WO2014088741A1 - Forwarding policies on a virtual service network - Google Patents

Forwarding policies on a virtual service network Download PDF

Info

Publication number
WO2014088741A1
WO2014088741A1 PCT/US2013/068345 US2013068345W WO2014088741A1 WO 2014088741 A1 WO2014088741 A1 WO 2014088741A1 US 2013068345 W US2013068345 W US 2013068345W WO 2014088741 A1 WO2014088741 A1 WO 2014088741A1
Authority
WO
WIPO (PCT)
Prior art keywords
virtual service
network address
packet forwarding
service
virtual
Prior art date
Application number
PCT/US2013/068345
Other languages
French (fr)
Inventor
Rajkumar Jalan
Gurudeep Kamat
Original Assignee
A10 Networks, Inc.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by A10 Networks, Inc. filed Critical A10 Networks, Inc.
Publication of WO2014088741A1 publication Critical patent/WO2014088741A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/1001Protocols in which an application is distributed across nodes in the network for accessing one among a plurality of replicated servers
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks
    • H04L45/74Address processing for routing
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/12Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/50Network services
    • H04L67/60Scheduling or organising the servicing of application requests, e.g. requests for application data transmissions using the analysis and optimisation of the required network resources

Definitions

  • This invention relates generally to data communications, and more specifically, to a virtual service network.
  • Service load balancers such as server load balancers or application delivery controllers typically balance load among a plurality of servers providing network services such as Web documents, voice calls, advertisements, enterprise applications, video services, gaming, or consuming broadband services.
  • a service is used by many client computers. Some services are offered for few clients and some services are offered to many clients.
  • a service is handled by a service load balancer. When there are many clients utilizing the service at the same time, the service load balancer will handle the distribution of client service accesses among the servers.
  • a network administrator cannot easily add a second service load balancer, since a service is typically assigned to an IP address of the service load balancer. Adding another service load balancer having the same IP address for the service is not possible in a data network. Network nodes in the data network would not be able to determine which service load balancer to send a client service access to.
  • the present invention describes a virtual service network wherein network nodes in the virtual service network are capable of processing client service sessions of a network service and forwarding the sessions to a plurality of service load balancers.
  • a method for providing forwarding policies in a virtual service network comprises: (a) receiving a virtual service session request from a client device by the network node, the virtual service session request comprising the virtual service network address for the virtual service served by the pool of service load balancers, wherein the network node comprises a plurality of packet forwarding policies, each packet forwarding policy comprising a virtual service network address associated with a destination; (b) comparing by the network node the virtual service network address in the virtual service session request with the virtual service network address in each packet forwarding policy; (c) in response to finding a match between the virtual service network address in the virtual service session request and a given virtual service network address in a given packet forwarding policy, determining the given destination in the given packet forwarding policy by the network node; and (d) sending the virtual service session request to a service load
  • the method further comprises: (e) receiving a virtual service request from the client device through the virtual service session by the network node, the virtual service request comprising the virtual service network address for the virtual service; (f) comparing by the network node the second virtual service network address in the virtual service request with the virtual service network address in each packet forwarding policy; (g) in response to finding a match between the virtual service network address in the virtual service request and a second given virtual service network address in a second given packet forwarding policy, determining a second given destination in the second given packet forwarding policy by the network node; and (h) sending the virtual service request to a second service load balancer associated with the second given
  • the method further comprises: (i) receiving a virtual service data packet from the client device through the virtual service session by the network node, the virtual service data packet comprising the virtual service network address for the virtual service; (]) comparing by the network node the virtual service network address in the virtual service data packet with the virtual service network address in each packet forwarding policy; (k) in response to finding a match between the virtual service network address in the virtual service data packet and a third given virtual service network address in a third given packet forwarding policy, determining a third given destination in the third given packet forwarding policy by the network node; and (i) sending the virtual service data packet to a third service load balancer associated with the third given destination by the network node.
  • the service load balancer, the second service load balancer, and the third service load balancer are the same service load balancer.
  • the method further comprises: (e) receiving a data packet of the virtual service session by the network node from the service load balancer over a data network, the data packet comprising a client network address of the client device; (f) retrieving the client network address from the data packet by the network node; and (g) sending the data packet to the client device using the client network address by the network node.
  • the data packet comprises a virtual service session request response or a virtual service request response.
  • the given destination comprises a second network node
  • the sending (d) comprises: (dl) sending the virtual service session request to the second network node, wherein the second network node comprises a second plurality of packet forwarding policies, each of the second packet forwarding policies comprising a second virtual service network address associated with a second destination; (d2) comparing by the second network node the virtual service network address in the virtual service session request with the virtual service network address in each of the second nnrket fnrwnrHiri CT policies; (d3) in response to finding a match between 1 ' 1 network address in the virtual service session request and a second given virtual service network address in a second given packet forwarding policy, determining a second given destination in the second given packet forwarding policy by the second network node; and (d4) sending the virtual service session request to the service load balancer associated with the second given destination, wherein the service load balancer establishes a virtual service session with the client device.
  • the determining (c) comprises: (cl) finding by the network node that the virtual service network address in the virtual service session request matches a first virtual service network address in a first packet forwarding policy and a second virtual network address in a second packet forwarding policy; (c2) selecting by the network node either the first packet forwarding policy or the second packet forwarding policy based on additional information comprised in the first and second packet forwarding policies; and (c3) determining the given destination in the selected packet forwarding policy by the network node.
  • the additional information comprises one or more of the following: a multi-path factor; and a traffic policy.
  • the first packet forwarding policy comprises a first destination associated with a first service load balancer in the pool of service load balancers
  • the second packet forwarding policy comprises a second destination associated with a second service load balancer in the pool of service load balancers, wherein the first service load balancer is different from the second service load balancer
  • the determining (c3) comprises: (c3i) in response to selecting the first packet forwarding policy, determining the first destination associated with the first service load balancer in the first packet forwarding policy by the network node; and (c3ii) in response to selecting the second packet forwarding policy, determining the second destination in the second packet forwarding policy in the second packet forwarding policy by the network node.
  • the network node comprises a first plurality of packet forwarding policies for a first virtual service and a second plurality of packet fnrwnrHiri CT nnliHes for a second virtual service, wherein the comparing s ' " 1 s determining by the network node whether the virtual service session request is for the first virtual service or the second virtual service; (b2) in response to determining that the virtual service session request is for the first virtual service, comparing by the network node the virtual service network address in the virtual service session request with a virtual service network address in each of the first plurality of packet forwarding policies; and (b3) in response to determining that the virtual service session request is for the first virtual service, comparing by the network node the virtual service network address in the virtual service session request with a virtual service network address in each of the second plurality of packet forwarding policies.
  • the virtual service session request further comprises a client network address of the client device
  • each packet forwarding policy further comprises a client network address associated with the destination
  • the comparing (b) and the determining (c) comprise: (bl) comparing by the network node the virtual service network address in the virtual service session request with the virtual service network address in each packet forwarding policy; (b2) comparing by the network node the client network address in the virtual service session request with the client network address in each packet forwarding policy; and (cl) in response to finding the match between the virtual service network address in the virtual service session request and the given virtual service network address in the given packet forwarding policy, and in response to finding a match between the client network address in the virtual service session request and the given client network address in the given packet forwarding policy, determining the given destination in the given packet forwarding policy by the network node.
  • a method for providing forwarding policies in a virtual service network comprising a network node and a pool of service load balancers serving a virtual service associated with a virtual service network address, comprising: (a) receiving a virtual service session request from a client device by the network node, the virtual service session request comprising a client device network address for the client device and the virtual service network address for the virtual service served by the pool of service load balancers, wherein the network node comprises a plurality of packet forwarding policies, each packet forwarding policy comprising a client network address and a virtual service network address associated with a destination; (b) comparing by the network node the virtual service network address in the virtual service session request with a first virtual service network address in a first packet forwarding policy of the plurality of packet forwarding policies, and comparing the client device network address in the virtual service session request with a first client network address in the first packet forwarding policy; (c) in response to determining that the virtual service
  • Figure 1 illustrates a virtual service network for a service according to an
  • Figure 2a illustrates a component view of network node according to an embodiment of the present invention.
  • Figure 2b illustrates a component view of service load balancer according to an embodiment of the present invention.
  • Figure 2c illustrates a component view of server according to an embodiment of the present invention.
  • Figure 3 illustrates a virtual service session according to an embodiment of the present invention.
  • Figure 3a illustrates processing of a virtual service session request according to an embodiment of the present invention.
  • Figure 3b illustrates processing of a virtual service request according to an embodiment of the present invention.
  • Figure 3c illustrates processing of a virtual service data packet according to an embodiment of the present invention.
  • Figure 4 illustrates processing of a data packet from service load balancer to client device according to an embodiment of the present invention.
  • Figure 5 illustrates a via network node according to an embodiment of the present invention.
  • Figure 5a illustrates forwarding a virtual service data packet to a via network node according to an embodiment of the present invention.
  • Figure 6 illustrates a network node configuration according to an embodiment of the present invention.
  • Figure 7 illustrates packet forwarding policies with other information according to an embodiment of the present invention.
  • Figure 8 illustrates a virtual service network supporting multiple services according to an embodiment of the present invention.
  • the present invention can take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment containing both hardware and software elements.
  • the present invention is implemented in software, which includes but is not limited to firmware, resident software, microcode, etc.
  • the present invention can take the form of a computer program product accessible from a computer-usable or computer-readable medium providing program code for use by or in connection with a computer or any instruction execution system.
  • a computer-usable or computer readable medium can be any apparatus that can contain, store, communicate, propagate, or transport eh program for use by or in connection with the instruction execution system, apparatus, or device.
  • the medium can be an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system (or apparatus or device) or a propagation medium.
  • Examples of a computer-readable medium include a semiconductor or solid state memory, magnetic tape, a removable computer diskette, a random access memory (RAM), a read-only memory (ROM), a rigid magnetic disk and an optical disk.
  • Current examples of optical disks include compact disk - read only memory (CD-ROM), compact disk - read/write (CD-R/W) and DVD.
  • a data processing system suitable for storing and/or executing program code will include at least one processor coupled directly or indirectly to memory elements through a system bus.
  • the memory elements can include local memory employed during actual execution of the program code, bulk storage, and cache memories which provide temporary storage of at least some program code in order to reduce the number of times code must be retrieved from bulk storage during execution.
  • I/O devices including but not limited to keyboards, displays, point devices, etc.
  • I/O controllers including but not limited to keyboards, displays, point devices, etc.
  • Network adapters may also be coupled to the system to enable the data processing system to become coupled to other data processing systems or remote printers or storage devices through intervening private or public networks.
  • Modems, cable modem and Ethernet cards are just a few of the currently available types of network adapters.
  • each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified local function(s).
  • the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially
  • Figure 1 illustrates a virtual service network for a service according to an
  • Virtual service network 510 includes a network node 562 and a service load balancer pool 530, which includes, in one embodiment, a plurality of service load balancers 532, 534.
  • Network node 562 and service load balancer pool 530 are connected in virtual service network 510 such that network node 562 can forward packets to service load balancers 532-534 and vice versa.
  • virtual service network 510 is configured over a data network 500.
  • network node 562 and service load balancers 532-534 are a part of data network 500.
  • network node 562 connects directly to service load balancers 532-534 and forwards data packets directly to service load balancers 532-534.
  • network node 562 forwards data packets through one or more network elements (not shown) in data network 500.
  • service load balancers 532-534 send data packets to network node 562 through data network 500, using one or more network elements in data network 500 if necessary.
  • data network 500 includes an Internet Protocol (IP) network, a corporate data network, a regional corporate data network, an Internet service provider network, a residential data network, a wired network such as Ethernet, a wireless network such as a WiFi network, or a cellular network.
  • IP Internet Protocol
  • data network 500 resides in a data center, or connects to a network or application network cloud.
  • network node 562 includes, in addition to that described later in this specification, the functionality of a network switch, an Ethernet switch, an IP router, an ATM switch, a stackable switch, a broadband remote access system (BRAS), a cable headend, a mobile network gateway, a home agent gateway (HA-Gateway), a PDSN, a GGSN, a broadband gateway, a VPN gateway, a firewall, or a networking device capable of forwarding packets in data network 500.
  • BRAS broadband remote access system
  • H-Gateway home agent gateway
  • PDSN Packet Data Network Gateway
  • GGSN home agent gateway
  • broadband gateway a VPN gateway
  • firewall a networking device capable of forwarding packets in data network 500.
  • service load balancer 534 includes functionality of a server load balancer, an application delivery controller, a service delivery platform, a traffic manager, a security gateway, a component of a firewall system, a component of a virtual private network (VPN), a load balancer for video servers, a gateway to distribute load to one or more servers, or a gateway performing network address translation (NAT).
  • a server load balancer an application delivery controller, a service delivery platform, a traffic manager, a security gateway, a component of a firewall system, a component of a virtual private network (VPN), a load balancer for video servers, a gateway to distribute load to one or more servers, or a gateway performing network address translation (NAT).
  • VPN virtual private network
  • Service load balancer pool 530 connects to server pool 200, which in an embodiment includes a plurality of servers 212, 214, 216. Servers 212-216 of server pool 200 serves service 240. Service load balancers 532-534 of service load balancer pool 530 serves service 240 as virtual service 540.
  • server 212 includes functionality of a Web server, a file server, a video server, a database server, an application server, a voice system, a
  • conferencing server a media gateway, a media center, an app server or a network server providing a network or application service to client device 100 using a Web protocol.
  • service 240 includes a Web service, a HTTP service, a FTP service, a file transfer service, a video or audio streaming service, an app download service, an advertisement service, an on-line game service, a document access service, a
  • conferencing service a file sharing service, a group collaboration service, a database access service, an on-line transaction service, a Web browsing service, a VOIP service, a notification service, a messaging service, or an Internet data communication service.
  • Each service load balancer for example service load balancer 532, can exchange data packets to one or more servers in server pool 200.
  • Client device 100 is a computing device connecting to virtual service network 510.
  • client device 100 in order to utilize service 240, client device 100 establishes a virtual service session 140 for virtual service 540 with service load balancer pool 530 through virtual service network 510.
  • Service load balancer pool 530 establishes service session 340 with server pool 200 and relays data packets between virtual service session 140 and service session 340.
  • server pool 200 provides the service 240 to client device 100.
  • client device 100 is a personal computer, a laptop computer, a desktop computer, a smartphone, a feature phone, a tablet computer, an e-reader, an end-use networked device, a server computer, a service proxy computer, a service gateway, a business computer, a server computer, or a computer requesting service 240.
  • Figures 2a-2c illustrate components of network node 562, service load balancer 534, and server 212 according to an embodiment of the present invention.
  • network node 562 includes processor module 630, packet processing module 650, and network module 670.
  • processor module 630 includes one or more processors and a computer readable medium storing programming instructions.
  • processor module 630 includes storage such as random accessible memory (RAM).
  • packet processing module 650 includes a processor or a network processor capable of processing data packets.
  • packet processing module 650 is part of processor module 630.
  • packet processing module 650 is a physical card or module housing a network processor.
  • packet processing module 650 includes storage such as random access memory (RAM), context addressable memory (CAM), tertiary CAM
  • packet processing module 650 includes a plurality of programming
  • network module 670 interacts with data network 500 and virtual service network 510 to transmit and receive data packets.
  • network module 670 includes a plurality of network interfaces such as network interface 671, network interface 672 and network interface 674. Each of the network interfaces connect to another network component.
  • network interface 671 connects to client device 100; network interface 672 connects to service load balancer 532; and network interface 674 connects to service load balancer 534.
  • network interface 671 connects to client device 100 and service load balancer pool 530.
  • network interface 671 is an Ethernet, Gigabit Ethernet, 10-Gigabit Ethernet, ATM, MPLS, wireless network, or optical network interface.
  • Figure 2b illustrates a service load balancer such as service load balancer 534 according to an embodiment of the present invention.
  • service load balancer 534 includes processor module 734, virtual service processing module 754 and network module 774.
  • Network module 774 interacts with data network 500 and virtual service network 510 to transmit and receive data packets.
  • network module 774 exchanges data packets with network node 562 and server pool 200.
  • Network module 774 includes a network interface card or network interface module connecting to data network 500 and virtual service network 510.
  • processor module 734 includes a processor and computer readable medium storing programming instructions.
  • virtual service processing module 754 includes a physical hardware comprising a processor or a network processor, a memory module such as RAM.
  • virtual service processing module 754 is included in processor module 734.
  • virtual service processing module 754 includes storage storing
  • FIG. 2c illustrates a server, such as server 212, according to an embodiment of the present invention.
  • server 212 includes processor module 832, service processing module 852 and network module 872.
  • Network module 872 interacts with virtual service network 510 to transmit or receive data packets.
  • network module 872 exchanges data packets with service load balancer pool 530.
  • Network module 872 includes a network interface card or network interface module connecting to data network 510 or virtual service network 510.
  • processor module 832 includes a processor and computer readable medium storing programming instructions.
  • service processing module 852 includes a physical hardware comprising a processor or a network processor, a memory module such as RAM.
  • service processing module 852 is included in processor module 832.
  • service processing module 852 includes storage storing programming instructions executed by server 212.
  • FIG. 3 illustrates a session between client device and a server according to an embodiment of the present invention.
  • client device 100 uses service 240 by conducting virtual service session 140 using virtual service 540.
  • virtual service session 140 is a IP session, a UDP session, a TCP session, a SIP session, an ICMP session, a GRE session, a RTSP session, an SSL session, a HTTPS session, or a HTTP session.
  • virtual service 540 includes a virtual service network address 541, such as an IP network address.
  • the virtual service network address 541 is shared among the service load balancers in the service load balancer pool 530.
  • virtual service network address 541 includes a transport layer identity such as a port number, a TCP port, a UDP port.
  • client device 100 sends a virtual service session request 142, such as a TCP session request data packet, to network node 562.
  • Virtual service session request 142 includes virtual service network address 541.
  • network node 562 determines that virtual service session request 142 is to be sent to service load balancer 534, based on virtual service network address 541.
  • Service load balancer 534 establishes virtual service session 140 with client device 100.
  • client device 100 After establishing virtual service session 140, client device 100 sends a virtual service request 144 through virtual service session 140 to service load balancer 534.
  • Service load balancer 534 determines that virtual service request 144 is to be relayed to server 212. Subsequently client device 100 exchanges virtual service data packet 146 with server 212 via service load balancer 534.
  • FIG. 3a illustrates processing of virtual service session request 142 according to an embodiment of the present invention.
  • Client device 100 sends virtual service session request 142 to network node 562.
  • virtual service session request 142 data packet includes virtual service network address 541, and client network address 101.
  • client network address 101 includes an IP address of client device 100, and optionally a transport layer address.
  • Network node 562 selects service load balancer 534, based on a packet forwarding policy 641, and forwards virtual service session request 142 to service load balancer 534.
  • Packet forwarding policy 641 includes criteria 643 and destination 645. Criteria 643 contain matching information for network node 562 to match against virtual service session request 142. Destination 645 includes information to transmit virtual service session request 142.
  • destination 645 indicates using network interface 674 to transmit virtual service session request 142.
  • Network node 562 informs network module 670 to transmit virtual service session request 142 using interface 674.
  • network interface 674 directly connects to service load balancer 534 and service load balancer 534 receives virtual service session request 142.
  • network interface 674 connects to service load balancer 534 via data network 500 and service load balancer 534 receives virtual service session request 142 via data network 500.
  • Network node 562 compares criteria 643 against virtual service session request 142. In one embodiment, network node 562 retrieves virtual service network address 541 from virtual service session request 142. In one embodiment, criteria 643 include virtual service network address 646. Network node 562 compares virtual service network address 541 with virtual service network address 646. In one embodiment, virtual service network address 646 includes virtual service network address 541 and network node 562 finds a match between virtual service network address 541 and virtual service network address 646.
  • the network node 562 In response to finding a match between virtual service network address 541 and virtual service network address 646, the network node 562 applies the packet forwarding policy 641 to the virtual service session request 142 by informing the network module 670 to transmit the virtual service session request 142 using the network interface 674 indicated by destination 645.
  • virtual service network address 646 includes a transport layer address such as TCP port number, UDP port number or other transport layer information.
  • Network node 562 retrieves transport layer address from virtual service network address 541 and compares with virtual service network address 646. In one embodiment, network node 562 finds a match of the transport layer addresses, network node 562 determines that packet forwarding policy 641 is to be applied to virtual service session request 142.
  • virtual service network address 646 includes a range of network addresses. In finding that virtual service network address 541 is included in the range of network addresses, network node 562 determines there is a match. In one embodiment, virtual service network address 646 includes a range of transport layer addresses.
  • network node 562 determines there is a match.
  • criteria 643 include client network address 647.
  • Network node 562 obtains client device network address 101 from virtual service session request 142 and compares client network address 647 with client device network address 101. If there is a match, network node 562 determines packet forwarding policy 641 is applicable.
  • client network address 647 includes a range of network addresses. In finding that client device network address 101 is included in the range of network addresses, network node 562 determines there is a match.
  • network node 562 further includes another packet forwarding policy 651.
  • Packet forwarding policy 651 includes criteria 652, which includes a client network address 653 different from client network address 647 and the same virtual service network address 646 as packet forwarding policy 641.
  • Network node 562 obtains virtual service network address 541 and client device network address 101 from virtual service session request 142.
  • network node 562 first determines whether packet forwarding policy 651 applies to virtual service session request 142.
  • Network node 562 compares client network address 653 in packet forwarding policy 651 with client device network address 101, and compares virtual service network address 646 in packet forwarding policy 651 with virtual service network address 541.
  • the network node 562 determines that packet forwarding policy 651 does not apply.
  • client network address 653 includes a range of network addresses. In finding that client device network address 101 is not included in the range of network addresses, network node 562 determines there is no match.
  • Network node 562 determines whether a different packet forwarding policy applies. In one embodiment, after determining that packet forwarding policy 651 does not apply, network node 562 determines whether packet forwarding policy 641 applies.
  • Network node compares client network address 647 in packet forwarding policy 641 with client device network address 101, and compares virtual service network address 646 in packet forwarding policy 641 with virtual service network address 541. In response to finding a match between client network address 647 and client network address 101 and a match between the virtual service network address 646 and virtual service network address 541, network node 562 determines packet forwarding policy 641 is applicable.
  • service load balancer 534 Upon receiving virtual service session request 142, service load balancer 534 processes the session request 142 and replies with a virtual service session request response 143, comprising one or more data packets to be transmitted to client device 100. A process to send data packet 143 will be discussed in a later illustration.
  • destination 645 includes a modification procedure prior to transmission.
  • Network node 562 applies the modification procedure in destination 645 prior to informing network interface 674.
  • destination 645 indicates a IP tunneling modification, a VLAN modification, a MPLS modification, a L2TP tunnel, a IP- in-IP tunnel, a IPv6-v4 tunnel modification, a IPSec modification, a packet header modification, a packet payload modification, or other modification procedure related to network interface 674.
  • Figure 3b illustrates processing of virtual service request 144 according to an embodiment of the present invention.
  • Client device 100 sends virtual service request 144 data packet to network node 562, where the virtual service request 144 includes a virtual service network address 541.
  • network node 562 processes virtual service request 144 using a similar process illustrated in figure 3a, matching the criteria from packet forwarding policy 641 with virtual service request 144 having virtual service network address 541.
  • Network node 562 sends virtual service request 144 to service load balancer 534 according to the application of the matching packet forwarding policy 641.
  • Service load balancer 534 receives and processes virtual service request 144.
  • Service load balancer 534 selects server 212 to service virtual service request 144 and sends the virtual service request 148 to the server 212.
  • the selection of server 212 is known to those skilled in the art. Any and all such selection process is considered as a part of an embodiment of the present invention and is not described in this specification.
  • Server 212 responds to the virtual service request 148 with a service request response 245 and sends the service request response 245 to service load balancer 534.
  • Service load balancer 534 creates virtual ser ire renuest response 145 and sends the service request respoi 1 ⁇ ' 1 - ' device 100. An embodiment to send virtual service request 145 from service load balancer 534 to client device 100 will be described in a later illustration in this specification.
  • Figure 3c illustrates processing of virtual service data packet 146 according to an embodiment of the present invention.
  • Client device 100 sends virtual service data packet 146 to network node 562, where the virtual service data packet 146 includes a virtual service network address 541.
  • network node 562 processes virtual service data packet 146 in a similar process illustrated in figure 3a, matching the criteria from packet forwarding policy 641 with virtual service data packet 146 having virtual service network address 541.
  • Network node 562 sends virtual service data packet 146 to service load balancer 534.
  • Service load balancer 534 generates service packet 546 using virtual service data packet 146, and sends service packet 546 to server 212.
  • the process of generating service packet 546 using virtual service data packet 146 is known to those skilled in the art and is not described in this specification.
  • Figure 4 illustrates a process to forward a data packet from service load balancer 534 to client device 100 according to an embodiment of the present invention.
  • service load balancer 534 sends a data packet 147 of service session 140 to network node 562.
  • data packet 147 may be virtual service session request response 143 or virtual service request response 145.
  • Data packet 147 includes client device network address 101 of client device 100 as a destination for data packet 147.
  • Service load balancer 534 sends data packet 147 through data network 500 to network node 562, and network node 562 receives data packet 147 from data network 500.
  • data packet 147 traverses through virtual service network 510 before it is received by network node 562.
  • Network node 562 retrieves destination client device network address 101 from data packet 147, and determines that data packet 147 is to be sent to client device 100, based on the retrieved client device network address 101.
  • virtual service network 510 includes a network node 564 connected with network node 562 and service load balancer 534.
  • FIG. 5a illustrates a process for network node 562 to select network node 564 according to an embodiment of the present invention.
  • Network node 564 receives and processes virtual service data packet 148.
  • Network node 564 sends virtual service data packet 148 to service load balancer 534 according to an embodiment process illustrated in figures 3, 3a-3c.
  • Figure 5a illustrates a process of network node 562 to send a virtual service data packet 148 from client device 100 to network node 564 according to an embodiment of the present invention.
  • Client device 100 sends virtual service data packet 148 to network node 562.
  • data packet 148 includes virtual service network address 541, and client network address 101.
  • Network node 562 selects network node 564, based on a packet forwarding policy 681, and forwards data packet 148 to network node 564.
  • Packet forwarding policy 681 includes criteria 683 and destination 685. Criteria 683 contain matching information for network node 562 to compare against data packet 148.
  • Destination 685 indicates information to transmit data packet 148.
  • destination 685 indicates network interface 674 is to be used to transmit data packet 148.
  • Network node 562 informs network module 670 to transmit data packet 148 using interface 674.
  • network interface 674 directly connects to network node 564 and network node 564 receives data packet 148.
  • network interface 674 connects to network node 564 via data network 500 and network node 564 receives data packet 148 via data network 500.
  • Network node 562 matches criteria 683 against data packet 148.
  • network node 562 retrieves virtual service network address 541 from data packet 148.
  • criteria 683 include virtual service network address 686.
  • Network node 562 matches virtual service network address 541 with virtual service network address 686.
  • virtual service network address 686 includes virtual service network address 541 and network node 562 finds a match between virtual service network address 541 and virtual service network address 686.
  • virtual service network address 686 includes a transport layer address such as TCP port number, UDP port number or other transport layer information.
  • Network node 562 retrieves transport layer address from data packet 148 and compares the transport layer address with virtual service network address 686.
  • network node 562 finds a match of the transport layer addresses, network node 562 determines that packet forwarding policy 681 is to be applied to data packet 148.
  • virtual service network address 686 includes a range of network addresses. In finding that virtual service network address 541 is included in the range of network addresses, network node 562 determines there is a match. In one embodiment, virtual service network address 686 includes a range transport layer addresses. In finding that the transport layer address of data packet 148 is included in the range of transport layer addresses, network node 562 determines there is a match.
  • criteria 683 include client network address 687.
  • Network node 562 obtains client device network address 101 from data packet 148 and compares client network address 687 with client device network address 101. If there is a match, network node 562 determines packet forwarding policy 681 is applicable.
  • client network address 687 includes a range of network addresses. In finding that client device network address 101 is included in the range of network addresses, network node 562 determines there is a match.
  • destination 685 indicates a modification process prior to transmission.
  • Network node 562 applies the modification in destination 685 prior to informing network interface 674.
  • destination 645 indicates an IP tunneling modification, a VLAN modification, a MPLS modification, a L2TP tunnel, a IP- in-IP tunnel, a IPv6-v4 tunnel modification, a IPSec modification, a packet header modification, a packet payload modification, a layer 2 over layer 2 tunnel modification, a layer 3 over layer 2 tunnel modification, a layer 3 over layer 3 tunnel modification, or other modification related to network interface 674.
  • Network confisuration module 821 includes packet forwarding policy 641 which contains a policy to forward a data packet to service load balancer 534 or network node 564.
  • Network configuration module 821 sends packet forwarding policy 641 to network node 562.
  • network configuration module 821 is a network management system.
  • network configuration module 821 is a software module within a service load balancer, such as service load balancer 534.
  • network configuration module 821 is an administrative computing device, wherein a network administrative user provides packet forwarding policy 641 to network configuration module 821.
  • network configuration module 821 connects to storage 823 wherein storage 823 includes packet forwarding policy 641.
  • Network configuration module 821 retrieves packet forwarding policy 641 and sends to network node 562.
  • storage 823 includes other packet forwarding policies.
  • network configuration module 821 receives packet forwarding policy 641 from administrator 120, and stores packet forwarding policy 641 into storage 823.
  • network configuration module 821 connects to service load balancer 534 and detects a change to service load balancer 534, and in response, network configuration module 821 generates packet forwarding policy 641.
  • a change can be due to a change to virtual service 540 of service load balancer 534, or availability of service load balancer 534.
  • service load balancer 534 sends packet forwarding policy 641 to network configuration module 821.
  • network configuration module 821 connects to network node 564 and detects a change to network node 564, and in response, network configuration module 821 generates packet forwarding policy 641.
  • network configuration module 821 connects to virtual service network 510 and data network 500.
  • Network configuration module 821 detects a change to virtual service network 510 or data network 500.
  • network configuration module 821 generates packet forwarding policy 641.
  • network configuration module 821 detects a change in network node 562 and generates packet forwarding policy 641 .
  • network configuration module 821 instructs network node 562 to remove packet forwarding policy 641.
  • network configuration module 821 detects a change in network node 564, service load balancer 534, data network 500, virtual service network 510, or network node 562 and determines packet forwarding policy 641 is to be removed.
  • network configuration module 821 removes packet programming policy 641 from storage 823.
  • network configuration module 821 receives a command from administrator 120 to remove packet programming policy 641. In one embodiment, network configuration module 821 receives a command from service load balancer 534 to remove packet programming policy 641.
  • FIG. 7 illustrates several embodiments of different packet forwarding policies according to an embodiment of the present invention.
  • network node 562 includes packet forwarding policy 641 and packet forwarding policy 642.
  • Packet forwarding policy 641 and packet forwarding 642 include the same criteria 643.
  • Packet forwarding policy 641 includes destination 645 that is different from destination 646 in packet forwarding policy 642.
  • destination 645 is for server load balancer 532 or a network node (not shown), whereas destination 646 is for service load balancer 534, which is different from service load balancer 532.
  • network node 562 receives data packet 148 from client device 100 and matches information in data packet 148 with criteria 643.
  • Network node 562 finds both packet forwarding policy 641 and packet forwarding policy 642 applicable.
  • Network node 562 selects packet forwarding policy 641 based on additional information.
  • packet forwarding policy 641 includes multi-path factor 648 while packet forwarding policy 642 includes multi-path factor 649.
  • Network node 562 selects packet forwarding policy 641 based on multi-path factor 648 and multi-path factor 649.
  • multi-path factor 648 indicates a primary path while multi-factor 648 indicates a sernnHnr nnth Network node 562 selects packet forwarding policy ⁇ 1 T embodiment, multi-path factor 648 includes a status indicating if service load balancer 532 is available. If multi-path factor 648 status indicates service load balancer 532 is available and multi-path factor 649 status indicates service load balancer 534 is not available, network node 562 selects packet forwarding policy 641.
  • packet forwarding policy 641 includes traffic policy 649 such as traffic shaping, traffic management, quality of service, bandwidth management, packet access control or queuing parameters.
  • Traffic policy 649 such as traffic shaping, traffic management, quality of service, bandwidth management, packet access control or queuing parameters.
  • Network node 562 applies traffic policy 649 or instructs network module 670 to apply traffic policy 649.
  • server pool 200 serves service 240 and service 250.
  • service load balancer pool 530 provides virtual services 540 and 550 corresponding to service 240 and service 250 respectively.
  • Network node 562 will include at least one packet forwarding policy for virtual service 540 and one packet forwarding policy for virtual service 550.
  • the network node 562 determines whether the data packet is for virtual service 540 or virtual service 550. If the data packet is for virtual service 540, then the network node 562 processes the data packet according to the packet forwarding policies for virtual service 540. If the data packet is for virtual service 550, then the network node 562 processes the data packet according to the packet forwarding policies for virtual service 550.

