Patent application number | Description | Published |
20090034417 | Systems and Methods for Efficiently Load Balancing Based on Least Connections - Systems and methods for load balancing services based on fewest connections by decreasing granularity of service selection as a number of fewest connections serviced by the services increases may include establishing, by an appliance, a set of identifiers corresponding to a number of connections serviced by a service, the set comprising a first plurality of identifiers each identifying a predetermined number of connections and a second plurality of identifiers each identifying a predetermined range of numbers of connections. The appliance assigns, to each service servicing connections, an identifier corresponding to the number of connections serviced by the service, at least one of the identifiers selected from the second plurality of identifiers. The appliance receives a request for a service, and forwards the request to a service assigned to the identifier corresponding to a fewest number of connections with at least one service assigned to the identifier. | 02-05-2009 |
20100262650 | SYSTEMS AND METHODS FOR CONNECTION MANAGEMENT FOR ASYNCHRONOUS MESSAGING OVER HTTP - Described are methods and systems for managing the connections between a client, an intermediary appliance and a server, so that asynchronous messages can be transmitted over HTTP from the server to a client. When a connection is established between a client and an intermediary, and the intermediary and a server to establish a logical client-server connection, that logical client-server connection is labeled and not maintained, while the connection between the client and the intermediary is maintained. Messages generated by the server and destined for the client are transmitted to the intermediary along with the connection label. The intermediary can then use the connection label to determine which client should receive the message. | 10-14-2010 |
20100322250 | SYSTEMS AND METHODS FOR DISTRIBUTED HASH TABLE IN A MULTI-CORE SYSTEM - The present invention is directed towards systems and methods for using a distributed hash table to maintain the same configuration and resource persistency across a plurality of cores in a multi-core system. The distributed hash table includes a plurality of partitions, each partition being owned by a respective core of the multi-core system. A core may establish resources in the partition it owns. A core may request other cores to establish resources in the partitions they own and send resource information to the core. The core may locally cache the resource information. | 12-23-2010 |
20100322252 | SYSTEMS AND METHODS FOR HANDLING A MULTI-CONNECTION PROTOCOL BETWEEN A CLIENT AND SERVER TRAVERSING A MULTI-CORE SYSTEM - The present application is directed towards systems and methods for handling a multi-connection protocol communication between a client and a server traversing a multi-core system. The multi-connection protocol comprises a first connection and a second connection, which may be used respectively for control communications and data communications. Because different cores in the multi-core system may handle the first connection and second connection, the present invention provides systems and methods for efficiently coordinating protocol management between a plurality of cores. | 12-23-2010 |
20100325263 | SYSTEMS AND METHODS FOR STATISTICS EXCHANGE BETWEEN CORES FOR LOAD BALANCING - Systems and methods for consolidating metrics and statistics used for load balancing by a plurality of cores of a multi-core intermediary are disclosed. A timer operating on each packet engine of each core in a multi-core system may expire. A consolidator may store, responsive to expiration of the timer, a set of counter values from each of the packet engines to a first storage location. The consolidator may send to each packet engine a message to update the set of counter values. The consolidator may, upon completion of updating the set of counter values by the packet engines, send a second message to the packet engines that includes a consolidated set of counter values determined based on the updated set of values from each packet engine. Each packet engine may establish settings and parameters for load balancing based on the consolidated set of counter values. | 12-23-2010 |
20110149755 | SYSTEMS AND METHODS FOR LISTENING POLICIES FOR VIRTUAL SERVERS OF APPLIANCE - The present invention is directed towards a method for using a listening policy for a virtual server on an intermediary device. An intermediary device establishes for a first virtual server a first listening policy with an expression for evaluating packets received by the intermediary device to determine whether the packet may access the first virtual server. The intermediary device listens for packets at a first internet protocol (IP) address and a first port specified for the first virtual server. Then, the intermediary device evaluates the expression of the first listening policy to a first packet received at the first IP address and first port and determines whether to provide the first packet to the first virtual server based on a result of the evaluation. | 06-23-2011 |
