USRE47296E1 - System and method for an adaptive TCP SYN cookie with time validation - Google Patents
System and method for an adaptive TCP SYN cookie with time validation Download PDFInfo
- Publication number
- USRE47296E1 USRE47296E1 US14/151,803 US201414151803A USRE47296E US RE47296 E1 USRE47296 E1 US RE47296E1 US 201414151803 A US201414151803 A US 201414151803A US RE47296 E USRE47296 E US RE47296E
- Authority
- US
- United States
- Prior art keywords
- cookie
- transition
- session
- candidate
- ack packet
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active, expires
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L47/00—Traffic control in data switching networks
- H04L47/10—Flow control; Congestion control
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L47/00—Traffic control in data switching networks
- H04L47/10—Flow control; Congestion control
- H04L47/43—Assembling or disassembling of packets, e.g. segmentation and reassembly [SAR]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1458—Denial of Service
Definitions
- a destination host When a TCP (Transmission Control Protocol) connection starts, a destination host receives a SYN (synchronize/start) packet from a source host and sends back a SYN ACK (synchronize acknowledge). The destination host normally then waits to receiver an ACK (acknowledge) of the SYN ACK before the connection is established. This is referred to as the TCP “three-way handshake.”
- SYN Synchronization/start
- SYN ACK synchronize acknowledge
- the destination host normally then waits to receiver an ACK (acknowledge) of the SYN ACK before the connection is established. This is referred to as the TCP “three-way handshake.”
- connection queue of finite size on the destination host keeps track of connections waiting to be completed. This queue typically empties quickly since the ACK is expected to arrive a few milliseconds after the SYN ACK is sent.
- a TCP SYN flood attack is a well known denial of service attack that exploits the TCP three-way handshake design by having an attacking source host generate TCP SYN packets with random source addresses toward a victim host. The victim destination host sends a SYN ACK back to the random source address and adds an entry to the connection queue, or otherwise allocates server resources. Since the SYN ACK is destined for an incorrect or non-existent host, the last part of the “three-way handshake” is never completed and the entry remains in the connection queue until a timer expires, typically, for example, for about one minute.
- TCP SYN packets By generating phony TCP SYN packets from random IP addresses at a rapid rate, it is possible to fill up the connection queue and deny TCP services (such as e-mail, file transfer, or WWW) to legitimate users. In most instances, there is no easy way to trace the originator of the attack because the IP address of the source is forged.
- the external manifestations of the problem may include inability to get e-mail, inability to accept connections to WWW or FTP services, or a large number of TCP connections on your host in the state SYN_RCVD.
- a malicious client sending high volume of TCP SYN packets without sending the subsequent ACK packets can deplete server resources and severely impact the server's ability to serve its legitimate clients.
- Newer operating systems or platforms implement various solutions to minimize the impact of TCP SYN flood attacks.
- the solutions include better resource management, and the use of a “SYN cookie”.
- the server instead of allocating server resource at the time of receiving a TCP SYN packet, the server sends back a SYN/ACK packet with a specially constructed sequence number known as a SYN cookie.
- the server receives an ACK packet in response to the SYN/ACK packet, the server recovers a SYN cookie from the ACK packet, and validates the recovered SYN cookie before further allocating server resources.
- An aspect of the present invention provides a system for TCP SYN cookie validation.
- the system includes a host server including a processor and memory.
- the processor is configured for receiving a session SYN packet, generating a transition cookie, the transition cookie comprising a time value representing the actual time, sending a session SYN/ACK packet, including the transition cookie, in response to the received session SYN packet, receiving a session ACK packet, and determining whether a candidate transition cookie in the received session ACK packet comprises a time value representing a time within a predetermined time interval from the time the session ACK packet is received.
- One aspect of the invention includes the system above in which the processor is further configured for regarding the received session ACK packet as valid if the candidate transition cookie in the received session ACK packet comprises a time value representing a time within a predetermined time interval from the time the session ACK packet is received.
- the predetermined time interval is in the range of one to six seconds.
- the predetermined time interval is three seconds.
- the step of generating the transition cookie includes the use of data obtained from the session SYN packet.
- the data obtained from the session SYN packet comprises the source IP address of an IP header associated with the session SYN packet.
- the data obtained from the session SYN packet comprises the sequence number of a TCP header associated with the session SYN packet.
- the data obtained from the session SYN packet comprises a source port associated with the session SYN packet.
- the data obtained from the session SYN packet comprises a destination port associated with the session SYN packet.
- the method includes receiving a session SYN packet by a TCP session setup module, generating a transition cookie by the TCP session setup module, the transition cookie comprising a time value representing the actual time, sending a session SYN/ACK packet, including the transition cookie, in response to the received session SYN packet, receiving a session ACK packet, and determining whether a candidate transition cookie in the received session ACK packet comprises a time value representing a time within a predetermined time interval from the time the session ACK packet is received.
- the method further includes indicating the received session ACK packet comprises a valid candidate transition cookie if the time value of the candidate transition cookie is within a predetermined time interval of the time the session ACK packet is received.
- the step of generating the transition cookie includes the use of data obtained from the session SYN packet.
- FIG. 1 is a schematic diagram illustrating a host server including a TCP session setup module and a client server, in accordance with an embodiment of the present invention
- FIG. 2 is a schematic diagram of a TCP/IP handshake in accordance with an embodiment of the present invention
- FIG. 3a illustrates a method including steps for generating a transition cookie data element by a transition cookie generator 245 , in accordance with an embodiment of the present invention
- FIG. 3b illustrates a method including steps for generating a transition cookie secret key by a transition cookie generator 245 based on data obtained from the received session SYN packet, in accordance with an embodiment of the present invention
- FIG. 3c illustrates a method including steps for generating a transition cookie based on a transition cookie data element, a transition cookie secret key, and data obtained from a received session SYN packet in accordance with an embodiment of the present invention
- FIG. 4a illustrates steps for generating a candidate encrypted data element by a transition cookie validator 275 based on data obtained from a received session ACK packet, in accordance with an embodiment of the present invention
- FIG. 4b illustrates a method including steps for generating a candidate transition cookie secret key by a transition cookie validator 275 based on data obtained from a received session ACK packet and a candidate sequence number, in accordance with an embodiment of the present invention
- FIG. 4c illustrates a method including steps for generating a candidate transition cookie data element by a transition cookie validator 275 based on a candidate encrypted data element and a candidate transition cookie secret key, in accordance with an embodiment of the present invention
- FIG. 4d illustrates a method including the steps for validating a candidate transition cookie data element, in accordance with an embodiment of the present invention.
- FIG. 5 illustrates a method including steps for generating information based on a validated candidate transition cookie data element, in accordance with an embodiment of the present invention.
- Transmission Control Protocol is one of the main protocols in TCP/IP networks. Whereas the Internet Protocol (“IP”) deals only with packets, TCP enables two hosts to establish a connection and exchange streams of data. TCP guarantees delivery of data and also guarantees that packets will be delivered in the same order in which they were sent.
- IP Internet Protocol
- the terms “host server” and “client server” referred to in the descriptions of various embodiments of the invention herein described are intended to generally describe a typical system arrangement in which the embodiments operate.
- the “host server” generally refers to any computer system interconnected to a TCP/IP network, including but not limited to the Internet, the computer system comprising at a minimum a processor, computer memory, and computer software.
- the computer system is configured to allow the host server to participate in TCP protocol communications over its connected TCP/IP network.
- the “host server” may be a single personal computer having its own IP address and in communication with the TCP/IP network, it may also be a multi-processor server or server bank.
- the “client server” is similar to the “host server”, although it is understood that the “client server” may, in fact, be a single personal computer attached to the TCP/IP network.
- the only difference between the client and the host server for the purposes of the present invention is that the host server receives the SYN from the client server, sends a SYN ACK to the client server, and waits for the ACK from the client server.
- FIG. 1 is a schematic diagram illustrating an embodiment of the present invention.
- a host server 102 may include a TCP session module 104 .
- the TCP session setup module 104 can engage in a TCP handshake 108 , such as described above, with a client server 106 .
- the TCP session setup module 104 is a software component of the host server 102 .
- the TCP session setup module 104 is implemented in an Application Specific Integrated Circuit (“ASIC”) or a Field Programmable Gate Array (“FPGA”). It is the TCP session setup module that handles the “3-way handshake” 108 between the host server 102 and the client server 106 .
- the TCP session setup module may itself also incorporate modules for sending and receiving TCP session packets. These modules may include but are not limited to a session SYN packet receiver, a session SYN/ACK packet sender, and a session ACK packet receiver, which are all known to those of ordinary skill in the computer arts.
- the TCP sessions setup module 104 may itself be embedded in one or more other host server modules (not shown).
- the TCP session setup module may alternatively comprise a hardware or firmware component.
- the software which handles the TCP handshake 108 on behalf of the host server 102 may be programmed onto a externally programmable read-only memory (“EPROM”) (not shown), and the EPROM may then be integrated into the host server.
- EPROM externally programmable read-only memory
- the ASIC or FPGA is integrated into the host server.
- FIG. 2 illustrates a TCP session setup module 104 processing TCP/IP segments (not shown), such as session SYN packet 210 , session SYN/ACK packet 220 , and session ACK packet 230 .
- a TCP/IP segment includes a TCP header and an IP header as described in IETF RFC 793 “Transmission Control Protocol” section 3.1 “Header Format”, incorporated herein by reference.
- a TCP header optionally includes a sack-permitted option as described in IETF RFC 2018 “TCP Selective Acknowledgement Options” section 2 “Sack-Permitted Option”, incorporated herein by reference.
- a session SYN packet 210 is a TCP/IP segment with the SYN control bit in the TCP Header set to “1”.
- a session SYN/ACK packet 220 is a TCP/IP segment with the SYN control bit and the ACK control bit in the TCP header set to “1”.
- a Session ACK Packet 230 is a TCP/IP segment with the ACK control bit in the TCP header set to “1”.
- the TCP session setup module 104 receives a session SYN packet 210 , obtains data from a session SYN packet 210 , such as but not limited to the source IP address of the IP header, or the sequence number of the TCP header, and uses the data to generate a transition cookie 250 .
- the transition cookie 250 is preferably a 32-bit data element.
- the TCP session setup module 104 creates and sends out a session SYN/ACK packet 220 in accordance with IETF RFC 793 “Transmission Control Protocol” section 3.4 “Establishing a connection”, incorporated herein by reference.
- the TCP session setup module 104 preferably includes the transition cookie 250 as the sequence number of the TCP header in the session SYN/ACK packet 220 .
- the TCP session setup module 104 After the TCP session setup module 104 has sent out the session SYN/ACK packet 220 , it waits for receipt of a responding session ACK packet 230 .
- the TCP session setup module 104 when a session SYN/ACK packet 230 is received, the TCP session setup module 104 generates a 32-bit candidate transition cookie 270 such that the sum of candidate transition cookie 270 and a value of “1” equal the acknowledgement number of the TCP header in the session ACK packet 230 .
- the acknowledgement number is “41B4362A” in hexadecimal format
- the candidate transition cookie 270 is “41B43629” in hexadecimal format; the sum of “41B43629” and a value of “1” equals “41B4362A”.
- the acknowledgement number is “00A30000” in hexadecimal format
- the candidate transition cookie 270 is “00A2FFFF” in hexadecimal format; the sum of “00A2FFFF” and a value of “1” equals “00A30000”.
- the TCP session setup module 104 may thus validate the candidate transition cookie 270 in this manner. If the TCP session setup module 104 determines that the candidate transition cookie 270 is thus valid, the session ACK packet 230 is also valid. In this case, the TCP session setup module 104 obtains data from the validated session ACK packet 230 and sends the data and information generated during the validation of candidate transition cookie 270 to a computing module (not shown) for further processing.
- the TCP session setup module 104 may include a transition cookie generator 245 and a transition cookie validator 275 , respectively. Alternatively, the generation and validation may be performed directly by the TCP session setup module 104 . In the descriptions herein, references to the TCP and transition cookie validator 275 are understood to include any of the alternative embodiments of these components.
- a transition cookie generator 245 includes the functionality of generating a transition cookie based on the data obtained from a session SYN 210 packet received by the TCP session setup module 104 .
- a transition cookie validator 275 includes the functionality of validating a candidate transition cookie 270 generated based on data obtained from a session ACK packet 230 received by the TCP session setup module 104 .
- a transition cookie generator 245 is software or firmware that generates a transition cookie 250 based on data obtained from a session SYN packet 210 received by the TCP session setup module 104 .
- An exemplary method for generating a transition cookie 250 by a transition cookie generator 245 includes multiple steps as illustrated in FIGS. 3a-3c .
- FIG. 3a illustrates exemplary steps for generating a transition cookie data element 330 by a transition cookie generator 245 .
- a transition cookie generator 245 includes a clock 305 indicating the current time of day in microseconds in a 32-bit format.
- the transition cookie data element 330 is preferably a 32-bit data element, generated by the transition cookie generator 245 based on the selective ACK 321 , the MSS index 324 and the 32-bit current time of day indicated by clock 305 .
- Selective ACK 321 is a 1-bit data element which is set to a value of “1” by transition cookie generator 245 if a TCP header in a received session SYN packet 210 includes an optional sack-permitted option, or to “ 0 ” if a TCP header in a received session SYN packet 210 does not include an optional sack-permitted option.
- MSS 322 is the maximum number of bytes that TCP will allow in an TCP/IP packet, such as session SYN packet 210 , session SYN/ACK packet 220 , and session ACK packet 230 , and is normally represented by an integer value in a TCP packet header. If a TCP header in a received session SYN packet 210 includes a maximum segment size option, the transition cookie generator 245 sets the MSS 322 to equal the maximum segment size option data of the maximum segment size option. Otherwise, if the TCP header in a received session SYN packet 210 does not include a maximum segment size option, the transition cookie generator 245 sets the MSS 322 to a default value, for example, such as integer “536”.
- the MSS index 324 is a 4-bit data element set by the transition cookie generator 245 based on the MSS 322 .
- the transition cookie generator 245 preferably includes an MSS table 307 , which maps an MSS 322 to an MSS index 324 .
- the transition cookie generator 245 maps a MSS 322 with the MSS table 307 to set the value of MSS index 324 .
- MSS 322 has an integer value of “1460”.
- MSS index 324 has a value of “4” as represented in hexadecimal format.
- means other than an MSS table 307 may be employed to determine the MSS index 324 value, such as the use of a mapping algorithm.
- the transition cookie generator 245 sets a transition cookie data element 330 to equal the 32-bit current time of day indicated by clock 305 .
- the 32-bit current time of day may be “A68079E8” as represented in hexadecimal format, so the transition cookie data element 330 has a value of “A68079E8”.
- the transition cookie generator 245 replaces the least significant 4 bits (bit 0 - 3 ) of transition cookie data element 330 with the MSS index 324 , and replaces bit 4 of a transition cookie data element 330 with selective ACK 321 .
- a transition cookie data element 330 has been set to a value of “A68079E8”
- selective ACK 321 has a value of “1”
- MSS index 324 has a value of “4” as represented in hexadecimal format
- transition cookie data element 330 has a value of “A68079F4” in hexadecimal format.
- FIG. 3b illustrates exemplary steps for generating a transition cookie secret key 360 , such as by a transition cookie generator 245 based on data obtained from a received session SYN packet 210 .
- the data used in generating the transition cookie secret key 360 may include at least the source IP address 312 of an IP header, a destination port 314 , a source port 316 and a sequence number 318 of a TCP header in a received session SYN packet 210 .
- a transition cookie generator 245 In generating a transition cookie secret key 360 , a transition cookie generator 245 forms a 96-bit data element, a first data item 340 , by concatenating a source IP address 312 , a sequence number 318 , a source port 316 , and a destination port 314 .
- the source IP address 312 is 192.168.1.134, the hexadecimal representation being “C0A80186”, the sequence number 318 is “9A275B84”, the source port 316 is 4761, the hexadecimal representation being “1299”, and the destination port 314 is 240, the hexadecimal representation being “00F0”, then, after the concatenation, the first data item 340 has a hexadecimal value of “C0A801869A275B84129900F0”.
- the transition cookie generator 245 may use a hash function to generate the transition cookie secret key 360 from the first data item 340 . Further, the transition cookie generator 245 may use a secret key offset 301 , which may be a 6-bit integer value, to select a 6-bit non-negative integer from first data item 340 starting at the bit indicated by secret key offset 301 .
- the transition cookie generator 245 selects a 6-bit non-negative integer from the first data item 340 starting at bit 12 (bit 12 - 17 ).
- the selected non-negative integer is of this example is thus “16”.
- the transition cookie generator 245 uses the selected non-negative integer to select 64 bits of data from the first data item 340 , starting at the bit indicated by the selected non-negative integer, to generate the second data item 350 , which has 64 bits.
- the transition cookie generator 245 selects 64 bits (bit 8 - 71 ) of the first data item 340 to generate a second data item 350 , having a hexadecimal value of “869A275B84129900”.
- the transition cookie generator 245 selects 64 bits (bit 52 - 95 and bit 0 - 19 ) of the first data item 340 in a wrap-around fashion, bits 52 - 95 have a hexadecimal value of “C0A801869A2”, and bit 0 - 19 have a hexadecimal value of “900F0”, so the generated second data item 350 has a hexadecimal value of “900F0C0A801869A2”.
- the transition cookie generator 245 then generates a transition cookie secret key 360 by storing the second data item 350 in the least significant 64 bits (bit 0 - 63 ) of the transition cookie secret key 360 and setting the most significant 64 bits (bit 64 - 127 ) to “0”. For example, if the second data item 350 has a hexadecimal value of “869A275B84129900”, the transition cookie secret key 360 has a hexadecimal value of “0000000000000000869A275B84129900”.
- FIG. 3c illustrates exemplary steps for generating a transition cookie 250 based on a transition cookie data element 330 , a transition cookie secret key 360 , and data obtained from a received session SYN packet 210 , including a sequence number 318 of a TCP header in a received session SYN packet 210 .
- a transition cookie generator 245 applies a cryptographic method 308 on the transition cookie secret key 360 and the transition cookie data element 330 , such as an RC5 algorithm described in IETF RFC 2040 “The RC5, RC5-CBC, RC5-CBC-Pad, and RC5-CTS Algorithms” section 1 “Overview”, and sections 2-8 with detailed explanations, incorporated herein by reference.
- the RC5 algorithm takes a 32-bit plaintext input and a 128-bit encryption key to generate a 32-bit ciphertext output.
- the transition cookie generator 245 uses the transition cookie data element 330 as the plaintext input to the RC5 algorithm, and the transition cookie secret key 360 as the encryption key input to the RC5 algorithm.
- the transition cookie generator 245 stores the resulting 32-bit ciphertext output of the RC5 algorithm in the encrypted data element 370 .
- the transition cookie generator 245 performs an unsigned binary addition on an encrypted data element 370 and the sequence number 318 , and stores the result in the transition cookie 250 .
- the encrypted data element 370 has a value of “0025BC83” in hexadecimal format
- the sequence number 318 has a value of “0743BD55” in hexadecimal format
- the result of the addition is hexadecimal “076979D8”.
- the transition cookie 250 has a value of “076979D8” in hexadecimal.
- the encrypted data element 370 has a value of “BE43D096” in hexadecimal format, and the sequence number 318 has a value of “9A275B84” in hexadecimal format
- the result of the addition, and the value of transition cookie 250 is hexadecimal “1586B2C1A”, with the most significant bit carried beyond the 32-bit boundary.
- a transition cookie generator 245 may use different steps to generate a transition cookie secret key 360 .
- a secret key offset 301 may be an integer of a different bit length, such as a 4-bit integer value, a 3-bit integer value, or a 5-bit integer value.
- a transition cookie generator 245 may use a secret key offset 301 to select a non-negative integer value of a different bit length from a first data item 340 .
- a transition cookie generator 245 may select a 4-bit non-negative integer value, a 7-bit non-negative integer value, or a 5-bit non-negative value from a first data item 340 .
- a transition cookie generator 245 may store a second data item 350 in the least significant 64 bits (bit 0 - 63 ) of a transition cookie secret key 360 or store second data item 350 in the most significant 64 bits (bit 64 - 127 ) of a transition cookie secret key 360 .
- a transition cookie generator 245 may also perform an exclusive-or operation on the most significant 48 bits (bit 0 - 47 ) of a first data item 340 and the least significant 48 bits (bit 48 - 95 ) of a first data element 340 to form a 48-bit temporary data element (not shown). Similarly, in another embodiment, a transition cookie generator 245 may perform an exclusive-or operation on the 48 even bits (bit 0 , 2 , 4 , . . . 90 , 92 , 94 ) and the 48 odd bits (bit 1 , 3 , 5 , . . . 93 , 95 , 97 ) to form a 48 bit temporary data element.
- a transition cookie generator 245 may store a 48-bit temporary data element in the least significant 48 bits (bit 0 - 47 ) and the most significant 48 bits (bit 80 - 127 ) of a transition cookie secret key 360 , and set bit 48 - 79 to “0”, or store a 48-bit temporary data element in the least significant 48 bits (bit 0 - 47 ) of a transition cookie secret key 360 , and set the most significant 80 bits (bit 48 - 127 ) of a transition cookie secret key 360 to “0”.
- a transition cookie generator 245 may use an encryption algorithm to generate a transition cookie secret key 360 from the first data item 340 .
- a transition cookie generator 245 includes a secret key and an encryption algorithm, and uses a first data element 340 as a plaintext input, and a secret key as an encryption key input to the encryption algorithm to generate a 128-bit ciphertext output.
- a transition cookie generator 245 generates a transition cookie secret key 360 as a 128-bit ciphertext output.
- the ciphertext output may be a 96-bit data element, and a transition cookie generator 245 stores a 96-bit ciphertext output in the least significant 96 bits (bit 0 - 95 ) of a transition cookie secret key 360 , and sets the most significant 32 bits (bit 96 - 127 ) to “0”.
- a transition cookie generator 245 stores the least significant 32 bits (bit 0 - 31 ) of a 96-bit ciphertext output in the most significant 32 bits (bit 96 - 127 ) of a transition cookie secret key 360 .
- a transition cookie validator 275 validates a candidate transition cookie 270 generated from a session ACK packet 230 received by the TCP session setup module 104 .
- An exemplary method for validating a candidate transition cookie 270 by a transition cookie validator 275 may include multiple steps as illustrated in FIGS. 4a-4d .
- FIG. 4a illustrates exemplary steps for generating a candidate encrypted data element 470 by a transition cookie validator 275 based on data obtained from a received session ACK packet 230 .
- the candidate encrypted data element 470 may be a 32-bit data element generated based on the sequence number 418 of the TCP header in the received session ACK packet 230 , and the candidate transition cookie 270 generated from the received session ACK packet 230 as illustrated in FIG. 2 .
- the candidate sequence number 428 may be a 32-bit data element generated by a transition cookie validator 275 such that the sum of candidate sequence number 428 and a value of “1” equals the sequence number 418 .
- the candidate encrypted data element 470 is generated by the transition cookie validator 275 such that the result of performing an unsigned binary addition of the candidate encrypted data element 470 and the candidate sequence number 428 equals the candidate transition cookie 270 .
- FIG. 4b illustrates exemplary steps for generating a candidate transition cookie secret key 460 by the transition cookie validator 275 based on data obtained from the received session ACK packet 230 and a candidate sequence number 428 .
- the data used for generating the candidate transition cookie secret key 460 may include at least a source IP address 412 of the IP header in a received session ACK packet 230 , a destination port 414 and a source port 416 of the TCP header in a received session ACK packet 230 .
- a 96-bit first data item 440 is formed by a transition cookie validator 275 by concatenating a source IP address 412 , a candidate sequence number 428 , a source port 416 , and a destination port 414 .
- the source IP address 412 is 192.168.1.134, having a hexadecimal representation of “C0A80186”
- the candidate sequence number 428 is hexadecimal “9A275B84”
- the source port 416 is 4761, having a hexadecimal representation of “1299”
- the destination port 414 is 240, having a hexadecimal representation of “00F0”
- the first data item 440 has a hexadecimal value of “C0A801869A275B84129900F0”.
- the 128-bit candidate transition cookie secret key 460 is generated from a first data item 440 by a transition cookie validator 275 using a hash function.
- a transition cookie validator 275 uses a 6-bit secret key offset 401 to select a 6-bit non-negative integer from a first data item 440 starting at a bit indicated by secret key offset 401 . For example, if the secret key offset 401 has a value of “12” and the first data item 440 is “C0A801869A275B84129900F0”, the transition cookie validator 275 selects a 6-bit non-negative integer from the first data item 440 starting at bit 12 (bits 12 - 17 ), selecting the non-negative integer “16”. The transition cookie validator 275 then generates a 64-bit second data item 350 by using the selected non-negative integer to select 64 bits of data from the first data item 440 , starting at the bit indicated by the selected non-negative integer.
- the transition cookie validator 275 selects 64 bits (bit 8 - 71 ) of the first data item 440 to generate a second data item 450 having a hexadecimal value of “869A275B84129900”.
- the transition cookie validator 275 selects 64 bits (bit 52 - 95 and bit 0 - 19 ) in a wrap-around fashion.
- Bits 52 - 95 have a hexadecimal value of “C0A801869A2”, and bits 0 - 19 have a hexadecimal value of “900F0”, so the generated second data item 450 has a hexadecimal value of “900F0C0A801869A2”.
- the transition cookie validator 275 generates a candidate transition cookie secret key 460 by storing the second data item 450 in the least significant 64 bits (bit 0 - 63 ) of the candidate transition cookie secret key 460 and setting the most significant 64 bits (bit 64 - 127 ) to “0”. For example, if the second data item 450 has a hexadecinmal value of “869A275B84129900”, the candidate transition cookie secret key 460 has a hexadecimal value of “0000000000000000869A275B84129900”.
- FIG. 4C illustrates exemplary steps for generating a candidate transition cookie data element 430 by a transition cookie validator 275 based on a candidate encrypted data element 470 and a candidate transition cookie secret key 460 .
- a transition cookie validator 275 applies a cryptographic method 408 on a candidate transition cookie secret key 460 and a candidate encrypted data element 470 .
- An exemplary cryptographic method 408 is an RC5 algorithm described in IETF RFC 2040 “The RC5, RC5-CBC, RC5-CBC-Pad, and RC5-CTS Algorithms” section 1 “Overview”, and sections 2-8 with detailed explanations, incorporated herein by reference.
- the RC5 algorithm takes a 32-bit ciphertext input and a 128-bit decryption key to generate a 32-bit plaintext output.
- a transition cookie validator 275 uses a candidate encrypted data element 470 as a ciphertext input to the RC5 algorithm, and a candidate transition cookie secret key 460 as a decryption key input to the RC5 algorithm, to generate a 32-bit candidate transition cookie data element 430 as the plaintext output of the RC5 decryption algorithm.
- FIG. 4d illustrates exemplary steps by a transition cookie validator 275 of validating a candidate transition cookie data element 430 .
- a transition cookie validator 275 includes a clock 305 .
- the clock 305 indicates the current time of day, preferably in microseconds in a 32-bit format.
- the modified current time 409 is a 32-bit data element set by a transition cookie validator 275 sets to the current time indicated by clock 305 .
- a transition cookie validator 275 then sets the least significant 5 bits (bit 0 - 4 ) of the modified current time 409 to “0”.
- the modified current time 409 has a value of “89AE03F6” in hexadecimal format, after setting the least significant 5 bits to “0”, the modified current time 409 has a hexadecimal value of “89AE03E0”.
- a transition cookie validator 275 sets a 32-bit adjusted candidate transition cookie data element 431 to equal the candidate transition cookie data element 430 , and then sets the least significant 5 bits (bit 0 - 4 ) of the adjusted candidate transition cookie data element 431 to “0”. For example, if the adjusted candidate transition cookie data element 431 has a hexadecimal value of “89DB468F”, after setting the least significant 5 bits to “0”, the adjusted candidate transition cookie data element 431 has a hexadecimal value of “89DB4680”.
- the transition cookie validator 275 may then determine if the candidate transition cookie data element 430 is valid by determining if the adjusted candidate transition cookie data element 431 is within a time margin of 3 seconds of the modified current time 409 .
- the transition cookie in order to determine if the adjusted candidate transition cookie data element 431 is within a time margin of 3 seconds of the modified current time 409 , stores the modified current time 409 in the least significant 32 bits (bit 0 - 31 ) of a first 33-bit time data element, sets the most significant bit (bit 32 ) to “0”, and adds 6 seconds to the first 33-bit time data element. Adding 6 seconds is to add 6,000,000 micro seconds as represented by “5B8D80” in hexadecimal format.
- the transition cookie validator 275 stores the adjusted candidate transition cookie data element 431 in the least significant 32 bits (bit 0 - 31 ) of a second 33-bit time data element, sets the most significant bit (bit 32 ) to “0”, and adds 3 seconds to the second 33-bit time data element. Adding 3 seconds is to add 3,000,000 micro seconds as represented by hexadecimal “2DC6C0”.
- the transition cookie validator 275 stores the modified current time 409 in the least significant 32 bits (bit 0 - 31 ) of a third 33-bit time data element, and sets the most significant bit (bit 32 ) to “0”. If the second 33-bit time data element is smaller than the first 33-bit time data element and the second 33-bit time data element is larger than the third 33-bit time data element, the transition cookie validator 275 determines that the adjusted candidate transition cookie data element 431 is within 3 seconds of the modified current time 409 , and thus that the candidate transition cookie data element 430 is valid.