Abstract

In providing packet forwarding policies in a virtual service network that includes a network node and a pool of service load balancers serving a virtual service, the network node: receives a virtual service session request from a client device, the request including a virtual service network address for the virtual service; compares the virtual service network address in the request with the virtual service network address in each of a plurality of packet forwarding policies; in response to finding a match between the virtual service network address in the request and a given virtual service network address in a given packet forwarding policy, determines the given destination in the given packet forwarding policy; and sends the request to a service load balancer in the pool of service load balancers associated with the given destination, where the service load balancer establishes a virtual service session with the client device.

Description

FORWARDING POLICIES ON A VIRTUAL SERVICE NETWORK
BACKGROUND OF THE INVENTION
FIELD
[0001] This invention relates generally to data communications, and more specifically, to a virtual service network.
BACKGROUND
[0002] Service load balancers such as server load balancers or application delivery controllers typically balance load among a plurality of servers providing network services such as Web documents, voice calls, advertisements, enterprise applications, video services, gaming, or consuming broadband services. A service is used by many client computers. Some services are offered for few clients and some services are offered to many clients. Typically a service is handled by a service load balancer. When there are many clients utilizing the service at the same time, the service load balancer will handle the distribution of client service accesses among the servers. However, as the capacity of the service load balancer is reached, a network administrator cannot easily add a second service load balancer, since a service is typically assigned to an IP address of the service load balancer. Adding another service load balancer having the same IP address for the service is not possible in a data network. Network nodes in the data network would not be able to determine which service load balancer to send a client service access to.
[0003] The scaling of service demand has not been a problem in the past as computing capacity of service load balancer was able to keep up with client service demand. However, as mobile computing becomes pervasive and as more traditional non networking services such as television, gaming, and advertisement are migrating to data networks, the demand for client services has surpassed the pace of processing improvement. The need to scale to a plurality of service load balancers to support a network service is imminent.
[0004] The present invention describes a virtual service network wherein network nodes in the virtual service network are capable of processing client service sessions of a network service and forwarding the sessions to a plurality of service load balancers. BRIEF SUMMARY OF THE INVENTION
[0005] According to one embodiment of the present invention, a method for providing forwarding policies in a virtual service network, the virtual service network comprising a network node and a pool of service load balancers serving a virtual service associated with a virtual service network address, comprises: (a) receiving a virtual service session request from a client device by the network node, the virtual service session request comprising the virtual service network address for the virtual service served by the pool of service load balancers, wherein the network node comprises a plurality of packet forwarding policies, each packet forwarding policy comprising a virtual service network address associated with a destination; (b) comparing by the network node the virtual service network address in the virtual service session request with the virtual service network address in each packet forwarding policy; (c) in response to finding a match between the virtual service network address in the virtual service session request and a given virtual service network address in a given packet forwarding policy, determining the given destination in the given packet forwarding policy by the network node; and (d) sending the virtual service session request to a service load balancer in the pool of service load balancers associated with the given destination, wherein the service load balancer establishes a virtual service session with the client device.
[0006] In one aspect of the present invention, after the service load balancer establishes the virtual service session with the client device, the method further comprises: (e) receiving a virtual service request from the client device through the virtual service session by the network node, the virtual service request comprising the virtual service network address for the virtual service; (f) comparing by the network node the second virtual service network address in the virtual service request with the virtual service network address in each packet forwarding policy; (g) in response to finding a match between the virtual service network address in the virtual service request and a second given virtual service network address in a second given packet forwarding policy, determining a second given destination in the second given packet forwarding policy by the network node; and (h) sending the virtual service request to a second service load balancer associated with the second given
— *T,„ netWork node. [0007] In one aspect of the present invention, the method further comprises: (i) receiving a virtual service data packet from the client device through the virtual service session by the network node, the virtual service data packet comprising the virtual service network address for the virtual service; (]) comparing by the network node the virtual service network address in the virtual service data packet with the virtual service network address in each packet forwarding policy; (k) in response to finding a match between the virtual service network address in the virtual service data packet and a third given virtual service network address in a third given packet forwarding policy, determining a third given destination in the third given packet forwarding policy by the network node; and (i) sending the virtual service data packet to a third service load balancer associated with the third given destination by the network node.
[0008] In one aspect of the present invention, the service load balancer, the second service load balancer, and the third service load balancer are the same service load balancer.
[0009] In one aspect of the present invention, the method further comprises: (e) receiving a data packet of the virtual service session by the network node from the service load balancer over a data network, the data packet comprising a client network address of the client device; (f) retrieving the client network address from the data packet by the network node; and (g) sending the data packet to the client device using the client network address by the network node.
[0010] In one aspect of the present invention, the data packet comprises a virtual service session request response or a virtual service request response.
[0011] In one aspect of the present invention, the given destination comprises a second network node, wherein the sending (d) comprises: (dl) sending the virtual service session request to the second network node, wherein the second network node comprises a second plurality of packet forwarding policies, each of the second packet forwarding policies comprising a second virtual service network address associated with a second destination; (d2) comparing by the second network node the virtual service network address in the virtual service session request with the virtual service network address in each of the second nnrket fnrwnrHiri CT policies; (d3) in response to finding a match between 1 ' 1 network address in the virtual service session request and a second given virtual service network address in a second given packet forwarding policy, determining a second given destination in the second given packet forwarding policy by the second network node; and (d4) sending the virtual service session request to the service load balancer associated with the second given destination, wherein the service load balancer establishes a virtual service session with the client device.
[0012] In one aspect of the present invention, the determining (c) comprises: (cl) finding by the network node that the virtual service network address in the virtual service session request matches a first virtual service network address in a first packet forwarding policy and a second virtual network address in a second packet forwarding policy; (c2) selecting by the network node either the first packet forwarding policy or the second packet forwarding policy based on additional information comprised in the first and second packet forwarding policies; and (c3) determining the given destination in the selected packet forwarding policy by the network node.
[0013] In one aspect of the present invention, wherein the additional information comprises one or more of the following: a multi-path factor; and a traffic policy.
[0014] In one aspect of the present invention, the first packet forwarding policy comprises a first destination associated with a first service load balancer in the pool of service load balancers, and the second packet forwarding policy comprises a second destination associated with a second service load balancer in the pool of service load balancers, wherein the first service load balancer is different from the second service load balancer, wherein the determining (c3) comprises: (c3i) in response to selecting the first packet forwarding policy, determining the first destination associated with the first service load balancer in the first packet forwarding policy by the network node; and (c3ii) in response to selecting the second packet forwarding policy, determining the second destination in the second packet forwarding policy in the second packet forwarding policy by the network node.
[0015] In one aspect of the present invention, the network node comprises a first plurality of packet forwarding policies for a first virtual service and a second plurality of packet fnrwnrHiri CT nnliHes for a second virtual service, wherein the comparing s ' " 1 s determining by the network node whether the virtual service session request is for the first virtual service or the second virtual service; (b2) in response to determining that the virtual service session request is for the first virtual service, comparing by the network node the virtual service network address in the virtual service session request with a virtual service network address in each of the first plurality of packet forwarding policies; and (b3) in response to determining that the virtual service session request is for the first virtual service, comparing by the network node the virtual service network address in the virtual service session request with a virtual service network address in each of the second plurality of packet forwarding policies.
[0016] In one aspect of the present invention, the virtual service session request further comprises a client network address of the client device, and each packet forwarding policy further comprises a client network address associated with the destination, wherein the comparing (b) and the determining (c) comprise: (bl) comparing by the network node the virtual service network address in the virtual service session request with the virtual service network address in each packet forwarding policy; (b2) comparing by the network node the client network address in the virtual service session request with the client network address in each packet forwarding policy; and (cl) in response to finding the match between the virtual service network address in the virtual service session request and the given virtual service network address in the given packet forwarding policy, and in response to finding a match between the client network address in the virtual service session request and the given client network address in the given packet forwarding policy, determining the given destination in the given packet forwarding policy by the network node.
[0017] System and computer program products corresponding to the above- summarized methods are also described and claimed herein.
[0018] According to another embodiment of the present invention, a method for providing forwarding policies in a virtual service network, the virtual service network comprising a network node and a pool of service load balancers serving a virtual service associated with a virtual service network address, comprising: (a) receiving a virtual service session request from a client device by the network node, the virtual service session request comprising a client device network address for the client device and the virtual service network address for the virtual service served by the pool of service load balancers, wherein the network node comprises a plurality of packet forwarding policies, each packet forwarding policy comprising a client network address and a virtual service network address associated with a destination; (b) comparing by the network node the virtual service network address in the virtual service session request with a first virtual service network address in a first packet forwarding policy of the plurality of packet forwarding policies, and comparing the client device network address in the virtual service session request with a first client network address in the first packet forwarding policy; (c) in response to determining that the virtual service network address in the virtual service session request matches the first virtual service network address, and determining that the client device network address in the virtual service session request does not match the first client network address, determining by the network node that the first packet forwarding policy does not apply to the virtual service session request; (d) in response to determining that the first packet forwarding policy does not apply, comparing by the network node the virtual service network address in the virtual service session request with a second virtual service network address in a second packet forwarding policy of the plurality of packet forwarding policies, and comparing the client device network address in the virtual service session request with a second client network address in the second packet forwarding policy; (e) in response to determining that the virtual service network address in the virtual service session request matches the second virtual service network address, and determining that the client device network address in the virtual service session request matches the second client network address, determining by the network node that the second packet forwarding policy applies to the virtual service session request; (f) in response to determining that the second packet forwarding policy applies, determining a given destination in the second packet forwarding policy by the network node; and (g) sending the virtual service session request to a service load balancer in the pool of service load balancers associated with the given destination, wherein the service load balancer establishes a virtual service session with the client device. BRIEF DESCRIPTION OF THE SEVERAL VIEWS OF THE FIGURES
[0019] Figure 1 illustrates a virtual service network for a service according to an
embodiment of the present invention.
[0020] Figure 2a illustrates a component view of network node according to an embodiment of the present invention.
[0021] Figure 2b illustrates a component view of service load balancer according to an embodiment of the present invention.
[0022] Figure 2c illustrates a component view of server according to an embodiment of the present invention.
[0023] Figure 3 illustrates a virtual service session according to an embodiment of the present invention.
[0024] Figure 3a illustrates processing of a virtual service session request according to an embodiment of the present invention.
[0025] Figure 3b illustrates processing of a virtual service request according to an embodiment of the present invention.
[0026] Figure 3c illustrates processing of a virtual service data packet according to an embodiment of the present invention.
[0027] Figure 4 illustrates processing of a data packet from service load balancer to client device according to an embodiment of the present invention.
[0028] Figure 5 illustrates a via network node according to an embodiment of the present invention.
[0029] Figure 5a illustrates forwarding a virtual service data packet to a via network node according to an embodiment of the present invention. [0030] Figure 6 illustrates a network node configuration according to an embodiment of the present invention.
[0031] Figure 7 illustrates packet forwarding policies with other information according to an embodiment of the present invention.
[0032] Figure 8 illustrates a virtual service network supporting multiple services according to an embodiment of the present invention.
DETAILED DESCRIPTION OF THE INVENTION
[0033] The present invention can take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment containing both hardware and software elements. In a preferred embodiment, the present invention is implemented in software, which includes but is not limited to firmware, resident software, microcode, etc.
[0034] Furthermore, the present invention can take the form of a computer program product accessible from a computer-usable or computer-readable medium providing program code for use by or in connection with a computer or any instruction execution system. For the purposes of this description, a computer-usable or computer readable medium can be any apparatus that can contain, store, communicate, propagate, or transport eh program for use by or in connection with the instruction execution system, apparatus, or device.
[0035] The medium can be an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system (or apparatus or device) or a propagation medium. Examples of a computer-readable medium include a semiconductor or solid state memory, magnetic tape, a removable computer diskette, a random access memory (RAM), a read-only memory (ROM), a rigid magnetic disk and an optical disk. Current examples of optical disks include compact disk - read only memory (CD-ROM), compact disk - read/write (CD-R/W) and DVD.
[0036] A data processing system suitable for storing and/or executing program code will include at least one processor coupled directly or indirectly to memory elements through a system bus. The memory elements can include local memory employed during actual execution of the program code, bulk storage, and cache memories which provide temporary storage of at least some program code in order to reduce the number of times code must be retrieved from bulk storage during execution.
[0037] Input/output or I/O devices (including but not limited to keyboards, displays, point devices, etc.) can be coupled to the system either directly or through intervening I/O controllers.
[0038] Network adapters may also be coupled to the system to enable the data processing system to become coupled to other data processing systems or remote printers or storage devices through intervening private or public networks. Modems, cable modem and Ethernet cards are just a few of the currently available types of network adapters.
[0039] The flowchart and block diagrams in the Figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present invention. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified local function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially
concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware-based systems that perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
[0040] The terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the invention. As used herein, the singular forms "a", "an" and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise. It will be further understood that the terms "comprises" and/or "comprising," when used in this specification, specify the presence of stated features, integers stens nnerations, elements, and/or components, but do not pre< 1 1 1 addition of one or more other features, integers, steps, operations, elements, components, and/or groups thereof.
[0041] Figure 1 illustrates a virtual service network for a service according to an
embodiment of the present invention. Virtual service network 510 includes a network node 562 and a service load balancer pool 530, which includes, in one embodiment, a plurality of service load balancers 532, 534. Network node 562 and service load balancer pool 530 are connected in virtual service network 510 such that network node 562 can forward packets to service load balancers 532-534 and vice versa.
[0042] In one embodiment, virtual service network 510 is configured over a data network 500. In this embodiment, network node 562 and service load balancers 532-534 are a part of data network 500. In one embodiment, network node 562 connects directly to service load balancers 532-534 and forwards data packets directly to service load balancers 532-534. In one embodiment, network node 562 forwards data packets through one or more network elements (not shown) in data network 500.
[0043] In one embodiment, service load balancers 532-534 send data packets to network node 562 through data network 500, using one or more network elements in data network 500 if necessary.
[0044] In one embodiment, data network 500 includes an Internet Protocol (IP) network, a corporate data network, a regional corporate data network, an Internet service provider network, a residential data network, a wired network such as Ethernet, a wireless network such as a WiFi network, or a cellular network. In one embodiment, data network 500 resides in a data center, or connects to a network or application network cloud.
[0045] In one embodiment, network node 562 includes, in addition to that described later in this specification, the functionality of a network switch, an Ethernet switch, an IP router, an ATM switch, a stackable switch, a broadband remote access system (BRAS), a cable headend, a mobile network gateway, a home agent gateway (HA-Gateway), a PDSN, a GGSN, a broadband gateway, a VPN gateway, a firewall, or a networking device capable of forwarding packets in data network 500. [0046] In some embodiments, service load balancer 534 includes functionality of a server load balancer, an application delivery controller, a service delivery platform, a traffic manager, a security gateway, a component of a firewall system, a component of a virtual private network (VPN), a load balancer for video servers, a gateway to distribute load to one or more servers, or a gateway performing network address translation (NAT).
[0047] Service load balancer pool 530 connects to server pool 200, which in an embodiment includes a plurality of servers 212, 214, 216. Servers 212-216 of server pool 200 serves service 240. Service load balancers 532-534 of service load balancer pool 530 serves service 240 as virtual service 540.
[0048] In some embodiments, server 212 includes functionality of a Web server, a file server, a video server, a database server, an application server, a voice system, a
conferencing server, a media gateway, a media center, an app server or a network server providing a network or application service to client device 100 using a Web protocol.
[0049] In some embodiments, service 240 includes a Web service, a HTTP service, a FTP service, a file transfer service, a video or audio streaming service, an app download service, an advertisement service, an on-line game service, a document access service, a
conferencing service, a file sharing service, a group collaboration service, a database access service, an on-line transaction service, a Web browsing service, a VOIP service, a notification service, a messaging service, or an Internet data communication service.
[0050] Each service load balancer, for example service load balancer 532, can exchange data packets to one or more servers in server pool 200.
[0051] Client device 100 is a computing device connecting to virtual service network 510. In one embodiment, in order to utilize service 240, client device 100 establishes a virtual service session 140 for virtual service 540 with service load balancer pool 530 through virtual service network 510. Service load balancer pool 530 establishes service session 340 with server pool 200 and relays data packets between virtual service session 140 and service session 340. In this embodiment, server pool 200 provides the service 240 to client device 100. In some embodiments, client device 100 is a personal computer, a laptop computer, a desktop computer, a smartphone, a feature phone, a tablet computer, an e-reader, an end-use networked device, a server computer, a service proxy computer, a service gateway, a business computer, a server computer, or a computer requesting service 240.
[0052] Figures 2a-2c illustrate components of network node 562, service load balancer 534, and server 212 according to an embodiment of the present invention.
[0053] In one embodiment illustrated in figure 2a, network node 562 includes processor module 630, packet processing module 650, and network module 670. In one embodiment, processor module 630 includes one or more processors and a computer readable medium storing programming instructions. In one embodiment, processor module 630 includes storage such as random accessible memory (RAM). In one embodiment, packet processing module 650 includes a processor or a network processor capable of processing data packets. In one embodiment, packet processing module 650 is part of processor module 630. In one embodiment, packet processing module 650 is a physical card or module housing a network processor. In one embodiment packet processing module 650 includes storage such as random access memory (RAM), context addressable memory (CAM), tertiary CAM
(TCAM), static random access memory (SRAM) or other memory component. In one embodiment, packet processing module 650 includes a plurality of programming