20110153938 | SYSTEMS AND METHODS FOR MANAGING STATIC PROXIMITY IN MULTI-CORE GSLB APPLIANCE - The present invention is directed towards systems and methods for providing static proximity load balancing via a multi-core intermediary device. An intermediary device providing global server load balancing identifies a size of a location database comprising static proximity information. The intermediary device stores the location database to an external storage of the intermediary device responsive to determining the size of the location database is greater than a predetermined threshold. A first packet processing engine on the device receives a domain name service request for a first location, determines that proximity information for the first location is not stored in a first memory cache, transmits a request to a second packet processing engine for proximity information of the first location, and transmits a request to the external storage for proximity information of the first location responsive to the second packet processing engine not having the proximity information. | 06-23-2011 |
20120159235 | Systems and Methods for Implementing Connection Mirroring in a Multi-Core System - The present application is directed to systems and methods for providing failover connection mirroring between two or more multi-core devices intermediary between a client and a server. A first multi-core device may receive a hash key of a second multi-core device for mapping packets to cores of the second multi-core device. The first device may identify a core of the second device using (i) the hash key of the second device and (ii) tuple information corresponding to a connection between the client and the server via the first device. The first device may determine that the identified core is not a desired core for providing a failover connection. The first device may modify the tuple information so as to identify the desired core when used with the hash key of the second device. The first device may use the modified tuple information to establish the failover connection. | 06-21-2012 |
20130022051 | SYSTEMS AND METHODS FOR HANDLING A MULTI-CONNECTION PROTOCOL BETWEEN A CLIENT AND SERVER TRAVERSING A MULTI-CORE SYSTEM - The present application is directed towards systems and methods for handling a multi-connection protocol communication between a client and a server traversing a multi-core system. The multi-connection protocol comprises a first connection and a second connection, which may be used respectively for control communications and data communications. Because different cores in the multi-core system may handle the first connection and second connection, the present invention provides systems and methods for efficiently coordinating protocol management between a plurality of cores. | 01-24-2013 |
20130297802 | SYSTEMS AND METHODS FOR ADAPTIVE APPLICATION PROVISIONING - The present application is directed towards systems and methods for adaptive application provisioning for cloud services. An appliance deployed in a network as a gateway may be able to transparently monitor application activity in a cloud computing environment provided by one or more servers, including servers executed by virtual machines, bare-metal or non-virtual servers, or other computing devices. In some embodiments, the appliance may monitor one or more network metrics, including bandwidth usage, latency, congestion, or other issues; and/or may monitor application health or server or virtual machine statistics, including memory and processor usage, bandwidth usage, latency, or other metrics. Responsive to one or more metrics exceeding a threshold, the appliance may automatically provision or start, or deprovision or shut down, one or more virtual or physical machines from a cloud service provider, and may provide configuration information to the provisioned or started machines as needed. | 11-07-2013 |
Patent application number | Description | Published |
20080225718 | Systems and Methods for Providing Global Server Load Balancing of Heterogeneous Devices - The present invention provides improvements to load balancing by providing a load balancing solution that distributes a load among a plurality of heterogenous devices, such as different types of local load balancers, using metrics collected from the different devices. The load balancing appliance collects metrics from heterogenous devices using a network management protocol and communication model, such as a Simple Network Management Protocol (SNMP). These heterogenous device metrics are available on the load balancing appliance with appliance determined metrics and metrics obtained by the appliance from homogenous devices using a metric exchange protocol. Via a configuration interface of the appliance, a user can select one or more of these different metrics for global load balancing. As such, the load balancing appliance described herein obtains a multitude of metrics from the different devices under management. Additionally, the load balancing appliance described herein provides great flexibility in allowing the user to configure the global load balancer based on the user's understanding of these multitudes of metrics and to take into account the different characteristics and behaviors of the heterogenous devices. | 09-18-2008 |
