connections over which the HTTP compliant requests directed to information resources ofserver device 930, which are received fromclient devices network gateway device 920, are greater than the number of TCP connections over which the HTTP non-compliant requests are sent bynetwork gateway device 920 toserver device 930 via the server-side WAN. Accordingly,FIG. 9 depicts an example mode of operation wherenetwork gateway device 920 increases parallelism on behalf ofclient device 912 for requests directed at information resources ofserver device 932, whilenetwork gateway device 920 also multiplexes HTTP compliant requests of a plurality of client devices over an individual TCP connection by translating the HTTP compliant requests to an HTTP non-compliant application level protocol. - The example modes of operation described with reference to
FIGS. 4-9 may be supported in the response direction by the network gateway device for translating HTTP non-compliant responses received from server devices via the server-side WAN to HTTP compliant responses sent from the network gateway device to the client devices via the client-side LAN. InFIGS. 4-6 , HTTP non-compliant responses may be received by the network gateway device, translated, and sent as HTTP compliant responses to the client device that initiated the request. For example, inFIG. 4 , the number of TCP connections over which the HTTP non-compliant responses are received atnetwork gateway device 420 fromserver device 430 may be equal to the number of TCP connections over which the HTTP compliant requests are sent bynetwork gateway device 420 toclient device 410 via the client-side LAN. InFIG. 5 , the number of TCP connections (e.g., a single TCP connection per server device) over which the HTTP non-compliant responses are received atnetwork gateway device 520 fromserver device 530 may be less than the number of TCP connections over which the HTTP compliant responses are sent bynetwork gateway device 520 toclient device 510 via the client-side LAN. InFIG. 6 , the number of TCP connections over which the HTTP non-compliant responses are received atnetwork gateway device 620 fromserver device 630 may be greater than the number of TCP connections over which the HTTP compliant responses are sent bynetwork gateway device 620 toclient device 610 via the client-side LAN. - In
FIGS. 7-9 , HTTP non-compliant responses may be received from a plurality of server devices, translated to HTTP compliant responses, and routed to client devices that initiated the request. For example, inFIG. 7 , the number of TCP connections over which the HTTP non-compliant responses are received fromserver devices network gateway device 720 may be equal to the number of TCP connections over which the HTTP compliant responses are sent bynetwork gateway device 720 toclient devices FIG. 8 , the number of TCP connections over which the HTTP non-compliant responses received atnetwork gateway device 820 fromserver device 830 may be less than the number of TCP connections over which the HTTP compliant responses are sent bynetwork gateway device 820 toclient device 810 via the client-side LAN. InFIG. 9 , the number of TCP connections over which the HTTP non-compliant responses received atnetwork gateway device 920 fromserver device 932 may be greater than the number of TCP connections over which the HTTP compliant responses are sent bynetwork gateway device 920 toclient device 912 via client-side LAN. - It should be understood that the embodiments herein are illustrative and not restrictive, since the scope of the invention is defined by the appended claims rather than by the description preceding them, and all changes that fall within metes and bounds of the claims, or equivalence of such metes and bounds thereof are therefore intended to be embraced by the claims.