instructions. In one embodiment, network module 670 interacts with data network 500 and virtual service network 510 to transmit and receive data packets. In one embodiment, network module 670 includes a plurality of network interfaces such as network interface 671, network interface 672 and network interface 674. Each of the network interfaces connect to another network component. For example, in one embodiment, network interface 671 connects to client device 100; network interface 672 connects to service load balancer 532; and network interface 674 connects to service load balancer 534. In one embodiment, network interface 671 connects to client device 100 and service load balancer pool 530. In one embodiment, network interface 671 is an Ethernet, Gigabit Ethernet, 10-Gigabit Ethernet, ATM, MPLS, wireless network, or optical network interface.
[0054] Figure 2b illustrates a service load balancer such as service load balancer 534 according to an embodiment of the present invention. In one embodiment, service load balancer 534 includes processor module 734, virtual service processing module 754 and network module 774. Network module 774 interacts with data network 500 and virtual service network 510 to transmit and receive data packets. In one embodiment, network module 774 exchanges data packets with network node 562 and server pool 200. Network module 774 includes a network interface card or network interface module connecting to data network 500 and virtual service network 510. In one embodiment, processor module 734 includes a processor and computer readable medium storing programming instructions. In one embodiment, virtual service processing module 754 includes a physical hardware comprising a processor or a network processor, a memory module such as RAM. In one embodiment, virtual service processing module 754 is included in processor module 734. In one embodiment, virtual service processing module 754 includes storage storing
programming instructions.
[0055] Figure 2c illustrates a server, such as server 212, according to an embodiment of the present invention. In one embodiment, server 212 includes processor module 832, service processing module 852 and network module 872. Network module 872 interacts with virtual service network 510 to transmit or receive data packets. In one embodiment, network module 872 exchanges data packets with service load balancer pool 530. Network module 872 includes a network interface card or network interface module connecting to data network 510 or virtual service network 510. In one embodiment, processor module 832 includes a processor and computer readable medium storing programming instructions. In one embodiment, service processing module 852 includes a physical hardware comprising a processor or a network processor, a memory module such as RAM. In one embodiment, service processing module 852 is included in processor module 832. In one embodiment, service processing module 852 includes storage storing programming instructions executed by server 212.
[0056] Figure 3 illustrates a session between client device and a server according to an embodiment of the present invention. In one embodiment, client device 100 uses service 240 by conducting virtual service session 140 using virtual service 540. In one embodiment, virtual service session 140 is a IP session, a UDP session, a TCP session, a SIP session, an ICMP session, a GRE session, a RTSP session, an SSL session, a HTTPS session, or a HTTP session. In one embodiment, virtual service 540 includes a virtual service network address 541, such as an IP network address. In one embodiment, the virtual service network address 541 is shared among the service load balancers in the service load balancer pool 530. In one embodiment, virtual service network address 541 includes a transport layer identity such as a port number, a TCP port, a UDP port. In one embodiment, client device 100 sends a virtual service session request 142, such as a TCP session request data packet, to network node 562. Virtual service session request 142 includes virtual service network address 541. In one embodiment, network node 562 determines that virtual service session request 142 is to be sent to service load balancer 534, based on virtual service network address 541. Service load balancer 534 establishes virtual service session 140 with client device 100.
[0057] After establishing virtual service session 140, client device 100 sends a virtual service request 144 through virtual service session 140 to service load balancer 534. Service load balancer 534 determines that virtual service request 144 is to be relayed to server 212. Subsequently client device 100 exchanges virtual service data packet 146 with server 212 via service load balancer 534.
[0058] Figure 3a illustrates processing of virtual service session request 142 according to an embodiment of the present invention. Client device 100 sends virtual service session request 142 to network node 562. In one embodiment, virtual service session request 142 data packet includes virtual service network address 541, and client network address 101. In one client network address 101 includes an IP address of client device 100, and optionally a transport layer address. Network node 562 selects service load balancer 534, based on a packet forwarding policy 641, and forwards virtual service session request 142 to service load balancer 534. Packet forwarding policy 641 includes criteria 643 and destination 645. Criteria 643 contain matching information for network node 562 to match against virtual service session request 142. Destination 645 includes information to transmit virtual service session request 142. In one embodiment, destination 645 indicates using network interface 674 to transmit virtual service session request 142. Network node 562 informs network module 670 to transmit virtual service session request 142 using interface 674. In one embodiment, network interface 674 directly connects to service load balancer 534 and service load balancer 534 receives virtual service session request 142. In one embodiment, network interface 674 connects to service load balancer 534 via data network 500 and service load balancer 534 receives virtual service session request 142 via data network 500.
[0059] Network node 562 compares criteria 643 against virtual service session request 142. In one embodiment, network node 562 retrieves virtual service network address 541 from virtual service session request 142. In one embodiment, criteria 643 include virtual service network address 646. Network node 562 compares virtual service network address 541 with virtual service network address 646. In one embodiment, virtual service network address 646 includes virtual service network address 541 and network node 562 finds a match between virtual service network address 541 and virtual service network address 646. In response to finding a match between virtual service network address 541 and virtual service network address 646, the network node 562 applies the packet forwarding policy 641 to the virtual service session request 142 by informing the network module 670 to transmit the virtual service session request 142 using the network interface 674 indicated by destination 645.
[0060] In one embodiment, virtual service network address 646 includes a transport layer address such as TCP port number, UDP port number or other transport layer information. Network node 562 retrieves transport layer address from virtual service network address 541 and compares with virtual service network address 646. In one embodiment, network node 562 finds a match of the transport layer addresses, network node 562 determines that packet forwarding policy 641 is to be applied to virtual service session request 142. In one embodiment, virtual service network address 646 includes a range of network addresses. In finding that virtual service network address 541 is included in the range of network addresses, network node 562 determines there is a match. In one embodiment, virtual service network address 646 includes a range of transport layer addresses. In finding that transport layer address of virtual service network address 541 is included in the range of transport layer addresses, network node 562 determines there is a match. [0061] In one embodiment, criteria 643 include client network address 647. Network node 562 obtains client device network address 101 from virtual service session request 142 and compares client network address 647 with client device network address 101. If there is a match, network node 562 determines packet forwarding policy 641 is applicable. In one embodiment, client network address 647 includes a range of network addresses. In finding that client device network address 101 is included in the range of network addresses, network node 562 determines there is a match.
[0062] In one embodiment, network node 562 further includes another packet forwarding policy 651. Packet forwarding policy 651 includes criteria 652, which includes a client network address 653 different from client network address 647 and the same virtual service network address 646 as packet forwarding policy 641. Network node 562 obtains virtual service network address 541 and client device network address 101 from virtual service session request 142. In one embodiment, network node 562 first determines whether packet forwarding policy 651 applies to virtual service session request 142. Network node 562 compares client network address 653 in packet forwarding policy 651 with client device network address 101, and compares virtual service network address 646 in packet forwarding policy 651 with virtual service network address 541. In response to determining that there is no match between the client network address 653 and client device network address 101, the network node 562 determines that packet forwarding policy 651 does not apply. In one embodiment client network address 653 includes a range of network addresses. In finding that client device network address 101 is not included in the range of network addresses, network node 562 determines there is no match.
[0063] Network node 562 then determines whether a different packet forwarding policy applies. In one embodiment, after determining that packet forwarding policy 651 does not apply, network node 562 determines whether packet forwarding policy 641 applies.
Network node compares client network address 647 in packet forwarding policy 641 with client device network address 101, and compares virtual service network address 646 in packet forwarding policy 641 with virtual service network address 541. In response to finding a match between client network address 647 and client network address 101 and a match between the virtual service network address 646 and virtual service network address 541, network node 562 determines packet forwarding policy 641 is applicable.
[0064] Upon receiving virtual service session request 142, service load balancer 534 processes the session request 142 and replies with a virtual service session request response 143, comprising one or more data packets to be transmitted to client device 100. A process to send data packet 143 will be discussed in a later illustration.
[0065] In one embodiment, destination 645 includes a modification procedure prior to transmission. Network node 562 applies the modification procedure in destination 645 prior to informing network interface 674. In one embodiment, destination 645 indicates a IP tunneling modification, a VLAN modification, a MPLS modification, a L2TP tunnel, a IP- in-IP tunnel, a IPv6-v4 tunnel modification, a IPSec modification, a packet header modification, a packet payload modification, or other modification procedure related to network interface 674.
[0066] Figure 3b illustrates processing of virtual service request 144 according to an embodiment of the present invention. Client device 100 sends virtual service request 144 data packet to network node 562, where the virtual service request 144 includes a virtual service network address 541. In one embodiment, network node 562 processes virtual service request 144 using a similar process illustrated in figure 3a, matching the criteria from packet forwarding policy 641 with virtual service request 144 having virtual service network address 541. Network node 562 sends virtual service request 144 to service load balancer 534 according to the application of the matching packet forwarding policy 641.
[0067] Service load balancer 534 receives and processes virtual service request 144.
Service load balancer 534 selects server 212 to service virtual service request 144 and sends the virtual service request 148 to the server 212. The selection of server 212 is known to those skilled in the art. Any and all such selection process is considered as a part of an embodiment of the present invention and is not described in this specification. Server 212 responds to the virtual service request 148 with a service request response 245 and sends the service request response 245 to service load balancer 534. Service load balancer 534 creates virtual ser ire renuest response 145 and sends the service request respoi 1 ^ ' 1 - ' device 100. An embodiment to send virtual service request 145 from service load balancer 534 to client device 100 will be described in a later illustration in this specification.
[0068] Figure 3c illustrates processing of virtual service data packet 146 according to an embodiment of the present invention. Client device 100 sends virtual service data packet 146 to network node 562, where the virtual service data packet 146 includes a virtual service network address 541. In one embodiment, network node 562 processes virtual service data packet 146 in a similar process illustrated in figure 3a, matching the criteria from packet forwarding policy 641 with virtual service data packet 146 having virtual service network address 541. Network node 562 sends virtual service data packet 146 to service load balancer 534. Service load balancer 534 generates service packet 546 using virtual service data packet 146, and sends service packet 546 to server 212. The process of generating service packet 546 using virtual service data packet 146 is known to those skilled in the art and is not described in this specification.
[0069] Figure 4 illustrates a process to forward a data packet from service load balancer 534 to client device 100 according to an embodiment of the present invention. In one embodiment, service load balancer 534 sends a data packet 147 of service session 140 to network node 562. In one embodiment, data packet 147 may be virtual service session request response 143 or virtual service request response 145. Data packet 147 includes client device network address 101 of client device 100 as a destination for data packet 147. Service load balancer 534 sends data packet 147 through data network 500 to network node 562, and network node 562 receives data packet 147 from data network 500. In one embodiment, data packet 147 traverses through virtual service network 510 before it is received by network node 562.
[0070] Network node 562 retrieves destination client device network address 101 from data packet 147, and determines that data packet 147 is to be sent to client device 100, based on the retrieved client device network address 101.
[0071] In one embodiment illustrated in figure 5, virtual service network 510 includes a network node 564 connected with network node 562 and service load balancer 534.
etwork nnHe 567. connects to client device 100. Network node 562 rec ' ' ' 1 data packet 148 of virtual service session 140 from client device 100. Network node 562 selects network node 564 to receive virtual service data packet 148 from network node 562. Figure 5a illustrates a process for network node 562 to select network node 564 according to an embodiment of the present invention. Network node 564 receives and processes virtual service data packet 148. Network node 564 sends virtual service data packet 148 to service load balancer 534 according to an embodiment process illustrated in figures 3, 3a-3c.
[0072] Figure 5a illustrates a process of network node 562 to send a virtual service data packet 148 from client device 100 to network node 564 according to an embodiment of the present invention. Client device 100 sends virtual service data packet 148 to network node 562. In one embodiment, data packet 148 includes virtual service network address 541, and client network address 101. Network node 562 selects network node 564, based on a packet forwarding policy 681, and forwards data packet 148 to network node 564. Packet forwarding policy 681 includes criteria 683 and destination 685. Criteria 683 contain matching information for network node 562 to compare against data packet 148.
Destination 685 indicates information to transmit data packet 148. In one embodiment, destination 685 indicates network interface 674 is to be used to transmit data packet 148. Network node 562 informs network module 670 to transmit data packet 148 using interface 674. In one embodiment, network interface 674 directly connects to network node 564 and network node 564 receives data packet 148. In one embodiment, network interface 674 connects to network node 564 via data network 500 and network node 564 receives data packet 148 via data network 500.
[0073] Network node 562 matches criteria 683 against data packet 148. In one embodiment, network node 562 retrieves virtual service network address 541 from data packet 148. In one embodiment, criteria 683 include virtual service network address 686. Network node 562 matches virtual service network address 541 with virtual service network address 686. In one embodiment, virtual service network address 686 includes virtual service network address 541 and network node 562 finds a match between virtual service network address 541 and virtual service network address 686. [0074] In one embodiment, virtual service network address 686 includes a transport layer address such as TCP port number, UDP port number or other transport layer information. Network node 562 retrieves transport layer address from data packet 148 and compares the transport layer address with virtual service network address 686. In one embodiment, network node 562 finds a match of the transport layer addresses, network node 562 determines that packet forwarding policy 681 is to be applied to data packet 148. In one embodiment, virtual service network address 686 includes a range of network addresses. In finding that virtual service network address 541 is included in the range of network addresses, network node 562 determines there is a match. In one embodiment, virtual service network address 686 includes a range transport layer addresses. In finding that the transport layer address of data packet 148 is included in the range of transport layer addresses, network node 562 determines there is a match.
[0075] In one embodiment, criteria 683 include client network address 687. Network node 562 obtains client device network address 101 from data packet 148 and compares client network address 687 with client device network address 101. If there is a match, network node 562 determines packet forwarding policy 681 is applicable. In one embodiment, client network address 687 includes a range of network addresses. In finding that client device network address 101 is included in the range of network addresses, network node 562 determines there is a match.
[0076] In one embodiment, destination 685 indicates a modification process prior to transmission. Network node 562 applies the modification in destination 685 prior to informing network interface 674. In one embodiment, destination 645 indicates an IP tunneling modification, a VLAN modification, a MPLS modification, a L2TP tunnel, a IP- in-IP tunnel, a IPv6-v4 tunnel modification, a IPSec modification, a packet header modification, a packet payload modification, a layer 2 over layer 2 tunnel modification, a layer 3 over layer 2 tunnel modification, a layer 3 over layer 3 tunnel modification, or other modification related to network interface 674.
[0077] Figure 6 illustrates a process to configure a network node with a packet forwarding policy according to an embodiment of the present invention. Network confisuration module 821 includes packet forwarding policy 641 which contains a policy to forward a data packet to service load balancer 534 or network node 564. Network configuration module 821 sends packet forwarding policy 641 to network node 562. In one embodiment, network configuration module 821 is a network management system. In one embodiment, network configuration module 821 is a software module within a service load balancer, such as service load balancer 534. In one embodiment, network configuration module 821 is an administrative computing device, wherein a network administrative user provides packet forwarding policy 641 to network configuration module 821. In one embodiment network configuration module 821 connects to storage 823 wherein storage 823 includes packet forwarding policy 641. Network configuration module 821 retrieves packet forwarding policy 641 and sends to network node 562. In one embodiment, storage 823 includes other packet forwarding policies.
[0078] In one embodiment, network configuration module 821 receives packet forwarding policy 641 from administrator 120, and stores packet forwarding policy 641 into storage 823.
[0079] In one embodiment, network configuration module 821 connects to service load balancer 534 and detects a change to service load balancer 534, and in response, network configuration module 821 generates packet forwarding policy 641. In one embodiment, a change can be due to a change to virtual service 540 of service load balancer 534, or availability of service load balancer 534. In one embodiment, service load balancer 534 sends packet forwarding policy 641 to network configuration module 821.
[0080] In one embodiment, network configuration module 821 connects to network node 564 and detects a change to network node 564, and in response, network configuration module 821 generates packet forwarding policy 641.
[0081] In one embodiment, network configuration module 821 connects to virtual service network 510 and data network 500. Network configuration module 821 detects a change to virtual service network 510 or data network 500. In response, network configuration module 821 generates packet forwarding policy 641. [0082] In one embodiment, network configuration module 821 detects a change in network node 562 and generates packet forwarding policy 641 .
[0083] In one embodiment, network configuration module 821 instructs network node 562 to remove packet forwarding policy 641. In one embodiment, network configuration module 821 detects a change in network node 564, service load balancer 534, data network 500, virtual service network 510, or network node 562 and determines packet forwarding policy 641 is to be removed. In one embodiment, network configuration module 821 removes packet programming policy 641 from storage 823.
[0084] In one embodiment, network configuration module 821 receives a command from administrator 120 to remove packet programming policy 641. In one embodiment, network configuration module 821 receives a command from service load balancer 534 to remove packet programming policy 641.
[0085] Figure 7 illustrates several embodiments of different packet forwarding policies according to an embodiment of the present invention. In figure 7, network node 562 includes packet forwarding policy 641 and packet forwarding policy 642. Packet forwarding policy 641 and packet forwarding 642 include the same criteria 643. Packet forwarding policy 641 includes destination 645 that is different from destination 646 in packet forwarding policy 642. In one embodiment, destination 645 is for server load balancer 532 or a network node (not shown), whereas destination 646 is for service load balancer 534, which is different from service load balancer 532.
[0086] In one embodiment, network node 562 receives data packet 148 from client device 100 and matches information in data packet 148 with criteria 643. Network node 562 finds both packet forwarding policy 641 and packet forwarding policy 642 applicable. Network node 562 selects packet forwarding policy 641 based on additional information. In one embodiment, packet forwarding policy 641 includes multi-path factor 648 while packet forwarding policy 642 includes multi-path factor 649. Network node 562 selects packet forwarding policy 641 based on multi-path factor 648 and multi-path factor 649. In one embodiment, multi-path factor 648 indicates a primary path while multi-factor 648 indicates a sernnHnr nnth Network node 562 selects packet forwarding policy Λ 1 T embodiment, multi-path factor 648 includes a status indicating if service load balancer 532 is available. If multi-path factor 648 status indicates service load balancer 532 is available and multi-path factor 649 status indicates service load balancer 534 is not available, network node 562 selects packet forwarding policy 641.
[0087] In one embodiment, packet forwarding policy 641 includes traffic policy 649 such as traffic shaping, traffic management, quality of service, bandwidth management, packet access control or queuing parameters. Network node 562 applies traffic policy 649 or instructs network module 670 to apply traffic policy 649.
[0088] In an embodiment illustrated in figure 8, server pool 200 serves service 240 and service 250. In this embodiment, service load balancer pool 530 provides virtual services 540 and 550 corresponding to service 240 and service 250 respectively. Network node 562 will include at least one packet forwarding policy for virtual service 540 and one packet forwarding policy for virtual service 550. When the network node 562 receives a data packet, the network node 562 determines whether the data packet is for virtual service 540 or virtual service 550. If the data packet is for virtual service 540, then the network node 562 processes the data packet according to the packet forwarding policies for virtual service 540. If the data packet is for virtual service 550, then the network node 562 processes the data packet according to the packet forwarding policies for virtual service 550.
[0089] Although the present invention has been described in accordance with the embodiments shown, one of ordinary skill in the art will readily recognize that there could be variations to the embodiments and those variations would be within the spirit and scope of the present invention. Accordingly, many modifications may be made by one of ordinary skill in the art without departing from the spirit and scope of the appended claims.