20090300407 | SYSTEMS AND METHODS FOR LOAD BALANCING VIA A PLURALITY OF VIRTUAL SERVERS UPON FAILOVER USING METRICS FROM A BACKUP VIRTUAL SERVER - The present invention provides methods and systems for performing load balancing via a plurality of virtual servers upon a failover using metrics from a backup virtual server. The methods and systems described herein provide systems and methods for an appliance detecting that a first virtual server of a plurality of virtual servers having one or more backup virtual servers load balanced by an appliance is not available, identifying at least a first backup virtual server of a one or more backup virtual servers of the first virtual server is available, maintaining a status of the first virtual server as available in response to the identification, obtaining one or more metrics from the first backup virtual server of a one or more backup virtual servers, and determining the load across the plurality of virtual servers using the metrics obtained from the first backup virtual server associated with the first virtual server. | 12-03-2009 |
20100036951 | SYSTEMS AND METHODS FOR DYNAMIC DECENTRALIZED LOAD BALANCING ACROSS MULTIPLE SITES - A method for enabling decentralized dynamic load balancing among a plurality of appliances providing access to a plurality of sites, each site comprising a local area network and at least one server includes: determining, by a first appliance, a first number of services currently available for access via a local area network connected to the first appliance; receiving, by the first appliance from a second appliance, a communication indicating a second number of services currently available for access via a local area network connected to the second appliance; receiving, by the first appliance, a plurality of requests to connect to a service; determining, by the first appliance, a weight to be assigned to the second appliance, wherein the determination is responsive to the second number; and forwarding, by the first appliance to the second appliance, a subset of the plurality of requests, wherein the number of requests comprising the subset is determined in response to the determined weight. Corresponding systems are also described. | 02-11-2010 |
20100131639 | Systems and Methods For GSLB Site Persistence - The present invention provides systems and methods for maintaining site persistence in a hierarchical Global Server Load Balancing (GSLB) deployment. Via configuration of GSLB services locally and remotely on each of the GSLB appliances and LB appliances at a site, a site appliance identifies and associates requests from the GSLB with the site. Furthermore, the site appliance may receive a GSLB cookie with the client request and confirms the request is from the expected GSLB in the site hierarchy. When the load balancers receives a response from a server, the appliance may include the GSLB cookie with the response back to the client. The appliance may also include an LB cookie to identify the server selected by the LB. When the client sends another request, the request may include the GSLB and LB cookie. With this information, the GSLB and LB appliance may maintain site persistence for the client as well as server persistence at the site. | 05-27-2010 |
20100131960 | Systems and Methods for GSLB Based on SSL VPN Users - The present invention provides a system and a method for global server load balancing of a plurality of sites based on a number of Secure Socket Layer Virtual Private Network (SSL VPN) users. The SSL VPN users may access servers at each of the plurality of sites. A global server load balancing virtual server (GSLB) may receive a request to access a server. The GSLB virtual server may load balance a plurality of sites wherein each of the plurality of sites may further comprising a load balancing virtual server load balancing users accessing the server accessing servers via an SSL VPN session. GSLB may receive from a first load balancing virtual server at a first site, a first number of current SSL VPN users accessing servers from the first site via SSL VPN sessions. The GSLB may also receive from a second load balancing virtual server at a second site, a second number of current SSL VPN users of the users accessing servers from the second site via SSL VPN sessions. GSLB may determine to forward the request to one of the first load balancing virtual server of the first site or the second load balancing virtual server of the second site by load balancing SSL VPN users across the plurality of sites based on the first number of current SSL VPN users and the second number of current SSL VPN users. | 05-27-2010 |
20100138534 | SYSTEMS AND METHODS FOR MONITOR AN ACCESS GATEWAY - The present invention is directed towards systems and methods for monitoring an access gateway. The systems and methods include monitors on appliances that generate and send requests to logon agents or login page services on access gateways. Based on the responses from the logon agents or login page services, the monitors determine whether the logon agents or login page services are available. | 06-03-2010 |