Claims (14)
1-18. (canceled)
19. A network communications system, comprising:
a network gateway device configured to:
receive from a client device via a client-side local area network over plural TCP connections established with the client device, an encrypted HTTP1.0/1.1 compliant request stream including one or more HTTP1.0/1.1 compliant requests formatted according to an HTTP1.0/1.1 compliant application level protocol, the encrypted HTTP1.0/1.1 compliant request stream initiated by the client device over the plural TCP connections with the network gateway device;
decrypt the encrypted HTTP1.0/1.1 compliant request stream to obtain a decrypted HTTP1.0/1.1 compliant request stream;
translate the decrypted HTTP1.0/1.1 compliant request stream into a re-encrypted HTTP1.0/1.1 non-compliant request stream including one or more HTTP1.0/1.1 non-compliant requests formatted according to an HTTP1.0/1.1 non-compliant application level protocol;
forward the re-encrypted HTTP1.0/1.1 non-compliant request stream to a server device via a server-side wide area network by multiplexing the re-encrypted HTTP1.0/1.1 non-compliant request stream over a lesser number of TCP connections than the plural TCP connections over which the encrypted HTTP1.0/1.1 compliant request stream was received from the client device;
receive from the server device via the server-side wide area network over the lesser number of TCP connections, an encrypted HTTP1.0/1.1 non-compliant response stream including one or more HTTP1.0/1.1 non-compliant responses formatted according to the HTTP1.0/1.1 non-compliant application level protocol, the one or more HTTP1.0/1.1 non-compliant responses responsive to the one or more HTTP1.0/1.1 non-compliant requests;
decrypt the encrypted HTTP1.0/1.1 non-compliant response stream to obtain a decrypted HTTP1.0/1.1 non-compliant response stream;
translate the decrypted HTTP1.0/1.1 non-compliant response stream into a re-encrypted HTTP1.0/1.1 compliant response stream including one or more HTTP1.0/1.1 compliant responses formatted according to the HTTP1.0/1.1 compliant application level protocol; and
forward the re-encrypted HTTP1.0/1.1 compliant response stream to the client device via the client-side local area network by de-multiplexing the re-encrypted HTTP1.0/1.1 compliant request stream over the plural TCP connections.
20. The system of claim 19 , wherein the network gateway device is further configured to:
translate the HTTP1.0/1.1 compliant request stream at least in part by compressing respective headers of the one or more HTTP1.0/1.1 compliant requests to the one or more HTTP1.0/1.1 non-compliant requests; and
translate the HTTP1.0/1.1 non-compliant response stream at least in part by uncompressing respective headers of the one or more HTTP1.0/1.1 non-compliant responses to the one or more HTTP1.0/1.1 compliant responses.
21. The system of claim 19 , wherein the network gateway device includes a translator module, the translator module including one or more of:
a rewriter module configured to modify one or more of a URL, a header, or a data payload of the HTTP1.0/1.1 compliant request stream or the HTTP1.0/1.1 non-compliant response stream;
a stream composer configured to translate the HTTP1.0/1.1 compliant request stream into the HTTP1.0/1.1 non-compliant request stream;
a stream decomposer configured to translate the HTTP1.0/1.1 non-compliant response stream into the HTTP1.0/1.1 compliant response stream; and
a rules engine configured to instruct one or more of the rewriter module, stream composer, or stream decomposer to perform respective actions in accordance with the one or more rules upon satisfaction of a respective condition associated with each rule.
22. The system of claim 19 , wherein the network gateway device is further configured to:
identify a performance parameter of an existing TCP connection between the server device and the network gateway device; and
initiate a new TCP connection between the server device and the network gateway device based, at least in part, on the performance parameter of the existing TCP connection exceeding a threshold.
23. The system of claim 19 , wherein the client device is one of a plurality of client devices of the client-side local area network, and the server device is one of a plurality of server devices of the server-side wide area network, wherein the network gateway device is further configured to:
receive a plurality of HTTP1.0/1.1 compliant request streams from the plurality of client devices via the client-side local area network; translate the plurality of HTTP1.0/1.1 compliant request streams into a plurality of HTTP1.0/1.1 non-compliant request streams; and
forward the plurality of HTTP1.0/1.1 non-compliant request streams to a plurality of server devices via the server-side wide area network.
24. The system of claim 19 , wherein the network gateway device is further configured to:
receive an indication the client device or the server device indicating a supported protocol, the supported protocol including at least one of the HTTP1.0/1.1 compliant application level protocol and the HTTP1.0/1.1 non-compliant application level protocol; and
send an indication of one or more application level protocols supported by the network gateway device to the client device or the server device, the one or more application level protocols supported by the network gateway device including the HTTP1.0/1.1 compliant application level protocol and the HTTP1.0/1.1 non-compliant application level protocol.