Claims

CLAIMS What is claimed is:
1. A method for providing forwarding policies in a virtual service network, the virtual service network comprising a network node and a pool of service load balancers serving a virtual service associated with a virtual service network address, comprising: receiving a virtual service session request from a client device by the network node, the virtual service session request comprising the virtual service network address for the virtual service served by the pool of service load balancers, wherein the network node comprises a plurality of packet forwarding policies, each packet forwarding policy comprising a virtual service network address associated with a destination;
comparing by the network node the virtual service network address in the virtual service session request with the virtual service network address in each packet forwarding policy;
in response to finding a match between the virtual service network address in the virtual service session request and a given virtual service network address in a given packet forwarding policy, determining the given destination in the given packet forwarding policy by the network node; and
sending the virtual service session request to a service load balancer in the pool of service load balancers associated with the given destination, wherein the service load balancer establishes a virtual service session with the client device.
2. The method of claim 1, wherein after the service load balancer establishes the virtual service session with the client device, the method further comprises:
receiving a virtual service request from the client device through the virtual service session by the network node, the virtual service request comprising the virtual service network address for the virtual service; comparing by the network node the second virtual service network address in the virtual service request with the virtual service network address in each packet forwarding policy;
in response to finding a match between the virtual service network address in the virtual service request and a second given virtual service network address in a second given packet forwarding policy, determining a second given destination in the second given packet forwarding policy by the network node; and
sending the virtual service request to a second service load balancer
associated with the second given destination by the network node.
3. The method of claim 2, further comprising:
receiving a virtual service data packet from the client device through the virtual service session by the network node, the virtual service data packet comprising the virtual service network address for the virtual service;
comparing by the network node the virtual service network address in the virtual service data packet with the virtual service network address in each packet forwarding policy;
in response to finding a match between the virtual service network address in the virtual service data packet and a third given virtual service network address in a third given packet forwarding policy, determining a third given destination in the third given packet forwarding policy by the network node; and
sending the virtual service data packet to a third service load balancer
associated with the third given destination by the network node.
4. The method of claim 3, wherein the service load balancer, the second service load balancer, and the third service load balancer are the same service load balancer.
5. The method of claim 1, wherein the method further comprises:
receiving a data packet of the virtual service session by the network node from the service load balancer over a data network, the data packet comprising a client network address of the client device;
retrieving the client network address from the data packet by the network node; and sending the data packet to the client device using the client network address by the network node.
6. The method of claim 5, wherein the data packet comprises a virtual service session request response or a virtual service request response.
7. The method of claim 1, wherein the given destination comprises a second network node, wherein the sending comprises:
sending the virtual service session request to the second network node, wherein the second network node comprises a second plurality of packet forwarding policies, each of the second packet forwarding policies comprising a second virtual service network address associated with a second destination;
comparing by the second network node the virtual service network address in the virtual service session request with the virtual service network address in each of the second packet forwarding policies;
in response to finding a match between the virtual service network address in the virtual service session request and a second given virtual service network address in a second given packet forwarding policy, determining a second given destination in the second given packet forwarding policy by the second network node; and
sending the virtual service session request to the service load balancer associated with the second given destination, wherein the service load balancer establishes a virtual service session with the client device.
8. The method of claim 1, wherein the determining comprise: finding by the network node that the virtual service network address in the virtual service session request matches a first virtual service network address in a first packet forwarding policy and a second virtual network address in a second packet forwarding policy;
selecting by the network node either the first packet forwarding policy or the second packet forwarding policy based on additional information comprised in the first and second packet forwarding policies; and
determining the given destination in the selected packet forwarding policy by the network node.
9. The method of claim 8, wherein the additional information comprises one or more of the following: a multi-path factor; and a traffic policy.
10. The method of claim 8, wherein the first packet forwarding policy comprises a first destination associated with a first service load balancer in the pool of service load balancers, wherein the second packet forwarding policy comprises a second destination associated with a second service load balancer in the pool of service load balancers, wherein the first service load balancer is different from the second service load balancer, wherein the determining comprises:
in response to selecting the first packet forwarding policy, determining the first destination associated with the first service load balancer in the first packet forwarding policy by the network node; and
in response to selecting the second packet forwarding policy, determining the second destination in the second packet forwarding policy in the second packet forwarding policy by the network node.
11. The method of claim 1, wherein the network node comprises a first plurality of packet forwarding policies for a first virtual service and a second plurality of packet forwarding policies for a second virtual service, wherein the comparing comprises:
determining by the network node whether the virtual service session request is for the first virtual service or the second virtual service;
in response to determining that the virtual service session request is for the first virtual service, comparing by the network node the virtual service network address in the virtual service session request with a virtual service network address in each of the first plurality of packet forwarding policies; and
in response to determining that the virtual service session request is for the first virtual service, comparing by the network node the virtual service network address in the virtual service session request with a virtual service network address in each of the second plurality of packet forwarding policies.
12. The method of claim 1, wherein the virtual service session request further comprises a client network address of the client device, wherein each packet forwarding policy further comprises a client network address associated with the destination, wherein the comparing and the determining comprise:
comparing by the network node the virtual service network address in the virtual service session request with the virtual service network address in each packet forwarding policy; comparing by the network node the client network address in the virtual service session request with the client network address in each packet forwarding policy; and
in response to finding the match between the virtual service network address in the virtual service session request and the given virtual service network address in the given packet forwarding policy, and in response to finding a match between the client network address in the virtual service session request and the given client network address in the given packet forwarding policy, determining the given destination in the given packet forwarding policy by the network node.
13. A non-transitory computer readable storage medium having computer readable program code embodied therewith for providing forwarding policies in a virtual service network, the virtual service network comprising a network node and a pool of service load balancers serving a virtual service associated with a virtual service network address, the computer readable program code configured to:
receive a virtual service session request from a client device, the virtual service session request comprising the virtual service network address for the virtual service served by the pool of service load balancers, wherein the network node comprises a plurality of packet forwarding policies, each packet forwarding policy comprising a virtual service network address associated with a destination;
compare the virtual service network address in the virtual service session request with the virtual service network address in each packet forwarding policy;
in response to finding a match between the virtual service network address in the virtual service session request and a given virtual service network address in a given packet forwarding policy, determine the given destination in the given packet forwarding policy; and
send the virtual service session request to a service load balancer in the pool of service load balancers associated with the given destination, wherein the service load balancer establishes a virtual service session with the client device.
14. The medium of claim 13, wherein the computer readable program code is further configured to, after the service load balancer establishes the virtual service session with the client device:
receive a virtual service request from the client device through the virtual service session, the virtual service request comprising the virtual service network address for the virtual service; compare the second virtual service network address in the virtual service request with the virtual service network address in each packet forwarding policy;
in response to finding a match between the virtual service network address in the virtual service request and a second given virtual service network address in a second given packet forwarding policy, determine a second given destination in the second given packet forwarding policy; and
send the virtual service request to a second service load balancer associated with the second given destination.
15. The medium of claim 14, wherein the computer readable program code is further configured to:
receive a virtual service data packet from the client device through the virtual service session, the virtual service data packet comprising the virtual service network address for the virtual service;
compare the virtual service network address in the virtual service data packet with the virtual service network address in each packet forwarding policy;
in response to finding a match between the virtual service network address in the virtual service data packet and a third given virtual service network address in a third given packet forwarding policy, determine a third given destination in the third given packet forwarding policy; and
send the virtual service data packet to a third service load balancer associated with the third given destination.
16. The medium of claim 15, wherein the service load balancer, the second load balancer, and the third service load balancer are the same service load balancer.
17. The medium of claim 13, wherein the computer readable program code is further configured to:
receive a data packet of the virtual service session from the service load
balancer over a data network, the data packet comprising a client network address of the client device;
retrieve the client network address from the data packet; and
send the data packet to the client device using the client network address.
18. The medium of claim 17, wherein the data packet comprises a virtual service session request response or a virtual service request response.
19. The medium of claim 13, wherein the given destination comprises a network node, wherein the computer readable program code configured to send is further configured to:
send the virtual service session request to the network node, wherein the network node comprises a second plurality of packet forwarding policies, each of the second packet forwarding policies comprising a second virtual service network address associated with a second destination;
compare by the network node the virtual service network address in the virtual service session request with the virtual service network address in each of the second packet forwarding policies by the second network node;
in response to finding a match between the virtual service network address in the virtual service session request and a second given virtual service network address in a second given packet forwarding policy, determine a second given destination in the second given packet forwarding policy; and
send the virtual service session request to the service load balancer associated with the second given destination, wherein the service load balancer establishes a virtual service session with the client device.
20. The medium of claim 13, wherein the computer readable program code configured to determine is further configured to:
find that the virtual service network address in the virtual service session request matches a first virtual service network address in a first packet forwarding policy and a second virtual network address in a second packet forwarding policy;
select either the first packet forwarding policy or the second packet
forwarding policy based on additional information comprised in the first and second packet forwarding policies; and
determine the given destination in the selected packet forwarding policy.
21. The medium of claim 20, wherein the additional information comprises one or more of the following: a multi-path factor; and a traffic policy.
22. The medium of claim 20, wherein the first packet forwarding policy comprises a first destination associated with a first service load balancer in the pool of service load balancers, wherein the second packet forwarding policy comprises a second destination associated with a second service load balancer in the pool of service load balancers, wherein the first service load balancer is different from the second service load balancer, wherein the computer readable program code configured to determine is further configured to:
in response to selecting the first packet forwarding policy, determine the first destination associated with the first service load balancer in the first packet forwarding policy; and in response to selecting the second packet forwarding policy, determine the second destination in the second packet forwarding policy in the second packet forwarding policy.
23. The medium of claim 13, comprising a first plurality of packet forwarding policies for a first virtual service and a second plurality of packet forwarding policies for a second virtual service, wherein the computer readable program code configured to compare is further configured to:
determine whether the virtual service session request is for the first virtual service or the second virtual service;
in response to determining that the virtual service session request is for the first virtual service, compare the virtual service network address in the virtual service session request with a virtual service network address in each of the first plurality of packet forwarding policies; and
in response to determining that the virtual service session request is for the first virtual service, compare the virtual service network address in the virtual service session request with a virtual service network address in each of the second plurality of packet forwarding policies.
24. The medium of claim 13, wherein the virtual service session request further comprises a client network address of the client device, wherein each packet forwarding policy further comprises a client network address associated with the destination, wherein the computer readable program code configured to compare and to determine are further configured to:
compare the virtual service network address in the virtual service session request with the virtual service network address in each packet forwarding policy;
compare the client network address in the virtual service session request with the client network address in each packet forwarding policy; and
in response to finding the match between the virtual service network address in the virtual service session request and the given virtual service network address in the given packet forwarding policy, and in response to finding a match between the client network address in the virtual service session request and the given client network address in the given packet forwarding policy, determine the given destination in the given packet forwarding policy.
25. A virtual service network, comprising:
a pool of service load balancers serving a virtual service associated with a virtual service network address; and
a network node comprising a plurality of packet forwarding policies, each packet forwarding policy comprising a virtual service network address associated with a
destination, wherein the network node: receives a virtual service session request from a client device, the virtual service session request comprising a virtual service network address for the virtual service served by the pool of service load balancers, wherein the network node;
compares the virtual service network address in the virtual service session request with the virtual service network address in each packet forwarding policy;
in response to finding a match between the virtual service network address in the virtual service session request and a given virtual service network address in a given packet forwarding policy, determines the given destination in the given packet forwarding policy; and
sends the virtual service session request to a service load balancer in the pool of service load balancers associated with the given destination, wherein the service load balancer establishes a virtual service session with the client device.
26. The network of claim 25, wherein after the service load balancer establishes the virtual service session with the client device, the network node further:
receives a virtual service request from the client device through the virtual service session, the virtual service request comprising the virtual service network address for the virtual service; compares the second virtual service network address in the virtual service request with the virtual service network address in each packet forwarding policy;
in response to finding a match between the virtual service network address in the virtual service request and a second given virtual service network address in a second given packet forwarding policy, determines a second given destination in the second given packet forwarding policy; and
sends the virtual service request to a second service load balancer associated with the second given destination.
27. The network of claim 26, wherein the network node further:
receives a virtual service data packet from the client device through the virtual service session, the virtual service data packet comprising the virtual service network address for the virtual service;
compares the virtual service network address in the virtual service data packet with the virtual service network address in each packet forwarding policy;
in response to finding a match between the virtual service network address in the virtual service data packet and a third given virtual service network address in a third given packet forwarding policy, determines a third given destination in the third given packet forwarding policy; and
sends the virtual service data packet to a third service load balancer associated with the third given destination.
28. The network of claim 27, wherein the service load balancer, the second load balancer, and the third service load balancer are the same service load balancer.
29. The network of claim 25, wherein the network node further: receives a data packet of the virtual service session from the service load balancer over a data network, the data packet comprising a client network address of the client device;
retrieves the client network address from the data packet; and
sends the data packet to the client device using the client network address.
30. The network of claim 29, wherein the data packet comprises a virtual service session request response or a virtual service request response.
31. The network of claim 25, further comprising a second network node, wherein the given destination is associated with the second network node, wherein in the comparing, the network node further:
sends the virtual service session request to the second network node, wherein the second network node comprises a second plurality of packet forwarding policies, each of the second packet forwarding policies comprising a second virtual service network address associated with a second destination;
wherein the second network node:
compares the virtual service network address in the virtual service session request with the virtual service network address in each of the second packet forwarding policies; in response to finding a match between the virtual service network address in the virtual service session request and a second given virtual service network address in a second given packet forwarding policy, determines a second given destination in the second given packet forwarding policy; and
sends the virtual service session request to the service load balancer associated with the second given destination, wherein the service load balancer establishes a virtual service session with the client device.
32. The network of claim 25, wherein in the determining, the network node further:
finds that the virtual service network address in the virtual service session request matches a first virtual service network address in a first packet forwarding policy and a second virtual network address in a second packet forwarding policy;
selects either the first packet forwarding policy or the second packet forwarding policy based on additional information comprised in the first and second packet forwarding policies; and
determines the given destination in the selected packet forwarding policy.
33. The network of claim 32, wherein the additional information comprises one or more of a multi-path factor and a traffic policy.
34. The network of claim 32, wherein the first packet forwarding policy comprises a first destination associated with a first service load balancer in the pool of service load balancers, wherein the second packet forwarding policy comprises a second destination associated with a second service load balancer in the pool of service load balancers, wherein the first service load balancer is different from the second service load balancer, wherein in the determining, the network node:
in response to selecting the first packet forwarding policy, determines the first destination associated with the first service load balancer in the first packet forwarding policy; and
in response to selecting the second packet forwarding policy, determines the second destination in the second packet forwarding policy in the second packet forwarding policy.
35. The network of claim 25, wherein the network node comprises a first plurality of packet forwarding policies for a first virtual service and a second plurality of packet forwarding policies for a second virtual service, wherein in the comparing, the network node:
determines whether the virtual service session request is for the first virtual service or the second virtual service;
in response to determining that the virtual service session request is for the first virtual service, compares the virtual service network address in the virtual service session request with a virtual service network address in each of the first plurality of packet forwarding policies; and
in response to determining that the virtual service session request is for the first virtual service, compares the virtual service network address in the virtual service session request with a virtual service network address in each of the second plurality of packet forwarding policies.
36. The network of claim 25, wherein the virtual service session request further comprises a client network address of the client device, wherein each packet forwarding policy further comprises a client network address associated with the destination, wherein in comparing and determining, the network node:
compares the virtual service network address in the virtual service session request with the virtual service network address in each packet forwarding policy;
compares the client network address in the virtual service session request with the client network address in each packet forwarding policy; and
in response to finding the match between the virtual service network address in the virtual service session request and the given virtual service network address in the given packet forwarding policy, and in response to finding a match between the client network address in the virtual service session request and the given client network address in the given packet forwarding policy, determines the given destination in the given packet forwarding policy.
37. A method for providing forwarding policies in a virtual service network, the virtual service network comprising a network node and a pool of service load balancers serving a virtual service associated with a virtual service network address, comprising: receiving a virtual service session request from a client device by the network node, the virtual service session request comprising a client device network address for the client device and the virtual service network address for the virtual service served by the pool of service load balancers, wherein the network node comprises a plurality of packet forwarding policies, each packet forwarding policy comprising a client network address and a virtual service network address associated with a destination;
comparing by the network node the virtual service network address in the virtual service session request with a first virtual service network address in a first packet forwarding policy of the plurality of packet forwarding policies, and comparing the client device network address in the virtual service session request with a first client network address in the first packet forwarding policy;
in response to determining that the virtual service network address in the virtual service session request matches the first virtual service network address, and determining that the client device network address in the virtual service session request does not match the first client network address, determining by the network node that the first packet forwarding policy does not apply to the virtual service session request;
in response to determining that the first packet forwarding policy does not apply, comparing by the network node the virtual service network address in the virtual service session request with a second virtual service network address in a second packet forwarding policy of the plurality of packet forwarding policies, and comparing the client device network address in the virtual service session request with a second client network address in the second packet forwarding policy; in response to determining that the virtual service network address in the virtual service session request matches the second virtual service network address, and determining that the client device network address in the virtual service session request matches the second client network address, determining by the network node that the second packet forwarding policy applies to the virtual service session request;
in response to determining that the second packet forwarding policy applies, determining a given destination in the second packet forwarding policy by the network node; and
sending the virtual service session request to a service load balancer in the pool of service load balancers associated with the given destination, wherein the service load balancer establishes a virtual service session with the client device.
PCT/US2013/068345 2012-12-06 2013-11-04 Forwarding policies on a virtual service network WO2014088741A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US13/706,363 2012-12-06
US13/706,363 US9338225B2 (en) 2012-12-06 2012-12-06 Forwarding policies on a virtual service network