- FIG. 5 illustrates exemplary steps of generating information based on a validated candidate transition cookie data element 430 .
- candidate MSS 522 is an integer.
- a transition cookie validator 275 includes a reversed MSS table 507 , which includes information that maps a 4-bit data element to a candidate MSS 522 .
- a transition cookie validator 275 extracts the least significant 4-bit (bit 0 - 3 ) data from candidate transition cookie data element 430 , maps the extracted 4-bit data to a reversed MSS table 507 , and stores the result in a candidate MSS 522 .
- a transition cookie validator 275 may then generate a maximum segment size option as described in IETF RFC 793 “Transmission Control Protocol” section 3.1 “Header Format”, incorporated herein by reference, and sets a maximum segment size option data of the maximum segment size option to equal a candidate MSS 522 .
- a transition cookie validator 275 may further examine bit 4 of a candidate transition cookie data element 430 . If bit 4 of candidate transition cookie data element 430 has a value of “1”, a transition cookie validator 275 may generate a sack-permitted option as described in IETF RFC 2018 “TCP Selective Acknowledgement Options” section 2, incorporated herein by reference.
- a TCP session setup module 104 may then send a sack-permitted option, a maximum segment size option, and data obtained from a received session ACK packet 230 to a computing module (not shown) for further processing.
- encryption algorithms that use encryption keys of different bit lengths, such as, for example, 56-bit, 64-bit, 96-bit, 128-bit. These may generate ciphertext outputs of different bit lengths, for example, 96-bit, 64-bit, 128-bit, or 32-bit. Persons of ordinary skill in the cipher arts will be able to apply different methods, for example a hash function, to generate the transition cookie secret key 360 from the ciphertext output.
- a transition cookie validator 275 may also use different steps to generate a candidate transition cookie secret key 460 .
- the steps used by a transition cookie validator 275 to generate a candidate transition cookie secret key 460 are similar to the steps used by a transition cookie generator 245 to generate a transition cookie secret key 360 .
- Alternative embodiments of the invention may employ a different algorithm for the cryptographic methods 308 , 408 .
- the different algorithm is an RC2 algorithm described in IETF RFC 2268 “A Description of the RC2(r) Encryption Algorithm” section 1 “Introduction” and section 2-4 with detailed explanation, incorporated herein by reference.
- the different algorithm is a Blowfish algorithm.
- the different algorithm is a Data Encryption Standards (“DES”) algorithm based on Federal Information Processing Standards Publication “Data Encryption Standard (DES) FIPS PUB 46-3”, which is incorporated herein by reference in its entirety. Other algorithms are also usable.
- DES Data Encryption Standards
- a transition cookie validator 275 may use different time margins of modified current time 409 to determine if the candidate transition cookie data element is valid. Different time margins include but are not limited to 1 second, 4 seconds, 6 seconds, 2 seconds, or 11 seconds.
- transition cookie generator 245 may include a plurality of transition cookie generation methods for generating transition cookie 250 .
- the secret key offset 301 may have a different value, such as an integer value of different bit length, such as 4-bit, or 8-bit.
- the selected non-negative integer from first data item 340 may be of different bit length, such as 8-bit, or 10-bit
- the cryptographic method 308 may be a different algorithm than RC5, or the generating of transition cookie data element 330 may include MD5 signature option information in the TCP options field of session SYN packet 210 .
- a transition cookie generation method may include steps different from the steps in the exemplary method illustrated in FIGS. 3a-3c .
- the transition cookie generator 245 may selects method to generate transition cookie 250 based on random data.
- the random data may include time.
- transition cookie generator 245 selects a method based on the time of day. Alternatively, the transition cookie generator 245 may select a method after a time period, such as 10 seconds, 30 seconds, 2 minutes or 3 hours.
- the random data may include a source IP address in session SYN packet 210 , or a destination IP address in session SYN packet 210 .
- the random data may include the network interface at which a TCP session setup module 104 receives a session SYN packet 210 , or a Virtual Local Area Network (VLAN) information associated with a session SYN packet 210 .
- VLAN Virtual Local Area Network
- transition cookie validator 275 includes a plurality of transition cookie validation methods for validating candidate transition cookie 270 .
- a transition cookie validation method may include steps different from the steps in the exemplary method illustrated in FIGS. 4a-4d .
- a transition cookie validator 275 may select a method to validate candidate transition cookie 270 based on random data.
- transition cookie validator 275 selects a complementary method to the method selected by transition cookie generator 245 .
Abstract
Provided is a method and system for TCP SYN cookie validation. The method includes receiving a session SYN packet by a TCP session setup module of a host server, generating a transition cookie including a time value representing the actual time, sending a session SYN/ACK packet, including the transition cookie, in response to the received session SYN packet, receiving a session ACK packet, and determining whether a candidate transition cookie in the received session ACK packet comprises a time value representing a time within a predetermined time interval from the time the session ACK packet is received.
Description
This application is a continuation reissue application of U.S. Pat. No. 7,675,854 and claims benefit under 35 U.S.C. 120 as a continuation of application Ser. No. 13/413,191 filed on Mar. 6, 2012, which is an application for reissue of U.S. Pat. No. 7,675,854, originally issued on Mar. 9, 2010.
When a TCP (Transmission Control Protocol) connection starts, a destination host receives a SYN (synchronize/start) packet from a source host and sends back a SYN ACK (synchronize acknowledge). The destination host normally then waits to receiver an ACK (acknowledge) of the SYN ACK before the connection is established. This is referred to as the TCP “three-way handshake.”
While waiting for the ACK to the SYN ACK, a connection queue of finite size on the destination host keeps track of connections waiting to be completed. This queue typically empties quickly since the ACK is expected to arrive a few milliseconds after the SYN ACK is sent.
A TCP SYN flood attack is a well known denial of service attack that exploits the TCP three-way handshake design by having an attacking source host generate TCP SYN packets with random source addresses toward a victim host. The victim destination host sends a SYN ACK back to the random source address and adds an entry to the connection queue, or otherwise allocates server resources. Since the SYN ACK is destined for an incorrect or non-existent host, the last part of the “three-way handshake” is never completed and the entry remains in the connection queue until a timer expires, typically, for example, for about one minute. By generating phony TCP SYN packets from random IP addresses at a rapid rate, it is possible to fill up the connection queue and deny TCP services (such as e-mail, file transfer, or WWW) to legitimate users. In most instances, there is no easy way to trace the originator of the attack because the IP address of the source is forged. The external manifestations of the problem may include inability to get e-mail, inability to accept connections to WWW or FTP services, or a large number of TCP connections on your host in the state SYN_RCVD.
A malicious client sending high volume of TCP SYN packets without sending the subsequent ACK packets can deplete server resources and severely impact the server's ability to serve its legitimate clients.
Newer operating systems or platforms implement various solutions to minimize the impact of TCP SYN flood attacks. The solutions include better resource management, and the use of a “SYN cookie”.
In an exemplary solution, instead of allocating server resource at the time of receiving a TCP SYN packet, the server sends back a SYN/ACK packet with a specially constructed sequence number known as a SYN cookie. When the server then receives an ACK packet in response to the SYN/ACK packet, the server recovers a SYN cookie from the ACK packet, and validates the recovered SYN cookie before further allocating server resources.
The effectiveness of a solution using a SYN cookie depends on the method with which the SYN cookie is constructed. However, existing solutions using a SYN cookie typically employ a hash function to construct the SYN cookie, which can lead to a high percentage of false validations of the SYN cookie, resulting in less than satisfactory protection again TCP SYN flood attack.
Therefore, there is a need for a better system and method for constructing and validating SYN cookies.
An aspect of the present invention provides a system for TCP SYN cookie validation. The system includes a host server including a processor and memory. The processor is configured for receiving a session SYN packet, generating a transition cookie, the transition cookie comprising a time value representing the actual time, sending a session SYN/ACK packet, including the transition cookie, in response to the received session SYN packet, receiving a session ACK packet, and determining whether a candidate transition cookie in the received session ACK packet comprises a time value representing a time within a predetermined time interval from the time the session ACK packet is received.
One aspect of the invention includes the system above in which the processor is further configured for regarding the received session ACK packet as valid if the candidate transition cookie in the received session ACK packet comprises a time value representing a time within a predetermined time interval from the time the session ACK packet is received.
In another aspect of the invention, the predetermined time interval is in the range of one to six seconds.
In one aspect of the invention, the predetermined time interval is three seconds.
In another aspect of the invention, the step of generating the transition cookie includes the use of data obtained from the session SYN packet.
In one aspect of the invention, the data obtained from the session SYN packet comprises the source IP address of an IP header associated with the session SYN packet.
In another aspect of the invention, the data obtained from the session SYN packet comprises the sequence number of a TCP header associated with the session SYN packet.
In another aspect of the invention, the data obtained from the session SYN packet comprises a source port associated with the session SYN packet.
In another aspect of the invention, the data obtained from the session SYN packet comprises a destination port associated with the session SYN packet.
Another aspect of the present invention provides a method for TCP SYN cookie validation. The method includes receiving a session SYN packet by a TCP session setup module, generating a transition cookie by the TCP session setup module, the transition cookie comprising a time value representing the actual time, sending a session SYN/ACK packet, including the transition cookie, in response to the received session SYN packet, receiving a session ACK packet, and determining whether a candidate transition cookie in the received session ACK packet comprises a time value representing a time within a predetermined time interval from the time the session ACK packet is received.
In an aspect of the invention, the method further includes indicating the received session ACK packet comprises a valid candidate transition cookie if the time value of the candidate transition cookie is within a predetermined time interval of the time the session ACK packet is received.
In another aspect of the invention, the step of generating the transition cookie includes the use of data obtained from the session SYN packet.
In the following description, for purposes of explanation, specific numbers, materials and configurations are set forth in order to provide a thorough understanding of the invention. It will be apparent, however, to one having ordinary skill in the art, that the invention may be practiced without these specific details. In some instances, well-known features may be omitted or simplified so as not to obscure the present invention. Furthermore, reference in the specification to “one embodiment” or “an embodiment” means that a particular feature, structure or characteristic described in connection with the embodiment is included in at least one embodiment of the invention. The appearances of the phrase “in an embodiment” in various places in the specification are not necessarily all referring to the same embodiment.
Transmission Control Protocol (“TCP”) is one of the main protocols in TCP/IP networks. Whereas the Internet Protocol (“IP”) deals only with packets, TCP enables two hosts to establish a connection and exchange streams of data. TCP guarantees delivery of data and also guarantees that packets will be delivered in the same order in which they were sent.
The terms “host server” and “client server” referred to in the descriptions of various embodiments of the invention herein described are intended to generally describe a typical system arrangement in which the embodiments operate. The “host server” generally refers to any computer system interconnected to a TCP/IP network, including but not limited to the Internet, the computer system comprising at a minimum a processor, computer memory, and computer software. The computer system is configured to allow the host server to participate in TCP protocol communications over its connected TCP/IP network. Although the “host server” may be a single personal computer having its own IP address and in communication with the TCP/IP network, it may also be a multi-processor server or server bank. The “client server” is similar to the “host server”, although it is understood that the “client server” may, in fact, be a single personal computer attached to the TCP/IP network. The only difference between the client and the host server for the purposes of the present invention is that the host server receives the SYN from the client server, sends a SYN ACK to the client server, and waits for the ACK from the client server.
The TCP sessions setup module 104 may itself be embedded in one or more other host server modules (not shown). The TCP session setup module may alternatively comprise a hardware or firmware component. For example, the software which handles the TCP handshake 108 on behalf of the host server 102 may be programmed onto a externally programmable read-only memory (“EPROM”) (not shown), and the EPROM may then be integrated into the host server. In another example, the ASIC or FPGA is integrated into the host server.
A TCP/IP segment includes a TCP header and an IP header as described in IETF RFC 793 “Transmission Control Protocol” section 3.1 “Header Format”, incorporated herein by reference. A TCP header optionally includes a sack-permitted option as described in IETF RFC 2018 “TCP Selective Acknowledgement Options” section 2 “Sack-Permitted Option”, incorporated herein by reference. A session SYN packet 210 is a TCP/IP segment with the SYN control bit in the TCP Header set to “1”. A session SYN/ACK packet 220 is a TCP/IP segment with the SYN control bit and the ACK control bit in the TCP header set to “1”. A Session ACK Packet 230 is a TCP/IP segment with the ACK control bit in the TCP header set to “1”.
Referring to FIG. 2 , in an embodiment, the TCP session setup module 104 receives a session SYN packet 210, obtains data from a session SYN packet 210, such as but not limited to the source IP address of the IP header, or the sequence number of the TCP header, and uses the data to generate a transition cookie 250. The transition cookie 250 is preferably a 32-bit data element. In response to the session SYN packet 210, the TCP session setup module 104 creates and sends out a session SYN/ACK packet 220 in accordance with IETF RFC 793 “Transmission Control Protocol” section 3.4 “Establishing a connection”, incorporated herein by reference. The TCP session setup module 104 preferably includes the transition cookie 250 as the sequence number of the TCP header in the session SYN/ACK packet 220.
After the TCP session setup module 104 has sent out the session SYN/ACK packet 220, it waits for receipt of a responding session ACK packet 230. In an embodiment, when a session SYN/ACK packet 230 is received, the TCP session setup module 104 generates a 32-bit candidate transition cookie 270 such that the sum of candidate transition cookie 270 and a value of “1” equal the acknowledgement number of the TCP header in the session ACK packet 230. For example, if the acknowledgement number is “41B4362A” in hexadecimal format the candidate transition cookie 270 is “41B43629” in hexadecimal format; the sum of “41B43629” and a value of “1” equals “41B4362A”. In another example, if the acknowledgement number is “00A30000” in hexadecimal format the candidate transition cookie 270 is “00A2FFFF” in hexadecimal format; the sum of “00A2FFFF” and a value of “1” equals “00A30000”. In another example, if the acknowledgement number is “00000000” in hexadecimal format the Candidate Transition Cookie 270 is “FFFFFFFF” in hexadecimal format; the sum of “FFFFFFFF” and a value of “1” equals “00000000”, with the most significant bit carried beyond the 32-bit boundary. The TCP session setup module 104 may thus validate the candidate transition cookie 270 in this manner. If the TCP session setup module 104 determines that the candidate transition cookie 270 is thus valid, the session ACK packet 230 is also valid. In this case, the TCP session setup module 104 obtains data from the validated session ACK packet 230 and sends the data and information generated during the validation of candidate transition cookie 270 to a computing module (not shown) for further processing.
In order to generate and validate transition cookies 250, 270, the TCP session setup module 104 may include a transition cookie generator 245 and a transition cookie validator 275, respectively. Alternatively, the generation and validation may be performed directly by the TCP session setup module 104. In the descriptions herein, references to the TCP and transition cookie validator 275 are understood to include any of the alternative embodiments of these components.
A transition cookie generator 245 includes the functionality of generating a transition cookie based on the data obtained from a session SYN 210 packet received by the TCP session setup module 104.
A transition cookie validator 275 includes the functionality of validating a candidate transition cookie 270 generated based on data obtained from a session ACK packet 230 received by the TCP session setup module 104.
In exemplary operation, a transition cookie generator 245 is software or firmware that generates a transition cookie 250 based on data obtained from a session SYN packet 210 received by the TCP session setup module 104. An exemplary method for generating a transition cookie 250 by a transition cookie generator 245 includes multiple steps as illustrated in FIGS. 3a-3c .
The transition cookie data element 330 is preferably a 32-bit data element, generated by the transition cookie generator 245 based on the selective ACK 321, the MSS index 324 and the 32-bit current time of day indicated by clock 305. Selective ACK 321 is a 1-bit data element which is set to a value of “1” by transition cookie generator 245 if a TCP header in a received session SYN packet 210 includes an optional sack-permitted option, or to “0” if a TCP header in a received session SYN packet 210 does not include an optional sack-permitted option.
Maximum Segment Size (“MSS”) 322 is the maximum number of bytes that TCP will allow in an TCP/IP packet, such as session SYN packet 210, session SYN/ACK packet 220, and session ACK packet 230, and is normally represented by an integer value in a TCP packet header. If a TCP header in a received session SYN packet 210 includes a maximum segment size option, the transition cookie generator 245 sets the MSS 322 to equal the maximum segment size option data of the maximum segment size option. Otherwise, if the TCP header in a received session SYN packet 210 does not include a maximum segment size option, the transition cookie generator 245 sets the MSS 322 to a default value, for example, such as integer “536”. The MSS index 324 is a 4-bit data element set by the transition cookie generator 245 based on the MSS 322. The transition cookie generator 245 preferably includes an MSS table 307, which maps an MSS 322 to an MSS index 324. The transition cookie generator 245 maps a MSS 322 with the MSS table 307 to set the value of MSS index 324. For example, MSS 322 has an integer value of “1460”. After the mapping, MSS index 324 has a value of “4” as represented in hexadecimal format. In an alternative embodiment, means other than an MSS table 307 may be employed to determine the MSS index 324 value, such as the use of a mapping algorithm.
In generating a transition cookie data element 330, the transition cookie generator 245 sets a transition cookie data element 330 to equal the 32-bit current time of day indicated by clock 305. For example, the 32-bit current time of day may be “A68079E8” as represented in hexadecimal format, so the transition cookie data element 330 has a value of “A68079E8”.
Next, the transition cookie generator 245 replaces the least significant 4 bits (bit 0-3) of transition cookie data element 330 with the MSS index 324, and replaces bit 4 of a transition cookie data element 330 with selective ACK 321. For example, if a transition cookie data element 330 has been set to a value of “A68079E8”, selective ACK 321 has a value of “1”, and MSS index 324 has a value of “4” as represented in hexadecimal format, after the replacements, transition cookie data element 330 has a value of “A68079F4” in hexadecimal format.
Next, since the transition cookie secret key 360 is a 128-bit data element, the transition cookie generator 245 may use a hash function to generate the transition cookie secret key 360 from the first data item 340. Further, the transition cookie generator 245 may use a secret key offset 301, which may be a 6-bit integer value, to select a 6-bit non-negative integer from first data item 340 starting at the bit indicated by secret key offset 301. For example, if the secret key offset 301 has a value of “12” and the first data item 340 has a hexadecimal value of “C0A801869A275B84129900F0”, the transition cookie generator 245 selects a 6-bit non-negative integer from the first data item 340 starting at bit 12 (bit 12-17). The selected non-negative integer is of this example is thus “16”. The transition cookie generator 245 then uses the selected non-negative integer to select 64 bits of data from the first data item 340, starting at the bit indicated by the selected non-negative integer, to generate the second data item 350, which has 64 bits.
For example, if the selected non-negative integer is “8” and the first data item 340 has a hexadecimal value of “C0A801869A275B84129900F0”, the transition cookie generator 245 selects 64 bits (bit 8-71) of the first data item 340 to generate a second data item 350, having a hexadecimal value of “869A275B84129900”. In another example, if the selected non-negative integer is “52”, and the transition cookie generator 245 selects 64 bits (bit 52-95 and bit 0-19) of the first data item 340 in a wrap-around fashion, bits 52-95 have a hexadecimal value of “C0A801869A2”, and bit 0-19 have a hexadecimal value of “900F0”, so the generated second data item 350 has a hexadecimal value of “900F0C0A801869A2”. The transition cookie generator 245 then generates a transition cookie secret key 360 by storing the second data item 350 in the least significant 64 bits (bit 0-63) of the transition cookie secret key 360 and setting the most significant 64 bits (bit 64-127) to “0”. For example, if the second data item 350 has a hexadecimal value of “869A275B84129900”, the transition cookie secret key 360 has a hexadecimal value of “0000000000000000869A275B84129900”.
Next, the transition cookie generator 245 performs an unsigned binary addition on an encrypted data element 370 and the sequence number 318, and stores the result in the transition cookie 250. For example, if the encrypted data element 370 has a value of “0025BC83” in hexadecimal format, and the sequence number 318 has a value of “0743BD55” in hexadecimal format, the result of the addition is hexadecimal “076979D8”. After the addition, the transition cookie 250 has a value of “076979D8” in hexadecimal. In another example, if the encrypted data element 370 has a value of “BE43D096” in hexadecimal format, and the sequence number 318 has a value of “9A275B84” in hexadecimal format, the result of the addition, and the value of transition cookie 250 is hexadecimal “1586B2C1A”, with the most significant bit carried beyond the 32-bit boundary.
In another embodiment, a transition cookie generator 245 may use different steps to generate a transition cookie secret key 360. For example, a secret key offset 301 may be an integer of a different bit length, such as a 4-bit integer value, a 3-bit integer value, or a 5-bit integer value. Also, a transition cookie generator 245 may use a secret key offset 301 to select a non-negative integer value of a different bit length from a first data item 340. For example, a transition cookie generator 245 may select a 4-bit non-negative integer value, a 7-bit non-negative integer value, or a 5-bit non-negative value from a first data item 340.
In other embodiments, a transition cookie generator 245 may store a second data item 350 in the least significant 64 bits (bit 0-63) of a transition cookie secret key 360 or store second data item 350 in the most significant 64 bits (bit 64-127) of a transition cookie secret key 360.
A transition cookie generator 245 may also perform an exclusive-or operation on the most significant 48 bits (bit 0-47) of a first data item 340 and the least significant 48 bits (bit 48-95) of a first data element 340 to form a 48-bit temporary data element (not shown). Similarly, in another embodiment, a transition cookie generator 245 may perform an exclusive-or operation on the 48 even bits (bit 0, 2, 4, . . . 90, 92, 94) and the 48 odd bits (bit 1, 3, 5, . . . 93, 95, 97) to form a 48 bit temporary data element. In yet another embodiment, a transition cookie generator 245 may store a 48-bit temporary data element in the least significant 48 bits (bit 0-47) and the most significant 48 bits (bit 80-127) of a transition cookie secret key 360, and set bit 48-79 to “0”, or store a 48-bit temporary data element in the least significant 48 bits (bit 0-47) of a transition cookie secret key 360, and set the most significant 80 bits (bit 48-127) of a transition cookie secret key 360 to “0”.
In other embodiments of the invention, a transition cookie generator 245 may use an encryption algorithm to generate a transition cookie secret key 360 from the first data item 340.
In another embodiment, a transition cookie generator 245 includes a secret key and an encryption algorithm, and uses a first data element 340 as a plaintext input, and a secret key as an encryption key input to the encryption algorithm to generate a 128-bit ciphertext output. Next, a transition cookie generator 245 generates a transition cookie secret key 360 as a 128-bit ciphertext output. Alternatively, the ciphertext output may be a 96-bit data element, and a transition cookie generator 245 stores a 96-bit ciphertext output in the least significant 96 bits (bit 0-95) of a transition cookie secret key 360, and sets the most significant 32 bits (bit 96-127) to “0”. In another alternative, a transition cookie generator 245 stores the least significant 32 bits (bit 0-31) of a 96-bit ciphertext output in the most significant 32 bits (bit 96-127) of a transition cookie secret key 360.
As seen in FIG. 2 , a transition cookie validator 275 validates a candidate transition cookie 270 generated from a session ACK packet 230 received by the TCP session setup module 104. An exemplary method for validating a candidate transition cookie 270 by a transition cookie validator 275 may include multiple steps as illustrated in FIGS. 4a-4d .
The candidate sequence number 428 may be a 32-bit data element generated by a transition cookie validator 275 such that the sum of candidate sequence number 428 and a value of “1” equals the sequence number 418.
The candidate encrypted data element 470 is generated by the transition cookie validator 275 such that the result of performing an unsigned binary addition of the candidate encrypted data element 470 and the candidate sequence number 428 equals the candidate transition cookie 270.
Next, the 128-bit candidate transition cookie secret key 460 is generated from a first data item 440 by a transition cookie validator 275 using a hash function. In an embodiment, a transition cookie validator 275 uses a 6-bit secret key offset 401 to select a 6-bit non-negative integer from a first data item 440 starting at a bit indicated by secret key offset 401. For example, if the secret key offset 401 has a value of “12” and the first data item 440 is “C0A801869A275B84129900F0”, the transition cookie validator 275 selects a 6-bit non-negative integer from the first data item 440 starting at bit 12 (bits 12-17), selecting the non-negative integer “16”. The transition cookie validator 275 then generates a 64-bit second data item 350 by using the selected non-negative integer to select 64 bits of data from the first data item 440, starting at the bit indicated by the selected non-negative integer.
For example, if the selected non-negative integer is “8” and the first data item 440 has a hexadecimal value of “C0A801869A275B84129900F0”, the transition cookie validator 275 selects 64 bits (bit 8-71) of the first data item 440 to generate a second data item 450 having a hexadecimal value of “869A275B84129900”. In another example, if the first data item 440 has a hexadecimal value of “C0A801869A275B84129900F0”, and the selected non-negative integer is “52”, the transition cookie validator 275 selects 64 bits (bit 52-95 and bit 0-19) in a wrap-around fashion. Bits 52-95 have a hexadecimal value of “C0A801869A2”, and bits 0-19 have a hexadecimal value of “900F0”, so the generated second data item 450 has a hexadecimal value of “900F0C0A801869A2”.
Next, the transition cookie validator 275 generates a candidate transition cookie secret key 460 by storing the second data item 450 in the least significant 64 bits (bit 0-63) of the candidate transition cookie secret key 460 and setting the most significant 64 bits (bit 64-127) to “0”. For example, if the second data item 450 has a hexadecinmal value of “869A275B84129900”, the candidate transition cookie secret key 460 has a hexadecimal value of “0000000000000000869A275B84129900”.
In an embodiment, a transition cookie validator 275 applies a cryptographic method 408 on a candidate transition cookie secret key 460 and a candidate encrypted data element 470. An exemplary cryptographic method 408 is an RC5 algorithm described in IETF RFC 2040 “The RC5, RC5-CBC, RC5-CBC-Pad, and RC5-CTS Algorithms” section 1 “Overview”, and sections 2-8 with detailed explanations, incorporated herein by reference. The RC5 algorithm takes a 32-bit ciphertext input and a 128-bit decryption key to generate a 32-bit plaintext output. A transition cookie validator 275 uses a candidate encrypted data element 470 as a ciphertext input to the RC5 algorithm, and a candidate transition cookie secret key 460 as a decryption key input to the RC5 algorithm, to generate a 32-bit candidate transition cookie data element 430 as the plaintext output of the RC5 decryption algorithm.
Next, a transition cookie validator 275 sets a 32-bit adjusted candidate transition cookie data element 431 to equal the candidate transition cookie data element 430, and then sets the least significant 5 bits (bit 0-4) of the adjusted candidate transition cookie data element 431 to “0”. For example, if the adjusted candidate transition cookie data element 431 has a hexadecimal value of “89DB468F”, after setting the least significant 5 bits to “0”, the adjusted candidate transition cookie data element 431 has a hexadecimal value of “89DB4680”.
The transition cookie validator 275 may then determine if the candidate transition cookie data element 430 is valid by determining if the adjusted candidate transition cookie data element 431 is within a time margin of 3 seconds of the modified current time 409. In an embodiment, in order to determine if the adjusted candidate transition cookie data element 431 is within a time margin of 3 seconds of the modified current time 409, the transition cookie stores the modified current time 409 in the least significant 32 bits (bit 0-31) of a first 33-bit time data element, sets the most significant bit (bit 32) to “0”, and adds 6 seconds to the first 33-bit time data element. Adding 6 seconds is to add 6,000,000 micro seconds as represented by “5B8D80” in hexadecimal format. For example, if before the addition, the first 33-bit time data element has a hexadecimal value of “0FFFFFAE2”, After the addition of “5B8D80”, the first 33-bit time data element has a hexadecimal value of “1005B8862”. The transition cookie validator 275 stores the adjusted candidate transition cookie data element 431 in the least significant 32 bits (bit 0-31) of a second 33-bit time data element, sets the most significant bit (bit 32) to “0”, and adds 3 seconds to the second 33-bit time data element. Adding 3 seconds is to add 3,000,000 micro seconds as represented by hexadecimal “2DC6C0”. The transition cookie validator 275 stores the modified current time 409 in the least significant 32 bits (bit 0-31) of a third 33-bit time data element, and sets the most significant bit (bit 32) to “0”. If the second 33-bit time data element is smaller than the first 33-bit time data element and the second 33-bit time data element is larger than the third 33-bit time data element, the transition cookie validator 275 determines that the adjusted candidate transition cookie data element 431 is within 3 seconds of the modified current time 409, and thus that the candidate transition cookie data element 430 is valid.
There are many different encryption algorithms that use encryption keys of different bit lengths, such as, for example, 56-bit, 64-bit, 96-bit, 128-bit. These may generate ciphertext outputs of different bit lengths, for example, 96-bit, 64-bit, 128-bit, or 32-bit. Persons of ordinary skill in the cipher arts will be able to apply different methods, for example a hash function, to generate the transition cookie secret key 360 from the ciphertext output.
A transition cookie validator 275 may also use different steps to generate a candidate transition cookie secret key 460. The steps used by a transition cookie validator 275 to generate a candidate transition cookie secret key 460 are similar to the steps used by a transition cookie generator 245 to generate a transition cookie secret key 360.