25. A network communications method for a network gateway device, comprising:
receiving from a client device via a client-side local area network over plural TCP connections established with the client device, an HTTP1.0/1.1 compliant request stream including one or more HTTP1.0/1.1 compliant requests formatted according to an HTTP1.0/1.1 compliant application level protocol, the HTTP1.0/1.1 compliant request stream initiated by the client device over the plural TCP connections;
translating the HTTP1.0/1.1 compliant request stream into an HTTP1.0/1.1 non-compliant request stream including one or more HTTP1.0/1.1 non-compliant requests formatted according to an HTTP1.0/1.1 non-compliant application level protocol by multiplexing the HTTP1.0/1.1 non-compliant request stream for transmission over a lesser number of TCP connections than the plural TCP connections over which the HTTP1.0/1.1 compliant request stream was received from the client device;
forwarding the HTTP1.0/1.1 non-compliant request stream to a server device via a server-side wide area network over the lesser number of TCP connections;
receiving from the server device via the server-side wide area network, an HTTP1.0/1.1 non-compliant response stream including one or more HTTP1.0/1.1 non-compliant responses formatted according to the HTTP1.0/1.1 non-compliant application level protocol;
translating the HTTP1.0/1.1 non-compliant response stream into an HTTP1.0/1.1 compliant response stream including one or more HTTP1.0/1.1 compliant responses formatted according to the HTTP1.0/1.1 compliant application level protocol by de-multiplexing the HTTP1.0/1.1 non-compliant response stream for transmission over the plural TCP connections; and
forwarding the HTTP1.0/1.1 compliant response stream to the client device via the client-side local area network over the plural TCP connections.
26. The method of claim 25 , further comprising:
translating the HTTP1.0/1.1 compliant request stream at least in part by compressing respective headers of the one or more HTTP1.0/1.1 compliant requests to the one or more HTTP1.0/1.1 non-compliant requests; and
translating the HTTP1.0/1.1 non-compliant response stream at least in part by uncompressing respective headers of the one or more HTTP1.0/1.1 non-compliant responses to the one or more HTTP1.0/1.1 compliant responses.
27. The method of claim 25 , further comprising:
decrypting the HTTP1.0/1.1 compliant request stream prior to translating the HTTP1.0/1.1 compliant request stream;
re-encrypting the HTTP1.0/1.1 non-compliant request stream prior to forwarding the HTTP1.0/1.1 noncompliant request stream to the server device;
decrypting the HTTP1.0/1.1 non-compliant response stream prior to translating the HTTP1.0/1.1 noncompliant response stream; and
re-encrypting the HTTP1.0/1.1 compliant response stream prior to forwarding the HTTP1.0/1.1 compliant response stream to the client device.
28. The method of claim 27 , further comprising:
buffering the one or more HTTP1.0/1.1 compliant requests of HTTP1.0/1.1 compliant request stream prior to translating the HTTP1.0/1.1 compliant request stream; or
buffering the one or more HTTP1.0/1.1 non-compliant responses of the HTTP1.0/1.1 non-compliant response stream prior to translating the HTTP1.0/1.1 non-compliant response stream.
29. The method of claim 25 , further comprising:
receiving a plurality of HTTP1.0/1.1 compliant request streams from a plurality of client devices via the client-side local area network;
translating the plurality of HTTP1.0/1.1 compliant request streams into a plurality of HTTP1.0/1.1 non-compliant request streams; and
forwarding the plurality of HTTP1.0/1.1 non-compliant request streams to a plurality of server devices via the server-side wide area network.
30. The method of claim 25 , further comprising:
identifying a performance parameter of an existing TCP connection with the server device; and
initiating a new TCP connection with the server device based, at least in part, on the performance parameter of the existing TCP connection exceeding a threshold.