20100191851 | METHOD AND APPLIANCE FOR USING A DYNAMIC RESPONSE TIME TO DETERMINE RESPONSIVENESS OF NETWORK SERVICES - In a method and appliance for determining responsiveness of a service via a particular protocol, a device intermediary to a plurality of clients and a plurality of services determines response times from each of a plurality of services to respond to requests via a first type of protocol of a plurality of protocols. The device calculates an average response time for the first type of protocol from each of the response times of the plurality of services. The device establishes a predetermined threshold for which a response time of a service for the first type of protocol may deviate from the average response time. The device identifies a service as available responsive to determining that a deviation of the response time of the service from the average response falls within the predetermined threshold. | 07-29-2010 |
20110153937 | SYSTEMS AND METHODS FOR MAINTAINING TRANSPARENT END TO END CACHE REDIRECTION - The present disclosure presents systems and methods for maintaining original source and destination IP addresses of a request while performing intermediary cache redirection. An intermediary receives a request from a client destined to a server identifying a client IP address as a source IP address and a server IP address as a destination IP address. The intermediary transmits the request to a cache server, the request maintaining original IP addresses and identifying a MAC address of the cache server as the destination MAC address. The intermediary receives the request from the cache server responsive to a cache miss, the received request maintaining the original source and destination IP addresses. The intermediary identifying that the third request is coming from the cache server via one or more data link layer properties of the third transport layer connection. The intermediary transmits to the server the request identifying the client IP address as the source IP address and the server IP address as the destination IP address. | 06-23-2011 |
20110222535 | Systems and Methods for Routing VPN Traffic Around Network Distribution - Methods for using a client agent to route client requests among a plurality of appliances using transport layer information include the steps of: establishing, by a client agent executing on a client, a first transport layer connection with a first appliance of a plurality of appliances, the first appliance providing access to one or more servers; establishing, by a client agent executing on the client, a second transport layer connection with a second appliance of a plurality of appliances, the second appliance providing access to one or more servers; intercepting, by the client agent, a packet transmitted by the client; selecting, by the client agent, one of the connections to transmit the intercepted packet based on a characteristic of at least one of: the transport layer connections, the plurality of appliances, or the servers; and transmitting the intercepted packet via the selected connection. | 09-15-2011 |
20120072588 | SYSTEMS AND METHODS FOR LOAD BALANCING VIA A PLURALITY OF VIRTUAL SERVERS UPON FAILOVER USING METRICS FROM A BACKUP VIRTUAL SERVER - The present invention provides methods and systems for performing load balancing via a plurality of virtual servers upon a failover using metrics from a backup virtual server. The methods and systems described herein provide systems and methods for an appliance detecting that a first virtual server of a plurality of virtual servers having one or more backup virtual servers load balanced by an appliance is not available, identifying at least a first backup virtual server of a one or more backup virtual servers of the first virtual server is available, maintaining a status of the first virtual server as available in response to the identification, obtaining one or more metrics from the first backup virtual server of a one or more backup virtual servers, and determining the load across the plurality of virtual servers using the metrics obtained from the first backup virtual server associated with the first virtual server. | 03-22-2012 |
20120226804 | SYSTEMS AND METHODS FOR SCALABLE N-CORE STATS AGGREGATION - The present invention is directed towards systems and methods for aggregating and providing statistics from cores of a multi-core system intermediary between one or more clients and servers. The system may maintain in shared memory a global device number for each core of the multi-core system. The system may provide a thread for each core of the multi-core system to gather data from the corresponding core. A first thread may generate aggregated statistics from a corresponding core by parsing the gathered data from the corresponding core. The first thread may transfer the generated statistics to a statistics log according to a schedule. The system may adaptively reschedule the transfer by monitoring the operation of each computing thread. Responsive to a request from a client, an agent of the client may obtain statistics from the statistics log. | 09-06-2012 |