Alternative embodiments of the invention may employ a different algorithm for the cryptographic methods 308, 408. In one example, the different algorithm is an RC2 algorithm described in IETF RFC 2268 “A Description of the RC2(r) Encryption Algorithm” section 1 “Introduction” and section 2-4 with detailed explanation, incorporated herein by reference. In another example, the different algorithm is a Blowfish algorithm. In one other example, the different algorithm is a Data Encryption Standards (“DES”) algorithm based on Federal Information Processing Standards Publication “Data Encryption Standard (DES) FIPS PUB 46-3”, which is incorporated herein by reference in its entirety. Other algorithms are also usable.
Also, a transition cookie validator 275 may use different time margins of modified current time 409 to determine if the candidate transition cookie data element is valid. Different time margins include but are not limited to 1 second, 4 seconds, 6 seconds, 2 seconds, or 11 seconds.
In an embodiment, the method of generating a transition cookie includes MD5 signature option information in the TCP options field. When this method is used, the method of validating a candidate transition cookie 270 correspondingly includes the MD5 signature option information in the TCP options field.
In another embodiment, transition cookie generator 245 may include a plurality of transition cookie generation methods for generating transition cookie 250. For example, the secret key offset 301 may have a different value, such as an integer value of different bit length, such as 4-bit, or 8-bit. In other examples, the selected non-negative integer from first data item 340 may be of different bit length, such as 8-bit, or 10-bit, the cryptographic method 308 may be a different algorithm than RC5, or the generating of transition cookie data element 330 may include MD5 signature option information in the TCP options field of session SYN packet 210. A transition cookie generation method may include steps different from the steps in the exemplary method illustrated in FIGS. 3a-3c .
In an embodiment, the transition cookie generator 245 may selects method to generate transition cookie 250 based on random data.
The random data may include time. In one embodiment, transition cookie generator 245 selects a method based on the time of day. Alternatively, the transition cookie generator 245 may select a method after a time period, such as 10 seconds, 30 seconds, 2 minutes or 3 hours.
In another embodiment, the random data may include a source IP address in session SYN packet 210, or a destination IP address in session SYN packet 210.
The random data may include the network interface at which a TCP session setup module 104 receives a session SYN packet 210, or a Virtual Local Area Network (VLAN) information associated with a session SYN packet 210.
In one embodiment, transition cookie validator 275 includes a plurality of transition cookie validation methods for validating candidate transition cookie 270. A transition cookie validation method may include steps different from the steps in the exemplary method illustrated in FIGS. 4a-4d . A transition cookie validator 275 may select a method to validate candidate transition cookie 270 based on random data.
In these embodiments it is understood to be preferred that the transition cookie validator 275 selects a complementary method to the method selected by transition cookie generator 245.
Although the invention herein has been described with reference to particular embodiments, it is to be understood that these embodiments are merely illustrative of the principles and applications of the present invention. It is therefore to be understood that numerous modifications may be made to the illustrative embodiments and that other arrangements may be devised without departing from the spirit and scope of the present invention as defined by the appended claims.
Claims (28)
1. A system for TCP SYN cookie validation at a host server comprising:
a session SYN packet receiver for receiving a session SYN packet;
a transition cookie generator operating to generate a transition cookie with the use of a transition cookie secret key, the transition cookie comprising a time value representing the actual time, wherein the transition cookie generator generates the transition cookie secret key based on data obtained from the received session SYN packet, the data obtained from the SYN packet including at least one of a source IP address of an IP header, a destination port, a source port, and a sequence number of a TCP header in the received session SYN packet, wherein the transition cookie generator concatenates the obtained data from the session SYN packet to generate a first data item of the generator and the transition cookie generator uses a first hash function to generate the transition cookie secret key from the first data item of the generator;
a session SYN/ACK packet sender for sending the transition cookie in response to the received session SYN packet;
a session ACK packet receiver for receiving a session ACK packet, the session ACK packet including a candidate transition cookie; and
a transition cookie validator, for determining whether the candidate transition cookie in the received session ACK packet comprises a time value representing a time within a predetermined time interval from the time the session ACK packet is received, wherein the transition cookie validator generates a candidate transition cookie secret key based on data obtained from the received session ACK packet, the data obtained from the ACK packet including at least one of a source IP address of the IP header, a destination port, and a source port, wherein the transition cookie validator concatenates the obtained data from the session ACK packet to generate a first data item of the validator and the transition cookie validator uses the first or another hash function to generate the candidate transition cookie secret key from the first data item of the validator,
wherein at least one of:
the transition cookie generator uses a secret key offset to select one or more bits of data from the first data item of the generator in order to generate a second data item of the generator, and
the transition cookie validator uses a candidate secret key offset to select one or more bits of data from the first data item of the validator in order to generate a second data item of the validator.
2. The system according to claim 1 , in which the transition cookie validator determines that the received session ACK packet is valid if the candidate transition cookie in the received session ACK packet comprises a time value representing a time within a predetermined time interval from the time the session ACK packet is received.
3. The system according to claim 1 , in which the predetermined time interval is in the range of one to six seconds.
4. The system according to claim 1 , in which the predetermined time interval is three seconds.
5. The system according to claim 1 , in which the generating of the transition cookie includes the use of random data.
6. The system according to claim 1 , in which the generating of the transition cookie includes the use of data obtained from the session SYN packet.
7. A system for TCP SYN cookie validation at a host server comprising:
a session SYN packet receiver for receiving a session SYN packet;
a transition cookie generator operating to generate a transition cookie with the use of a transition cookie secret key, the transition cookie comprising a time value representing the actual time, wherein the transition cookie generator generates the transition cookie by (i) generating an encrypted data element of the generator by applying a cryptographic method on the transition cookie secret key and a transition cookie data element, (ii) performing an unsigned binary addition on the encrypted data element of the generator and a sequence number of a TCP header in the received session SYN packet, and (iii) storing the result in the transition cookie;
a session SYN/ACK packet sender for sending the transition cookie in response to the received session SYN packet;
a session ACK packet receiver for receiving a session ACK packet, the session ACK packet including a candidate transition cookie; and
a transition cookie validator, for determining whether the candidate transition cookie in the received session ACK packet comprises a time value representing a time within a predetermined time interval from the time the session ACK packet is received.
8. The system according to claim 7 , wherein the transition cookie data element comprises data based on at least one of: a selective ACK, an MSS index, and a 32-bit current time of day indicated by a clock.
9. A system for TCP SYN cookie validation at a host server comprising:
a session SYN packet receiver for receiving a session SYN packet;
a transition cookie generator operating to generate a transition cookie with the use of a transition cookie secret key, the transition cookie comprising a time value representing the actual time;
a session SYN/ACK packet sender for sending the transition cookie in response to the received session SYN packet;
a session ACK packet receiver for receiving a session ACK packet, the session ACK packet including a candidate transition cookie; and
a transition cookie validator, for determining whether the candidate transition cookie in the received session ACK packet comprises a time value representing a time within a predetermined time interval from the time the session ACK packet is received, wherein the transition cookie validator generates:
a candidate sequence number such that a sequence number of a TCP header in the received session ACK packet equals the sum of the candidate sequence number and a value of 1,
a candidate encrypted data element such that the result of performing an unsigned binary addition of the candidate encrypted data element and a candidate sequence number equals the candidate transition cookie, and
a candidate transition cookie data element by applying a cryptographic method on a candidate transition cookie secret key and the candidate encrypted data element.
10. The system according to claim 9 , wherein the transition cookie validator validates the candidate transition cookie data element by adjusting the candidate transition cookie data element to generate, and determining if the adjusted candidate transition cookie data element is within a predetermined time margin of a modified current time.
11. A system for TCP SYN cookie validation at a host server, the system comprising:
at least one processor and a memory storing:
a session SYN packet receiver, wherein when the session SYN packet receiver is executed by the at least one processor, the session SYN packet receiver causing the at least one processor to receive a session SYN packet;
a transition cookie generator, the transition cookie generator being executed by the at least one processor to generate a transition cookie with the use of a transition cookie secret key, the transition cookie comprising a time value representing the actual time;
a session SYN/ACK packet sender, the session SYN/ACK packet sender being executed by the at least one processor to send the transition cookie in response to the received session SYN packet;
a session ACK packet receiver, the session ACK packet receiver being executed by the at least one processor to receive a session ACK packet, the session ACK packet including a candidate transition cookie; and
a transition cookie validator, the transition cookie validator being executed by the at least one processor to determine whether the candidate transition cookie in the received session ACK packet comprises a time value representing a time within a predetermined time interval from the time the session ACK packet is received; and
wherein:
the transition cookie generator is executed by the at least one processor to generate the transition cookie secret key based on data obtained from the received session SYN packet;
the transition cookie validator is executed by the at least one processor to generate a candidate transition cookie secret key based on data obtained from the received session ACK packet;
the transition cookie generator is executed by the at least one processor to concatenate the obtained data from the session SYN packet to generate a first data item of the generator;
the transition cookie validator is executed by the at least one processor to concatenate the obtained data from the session ACK packet to generate a first data item of the validator;
the transition cookie generator is executed by the at least one processor to use a secret key offset to select one or more bits of data from the first data item of the generator in order to generate a second data item of the generator, and
the transition cookie validator is executed by the at least one processor to use a candidate secret key offset to select one or more bits of data from the first data item of the validator in order to generate a second data item of the validator.
12. The system according to claim 11, wherein:
when the transition cookie secret key is generated based on data obtained from the received session SYN packet, the obtained data includes at least one of: a source IP address of an IP header, a destination port, a source port, and a sequence number of a TCP header in the received session SYN packet, and
when the candidate transition cookie secret key is generated based on data obtained from the received session ACK packet, the obtained data includes at least one of:
a source IP address of the IP header, a destination port, and a source port.
13. The system according to claim 11, wherein at least one of:
the transition cookie generator is executed by the at least one processor to use a first hash function to generate the transition cookie secret key from the first data item of the generator, and
when the transition cookie validator is executed by the at least one processor to use the first or another hash function to generate the candidate transition cookie secret key from the first data item of the validator.
14. The system according to claim 11, in which the transition cookie validator is executed by the at least one processor to determine that the received session ACK packet is valid if the candidate transition cookie in the received session ACK packet comprises a time value representing a time within a predetermined time interval from the time the session ACK packet is received.
15. The system according to claim 11, in which the predetermined time interval is in the range of one to six seconds.
16. The system according to claim 11, in which the predetermined time interval is three seconds.
17. The system according to claim 11, in which the generating of the transition cookie includes the use of random data.
18. The system according to claim 11, in which the generating of the transition cookie includes the use of data obtained from the session SYN packet.
19. A system for TCP SYN cookie validation at a host server, the system comprising:
at least one processor and a memory storing:
a session SYN packet receiver, wherein the session SYN packet receiver is executed by the at least one processor to receive a session SYN packet;
a transition cookie generator, wherein the transition cookie generator is executed by the at least one processor to generate a transition cookie with the use of a transition cookie secret key, the transition cookie comprising a time value representing the actual time;
a session SYN/ACK packet sender, wherein the session SYN/ACK packet sender is executed by the at least one processor to send the transition cookie in response to the received session SYN packet;
a session ACK packet receiver, wherein when the session ACK packet receiver is executed by the at least one processor to receive a session ACK packet, the session ACK packet including a candidate transition cookie; and
a transition cookie validator, wherein the transition cookie validator is executed by the at least one processor to determine whether the candidate transition cookie in the received session ACK packet comprises a time value representing a time within a predetermined time interval from the time the session ACK packet is received; and wherein:
the transition cookie generator is executed by the at least one processor to generate the transition cookie by (i) generating an encrypted data element of the generator by applying a cryptographic method on the transition cookie secret key and a transition cookie data element, (ii) performing an unsigned binary addition on the encrypted data element of the generator and a sequence number of a TCP header in the received session SYN packet, and (iii) storing the result in the transition cookie.
20. The system according to claim 19, wherein the transition cookie data element comprises data based on at least one of: a selective ACK, an MSS index, and a 32-bit current time of day indicated by a clock.
21. The system according to claim 19, in which the transition cookie validator is executed by the at least one processor to determine that the received session ACK packet is valid if the candidate transition cookie in the received session ACK packet comprises a time value representing a time within a predetermined time interval from the time the session ACK packet is received.
22. The system according to claim 19, in which the predetermined time interval is in the range of one to six seconds.
23. The system according to claim 19, in which the predetermined time interval is three seconds.
24. The system according to claim 19, in which the generating of the transition cookie includes the use of random data.
25. The system according to claim 19, in which the generating of the transition cookie includes the use of data obtained from the session SYN packet.
26. A system for TCP SYN cookie validation at a host server, the system comprising:
at least one processor and a memory storing:
a session SYN packet receiver, wherein the session SYN packet receiver is executed by the at least one processor to receive a session SYN packet;
a transition cookie generator, wherein the transition cookie generator is executed by the at least one processor to generate a transition cookie with the use of a transition cookie secret key, the transition cookie comprising a time value representing the actual time;
a session SYN/ACK packet sender, wherein the session SYN/ACK packet sender is executed by the at least one processor to send the transition cookie in response to the received session SYN packet;
a session ACK packet receiver, wherein the session ACK packet receiver is executed by the at least one processor to receive a session ACK packet, the session ACK packet including a candidate transition cookie; and
a transition cookie validator, wherein the transition cookie validator is executed by the at least one processor to determine whether the candidate transition cookie in the received session ACK packet comprises a time value representing a time within a predetermined time interval from the time the session ACK packet is received; and to generate:
a candidate sequence number such that a sequence number of a TCP header in the received session ACK packet equals the sum of the candidate sequence number and a value of 1,
a candidate encrypted data element such that the result of performing an unsigned binary addition of the candidate encrypted data element and a candidate sequence number equals the candidate transition cookie, and
a candidate transition cookie data element by (i) applying a cryptographic method on a candidate transition cookie secret key and the candidate encrypted data element.
27. The system according to claim 26, wherein the transition cookie validator is executed by the at least one processor to validate the candidate transition cookie data element by adjusting the candidate transition cookie data element to generate, and determining if the adjusted candidate transition cookie data element is within a predetermined time margin of a modified current time.
28. The system according to claim 26, in which when the transition cookie validator is executed by the at least one processor to determine that the received session ACK packet is valid if the candidate transition cookie in the received session ACK packet comprises a time value representing a time within a predetermined time interval from the time the session ACK packet is received.
Priority Applications (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US14/151,803 USRE47296E1 (en) | 2006-02-21 | 2014-01-09 | System and method for an adaptive TCP SYN cookie with time validation |
US16/235,249 USRE49053E1 (en) | 2006-02-21 | 2018-12-28 | System and method for an adaptive TCP SYN cookie with time validation |
Applications Claiming Priority (3)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US11/358,245 US7675854B2 (en) | 2006-02-21 | 2006-02-21 | System and method for an adaptive TCP SYN cookie with time validation |
US13/413,191 USRE44701E1 (en) | 2006-02-21 | 2012-03-06 | System and method for an adaptive TCP SYN cookie with time validation |
US14/151,803 USRE47296E1 (en) | 2006-02-21 | 2014-01-09 | System and method for an adaptive TCP SYN cookie with time validation |
Related Parent Applications (2)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US11/358,245 Reissue US7675854B2 (en) | 2006-02-21 | 2006-02-21 | System and method for an adaptive TCP SYN cookie with time validation |
US13/413,191 Continuation USRE44701E1 (en) | 2006-02-21 | 2012-03-06 | System and method for an adaptive TCP SYN cookie with time validation |
Related Child Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US11/358,245 Continuation US7675854B2 (en) | 2006-02-21 | 2006-02-21 | System and method for an adaptive TCP SYN cookie with time validation |
Publications (1)
Publication Number | Publication Date |
---|---|
USRE47296E1 true USRE47296E1 (en) | 2019-03-12 |
Family
ID=38428122
Family Applications (4)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US11/358,245 Ceased US7675854B2 (en) | 2006-02-21 | 2006-02-21 | System and method for an adaptive TCP SYN cookie with time validation |
US13/413,191 Active 2029-01-09 USRE44701E1 (en) | 2006-02-21 | 2012-03-06 | System and method for an adaptive TCP SYN cookie with time validation |
US14/151,803 Active 2029-01-09 USRE47296E1 (en) | 2006-02-21 | 2014-01-09 | System and method for an adaptive TCP SYN cookie with time validation |
US16/235,249 Active 2029-01-09 USRE49053E1 (en) | 2006-02-21 | 2018-12-28 | System and method for an adaptive TCP SYN cookie with time validation |
Family Applications Before (2)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US11/358,245 Ceased US7675854B2 (en) | 2006-02-21 | 2006-02-21 | System and method for an adaptive TCP SYN cookie with time validation |
US13/413,191 Active 2029-01-09 USRE44701E1 (en) | 2006-02-21 | 2012-03-06 | System and method for an adaptive TCP SYN cookie with time validation |
Family Applications After (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US16/235,249 Active 2029-01-09 USRE49053E1 (en) | 2006-02-21 | 2018-12-28 | System and method for an adaptive TCP SYN cookie with time validation |
Country Status (1)
Country | Link |
---|---|
US (4) | US7675854B2 (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
USRE49053E1 (en) * | 2006-02-21 | 2022-04-26 | A10 Networks, Inc. | System and method for an adaptive TCP SYN cookie with time validation |
Families Citing this family (53)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7720977B1 (en) * | 2003-02-11 | 2010-05-18 | Foundry Networks, Inc. | Cookie invalidation or expiration by a switch |
US8149708B2 (en) * | 2006-04-20 | 2012-04-03 | Cisco Technology, Inc. | Dynamically switching streams of packets among dedicated and shared queues |
US8312507B2 (en) | 2006-10-17 | 2012-11-13 | A10 Networks, Inc. | System and method to apply network traffic policy to an application session |
US8584199B1 (en) | 2006-10-17 | 2013-11-12 | A10 Networks, Inc. | System and method to apply a packet routing policy to an application session |
US8205080B2 (en) * | 2007-05-11 | 2012-06-19 | Microsoft Corporation | Over the air communication authentication using a device token |
US8296835B2 (en) * | 2007-05-11 | 2012-10-23 | Microsoft Corporation | Over the air communication authentication using a service token |
US7921282B1 (en) | 2007-08-20 | 2011-04-05 | F5 Networks, Inc. | Using SYN-ACK cookies within a TCP/IP protocol |
CN102014110A (en) * | 2009-09-08 | 2011-04-13 | 华为技术有限公司 | Method for authenticating communication flows, communication system and protective device |
US9960967B2 (en) * | 2009-10-21 | 2018-05-01 | A10 Networks, Inc. | Determining an application delivery server based on geo-location information |
KR101263329B1 (en) * | 2009-12-02 | 2013-05-16 | 한국전자통신연구원 | Method and apparatus for preventing network attacks, method and apparatus for processing transmission and receipt of packet comprising the same |
US8380994B2 (en) | 2009-12-23 | 2013-02-19 | Citrix Systems, Inc. | Systems and methods for generating and managing cookie signatures for prevention of HTTP denial of service in multi-core system |
US9215275B2 (en) | 2010-09-30 | 2015-12-15 | A10 Networks, Inc. | System and method to balance servers based on server load status |
US9609052B2 (en) | 2010-12-02 | 2017-03-28 | A10 Networks, Inc. | Distributing application traffic to servers based on dynamic service response time |
KR101510432B1 (en) * | 2010-12-22 | 2015-04-10 | 한국전자통신연구원 | Apparatus for analizing traffic |
US8595477B1 (en) * | 2011-03-24 | 2013-11-26 | Google Inc. | Systems and methods for reducing handshake delay in streaming protocol web requests |
US8897154B2 (en) | 2011-10-24 | 2014-11-25 | A10 Networks, Inc. | Combining stateless and stateful server load balancing |
US9386088B2 (en) | 2011-11-29 | 2016-07-05 | A10 Networks, Inc. | Accelerating service processing using fast path TCP |
US9094364B2 (en) | 2011-12-23 | 2015-07-28 | A10 Networks, Inc. | Methods to manage services over a service gateway |
US10044582B2 (en) | 2012-01-28 | 2018-08-07 | A10 Networks, Inc. | Generating secure name records |
US9027129B1 (en) * | 2012-04-30 | 2015-05-05 | Brocade Communications Systems, Inc. | Techniques for protecting against denial of service attacks |
US9596286B2 (en) | 2012-05-25 | 2017-03-14 | A10 Networks, Inc. | Method to process HTTP header with hardware assistance |
CN103491061B (en) * | 2012-06-13 | 2017-02-15 | 华为技术有限公司 | Attack mitigation method, serial number providing method and equipment |
US8782221B2 (en) | 2012-07-05 | 2014-07-15 | A10 Networks, Inc. | Method to allocate buffer for TCP proxy session based on dynamic network conditions |
US9843484B2 (en) | 2012-09-25 | 2017-12-12 | A10 Networks, Inc. | Graceful scaling in software driven networks |
US9106561B2 (en) | 2012-12-06 | 2015-08-11 | A10 Networks, Inc. | Configuration of a virtual service network |
US10002141B2 (en) | 2012-09-25 | 2018-06-19 | A10 Networks, Inc. | Distributed database in software driven networks |
US10021174B2 (en) | 2012-09-25 | 2018-07-10 | A10 Networks, Inc. | Distributing service sessions |
KR101692751B1 (en) | 2012-09-25 | 2017-01-04 | 에이10 네트워크스, 인코포레이티드 | Load distribution in data networks |
US9338225B2 (en) | 2012-12-06 | 2016-05-10 | A10 Networks, Inc. | Forwarding policies on a virtual service network |
US8978143B2 (en) * | 2013-01-02 | 2015-03-10 | Verisign, Inc. | Reverse authorized SYN cookie |
US9531846B2 (en) | 2013-01-23 | 2016-12-27 | A10 Networks, Inc. | Reducing buffer usage for TCP proxy session based on delayed acknowledgement |
US9900252B2 (en) | 2013-03-08 | 2018-02-20 | A10 Networks, Inc. | Application delivery controller and global server load balancer |
US9992107B2 (en) | 2013-03-15 | 2018-06-05 | A10 Networks, Inc. | Processing data packets using a policy based network path |
US10027761B2 (en) | 2013-05-03 | 2018-07-17 | A10 Networks, Inc. | Facilitating a secure 3 party network session by a network device |
US10038693B2 (en) | 2013-05-03 | 2018-07-31 | A10 Networks, Inc. | Facilitating secure network traffic by an application delivery controller |
US10230770B2 (en) | 2013-12-02 | 2019-03-12 | A10 Networks, Inc. | Network proxy layer for policy-based application proxies |
