| Patent application number | Description | Published |
|---|
| 20090234972 | Systems and Methods for Content Injection - The present solution is directed towards a policy-based intermediary that dynamically and flexibly injects content in responses between a client and a server based on one or more policies. The present solution addresses the challenges of injecting content in a client-server transaction. The intermediary determines when and what content to inject into a response of a client-server transaction based on a request and/or response policy. The injected content may include timestamp and/or variable tracking of different events in a client-server transaction. For example, when an intermediary appliance is deployed in a system to accelerate system performance and improve user experience, the appliance may inject content based on policy to monitor the acceleration performance of the deployed appliance. | 09-17-2009 |
| 20100235374 | Method and Systems for Efficient Delivery of Previously Stored Content - Systems and methods for reducing file sizes for files delivered over a network are disclosed. A method comprises receiving a first file comprising sequences of data; creating a hash table having entries corresponding to overlapping sequences of data; receiving a second file comprising sequences of data; comparing each of the sequences of data in the second file to the sequences of data in the hash table to determine sequences of data present in both the first and second files; and creating a third file comprising sequences of data from the second file and representations of locations and lengths of said sequences of data present in both the first and second files. | 09-16-2010 |
| 20100281217 | SYSTEM AND METHOD FOR PERFORMING ENTITY TAG AND CACHE CONTROL OF A DYNAMICALLY GENERATED OBJECT NOT IDENTIFIED AS CACHEABLE IN A NETWORK - The present invention is directed towards a method and system for modifying by a cache responses from a server that do not identify a dynamically generated object as cacheable to identify the dynamically generated object to a client as cacheable in the response. In some embodiments, such as an embodiment handling HTTP requests and responses for objects, the techniques of the present invention insert an entity tag, or “etag” into the response to provide cache control for objects provided without entity tags and/or cache control information from an originating server. This technique of the present invention provides an increase in cache hit rates by inserting information, such as entity tag and cache control information for an object, in a response to a client to enable the cache to check for a hit in a subsequent request. | 11-04-2010 |
| 20100325263 | SYSTEMS AND METHODS FOR STATISTICS EXCHANGE BETWEEN CORES FOR LOAD BALANCING - Systems and methods for consolidating metrics and statistics used for load balancing by a plurality of cores of a multi-core intermediary are disclosed. A timer operating on each packet engine of each core in a multi-core system may expire. A consolidator may store, responsive to expiration of the timer, a set of counter values from each of the packet engines to a first storage location. The consolidator may send to each packet engine a message to update the set of counter values. The consolidator may, upon completion of updating the set of counter values by the packet engines, send a second message to the packet engines that includes a consolidated set of counter values determined based on the updated set of values from each packet engine. Each packet engine may establish settings and parameters for load balancing based on the consolidated set of counter values. | 12-23-2010 |
| 20110145330 | SYSTEM AND METHOD FOR PERFORMING FLASH CROWD CACHING OF DYNAMICALLY GENERATED OBJECTS IN A DATA COMMUNICATION NETWORK - The present invention is directed towards a “flash crowd” technique for handling situations where the cache receives additional requests, e.g., nearly simultaneous requests, for the same object during the time the server is processing and returning the response object for a first requestor. Once all such nearly simultaneous requests are responded to by the cache, the object is flushed from the cache, with no additional expiry time or invalidation action needed. This technique of the present invention enables data to be cached and served for very small amounts of time for objects that would otherwise be considered non-cacheable. As such, this technique yields a significant improvement in applications that serve fast changing data to a large volume of concurrent users, such, for example, as real time stock quotes, or a fast evolving news story. | 06-16-2011 |
| Patent application number | Description | Published |
|---|
| 20080222363 | SYSTEMS AND METHODS OF MAINTAINING FRESHNESS OF A CACHED OBJECT BASED ON DEMAND AND EXPIRATION TIME - A device that implements a method for performing integrated caching in a data communication network. The device is configured to receive a packet from a client over the data communication network, wherein the packet includes a request for an object. At the operating system/kernel level of the device, one or more of decryption processing of the packet, authentication and/or authorization of the client, and decompression of the request occurs prior to and integrated with caching operations. The caching operations include determining if the object resides within a cache, serving the request from the cache in response to a determination that the object is stored within the cache, and sending the request to a server in response to a determination that the object is not stored within the cache. | 09-11-2008 |
| 20110125892 | SYSTEMS AND METHODS FOR TRACE FILTERS BY ASSOCIATION OF CLIENT TO VSERVER TO SERVICES - The present disclosure is directed towards systems and methods for tracing packets via an intermediary device. The systems and methods include an intermediary device that establishes connections with clients and connections with servers. The intermediary device links a connection to a server with a connection to a client to provide a client with access to the server. When the client requests a packet trace, the intermediary device applies the trace to linked connections with the client to obtain full trace information for network packets servicing the client. | 05-26-2011 |