20120290732 | METHODS FOR ASSOCIATING AN IP ADDRESS TO A USER VIA AN APPLIANCE - The present disclosure describes methods and systems for efficiently assigning, managing and querying virtual private network (VPN) addresses intranet IP (IIP) addresses of users, such as SSL VPN users on an enterprise network. The disclosure describes techniques and policies for assigning previously-assigned VPN addresses of a user to subsequent sessions of the user as the user logs in multiple times or roams between access points. The disclosure also describes a configurable user domain naming policy so that one can query the VPN address of a user by an easily referable host name identifying the user. The appliance and/or client agent provides techniques for applications to seamlessly and transparently communicate on the VPN using the VPN address of the user or client on the private network. | 11-15-2012 |
20130007239 | SYSTEMS AND METHODS FOR TRANSPARENT LAYER 2 REDIRECTION TO ANY SERVICE - The present solution is directed to providing, transparently and seamlessly to any client or server, layer 2 redirection of client requests to any services of a device deployed in parallel to an intermediary device An intermediary device deployed between the client and the server may intercept a client request and check if the request is to be processed by a service provided by one of the devices deployed in parallel with the intermediary device. The service may be any type and form of service or feature for processing, checking or modifying the request, including a firewall, a cache server, a encryption/decryption engine, a security device, an authentication device, an authorization device or any other type and form of service or device described herein. The intermediary device may select the machine to process the request and use layer 2 redirection to the machine. The intermediary device may change a Media Access Control (MAC) address of a destination of the request to a MAC address of the selected machine. Once the selected machine processes the request, the intermediary device may receive from this machine a response to processing the request. The intermediary device may then continue processing the request of the client responsive to the response from the machine or in response to identifying that the response to the request is from that particular selected machine. The forwarding to and processing by the parallel deployed machine may be performed seamlessly and transparently to the server and/or client. | 01-03-2013 |
20130046876 | SYSTEMS AND METHODS FOR GSLB SITE PERSISTENCE - The present invention provides maintains site persistence in a hierarchical Global Server Load Balancing (GSLB) deployment. Via configuration of GSLB services locally and remotely on each of the GSLB appliances and LB appliances at a site, a site appliance identifies and associates requests from the GSLB with the site. Furthermore, the site appliance may receive a GSLB cookie with the client request and confirms the request is from the expected GSLB in the site hierarchy. When the load balancers receives a response from a server, the appliance may include the GSLB cookie with the response back to the client. The appliance may also include an LB cookie to identify the server selected by the LB. When the client sends another request, the request may include the GSLB and LB cookie. | 02-21-2013 |
20130145146 | SYSTEMS AND METHODS FOR BULK ENCRYPTION AND DECRYPTION OF TRANSMITTED DATA - A method for using a network appliance to efficiently buffer and encrypt data for transmission includes: receiving, by an appliance via a connection, two or more SSL records comprising encrypted messages; decrypting the two or more messages; buffering, by the appliance, the two or more decrypted messages; determining, by the appliance, that a transmittal condition has been satisfied; encrypting, by the appliance in response to the determination, the first decrypted message and a portion of the second decrypted message to produce a third SSL record; and transmitting, by the appliance via a second connection, the third record. Corresponding systems are also described. | 06-06-2013 |
20130318232 | SYSTEMS AND METHODS FOR PROVIDING DYNAMIC CONNECTION SPILLOVER AMONG VIRTUAL SERVERS - A method for an appliance to switch handling of transport layer connection requests from a first virtual server of the appliance managing a first plurality of services to a second virtual server of the appliance managing a second plurality of services upon exceeding, by the first virtual server, a maximum connection threshold determined dynamically from a status of the first plurality of services The appliance establishes a predetermined threshold identifying a maximum active transport layer connection capacity for the first virtual server that comprising a sum of a predetermined connection capacity for each of the plurality of services. The appliance determines via monitoring that the status of a service of the plurality of services indicates the service is not available and adjusts the predetermined threshold to comprise the sum of the predetermined connection capacity for each of the plurality of services having a status of available. | 11-28-2013 |