KR20150084307A (en) * | 2014-01-13 | 2015-07-22 | 삼성전자주식회사 | Apparatus and method for controlling an web loading time in a network |
US10020979B1 (en) | 2014-03-25 | 2018-07-10 | A10 Networks, Inc. | Allocating resources in multi-core computing environments |
US9942152B2 (en) | 2014-03-25 | 2018-04-10 | A10 Networks, Inc. | Forwarding data packets using a service-based forwarding policy |
US9942162B2 (en) | 2014-03-31 | 2018-04-10 | A10 Networks, Inc. | Active application response delay time |
US9806943B2 (en) | 2014-04-24 | 2017-10-31 | A10 Networks, Inc. | Enabling planned upgrade/downgrade of network devices without impacting network sessions |
US9848067B2 (en) * | 2014-04-25 | 2017-12-19 | Cisco Technology, Inc. | Managing sequence values with added headers in computing devices |
US9906422B2 (en) | 2014-05-16 | 2018-02-27 | A10 Networks, Inc. | Distributed system to determine a server's health |
US9992229B2 (en) | 2014-06-03 | 2018-06-05 | A10 Networks, Inc. | Programming a data network device using user defined scripts with licenses |
US10129122B2 (en) | 2014-06-03 | 2018-11-13 | A10 Networks, Inc. | User defined objects for network devices |
US9986061B2 (en) | 2014-06-03 | 2018-05-29 | A10 Networks, Inc. | Programming a data network device using user defined scripts |
US10581976B2 (en) | 2015-08-12 | 2020-03-03 | A10 Networks, Inc. | Transmission control of protocol state exchange for dynamic stateful service insertion |
US10243791B2 (en) | 2015-08-13 | 2019-03-26 | A10 Networks, Inc. | Automated adjustment of subscriber policies |
US10318288B2 (en) | 2016-01-13 | 2019-06-11 | A10 Networks, Inc. | System and method to process a chain of network applications |
US10158666B2 (en) * | 2016-07-26 | 2018-12-18 | A10 Networks, Inc. | Mitigating TCP SYN DDoS attacks using TCP reset |
US10389835B2 (en) | 2017-01-10 | 2019-08-20 | A10 Networks, Inc. | Application aware systems and methods to process user loadable network applications |
US11323529B2 (en) * | 2017-07-18 | 2022-05-03 | A10 Networks, Inc. | TCP fast open hardware support in proxy devices |
US11019022B1 (en) | 2020-01-28 | 2021-05-25 | F5 Networks, Inc. | Processing packets with returnable values |
Citations (427)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5218602A (en) | 1991-04-04 | 1993-06-08 | Dsc Communications Corporation | Interprocessor switching network |
TW269763B (en) | 1995-09-12 | 1996-02-01 | Ind Tech Res Inst | Seamless handoff for a wireless/wired LAN internetworking |
JPH0997233A (en) | 1995-09-28 | 1997-04-08 | Nec Corp | Load distributing method for on-line information processing system |
US5774660A (en) | 1996-08-05 | 1998-06-30 | Resonate, Inc. | World-wide-web server with delayed resource-binding for resource-based load balancing on a distributed resource multi-node network |
US5862339A (en) | 1996-07-09 | 1999-01-19 | Webtv Networks, Inc. | Client connects to an internet access provider using algorithm downloaded from a central server based upon client's desired criteria after disconnected from the server |
US5875185A (en) | 1995-10-10 | 1999-02-23 | Industrial Technology Research Inst. | Seamless handoff for a wireless lan/wired lan internetworking |
JPH1196128A (en) | 1997-09-22 | 1999-04-09 | Fujitsu Ltd | Device and method for adjusting network service server load and recording medium |
US5935207A (en) | 1996-06-03 | 1999-08-10 | Webtv Networks, Inc. | Method and apparatus for providing remote site administrators with user hits on mirrored web sites |
US5958053A (en) * | 1997-01-30 | 1999-09-28 | At&T Corp. | Communications protocol with improved security |
US5995981A (en) | 1997-06-16 | 1999-11-30 | Telefonaktiebolaget Lm Ericsson | Initialization of replicated data objects |
JPH11338836A (en) | 1998-05-25 | 1999-12-10 | Nippon Telegr & Teleph Corp <Ntt> | Load distribution system for computer network |
US6003069A (en) | 1997-12-16 | 1999-12-14 | Lexmark International, Inc. | Client/server printer driver system |
US6047268A (en) * | 1997-11-04 | 2000-04-04 | A.T.&T. Corporation | Method and apparatus for billing for transactions conducted over the internet |
US6075783A (en) | 1997-03-06 | 2000-06-13 | Bell Atlantic Network Services, Inc. | Internet phone to PSTN cellular/PCS system |
JP2000276432A (en) | 1999-03-24 | 2000-10-06 | Nec Corp | Dynamic load distribution system for transaction message |
US6131163A (en) | 1998-02-17 | 2000-10-10 | Cisco Technology, Inc. | Network gateway mechanism having a protocol stack proxy |
JP2000307634A (en) | 1999-04-15 | 2000-11-02 | Kdd Corp | Congestion control method by repeating station of packet exchanging network |
WO2001013228A2 (en) | 1999-08-13 | 2001-02-22 | Sun Microsystems, Inc. | Graceful distribution in application server load balancing |
JP2001051859A (en) | 1999-08-11 | 2001-02-23 | Hitachi Ltd | Load information communication method |
WO2001014990A1 (en) | 1999-08-21 | 2001-03-01 | Webever, Inc. | Method for content delivery over the internet |
TW425821B (en) | 1999-05-31 | 2001-03-11 | Ind Tech Res Inst | Key management method |
US6219706B1 (en) | 1998-10-16 | 2001-04-17 | Cisco Technology, Inc. | Access control for networks |
WO2001045349A2 (en) | 1999-12-16 | 2001-06-21 | Speedera Networks, Inc. | Scalable domain name system with persistence and load balancing |
TW444478B (en) | 1998-12-10 | 2001-07-01 | Ind Tech Res Inst | Ethernet switch IC with shared memory structure and its network |
JP2001298449A (en) | 2000-04-12 | 2001-10-26 | Matsushita Electric Ind Co Ltd | Security communication method, communication system and its unit |
US20010042200A1 (en) * | 2000-05-12 | 2001-11-15 | International Business Machines | Methods and systems for defeating TCP SYN flooding attacks |
US6321338B1 (en) * | 1998-11-09 | 2001-11-20 | Sri International | Network surveillance |
US20010049741A1 (en) | 1999-06-18 | 2001-12-06 | Bryan D. Skene | Method and system for balancing load distribution on a wide area network |
US20020026515A1 (en) | 2000-08-29 | 2002-02-28 | Alcatel | Data network |
US20020032777A1 (en) | 2000-09-11 | 2002-03-14 | Yoko Kawata | Load sharing apparatus and a load estimation method |
US20020032799A1 (en) | 2000-05-02 | 2002-03-14 | Globalstar L.P. | Deferring DNS service for a satellite ISP system using non-geosynchronous orbit satellites |
US6374300B2 (en) | 1999-07-15 | 2002-04-16 | F5 Networks, Inc. | Method and system for storing load balancing information with an HTTP cookie |
EP1209876A2 (en) | 2000-11-21 | 2002-05-29 | Avaya Communication Israel Ltd. | Dynamic load balancer |
US20020078164A1 (en) | 2000-12-13 | 2002-06-20 | Marnetics Ltd. | System and method for data transfer acceleration in a TCP network environment |
US20020091844A1 (en) | 1997-10-14 | 2002-07-11 | Alacritech, Inc. | Network interface device that fast-path processes solicited session layer read commands |
US20020103916A1 (en) * | 2000-09-07 | 2002-08-01 | Benjie Chen | Thwarting connection-based denial of service attacks |
US20020133491A1 (en) | 2000-10-26 | 2002-09-19 | Prismedia Networks, Inc. | Method and system for managing distributed content and related metadata |
US6456617B1 (en) | 1997-08-12 | 2002-09-24 | Kokusai Denshin Denwa Co., Ltd. | Routing control communication system between circuit switched network and internet |
US20020138618A1 (en) | 2000-03-21 | 2002-09-26 | F5 Networks, Inc. | Simplified method for processing multiple connections from the same client |
US6459682B1 (en) | 1998-04-07 | 2002-10-01 | International Business Machines Corporation | Architecture for supporting service level agreements in an IP network |
CN1372662A (en) | 1999-07-09 | 2002-10-02 | 卡纳尔股份有限公司 | Running and testing applications |
US20020141386A1 (en) | 2001-03-29 | 2002-10-03 | Minert Brian D. | System, apparatus and method for voice over internet protocol telephone calling using enhanced signaling packets and localized time slot interchanging |
US20020143991A1 (en) | 2001-03-16 | 2002-10-03 | Kingsum Chow | Geographic location determination including inspection of network address |
US6483600B1 (en) | 1999-02-26 | 2002-11-19 | 3Com Corporation | System and method for communicating real-time facsimiles over data networks |
US20020178259A1 (en) | 2001-05-23 | 2002-11-28 | International Business Machines Corporation | Load balancing content requests using dynamic document generation cost information |
US20020188678A1 (en) | 2001-06-05 | 2002-12-12 | Edecker Ada Mae | Networked computer system for communicating and operating in a virtual reality environment |
US20020191575A1 (en) | 2001-06-18 | 2002-12-19 | Broadwave, Inc. | Method and apparatus for converging local area and wide area wireless data networks |
US20020194335A1 (en) | 2001-06-19 | 2002-12-19 | Maynard William Pat | Method and apparatus for load balancing |
US20020194350A1 (en) | 2001-06-18 | 2002-12-19 | Lu Leonard L. | Content-aware web switch without delayed binding and methods thereof |
US20030009591A1 (en) | 2001-06-25 | 2003-01-09 | Clive Hayball | Apparatus and method for managing internet resource requests |
US20030014544A1 (en) | 2001-02-15 | 2003-01-16 | Banderacom | Infiniband TM work queue to TCP/IP translation |
US20030023711A1 (en) | 2001-07-30 | 2003-01-30 | Parmar Pankaj N. | Identifying network management policies |
US20030023873A1 (en) | 2001-03-16 | 2003-01-30 | Yuval Ben-Itzhak | Application-layer security method and system |
US20030035420A1 (en) | 2000-08-18 | 2003-02-20 | Zhisheng Niu | TCP aware local retransmissioner scheme for unreliable transmission network |
US20030035409A1 (en) | 2001-08-20 | 2003-02-20 | Wang Jiwei R. | Method and apparatus for providing service selection, redirection and managing of subscriber access to multiple WAP (Wireless Application Protecol) geteways simultaneously |
US20030061506A1 (en) | 2001-04-05 | 2003-03-27 | Geoffrey Cooper | System and method for security policy |
US20030091028A1 (en) | 1997-07-25 | 2003-05-15 | Chang Gordon K. | Apparatus and method for integrated voice gateway |
JP2003141068A (en) | 2001-11-02 | 2003-05-16 | Canon Software Inc | Session management device, and session management method, program and storage medium |
US6578066B1 (en) | 1999-09-17 | 2003-06-10 | Alteon Websystems | Distributed load-balancing internet servers |
US6587866B1 (en) | 2000-01-10 | 2003-07-01 | Sun Microsystems, Inc. | Method for distributing packets to server nodes using network client affinity and packet distribution table |
JP2003186776A (en) | 2001-12-13 | 2003-07-04 | Hitachi Ltd | Congestion control system |
US20030131245A1 (en) | 2002-01-04 | 2003-07-10 | Michael Linderman | Communication security system |
US20030135625A1 (en) * | 2002-01-15 | 2003-07-17 | International Business Machines Corporation | Blended SYN cookies |
US6600738B1 (en) | 1999-10-02 | 2003-07-29 | Ericsson, Inc. | Routing in an IP network based on codec availability and subscriber preference |
CN1449618A (en) | 2000-09-04 | 2003-10-15 | 国际商业机器公司 | System communication between computer systems |
US20030195962A1 (en) | 2002-04-10 | 2003-10-16 | Satoshi Kikuchi | Load balancing of servers |
WO2003103237A1 (en) | 2002-06-04 | 2003-12-11 | Cosine Communications, Inc. | System and method for controlling routing in a virtual router system |
US20040010545A1 (en) | 2002-06-11 | 2004-01-15 | Pandya Ashish A. | Data processing system using internet protocols and RDMA |
CN1473300A (en) | 2000-09-29 | 2004-02-04 | Intelligent networks storage interface system and devices | |
US20040062246A1 (en) | 1997-10-14 | 2004-04-01 | Alacritech, Inc. | High performance network interface |
US20040073703A1 (en) | 1997-10-14 | 2004-04-15 | Alacritech, Inc. | Fast-path apparatus for receiving data corresponding a TCP connection |
US20040078419A1 (en) | 2001-11-02 | 2004-04-22 | Stephen Ferrari | Switching system |
US20040078480A1 (en) | 1997-10-14 | 2004-04-22 | Boucher Laurence B. | Parsing a packet header |
US20040103315A1 (en) | 2001-06-07 | 2004-05-27 | Geoffrey Cooper | Assessment tool |
US6748414B1 (en) | 1999-11-15 | 2004-06-08 | International Business Machines Corporation | Method and apparatus for the load balancing of non-identical servers in a network environment |
US20040111516A1 (en) | 2002-12-06 | 2004-06-10 | Stuart Cain | Reduced wireless internet connect time |
US20040128312A1 (en) | 2002-12-31 | 2004-07-01 | International Business Machines Corporation | System and method for invoking methods on place objects in a distributed environment |
US20040139108A1 (en) | 2002-12-31 | 2004-07-15 | International Business Machines Corporation | System and method for aggregating user project information in a multi-server system |
US20040139057A1 (en) | 2002-12-31 | 2004-07-15 | International Business Machines Corporation | System and method for searching a plurality of databases distributed across a multi server domain |
US20040141005A1 (en) | 2003-01-22 | 2004-07-22 | International Business Machines Corporation | System and method for integrating online meeting materials in a place |
US20040143599A1 (en) | 2003-01-22 | 2004-07-22 | International Business Machines Corporation | System and method for command line administration of project spaces using XML objects |
US6772205B1 (en) | 1999-03-12 | 2004-08-03 | Nortel Networks Limited | Executing applications on a target network device using a proxy network device |
US6772334B1 (en) * | 2000-08-31 | 2004-08-03 | Networks Associates, Inc. | System and method for preventing a spoofed denial of service attack in a networked computing environment |
US6779017B1 (en) | 1999-04-29 | 2004-08-17 | International Business Machines Corporation | Method and system for dispatching client sessions within a cluster of servers connected to the world wide web |
US6779033B1 (en) * | 2000-12-28 | 2004-08-17 | Networks Associates Technology, Inc. | System and method for transacting a validated application session in a networked computing environment |
CN1529460A (en) | 2003-10-14 | 2004-09-15 | 北京邮电大学 | Whole load equalizing method based on global network positioning |
US20040187032A1 (en) | 2001-08-07 | 2004-09-23 | Christoph Gels | Method, data carrier, computer system and computer progamme for the identification and defence of attacks in server of network service providers and operators |
WO2004084085A1 (en) | 2003-03-18 | 2004-09-30 | Fujitsu Limited | Load distributing system by intersite cooperation |
US20040199616A1 (en) | 2002-12-30 | 2004-10-07 | Mika Karhu | Automatic and dynamic service information delivery from service providers to data terminals in an access point network |
US20040199646A1 (en) | 2000-02-18 | 2004-10-07 | Netscaler, Inc. | Apparatus, method and computer program product for guaranteed content delivery incorporating putting a client on-hold based on response time |
US6804224B1 (en) | 2000-02-29 | 2004-10-12 | 3Com Corporation | System and method for providing telephone service having private branch exchange features in a voice-over-data network telephony system |
US20040202182A1 (en) | 2003-02-12 | 2004-10-14 | Martin Lund | Method and system to provide blade server load balancing using spare link bandwidth |
US20040210663A1 (en) | 2003-04-15 | 2004-10-21 | Paul Phillips | Object-aware transport-layer network processing engine |
US20040210623A1 (en) | 2003-03-06 | 2004-10-21 | Aamer Hydrie | Virtual network topology generation |
US20040213158A1 (en) | 2001-06-07 | 2004-10-28 | Paul Collett | Real time processing |
US20040250059A1 (en) | 2003-04-15 | 2004-12-09 | Brian Ramelson | Secure network processing |
US20040268358A1 (en) | 2003-06-30 | 2004-12-30 | Microsoft Corporation | Network load balancing with host status information |
US20050005207A1 (en) | 2001-09-28 | 2005-01-06 | Thierry Herneque | Method of improving the performance of a transmission protocol using a retransmission timer |
US20050009520A1 (en) | 2001-07-03 | 2005-01-13 | Herrero Antonio Juan Sanchez | Method and system for handling multiple registration |
US20050021848A1 (en) | 2000-10-13 | 2005-01-27 | Jorgenson Daniel Scott | System and method for distributing load among redundant independent stateful World Wide Web server sites |
CN1575582A (en) | 2001-09-28 | 2005-02-02 | 塞维斯通讯公司 | Configurable adaptive global traffic control and management |
US20050027862A1 (en) | 2003-07-18 | 2005-02-03 | Nguyen Tien Le | System and methods of cooperatively load-balancing clustered servers |
US20050036511A1 (en) | 2003-08-14 | 2005-02-17 | International Business Machines Corp. | Method, system and article for improved TCP performance during packet reordering |
US20050036501A1 (en) | 2003-08-11 | 2005-02-17 | Samsung Electronics Co., Ltd. | Domain name service system and method thereof |
US20050039033A1 (en) | 2003-07-25 | 2005-02-17 | Activeviews, Inc. | Method and system for building a report for execution against a data store |
US20050044270A1 (en) | 2000-02-07 | 2005-02-24 | Grove Adam J. | Method for high-performance delivery of web content |
US20050074013A1 (en) | 1998-02-02 | 2005-04-07 | Hershey Paul C. | System and associated method for the synchronization and control of multiplexed payloads over a telecommunications network |
US20050080890A1 (en) | 2003-10-14 | 2005-04-14 | Yang Sun Hee | Server load balancing apparatus and method using MPLS session |
US20050102400A1 (en) | 2003-11-06 | 2005-05-12 | Masahiko Nakahara | Load balancing system |
US20050125276A1 (en) | 2003-12-05 | 2005-06-09 | Grigore Rusu | System and method for event tracking across plural contact mediums |
US20050163073A1 (en) | 2002-06-10 | 2005-07-28 | Ipr Licensing, Inc | Applying session services based on packet flows |
US20050198335A1 (en) | 2001-02-06 | 2005-09-08 | Microsoft Corporation | Distributed load balancing for single entry-point systems |
US20050213586A1 (en) | 2004-02-05 | 2005-09-29 | David Cyganski | System and method to increase network throughput |
US6952728B1 (en) | 1999-12-01 | 2005-10-04 | Nortel Networks Limited | Providing desired service policies to subscribers accessing internet |
US20050240989A1 (en) * | 2004-04-23 | 2005-10-27 | Seoul National University Industry Foundation | Method of sharing state between stateful inspection firewalls on mep network |
US20050249225A1 (en) | 2004-05-10 | 2005-11-10 | Singhal Tara C | Method and apparatus for packet source validation architecture system for enhanced Internet security |
US20050259586A1 (en) | 2004-05-19 | 2005-11-24 | Abdelhakim Hafid | Dynamic traffic rearrangement and restoration for MPLS networks with differentiated services capabilities |
US20050281190A1 (en) | 2004-06-17 | 2005-12-22 | Mcgee Michael S | Automated recovery from a split segment condition in a layer2 network for teamed network resources of a computer systerm |
CN1714545A (en) | 2002-01-24 | 2005-12-28 | 艾维西系统公司 | System and method for fault tolerant data communication |
CN1725702A (en) | 2004-07-20 | 2006-01-25 | 联想网御科技(北京)有限公司 | Network safety equipment and assemblied system and method for implementing high availability |
US20060023721A1 (en) * | 2004-07-29 | 2006-02-02 | Ntt Docomo, Inc. | Server device, method for controlling a server device, and method for establishing a connection using the server device |
US20060036610A1 (en) | 2004-08-13 | 2006-02-16 | Reallusion Inc. | File conversion and sharing system and the method of the same |
US20060036733A1 (en) | 2004-07-09 | 2006-02-16 | Toshiba America Research, Inc. | Dynamic host configuration and network access authentication |
US20060041745A1 (en) | 2002-06-19 | 2006-02-23 | Marratech Ab | Apparatus and method for conveying private information within a group communication system |
US7010605B1 (en) | 2000-08-29 | 2006-03-07 | Microsoft Corporation | Method and apparatus for encoding and storing session data |
US7013482B1 (en) | 2000-07-07 | 2006-03-14 | 802 Systems Llc | Methods for packet filtering including packet invalidation if packet validity determination not timely made |
US20060064478A1 (en) | 2004-05-03 | 2006-03-23 | Level 3 Communications, Inc. | Geo-locating load balancing |
US20060069774A1 (en) | 2004-06-17 | 2006-03-30 | International Business Machine Corporation | Method and apparatus for managing data center using Web services |
US20060069804A1 (en) * | 2004-08-25 | 2006-03-30 | Ntt Docomo, Inc. | Server device, client device, and process execution method |
US20060077926A1 (en) | 2004-10-08 | 2006-04-13 | Telefonaktiebolaget Lm Ericsson (Publ) | Home network-assisted selection of intermediary network for a roaming mobile terminal |
US20060092950A1 (en) | 2004-10-28 | 2006-05-04 | Cisco Technology, Inc. | Architecture and method having redundancy in active/active stateful devices based on symmetric global load balancing protocol (sGLBP) |
US20060098645A1 (en) | 2004-11-09 | 2006-05-11 | Lev Walkin | System and method for providing client identifying information to a server |
US20060112170A1 (en) | 2004-05-03 | 2006-05-25 | Craig Sirkin | Geo-locating load balancing |
US7069438B2 (en) * | 2002-08-19 | 2006-06-27 | Sowl Associates, Inc. | Establishing authenticated network connections |
US7076555B1 (en) | 2002-01-23 | 2006-07-11 | Novell, Inc. | System and method for transparent takeover of TCP connections between servers |
US20060164978A1 (en) | 2005-01-21 | 2006-07-27 | At&T Corp. | Methods, systems, and devices for determining COS level |
US20060168319A1 (en) | 2004-11-18 | 2006-07-27 | Nokia Corporation | Systems and methods for multipoint service invocation |
US20060190997A1 (en) | 2005-02-22 | 2006-08-24 | Mahajani Amol V | Method and system for transparent in-line protection of an electronic communications network |
US20060187901A1 (en) | 2005-02-23 | 2006-08-24 | Lucent Technologies Inc. | Concurrent dual-state proxy server, method of providing a proxy and SIP network employing the same |
US20060209789A1 (en) | 2005-03-04 | 2006-09-21 | Sun Microsystems, Inc. | Method and apparatus for reducing bandwidth usage in secure transactions |
WO2006098033A1 (en) | 2005-03-17 | 2006-09-21 | Fujitsu Limited | Load-distributing communication device and load-distribution managing device |
US20060230129A1 (en) * | 2005-02-04 | 2006-10-12 | Nokia Corporation | Apparatus, method and computer program product to reduce TCP flooding attacks while conserving wireless network bandwidth |
US20060233100A1 (en) | 2005-04-13 | 2006-10-19 | Luft Siegfried J | Application aware traffic shaping service node positioned between the access and core networks |
US20060251057A1 (en) | 2005-05-06 | 2006-11-09 | Sung-Bok Kwon | Name service system and method thereof |
US7143087B2 (en) | 2002-02-01 | 2006-11-28 | John Fairweather | System and method for creating a distributed network architecture |
US20060277303A1 (en) | 2005-06-06 | 2006-12-07 | Nikhil Hegde | Method to improve response time when clients use network services |
JP2006332825A (en) | 2005-05-24 | 2006-12-07 | Fujitsu Ltd | Program, method, and device for dispersing load |
US20060280121A1 (en) * | 2005-06-13 | 2006-12-14 | Fujitsu Limited | Frame-transfer control device, DoS-attack preventing device, and DoS-attack preventing system |
US7167927B2 (en) | 1997-10-14 | 2007-01-23 | Alacritech, Inc. | TCP/IP offload device with fast-path TCP ACK generating and transmitting mechanism |
US20070019543A1 (en) * | 2005-07-06 | 2007-01-25 | Fortinet, Inc. | Systems and methods for detecting and preventing flooding attacks in a network environment |
US20070022479A1 (en) | 2005-07-21 | 2007-01-25 | Somsubhra Sikdar | Network interface and firewall device |
CN1910869A (en) | 2003-12-05 | 2007-02-07 | 艾拉克瑞技术公司 | TCP/IP offload device with reduced sequential processing |
US7181524B1 (en) | 2003-06-13 | 2007-02-20 | Veritas Operating Corporation | Method and apparatus for balancing a load among a plurality of servers in a computer system |
EP1770915A1 (en) | 2005-09-29 | 2007-04-04 | Matsushita Electric Industrial Co., Ltd. | Policy control in the evolved system architecture |
US20070076653A1 (en) | 2005-09-19 | 2007-04-05 | Park Vincent D | Packet routing in a wireless communications environment |
US20070086382A1 (en) | 2005-10-17 | 2007-04-19 | Vidya Narayanan | Methods of network access configuration in an IP network |
US20070094396A1 (en) | 2005-10-20 | 2007-04-26 | Hitachi, Ltd. | Server pool management method |
US7218722B1 (en) | 2000-12-18 | 2007-05-15 | Westell Technologies, Inc. | System and method for providing call management services in a virtual private network using voice or video over internet protocol |
US20070118881A1 (en) | 2005-11-18 | 2007-05-24 | Julian Mitchell | Application control at a policy server |
US20070124502A1 (en) | 2005-11-28 | 2007-05-31 | Huawei Technologies Co., Ltd. | Script language based network device configuration management system and method |
US7228359B1 (en) | 2002-02-12 | 2007-06-05 | Cisco Technology, Inc. | Methods and apparatus for providing domain name service based on a client identifier |
US7234161B1 (en) | 2002-12-31 | 2007-06-19 | Nvidia Corporation | Method and apparatus for deflecting flooding attacks |
US7236457B2 (en) | 2002-10-04 | 2007-06-26 | Intel Corporation | Load balancing in a network |
US20070156919A1 (en) | 2005-06-21 | 2007-07-05 | Sunil Potti | Enforcing network service level agreements in a network element |
US20070165622A1 (en) | 2006-01-17 | 2007-07-19 | Cisco Technology, Inc. | Techniques for load balancing over a cluster of subscriber-aware application servers |
CN101004740A (en) | 2006-01-18 | 2007-07-25 | 腾讯科技(深圳)有限公司 | Method and system for reading information at network resource site, and searching engine |
US20070180119A1 (en) | 2006-01-31 | 2007-08-02 | Roundbox, Inc. | Reliable event broadcaster with multiplexing and bandwidth control functions |
US7254133B2 (en) * | 2002-07-15 | 2007-08-07 | Intel Corporation | Prevention of denial of service attacks |
US20070185998A1 (en) | 2006-02-06 | 2007-08-09 | Cisco Technology, Inc. | Supporting options in a communication session using a TCP cookie |
US20070195792A1 (en) * | 2006-02-21 | 2007-08-23 | A10 Networks Inc. | System and method for an adaptive TCP SYN cookie with time validation |
US7269850B2 (en) | 2002-12-31 | 2007-09-11 | Intel Corporation | Systems and methods for detecting and tracing denial of service attacks |
US7277963B2 (en) | 2002-06-26 | 2007-10-02 | Sandvine Incorporated | TCP proxy providing application layer modifications |
US20070230337A1 (en) | 2006-03-30 | 2007-10-04 | Ntt Docomo, Inc. | Communication terminal and retransmission control method |
US20070243879A1 (en) | 2006-04-14 | 2007-10-18 | Park Vincent D | Methods and apparatus for supporting quality of service in communication systems |
US20070245090A1 (en) | 2006-03-24 | 2007-10-18 | Chris King | Methods and Systems for Caching Content at Multiple Levels |
US20070242738A1 (en) | 2006-04-14 | 2007-10-18 | Park Vincent D | Providing quality of service for various traffic flows in a communications environment |
US20070248009A1 (en) | 2006-04-24 | 2007-10-25 | Petersen Brian A | Distributed congestion avoidance in a network switching system |
US20070259673A1 (en) | 2006-05-04 | 2007-11-08 | Telefonaktiebolaget Lm Ericsson (Publ) | Inactivity monitoring for different traffic or service classifications |
US7301899B2 (en) * | 2001-01-31 | 2007-11-27 | Comverse Ltd. | Prevention of bandwidth congestion in a denial of service or other internet-based attack |
US20070283429A1 (en) | 2006-05-30 | 2007-12-06 | A10 Networks Inc. | Sequence number based TCP session proxy |
US7308499B2 (en) | 2003-04-30 | 2007-12-11 | Avaya Technology Corp. | Dynamic load balancing for enterprise IP traffic |
US20070288247A1 (en) | 2006-06-11 | 2007-12-13 | Michael Mackay | Digital life server |
US20070286077A1 (en) | 2006-06-07 | 2007-12-13 | Nokia Corporation | Communication system |
US7310686B2 (en) | 2002-10-27 | 2007-12-18 | Paxfire, Inc. | Apparatus and method for transparent selection of an Internet server based on geographic location of a user |
US20070294209A1 (en) | 2006-06-20 | 2007-12-20 | Lyle Strub | Communication network application activity monitoring and control |
CN101094225A (en) | 2006-11-24 | 2007-12-26 | 中兴通讯股份有限公司 | Network, system and method of differentiated security service |
US20080016161A1 (en) | 2006-07-14 | 2008-01-17 | George Tsirtsis | Methods and apparatus for using electronic envelopes to configure parameters |