31. A network gateway device for facilitating a client-side local area network having one or more client devices, the network gateway device configured to:
receive from the one or more client devices via the client-side local area network, one or more encrypted HTTP1.0/1.1 compliant request streams from each of the one or more client devices over plural TCP connections established with each of the one or more client devices, each encrypted HTTP1.0/1.1 compliant request stream including one or more HTTP1.0/1.1 compliant requests formatted according to an HTTP1.0/1.1 compliant application level protocol by a respective client device, each encrypted HTTP1.0/1.1 compliant request stream initiated by a respective client device over respective plural TCP connections with the network gateway device;
decrypt the one or more encrypted HTTP1.0/1.1 compliant request streams to obtain one or more decrypted HTTP1.0/1.1 compliant request streams;
translate the one or more decrypted HTTP1.0/1.1 compliant request streams into one or more re-encrypted HTTP1.0/1.1 non-compliant request streams addressed to one or more server device, each re-encrypted HTTP1.0/1.1 non-compliant request stream including one or more HTTP1.0/1.1 non-compliant requests formatted according to an HTTP1.0/1.1 non-compliant application level protocol;
route the one or more re-encrypted HTTP1.0/1.1 non-compliant request streams to the one or more server devices via a server-side wide area network by multiplexing the one or more re-encrypted HTTP1.0/1.1 non-compliant request streams over a lesser number of TCP connections than the plural TCP connections;
receive from the one or more server devices via the server-side wide area network, one or more encrypted HTTP1.0/1.1 non-compliant response streams, each encrypted HTTP1.0/1.1 non-compliant response stream including one or more HTTP1.0/1.1 non-compliant responses formatted according to the HTTP1.0/1.1 non-compliant application level protocol;
decrypt the one or more encrypted HTTP1.0/1.1 non-compliant response streams to obtain one or more decrypted HTTP1.0/1.1 non-compliant response streams;
translate the one or more decrypted HTTP1.0/1.1 non-compliant response streams into one or more re-encrypted HTTP1.0/1.1 compliant response streams addressed to the one or more client devices, each re-encrypted HTTP1.0/1.1 compliant response stream including one or more HTTP1.0/1.1 compliant responses formatted according to the HTTP1.0/1.1 compliant application level protocol; and
route the one or more re-encrypted HTTP1.0/1.1 compliant response streams to the one or more client devices via the client-side local area network by de-multiplexing the one or more re-encrypted HTTP1.0/1.1 compliant request streams over the plural TCP connections established with each of the one or more client devices.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US14/613,255 US20150195255A1 (en) | 2011-05-10 | 2015-02-03 | Client-side http translator |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US13/104,522 US8949464B2 (en) | 2011-05-10 | 2011-05-10 | Client-side HTTP translator |
US14/613,255 US20150195255A1 (en) | 2011-05-10 | 2015-02-03 | Client-side http translator |
Related Parent Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US13/104,522 Continuation US8949464B2 (en) | 2011-05-10 | 2011-05-10 | Client-side HTTP translator |
Publications (1)
Publication Number | Publication Date |
---|---|
US20150195255A1 true US20150195255A1 (en) | 2015-07-09 |
Family
ID=51489282
Family Applications (2)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US13/104,522 Expired - Fee Related US8949464B2 (en) | 2011-05-10 | 2011-05-10 | Client-side HTTP translator |
US14/613,255 Abandoned US20150195255A1 (en) | 2011-05-10 | 2015-02-03 | Client-side http translator |
Family Applications Before (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US13/104,522 Expired - Fee Related US8949464B2 (en) | 2011-05-10 | 2011-05-10 | Client-side HTTP translator |
Country Status (1)
Country | Link |
---|---|
US (2) | US8949464B2 (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US10749842B2 (en) | 2017-11-27 | 2020-08-18 | Samsung Electronics Co., Ltd. | Communication system and method for network address translation |