20140133315 | SYSTEMS AND METHODS FOR LISTENING POLICIES FOR VIRTUAL SERVERS OF APPLIANCE - The present invention is directed towards a method for using a listening policy for a virtual server on an intermediary device. An intermediary device establishes for a first virtual server a first listening policy with an expression for evaluating packets received by the intermediary device to determine whether the packet may access the first virtual server. The intermediary device listens for packets at a first internet protocol (IP) address and a first port specified for the first virtual server. Then, the intermediary device evaluates the expression of the first listening policy to a first packet received at the first IP address and first port and determines whether to provide the first packet to the first virtual server based on a result of the evaluation. | 05-15-2014 |
20140189132 | SYSTEMS AND METHODS FOR GSLB BASED ON SSL VPN USERS - The present invention provides a system and a method for global server load balancing of a plurality of sites based on a number of Secure Socket Layer Virtual Private Network (SSL VPN) users. The SSL VPN users may access servers at each of the plurality of sites. A global server load balancing virtual server (GSLB) may receive a request to access a server. The GSLB virtual server may load balance a plurality of sites wherein each of the plurality of sites may further comprising a load balancing virtual server load balancing users accessing the server accessing servers via an SSL VPN session. GSLB may receive from a first load balancing virtual server at a first site, a first number of current SSL VPN users accessing servers from the first site via SSL VPN sessions. The GSLB may also receive from a second load balancing virtual server at a second site, a second number of current SSL VPN users of the users accessing servers from the second site via SSL VPN sessions. GSLB may determine to forward the request to one of the first load balancing virtual server of the first site or the second load balancing virtual server of the second site by load balancing SSL VPN users across the plurality of sites based on the first number of current SSL VPN users and the second number of current SSL VPN users. | 07-03-2014 |
20140258390 | SYSTEMS AND METHODS FOR MAINTAINING TRANSPARENT END TO END CACHE REDIRECTION - The present disclosure presents systems and methods for maintaining original source and destination IP addresses of a request while performing intermediary cache redirection. An intermediary receives a request from a client destined to a server identifying a client IP address as a source IP address and a server IP address as a destination IP address. The intermediary transmits the request to a cache server, the request maintaining original IP addresses and identifying a MAC address of the cache server as the destination MAC address. The intermediary receives the request from the cache server responsive to a cache miss, the received request maintaining the original source and destination IP addresses. The intermediary identifying that the third request is coming from the cache server via one or more data link layer properties of the third transport layer connection. The intermediary transmits to the server the request identifying the client IP address as the source IP address and the server IP address as the destination IP address. | 09-11-2014 |
20140304361 | SYSTEMS AND METHODS FOR DISTRIBUTED HASH TABLE CONTRACT RENEWAL - The present application is directed towards ASDR table contract renewal. In some embodiments, a core may cache an ASDR table entry received from an owner core such that when the entry is needed again the core does not need to re-request the entry from the owner core. As storing a cached copy of the entry allows the non-owner core to use an ASDR table entry without requesting the entry from the owner core, the owner core may be unaware of an ASDR table entry's use by a non-owner core. To ensure the owner core keeps the ASDR table entry alive, which the non-owner core has cached, the non-owner core may perform contract renewal for each of its recently used cached entries. The contract renewal method may include sending a message to the owner core that indicates which cached ASDR table entries the non-owner core has recently used or accessed. Responsive to receiving the message the owner core may reset a timeout period associated with the ASDR table entry. | 10-09-2014 |
20140304413 | SYSTEMS AND METHODS FOR STARTUP ROUND ROBIN ENHANCEMENT - The present solution allows users, such as administrators to configure slow start parameters for new services. These slow start parameters specify a rate at which requests should be given to a newly added or up service. The users can also chose to automatically increase the load in multiples of the chosen rate by specifying an increment interval. The services are given the configured rate for the interval, and once the interval is reached, the next multiple of the rate of requests is given. The increase of rate of requests is done automatically until an existing service request rate is reached. At that point in time this functionality is disabled and the existing and new services are treated the same. | 10-09-2014 |