US7328267B1 (en) | 2002-01-18 | 2008-02-05 | Cisco Technology, Inc. | TCP proxy connection management in a gigabit environment |
EP1885096A1 (en) | 2006-08-01 | 2008-02-06 | Alcatel Lucent | Application session border element |
US20080031263A1 (en) | 2006-08-07 | 2008-02-07 | Cisco Technology, Inc. | Method and apparatus for load balancing over virtual network links |
US7334232B2 (en) | 1998-11-05 | 2008-02-19 | Bea Systems, Inc. | Clustered enterprise Java™ in a secure distributed processing system |
JP2008040718A (en) | 2006-08-04 | 2008-02-21 | Nippon Telegr & Teleph Corp <Ntt> | Load distribution control device and method |
US7337241B2 (en) | 2002-09-27 | 2008-02-26 | Alacritech, Inc. | Fast-path apparatus for receiving data corresponding to a TCP connection |
US7349970B2 (en) | 2001-03-29 | 2008-03-25 | International Business Machines Corporation | Workload management of stateful program entities |
US20080076432A1 (en) | 2004-06-04 | 2008-03-27 | Nimal Senarath | Method and System for Soft Handoff in Mobile Broadband Systems |
CN101163336A (en) | 2007-11-15 | 2008-04-16 | 中兴通讯股份有限公司 | Method of implementing mobile phone terminal access authority authentication |
CN101169785A (en) | 2007-11-21 | 2008-04-30 | 浪潮电子信息产业股份有限公司 | Clustered database system dynamic loading balancing method |
US20080101396A1 (en) | 2006-10-31 | 2008-05-01 | Hiroaki Miyata | Packet forwarding apparatus having gateway load distribution function |
US7370353B2 (en) * | 2001-11-05 | 2008-05-06 | Cisco Technology, Inc. | System and method for managing dynamic network sessions |
US20080109452A1 (en) | 2002-02-15 | 2008-05-08 | Cognos Incorporated | Queuing model for a plurality of servers |
US20080109870A1 (en) | 2006-11-08 | 2008-05-08 | Kieran Gerard Sherlock | Identities Correlation Infrastructure for Passive Network Monitoring |
WO2008053954A1 (en) | 2006-11-01 | 2008-05-08 | Panasonic Corporation | Communication control method, communication system, home agent allocation server, and mobile node |
KR100830413B1 (en) | 2006-05-25 | 2008-05-20 | (주)씨디네트웍스 | Server connection system and load balancing network system |
US20080120129A1 (en) | 2006-05-13 | 2008-05-22 | Michael Seubert | Consistent set of interfaces derived from a business object model |
CN101189598A (en) | 2005-03-09 | 2008-05-28 | 泰克迪亚科技公司 | Method, apparatus and system for a location-based uniform resource locator |
CN101193089A (en) | 2006-11-20 | 2008-06-04 | 阿里巴巴公司 | Stateful session system and its realization method |
US20080134332A1 (en) | 2006-12-04 | 2008-06-05 | Susann Marie Keohane | Method and apparatus for reduced redundant security screening |
US7391725B2 (en) * | 2004-05-18 | 2008-06-24 | Christian Huitema | System and method for defeating SYN attacks |
US20080162679A1 (en) | 2006-12-29 | 2008-07-03 | Ebay Inc. | Alerting as to denial of service attacks |
WO2008078593A1 (en) | 2006-12-22 | 2008-07-03 | International Business Machines Corporation | Message hub, program, and method |
CN101247349A (en) | 2008-03-13 | 2008-08-20 | 华耀环宇科技(北京)有限公司 | Network flux fast distribution method |
US7423977B1 (en) | 2004-08-23 | 2008-09-09 | Foundry Networks Inc. | Smoothing algorithm for round trip time (RTT) measurements |
CN101261644A (en) | 2008-04-30 | 2008-09-10 | 杭州华三通信技术有限公司 | Method and device for accessing united resource positioning symbol database |
US20080225722A1 (en) | 2007-03-12 | 2008-09-18 | Prakash Khemani | Systems and methods for configuring policy bank invocations |
US7430755B1 (en) * | 2002-09-03 | 2008-09-30 | Fs Networks, Inc. | Method and system for providing persistence in a secure network access |
US20080250099A1 (en) | 2007-04-06 | 2008-10-09 | Jinmei Shen | On-Demand Propagation of Routing Information in Distributed Computing System |
US20080253390A1 (en) | 2007-04-16 | 2008-10-16 | Kamala Prasad Das | Method and apparatus for priority services management |
US20080263209A1 (en) | 2007-04-20 | 2008-10-23 | Array Networks, Inc. | Active-active operation for a cluster of SSL virtual private network (VPN) devices with load distribution |
US20080271130A1 (en) | 2007-04-30 | 2008-10-30 | Shankar Ramamoorthy | Minimizing client-side inconsistencies in a distributed virtual file system |
US20080282254A1 (en) | 2007-05-09 | 2008-11-13 | Radware, Ltd. | Geographic Resiliency and Load Balancing for SIP Application Services |
US20080291911A1 (en) | 2007-05-21 | 2008-11-27 | Ist International, Inc. | Method and apparatus for setting a TCP retransmission timer |
US20080298303A1 (en) | 2007-01-22 | 2008-12-04 | Qualcomm Incorporated | Multi-link support for network based mobility management systems |
US7463648B1 (en) | 1999-08-23 | 2008-12-09 | Sun Microsystems, Inc. | Approach for allocating resources to an apparatus based on optional resource requirements |
US7467202B2 (en) | 2003-09-10 | 2008-12-16 | Fidelis Security Systems | High-performance network content analysis platform |
US7472190B2 (en) | 2003-10-17 | 2008-12-30 | International Business Machines Corporation | Method, system and program product for preserving a user state in an application |
JP2009500731A (en) | 2005-06-29 | 2009-01-08 | ビザ ユー.エス.エー. インコーポレイテッド | Gateway adapted to switch transactions and data using context-based rules over unreliable networks |
US20090024722A1 (en) | 2007-07-17 | 2009-01-22 | International Business Machines Corporation | Proxying availability indications in a failover configuration |
US20090031415A1 (en) | 2007-07-26 | 2009-01-29 | International Business Machines Corporation | Dynamic Network Tunnel Endpoint Selection |
US7492766B2 (en) | 2006-02-22 | 2009-02-17 | Juniper Networks, Inc. | Dynamic building of VLAN interfaces based on subscriber information strings |
US20090049198A1 (en) | 2007-08-14 | 2009-02-19 | Microsoft Corporation | Validating change of name server |
US20090070470A1 (en) | 2005-08-03 | 2009-03-12 | International Business Machines Corporation | Priority Based LDAP Service Publication Mechanism |
US7506360B1 (en) * | 2002-10-01 | 2009-03-17 | Mirage Networks, Inc. | Tracking communication for determining device states |
US20090077651A1 (en) | 2001-07-13 | 2009-03-19 | Yuri Poeluev | Method and apparatus for resolving a web site address when connected with a virtual private network (vpn) |
US7509369B1 (en) | 2001-07-11 | 2009-03-24 | Swsoft Holdings, Ltd. | Balancing shared servers in virtual environments |
US7512980B2 (en) * | 2001-11-30 | 2009-03-31 | Lancope, Inc. | Packet sampling flow-based detection of network intrusions |
US20090092124A1 (en) | 2007-10-03 | 2009-04-09 | Microsoft Corporation | Network routing of endpoints to content based on content swarms |
US20090106830A1 (en) | 2005-06-03 | 2009-04-23 | Thomas Maher | Secure Network Communication System and Method |
US7533409B2 (en) | 2001-03-22 | 2009-05-12 | Corente, Inc. | Methods and systems for firewalling virtual private networks |
CN101442425A (en) | 2007-11-22 | 2009-05-27 | 华为技术有限公司 | Gateway management method, address distribution method and apparatus, system |
US20090138606A1 (en) | 2002-10-08 | 2009-05-28 | Brian Moran | Transferring sessions between devices |
US20090141634A1 (en) | 2007-12-04 | 2009-06-04 | Jesse Abraham Rothstein | Adaptive Network Traffic Classification Using Historical Context |
US7552323B2 (en) * | 2002-11-18 | 2009-06-23 | Liquidware Labs, Inc. | System, apparatuses, methods, and computer-readable media using identification data in packet communications |
US20090164614A1 (en) | 2007-12-20 | 2009-06-25 | Christian Michael F | Dns wildcard beaconing to determine client location and resolver load for global traffic load balancing |
US20090172093A1 (en) | 2007-12-26 | 2009-07-02 | International Business Machines Corporation | Technique For Previously Providing Estimate of Time Required For Processing |
CN101495993A (en) | 2006-08-08 | 2009-07-29 | 瑞科网信科技有限公司 | System and method for distributed multi-processing security gateway |
US20090213858A1 (en) | 2008-02-27 | 2009-08-27 | Alcatel Lucent | Application-aware MPLS tunnel selection |
US7584301B1 (en) | 2004-05-06 | 2009-09-01 | Foundry Networks, Inc. | Host-level policies for global server load balancing |
US7584262B1 (en) | 2002-02-11 | 2009-09-01 | Extreme Networks | Method of and system for allocating resources to resource requests based on application of persistence policies |
US20090222583A1 (en) | 2008-03-03 | 2009-09-03 | Microsoft Corporation | Client-side load balancing |
US20090228547A1 (en) | 2008-03-04 | 2009-09-10 | Kddi Corporation | Server apparatus and communication system |
US20090227228A1 (en) | 2008-03-07 | 2009-09-10 | Hu Q James | Enhanced policy capabilities for mobile data services |
US7590736B2 (en) | 2003-06-30 | 2009-09-15 | Microsoft Corporation | Flexible network load balancing |
US20090262741A1 (en) | 2000-06-23 | 2009-10-22 | Jungck Peder J | Transparent Provisioning of Services Over a Network |
US20090271472A1 (en) | 2008-04-28 | 2009-10-29 | Scheifler Robert W | System and Method for Programmatic Management of Distributed Computing Resources |
US7613822B2 (en) | 2003-06-30 | 2009-11-03 | Microsoft Corporation | Network load balancing with session information |
US20090285196A1 (en) | 2008-05-15 | 2009-11-19 | Cellco Partnership D/B/A Verizon Wireless | Scheduling with quality of service support in wireless system |
US20090313379A1 (en) | 2006-07-03 | 2009-12-17 | Telefonaktiebolaget L M Ericsson (Publ) | Topology Hiding Of Mobile Agents |
US20100008229A1 (en) | 2008-07-11 | 2010-01-14 | Qi Bi | Method and system for joint reverse link access and traffic channel radio frequency overload control |
US20100023621A1 (en) | 2008-07-24 | 2010-01-28 | Netapp, Inc. | Load-derived probability-based domain name service in a network storage cluster |
US20100036952A1 (en) | 2008-08-11 | 2010-02-11 | International Business Machines Corporation | Load balancing using replication delay |
US20100042869A1 (en) | 2008-08-18 | 2010-02-18 | F5 Networks, Inc. | Upgrading network traffic management devices while maintaining availability |
US20100054139A1 (en) | 2005-03-29 | 2010-03-04 | Lg Electronics Inc. | Method and apparatus of controlling transmission of data block |
US20100064008A1 (en) | 2007-03-13 | 2010-03-11 | Huawei Technologies Co., Ltd. | Peer-to-peer network system, proxy service peer, and method for peer interworking between overlay networks |
CN101682532A (en) | 2007-01-26 | 2010-03-24 | 蔚蓝公司 | Multiple network access system and method |
US20100082787A1 (en) | 2000-09-26 | 2010-04-01 | Foundry Networks, Inc. | Global server load balancing |
US20100083076A1 (en) | 2008-09-26 | 2010-04-01 | Brother Kogyo Kabushiki Kaisha | Terminal device, time adjusting method of terminal device and communication system |
US20100094985A1 (en) | 2008-10-14 | 2010-04-15 | Mamoun Abu-Samaha | Http push to simulate server-initiated sessions |
US7703102B1 (en) | 1999-08-23 | 2010-04-20 | Oracle America, Inc. | Approach for allocating resources to an apparatus based on preemptable resource requirements |
US20100098417A1 (en) | 2002-11-18 | 2010-04-22 | Tse-Au Elizabeth Suet H | Router having dual propagation paths for packets |
US7707295B1 (en) | 2002-05-03 | 2010-04-27 | Foundry Networks, Inc. | Connection rate limiting |
US20100106854A1 (en) | 2008-10-29 | 2010-04-29 | Hostway Corporation | System and method for controlling non-existing domain traffic |
US20100106833A1 (en) | 2008-10-23 | 2010-04-29 | International Business Machines Corporation | Dynamic expiration of domain name service entries |
US7711790B1 (en) * | 2000-08-24 | 2010-05-04 | Foundry Networks, Inc. | Securing an accessible computer system |
US20100128606A1 (en) | 2008-11-26 | 2010-05-27 | Patel Rahul G | First-hop domain reliability measurement and load balancing in a computer network |
US7733866B2 (en) * | 2004-04-15 | 2010-06-08 | Qualcomm Incorporated | Packet concatenation in wireless networks |
US20100162378A1 (en) | 2008-12-18 | 2010-06-24 | Thusitha Jayawardena | Methods and apparatus to enhance security in residential networks |
US7747748B2 (en) | 1998-11-17 | 2010-06-29 | Democrasoft, Inc. | Method for connection acceptance control and rapid determination of optimal multi-media content delivery over networks |
US7765328B2 (en) | 2001-07-06 | 2010-07-27 | Juniper Networks, Inc. | Content service aggregation system |
US20100205310A1 (en) | 2009-02-12 | 2010-08-12 | Yaniv Altshuler | System and method for dynamically optimizing tcp window size |
US20100210265A1 (en) | 2009-02-17 | 2010-08-19 | Nokia Corporation | Method and apparatus for providing shared services |
US20100217793A1 (en) | 2009-02-23 | 2010-08-26 | Research In Motion Limited | Method, system and apparatus for connecting a plurality of client machines to a plurality of servers |
US20100217819A1 (en) | 2006-10-17 | 2010-08-26 | A10 Networks, Inc. | System and Method to Associate a Private User Identity with a Public User Identity |
US20100223630A1 (en) | 2007-06-26 | 2010-09-02 | Sap Ag | System and method for switching between stateful and stateless communication modes |
US7792113B1 (en) | 2002-10-21 | 2010-09-07 | Cisco Technology, Inc. | Method and system for policy-based forwarding |
US20100228819A1 (en) | 2009-03-05 | 2010-09-09 | Yottaa Inc | System and method for performance acceleration, data protection, disaster recovery and on-demand scaling of computer applications |
US20100235507A1 (en) | 2002-05-03 | 2010-09-16 | Brocade Communications Systems, Inc. | Connection rate limiting for server load balancing and transparent cache switching |
US20100235880A1 (en) | 2006-10-17 | 2010-09-16 | A10 Networks, Inc. | System and Method to Apply Network Traffic Policy to an Application Session |
US20100235522A1 (en) | 2009-03-11 | 2010-09-16 | Juniper Networks Inc. | Session-cache-based http acceleration |
US20100238828A1 (en) | 2009-03-23 | 2010-09-23 | Corvil Limited | System and method for estimation of round trip times within a tcp based data network |
US7808994B1 (en) | 2006-02-22 | 2010-10-05 | Juniper Networks, Inc. | Forwarding traffic to VLAN interfaces built based on subscriber information strings |
US20100268814A1 (en) | 2008-11-19 | 2010-10-21 | Seachange International, Inc. | Intercept Device for Providing Content |
US20100265824A1 (en) | 2007-11-09 | 2010-10-21 | Blade Network Technologies, Inc | Session-less Load Balancing of Client Traffic Across Servers in a Server Group |
US7826487B1 (en) * | 2005-05-09 | 2010-11-02 | F5 Network, Inc | Coalescing acknowledgement responses to improve network communications |
CN101878663A (en) | 2007-11-29 | 2010-11-03 | 瑞科网信科技有限公司 | System and method for distributed multi-processing security gateway |
US20100312740A1 (en) | 2009-06-09 | 2010-12-09 | Clemm L Alexander | Tracking policy decisions in a network |
US20100318631A1 (en) | 2009-06-12 | 2010-12-16 | Yahoo! Inc. | User Location Dependent DNS Lookup |
US20100322252A1 (en) | 2009-06-22 | 2010-12-23 | Josephine Suganthi | Systems and methods for handling a multi-connection protocol between a client and server traversing a multi-core system |
US20100333101A1 (en) | 2007-11-29 | 2010-12-30 | Solarflare Communications Inc. | Virtualised receive side scaling |
US20100330971A1 (en) | 2009-06-26 | 2010-12-30 | Oracle International Corporation | System and method for providing a production upgrade of components within a multiprotocol gateway |
US20110007652A1 (en) | 2008-05-09 | 2011-01-13 | Huawei Technologies Co., Ltd. | Method and device for path switchover |
US20110023071A1 (en) | 2008-03-28 | 2011-01-27 | Huawei Technologies Co., Ltd. | Method, System, and Apparatus for Creating Content-on-Demand Service |
US7881215B1 (en) | 2004-03-18 | 2011-02-01 | Avaya Inc. | Stateful and stateless data processing |
US20110029599A1 (en) | 2000-07-13 | 2011-02-03 | Infoblox, Inc. | Domain name service server |
US20110032941A1 (en) | 2002-11-08 | 2011-02-10 | Juniper Networks, Inc. | Systems and methods for accelerating tcp/ip data stream processing |
US20110040826A1 (en) | 2009-08-13 | 2011-02-17 | Sap Ag | Transparently stateful execution of stateless applications |
US20110060831A1 (en) | 2008-06-12 | 2011-03-10 | Tomoki Ishii | Network monitoring device, bus system monitoring device, method and program |
EP2296313A1 (en) | 2008-07-16 | 2011-03-16 | Huawei Technologies Co., Ltd. | Control method and device for wireless multi-hopping network congestion |
US20110093522A1 (en) | 2009-10-21 | 2011-04-21 | A10 Networks, Inc. | Method and System to Determine an Application Delivery Server Based on Geo-Location Information |
US20110099403A1 (en) | 2009-10-26 | 2011-04-28 | Hitachi, Ltd. | Server management apparatus and server management method |
US20110099623A1 (en) | 2009-10-28 | 2011-04-28 | Garrard Kenneth W | System and method for providing unified transport and security protocols |
US20110110294A1 (en) | 2009-11-06 | 2011-05-12 | Vamsidhar Valluri | VIRTUAL CARE-OF ADDRESS FOR MOBILE IP (Internet Protocol) |
US7948952B2 (en) | 2004-06-28 | 2011-05-24 | Nokia Corporation | Controlling services in a packet data network |
US20110145324A1 (en) | 2009-12-16 | 2011-06-16 | Quantum Corporation | Reducing messaging in a client-server system |
US7965727B2 (en) | 2006-09-14 | 2011-06-21 | Fujitsu Limited | Broadcast distributing system and broadcast distributing method |
US20110153834A1 (en) | 2009-12-17 | 2011-06-23 | Sonus Networks, Inc. | Transparent Recovery of Transport Connections Using Packet Translation Techniques |
US20110149879A1 (en) | 2009-12-23 | 2011-06-23 | At&T Mobility Ii Llc | Chromatic scheduler for network traffic with disparate service requirements |
US7970934B1 (en) | 2006-07-31 | 2011-06-28 | Google Inc. | Detecting events of interest |
WO2011079381A1 (en) | 2009-12-31 | 2011-07-07 | Bce Inc. | Method and system for increasing performance of transmission control protocol sessions in data networks |
US7979694B2 (en) * | 2003-03-03 | 2011-07-12 | Cisco Technology, Inc. | Using TCP to authenticate IP source addresses |
US7983258B1 (en) | 2005-11-09 | 2011-07-19 | Juniper Networks, Inc. | Dynamic virtual local area network (VLAN) interface configuration |
US20110178985A1 (en) | 2008-10-03 | 2011-07-21 | Marta San Martin Arribas | Master monitoring mechanism for a geographical distributed database |
US20110185073A1 (en) | 2009-11-25 | 2011-07-28 | Ashok Kumar Jagadeeswaran | Systems and methods for client ip address insertion via tcp options |
US7991859B1 (en) | 2009-12-28 | 2011-08-02 | Amazon Technologies, Inc. | Using virtual networking devices to connect managed computer networks |
US7990847B1 (en) | 2005-04-15 | 2011-08-02 | Cisco Technology, Inc. | Method and system for managing servers in a server cluster |
CN102143075A (en) | 2011-03-28 | 2011-08-03 | 中国人民解放军国防科学技术大学 | Method and system for achieving load balance |
US20110191773A1 (en) | 2010-02-01 | 2011-08-04 | Computer Associates Think, Inc. | System and Method for Datacenter Power Management |
US20110196971A1 (en) | 2010-02-10 | 2011-08-11 | Praveenkumar Reguraman | Application session control using packet inspection |
US8019870B1 (en) | 1999-08-23 | 2011-09-13 | Oracle America, Inc. | Approach for allocating resources to an apparatus based on alternative resource requirements |
US8032634B1 (en) | 1999-08-23 | 2011-10-04 | Oracle America, Inc. | Approach for allocating resources to an apparatus based on resource requirements |
US20110276982A1 (en) | 2010-05-06 | 2011-11-10 | Hitachi, Ltd. | Load Balancer and Load Balancing System |
US20110276695A1 (en) | 2010-05-06 | 2011-11-10 | Juliano Maldaner | Continuous upgrading of computers in a load balanced environment |
US20110289496A1 (en) | 2010-05-18 | 2011-11-24 | North End Technologies, Inc. | Method & apparatus for load balancing software update across a plurality of publish/subscribe capable client devices |
US20110292939A1 (en) | 2009-05-28 | 2011-12-01 | Krishnamurthy Subramaian | Method & apparatus for forwarding table reduction |
US20110302256A1 (en) | 2010-06-07 | 2011-12-08 | Salesforce.Com, Inc. | Methods and systems for providing customized domain messages |
US20110307541A1 (en) | 2010-06-10 | 2011-12-15 | Microsoft Corporation | Server load balancing and draining in enhanced communication systems |
US8081640B2 (en) | 2007-10-24 | 2011-12-20 | Hitachi, Ltd. | Network system, network management server, and access filter reconfiguration method |
US20120008495A1 (en) | 2010-02-25 | 2012-01-12 | The Trustees Of Columbia University In The City Of New York | Methods And Systems For Controlling SIP Overload |
US8099492B2 (en) | 2002-07-25 | 2012-01-17 | Intellectual Ventures Holding 40 Llc | Method and system for background replication of data objects |
US20120023231A1 (en) | 2009-10-23 | 2012-01-26 | Nec Corporation | Network system, control method for the same, and controller |
US20120026897A1 (en) | 2010-07-29 | 2012-02-02 | Cisco Technology, Inc., A Corporation Of California | Packet Switching Device Using Results Determined by an Application Node |
US20120030341A1 (en) | 2010-07-28 | 2012-02-02 | International Business Machines Corporation | Transparent Header Modification for Reducing Serving Load Based on Current and Projected Usage |
US8116312B2 (en) | 2006-02-08 | 2012-02-14 | Solarflare Communications, Inc. | Method and apparatus for multicast packet reception |
US8122116B2 (en) | 2008-10-31 | 2012-02-21 | Hitachi, Ltd. | Storage management method and management server |
US20120066371A1 (en) | 2010-09-10 | 2012-03-15 | Cisco Technology, Inc. | Server Load Balancer Scaling for Virtual Servers |
US8151019B1 (en) | 2008-04-22 | 2012-04-03 | Lockheed Martin Corporation | Adaptive network traffic shaper |
US20120084419A1 (en) | 2010-09-30 | 2012-04-05 | A10 Networks, Inc. | System and method to balance servers based on server load status |
US20120084460A1 (en) | 2010-10-04 | 2012-04-05 | Openwave Systems Inc. | Method and system for dynamic traffic steering |
US20120106355A1 (en) | 2009-06-10 | 2012-05-03 | Telefonaktiebolaget L M Ericsson (Publ) | Performance Monitoring in a Communication Network |
US20120117571A1 (en) | 2010-11-05 | 2012-05-10 | Adam Davis | Load balancer and firewall self-provisioning system |
US20120117382A1 (en) | 1998-10-30 | 2012-05-10 | Virnetx, Inc. | System and method employing an agile network protocol for secure communications using secure domain names |
US8179809B1 (en) | 1999-08-23 | 2012-05-15 | Oracle America, Inc. | Approach for allocating resources to an apparatus based on suspendable resource requirements |
US8185651B2 (en) | 2002-01-10 | 2012-05-22 | Network General Technology | Multi-segment network application monitoring and correlation architecture |
US8191106B2 (en) | 2007-06-07 | 2012-05-29 | Alcatel Lucent | System and method of network access security policy management for multimodal device |
US20120144014A1 (en) | 2010-12-01 | 2012-06-07 | Cisco Technology, Inc. | Directing data flows in data centers with clustering services |
WO2012075237A2 (en) | 2010-12-02 | 2012-06-07 | A10 Networks Inc. | System and method to distribute application traffic to servers based on dynamic service response time |
US20120151353A1 (en) | 2010-12-09 | 2012-06-14 | Verizon Patent And Licensing Inc. | Server ip addressing in a computing-on-demand system |
WO2012083264A2 (en) | 2010-12-17 | 2012-06-21 | Microsoft Corporation | Synchronizing state among load balancer components |
US20120173759A1 (en) | 2010-12-29 | 2012-07-05 | Mugdha Agarwal | Systems and Methods for Policy Based Integration to Horizontally Deployed WAN Optimization Appliances |
US20120170548A1 (en) | 2011-01-04 | 2012-07-05 | Cisco Technology, Inc. | Distributed load management on network devices |
US20120179770A1 (en) | 2011-01-11 | 2012-07-12 | A10 Networks, Inc. | Virtual application delivery chassis system |
US8224971B1 (en) | 2009-12-28 | 2012-07-17 | Amazon Technologies, Inc. | Using virtual networking devices and routing information to initiate external actions |
US20120215910A1 (en) | 2011-02-18 | 2012-08-23 | Canon Kabushiki Kaisha | Web service system, server management apparatus, and web service providing method |
US20120240185A1 (en) | 2000-09-25 | 2012-09-20 | Harsh Kapoor | Systems and methods for processing data flows |
US20120239792A1 (en) | 2011-03-15 | 2012-09-20 | Subrata Banerjee | Placement of a cloud service using network topology and infrastructure performance |
US8296434B1 (en) | 2009-05-28 | 2012-10-23 | Amazon Technologies, Inc. | Providing dynamically scaling computing load balancing |
KR20120117461A (en) | 2011-04-15 | 2012-10-24 | 서강대학교산학협력단 | Method and system of controlling data transfer rate for downward vertical handover in overlayed network environment |
US20120297046A1 (en) | 2009-12-23 | 2012-11-22 | Murali Raja | Systems and methods for gslb spillover |
US20120311116A1 (en) | 2011-06-06 | 2012-12-06 | A10 Networks, Inc. | Sychronization of configuration file of virtual application distribution chassis |
US8379515B1 (en) | 2007-02-01 | 2013-02-19 | F5 Networks, Inc. | TCP throughput control by imposing temporal delay |
US20130046876A1 (en) | 2008-11-25 | 2013-02-21 | Raghav Somanahalli Narayana | Systems and methods for gslb site persistence |
US20130058335A1 (en) | 2010-07-06 | 2013-03-07 | Teemu Koponen | Packet processing for logical datapath sets |
US20130074177A1 (en) | 2008-08-14 | 2013-03-21 | Juniper Networks, Inc. | Routing device having integrated mpls-aware firewall |
US20130083725A1 (en) | 2011-10-04 | 2013-04-04 | Juniper Networks, Inc. | Methods and apparatus for enforcing a common user policy within a network |
US20130100958A1 (en) | 2011-10-24 | 2013-04-25 | A10 Networks, Inc. | Methods to combine stateless and stateful server load balancing |
US20130124713A1 (en) | 2011-11-10 | 2013-05-16 | Microsoft Corporation | Pattern-based computational health and configuration monitoring |
US20130135996A1 (en) | 2011-11-29 | 2013-05-30 | Hughes Networks Systems, Llc | Method and system for traffic management and resource allocation on a shared access network |
US20130136139A1 (en) | 2011-11-29 | 2013-05-30 | A10 Networks, Inc. | Accelerating Service Processing Using Fast Path TCP |
US20130148500A1 (en) | 2011-04-18 | 2013-06-13 | Kentaro Sonoda | Terminal, control device, communication method, communication system, communication module, program, and information processing device |
WO2013096019A1 (en) | 2011-12-23 | 2013-06-27 | A10 Networks Inc. | Methods to manage services over a service gateway |
US20130173795A1 (en) | 2011-12-30 | 2013-07-04 | Verisign, Inc. | DNS Package in a Partitioned Network |
US20130176854A1 (en) | 2012-01-09 | 2013-07-11 | Motorola Mobility, Inc. | Dynamic tcp layer optimization for real-time field performance |
US20130191486A1 (en) | 2012-01-24 | 2013-07-25 | Sony Corporation | Time control apparatus, time control method, and program |
US8499093B2 (en) | 2010-05-14 | 2013-07-30 | Extreme Networks, Inc. | Methods, systems, and computer readable media for stateless load balancing of network traffic flows |
US20130198385A1 (en) | 2012-01-28 | 2013-08-01 | A10 Networks, Inc. | System and Method to Generate Secure Name Records |
KR20130096624A (en) | 2012-02-22 | 2013-08-30 | 유대영 | Led lighting apparatus and led lighting system having the same |
US8539075B2 (en) | 2006-04-21 | 2013-09-17 | International Business Machines Corporation | On-demand global server load balancing system and method of use |
US20130250765A1 (en) | 2012-03-23 | 2013-09-26 | Qualcomm Incorporated | Delay based active queue management for uplink traffic in user equipment |
US20130258846A1 (en) | 2010-12-07 | 2013-10-03 | Telefonaktiebolaget L M Ericsson (Publ) | Method for Enabling Traffic Acceleration in a Mobile Telecommunication Network |
US20130282791A1 (en) | 2012-04-19 | 2013-10-24 | Empire Technology Development Llc | Migration in place |
US8584199B1 (en) | 2006-10-17 | 2013-11-12 | A10 Networks, Inc. | System and method to apply a packet routing policy to an application session |
US20140012972A1 (en) | 2012-07-05 | 2014-01-09 | A10 Networks, Inc. | Method to Allocate Buffer for TCP Proxy Session Based on Dynamic Network Conditions |
WO2014031046A1 (en) | 2012-08-23 | 2014-02-27 | Telefonaktiebolaget L M Ericsson (Publ) | Tcp proxy server |
US8675488B1 (en) | 2010-09-07 | 2014-03-18 | Juniper Networks, Inc. | Subscriber-based network traffic management |
US20140089500A1 (en) | 2012-09-25 | 2014-03-27 | Swaminathan Sankar | Load distribution in data networks |