Publications (1)

Publication Number Publication Date
WO2014088741A1 true WO2014088741A1 (en) 2014-06-12

Family

ID=50882260

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2013/068345 WO2014088741A1 (en) 2012-12-06 2013-11-04 Forwarding policies on a virtual service network

Country Status (2)

Country Link
US (3) US9338225B2 (en)
WO (1) WO2014088741A1 (en)

Cited By (32)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8897154B2 (en) 2011-10-24 2014-11-25 A10 Networks, Inc. Combining stateless and stateful server load balancing
US8977749B1 (en) 2012-07-05 2015-03-10 A10 Networks, Inc. Allocating buffer for TCP proxy session based on dynamic network conditions
US9094364B2 (en) 2011-12-23 2015-07-28 A10 Networks, Inc. Methods to manage services over a service gateway
US9215275B2 (en) 2010-09-30 2015-12-15 A10 Networks, Inc. System and method to balance servers based on server load status
US9219751B1 (en) 2006-10-17 2015-12-22 A10 Networks, Inc. System and method to apply forwarding policy to an application session
US9253152B1 (en) 2006-10-17 2016-02-02 A10 Networks, Inc. Applying a packet routing policy to an application session
US9338225B2 (en) 2012-12-06 2016-05-10 A10 Networks, Inc. Forwarding policies on a virtual service network
US9386088B2 (en) 2011-11-29 2016-07-05 A10 Networks, Inc. Accelerating service processing using fast path TCP
US9531846B2 (en) 2013-01-23 2016-12-27 A10 Networks, Inc. Reducing buffer usage for TCP proxy session based on delayed acknowledgement
US9609052B2 (en) 2010-12-02 2017-03-28 A10 Networks, Inc. Distributing application traffic to servers based on dynamic service response time
US9705800B2 (en) 2012-09-25 2017-07-11 A10 Networks, Inc. Load distribution in data networks
US9742879B2 (en) 2012-03-29 2017-08-22 A10 Networks, Inc. Hardware-based packet editor
US9843484B2 (en) 2012-09-25 2017-12-12 A10 Networks, Inc. Graceful scaling in software driven networks
US9900252B2 (en) 2013-03-08 2018-02-20 A10 Networks, Inc. Application delivery controller and global server load balancer
US9906422B2 (en) 2014-05-16 2018-02-27 A10 Networks, Inc. Distributed system to determine a server's health
US9942162B2 (en) 2014-03-31 2018-04-10 A10 Networks, Inc. Active application response delay time
US9942152B2 (en) 2014-03-25 2018-04-10 A10 Networks, Inc. Forwarding data packets using a service-based forwarding policy
US9960967B2 (en) 2009-10-21 2018-05-01 A10 Networks, Inc. Determining an application delivery server based on geo-location information
US9986061B2 (en) 2014-06-03 2018-05-29 A10 Networks, Inc. Programming a data network device using user defined scripts
US9992229B2 (en) 2014-06-03 2018-06-05 A10 Networks, Inc. Programming a data network device using user defined scripts with licenses
US9992107B2 (en) 2013-03-15 2018-06-05 A10 Networks, Inc. Processing data packets using a policy based network path
US10002141B2 (en) 2012-09-25 2018-06-19 A10 Networks, Inc. Distributed database in software driven networks
US10021174B2 (en) 2012-09-25 2018-07-10 A10 Networks, Inc. Distributing service sessions
US10027761B2 (en) 2013-05-03 2018-07-17 A10 Networks, Inc. Facilitating a secure 3 party network session by a network device
US10038693B2 (en) 2013-05-03 2018-07-31 A10 Networks, Inc. Facilitating secure network traffic by an application delivery controller
US10044582B2 (en) 2012-01-28 2018-08-07 A10 Networks, Inc. Generating secure name records
US10129122B2 (en) 2014-06-03 2018-11-13 A10 Networks, Inc. User defined objects for network devices
US10230770B2 (en) 2013-12-02 2019-03-12 A10 Networks, Inc. Network proxy layer for policy-based application proxies
USRE47296E1 (en) 2006-02-21 2019-03-12 A10 Networks, Inc. System and method for an adaptive TCP SYN cookie with time validation
US10243791B2 (en) 2015-08-13 2019-03-26 A10 Networks, Inc. Automated adjustment of subscriber policies
US10268467B2 (en) 2014-11-11 2019-04-23 A10 Networks, Inc. Policy-driven management of application traffic for providing services to cloud-based applications
US10581976B2 (en) 2015-08-12 2020-03-03 A10 Networks, Inc. Transmission control of protocol state exchange for dynamic stateful service insertion

Families Citing this family (74)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8656471B1 (en) * 2012-03-12 2014-02-18 Amazon Technologies, Inc. Virtual requests
US9450758B1 (en) 2012-03-12 2016-09-20 Amazon Technologies, Inc. Virtual requests
US9660905B2 (en) * 2013-04-12 2017-05-23 Futurewei Technologies, Inc. Service chain policy for distributed gateways in virtual overlay networks
US9225638B2 (en) 2013-05-09 2015-12-29 Vmware, Inc. Method and system for service switching using service tags
US9432305B1 (en) * 2013-06-26 2016-08-30 Amazon Technologies, Inc. Connection redistribution in load-balanced systems
US10454714B2 (en) 2013-07-10 2019-10-22 Nicira, Inc. Method and system of overlay flow control
EP3758307A1 (en) 2013-07-10 2020-12-30 Huawei Technologies Co., Ltd. Method for implementing gre tunnel, access point and gateway
US10749711B2 (en) 2013-07-10 2020-08-18 Nicira, Inc. Network-link method useful for a last-mile connectivity in an edge-gateway multipath system
ES2757505T3 (en) 2013-07-12 2020-04-29 Huawei Tech Co Ltd Method to implement GRE tunnel, access device and aggregation gate
US9424429B1 (en) * 2013-11-18 2016-08-23 Amazon Technologies, Inc. Account management services for load balancers
US9967175B2 (en) * 2014-02-14 2018-05-08 Futurewei Technologies, Inc. Restoring service functions after changing a service chain instance path
US11496606B2 (en) * 2014-09-30 2022-11-08 Nicira, Inc. Sticky service sessions in a datacenter
US9531590B2 (en) 2014-09-30 2016-12-27 Nicira, Inc. Load balancing across a group of load balancers
US10257095B2 (en) 2014-09-30 2019-04-09 Nicira, Inc. Dynamically adjusting load balancing
US10609091B2 (en) 2015-04-03 2020-03-31 Nicira, Inc. Method, apparatus, and system for implementing a content switch
US10498652B2 (en) 2015-04-13 2019-12-03 Nicira, Inc. Method and system of application-aware routing with crowdsourcing
US10425382B2 (en) 2015-04-13 2019-09-24 Nicira, Inc. Method and system of a cloud-based multipath routing protocol
US10135789B2 (en) 2015-04-13 2018-11-20 Nicira, Inc. Method and system of establishing a virtual private network in a cloud service for branch networking
CN105610632B (en) * 2016-02-14 2019-12-24 华为技术有限公司 Virtual network equipment and related method
US10313271B2 (en) 2016-03-16 2019-06-04 At&T Intellectual Property I, L.P. Providing and using a distributed forwarding service
US10237176B2 (en) * 2016-06-30 2019-03-19 Juniper Networks, Inc. Auto discovery and auto scaling of services in software-defined network environment
US10447591B2 (en) * 2016-08-30 2019-10-15 Oracle International Corporation Executing multiple virtual private network (VPN) endpoints associated with an endpoint pool address
US11121962B2 (en) 2017-01-31 2021-09-14 Vmware, Inc. High performance software-defined core network
US11252079B2 (en) 2017-01-31 2022-02-15 Vmware, Inc. High performance software-defined core network
US10992568B2 (en) 2017-01-31 2021-04-27 Vmware, Inc. High performance software-defined core network
US20180219765A1 (en) 2017-01-31 2018-08-02 Waltz Networks Method and Apparatus for Network Traffic Control Optimization
US20200036624A1 (en) 2017-01-31 2020-01-30 The Mode Group High performance software-defined core network
US11706127B2 (en) 2017-01-31 2023-07-18 Vmware, Inc. High performance software-defined core network
US10778528B2 (en) 2017-02-11 2020-09-15 Nicira, Inc. Method and system of connecting to a multipath hub in a cluster
US10523539B2 (en) 2017-06-22 2019-12-31 Nicira, Inc. Method and system of resiliency in cloud-delivered SD-WAN
US10999100B2 (en) * 2017-10-02 2021-05-04 Vmware, Inc. Identifying multiple nodes in a virtual network defined over a set of public clouds to connect to an external SAAS provider
US11089111B2 (en) 2017-10-02 2021-08-10 Vmware, Inc. Layer four optimization for a virtual network defined over public cloud
US11115480B2 (en) 2017-10-02 2021-09-07 Vmware, Inc. Layer four optimization for a virtual network defined over public cloud
US11005684B2 (en) 2017-10-02 2021-05-11 Vmware, Inc. Creating virtual networks spanning multiple public clouds
US11403149B2 (en) * 2017-10-17 2022-08-02 Telefonaktiebolaget Lm Ericsson (Publ) Management of a virtual network function
US10797966B2 (en) 2017-10-29 2020-10-06 Nicira, Inc. Service operation chaining
US11223514B2 (en) 2017-11-09 2022-01-11 Nicira, Inc. Method and system of a dynamic high-availability mode based on current wide area network connectivity
US11012420B2 (en) 2017-11-15 2021-05-18 Nicira, Inc. Third-party service chaining using packet encapsulation in a flow-based forwarding element
US10797910B2 (en) 2018-01-26 2020-10-06 Nicira, Inc. Specifying and utilizing paths through a network
US10805192B2 (en) 2018-03-27 2020-10-13 Nicira, Inc. Detecting failure of layer 2 service using broadcast messages
CN110611622B (en) * 2018-06-15 2023-05-09 伊姆西Ip控股有限责任公司 Method for load balancing, network interface card and computer readable medium
US11595250B2 (en) 2018-09-02 2023-02-28 Vmware, Inc. Service insertion at logical network gateway
US11249784B2 (en) 2019-02-22 2022-02-15 Vmware, Inc. Specifying service chains
US11394693B2 (en) * 2019-03-04 2022-07-19 Cyxtera Cybersecurity, Inc. Establishing network tunnel in response to access request
US11212238B2 (en) 2019-08-27 2021-12-28 Vmware, Inc. Providing recommendations for implementing virtual networks
US11044190B2 (en) 2019-10-28 2021-06-22 Vmware, Inc. Managing forwarding elements at edge nodes connected to a virtual network
US11283717B2 (en) 2019-10-30 2022-03-22 Vmware, Inc. Distributed fault tolerant service chain
US11140218B2 (en) 2019-10-30 2021-10-05 Vmware, Inc. Distributed service chain across multiple clouds
US11394640B2 (en) 2019-12-12 2022-07-19 Vmware, Inc. Collecting and analyzing data regarding flows associated with DPI parameters
US11489783B2 (en) 2019-12-12 2022-11-01 Vmware, Inc. Performing deep packet inspection in a software defined wide area network
US11223494B2 (en) 2020-01-13 2022-01-11 Vmware, Inc. Service insertion for multicast traffic at boundary
US11153406B2 (en) 2020-01-20 2021-10-19 Vmware, Inc. Method of network performance visualization of service function chains
US11659061B2 (en) 2020-01-20 2023-05-23 Vmware, Inc. Method of adjusting service function chains to improve network performance
US11438789B2 (en) 2020-01-24 2022-09-06 Vmware, Inc. Computing and using different path quality metrics for different service classes
US11277331B2 (en) 2020-04-06 2022-03-15 Vmware, Inc. Updating connection-tracking records at a network edge using flow programming
US11245641B2 (en) 2020-07-02 2022-02-08 Vmware, Inc. Methods and apparatus for application aware hub clustering techniques for a hyper scale SD-WAN
US11363124B2 (en) 2020-07-30 2022-06-14 Vmware, Inc. Zero copy socket splicing
US11444865B2 (en) 2020-11-17 2022-09-13 Vmware, Inc. Autonomous distributed forwarding plane traceability based anomaly detection in application traffic for hyper-scale SD-WAN
US11575600B2 (en) 2020-11-24 2023-02-07 Vmware, Inc. Tunnel-less SD-WAN
US11611625B2 (en) 2020-12-15 2023-03-21 Vmware, Inc. Providing stateful services in a scalable manner for machines executing on host computers
US11734043B2 (en) 2020-12-15 2023-08-22 Vmware, Inc. Providing stateful services in a scalable manner for machines executing on host computers
US11929903B2 (en) 2020-12-29 2024-03-12 VMware LLC Emulating packet flows to assess network links for SD-WAN
CN116783874A (en) 2021-01-18 2023-09-19 Vm维尔股份有限公司 Network aware load balancing
US11792108B2 (en) 2021-04-30 2023-10-17 Bank Of America Corporation Dynamic auto-routing and load balancing for communication systems
US11469988B1 (en) 2021-04-30 2022-10-11 Bank Of America Corporation Communication analysis for dynamic auto-routing and load balancing
US11784930B2 (en) 2021-04-30 2023-10-10 Bank Of America Corporation Communication system with auto-routing and load balancing
US11637768B2 (en) 2021-05-03 2023-04-25 Vmware, Inc. On demand routing mesh for routing packets through SD-WAN edge forwarding nodes in an SD-WAN
US11729065B2 (en) 2021-05-06 2023-08-15 Vmware, Inc. Methods for application defined virtual network service among multiple transport in SD-WAN
US11558452B2 (en) * 2021-05-20 2023-01-17 Sap Se Transparent multiple availability zones in a cloud platform
US11489720B1 (en) 2021-06-18 2022-11-01 Vmware, Inc. Method and apparatus to evaluate resource elements and public clouds for deploying tenant deployable elements based on harvested performance metrics
US11375005B1 (en) 2021-07-24 2022-06-28 Vmware, Inc. High availability solutions for a secure access service edge application
US11943146B2 (en) 2021-10-01 2024-03-26 VMware LLC Traffic prioritization in SD-WAN
US11811675B2 (en) 2022-01-24 2023-11-07 Bank Of America Corporation System for triggering adaptive resource channel requisition within a distributed network
US11909815B2 (en) 2022-06-06 2024-02-20 VMware LLC Routing based on geolocation costs