Families Citing this family (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US10171548B2 (en) * | 2014-08-26 | 2019-01-01 | Mavenir Systems, Inc. | Method and system for efficient enrichment of upper layer protocol content in transmission control program (TCP) based sessions |
JP6516539B2 (en) * | 2015-04-15 | 2019-05-22 | キヤノン株式会社 | Communication device, communication method, and program |
US10498762B1 (en) * | 2015-10-22 | 2019-12-03 | Versafe Ltd. | Methods for hypertext markup language (HTML) input field obfuscation and devices thereof |
WO2017131645A1 (en) | 2016-01-27 | 2017-08-03 | Aruba Networks, Inc. | Detecting malware on spdy connections |
CN108712388B (en) * | 2018-04-20 | 2020-09-15 | 广州市玄武无线科技股份有限公司 | Data secure transmission method and device based on HTTP |
CN109327511B (en) | 2018-09-18 | 2021-05-28 | 网宿科技股份有限公司 | Data request method and server based on HTTP (hyper text transport protocol) |
US11632443B2 (en) * | 2020-10-14 | 2023-04-18 | Connectify, Inc. | Providing multiple TCP connections between a client and server |
WO2023154072A1 (en) * | 2022-02-08 | 2023-08-17 | QuSecure, Inc. | System ans methods for switching among communication protocols |
Citations (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20060143295A1 (en) * | 2004-12-27 | 2006-06-29 | Nokia Corporation | System, method, mobile station and gateway for communicating with a universal plug and play network |
US20090060199A1 (en) * | 2006-10-17 | 2009-03-05 | Clay Von Mueller | System and method for updating a transactional device |
US20100325299A1 (en) * | 2004-07-23 | 2010-12-23 | Rao Goutham P | Systems and Methods for Communicating a Lossy Protocol Via a Lossless Protocol Using False Acknowledgements |
US20110047294A1 (en) * | 2005-06-29 | 2011-02-24 | Visa U.S.A., Inc. | Adaptive gateway for switching transactions and data on unreliable networks using context-based rules |
US20110113250A1 (en) * | 2009-11-10 | 2011-05-12 | Li Gordon Yong | Security integration between a wireless and a wired network using a wireless gateway proxy |
US20110131412A1 (en) * | 2009-12-02 | 2011-06-02 | Garmin Ltd. | Http header compression |
US20110137973A1 (en) * | 2009-12-07 | 2011-06-09 | Yottaa Inc | System and method for website performance optimization and internet traffic processing |
US20120093150A1 (en) * | 2010-10-15 | 2012-04-19 | Telefonaktiebolaget L M Ericsson | Multipath transmission control protocol proxy |
Family Cites Families (13)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5838910A (en) | 1996-03-14 | 1998-11-17 | Domenikos; Steven D. | Systems and methods for executing application programs from a memory device linked to a server at an internet site |
US6173311B1 (en) | 1997-02-13 | 2001-01-09 | Pointcast, Inc. | Apparatus, method and article of manufacture for servicing client requests on a network |
US6356529B1 (en) * | 1999-08-12 | 2002-03-12 | Converse, Ltd. | System and method for rapid wireless application protocol translation |
US6754621B1 (en) * | 2000-10-06 | 2004-06-22 | Andrew Cunningham | Asynchronous hypertext messaging system and method |
NO318887B1 (en) * | 2003-09-05 | 2005-05-18 | Paradial As | Sanntidsproxyer |
US20050229243A1 (en) * | 2004-03-31 | 2005-10-13 | Svendsen Hugh B | Method and system for providing Web browsing through a firewall in a peer to peer network |
US7673018B2 (en) * | 2004-04-08 | 2010-03-02 | Research In Motion Limited | Message send queue reordering based on priority |
US7933294B2 (en) * | 2005-07-20 | 2011-04-26 | Vidyo, Inc. | System and method for low-delay, interactive communication using multiple TCP connections and scalable coding |
JP4976121B2 (en) | 2006-12-19 | 2012-07-18 | 株式会社エヌ・ティ・ティ・ドコモ | Mobile communication network system and server apparatus |
US8543667B2 (en) * | 2008-01-14 | 2013-09-24 | Akamai Technologies, Inc. | Policy-based content insertion |
US8219675B2 (en) * | 2009-12-11 | 2012-07-10 | Tektronix, Inc. | System and method for correlating IP flows across network address translation firewalls |
US9609052B2 (en) * | 2010-12-02 | 2017-03-28 | A10 Networks, Inc. | Distributing application traffic to servers based on dynamic service response time |