| 20110131654 | SYSTEMS AND METHODS FOR AGGRESSIVE WINDOW PROBING - The present application is directed towards systems and methods for aggressively probing a client side connection to determine and counteract a malicious window size attack or similar behavior from a malfunctioning client. The solution described herein detects when a connection may be under malicious attach via improper or unusual window size settings. Responsive to the detection, the solution described herein will setup probes that determine whether or not the client is malicious and does so within an aggressive time period to avoid the tying up of processing cycles, transport layer sockets and buffers, and other resources of the sender. | 06-02-2011 |
| 20110153720 | SYSTEMS AND METHODS FOR SAMPLING MANAGEMENT ACROSS MULTIPLE CORES FOR HTML INJECTION - A method for sampling management includes establishing, for a multi-core intermediary comprising a plurality of packet evaluation components executing on a corresponding plurality of cores, a frequency at which the multi-core intermediary intercepts a response transmitted from a server to a client and injects data into the intercepted response. For each of the plurality of packet evaluation components, an offset and a frequency based on a number of packet evaluation components in the plurality of packet evaluation components is established, a combination of the established frequencies substantially similar to the frequency established for the multi-core intermediary. One of the plurality of cores intercepts a response from the server to the client, at a time specified by the frequency and the offset. The packet evaluation component executing on the one of the plurality of cores injects data into the intercepted response. | 06-23-2011 |
| 20110153822 | SYSTEMS AND METHODS FOR MANAGING PREFERRED CLIENT CONNECTIVITY TO SERVERS VIA MULTI-CORE SYSTEM - The present application is directed towards systems and methods for providing a cookie by an intermediary device comprising a plurality of packet processing engines executing on a corresponding plurality of cores, the cookie identifying a session of a user that was redirected responsive to a service exceeding a response time limit. The cookie may be generated with identifiers based off a name of a virtual server managing a service of a server, and a name of a policy associated with the virtual server. Each packet processing engine of the plurality of packet processing engines may interpret cookies generated by other packet processing engines due to the name of the virtual server and name of the policy, and may provide preferred client connectivity based on cookies included in requests for access to a service. | 06-23-2011 |
| 20110153839 | SYSTEMS AND METHODS FOR SERVER SURGE PROTECTION IN A MULTI-CORE SYSTEM - The present application is directed towards systems and methods for providing connection surge protection to one or more servers by an intermediary multi-core system. A packet processing engine of a multi-core device deployed as an intermediary between a plurality of clients and one or more servers determines an estimated number of total pending requests received by all packet processing engines based on a value of a local counter of received requests, the total number of pending requests received by all other packet processing engines at a last predetermined interval, and a rate of change of the total number of pending requests received by all other packet processing engines multiplied by the time since the last predetermined interval. The packet processing engine applies a surge protection policy to received pending requests responsive to the determined estimated number of total pending requests. | 06-23-2011 |
| 20110153937 | SYSTEMS AND METHODS FOR MAINTAINING TRANSPARENT END TO END CACHE REDIRECTION - The present disclosure presents systems and methods for maintaining original source and destination IP addresses of a request while performing intermediary cache redirection. An intermediary receives a request from a client destined to a server identifying a client IP address as a source IP address and a server IP address as a destination IP address. The intermediary transmits the request to a cache server, the request maintaining original IP addresses and identifying a MAC address of the cache server as the destination MAC address. The intermediary receives the request from the cache server responsive to a cache miss, the received request maintaining the original source and destination IP addresses. The intermediary identifying that the third request is coming from the cache server via one or more data link layer properties of the third transport layer connection. The intermediary transmits to the server the request identifying the client IP address as the source IP address and the server IP address as the destination IP address. | 06-23-2011 |
| 20110154488 | SYSTEMS AND METHODS FOR GENERATING AND MANAGING COOKIE SIGNATURES FOR PREVENTION OF HTTP DENIAL OF SERVICE IN MULTI-CORE SYSTEM - The present application is directed towards systems and methods for generating and maintaining cookie consistency for security protection across a plurality of cores in a multi-core system. A packet processing engine executing on one core designated as a primary packet processing engine generates and maintains a global random seed. The global random seed may be used as an initial seed for creation of cookie signatures by each of a plurality of packet processing engines executing on a plurality of cores of the multi-core system using a deterministic pseudo-random number generation function such that each core creates an identical set of cookie signatures. | 06-23-2011 |