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7792113B1 (en) * 2002-10-21 2010-09-07 Cisco Technology, Inc. Method and system for policy-based forwarding
US20110110294A1 (en) * 2009-11-06 2011-05-12 Vamsidhar Valluri VIRTUAL CARE-OF ADDRESS FOR MOBILE IP (Internet Protocol)
US7991859B1 (en) * 2009-12-28 2011-08-02 Amazon Technologies, Inc. Using virtual networking devices to connect managed computer networks
US8224971B1 (en) * 2009-12-28 2012-07-17 Amazon Technologies, Inc. Using virtual networking devices and routing information to initiate external actions

Family Cites Families (498)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4495570A (en) 1981-01-14 1985-01-22 Hitachi, Ltd. Processing request allocator for assignment of loads in a distributed processing system
US4403286A (en) 1981-03-06 1983-09-06 International Business Machines Corporation Balancing data-processing work loads
US4577272A (en) 1983-06-27 1986-03-18 E-Systems, Inc. Fault tolerant and load sharing processing system
US4720850A (en) 1986-03-14 1988-01-19 American Telephone And Telegraph Company At&T Bell Laboratories Communication system control arrangement
US4864492A (en) 1986-09-17 1989-09-05 International Business Machines Corporation System and method for network configuration
US4882699A (en) 1988-09-19 1989-11-21 International Business Machines Corp. Communications network routing and management system
US5031089A (en) 1988-12-30 1991-07-09 United States Of America As Represented By The Administrator, National Aeronautics And Space Administration Dynamic resource allocation scheme for distributed heterogeneous computer systems
US5341477A (en) 1989-02-24 1994-08-23 Digital Equipment Corporation Broker for computer network server selection
US5218676A (en) 1990-01-08 1993-06-08 The University Of Rochester Dynamic routing system for a multinode communications network
US5218602A (en) 1991-04-04 1993-06-08 Dsc Communications Corporation Interprocessor switching network
EP0522224B1 (en) 1991-07-10 1998-10-21 International Business Machines Corporation High speed buffer management
EP0530394B1 (en) 1991-09-03 1996-11-13 Hewlett-Packard Company Message-routing apparatus
JPH06250869A (en) 1993-03-01 1994-09-09 Hitachi Ltd Distributed control system
US5931914A (en) 1993-04-09 1999-08-03 Industrial Technology Research Institute Apparatus for communication protocol processing utilizing a state machine look up table
GB2281793A (en) 1993-09-11 1995-03-15 Ibm A data processing system for providing user load levelling in a network
US5522042A (en) 1994-01-28 1996-05-28 Cabletron Systems, Inc. Distributed chassis agent for distributed network management
US5537542A (en) 1994-04-04 1996-07-16 International Business Machines Corporation Apparatus and method for managing a server workload according to client performance goals in a client/server data processing system
US5944794A (en) 1994-09-30 1999-08-31 Kabushiki Kaisha Toshiba User identification data management scheme for networking computer systems using wide area network
US5563878A (en) 1995-01-05 1996-10-08 International Business Machines Corporation Transaction message routing in digital communication networks
US5675739A (en) 1995-02-03 1997-10-07 International Business Machines Corporation Apparatus and method for managing a distributed data processing system workload according to a plurality of distinct processing goal types
US5867636A (en) 1995-06-06 1999-02-02 Apple Computer, Inc. Client server symmetric presentation-layer connection protocol for network printing systems
US5774668A (en) 1995-06-07 1998-06-30 Microsoft Corporation System for on-line service in which gateway computer uses service map which includes loading condition of servers broadcasted by application servers for load balancing
US5603029A (en) 1995-06-07 1997-02-11 International Business Machines Corporation System of assigning work requests based on classifying into an eligible class where the criteria is goal oriented and capacity information is available
US5751971A (en) 1995-07-12 1998-05-12 Cabletron Systems, Inc. Internet protocol (IP) work group routing
JP2962203B2 (en) 1995-09-28 1999-10-12 日本電気株式会社 Load balancing method for online information processing system
GB2305747A (en) 1995-09-30 1997-04-16 Ibm Load balancing of connections to parallel servers
US6104717A (en) 1995-11-03 2000-08-15 Cisco Technology, Inc. System and method for providing backup machines for implementing multiple IP addresses on multiple ports
US5867661A (en) 1996-02-15 1999-02-02 International Business Machines Corporation Method and apparatus of using virtual sockets for reducing data transmitted over a wireless communication link between a client web browser and a host web server using a standard TCP protocol
US5754752A (en) 1996-03-28 1998-05-19 Tandem Computers Incorporated End-to-end session recovery
US5828847A (en) 1996-04-19 1998-10-27 Storage Technology Corporation Dynamic server switching for maximum server availability and load balancing
US5935207A (en) 1996-06-03 1999-08-10 Webtv Networks, Inc. Method and apparatus for providing remote site administrators with user hits on mirrored web sites
US6031978A (en) 1996-06-28 2000-02-29 International Business Machines Corporation System, method and program for enabling a client to reconnect to a same server in a network of computer systems after the server has moved to a different network address
US5835724A (en) 1996-07-03 1998-11-10 Electronic Data Systems Corporation System and method for communication information using the internet that receives and maintains information concerning the client and generates and conveys the session data to the client
US5774660A (en) 1996-08-05 1998-06-30 Resonate, Inc. World-wide-web server with delayed resource-binding for resource-based load balancing on a distributed resource multi-node network
US5918017A (en) 1996-08-23 1999-06-29 Internatioinal Business Machines Corp. System and method for providing dynamically alterable computer clusters for message routing
US6381632B1 (en) 1996-09-10 2002-04-30 Youpowered, Inc. Method and apparatus for tracking network usage
US5923854A (en) 1996-11-22 1999-07-13 International Business Machines Corporation Virtual internet protocol (IP) addressing
US5917997A (en) 1996-12-06 1999-06-29 International Business Machines Corporation Host identity takeover using virtual internet protocol (IP) addressing
US5941988A (en) 1997-01-27 1999-08-24 International Business Machines Corporation Session and transport layer proxies via TCP glue
US5875296A (en) 1997-01-28 1999-02-23 International Business Machines Corporation Distributed file system web server user authentication with cookies
US5958053A (en) 1997-01-30 1999-09-28 At&T Corp. Communications protocol with improved security
US5951650A (en) 1997-01-31 1999-09-14 International Business Machines Corporation Session traffic splitting using virtual internet protocol addresses associated with distinct categories of application programs irrespective of destination IP address
US6041357A (en) 1997-02-06 2000-03-21 Electric Classified, Inc. Common session token system and protocol
US5935215A (en) 1997-03-21 1999-08-10 International Business Machines Corporation Methods and systems for actively updating routing in TCP/IP connections using TCP/IP messages
US6324177B1 (en) 1997-05-02 2001-11-27 Cisco Technology Method and apparatus for managing connections based on a client IP address
GB9709136D0 (en) 1997-05-02 1997-06-25 Certicom Corp A log-on verification protocol
US6445704B1 (en) 1997-05-02 2002-09-03 Cisco Technology, Inc. Method and apparatus for virtualizing a locally initiated outbound connection from a connection manager
US6088728A (en) 1997-06-11 2000-07-11 Oracle Corporation System using session data stored in session data storage for associating and disassociating user identifiers for switching client sessions in a server
US5946686A (en) 1997-07-11 1999-08-31 International Business Machines Corporation Parallel file system and method with quota allocation
GB9715256D0 (en) 1997-07-21 1997-09-24 Rank Xerox Ltd Token-based docement transactions
US6393475B1 (en) 1997-07-28 2002-05-21 Nortel Networks Limited Method of performing a network management transaction using a web-capable agent
US6006264A (en) 1997-08-01 1999-12-21 Arrowpoint Communications, Inc. Method and system for directing a flow between a client and a server
US6286039B1 (en) 1997-08-28 2001-09-04 Cisco Technology, Inc. Automatic static to dynamic IP address and DNS address management for remote communications network access
DE19739297C2 (en) 1997-09-08 2001-11-15 Phoenix Contact Gmbh & Co Automation system and connection device for transparent communication between two networks
JP3369445B2 (en) 1997-09-22 2003-01-20 富士通株式会社 Network service server load adjusting device, method and recording medium
US6377993B1 (en) 1997-09-26 2002-04-23 Mci Worldcom, Inc. Integrated proxy interface for web based data management reports
US7058600B1 (en) 1997-09-26 2006-06-06 Mci, Inc. Integrated proxy interface for web based data management reports
US6714979B1 (en) 1997-09-26 2004-03-30 Worldcom, Inc. Data warehousing infrastructure for web based reporting tool
US7225249B1 (en) 1997-09-26 2007-05-29 Mci, Llc Integrated systems for providing communications network management services and interactive generating invoice documents
US6745229B1 (en) 1997-09-26 2004-06-01 Worldcom, Inc. Web based integrated customer interface for invoice reporting
US6128279A (en) 1997-10-06 2000-10-03 Web Balance, Inc. System for balancing loads among network servers
US8782199B2 (en) 1997-10-14 2014-07-15 A-Tech Llc Parsing a packet header
US6434620B1 (en) 1998-08-27 2002-08-13 Alacritech, Inc. TCP/IP offload network interface device
US7237036B2 (en) 1997-10-14 2007-06-26 Alacritech, Inc. Fast-path apparatus for receiving data corresponding a TCP connection
US6226680B1 (en) 1997-10-14 2001-05-01 Alacritech, Inc. Intelligent network interface system method for protocol processing
US6223205B1 (en) 1997-10-20 2001-04-24 Mor Harchol-Balter Method and apparatus for assigning tasks in a distributed server system
US6252878B1 (en) 1997-10-30 2001-06-26 Cisco Technology, Inc. Switched architecture access server
US6047268A (en) 1997-11-04 2000-04-04 A.T.&T. Corporation Method and apparatus for billing for transactions conducted over the internet
US6542926B2 (en) 1998-06-10 2003-04-01 Compaq Information Technologies Group, L.P. Software partitioned multi-processor system with flexible resource sharing levels
US6141759A (en) 1997-12-10 2000-10-31 Bmc Software, Inc. System and architecture for distributing, monitoring, and managing information requests on a computer network
US6003069A (en) 1997-12-16 1999-12-14 Lexmark International, Inc. Client/server printer driver system
US6363075B1 (en) 1998-01-23 2002-03-26 Industrial Technology Research Institute Shared buffer management mechanism and method using multiple linked lists in a high speed packet switching system
US6167062A (en) 1998-02-02 2000-12-26 Tellabs Operations, Inc. System and associated method for the synchronization and control of multiplexed payloads over a telecommunications network
US6185598B1 (en) 1998-02-10 2001-02-06 Digital Island, Inc. Optimized network resource location
US6131163A (en) 1998-02-17 2000-10-10 Cisco Technology, Inc. Network gateway mechanism having a protocol stack proxy
US6363081B1 (en) 1998-03-04 2002-03-26 Hewlett-Packard Company System and method for sharing a network port among multiple applications
US6353614B1 (en) 1998-03-05 2002-03-05 3Com Corporation Method and protocol for distributed network address translation
US6076108A (en) 1998-03-06 2000-06-13 I2 Technologies, Inc. System and method for maintaining a state for a user session using a web system having a global session server
US6006269A (en) 1998-03-11 1999-12-21 Hewlett-Packard Company Admission control system with messages admitted or deferred for re-submission at a later time on a priority basis
US6098093A (en) 1998-03-19 2000-08-01 International Business Machines Corp. Maintaining sessions in a clustered server environment
US6459682B1 (en) 1998-04-07 2002-10-01 International Business Machines Corporation Architecture for supporting service level agreements in an IP network
US6446225B1 (en) 1998-04-23 2002-09-03 Microsoft Corporation Server system with scalable session timeout mechanism
JPH11338836A (en) 1998-05-25 1999-12-10 Nippon Telegr & Teleph Corp <Ntt> Load distribution system for computer network
US6704317B1 (en) 1998-05-27 2004-03-09 3Com Corporation Multi-carrier LAN modem server
US6317786B1 (en) 1998-05-29 2001-11-13 Webspective Software, Inc. Web service
US6314463B1 (en) 1998-05-29 2001-11-06 Webspective Software, Inc. Method and system for measuring queue length and delay
JP4522583B2 (en) 1998-07-08 2010-08-11 ブリティッシュ・テレコミュニケーションズ・パブリック・リミテッド・カンパニー Requirements matching server, requirements matching system, electronic purchasing apparatus using them, electronic transaction system and method
US6223287B1 (en) 1998-07-24 2001-04-24 International Business Machines Corporation Method for establishing a secured communication channel over the internet
US7333484B2 (en) 1998-08-07 2008-02-19 Intel Corporation Services processor having a packet editing unit
AU6255199A (en) 1998-09-17 2000-04-17 Tod Mcnamara System and method for network flow optimization using traffic classes
US6578066B1 (en) 1999-09-17 2003-06-10 Alteon Websystems Distributed load-balancing internet servers
GB2342195A (en) 1998-09-30 2000-04-05 Xerox Corp Secure token-based document server
US6119174A (en) 1998-10-13 2000-09-12 Hewlett-Packard Company Methods and apparatus for implementing quality-of-service guarantees in data storage systems
US6219706B1 (en) 1998-10-16 2001-04-17 Cisco Technology, Inc. Access control for networks
US6247057B1 (en) 1998-10-22 2001-06-12 Microsoft Corporation Network server supporting multiple instance of services to operate concurrently by having endpoint mapping subsystem for mapping virtual network names to virtual endpoint IDs
US6571274B1 (en) 1998-11-05 2003-05-27 Beas Systems, Inc. Clustered enterprise Java™ in a secure distributed processing system
US6321338B1 (en) 1998-11-09 2001-11-20 Sri International Network surveillance
US6763370B1 (en) 1998-11-16 2004-07-13 Softricity, Inc. Method and apparatus for content protection in a secure content delivery system
US6850965B2 (en) 1998-11-17 2005-02-01 Arthur Douglas Allen Method for connection acceptance and rapid determination of optimal multi-media content delivery over network
US6374359B1 (en) 1998-11-19 2002-04-16 International Business Machines Corporation Dynamic use and validation of HTTP cookies for authentication
US6594268B1 (en) 1999-03-11 2003-07-15 Lucent Technologies Inc. Adaptive routing system and method for QOS packet networks
JP2000276432A (en) 1999-03-24 2000-10-06 Nec Corp Dynamic load distribution system for transaction message
JP2000307634A (en) 1999-04-15 2000-11-02 Kdd Corp Congestion control method by repeating station of packet exchanging network
EP1049307A1 (en) * 1999-04-29 2000-11-02 International Business Machines Corporation Method and system for dispatching client sessions within a cluster of servers connected to the World Wide Web
US6226752B1 (en) 1999-05-11 2001-05-01 Sun Microsystems, Inc. Method and apparatus for authenticating users
US20010049741A1 (en) 1999-06-18 2001-12-06 Bryan D. Skene Method and system for balancing load distribution on a wide area network
US7188181B1 (en) 1999-06-30 2007-03-06 Sun Microsystems, Inc. Universal session sharing
US6606315B1 (en) 1999-07-02 2003-08-12 Cisco Technology, Inc. Synchronizing service instructions among forwarding agents using a service manager
US6650641B1 (en) 1999-07-02 2003-11-18 Cisco Technology, Inc. Network address translation using a forwarding agent
EP1067458A1 (en) 1999-07-09 2001-01-10 CANAL+ Société Anonyme Running and testing applications
US6374300B2 (en) 1999-07-15 2002-04-16 F5 Networks, Inc. Method and system for storing load balancing information with an HTTP cookie
US6567857B1 (en) 1999-07-29 2003-05-20 Sun Microsystems, Inc. Method and apparatus for dynamic proxy insertion in network traffic flow
US6892307B1 (en) 1999-08-05 2005-05-10 Sun Microsystems, Inc. Single sign-on framework with trust-level mapping to authentication requirements
JP2001051859A (en) 1999-08-11 2001-02-23 Hitachi Ltd Load information communication method
EP1212680B1 (en) 1999-08-13 2007-07-04 Sun Microsystems, Inc. Graceful distribution in application server load balancing
AU6795100A (en) 1999-08-21 2001-03-19 Webever, Inc. Method for content delivery over the internet
US7463648B1 (en) * 1999-08-23 2008-12-09 Sun Microsystems, Inc. Approach for allocating resources to an apparatus based on optional resource requirements
US8019870B1 (en) * 1999-08-23 2011-09-13 Oracle America, Inc. Approach for allocating resources to an apparatus based on alternative resource requirements
US8032634B1 (en) * 1999-08-23 2011-10-04 Oracle America, Inc. Approach for allocating resources to an apparatus based on resource requirements
US8179809B1 (en) * 1999-08-23 2012-05-15 Oracle America, Inc. Approach for allocating resources to an apparatus based on suspendable resource requirements
US8234650B1 (en) * 1999-08-23 2012-07-31 Oracle America, Inc. Approach for allocating resources to an apparatus
US6339423B1 (en) 1999-08-23 2002-01-15 Entrust, Inc. Multi-domain access control
US7703102B1 (en) * 1999-08-23 2010-04-20 Oracle America, Inc. Approach for allocating resources to an apparatus based on preemptable resource requirements
US6760758B1 (en) 1999-08-31 2004-07-06 Qwest Communications International, Inc. System and method for coordinating network access
US6772333B1 (en) 1999-09-01 2004-08-03 Dickens Coal Llc Atomic session-start operation combining clear-text and encrypted sessions to provide id visibility to middleware such as load-balancers
US6711618B1 (en) 1999-09-03 2004-03-23 Cisco Technology, Inc. Apparatus and method for providing server state and attribute management for voice enabled web applications
US6330560B1 (en) 1999-09-10 2001-12-11 International Business Machines Corporation Multiple manager to multiple server IP locking mechanism in a directory-enabled network
US6430622B1 (en) 1999-09-22 2002-08-06 International Business Machines Corporation Methods, systems and computer program products for automated movement of IP addresses within a cluster
US6742126B1 (en) 1999-10-07 2004-05-25 Cisco Technology, Inc. Method and apparatus for identifying a data communications session
US6748414B1 (en) 1999-11-15 2004-06-08 International Business Machines Corporation Method and apparatus for the load balancing of non-identical servers in a network environment
US6748413B1 (en) 1999-11-15 2004-06-08 International Business Machines Corporation Method and apparatus for load balancing of parallel servers in a network environment
US6952728B1 (en) 1999-12-01 2005-10-04 Nortel Networks Limited Providing desired service policies to subscribers accessing internet
WO2001040903A2 (en) 1999-12-06 2001-06-07 Warp Solutions, Inc. System and method for enhancing operation of a web server cluster
US6510464B1 (en) 1999-12-14 2003-01-21 Verizon Corporate Services Group Inc. Secure gateway having routing feature
US6564215B1 (en) 1999-12-16 2003-05-13 International Business Machines Corporation Update support in database content management
US6754706B1 (en) 1999-12-16 2004-06-22 Speedera Networks, Inc. Scalable domain name system with persistence and load balancing
US7269143B2 (en) 1999-12-31 2007-09-11 Ragula Systems (Fatpipe Networks) Combining routers to increase concurrency and redundancy in external network access
US6587866B1 (en) 2000-01-10 2003-07-01 Sun Microsystems, Inc. Method for distributing packets to server nodes using network client affinity and packet distribution table