US8750164B2 (en) | 2010-07-06 | 2014-06-10 | Nicira, Inc. | Hierarchical managed switch architecture |
US20140164617A1 (en) | 2012-12-06 | 2014-06-12 | A10 Networks, Inc. | Forwarding policies on a virtual service network |
US20140169168A1 (en) | 2012-12-06 | 2014-06-19 | A10 Networks, Inc. | Configuration of a virtual service network |
CN103944954A (en) | 2013-01-23 | 2014-07-23 | A10网络股份有限公司 | Reducing Buffer Usage For Tcp Proxy Session Based On Delayed Acknowledgment |
US20140258465A1 (en) | 2013-03-11 | 2014-09-11 | Cisco Technology, Inc. | Identification of originating ip address and client port connection to a web server via a proxy server |
US20140258536A1 (en) | 2013-03-08 | 2014-09-11 | A10 Networks, Inc. | Application delivery controller and global server load balancer |
WO2014144837A1 (en) | 2013-03-15 | 2014-09-18 | A10 Networks, Inc. | Processing data packets using a policy based network path |
US20140286313A1 (en) | 2011-11-23 | 2014-09-25 | Telefonaktiebolaget L M Ericsson (Publ) | Methods and arrangements for improving transmission control protocol performance in a cellular network |
US20140298091A1 (en) | 2013-04-01 | 2014-10-02 | Nebula, Inc. | Fault Tolerance for a Distributed Computing System |
US8879427B2 (en) | 2000-07-07 | 2014-11-04 | 802 Systems Inc. | Methods for updating the configuration of a programmable packet filtering device including a determination as to whether a packet is to be junked |
US20140330982A1 (en) | 2013-05-03 | 2014-11-06 | A10 Networks, Inc. | Facilitating secure network traffic by an application delivery controller |
US8885463B1 (en) | 2011-10-17 | 2014-11-11 | Juniper Networks, Inc. | Path computation element communication protocol (PCEP) extensions for stateful label switched path management |
US20140334485A1 (en) | 2013-05-09 | 2014-11-13 | Vmware, Inc. | Method and system for service switching using service tags |
US20140359052A1 (en) | 2013-05-28 | 2014-12-04 | Verizon Patent And Licensing Inc. | Resilient tcp splicing for proxy services |
US20150026794A1 (en) | 2013-07-18 | 2015-01-22 | Palo Alto Networks, Inc. | Packet classification for network routing |
US8965957B2 (en) | 2010-12-15 | 2015-02-24 | Sap Se | Service delivery framework |
US20150156223A1 (en) | 2013-12-02 | 2015-06-04 | Feilong Xu | Network proxy layer for policy-based application proxies |
US20150215436A1 (en) | 2012-04-30 | 2015-07-30 | Brocade Communications Systems, Inc. | Techniques for protecting against denial of service attacks |
US20150244566A1 (en) | 2014-02-24 | 2015-08-27 | Red Hat Israel, Ltd. | Network configuration via abstraction components and standard commands |
US9137301B1 (en) | 2009-06-30 | 2015-09-15 | Amazon Technologies, Inc. | Client based opportunistic routing |
US20150281087A1 (en) | 2014-03-25 | 2015-10-01 | A10 Networks, Inc. | Forwarding data packets using a service-based forwarding policy |
US20150281104A1 (en) | 2014-03-31 | 2015-10-01 | Ali Golshan | Active application response delay time |
US20150312268A1 (en) | 2014-04-28 | 2015-10-29 | Sophos Limited | Intrusion detection using a heartbeat |
WO2015164026A1 (en) | 2014-04-24 | 2015-10-29 | A10 Networks, Inc. | Enabling planned upgrade/downgrade of network devices without impacting network sessions |
US20150333988A1 (en) | 2014-05-16 | 2015-11-19 | A10 Networks, Inc. | Distributed system to determine a server's health |
US20150350048A1 (en) | 2014-06-03 | 2015-12-03 | A10 Networks, Inc. | User Defined Objects for Network Devices |
US20150350379A1 (en) | 2014-06-03 | 2015-12-03 | A10 Networks, Inc. | Programming a data network device using user defined scripts |
US20160014126A1 (en) | 2013-05-03 | 2016-01-14 | A10 Networks, Inc. | Facilitating a Secure 3 Party Network Session by a Network Device |
US20160044095A1 (en) | 2012-09-25 | 2016-02-11 | A10 Networks, Inc. | Distributing service sessions |
US20160043901A1 (en) | 2012-09-25 | 2016-02-11 | A10 Networks, Inc. | Graceful scaling in software driven networks |
US20160042014A1 (en) | 2012-09-25 | 2016-02-11 | A10 Networks, Inc. | Distributed database in software driven networks |
US20170048107A1 (en) | 2015-08-13 | 2017-02-16 | A10 Networks, Inc. | Automated Adjustment of Subscriber Policies |
US20170048356A1 (en) | 2015-08-12 | 2017-02-16 | A10 Networks, Inc. | Transmission Control of Protocol State Exchange for Dynamic Stateful Service Insertion |
-
2006
- 2006-02-21 US US11/358,245 patent/US7675854B2/en not_active Ceased
-
2012
- 2012-03-06 US US13/413,191 patent/USRE44701E1/en active Active
-
2014
- 2014-01-09 US US14/151,803 patent/USRE47296E1/en active Active
-
2018
- 2018-12-28 US US16/235,249 patent/USRE49053E1/en active Active
Patent Citations (541)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5218602A (en) | 1991-04-04 | 1993-06-08 | Dsc Communications Corporation | Interprocessor switching network |
TW269763B (en) | 1995-09-12 | 1996-02-01 | Ind Tech Res Inst | Seamless handoff for a wireless/wired LAN internetworking |
JPH0997233A (en) | 1995-09-28 | 1997-04-08 | Nec Corp | Load distributing method for on-line information processing system |
US5875185A (en) | 1995-10-10 | 1999-02-23 | Industrial Technology Research Inst. | Seamless handoff for a wireless lan/wired lan internetworking |
US5935207A (en) | 1996-06-03 | 1999-08-10 | Webtv Networks, Inc. | Method and apparatus for providing remote site administrators with user hits on mirrored web sites |
US5862339A (en) | 1996-07-09 | 1999-01-19 | Webtv Networks, Inc. | Client connects to an internet access provider using algorithm downloaded from a central server based upon client's desired criteria after disconnected from the server |
US5774660A (en) | 1996-08-05 | 1998-06-30 | Resonate, Inc. | World-wide-web server with delayed resource-binding for resource-based load balancing on a distributed resource multi-node network |
US5958053A (en) * | 1997-01-30 | 1999-09-28 | At&T Corp. | Communications protocol with improved security |
US6075783A (en) | 1997-03-06 | 2000-06-13 | Bell Atlantic Network Services, Inc. | Internet phone to PSTN cellular/PCS system |
US5995981A (en) | 1997-06-16 | 1999-11-30 | Telefonaktiebolaget Lm Ericsson | Initialization of replicated data objects |
US20030091028A1 (en) | 1997-07-25 | 2003-05-15 | Chang Gordon K. | Apparatus and method for integrated voice gateway |
US6456617B1 (en) | 1997-08-12 | 2002-09-24 | Kokusai Denshin Denwa Co., Ltd. | Routing control communication system between circuit switched network and internet |
US6259705B1 (en) | 1997-09-22 | 2001-07-10 | Fujitsu Limited | Network service server load balancing device, network service server load balancing method and computer-readable storage medium recorded with network service server load balancing program |
JPH1196128A (en) | 1997-09-22 | 1999-04-09 | Fujitsu Ltd | Device and method for adjusting network service server load and recording medium |
US20020091844A1 (en) | 1997-10-14 | 2002-07-11 | Alacritech, Inc. | Network interface device that fast-path processes solicited session layer read commands |
US20040062246A1 (en) | 1997-10-14 | 2004-04-01 | Alacritech, Inc. | High performance network interface |
US20040073703A1 (en) | 1997-10-14 | 2004-04-15 | Alacritech, Inc. | Fast-path apparatus for receiving data corresponding a TCP connection |
US7673072B2 (en) | 1997-10-14 | 2010-03-02 | Alacritech, Inc. | Fast-path apparatus for transmitting data corresponding to a TCP connection |
US7167927B2 (en) | 1997-10-14 | 2007-01-23 | Alacritech, Inc. | TCP/IP offload device with fast-path TCP ACK generating and transmitting mechanism |
US20040078480A1 (en) | 1997-10-14 | 2004-04-22 | Boucher Laurence B. | Parsing a packet header |
US6047268A (en) * | 1997-11-04 | 2000-04-04 | A.T.&T. Corporation | Method and apparatus for billing for transactions conducted over the internet |
US6003069A (en) | 1997-12-16 | 1999-12-14 | Lexmark International, Inc. | Client/server printer driver system |
US20050074013A1 (en) | 1998-02-02 | 2005-04-07 | Hershey Paul C. | System and associated method for the synchronization and control of multiplexed payloads over a telecommunications network |
US6131163A (en) | 1998-02-17 | 2000-10-10 | Cisco Technology, Inc. | Network gateway mechanism having a protocol stack proxy |
US6459682B1 (en) | 1998-04-07 | 2002-10-01 | International Business Machines Corporation | Architecture for supporting service level agreements in an IP network |
JPH11338836A (en) | 1998-05-25 | 1999-12-10 | Nippon Telegr & Teleph Corp <Ntt> | Load distribution system for computer network |
US6219706B1 (en) | 1998-10-16 | 2001-04-17 | Cisco Technology, Inc. | Access control for networks |
US20120117382A1 (en) | 1998-10-30 | 2012-05-10 | Virnetx, Inc. | System and method employing an agile network protocol for secure communications using secure domain names |
US7334232B2 (en) | 1998-11-05 | 2008-02-19 | Bea Systems, Inc. | Clustered enterprise Java™ in a secure distributed processing system |
US6321338B1 (en) * | 1998-11-09 | 2001-11-20 | Sri International | Network surveillance |
US7747748B2 (en) | 1998-11-17 | 2010-06-29 | Democrasoft, Inc. | Method for connection acceptance control and rapid determination of optimal multi-media content delivery over networks |
TW444478B (en) | 1998-12-10 | 2001-07-01 | Ind Tech Res Inst | Ethernet switch IC with shared memory structure and its network |
US6535516B1 (en) | 1998-12-10 | 2003-03-18 | Industrial Technology Research Institute | Shared memory based network switch and the network constructed with the same |
US6483600B1 (en) | 1999-02-26 | 2002-11-19 | 3Com Corporation | System and method for communicating real-time facsimiles over data networks |
US6772205B1 (en) | 1999-03-12 | 2004-08-03 | Nortel Networks Limited | Executing applications on a target network device using a proxy network device |
JP2000276432A (en) | 1999-03-24 | 2000-10-06 | Nec Corp | Dynamic load distribution system for transaction message |
JP2000307634A (en) | 1999-04-15 | 2000-11-02 | Kdd Corp | Congestion control method by repeating station of packet exchanging network |
US6779017B1 (en) | 1999-04-29 | 2004-08-17 | International Business Machines Corporation | Method and system for dispatching client sessions within a cluster of servers connected to the world wide web |
TW425821B (en) | 1999-05-31 | 2001-03-11 | Ind Tech Res Inst | Key management method |
US6658114B1 (en) | 1999-05-31 | 2003-12-02 | Industrial Technology Research Institute | Key management method |
US20010049741A1 (en) | 1999-06-18 | 2001-12-06 | Bryan D. Skene | Method and system for balancing load distribution on a wide area network |
CN1372662A (en) | 1999-07-09 | 2002-10-02 | 卡纳尔股份有限公司 | Running and testing applications |
US6374300B2 (en) | 1999-07-15 | 2002-04-16 | F5 Networks, Inc. | Method and system for storing load balancing information with an HTTP cookie |
JP2001051859A (en) | 1999-08-11 | 2001-02-23 | Hitachi Ltd | Load information communication method |
WO2001013228A2 (en) | 1999-08-13 | 2001-02-22 | Sun Microsystems, Inc. | Graceful distribution in application server load balancing |
WO2001014990A1 (en) | 1999-08-21 | 2001-03-01 | Webever, Inc. | Method for content delivery over the internet |
US8019870B1 (en) | 1999-08-23 | 2011-09-13 | Oracle America, Inc. | Approach for allocating resources to an apparatus based on alternative resource requirements |
US8179809B1 (en) | 1999-08-23 | 2012-05-15 | Oracle America, Inc. | Approach for allocating resources to an apparatus based on suspendable resource requirements |
US8032634B1 (en) | 1999-08-23 | 2011-10-04 | Oracle America, Inc. | Approach for allocating resources to an apparatus based on resource requirements |
US7463648B1 (en) | 1999-08-23 | 2008-12-09 | Sun Microsystems, Inc. | Approach for allocating resources to an apparatus based on optional resource requirements |
US7703102B1 (en) | 1999-08-23 | 2010-04-20 | Oracle America, Inc. | Approach for allocating resources to an apparatus based on preemptable resource requirements |
US6578066B1 (en) | 1999-09-17 | 2003-06-10 | Alteon Websystems | Distributed load-balancing internet servers |
US6600738B1 (en) | 1999-10-02 | 2003-07-29 | Ericsson, Inc. | Routing in an IP network based on codec availability and subscriber preference |
US6748414B1 (en) | 1999-11-15 | 2004-06-08 | International Business Machines Corporation | Method and apparatus for the load balancing of non-identical servers in a network environment |
US6952728B1 (en) | 1999-12-01 | 2005-10-04 | Nortel Networks Limited | Providing desired service policies to subscribers accessing internet |
WO2001045349A2 (en) | 1999-12-16 | 2001-06-21 | Speedera Networks, Inc. | Scalable domain name system with persistence and load balancing |
US6587866B1 (en) | 2000-01-10 | 2003-07-01 | Sun Microsystems, Inc. | Method for distributing packets to server nodes using network client affinity and packet distribution table |
US20050044270A1 (en) | 2000-02-07 | 2005-02-24 | Grove Adam J. | Method for high-performance delivery of web content |
US20040199646A1 (en) | 2000-02-18 | 2004-10-07 | Netscaler, Inc. | Apparatus, method and computer program product for guaranteed content delivery incorporating putting a client on-hold based on response time |
US6804224B1 (en) | 2000-02-29 | 2004-10-12 | 3Com Corporation | System and method for providing telephone service having private branch exchange features in a voice-over-data network telephony system |
US20020138618A1 (en) | 2000-03-21 | 2002-09-26 | F5 Networks, Inc. | Simplified method for processing multiple connections from the same client |
JP2001298449A (en) | 2000-04-12 | 2001-10-26 | Matsushita Electric Ind Co Ltd | Security communication method, communication system and its unit |
US20020032799A1 (en) | 2000-05-02 | 2002-03-14 | Globalstar L.P. | Deferring DNS service for a satellite ISP system using non-geosynchronous orbit satellites |
US20010042200A1 (en) * | 2000-05-12 | 2001-11-15 | International Business Machines | Methods and systems for defeating TCP SYN flooding attacks |
US20090262741A1 (en) | 2000-06-23 | 2009-10-22 | Jungck Peder J | Transparent Provisioning of Services Over a Network |
US7013482B1 (en) | 2000-07-07 | 2006-03-14 | 802 Systems Llc | Methods for packet filtering including packet invalidation if packet validity determination not timely made |
US8879427B2 (en) | 2000-07-07 | 2014-11-04 | 802 Systems Inc. | Methods for updating the configuration of a programmable packet filtering device including a determination as to whether a packet is to be junked |
US20110029599A1 (en) | 2000-07-13 | 2011-02-03 | Infoblox, Inc. | Domain name service server |
US20030035420A1 (en) | 2000-08-18 | 2003-02-20 | Zhisheng Niu | TCP aware local retransmissioner scheme for unreliable transmission network |
US7711790B1 (en) * | 2000-08-24 | 2010-05-04 | Foundry Networks, Inc. | Securing an accessible computer system |
US20020026515A1 (en) | 2000-08-29 | 2002-02-28 | Alcatel | Data network |
US7010605B1 (en) | 2000-08-29 | 2006-03-07 | Microsoft Corporation | Method and apparatus for encoding and storing session data |
US6772334B1 (en) * | 2000-08-31 | 2004-08-03 | Networks Associates, Inc. | System and method for preventing a spoofed denial of service attack in a networked computing environment |
CN1449618A (en) | 2000-09-04 | 2003-10-15 | 国际商业机器公司 | System communication between computer systems |
US7398317B2 (en) * | 2000-09-07 | 2008-07-08 | Mazu Networks, Inc. | Thwarting connection-based denial of service attacks |
US20020103916A1 (en) * | 2000-09-07 | 2002-08-01 | Benjie Chen | Thwarting connection-based denial of service attacks |
US20020032777A1 (en) | 2000-09-11 | 2002-03-14 | Yoko Kawata | Load sharing apparatus and a load estimation method |
JP2002091936A (en) | 2000-09-11 | 2002-03-29 | Hitachi Ltd | Device for distributing load and method for estimating load |
US20120240185A1 (en) | 2000-09-25 | 2012-09-20 | Harsh Kapoor | Systems and methods for processing data flows |
US20100293296A1 (en) | 2000-09-26 | 2010-11-18 | Foundry Networks, Inc. | Global server load balancing |
US20100082787A1 (en) | 2000-09-26 | 2010-04-01 | Foundry Networks, Inc. | Global server load balancing |
CN1473300A (en) | 2000-09-29 | 2004-02-04 | Intelligent networks storage interface system and devices | |
US20050021848A1 (en) | 2000-10-13 | 2005-01-27 | Jorgenson Daniel Scott | System and method for distributing load among redundant independent stateful World Wide Web server sites |
US20020133491A1 (en) | 2000-10-26 | 2002-09-19 | Prismedia Networks, Inc. | Method and system for managing distributed content and related metadata |
EP1209876A2 (en) | 2000-11-21 | 2002-05-29 | Avaya Communication Israel Ltd. | Dynamic load balancer |
US20020078164A1 (en) | 2000-12-13 | 2002-06-20 | Marnetics Ltd. | System and method for data transfer acceleration in a TCP network environment |
US7218722B1 (en) | 2000-12-18 | 2007-05-15 | Westell Technologies, Inc. | System and method for providing call management services in a virtual private network using voice or video over internet protocol |
US6779033B1 (en) * | 2000-12-28 | 2004-08-17 | Networks Associates Technology, Inc. | System and method for transacting a validated application session in a networked computing environment |
US7301899B2 (en) * | 2001-01-31 | 2007-11-27 | Comverse Ltd. | Prevention of bandwidth congestion in a denial of service or other internet-based attack |
US20050198335A1 (en) | 2001-02-06 | 2005-09-08 | Microsoft Corporation | Distributed load balancing for single entry-point systems |
US20030014544A1 (en) | 2001-02-15 | 2003-01-16 | Banderacom | Infiniband TM work queue to TCP/IP translation |
US20030023873A1 (en) | 2001-03-16 | 2003-01-30 | Yuval Ben-Itzhak | Application-layer security method and system |
US20020143991A1 (en) | 2001-03-16 | 2002-10-03 | Kingsum Chow | Geographic location determination including inspection of network address |
US7533409B2 (en) | 2001-03-22 | 2009-05-12 | Corente, Inc. | Methods and systems for firewalling virtual private networks |
US20020141386A1 (en) | 2001-03-29 | 2002-10-03 | Minert Brian D. | System, apparatus and method for voice over internet protocol telephone calling using enhanced signaling packets and localized time slot interchanging |
US7349970B2 (en) | 2001-03-29 | 2008-03-25 | International Business Machines Corporation | Workload management of stateful program entities |
US20030061506A1 (en) | 2001-04-05 | 2003-03-27 | Geoffrey Cooper | System and method for security policy |
US20020178259A1 (en) | 2001-05-23 | 2002-11-28 | International Business Machines Corporation | Load balancing content requests using dynamic document generation cost information |
US20020188678A1 (en) | 2001-06-05 | 2002-12-12 | Edecker Ada Mae | Networked computer system for communicating and operating in a virtual reality environment |
US20040213158A1 (en) | 2001-06-07 | 2004-10-28 | Paul Collett | Real time processing |
US20040103315A1 (en) | 2001-06-07 | 2004-05-27 | Geoffrey Cooper | Assessment tool |
US20020191575A1 (en) | 2001-06-18 | 2002-12-19 | Broadwave, Inc. | Method and apparatus for converging local area and wide area wireless data networks |
US20020194350A1 (en) | 2001-06-18 | 2002-12-19 | Lu Leonard L. | Content-aware web switch without delayed binding and methods thereof |
US20020194335A1 (en) | 2001-06-19 | 2002-12-19 | Maynard William Pat | Method and apparatus for load balancing |
US20120191839A1 (en) | 2001-06-19 | 2012-07-26 | William Pat Maynard | Method and apparatus for load balancing |
US20030009591A1 (en) | 2001-06-25 | 2003-01-09 | Clive Hayball | Apparatus and method for managing internet resource requests |
US7343399B2 (en) | 2001-06-25 | 2008-03-11 | Nortel Networks Limited | Apparatus and method for managing internet resource requests |
US20050009520A1 (en) | 2001-07-03 | 2005-01-13 | Herrero Antonio Juan Sanchez | Method and system for handling multiple registration |
US20110019550A1 (en) | 2001-07-06 | 2011-01-27 | Juniper Networks, Inc. | Content service aggregation system |
US7765328B2 (en) | 2001-07-06 | 2010-07-27 | Juniper Networks, Inc. | Content service aggregation system |
US7509369B1 (en) | 2001-07-11 | 2009-03-24 | Swsoft Holdings, Ltd. | Balancing shared servers in virtual environments |
US20090077651A1 (en) | 2001-07-13 | 2009-03-19 | Yuri Poeluev | Method and apparatus for resolving a web site address when connected with a virtual private network (vpn) |
US20030023711A1 (en) | 2001-07-30 | 2003-01-30 | Parmar Pankaj N. | Identifying network management policies |
US20040187032A1 (en) | 2001-08-07 | 2004-09-23 | Christoph Gels | Method, data carrier, computer system and computer progamme for the identification and defence of attacks in server of network service providers and operators |
US20030035409A1 (en) | 2001-08-20 | 2003-02-20 | Wang Jiwei R. | Method and apparatus for providing service selection, redirection and managing of subscriber access to multiple WAP (Wireless Application Protecol) geteways simultaneously |
CN1575582A (en) | 2001-09-28 | 2005-02-02 | 塞维斯通讯公司 | Configurable adaptive global traffic control and management |
US20050005207A1 (en) | 2001-09-28 | 2005-01-06 | Thierry Herneque | Method of improving the performance of a transmission protocol using a retransmission timer |
JP2003141068A (en) | 2001-11-02 | 2003-05-16 | Canon Software Inc | Session management device, and session management method, program and storage medium |
US20040078419A1 (en) | 2001-11-02 | 2004-04-22 | Stephen Ferrari | Switching system |
US7370353B2 (en) * | 2001-11-05 | 2008-05-06 | Cisco Technology, Inc. | System and method for managing dynamic network sessions |
US7512980B2 (en) * | 2001-11-30 | 2009-03-31 | Lancope, Inc. | Packet sampling flow-based detection of network intrusions |
JP2003186776A (en) | 2001-12-13 | 2003-07-04 | Hitachi Ltd | Congestion control system |
US20030131245A1 (en) | 2002-01-04 | 2003-07-10 | Michael Linderman | Communication security system |
US8185651B2 (en) | 2002-01-10 | 2012-05-22 | Network General Technology | Multi-segment network application monitoring and correlation architecture |
US7058718B2 (en) * | 2002-01-15 | 2006-06-06 | International Business Machines Corporation | Blended SYN cookies |
US20030135625A1 (en) * | 2002-01-15 | 2003-07-17 | International Business Machines Corporation | Blended SYN cookies |
US7328267B1 (en) | 2002-01-18 | 2008-02-05 | Cisco Technology, Inc. | TCP proxy connection management in a gigabit environment |
US8090866B1 (en) | 2002-01-18 | 2012-01-03 | Cisco Technology, Inc. | TCP proxy connection management in a gigabit environment |
US7076555B1 (en) | 2002-01-23 | 2006-07-11 | Novell, Inc. | System and method for transparent takeover of TCP connections between servers |
CN1714545A (en) | 2002-01-24 | 2005-12-28 | 艾维西系统公司 | System and method for fault tolerant data communication |
US7143087B2 (en) | 2002-02-01 | 2006-11-28 | John Fairweather | System and method for creating a distributed network architecture |
US7584262B1 (en) | 2002-02-11 | 2009-09-01 | Extreme Networks | Method of and system for allocating resources to resource requests based on application of persistence policies |
US8560693B1 (en) | 2002-02-11 | 2013-10-15 | Extreme Networks, Inc. | Method of and system for allocating resources to resource requests based on application of persistence policies |
US7228359B1 (en) | 2002-02-12 | 2007-06-05 | Cisco Technology, Inc. | Methods and apparatus for providing domain name service based on a client identifier |
US20080109452A1 (en) | 2002-02-15 | 2008-05-08 | Cognos Incorporated | Queuing model for a plurality of servers |
US20030195962A1 (en) | 2002-04-10 | 2003-10-16 | Satoshi Kikuchi | Load balancing of servers |
US20100235507A1 (en) | 2002-05-03 | 2010-09-16 | Brocade Communications Systems, Inc. | Connection rate limiting for server load balancing and transparent cache switching |
US8554929B1 (en) | 2002-05-03 | 2013-10-08 | Foundry Networks, Llc | Connection rate limiting for server load balancing and transparent cache switching |
US7707295B1 (en) | 2002-05-03 | 2010-04-27 | Foundry Networks, Inc. | Connection rate limiting |
WO2003103237A1 (en) | 2002-06-04 | 2003-12-11 | Cosine Communications, Inc. | System and method for controlling routing in a virtual router system |
US20050163073A1 (en) | 2002-06-10 | 2005-07-28 | Ipr Licensing, Inc | Applying session services based on packet flows |
US20040010545A1 (en) | 2002-06-11 | 2004-01-15 | Pandya Ashish A. | Data processing system using internet protocols and RDMA |
US20060041745A1 (en) | 2002-06-19 | 2006-02-23 | Marratech Ab | Apparatus and method for conveying private information within a group communication system |
US7277963B2 (en) | 2002-06-26 | 2007-10-02 | Sandvine Incorporated | TCP proxy providing application layer modifications |
US7254133B2 (en) * | 2002-07-15 | 2007-08-07 | Intel Corporation | Prevention of denial of service attacks |
US8099492B2 (en) | 2002-07-25 | 2012-01-17 | Intellectual Ventures Holding 40 Llc | Method and system for background replication of data objects |
US7069438B2 (en) * | 2002-08-19 | 2006-06-27 | Sowl Associates, Inc. | Establishing authenticated network connections |
US7430755B1 (en) * | 2002-09-03 | 2008-09-30 | Fs Networks, Inc. | Method and system for providing persistence in a secure network access |
US7337241B2 (en) | 2002-09-27 | 2008-02-26 | Alacritech, Inc. | Fast-path apparatus for receiving data corresponding to a TCP connection |
US7506360B1 (en) * | 2002-10-01 | 2009-03-17 | Mirage Networks, Inc. | Tracking communication for determining device states |
US7236457B2 (en) | 2002-10-04 | 2007-06-26 | Intel Corporation | Load balancing in a network |
US20090138606A1 (en) | 2002-10-08 | 2009-05-28 | Brian Moran | Transferring sessions between devices |
US7792113B1 (en) | 2002-10-21 | 2010-09-07 | Cisco Technology, Inc. | Method and system for policy-based forwarding |
US7310686B2 (en) | 2002-10-27 | 2007-12-18 | Paxfire, Inc. | Apparatus and method for transparent selection of an Internet server based on geographic location of a user |
US20110032941A1 (en) | 2002-11-08 | 2011-02-10 | Juniper Networks, Inc. | Systems and methods for accelerating tcp/ip data stream processing |
US7552323B2 (en) * | 2002-11-18 | 2009-06-23 | Liquidware Labs, Inc. | System, apparatuses, methods, and computer-readable media using identification data in packet communications |
US20100098417A1 (en) | 2002-11-18 | 2010-04-22 | Tse-Au Elizabeth Suet H | Router having dual propagation paths for packets |
US20040111516A1 (en) | 2002-12-06 | 2004-06-10 | Stuart Cain | Reduced wireless internet connect time |
US20040199616A1 (en) | 2002-12-30 | 2004-10-07 | Mika Karhu | Automatic and dynamic service information delivery from service providers to data terminals in an access point network |
US20040139108A1 (en) | 2002-12-31 | 2004-07-15 | International Business Machines Corporation | System and method for aggregating user project information in a multi-server system |
US7269850B2 (en) | 2002-12-31 | 2007-09-11 | Intel Corporation | Systems and methods for detecting and tracing denial of service attacks |
US20040128312A1 (en) | 2002-12-31 | 2004-07-01 | International Business Machines Corporation | System and method for invoking methods on place objects in a distributed environment |
US20040139057A1 (en) | 2002-12-31 | 2004-07-15 | International Business Machines Corporation | System and method for searching a plurality of databases distributed across a multi server domain |
US7234161B1 (en) | 2002-12-31 | 2007-06-19 | Nvidia Corporation | Method and apparatus for deflecting flooding attacks |
US20040141005A1 (en) | 2003-01-22 | 2004-07-22 | International Business Machines Corporation | System and method for integrating online meeting materials in a place |
US20040143599A1 (en) | 2003-01-22 | 2004-07-22 | International Business Machines Corporation | System and method for command line administration of project spaces using XML objects |
US20040202182A1 (en) | 2003-02-12 | 2004-10-14 | Martin Lund | Method and system to provide blade server load balancing using spare link bandwidth |
US7979694B2 (en) * | 2003-03-03 | 2011-07-12 | Cisco Technology, Inc. | Using TCP to authenticate IP source addresses |
US20040210623A1 (en) | 2003-03-06 | 2004-10-21 | Aamer Hydrie | Virtual network topology generation |