US20120262753A1 (en) * | 2011-04-12 | 2012-10-18 | Leonardo Davi Viccari | Print service identification |
-
2011
- 2011-05-10 US US13/104,522 patent/US8949464B2/en not_active Expired - Fee Related
-
2015
- 2015-02-03 US US14/613,255 patent/US20150195255A1/en not_active Abandoned
Patent Citations (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20100325299A1 (en) * | 2004-07-23 | 2010-12-23 | Rao Goutham P | Systems and Methods for Communicating a Lossy Protocol Via a Lossless Protocol Using False Acknowledgements |
US20060143295A1 (en) * | 2004-12-27 | 2006-06-29 | Nokia Corporation | System, method, mobile station and gateway for communicating with a universal plug and play network |
US20110047294A1 (en) * | 2005-06-29 | 2011-02-24 | Visa U.S.A., Inc. | Adaptive gateway for switching transactions and data on unreliable networks using context-based rules |
US20090060199A1 (en) * | 2006-10-17 | 2009-03-05 | Clay Von Mueller | System and method for updating a transactional device |
US20110113250A1 (en) * | 2009-11-10 | 2011-05-12 | Li Gordon Yong | Security integration between a wireless and a wired network using a wireless gateway proxy |
US20110131412A1 (en) * | 2009-12-02 | 2011-06-02 | Garmin Ltd. | Http header compression |
US20110137973A1 (en) * | 2009-12-07 | 2011-06-09 | Yottaa Inc | System and method for website performance optimization and internet traffic processing |
US20120093150A1 (en) * | 2010-10-15 | 2012-04-19 | Telefonaktiebolaget L M Ericsson | Multipath transmission control protocol proxy |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US10749842B2 (en) | 2017-11-27 | 2020-08-18 | Samsung Electronics Co., Ltd. | Communication system and method for network address translation |
Also Published As
Publication number | Publication date |
---|---|
US20140258461A1 (en) | 2014-09-11 |
US8949464B2 (en) | 2015-02-03 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US8949464B2 (en) | Client-side HTTP translator | |
AU2020202724B2 (en) | Rule-based network-threat detection for encrypted communications | |
US11848961B2 (en) | HTTPS request enrichment | |
US7930365B2 (en) | Method and apparatus to modify network identifiers at data servers | |
US9210131B2 (en) | Aggressive rehandshakes on unknown session identifiers for split SSL | |
JP6086871B2 (en) | Method and system for caching data communications over a computer network | |
US7797411B1 (en) | Detection and prevention of encapsulated network attacks using an intermediate device | |
US20170171232A1 (en) | Embedding information or information identifier in an ipv6 address | |
US8244881B2 (en) | Service virtualization over content-centric networks | |
US8595818B2 (en) | Systems and methods for decoy routing and covert channel bonding | |
US10587733B2 (en) | Server-side HTTP translator | |
US11196833B1 (en) | Proxy server synchronizer | |
CN108418847B (en) | Network traffic caching system, method and device | |
US20090043889A1 (en) | Communication system, data processing apparatus, server, data processing method, program that executes the data processing method, and recording medium to record the program | |
CN112235266A (en) | Data processing method, device, equipment and storage medium | |
EP3235168B1 (en) | Coordinated packet delivery of encrypted session | |
EP3414877B1 (en) | Technique for transport protocol selection and setup of a connection between a client and a server | |
Burgstaller et al. | Anonymous communication in the browser via onion-routing | |
US11968254B1 (en) | Methods and devices for network censorship circumvention | |
KR102263755B1 (en) | System and method forwarding for end point traffic | |
US20240121296A1 (en) | Methods And Devices For Network Censorship Circumvention | |
Pittner | CUSTOMIZING APPLICATION HEADERS FOR IMPROVED WARFIGHTING COMMUNICATIONS | |
JP6505649B2 (en) | Communications system | |
JP5758461B2 (en) | Communication method, external information processing apparatus, internal information processing apparatus, and program |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
STCB | Information on status: application discontinuation |
Free format text: ABANDONED -- FAILURE TO PAY ISSUE FEE |