US6820133B1 (en) 2000-02-07 2004-11-16 Netli, Inc. System and method for high-performance delivery of web content using high-performance communications protocol between the first and second specialized intermediate nodes to optimize a measure of communications performance between the source and the destination
US6725272B1 (en) 2000-02-18 2004-04-20 Netscaler, Inc. Apparatus, method and computer program product for guaranteed content delivery incorporating putting a client on-hold based on response time
JP3817429B2 (en) 2000-02-23 2006-09-06 キヤノン株式会社 Information processing apparatus, information processing method, and information processing program
US6877095B1 (en) 2000-03-09 2005-04-05 Microsoft Corporation Session-state manager
US8380854B2 (en) 2000-03-21 2013-02-19 F5 Networks, Inc. Simplified method for processing multiple connections from the same client
US6336137B1 (en) 2000-03-31 2002-01-01 Siebel Systems, Inc. Web client-server system and method for incompatible page markup and presentation languages
JP2001298449A (en) 2000-04-12 2001-10-26 Matsushita Electric Ind Co Ltd Security communication method, communication system and its unit
US6657974B1 (en) 2000-04-14 2003-12-02 International Business Machines Corporation Method and apparatus for generating replies to address resolution protocol requests
US8239445B1 (en) 2000-04-25 2012-08-07 International Business Machines Corporation URL-based sticky routing tokens using a server-side cookie jar
US6718383B1 (en) 2000-06-02 2004-04-06 Sun Microsystems, Inc. High availability networking with virtual IP address failover
US8204082B2 (en) 2000-06-23 2012-06-19 Cloudshield Technologies, Inc. Transparent provisioning of services over a network
US7031267B2 (en) 2000-12-21 2006-04-18 802 Systems Llc PLD-based packet filtering methods with PLD configuration data update of filtering rules
US7013482B1 (en) 2000-07-07 2006-03-14 802 Systems Llc Methods for packet filtering including packet invalidation if packet validity determination not timely made
US7814180B2 (en) 2000-07-13 2010-10-12 Infoblox, Inc. Domain name service server
US6591262B1 (en) 2000-08-01 2003-07-08 International Business Machines Corporation Collaborative workload management incorporating work unit attributes in resource allocation
US6941384B1 (en) 2000-08-17 2005-09-06 International Business Machines Corporation Methods, systems and computer program products for failure recovery for routed virtual internet protocol addresses
US7120697B2 (en) 2001-05-22 2006-10-10 International Business Machines Corporation Methods, systems and computer program products for port assignments of multiple application instances using the same source IP address
US6996617B1 (en) 2000-08-17 2006-02-07 International Business Machines Corporation Methods, systems and computer program products for non-disruptively transferring a virtual internet protocol address between communication protocol stacks
US6996631B1 (en) 2000-08-17 2006-02-07 International Business Machines Corporation System having a single IP address associated with communication protocol stacks in a cluster of processing systems
US6954784B2 (en) 2000-08-17 2005-10-11 International Business Machines Corporation Systems, method and computer program products for cluster workload distribution without preconfigured port identification by utilizing a port of multiple ports associated with a single IP address
CN1200368C (en) 2000-08-18 2005-05-04 清华大学 Local re-transmission method of using TCP for un-reliable transmission network
US7711790B1 (en) 2000-08-24 2010-05-04 Foundry Networks, Inc. Securing an accessible computer system
US7010605B1 (en) 2000-08-29 2006-03-07 Microsoft Corporation Method and apparatus for encoding and storing session data
US6772334B1 (en) 2000-08-31 2004-08-03 Networks Associates, Inc. System and method for preventing a spoofed denial of service attack in a networked computing environment
JP3501361B2 (en) 2000-09-04 2004-03-02 インターナショナル・ビジネス・マシーンズ・コーポレーション Computer network system, computer system, communication method between computer systems, method for measuring computer system performance, and recording medium
US7398317B2 (en) 2000-09-07 2008-07-08 Mazu Networks, Inc. Thwarting connection-based denial of service attacks
JP2002091936A (en) 2000-09-11 2002-03-29 Hitachi Ltd Device for distributing load and method for estimating load
US9525696B2 (en) 2000-09-25 2016-12-20 Blue Coat Systems, Inc. Systems and methods for processing data flows
US7454500B1 (en) 2000-09-26 2008-11-18 Foundry Networks, Inc. Global server load balancing
US6813635B1 (en) 2000-10-13 2004-11-02 Hewlett-Packard Development Company, L.P. System and method for distributing load among redundant independent stateful world wide web server sites
US6963917B1 (en) 2000-10-20 2005-11-08 International Business Machines Corporation Methods, systems and computer program products for policy based distribution of workload to subsets of potential servers
US6965930B1 (en) 2000-10-20 2005-11-15 International Business Machines Corporation Methods, systems and computer program products for workload distribution based on end-to-end quality of service
ATE381191T1 (en) * 2000-10-26 2007-12-15 Prismedia Networks Inc METHOD AND SYSTEM FOR MANAGING DISTRIBUTED CONTENT AND CORRESPONDING METADATA
US7039717B2 (en) 2000-11-10 2006-05-02 Nvidia Corporation Internet modem streaming socket method
US7739398B1 (en) 2000-11-21 2010-06-15 Avaya Inc. Dynamic load balancer
US20020078164A1 (en) 2000-12-13 2002-06-20 Marnetics Ltd. System and method for data transfer acceleration in a TCP network environment
US6779033B1 (en) 2000-12-28 2004-08-17 Networks Associates Technology, Inc. System and method for transacting a validated application session in a networked computing environment
US7301899B2 (en) 2001-01-31 2007-11-27 Comverse Ltd. Prevention of bandwidth congestion in a denial of service or other internet-based attack
US7155515B1 (en) 2001-02-06 2006-12-26 Microsoft Corporation Distributed load balancing for single entry-point systems
US7149817B2 (en) 2001-02-15 2006-12-12 Neteffect, Inc. Infiniband TM work queue to TCP/IP translation
WO2002069575A1 (en) 2001-02-28 2002-09-06 Gotham Networks, Inc. Methods and apparatus for network routing device
US7454523B2 (en) 2001-03-16 2008-11-18 Intel Corporation Geographic location determination including inspection of network address
US7313822B2 (en) 2001-03-16 2007-12-25 Protegrity Corporation Application-layer security method and system
US7533409B2 (en) 2001-03-22 2009-05-12 Corente, Inc. Methods and systems for firewalling virtual private networks
JP2002290459A (en) 2001-03-27 2002-10-04 Nec Corp Device for transferring packets and method for the same
US7349970B2 (en) 2001-03-29 2008-03-25 International Business Machines Corporation Workload management of stateful program entities
US20020143954A1 (en) 2001-04-03 2002-10-03 Aiken John Andrew Methods, systems and computer program products for content-based routing via active TCP connection transfer
US20020143953A1 (en) 2001-04-03 2002-10-03 International Business Machines Corporation Automatic affinity within networks performing workload balancing
US20030189927A1 (en) 2001-04-27 2003-10-09 Foster Michael S. Method and system for multiframe buffering in a routing device
US7711831B2 (en) 2001-05-22 2010-05-04 International Business Machines Corporation Methods, systems and computer program products for source address selection
US20020176378A1 (en) * 2001-05-22 2002-11-28 Hamilton Thomas E. Platform and method for providing wireless data services
US6839700B2 (en) 2001-05-23 2005-01-04 International Business Machines Corporation Load balancing content requests using dynamic document generation cost information
GB0113844D0 (en) 2001-06-07 2001-08-01 Marconi Comm Ltd Real time processing
US7239632B2 (en) 2001-06-18 2007-07-03 Tatara Systems, Inc. Method and apparatus for converging local area and wide area wireless data networks
US6944678B2 (en) 2001-06-18 2005-09-13 Transtech Networks Usa, Inc. Content-aware application switch and methods thereof
US8180921B2 (en) 2001-06-19 2012-05-15 Intel Corporation Method and apparatus for load balancing
US7343399B2 (en) 2001-06-25 2008-03-11 Nortel Networks Limited Apparatus and method for managing internet resource requests
US6922727B2 (en) 2001-06-26 2005-07-26 International Business Machines Corporation Method and system for managing parallel data transfer through multiple sockets to provide scalability to a computer network
DE60202527T2 (en) 2001-07-03 2006-03-30 Telefonaktiebolaget Lm Ericsson (Publ) METHOD AND SYSTEM FOR TREATING MULTILINGER MESSAGES
US7305492B2 (en) 2001-07-06 2007-12-04 Juniper Networks, Inc. Content service aggregation system
US7509369B1 (en) * 2001-07-11 2009-03-24 Swsoft Holdings, Ltd. Balancing shared servers in virtual environments
US7366794B2 (en) 2001-07-13 2008-04-29 Certicom Corp. Method and apparatus for resolving a web site address when connected with a virtual private network (VPN)
US7072958B2 (en) * 2001-07-30 2006-07-04 Intel Corporation Identifying network management policies
US20040187032A1 (en) 2001-08-07 2004-09-23 Christoph Gels Method, data carrier, computer system and computer progamme for the identification and defence of attacks in server of network service providers and operators
US7039037B2 (en) 2001-08-20 2006-05-02 Wang Jiwei R Method and apparatus for providing service selection, redirection and managing of subscriber access to multiple WAP (Wireless Application Protocol) gateways simultaneously
US6895590B2 (en) 2001-09-26 2005-05-17 Intel Corporation Method and system enabling both legacy and new applications to access an InfiniBand fabric via a socket API
EP1436736B1 (en) 2001-09-28 2017-06-28 Level 3 CDN International, Inc. Configurable adaptive global traffic control and management
FR2830397B1 (en) 2001-09-28 2004-12-03 Evolium Sas METHOD FOR IMPROVING THE PERFORMANCE OF A TRANSMISSION PROTOCOL USING A RETRANSMISSION TIMER
US7822970B2 (en) 2001-10-24 2010-10-26 Microsoft Corporation Method and apparatus for regulating access to a computer via a computer network
JP3730563B2 (en) 2001-11-02 2006-01-05 キヤノンソフトウェア株式会社 Session management apparatus, session management method, program, and recording medium
US7958199B2 (en) 2001-11-02 2011-06-07 Oracle America, Inc. Switching systems and methods for storage management in digital networks
US7370353B2 (en) 2001-11-05 2008-05-06 Cisco Technology, Inc. System and method for managing dynamic network sessions
US7512980B2 (en) 2001-11-30 2009-03-31 Lancope, Inc. Packet sampling flow-based detection of network intrusions
JP3898498B2 (en) * 2001-12-06 2007-03-28 富士通株式会社 Server load balancing system
US20030131245A1 (en) 2002-01-04 2003-07-10 Michael Linderman Communication security system
US6633835B1 (en) 2002-01-10 2003-10-14 Networks Associates Technology, Inc. Prioritized data capture, classification and filtering in a network monitoring environment
US7058718B2 (en) 2002-01-15 2006-06-06 International Business Machines Corporation Blended SYN cookies
US8090866B1 (en) 2002-01-18 2012-01-03 Cisco Technology, Inc. TCP proxy connection management in a gigabit environment
US7076555B1 (en) 2002-01-23 2006-07-11 Novell, Inc. System and method for transparent takeover of TCP connections between servers
CN1714545A (en) 2002-01-24 2005-12-28 艾维西系统公司 System and method for fault tolerant data communication
US7240330B2 (en) 2002-02-01 2007-07-03 John Fairweather Use of ontologies for auto-generating and handling applications, their persistent storage, and user interfaces
WO2003067382A2 (en) 2002-02-04 2003-08-14 Intel Corporation Service processor having a queue operations unit and an output scheduler
US7584262B1 (en) 2002-02-11 2009-09-01 Extreme Networks Method of and system for allocating resources to resource requests based on application of persistence policies
US7228359B1 (en) 2002-02-12 2007-06-05 Cisco Technology, Inc. Methods and apparatus for providing domain name service based on a client identifier
CA2372092C (en) 2002-02-15 2010-04-06 Cognos Incorporated A queuing model for a plurality of servers
US20030195962A1 (en) 2002-04-10 2003-10-16 Satoshi Kikuchi Load balancing of servers
US8554929B1 (en) 2002-05-03 2013-10-08 Foundry Networks, Llc Connection rate limiting for server load balancing and transparent cache switching
US7707295B1 (en) 2002-05-03 2010-04-27 Foundry Networks, Inc. Connection rate limiting
KR100976750B1 (en) 2002-05-09 2010-08-18 오니시스 그룹 엘.에이., 엘엘시 Encryption device, encryption method, and encryption system
US7340535B1 (en) 2002-06-04 2008-03-04 Fortinet, Inc. System and method for controlling routing in a virtual router system
US6888807B2 (en) 2002-06-10 2005-05-03 Ipr Licensing, Inc. Applying session services based on packet flows
US7277963B2 (en) 2002-06-26 2007-10-02 Sandvine Incorporated TCP proxy providing application layer modifications
US6744774B2 (en) 2002-06-27 2004-06-01 Nokia, Inc. Dynamic routing over secure networks
US7254133B2 (en) 2002-07-15 2007-08-07 Intel Corporation Prevention of denial of service attacks
US7069438B2 (en) 2002-08-19 2006-06-27 Sowl Associates, Inc. Establishing authenticated network connections
US7430755B1 (en) 2002-09-03 2008-09-30 Fs Networks, Inc. Method and system for providing persistence in a secure network access
US7337241B2 (en) 2002-09-27 2008-02-26 Alacritech, Inc. Fast-path apparatus for receiving data corresponding to a TCP connection
US7506360B1 (en) 2002-10-01 2009-03-17 Mirage Networks, Inc. Tracking communication for determining device states
US7236457B2 (en) 2002-10-04 2007-06-26 Intel Corporation Load balancing in a network
US7487248B2 (en) 2002-10-08 2009-02-03 Brian Moran Method and system for transferring a computer session between devices
US7310686B2 (en) 2002-10-27 2007-12-18 Paxfire, Inc. Apparatus and method for transparent selection of an Internet server based on geographic location of a user
US8176186B2 (en) 2002-10-30 2012-05-08 Riverbed Technology, Inc. Transaction accelerator for client-server communications systems
US7406087B1 (en) 2002-11-08 2008-07-29 Juniper Networks, Inc. Systems and methods for accelerating TCP/IP data stream processing
US7386889B2 (en) 2002-11-18 2008-06-10 Trusted Network Technologies, Inc. System and method for intrusion prevention in a communications network
US7945673B2 (en) 2002-12-06 2011-05-17 Hewlett-Packard Development Company, L.P. Reduced wireless internet connect time
US7379958B2 (en) 2002-12-30 2008-05-27 Nokia Corporation Automatic and dynamic service information delivery from service providers to data terminals in an access point network
US7269850B2 (en) 2002-12-31 2007-09-11 Intel Corporation Systems and methods for detecting and tracing denial of service attacks
US7234161B1 (en) 2002-12-31 2007-06-19 Nvidia Corporation Method and apparatus for deflecting flooding attacks
US6904439B2 (en) * 2002-12-31 2005-06-07 International Business Machines Corporation System and method for aggregating user project information in a multi-server system
US7089231B2 (en) * 2002-12-31 2006-08-08 International Business Machines Corporation System and method for searching a plurality of databases distributed across a multi server domain
US7194480B2 (en) * 2002-12-31 2007-03-20 International Business Machines Corporation System and method for invoking methods on place objects in a distributed environment
US20040141005A1 (en) * 2003-01-22 2004-07-22 International Business Machines Corporation System and method for integrating online meeting materials in a place
US7167874B2 (en) * 2003-01-22 2007-01-23 International Business Machines Corporation System and method for command line administration of project spaces using XML objects
US7835363B2 (en) 2003-02-12 2010-11-16 Broadcom Corporation Method and system to provide blade server load balancing using spare link bandwidth
US20040210623A1 (en) * 2003-03-06 2004-10-21 Aamer Hydrie Virtual network topology generation
US7355992B2 (en) 2003-03-18 2008-04-08 Harris Corporation Relay for extended range point-to-point wireless packetized data communication system
JPWO2004084085A1 (en) 2003-03-18 2006-06-22 富士通株式会社 Load balancing system by inter-site cooperation
US20040210663A1 (en) 2003-04-15 2004-10-21 Paul Phillips Object-aware transport-layer network processing engine
US7373500B2 (en) * 2003-04-15 2008-05-13 Sun Microsystems, Inc. Secure network processing
US7308499B2 (en) 2003-04-30 2007-12-11 Avaya Technology Corp. Dynamic load balancing for enterprise IP traffic
US7356577B2 (en) 2003-06-12 2008-04-08 Samsung Electronics Co., Ltd. System and method for providing an online software upgrade in load sharing servers
US7181524B1 (en) 2003-06-13 2007-02-20 Veritas Operating Corporation Method and apparatus for balancing a load among a plurality of servers in a computer system
US7590736B2 (en) 2003-06-30 2009-09-15 Microsoft Corporation Flexible network load balancing
US7613822B2 (en) 2003-06-30 2009-11-03 Microsoft Corporation Network load balancing with session information
US20050027862A1 (en) 2003-07-18 2005-02-03 Nguyen Tien Le System and methods of cooperatively load-balancing clustered servers
KR100568231B1 (en) 2003-08-11 2006-04-07 삼성전자주식회사 Domain name service system and service method thereof
US8938553B2 (en) 2003-08-12 2015-01-20 Riverbed Technology, Inc. Cooperative proxy auto-discovery and connection interception through network address translation
US7385923B2 (en) 2003-08-14 2008-06-10 International Business Machines Corporation Method, system and article for improved TCP performance during packet reordering
US7467202B2 (en) 2003-09-10 2008-12-16 Fidelis Security Systems High-performance network content analysis platform
KR100570836B1 (en) 2003-10-14 2006-04-13 한국전자통신연구원 A Server Load Balancing Device and Method using Load Balancing Session Label
CN100456690C (en) 2003-10-14 2009-01-28 北京邮电大学 Whole load equalizing method based on global network positioning
US7472190B2 (en) 2003-10-17 2008-12-30 International Business Machines Corporation Method, system and program product for preserving a user state in an application
JP2005141441A (en) 2003-11-06 2005-06-02 Hitachi Ltd Load distribution system
US20050125276A1 (en) 2003-12-05 2005-06-09 Grigore Rusu System and method for event tracking across plural contact mediums
US20050213586A1 (en) 2004-02-05 2005-09-29 David Cyganski System and method to increase network throughput
US7881215B1 (en) 2004-03-18 2011-02-01 Avaya Inc. Stateful and stateless data processing
US20050240989A1 (en) 2004-04-23 2005-10-27 Seoul National University Industry Foundation Method of sharing state between stateful inspection firewalls on mep network
US20060112170A1 (en) * 2004-05-03 2006-05-25 Craig Sirkin Geo-locating load balancing
US20060064478A1 (en) * 2004-05-03 2006-03-23 Level 3 Communications, Inc. Geo-locating load balancing
US7584301B1 (en) 2004-05-06 2009-09-01 Foundry Networks, Inc. Host-level policies for global server load balancing
US8423758B2 (en) 2004-05-10 2013-04-16 Tara Chand Singhal Method and apparatus for packet source validation architecture system for enhanced internet security
US7391725B2 (en) 2004-05-18 2008-06-24 Christian Huitema System and method for defeating SYN attacks
US8179786B2 (en) 2004-05-19 2012-05-15 Mosaid Technologies Incorporated Dynamic traffic rearrangement and restoration for MPLS networks with differentiated services capabilities
US20060069774A1 (en) 2004-06-17 2006-03-30 International Business Machine Corporation Method and apparatus for managing data center using Web services
FI20040888A0 (en) 2004-06-28 2004-06-28 Nokia Corp Management of services in a packet switching data network
US8688834B2 (en) 2004-07-09 2014-04-01 Toshiba America Research, Inc. Dynamic host configuration and network access authentication
CN1317853C (en) 2004-07-20 2007-05-23 联想网御科技(北京)有限公司 Network safety equipment and assemblied system and method for implementing high availability