WO2004084085A1 (en) | 2003-03-18 | 2004-09-30 | Fujitsu Limited | Load distributing system by intersite cooperation |
US20040250059A1 (en) | 2003-04-15 | 2004-12-09 | Brian Ramelson | Secure network processing |
US20040210663A1 (en) | 2003-04-15 | 2004-10-21 | Paul Phillips | Object-aware transport-layer network processing engine |
US7373500B2 (en) | 2003-04-15 | 2008-05-13 | Sun Microsystems, Inc. | Secure network processing |
US7308499B2 (en) | 2003-04-30 | 2007-12-11 | Avaya Technology Corp. | Dynamic load balancing for enterprise IP traffic |
US7181524B1 (en) | 2003-06-13 | 2007-02-20 | Veritas Operating Corporation | Method and apparatus for balancing a load among a plurality of servers in a computer system |
US7590736B2 (en) | 2003-06-30 | 2009-09-15 | Microsoft Corporation | Flexible network load balancing |
US20040268358A1 (en) | 2003-06-30 | 2004-12-30 | Microsoft Corporation | Network load balancing with host status information |
US7613822B2 (en) | 2003-06-30 | 2009-11-03 | Microsoft Corporation | Network load balancing with session information |
US20050027862A1 (en) | 2003-07-18 | 2005-02-03 | Nguyen Tien Le | System and methods of cooperatively load-balancing clustered servers |
US20050039033A1 (en) | 2003-07-25 | 2005-02-17 | Activeviews, Inc. | Method and system for building a report for execution against a data store |
US20050036501A1 (en) | 2003-08-11 | 2005-02-17 | Samsung Electronics Co., Ltd. | Domain name service system and method thereof |
US20050036511A1 (en) | 2003-08-14 | 2005-02-17 | International Business Machines Corp. | Method, system and article for improved TCP performance during packet reordering |
US20090138945A1 (en) | 2003-09-10 | 2009-05-28 | Fidelis Security Systems | High-Performance Network Content Analysis Platform |
US7467202B2 (en) | 2003-09-10 | 2008-12-16 | Fidelis Security Systems | High-performance network content analysis platform |
CN1529460A (en) | 2003-10-14 | 2004-09-15 | 北京邮电大学 | Whole load equalizing method based on global network positioning |
US20050080890A1 (en) | 2003-10-14 | 2005-04-14 | Yang Sun Hee | Server load balancing apparatus and method using MPLS session |
US7472190B2 (en) | 2003-10-17 | 2008-12-30 | International Business Machines Corporation | Method, system and program product for preserving a user state in an application |
JP2005141441A (en) | 2003-11-06 | 2005-06-02 | Hitachi Ltd | Load distribution system |
US20050102400A1 (en) | 2003-11-06 | 2005-05-12 | Masahiko Nakahara | Load balancing system |
CN1910869A (en) | 2003-12-05 | 2007-02-07 | 艾拉克瑞技术公司 | TCP/IP offload device with reduced sequential processing |
US20050125276A1 (en) | 2003-12-05 | 2005-06-09 | Grigore Rusu | System and method for event tracking across plural contact mediums |
US20050213586A1 (en) | 2004-02-05 | 2005-09-29 | David Cyganski | System and method to increase network throughput |
US7881215B1 (en) | 2004-03-18 | 2011-02-01 | Avaya Inc. | Stateful and stateless data processing |
US8559437B2 (en) * | 2004-04-15 | 2013-10-15 | Qualcomm Incorporated | Packet concatenation in wireless networks |
US7733866B2 (en) * | 2004-04-15 | 2010-06-08 | Qualcomm Incorporated | Packet concatenation in wireless networks |
US20050240989A1 (en) * | 2004-04-23 | 2005-10-27 | Seoul National University Industry Foundation | Method of sharing state between stateful inspection firewalls on mep network |
US20060064478A1 (en) | 2004-05-03 | 2006-03-23 | Level 3 Communications, Inc. | Geo-locating load balancing |
US20060112170A1 (en) | 2004-05-03 | 2006-05-25 | Craig Sirkin | Geo-locating load balancing |
US7584301B1 (en) | 2004-05-06 | 2009-09-01 | Foundry Networks, Inc. | Host-level policies for global server load balancing |
US20050249225A1 (en) | 2004-05-10 | 2005-11-10 | Singhal Tara C | Method and apparatus for packet source validation architecture system for enhanced Internet security |
US7391725B2 (en) * | 2004-05-18 | 2008-06-24 | Christian Huitema | System and method for defeating SYN attacks |
US20050259586A1 (en) | 2004-05-19 | 2005-11-24 | Abdelhakim Hafid | Dynamic traffic rearrangement and restoration for MPLS networks with differentiated services capabilities |
US20080076432A1 (en) | 2004-06-04 | 2008-03-27 | Nimal Senarath | Method and System for Soft Handoff in Mobile Broadband Systems |
US20060069774A1 (en) | 2004-06-17 | 2006-03-30 | International Business Machine Corporation | Method and apparatus for managing data center using Web services |
US20080228781A1 (en) | 2004-06-17 | 2008-09-18 | International Business Machines Corporation | Method and Apparatus for Managing Data Center Using Web Services |
US8990262B2 (en) | 2004-06-17 | 2015-03-24 | International Business Machines Corporation | managing data center using web services |
US20050281190A1 (en) | 2004-06-17 | 2005-12-22 | Mcgee Michael S | Automated recovery from a split segment condition in a layer2 network for teamed network resources of a computer systerm |
US7948952B2 (en) | 2004-06-28 | 2011-05-24 | Nokia Corporation | Controlling services in a packet data network |
US20060036733A1 (en) | 2004-07-09 | 2006-02-16 | Toshiba America Research, Inc. | Dynamic host configuration and network access authentication |
CN1725702A (en) | 2004-07-20 | 2006-01-25 | 联想网御科技(北京)有限公司 | Network safety equipment and assemblied system and method for implementing high availability |
US20060023721A1 (en) * | 2004-07-29 | 2006-02-02 | Ntt Docomo, Inc. | Server device, method for controlling a server device, and method for establishing a connection using the server device |
US20060036610A1 (en) | 2004-08-13 | 2006-02-16 | Reallusion Inc. | File conversion and sharing system and the method of the same |
US7423977B1 (en) | 2004-08-23 | 2008-09-09 | Foundry Networks Inc. | Smoothing algorithm for round trip time (RTT) measurements |
US20060069804A1 (en) * | 2004-08-25 | 2006-03-30 | Ntt Docomo, Inc. | Server device, client device, and process execution method |
US20060077926A1 (en) | 2004-10-08 | 2006-04-13 | Telefonaktiebolaget Lm Ericsson (Publ) | Home network-assisted selection of intermediary network for a roaming mobile terminal |
US20060092950A1 (en) | 2004-10-28 | 2006-05-04 | Cisco Technology, Inc. | Architecture and method having redundancy in active/active stateful devices based on symmetric global load balancing protocol (sGLBP) |
US20060098645A1 (en) | 2004-11-09 | 2006-05-11 | Lev Walkin | System and method for providing client identifying information to a server |
US20060168319A1 (en) | 2004-11-18 | 2006-07-27 | Nokia Corporation | Systems and methods for multipoint service invocation |
US20060164978A1 (en) | 2005-01-21 | 2006-07-27 | At&T Corp. | Methods, systems, and devices for determining COS level |
US20060230129A1 (en) * | 2005-02-04 | 2006-10-12 | Nokia Corporation | Apparatus, method and computer program product to reduce TCP flooding attacks while conserving wireless network bandwidth |
US7613193B2 (en) * | 2005-02-04 | 2009-11-03 | Nokia Corporation | Apparatus, method and computer program product to reduce TCP flooding attacks while conserving wireless network bandwidth |
US20060190997A1 (en) | 2005-02-22 | 2006-08-24 | Mahajani Amol V | Method and system for transparent in-line protection of an electronic communications network |
US20060187901A1 (en) | 2005-02-23 | 2006-08-24 | Lucent Technologies Inc. | Concurrent dual-state proxy server, method of providing a proxy and SIP network employing the same |
US20060209789A1 (en) | 2005-03-04 | 2006-09-21 | Sun Microsystems, Inc. | Method and apparatus for reducing bandwidth usage in secure transactions |
CN101189598A (en) | 2005-03-09 | 2008-05-28 | 泰克迪亚科技公司 | Method, apparatus and system for a location-based uniform resource locator |
WO2006098033A1 (en) | 2005-03-17 | 2006-09-21 | Fujitsu Limited | Load-distributing communication device and load-distribution managing device |
US20100054139A1 (en) | 2005-03-29 | 2010-03-04 | Lg Electronics Inc. | Method and apparatus of controlling transmission of data block |
US20060233100A1 (en) | 2005-04-13 | 2006-10-19 | Luft Siegfried J | Application aware traffic shaping service node positioned between the access and core networks |
US7990847B1 (en) | 2005-04-15 | 2011-08-02 | Cisco Technology, Inc. | Method and system for managing servers in a server cluster |
US20060251057A1 (en) | 2005-05-06 | 2006-11-09 | Sung-Bok Kwon | Name service system and method thereof |
US7826487B1 (en) * | 2005-05-09 | 2010-11-02 | F5 Network, Inc | Coalescing acknowledgement responses to improve network communications |
JP2006332825A (en) | 2005-05-24 | 2006-12-07 | Fujitsu Ltd | Program, method, and device for dispersing load |
US20090106830A1 (en) | 2005-06-03 | 2009-04-23 | Thomas Maher | Secure Network Communication System and Method |
US20060277303A1 (en) | 2005-06-06 | 2006-12-07 | Nikhil Hegde | Method to improve response time when clients use network services |
US20060280121A1 (en) * | 2005-06-13 | 2006-12-14 | Fujitsu Limited | Frame-transfer control device, DoS-attack preventing device, and DoS-attack preventing system |
US20070156919A1 (en) | 2005-06-21 | 2007-07-05 | Sunil Potti | Enforcing network service level agreements in a network element |
JP2009500731A (en) | 2005-06-29 | 2009-01-08 | ビザ ユー.エス.エー. インコーポレイテッド | Gateway adapted to switch transactions and data using context-based rules over unreliable networks |
US20110047294A1 (en) | 2005-06-29 | 2011-02-24 | Visa U.S.A., Inc. | Adaptive gateway for switching transactions and data on unreliable networks using context-based rules |
US20070019543A1 (en) * | 2005-07-06 | 2007-01-25 | Fortinet, Inc. | Systems and methods for detecting and preventing flooding attacks in a network environment |
US20070022479A1 (en) | 2005-07-21 | 2007-01-25 | Somsubhra Sikdar | Network interface and firewall device |
US20090070470A1 (en) | 2005-08-03 | 2009-03-12 | International Business Machines Corporation | Priority Based LDAP Service Publication Mechanism |
US20070076653A1 (en) | 2005-09-19 | 2007-04-05 | Park Vincent D | Packet routing in a wireless communications environment |
EP1770915A1 (en) | 2005-09-29 | 2007-04-04 | Matsushita Electric Industrial Co., Ltd. | Policy control in the evolved system architecture |
US20070086382A1 (en) | 2005-10-17 | 2007-04-19 | Vidya Narayanan | Methods of network access configuration in an IP network |
US20070094396A1 (en) | 2005-10-20 | 2007-04-26 | Hitachi, Ltd. | Server pool management method |
US7983258B1 (en) | 2005-11-09 | 2011-07-19 | Juniper Networks, Inc. | Dynamic virtual local area network (VLAN) interface configuration |
US20070118881A1 (en) | 2005-11-18 | 2007-05-24 | Julian Mitchell | Application control at a policy server |
US20070124502A1 (en) | 2005-11-28 | 2007-05-31 | Huawei Technologies Co., Ltd. | Script language based network device configuration management system and method |
US20070165622A1 (en) | 2006-01-17 | 2007-07-19 | Cisco Technology, Inc. | Techniques for load balancing over a cluster of subscriber-aware application servers |
CN101004740A (en) | 2006-01-18 | 2007-07-25 | 腾讯科技(深圳)有限公司 | Method and system for reading information at network resource site, and searching engine |
US20070180119A1 (en) | 2006-01-31 | 2007-08-02 | Roundbox, Inc. | Reliable event broadcaster with multiplexing and bandwidth control functions |
US20070185998A1 (en) | 2006-02-06 | 2007-08-09 | Cisco Technology, Inc. | Supporting options in a communication session using a TCP cookie |
US7610622B2 (en) * | 2006-02-06 | 2009-10-27 | Cisco Technology, Inc. | Supporting options in a communication session using a TCP cookie |
US8116312B2 (en) | 2006-02-08 | 2012-02-14 | Solarflare Communications, Inc. | Method and apparatus for multicast packet reception |
US20070195792A1 (en) * | 2006-02-21 | 2007-08-23 | A10 Networks Inc. | System and method for an adaptive TCP SYN cookie with time validation |
USRE44701E1 (en) * | 2006-02-21 | 2014-01-14 | A10 Networks, Inc. | System and method for an adaptive TCP SYN cookie with time validation |
US7675854B2 (en) * | 2006-02-21 | 2010-03-09 | A10 Networks, Inc. | System and method for an adaptive TCP SYN cookie with time validation |
US7808994B1 (en) | 2006-02-22 | 2010-10-05 | Juniper Networks, Inc. | Forwarding traffic to VLAN interfaces built based on subscriber information strings |
US7492766B2 (en) | 2006-02-22 | 2009-02-17 | Juniper Networks, Inc. | Dynamic building of VLAN interfaces based on subscriber information strings |
US20070245090A1 (en) | 2006-03-24 | 2007-10-18 | Chris King | Methods and Systems for Caching Content at Multiple Levels |
US20070230337A1 (en) | 2006-03-30 | 2007-10-04 | Ntt Docomo, Inc. | Communication terminal and retransmission control method |
US20070242738A1 (en) | 2006-04-14 | 2007-10-18 | Park Vincent D | Providing quality of service for various traffic flows in a communications environment |
US20070243879A1 (en) | 2006-04-14 | 2007-10-18 | Park Vincent D | Methods and apparatus for supporting quality of service in communication systems |
US8539075B2 (en) | 2006-04-21 | 2013-09-17 | International Business Machines Corporation | On-demand global server load balancing system and method of use |
US20070248009A1 (en) | 2006-04-24 | 2007-10-25 | Petersen Brian A | Distributed congestion avoidance in a network switching system |
US20070259673A1 (en) | 2006-05-04 | 2007-11-08 | Telefonaktiebolaget Lm Ericsson (Publ) | Inactivity monitoring for different traffic or service classifications |
US20080120129A1 (en) | 2006-05-13 | 2008-05-22 | Michael Seubert | Consistent set of interfaces derived from a business object model |
KR100830413B1 (en) | 2006-05-25 | 2008-05-20 | (주)씨디네트웍스 | Server connection system and load balancing network system |
US20070283429A1 (en) | 2006-05-30 | 2007-12-06 | A10 Networks Inc. | Sequence number based TCP session proxy |
US20070286077A1 (en) | 2006-06-07 | 2007-12-13 | Nokia Corporation | Communication system |
US20070288247A1 (en) | 2006-06-11 | 2007-12-13 | Michael Mackay | Digital life server |
US20070294209A1 (en) | 2006-06-20 | 2007-12-20 | Lyle Strub | Communication network application activity monitoring and control |
US20090313379A1 (en) | 2006-07-03 | 2009-12-17 | Telefonaktiebolaget L M Ericsson (Publ) | Topology Hiding Of Mobile Agents |
US20080016161A1 (en) | 2006-07-14 | 2008-01-17 | George Tsirtsis | Methods and apparatus for using electronic envelopes to configure parameters |
US7970934B1 (en) | 2006-07-31 | 2011-06-28 | Google Inc. | Detecting events of interest |
EP1885096A1 (en) | 2006-08-01 | 2008-02-06 | Alcatel Lucent | Application session border element |
JP2008040718A (en) | 2006-08-04 | 2008-02-21 | Nippon Telegr & Teleph Corp <Ntt> | Load distribution control device and method |
US20080031263A1 (en) | 2006-08-07 | 2008-02-07 | Cisco Technology, Inc. | Method and apparatus for load balancing over virtual network links |
CN101495993A (en) | 2006-08-08 | 2009-07-29 | 瑞科网信科技有限公司 | System and method for distributed multi-processing security gateway |
US7965727B2 (en) | 2006-09-14 | 2011-06-21 | Fujitsu Limited | Broadcast distributing system and broadcast distributing method |
US20160036778A1 (en) | 2006-10-17 | 2016-02-04 | A10 Networks, Inc. | Applying a packet routing policy to an application session |
US8312507B2 (en) | 2006-10-17 | 2012-11-13 | A10 Networks, Inc. | System and method to apply network traffic policy to an application session |
US20160105446A1 (en) | 2006-10-17 | 2016-04-14 | A10 Networks, Inc. | Applying forwarding policy to an application session |
US9356910B2 (en) | 2006-10-17 | 2016-05-31 | A10 Networks, Inc. | Applying a packet routing policy to an application session |
US20100217819A1 (en) | 2006-10-17 | 2010-08-26 | A10 Networks, Inc. | System and Method to Associate a Private User Identity with a Public User Identity |
US8584199B1 (en) | 2006-10-17 | 2013-11-12 | A10 Networks, Inc. | System and method to apply a packet routing policy to an application session |
US8595791B1 (en) | 2006-10-17 | 2013-11-26 | A10 Networks, Inc. | System and method to apply network traffic policy to an application session |
US9270705B1 (en) | 2006-10-17 | 2016-02-23 | A10 Networks, Inc. | Applying security policy to an application session |
US20160050233A1 (en) | 2006-10-17 | 2016-02-18 | A10 Networks, Inc. | Applying security policy to an application session |
US20160105395A1 (en) | 2006-10-17 | 2016-04-14 | A10 Networks, Inc. | Applying a Packet Routing Policy to an Application Session |
US9350744B2 (en) | 2006-10-17 | 2016-05-24 | A10 Networks, Inc. | Applying forwarding policy to an application session |
US8826372B1 (en) | 2006-10-17 | 2014-09-02 | A10 Networks, Inc. | Applying a packet routing policy to an application session |
US9253152B1 (en) | 2006-10-17 | 2016-02-02 | A10 Networks, Inc. | Applying a packet routing policy to an application session |
CN102123156A (en) | 2006-10-17 | 2011-07-13 | 瑞科网信科技有限公司 | System and method to associate a private user identity with a public user identity |
US8813180B1 (en) | 2006-10-17 | 2014-08-19 | A10 Networks, Inc. | Applying network traffic policy to an application session |
US9219751B1 (en) | 2006-10-17 | 2015-12-22 | A10 Networks, Inc. | System and method to apply forwarding policy to an application session |
US20100235880A1 (en) | 2006-10-17 | 2010-09-16 | A10 Networks, Inc. | System and Method to Apply Network Traffic Policy to an Application Session |
US20160119382A1 (en) | 2006-10-17 | 2016-04-28 | A10 Networks, Inc. | Applying Security Policy to an Application Session |
US20080101396A1 (en) | 2006-10-31 | 2008-05-01 | Hiroaki Miyata | Packet forwarding apparatus having gateway load distribution function |
US20100061319A1 (en) | 2006-11-01 | 2010-03-11 | Panasonic Corporation | Communication control method, communication system, home agent allocation server, and mobile node |
WO2008053954A1 (en) | 2006-11-01 | 2008-05-08 | Panasonic Corporation | Communication control method, communication system, home agent allocation server, and mobile node |
US20080109870A1 (en) | 2006-11-08 | 2008-05-08 | Kieran Gerard Sherlock | Identities Correlation Infrastructure for Passive Network Monitoring |
CN101193089A (en) | 2006-11-20 | 2008-06-04 | 阿里巴巴公司 | Stateful session system and its realization method |
CN101094225A (en) | 2006-11-24 | 2007-12-26 | 中兴通讯股份有限公司 | Network, system and method of differentiated security service |
US20080134332A1 (en) | 2006-12-04 | 2008-06-05 | Susann Marie Keohane | Method and apparatus for reduced redundant security screening |
WO2008078593A1 (en) | 2006-12-22 | 2008-07-03 | International Business Machines Corporation | Message hub, program, and method |
US20080162679A1 (en) | 2006-12-29 | 2008-07-03 | Ebay Inc. | Alerting as to denial of service attacks |
US20080298303A1 (en) | 2007-01-22 | 2008-12-04 | Qualcomm Incorporated | Multi-link support for network based mobility management systems |
CN101682532A (en) | 2007-01-26 | 2010-03-24 | 蔚蓝公司 | Multiple network access system and method |
US8379515B1 (en) | 2007-02-01 | 2013-02-19 | F5 Networks, Inc. | TCP throughput control by imposing temporal delay |
US8681610B1 (en) | 2007-02-01 | 2014-03-25 | F5 Networks, Inc. | TCP throughput control by imposing temporal delay |
US20080225722A1 (en) | 2007-03-12 | 2008-09-18 | Prakash Khemani | Systems and methods for configuring policy bank invocations |
US20100095018A1 (en) | 2007-03-12 | 2010-04-15 | Prakash Khemani | Systems and methods for configuring policy bank invocations |
US20100064008A1 (en) | 2007-03-13 | 2010-03-11 | Huawei Technologies Co., Ltd. | Peer-to-peer network system, proxy service peer, and method for peer interworking between overlay networks |
US20080250099A1 (en) | 2007-04-06 | 2008-10-09 | Jinmei Shen | On-Demand Propagation of Routing Information in Distributed Computing System |
US20080253390A1 (en) | 2007-04-16 | 2008-10-16 | Kamala Prasad Das | Method and apparatus for priority services management |
US20080263209A1 (en) | 2007-04-20 | 2008-10-23 | Array Networks, Inc. | Active-active operation for a cluster of SSL virtual private network (VPN) devices with load distribution |
US20080271130A1 (en) | 2007-04-30 | 2008-10-30 | Shankar Ramamoorthy | Minimizing client-side inconsistencies in a distributed virtual file system |
US20080282254A1 (en) | 2007-05-09 | 2008-11-13 | Radware, Ltd. | Geographic Resiliency and Load Balancing for SIP Application Services |
US20080291911A1 (en) | 2007-05-21 | 2008-11-27 | Ist International, Inc. | Method and apparatus for setting a TCP retransmission timer |
US8191106B2 (en) | 2007-06-07 | 2012-05-29 | Alcatel Lucent | System and method of network access security policy management for multimodal device |
US20100223630A1 (en) | 2007-06-26 | 2010-09-02 | Sap Ag | System and method for switching between stateful and stateless communication modes |
US20090024722A1 (en) | 2007-07-17 | 2009-01-22 | International Business Machines Corporation | Proxying availability indications in a failover configuration |
US20090031415A1 (en) | 2007-07-26 | 2009-01-29 | International Business Machines Corporation | Dynamic Network Tunnel Endpoint Selection |
US8261339B2 (en) | 2007-07-26 | 2012-09-04 | International Business Machines Corporation | Dynamic network tunnel endpoint selection |
US20110083174A1 (en) | 2007-07-26 | 2011-04-07 | International Business Machines Corporation | Dynamic Network Tunnel Endpoint Selection |
US7992201B2 (en) | 2007-07-26 | 2011-08-02 | International Business Machines Corporation | Dynamic network tunnel endpoint selection |
US20090049198A1 (en) | 2007-08-14 | 2009-02-19 | Microsoft Corporation | Validating change of name server |
US20090092124A1 (en) | 2007-10-03 | 2009-04-09 | Microsoft Corporation | Network routing of endpoints to content based on content swarms |
US8081640B2 (en) | 2007-10-24 | 2011-12-20 | Hitachi, Ltd. | Network system, network management server, and access filter reconfiguration method |
US20100265824A1 (en) | 2007-11-09 | 2010-10-21 | Blade Network Technologies, Inc | Session-less Load Balancing of Client Traffic Across Servers in a Server Group |
CN101163336A (en) | 2007-11-15 | 2008-04-16 | 中兴通讯股份有限公司 | Method of implementing mobile phone terminal access authority authentication |
CN101169785A (en) | 2007-11-21 | 2008-04-30 | 浪潮电子信息产业股份有限公司 | Clustered database system dynamic loading balancing method |
CN101442425A (en) | 2007-11-22 | 2009-05-27 | 华为技术有限公司 | Gateway management method, address distribution method and apparatus, system |
US20100333101A1 (en) | 2007-11-29 | 2010-12-30 | Solarflare Communications Inc. | Virtualised receive side scaling |
CN101878663A (en) | 2007-11-29 | 2010-11-03 | 瑞科网信科技有限公司 | System and method for distributed multi-processing security gateway |
US20090141634A1 (en) | 2007-12-04 | 2009-06-04 | Jesse Abraham Rothstein | Adaptive Network Traffic Classification Using Historical Context |
US20090164614A1 (en) | 2007-12-20 | 2009-06-25 | Christian Michael F | Dns wildcard beaconing to determine client location and resolver load for global traffic load balancing |
US20090172093A1 (en) | 2007-12-26 | 2009-07-02 | International Business Machines Corporation | Technique For Previously Providing Estimate of Time Required For Processing |
US20090213858A1 (en) | 2008-02-27 | 2009-08-27 | Alcatel Lucent | Application-aware MPLS tunnel selection |
US20090222583A1 (en) | 2008-03-03 | 2009-09-03 | Microsoft Corporation | Client-side load balancing |
US20090228547A1 (en) | 2008-03-04 | 2009-09-10 | Kddi Corporation | Server apparatus and communication system |
US20090227228A1 (en) | 2008-03-07 | 2009-09-10 | Hu Q James | Enhanced policy capabilities for mobile data services |
CN101247349A (en) | 2008-03-13 | 2008-08-20 | 华耀环宇科技(北京)有限公司 | Network flux fast distribution method |
US20110023071A1 (en) | 2008-03-28 | 2011-01-27 | Huawei Technologies Co., Ltd. | Method, System, and Apparatus for Creating Content-on-Demand Service |
US8151019B1 (en) | 2008-04-22 | 2012-04-03 | Lockheed Martin Corporation | Adaptive network traffic shaper |
US20090271472A1 (en) | 2008-04-28 | 2009-10-29 | Scheifler Robert W | System and Method for Programmatic Management of Distributed Computing Resources |
CN101261644A (en) | 2008-04-30 | 2008-09-10 | 杭州华三通信技术有限公司 | Method and device for accessing united resource positioning symbol database |
US20110007652A1 (en) | 2008-05-09 | 2011-01-13 | Huawei Technologies Co., Ltd. | Method and device for path switchover |
US20090285196A1 (en) | 2008-05-15 | 2009-11-19 | Cellco Partnership D/B/A Verizon Wireless | Scheduling with quality of service support in wireless system |
US20110060831A1 (en) | 2008-06-12 | 2011-03-10 | Tomoki Ishii | Network monitoring device, bus system monitoring device, method and program |
US20100008229A1 (en) | 2008-07-11 | 2010-01-14 | Qi Bi | Method and system for joint reverse link access and traffic channel radio frequency overload control |
EP2296313A1 (en) | 2008-07-16 | 2011-03-16 | Huawei Technologies Co., Ltd. | Control method and device for wireless multi-hopping network congestion |
US20100023621A1 (en) | 2008-07-24 | 2010-01-28 | Netapp, Inc. | Load-derived probability-based domain name service in a network storage cluster |
US20100036952A1 (en) | 2008-08-11 | 2010-02-11 | International Business Machines Corporation | Load balancing using replication delay |
US20130074177A1 (en) | 2008-08-14 | 2013-03-21 | Juniper Networks, Inc. | Routing device having integrated mpls-aware firewall |
US20100042869A1 (en) | 2008-08-18 | 2010-02-18 | F5 Networks, Inc. | Upgrading network traffic management devices while maintaining availability |
US20100083076A1 (en) | 2008-09-26 | 2010-04-01 | Brother Kogyo Kabushiki Kaisha | Terminal device, time adjusting method of terminal device and communication system |
US20110178985A1 (en) | 2008-10-03 | 2011-07-21 | Marta San Martin Arribas | Master monitoring mechanism for a geographical distributed database |
US20100094985A1 (en) | 2008-10-14 | 2010-04-15 | Mamoun Abu-Samaha | Http push to simulate server-initiated sessions |
US20100106833A1 (en) | 2008-10-23 | 2010-04-29 | International Business Machines Corporation | Dynamic expiration of domain name service entries |
US20100106854A1 (en) | 2008-10-29 | 2010-04-29 | Hostway Corporation | System and method for controlling non-existing domain traffic |
US8122116B2 (en) | 2008-10-31 | 2012-02-21 | Hitachi, Ltd. | Storage management method and management server |
US20100268814A1 (en) | 2008-11-19 | 2010-10-21 | Seachange International, Inc. | Intercept Device for Providing Content |
US20130046876A1 (en) | 2008-11-25 | 2013-02-21 | Raghav Somanahalli Narayana | Systems and methods for gslb site persistence |
US20100128606A1 (en) | 2008-11-26 | 2010-05-27 | Patel Rahul G | First-hop domain reliability measurement and load balancing in a computer network |
US20100162378A1 (en) | 2008-12-18 | 2010-06-24 | Thusitha Jayawardena | Methods and apparatus to enhance security in residential networks |
US20100205310A1 (en) | 2009-02-12 | 2010-08-12 | Yaniv Altshuler | System and method for dynamically optimizing tcp window size |
US20100210265A1 (en) | 2009-02-17 | 2010-08-19 | Nokia Corporation | Method and apparatus for providing shared services |
US20100217793A1 (en) | 2009-02-23 | 2010-08-26 | Research In Motion Limited | Method, system and apparatus for connecting a plurality of client machines to a plurality of servers |
US20100228819A1 (en) | 2009-03-05 | 2010-09-09 | Yottaa Inc | System and method for performance acceleration, data protection, disaster recovery and on-demand scaling of computer applications |
US20100235522A1 (en) | 2009-03-11 | 2010-09-16 | Juniper Networks Inc. | Session-cache-based http acceleration |
US20100238828A1 (en) | 2009-03-23 | 2010-09-23 | Corvil Limited | System and method for estimation of round trip times within a tcp based data network |
US8296434B1 (en) | 2009-05-28 | 2012-10-23 | Amazon Technologies, Inc. | Providing dynamically scaling computing load balancing |
US20110292939A1 (en) | 2009-05-28 | 2011-12-01 | Krishnamurthy Subramaian | Method & apparatus for forwarding table reduction |
US20100312740A1 (en) | 2009-06-09 | 2010-12-09 | Clemm L Alexander | Tracking policy decisions in a network |
US20120106355A1 (en) | 2009-06-10 | 2012-05-03 | Telefonaktiebolaget L M Ericsson (Publ) | Performance Monitoring in a Communication Network |
US20100318631A1 (en) | 2009-06-12 | 2010-12-16 | Yahoo! Inc. | User Location Dependent DNS Lookup |
US20100322252A1 (en) | 2009-06-22 | 2010-12-23 | Josephine Suganthi | Systems and methods for handling a multi-connection protocol between a client and server traversing a multi-core system |
US20100330971A1 (en) | 2009-06-26 | 2010-12-30 | Oracle International Corporation | System and method for providing a production upgrade of components within a multiprotocol gateway |
US9137301B1 (en) | 2009-06-30 | 2015-09-15 | Amazon Technologies, Inc. | Client based opportunistic routing |
US20110040826A1 (en) | 2009-08-13 | 2011-02-17 | Sap Ag | Transparently stateful execution of stateless applications |
US20110093522A1 (en) | 2009-10-21 | 2011-04-21 | A10 Networks, Inc. | Method and System to Determine an Application Delivery Server Based on Geo-Location Information |
CN102577252A (en) | 2009-10-21 | 2012-07-11 | 瑞科网信科技有限公司 | Method and system to determine an application delivery server based on geo-location information |
WO2011049770A2 (en) | 2009-10-21 | 2011-04-28 | A10 Networks Inc. | Method and system to determine an application delivery server based on geo-location information |
US20120023231A1 (en) | 2009-10-23 | 2012-01-26 | Nec Corporation | Network system, control method for the same, and controller |
US20110099403A1 (en) | 2009-10-26 | 2011-04-28 | Hitachi, Ltd. | Server management apparatus and server management method |
US20110099623A1 (en) | 2009-10-28 | 2011-04-28 | Garrard Kenneth W | System and method for providing unified transport and security protocols |
US20110110294A1 (en) | 2009-11-06 | 2011-05-12 | Vamsidhar Valluri | VIRTUAL CARE-OF ADDRESS FOR MOBILE IP (Internet Protocol) |
US20110185073A1 (en) | 2009-11-25 | 2011-07-28 | Ashok Kumar Jagadeeswaran | Systems and methods for client ip address insertion via tcp options |
US20110145324A1 (en) | 2009-12-16 | 2011-06-16 | Quantum Corporation | Reducing messaging in a client-server system |
US20110153834A1 (en) | 2009-12-17 | 2011-06-23 | Sonus Networks, Inc. | Transparent Recovery of Transport Connections Using Packet Translation Techniques |
US20120297046A1 (en) | 2009-12-23 | 2012-11-22 | Murali Raja | Systems and methods for gslb spillover |
US20110149879A1 (en) | 2009-12-23 | 2011-06-23 | At&T Mobility Ii Llc | Chromatic scheduler for network traffic with disparate service requirements |
US8224971B1 (en) | 2009-12-28 | 2012-07-17 | Amazon Technologies, Inc. | Using virtual networking devices and routing information to initiate external actions |
US7991859B1 (en) | 2009-12-28 | 2011-08-02 | Amazon Technologies, Inc. | Using virtual networking devices to connect managed computer networks |
US20120290727A1 (en) | 2009-12-31 | 2012-11-15 | Bce Inc. | Method and system for increasing performance of transmission control protocol sessions in data networks |
WO2011079381A1 (en) | 2009-12-31 | 2011-07-07 | Bce Inc. | Method and system for increasing performance of transmission control protocol sessions in data networks |
US20110191773A1 (en) | 2010-02-01 | 2011-08-04 | Computer Associates Think, Inc. | System and Method for Datacenter Power Management |
US20110196971A1 (en) | 2010-02-10 | 2011-08-11 | Praveenkumar Reguraman | Application session control using packet inspection |
US20120008495A1 (en) | 2010-02-25 | 2012-01-12 | The Trustees Of Columbia University In The City Of New York | Methods And Systems For Controlling SIP Overload |
US20110276982A1 (en) | 2010-05-06 | 2011-11-10 | Hitachi, Ltd. | Load Balancer and Load Balancing System |
US20110276695A1 (en) | 2010-05-06 | 2011-11-10 | Juliano Maldaner | Continuous upgrading of computers in a load balanced environment |
US8499093B2 (en) | 2010-05-14 | 2013-07-30 | Extreme Networks, Inc. | Methods, systems, and computer readable media for stateless load balancing of network traffic flows |
US20110289496A1 (en) | 2010-05-18 | 2011-11-24 | North End Technologies, Inc. | Method & apparatus for load balancing software update across a plurality of publish/subscribe capable client devices |
CN102918801A (en) | 2010-05-27 | 2013-02-06 | 瑞科网信科技有限公司 | System and method to apply network traffic policy to an application session |
WO2011149796A2 (en) | 2010-05-27 | 2011-12-01 | A10 Networks Inc. | System and method to apply network traffic policy to an application session |
EP2577910A2 (en) | 2010-05-27 | 2013-04-10 | A10 Networks Inc. | System and method to apply network traffic policy to an application session |
JP2013528330A (en) | 2010-05-27 | 2013-07-08 | エイ10 ネットワークス インコーポレイテッド | System and method for applying a network traffic policy to an application session |
US20110302256A1 (en) | 2010-06-07 | 2011-12-08 | Salesforce.Com, Inc. | Methods and systems for providing customized domain messages |
US20110307541A1 (en) | 2010-06-10 | 2011-12-15 | Microsoft Corporation | Server load balancing and draining in enhanced communication systems |
US20130058335A1 (en) | 2010-07-06 | 2013-03-07 | Teemu Koponen | Packet processing for logical datapath sets |
US8750164B2 (en) | 2010-07-06 | 2014-06-10 | Nicira, Inc. | Hierarchical managed switch architecture |
US20120030341A1 (en) | 2010-07-28 | 2012-02-02 | International Business Machines Corporation | Transparent Header Modification for Reducing Serving Load Based on Current and Projected Usage |
US20120026897A1 (en) | 2010-07-29 | 2012-02-02 | Cisco Technology, Inc., A Corporation Of California | Packet Switching Device Using Results Determined by an Application Node |
US8675488B1 (en) | 2010-09-07 | 2014-03-18 | Juniper Networks, Inc. | Subscriber-based network traffic management |
US20120066371A1 (en) | 2010-09-10 | 2012-03-15 | Cisco Technology, Inc. | Server Load Balancer Scaling for Virtual Servers |
US20160088074A1 (en) | 2010-09-30 | 2016-03-24 | A10 Networks, Inc. | System and Method to Balance Servers Based on Server Load Status |
CN102571742A (en) | 2010-09-30 | 2012-07-11 | 瑞科网信科技有限公司 | System and method to balance servers based on server load status |
US20120084419A1 (en) | 2010-09-30 | 2012-04-05 | A10 Networks, Inc. | System and method to balance servers based on server load status |
US9215275B2 (en) | 2010-09-30 | 2015-12-15 | A10 Networks, Inc. | System and method to balance servers based on server load status |
WO2012050747A2 (en) | 2010-09-30 | 2012-04-19 | A10 Networks Inc. | System and method to balance servers based on server load status |
JP5855663B2 (en) | 2010-09-30 | 2016-02-09 | エイ10 ネットワークス インコーポレイテッドA10 Networks, Inc. | System and method for balancing servers based on server load conditions |
EP2622795A2 (en) | 2010-09-30 | 2013-08-07 | A10 Networks Inc. | System and method to balance servers based on server load status |
US20120084460A1 (en) | 2010-10-04 | 2012-04-05 | Openwave Systems Inc. | Method and system for dynamic traffic steering |
US20120117571A1 (en) | 2010-11-05 | 2012-05-10 | Adam Davis | Load balancer and firewall self-provisioning system |
US20120144014A1 (en) | 2010-12-01 | 2012-06-07 | Cisco Technology, Inc. | Directing data flows in data centers with clustering services |
CN102546590A (en) | 2010-12-02 | 2012-07-04 | 瑞科网信科技有限公司 | System and method for distributing application traffic to servers based on dynamic service response time |
WO2012075237A2 (en) | 2010-12-02 | 2012-06-07 | A10 Networks Inc. | System and method to distribute application traffic to servers based on dynamic service response time |
US20120144015A1 (en) | 2010-12-02 | 2012-06-07 | A10 Networks, Inc. | System and Method for Distributing Application Traffic to Servers Based on Dynamic Service Response Time |
EP2647174A2 (en) | 2010-12-02 | 2013-10-09 | A10 Networks Inc. | System and method to distribute application traffic to servers based on dynamic service response time |
US20130258846A1 (en) | 2010-12-07 | 2013-10-03 | Telefonaktiebolaget L M Ericsson (Publ) | Method for Enabling Traffic Acceleration in a Mobile Telecommunication Network |
US20120151353A1 (en) | 2010-12-09 | 2012-06-14 | Verizon Patent And Licensing Inc. | Server ip addressing in a computing-on-demand system |
US8965957B2 (en) | 2010-12-15 | 2015-02-24 | Sap Se | Service delivery framework |
WO2012083264A2 (en) | 2010-12-17 | 2012-06-21 | Microsoft Corporation | Synchronizing state among load balancer components |
JP2014504484A (en) | 2010-12-17 | 2014-02-20 | マイクロソフト コーポレーション | State synchronization between load balancer components |
US20120173759A1 (en) | 2010-12-29 | 2012-07-05 | Mugdha Agarwal | Systems and Methods for Policy Based Integration to Horizontally Deployed WAN Optimization Appliances |
US20120170548A1 (en) | 2011-01-04 | 2012-07-05 | Cisco Technology, Inc. | Distributed load management on network devices |
US8266235B2 (en) | 2011-01-11 | 2012-09-11 | A10 Networks, Inc. | Virtual application delivery chassis system |
WO2012097015A2 (en) | 2011-01-11 | 2012-07-19 | A10 Networks Inc. | Virtual application delivery chassis system |
US20120179770A1 (en) | 2011-01-11 | 2012-07-12 | A10 Networks, Inc. | Virtual application delivery chassis system |
US20120215910A1 (en) | 2011-02-18 | 2012-08-23 | Canon Kabushiki Kaisha | Web service system, server management apparatus, and web service providing method |
US20120239792A1 (en) | 2011-03-15 | 2012-09-20 | Subrata Banerjee | Placement of a cloud service using network topology and infrastructure performance |
CN102143075A (en) | 2011-03-28 | 2011-08-03 | 中国人民解放军国防科学技术大学 | Method and system for achieving load balance |
KR20120117461A (en) | 2011-04-15 | 2012-10-24 | 서강대학교산학협력단 | Method and system of controlling data transfer rate for downward vertical handover in overlayed network environment |
US20130148500A1 (en) | 2011-04-18 | 2013-06-13 | Kentaro Sonoda | Terminal, control device, communication method, communication system, communication module, program, and information processing device |
US9154577B2 (en) | 2011-06-06 | 2015-10-06 | A10 Networks, Inc. | Sychronization of configuration file of virtual application distribution chassis |
US20120311116A1 (en) | 2011-06-06 | 2012-12-06 | A10 Networks, Inc. | Sychronization of configuration file of virtual application distribution chassis |
US20130083725A1 (en) | 2011-10-04 | 2013-04-04 | Juniper Networks, Inc. | Methods and apparatus for enforcing a common user policy within a network |
US8885463B1 (en) | 2011-10-17 | 2014-11-11 | Juniper Networks, Inc. | Path computation element communication protocol (PCEP) extensions for stateful label switched path management |
JP2015507380A (en) | 2011-10-24 | 2015-03-05 | エイ10 ネットワークス インコーポレイテッドA10 Networks, Inc. | How to combine stateless and stateful server load balancing |
JP5913609B2 (en) | 2011-10-24 | 2016-04-27 | エイ10 ネットワークス インコーポレイテッドA10 Networks, Inc. | How to combine stateless and stateful server load balancing |
US9270774B2 (en) | 2011-10-24 | 2016-02-23 | A10 Networks, Inc. | Combining stateless and stateful server load balancing |
WO2013070391A1 (en) | 2011-10-24 | 2013-05-16 | A10 Networks Inc. | Methods to combine stateless and stateful server load balancing |
HK1198565A1 (en) | 2011-10-24 | 2015-05-15 | Methods to combine stateless and stateful server load balancing | |
US20150039671A1 (en) | 2011-10-24 | 2015-02-05 | A10 Networks, Inc. | Combining stateless and stateful server load balancing |
US20160156708A1 (en) | 2011-10-24 | 2016-06-02 | A10 Networks, Inc. | Combining Stateless and Stateful Server Load Balancing |
US20130100958A1 (en) | 2011-10-24 | 2013-04-25 | A10 Networks, Inc. | Methods to combine stateless and stateful server load balancing |
US8897154B2 (en) | 2011-10-24 | 2014-11-25 | A10 Networks, Inc. | Combining stateless and stateful server load balancing |
CN104067569A (en) | 2011-10-24 | 2014-09-24 | A10网络股份有限公司 | Methods to combine stateless and stateful server load balancing |
EP2772026A1 (en) | 2011-10-24 | 2014-09-03 | A10 Networks Inc. | Methods to combine stateless and stateful server load balancing |
US20130124713A1 (en) | 2011-11-10 | 2013-05-16 | Microsoft Corporation | Pattern-based computational health and configuration monitoring |
US20140286313A1 (en) | 2011-11-23 | 2014-09-25 | Telefonaktiebolaget L M Ericsson (Publ) | Methods and arrangements for improving transmission control protocol performance in a cellular network |
US20130135996A1 (en) | 2011-11-29 | 2013-05-30 | Hughes Networks Systems, Llc | Method and system for traffic management and resource allocation on a shared access network |
US20130136139A1 (en) | 2011-11-29 | 2013-05-30 | A10 Networks, Inc. | Accelerating Service Processing Using Fast Path TCP |
WO2013081952A1 (en) | 2011-11-29 | 2013-06-06 | A10 Networks Inc. | Accelerating service processing using fast path tcp |
CN104040990A (en) | 2011-11-29 | 2014-09-10 | 瑞科网信科技有限公司 | Accelerating service processing using fast path TCP |
HK1199153A1 (en) | 2011-11-29 | 2015-06-19 | Accelerating service processing using fast path tcp tcp | |
US9386088B2 (en) | 2011-11-29 | 2016-07-05 | A10 Networks, Inc. | Accelerating service processing using fast path TCP |
CN104137491A (en) | 2011-12-23 | 2014-11-05 | 瑞科网信科技有限公司 | Methods to manage services over a service gateway |
HK1200617A1 (en) | 2011-12-23 | 2015-08-07 | A10 Networks Inc | Methods to manage services over a service gateway |
US20130166762A1 (en) | 2011-12-23 | 2013-06-27 | A10 Networks, Inc. | Methods to Manage Services over a Service Gateway |
US20150296058A1 (en) | 2011-12-23 | 2015-10-15 | A10 Networks, Inc. | Methods to Manage Services over a Service Gateway |
WO2013096019A1 (en) | 2011-12-23 | 2013-06-27 | A10 Networks Inc. | Methods to manage services over a service gateway |
US9094364B2 (en) | 2011-12-23 | 2015-07-28 | A10 Networks, Inc. | Methods to manage services over a service gateway |
US20130173795A1 (en) | 2011-12-30 | 2013-07-04 | Verisign, Inc. | DNS Package in a Partitioned Network |
US20130176854A1 (en) | 2012-01-09 | 2013-07-11 | Motorola Mobility, Inc. | Dynamic tcp layer optimization for real-time field performance |
US20130191486A1 (en) | 2012-01-24 | 2013-07-25 | Sony Corporation | Time control apparatus, time control method, and program |
WO2013112492A1 (en) | 2012-01-28 | 2013-08-01 | A10 Networks, Inc. | System and method to generate secure name records |
US20130198385A1 (en) | 2012-01-28 | 2013-08-01 | A10 Networks, Inc. | System and Method to Generate Secure Name Records |
CN104106241A (en) | 2012-01-28 | 2014-10-15 | 瑞科网信科技有限公司 | System and Method to Generate Secure Name Records |
HK1198848A1 (en) | 2012-01-28 | 2015-06-12 | System and method to generate secure name records | |
KR20130096624A (en) | 2012-02-22 | 2013-08-30 | 유대영 | Led lighting apparatus and led lighting system having the same |
US20130250765A1 (en) | 2012-03-23 | 2013-09-26 | Qualcomm Incorporated | Delay based active queue management for uplink traffic in user equipment |
US20130282791A1 (en) | 2012-04-19 | 2013-10-24 | Empire Technology Development Llc | Migration in place |
US20150215436A1 (en) | 2012-04-30 | 2015-07-30 | Brocade Communications Systems, Inc. | Techniques for protecting against denial of service attacks |
US8782221B2 (en) | 2012-07-05 | 2014-07-15 | A10 Networks, Inc. | Method to allocate buffer for TCP proxy session based on dynamic network conditions |
US20140012972A1 (en) | 2012-07-05 | 2014-01-09 | A10 Networks, Inc. | Method to Allocate Buffer for TCP Proxy Session Based on Dynamic Network Conditions |
CN103533018A (en) | 2012-07-05 | 2014-01-22 | A10网络股份有限公司 | Method to allocate buffer for TCP proxy session based on dynamic network conditions |
US20160014052A1 (en) | 2012-07-05 | 2016-01-14 | A10 Networks, Inc. | Allocating buffer for tcp proxy session based on dynamic network conditions |
US9154584B1 (en) | 2012-07-05 | 2015-10-06 | A10 Networks, Inc. | Allocating buffer for TCP proxy session based on dynamic network conditions |
US8977749B1 (en) | 2012-07-05 | 2015-03-10 | A10 Networks, Inc. | Allocating buffer for TCP proxy session based on dynamic network conditions |
US20150237173A1 (en) | 2012-08-23 | 2015-08-20 | Telefonaktiebolaget L M Ericsson (Publ) | TCP Proxy Server |
WO2014031046A1 (en) | 2012-08-23 | 2014-02-27 | Telefonaktiebolaget L M Ericsson (Publ) | Tcp proxy server |
US20160042014A1 (en) | 2012-09-25 | 2016-02-11 | A10 Networks, Inc. | Distributed database in software driven networks |
EP2901308A2 (en) | 2012-09-25 | 2015-08-05 | A10 Networks Inc. | Load distribution in data networks |
WO2014052099A2 (en) | 2012-09-25 | 2014-04-03 | A10 Networks, Inc. | Load distribution in data networks |
US20140089500A1 (en) | 2012-09-25 | 2014-03-27 | Swaminathan Sankar | Load distribution in data networks |
US20160043901A1 (en) | 2012-09-25 | 2016-02-11 | A10 Networks, Inc. | Graceful scaling in software driven networks |
US20160044095A1 (en) | 2012-09-25 | 2016-02-11 | A10 Networks, Inc. | Distributing service sessions |
WO2014088741A1 (en) | 2012-12-06 | 2014-06-12 | A10 Networks, Inc. | Forwarding policies on a virtual service network |
US9106561B2 (en) | 2012-12-06 | 2015-08-11 | A10 Networks, Inc. | Configuration of a virtual service network |
US20140164617A1 (en) | 2012-12-06 | 2014-06-12 | A10 Networks, Inc. | Forwarding policies on a virtual service network |
US9338225B2 (en) | 2012-12-06 | 2016-05-10 | A10 Networks, Inc. | Forwarding policies on a virtual service network |
US20140169168A1 (en) | 2012-12-06 | 2014-06-19 | A10 Networks, Inc. | Configuration of a virtual service network |
US20160173579A1 (en) | 2012-12-06 | 2016-06-16 | A10 Networks, Inc. | Forwarding Policies on a Virtual Service Network |
WO2014093829A1 (en) | 2012-12-15 | 2014-06-19 | A10 Networks, Inc. | Configuration of a virtual service network |
HK1199779A1 (en) | 2013-01-23 | 2015-07-17 | A10 Networks Inc | Reducing buffer usage for tcp proxy session based on delayed acknowledgment tcp |
JP5906263B2 (en) | 2013-01-23 | 2016-04-20 | エイ10 ネットワークス,インコーポレーテッド | Reducing buffer usage for TCP proxy sessions based on delayed acknowledgments |
US9531846B2 (en) | 2013-01-23 | 2016-12-27 | A10 Networks, Inc. | Reducing buffer usage for TCP proxy session based on delayed acknowledgement |
CN103944954A (en) | 2013-01-23 | 2014-07-23 | A10网络股份有限公司 | Reducing Buffer Usage For Tcp Proxy Session Based On Delayed Acknowledgment |
US20140207845A1 (en) | 2013-01-23 | 2014-07-24 | A10 Networks, Inc. | Reducing Buffer Usage for TCP Proxy Session Based on Delayed Acknowledgement |
KR101576585B1 (en) | 2013-01-23 | 2015-12-10 | 에이10 네트워크스, 인코포레이티드 | Reducing buffer usage for tcp proxy session based on delayed acknowledgment |
EP2760170A1 (en) | 2013-01-23 | 2014-07-30 | A10 Networks Inc. | Reducing buffer usage for TCP proxy session based on delayed acknowledgment |
JP2014143686A (en) | 2013-01-23 | 2014-08-07 | A10 Networks Inc | Reducing buffer usage for tcp proxy session based on delayed acknowledgement |
US20140258536A1 (en) | 2013-03-08 | 2014-09-11 | A10 Networks, Inc. | Application delivery controller and global server load balancer |
WO2014138483A1 (en) | 2013-03-08 | 2014-09-12 | A10 Networks, Inc. | Application delivery controller and global server load balancer |
US20140258465A1 (en) | 2013-03-11 | 2014-09-11 | Cisco Technology, Inc. | Identification of originating ip address and client port connection to a web server via a proxy server |
WO2014144837A1 (en) | 2013-03-15 | 2014-09-18 | A10 Networks, Inc. | Processing data packets using a policy based network path |
US20140269728A1 (en) | 2013-03-15 | 2014-09-18 | Rajkumar Jalan | Processing data packets using a policy based network path |
US20140298091A1 (en) | 2013-04-01 | 2014-10-02 | Nebula, Inc. | Fault Tolerance for a Distributed Computing System |
US20160014126A1 (en) | 2013-05-03 | 2016-01-14 | A10 Networks, Inc. | Facilitating a Secure 3 Party Network Session by a Network Device |
WO2014179753A2 (en) | 2013-05-03 | 2014-11-06 | A10 Networks, Inc. | Facilitating secure network traffic by an application delivery controller |
US20140330982A1 (en) | 2013-05-03 | 2014-11-06 | A10 Networks, Inc. | Facilitating secure network traffic by an application delivery controller |
US20140334485A1 (en) | 2013-05-09 | 2014-11-13 | Vmware, Inc. | Method and system for service switching using service tags |
US20140359052A1 (en) | 2013-05-28 | 2014-12-04 | Verizon Patent And Licensing Inc. | Resilient tcp splicing for proxy services |
US20150026794A1 (en) | 2013-07-18 | 2015-01-22 | Palo Alto Networks, Inc. | Packet classification for network routing |
US20150156223A1 (en) | 2013-12-02 | 2015-06-04 | Feilong Xu | Network proxy layer for policy-based application proxies |
CN104796396A (en) | 2013-12-02 | 2015-07-22 | 瑞科网信科技有限公司 | Network proxy layer for policy-based application proxies |
US20150244566A1 (en) | 2014-02-24 | 2015-08-27 | Red Hat Israel, Ltd. | Network configuration via abstraction components and standard commands |
US20150281087A1 (en) | 2014-03-25 | 2015-10-01 | A10 Networks, Inc. | Forwarding data packets using a service-based forwarding policy |
WO2015153020A1 (en) | 2014-03-31 | 2015-10-08 | A10 Networks, Inc. | Active application response delay time |
US20150281104A1 (en) | 2014-03-31 | 2015-10-01 | Ali Golshan | Active application response delay time |
US20150312092A1 (en) | 2014-04-24 | 2015-10-29 | Ali Golshan | Enabling planned upgrade/downgrade of network devices without impacting network sessions |
WO2015164026A1 (en) | 2014-04-24 | 2015-10-29 | A10 Networks, Inc. | Enabling planned upgrade/downgrade of network devices without impacting network sessions |
US20150312268A1 (en) | 2014-04-28 | 2015-10-29 | Sophos Limited | Intrusion detection using a heartbeat |
US20150333988A1 (en) | 2014-05-16 | 2015-11-19 | A10 Networks, Inc. | Distributed system to determine a server's health |
US20150350379A1 (en) | 2014-06-03 | 2015-12-03 | A10 Networks, Inc. | Programming a data network device using user defined scripts |
US20150350048A1 (en) | 2014-06-03 | 2015-12-03 | A10 Networks, Inc. | User Defined Objects for Network Devices |
US20170048356A1 (en) | 2015-08-12 | 2017-02-16 | A10 Networks, Inc. | Transmission Control of Protocol State Exchange for Dynamic Stateful Service Insertion |
US20170048107A1 (en) | 2015-08-13 | 2017-02-16 | A10 Networks, Inc. | Automated Adjustment of Subscriber Policies |
Non-Patent Citations (19)
Title |
---|
"EIGRP MPLS VPN PE-CE Site of Origin (SoO)", Cisco Systems, Feb. 28, 2006, 14 pages. |
"Enhanced Interior Gateway Routing Protocol", Cisco, Document ID 16406, Sep. 9, 2005 update, 43 pages. |
"Tcp-TCP Protocol", Linux Programmer's Manual, accessed Apr. 13, 2016 at URL: «https://www.freebsd.org/cgi/man.cgi?query=tcp&apropos=0&sektion=7&manpath=SuSE+Linux%2Fi386+11.0&format=asci», Nov. 25, 2007, 11 pages. |
"Tcp—TCP Protocol", Linux Programmer's Manual, accessed Apr. 13, 2016 at URL: «https://www.freebsd.org/cgi/man.cgi?query=tcp&apropos=0&sektion=7&manpath=SuSE+Linux%2Fi386+11.0&format=asci», Nov. 25, 2007, 11 pages. |
Abe et al., "Adaptive Split Connection Schemes in Advanced Relay Nodes," IEICE Technical Report, Feb. 22, 2010, vol. 109, No. 438, pp. 25-30. |
Cardellini et al., "Dynamic Load Balancing on Web-server Systems", IEEE Internet Computing, vol. 3, No. 3, pp. 28-39, May-Jun. 1999. |
Chen, Jianhua et al., "SSL/TLS-based Secure Tunnel Gateway System Design and Implementation", IEEE International Workshop on Anti-counterfeiting, Security, Identification, Apr. 16-18, 2007, pp. 258-261. |
Crotti, Manuel et al., "Detecting HTTP Tunnels with Statistical Mechanisms", IEEE International Conference on communications, Jun. 24-28, 2007, pp. 6162-6168. |
Gite, Vivek, "Linux Tune Network Stack (Buffers Size) To Increase Networking Performance," accessed Apr. 13, 2016 at URL: «http://www.cyberciti.biz/faq/linux-tcp-tuning/», Jul. 8, 2009, 24 pages. |
Haruyama, Takahiro et al., "Dial-to-Connect VPN System for Remote DLNA Communication", IEEE Consumer Communications and Networking Conference, CCNC 2008. 5th IEEE, Jan. 10-12, 2008, pp. 1224-1225. |
Hunt et al. NetDispatcher: A TCP Connection Router, IBM Research Report RC 20853 May 19, 1997. |
Kjaer et al. "Resource allocation and disturbance rejection in web servers using SLAs and virtualized servers", IEEE Transactions on Network and Service Management, IEEE, US, vol. 6, No. 4, Dec. 1, 2009. |
Koike et al., "Transport Middleware for Network-Based Control," IEICE Technical Report, Jun. 22, 2000, vol. 100, No. 53, pp. 13-18. |
Noguchi, "Realizing the Highest Level "Layer 7" Switch"= Totally Managing Network Resources, Applications, and Users =, Computer & Network LAN, Jan. 1, 2000, vol. 18, No. 1, p. 109-112. |
Ohnuma, "AppSwitch: 7th Layer Switch Provided with Full Setup and Report Tools", Interop Magazine, Jun. 1, 2000, vol. 10, No. 6, p. 148-150. |
Sharifian et al. "An approximation-based load-balancing algorithm with admission control for cluster web servers with dynamic workloads", The Journal of Supercomputing, Kluwer Academic Publishers, BO, vol. 53, No. 3, Jul. 3, 2009. |
Spatscheck et al., "Optimizing TCP Forwarder Performance", IEEE/ACM Transactions on Networking, vol. 8, No. 2, Apr. 2000. |
Takahashi, "The Fundamentals of the Windows Network: Understanding the Mystery of the Windows Network from the Basics", Network Magazine, Jul. 1, 2006, vol. 11, No. 7, p. 32-35. |
Yamamoto et al., "Performance Evaluation of Window Size in Proxy-based TCP for Multi-hop Wireless Networks," IPSJ SIG Technical Reports, May 15, 2008, vol. 2008, No. 44, pp. 109-114. |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
USRE49053E1 (en) * | 2006-02-21 | 2022-04-26 | A10 Networks, Inc. | System and method for an adaptive TCP SYN cookie with time validation |
Also Published As
Publication number | Publication date |
---|---|
USRE49053E1 (en) | 2022-04-26 |
US7675854B2 (en) | 2010-03-09 |
USRE44701E1 (en) | 2014-01-14 |
US20070195792A1 (en) | 2007-08-23 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
USRE49053E1 (en) | System and method for an adaptive TCP SYN cookie with time validation | |
KR100431231B1 (en) | Method and system for defeating tcp syn flooding attacks | |
Moskowitz et al. | Host identity protocol version 2 (HIPv2) | |
US7584352B2 (en) | Protection against denial of service attacks | |
JP4271451B2 (en) | Method and apparatus for fragmenting and reassembling Internet key exchange data packets | |
Bellovin | Defending against sequence number attacks | |
Moskowitz et al. | Host identity protocol | |
US8984268B2 (en) | Encrypted record transmission | |
US8418242B2 (en) | Method, system, and device for negotiating SA on IPv6 network | |
US20070283429A1 (en) | Sequence number based TCP session proxy | |
EP3208989A1 (en) | Secure shell (ssh2) protocol data collection method and device | |
US8683572B1 (en) | Method and apparatus for providing continuous user verification in a packet-based network | |
WO2010000171A1 (en) | Communication establishing method, system and device | |
EP3442195B1 (en) | Reliable and secure parsing of packets | |
US7536719B2 (en) | Method and apparatus for preventing a denial of service attack during key negotiation | |
Luo et al. | A keyed-hashing based self-synchronization mechanism for port address hopping communication | |
JP4183664B2 (en) | Authentication method, server computer, client computer, and program | |
CN110417804B (en) | Bidirectional identity authentication encryption communication method and system suitable for single-chip microcomputer implementation | |
US8364949B1 (en) | Authentication for TCP-based routing and management protocols | |
Kim et al. | Efficient design for secure multipath TCP against eavesdropper in initial handshake | |
Fung et al. | A denial-of-service resistant public-key authentication and key establishment protocol | |
EP2753043B1 (en) | Reverse authorized syn cookie | |
CN107579984B (en) | Network layer oriented secure communication link establishing method | |
CN114567450A (en) | Protocol message processing method and device | |
Bellovin | RFC1948: Defending against sequence number attacks |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AS | Assignment |
Owner name: A10 NETWORKS, INC., CALIFORNIA Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:CHEN, LEE;SZETO, RONALD WAI LUN;HWANG, SHIH-TSUNG;REEL/FRAME:038101/0358 Effective date: 20060217 |
|
MAFP | Maintenance fee payment |
Free format text: PAYMENT OF MAINTENANCE FEE, 12TH YEAR, LARGE ENTITY (ORIGINAL EVENT CODE: M1553); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY Year of fee payment: 12 |