JP4313266B2 (en) 2004-07-29 2009-08-12 株式会社エヌ・ティ・ティ・ドコモ Server apparatus, control method thereof and connection establishment method
TW200606667A (en) 2004-08-13 2006-02-16 Reallusion Inc System and method of converting and sharing data
US7423977B1 (en) 2004-08-23 2008-09-09 Foundry Networks Inc. Smoothing algorithm for round trip time (RTT) measurements
JP4555025B2 (en) 2004-08-25 2010-09-29 株式会社エヌ・ティ・ティ・ドコモ Server device, client device, and process execution method
US7292592B2 (en) 2004-10-08 2007-11-06 Telefonaktiebolaget Lm Ericsson (Publ) Home network-assisted selection of intermediary network for a roaming mobile terminal
US20060092950A1 (en) * 2004-10-28 2006-05-04 Cisco Technology, Inc. Architecture and method having redundancy in active/active stateful devices based on symmetric global load balancing protocol (sGLBP)
US20060098645A1 (en) 2004-11-09 2006-05-11 Lev Walkin System and method for providing client identifying information to a server
US8458467B2 (en) 2005-06-21 2013-06-04 Cisco Technology, Inc. Method and apparatus for adaptive application message payload content transformation in a network infrastructure element
US7634564B2 (en) 2004-11-18 2009-12-15 Nokia Corporation Systems and methods for invoking a service from a plurality of event servers in a network
US7613193B2 (en) 2005-02-04 2009-11-03 Nokia Corporation Apparatus, method and computer program product to reduce TCP flooding attacks while conserving wireless network bandwidth
US20060190997A1 (en) 2005-02-22 2006-08-24 Mahajani Amol V Method and system for transparent in-line protection of an electronic communications network
US20060187901A1 (en) 2005-02-23 2006-08-24 Lucent Technologies Inc. Concurrent dual-state proxy server, method of providing a proxy and SIP network employing the same
US8533473B2 (en) 2005-03-04 2013-09-10 Oracle America, Inc. Method and apparatus for reducing bandwidth usage in secure transactions
US20060206586A1 (en) 2005-03-09 2006-09-14 Yibei Ling Method, apparatus and system for a location-based uniform resource locator
JP4413965B2 (en) 2005-03-17 2010-02-10 富士通株式会社 Load balancing communication device and load balancing management device
KR101141645B1 (en) 2005-03-29 2012-05-17 엘지전자 주식회사 Method for Controlling Transmission of Data Block
US7606147B2 (en) 2005-04-13 2009-10-20 Zeugma Systems Inc. Application aware traffic shaping service node positioned between the access and core networks
US7990847B1 (en) 2005-04-15 2011-08-02 Cisco Technology, Inc. Method and system for managing servers in a server cluster
KR100642935B1 (en) 2005-05-06 2006-11-10 (주)아이디스 Name service system and method thereof
US7826487B1 (en) 2005-05-09 2010-11-02 F5 Network, Inc Coalescing acknowledgement responses to improve network communications
JP4101251B2 (en) 2005-05-24 2008-06-18 富士通株式会社 Load distribution program, load distribution method, and load distribution apparatus
US7664041B2 (en) * 2005-05-26 2010-02-16 Dale Trenton Smith Distributed stream analysis using general purpose processors
IES20050376A2 (en) 2005-06-03 2006-08-09 Asavie R & D Ltd Secure network communication system and method
US20060277303A1 (en) 2005-06-06 2006-12-07 Nikhil Hegde Method to improve response time when clients use network services
JP4557815B2 (en) 2005-06-13 2010-10-06 富士通株式会社 Relay device and relay system
US7774402B2 (en) 2005-06-29 2010-08-10 Visa U.S.A. Adaptive gateway for switching transactions and data on unreliable networks using context-based rules
US7609625B2 (en) 2005-07-06 2009-10-27 Fortinet, Inc. Systems and methods for detecting and preventing flooding attacks in a network environment
US7496566B2 (en) 2005-08-03 2009-02-24 Intenational Business Machines Corporation Priority based LDAP service publication mechanism
EP1770915A1 (en) 2005-09-29 2007-04-04 Matsushita Electric Industrial Co., Ltd. Policy control in the evolved system architecture
US20070086382A1 (en) 2005-10-17 2007-04-19 Vidya Narayanan Methods of network access configuration in an IP network
JP4650203B2 (en) * 2005-10-20 2011-03-16 株式会社日立製作所 Information system and management computer
US7606232B1 (en) 2005-11-09 2009-10-20 Juniper Networks, Inc. Dynamic virtual local area network (VLAN) interface configuration
US20070118881A1 (en) 2005-11-18 2007-05-24 Julian Mitchell Application control at a policy server
US7694011B2 (en) 2006-01-17 2010-04-06 Cisco Technology, Inc. Techniques for load balancing over a cluster of subscriber-aware application servers
CN100452041C (en) 2006-01-18 2009-01-14 腾讯科技(深圳)有限公司 Method and system for reading information at network resource site, and searching engine
US7610622B2 (en) 2006-02-06 2009-10-27 Cisco Technology, Inc. Supporting options in a communication session using a TCP cookie
US7675854B2 (en) 2006-02-21 2010-03-09 A10 Networks, Inc. System and method for an adaptive TCP SYN cookie with time validation
US7492766B2 (en) 2006-02-22 2009-02-17 Juniper Networks, Inc. Dynamic building of VLAN interfaces based on subscriber information strings
US7808994B1 (en) 2006-02-22 2010-10-05 Juniper Networks, Inc. Forwarding traffic to VLAN interfaces built based on subscriber information strings
US8832247B2 (en) 2006-03-24 2014-09-09 Blue Coat Systems, Inc. Methods and systems for caching content at multiple levels
JP5108244B2 (en) 2006-03-30 2012-12-26 株式会社エヌ・ティ・ティ・ドコモ Communication terminal and retransmission control method
US8539075B2 (en) 2006-04-21 2013-09-17 International Business Machines Corporation On-demand global server load balancing system and method of use
US8130826B2 (en) * 2006-04-27 2012-03-06 Jds Uniphase Corporation Systems and methods for preparing network data for analysis
US7680478B2 (en) 2006-05-04 2010-03-16 Telefonaktiebolaget Lm Ericsson (Publ) Inactivity monitoring for different traffic or service classifications
US20070274285A1 (en) 2006-05-23 2007-11-29 Werber Ryan A System and method for configuring a router
KR100830413B1 (en) 2006-05-25 2008-05-20 (주)씨디네트웍스 Server connection system and load balancing network system
US20070283429A1 (en) 2006-05-30 2007-12-06 A10 Networks Inc. Sequence number based TCP session proxy
GB0611249D0 (en) 2006-06-07 2006-07-19 Nokia Corp Communication system
US20070288247A1 (en) 2006-06-11 2007-12-13 Michael Mackay Digital life server
US20070294209A1 (en) 2006-06-20 2007-12-20 Lyle Strub Communication network application activity monitoring and control
EP2060087A1 (en) 2006-07-03 2009-05-20 Telefonaktiebolaget L M Ericsson (Publ) Topology hiding of mobile agents
US7970934B1 (en) 2006-07-31 2011-06-28 Google Inc. Detecting events of interest
EP1885096B1 (en) 2006-08-01 2012-07-04 Alcatel Lucent Application session border element
JP4916809B2 (en) 2006-08-04 2012-04-18 日本電信電話株式会社 Load balancing control apparatus and method
US7580417B2 (en) 2006-08-07 2009-08-25 Cisco Technology, Inc. Method and apparatus for load balancing over virtual network links
US8584199B1 (en) 2006-10-17 2013-11-12 A10 Networks, Inc. System and method to apply a packet routing policy to an application session
US7716378B2 (en) 2006-10-17 2010-05-11 A10 Networks, Inc. System and method to associate a private user identity with a public user identity
US8312507B2 (en) 2006-10-17 2012-11-13 A10 Networks, Inc. System and method to apply network traffic policy to an application session
JP4680866B2 (en) 2006-10-31 2011-05-11 株式会社日立製作所 Packet transfer device with gateway load balancing function
WO2008053954A1 (en) 2006-11-01 2008-05-08 Panasonic Corporation Communication control method, communication system, home agent allocation server, and mobile node
US8584195B2 (en) 2006-11-08 2013-11-12 Mcafee, Inc Identities correlation infrastructure for passive network monitoring
CN101094225B (en) 2006-11-24 2011-05-11 中兴通讯股份有限公司 Network, system and method of differentiated security service
US7974286B2 (en) 2006-12-04 2011-07-05 International Business Machines Corporation Reduced redundant security screening
EP2128772A4 (en) 2006-12-22 2014-11-12 Ibm Message hub, program, and method
US7992192B2 (en) 2006-12-29 2011-08-02 Ebay Inc. Alerting as to denial of service attacks
US8379515B1 (en) 2007-02-01 2013-02-19 F5 Networks, Inc. TCP throughput control by imposing temporal delay
CN100531098C (en) 2007-03-13 2009-08-19 华为技术有限公司 Point-to-point network system and intercommunicating method for overlapped network node
US8352634B2 (en) 2007-04-06 2013-01-08 International Business Machines Corporation On-demand propagation of routing information in distributed computing system
US7743155B2 (en) * 2007-04-20 2010-06-22 Array Networks, Inc. Active-active operation for a cluster of SSL virtual private network (VPN) devices with load distribution
US20080271130A1 (en) * 2007-04-30 2008-10-30 Shankar Ramamoorthy Minimizing client-side inconsistencies in a distributed virtual file system
US20080291911A1 (en) 2007-05-21 2008-11-27 Ist International, Inc. Method and apparatus for setting a TCP retransmission timer
US8191106B2 (en) 2007-06-07 2012-05-29 Alcatel Lucent System and method of network access security policy management for multimodal device
US7743157B2 (en) 2007-06-26 2010-06-22 Sap Ag System and method for switching between stateful and stateless communication modes
US7904409B2 (en) 2007-08-01 2011-03-08 Yahoo! Inc. System and method for global load balancing of requests for content based on membership status of a user with one or more subscription services
US8032632B2 (en) 2007-08-14 2011-10-04 Microsoft Corporation Validating change of name server
US9407693B2 (en) 2007-10-03 2016-08-02 Microsoft Technology Licensing, Llc Network routing of endpoints to content based on content swarms
WO2009061973A1 (en) 2007-11-09 2009-05-14 Blade Network Technologies, Inc. Session-less load balancing of client traffic across servers in a server group
CN101163336B (en) 2007-11-15 2010-06-16 中兴通讯股份有限公司 Method of implementing mobile phone terminal access authority authentication
CN101169785A (en) 2007-11-21 2008-04-30 浪潮电子信息产业股份有限公司 Clustered database system dynamic loading balancing method
GB0723422D0 (en) 2007-11-29 2008-01-09 Level 5 Networks Inc Virtualised receive side scaling
US8125908B2 (en) 2007-12-04 2012-02-28 Extrahop Networks, Inc. Adaptive network traffic classification using historical context
US8756340B2 (en) 2007-12-20 2014-06-17 Yahoo! Inc. DNS wildcard beaconing to determine client location and resolver load for global traffic load balancing
JP5296373B2 (en) 2007-12-26 2013-09-25 インターナショナル・ビジネス・マシーンズ・コーポレーション Technology that provides processing time in advance
US9100268B2 (en) 2008-02-27 2015-08-04 Alcatel Lucent Application-aware MPLS tunnel selection
US7930427B2 (en) 2008-03-03 2011-04-19 Microsoft Corporation Client-side load balancing
JP2009211343A (en) 2008-03-04 2009-09-17 Kddi Corp Server device and communication system
US8185628B2 (en) 2008-03-07 2012-05-22 At&T Mobility Ii Llc Enhanced policy capabilities for mobile data services
CN101247349A (en) 2008-03-13 2008-08-20 华耀环宇科技(北京)有限公司 Network flux fast distribution method
CN101547189B (en) 2008-03-28 2011-08-10 华为技术有限公司 Method, system and device for establishing CoD service
US7886021B2 (en) * 2008-04-28 2011-02-08 Oracle America, Inc. System and method for programmatic management of distributed computing resources
CN101261644A (en) 2008-04-30 2008-09-10 杭州华三通信技术有限公司 Method and device for accessing united resource positioning symbol database
CN101577661B (en) 2008-05-09 2013-09-11 华为技术有限公司 Method and equipment for switching path
US9137739B2 (en) 2009-01-28 2015-09-15 Headwater Partners I Llc Network based service policy implementation with network neutrality and user privacy
CN102017548B (en) 2008-06-12 2013-08-28 松下电器产业株式会社 Network monitoring device, bus system monitoring device, method and program
US7990855B2 (en) 2008-07-11 2011-08-02 Alcatel-Lucent Usa Inc. Method and system for joint reverse link access and traffic channel radio frequency overload control
CN101631065B (en) 2008-07-16 2012-04-18 华为技术有限公司 Method and device for controlling congestion of wireless multi-hop network
US8271652B2 (en) 2008-07-24 2012-09-18 Netapp, Inc. Load-derived probability-based domain name service in a network storage cluster
US7890632B2 (en) 2008-08-11 2011-02-15 International Business Machines Corporation Load balancing using replication delay
US8307422B2 (en) 2008-08-14 2012-11-06 Juniper Networks, Inc. Routing device having integrated MPLS-aware firewall
JP5211987B2 (en) 2008-09-26 2013-06-12 ブラザー工業株式会社 Terminal device and time adjustment method thereof
US7864765B2 (en) 2008-09-30 2011-01-04 At&T Intellectual Property I, L.P. Anycast-based internet protocol redirection to alleviate partial routing tables
US7958247B2 (en) 2008-10-14 2011-06-07 Hewlett-Packard Development Company, L.P. HTTP push to simulate server-initiated sessions
US8266288B2 (en) 2008-10-23 2012-09-11 International Business Machines Corporation Dynamic expiration of domain name service entries
US20100106854A1 (en) 2008-10-29 2010-04-29 Hostway Corporation System and method for controlling non-existing domain traffic
JP2010108409A (en) 2008-10-31 2010-05-13 Hitachi Ltd Storage management method and management server
US8359402B2 (en) 2008-11-19 2013-01-22 Seachange International, Inc. Intercept device for providing content
US9009329B2 (en) * 2008-11-25 2015-04-14 Microsoft Technology Licensing, Llc Platform for enabling terminal services virtualization
US8260926B2 (en) 2008-11-25 2012-09-04 Citrix Systems, Inc. Systems and methods for GSLB site persistence
US8844018B2 (en) 2008-12-18 2014-09-23 At&T Intellectual Property I, L.P. Methods and apparatus to enhance security in residential networks
CN101567818B (en) 2008-12-25 2011-04-20 中国人民解放军总参谋部第五十四研究所 Large-scale network routing simulation method based on hardware
US9112871B2 (en) 2009-02-17 2015-08-18 Core Wireless Licensing S.A.R.L Method and apparatus for providing shared services
US8364163B2 (en) 2009-02-23 2013-01-29 Research In Motion Limited Method, system and apparatus for connecting a plurality of client machines to a plurality of servers
US20100228819A1 (en) 2009-03-05 2010-09-09 Yottaa Inc System and method for performance acceleration, data protection, disaster recovery and on-demand scaling of computer applications
CN101834777B (en) 2009-03-11 2015-07-29 瞻博网络公司 The HTTP of dialogue-based high-speed cache accelerates
EP2234333B1 (en) 2009-03-23 2015-07-15 Corvil Limited System and method for estimation of round trip times within a tcp based data network
US8761204B2 (en) 2010-05-18 2014-06-24 Lsi Corporation Packet assembly module for multi-core, multi-thread network processors
US9081742B2 (en) 2009-04-27 2015-07-14 Intel Corporation Network communications processor architecture
US9461930B2 (en) 2009-04-27 2016-10-04 Intel Corporation Modifying data streams without reordering in a multi-thread, multi-flow network processor
US8296434B1 (en) 2009-05-28 2012-10-23 Amazon Technologies, Inc. Providing dynamically scaling computing load balancing
US8259726B2 (en) 2009-05-28 2012-09-04 Force10 Networks, Inc. Method and apparatus for forwarding table reduction
US8266088B2 (en) 2009-06-09 2012-09-11 Cisco Technology, Inc. Tracking policy decisions in a network
US8060579B2 (en) 2009-06-12 2011-11-15 Yahoo! Inc. User location dependent DNS lookup
US8289975B2 (en) 2009-06-22 2012-10-16 Citrix Systems, Inc. Systems and methods for handling a multi-connection protocol between a client and server traversing a multi-core system
US8863111B2 (en) 2009-06-26 2014-10-14 Oracle International Corporation System and method for providing a production upgrade of components within a multiprotocol gateway
US8165019B2 (en) 2009-07-14 2012-04-24 At&T Intellectual Property I, L.P. Indirect measurement methodology to infer routing changes using statistics of flow arrival processes
US9749387B2 (en) 2009-08-13 2017-08-29 Sap Se Transparently stateful execution of stateless applications
US9960967B2 (en) 2009-10-21 2018-05-01 A10 Networks, Inc. Determining an application delivery server based on geo-location information
WO2011049135A1 (en) * 2009-10-23 2011-04-28 日本電気株式会社 Network system, control method thereof, and controller
JP5378946B2 (en) * 2009-10-26 2013-12-25 株式会社日立製作所 Server management apparatus and server management method
WO2011066435A2 (en) 2009-11-25 2011-06-03 Citrix Systems, Inc. Systems and methods for client ip address insertion via tcp options
US8190736B2 (en) 2009-12-16 2012-05-29 Quantum Corporation Reducing messaging in a client-server system
US8335853B2 (en) 2009-12-17 2012-12-18 Sonus Networks, Inc. Transparent recovery of transport connections using packet translation techniques
US8255528B2 (en) 2009-12-23 2012-08-28 Citrix Systems, Inc. Systems and methods for GSLB spillover
US8965955B2 (en) * 2009-12-23 2015-02-24 Citrix Systems, Inc. Systems and methods for policy based integration to horizontally deployed WAN optimization appliances
WO2011079381A1 (en) 2009-12-31 2011-07-07 Bce Inc. Method and system for increasing performance of transmission control protocol sessions in data networks
US8789061B2 (en) 2010-02-01 2014-07-22 Ca, Inc. System and method for datacenter power management
US8301786B2 (en) 2010-02-10 2012-10-30 Cisco Technology, Inc. Application session control using packet inspection
US8804513B2 (en) 2010-02-25 2014-08-12 The Trustees Of Columbia University In The City Of New York Methods and systems for controlling SIP overload
US8533337B2 (en) * 2010-05-06 2013-09-10 Citrix Systems, Inc. Continuous upgrading of computers in a load balanced environment
JP5557590B2 (en) 2010-05-06 2014-07-23 株式会社日立製作所 Load balancing apparatus and system
US8499093B2 (en) 2010-05-14 2013-07-30 Extreme Networks, Inc. Methods, systems, and computer readable media for stateless load balancing of network traffic flows
US20110289496A1 (en) 2010-05-18 2011-11-24 North End Technologies, Inc. Method & apparatus for load balancing software update across a plurality of publish/subscribe capable client devices
US8539068B2 (en) 2010-06-07 2013-09-17 Salesforce.Com, Inc. Methods and systems for providing customized domain messages
US20110307541A1 (en) 2010-06-10 2011-12-15 Microsoft Corporation Server load balancing and draining in enhanced communication systems
US9680750B2 (en) 2010-07-06 2017-06-13 Nicira, Inc. Use of tunnels to hide network addresses
US8743889B2 (en) 2010-07-06 2014-06-03 Nicira, Inc. Method and apparatus for using a network information base to control a plurality of shared network infrastructure switching elements
US9363312B2 (en) 2010-07-28 2016-06-07 International Business Machines Corporation Transparent header modification for reducing serving load based on current and projected usage
US8520672B2 (en) 2010-07-29 2013-08-27 Cisco Technology, Inc. Packet switching device using results determined by an application node
US8675488B1 (en) 2010-09-07 2014-03-18 Juniper Networks, Inc. Subscriber-based network traffic management
US8949410B2 (en) * 2010-09-10 2015-02-03 Cisco Technology, Inc. Server load balancer scaling for virtual servers
US9215275B2 (en) 2010-09-30 2015-12-15 A10 Networks, Inc. System and method to balance servers based on server load status
US20120084460A1 (en) 2010-10-04 2012-04-05 Openwave Systems Inc. Method and system for dynamic traffic steering
US9237194B2 (en) * 2010-11-05 2016-01-12 Verizon Patent And Licensing Inc. Load balancer and firewall self-provisioning system
US8533285B2 (en) * 2010-12-01 2013-09-10 Cisco Technology, Inc. Directing data flows in data centers with clustering services
US9609052B2 (en) 2010-12-02 2017-03-28 A10 Networks, Inc. Distributing application traffic to servers based on dynamic service response time
EP2649858B1 (en) 2010-12-07 2018-09-19 Telefonaktiebolaget LM Ericsson (publ) Method for enabling traffic acceleration in a mobile telecommunication network
US9152293B2 (en) * 2010-12-09 2015-10-06 Verizon Patent And Licensing Inc. Server IP addressing in a computing-on-demand system
US8965957B2 (en) 2010-12-15 2015-02-24 Sap Se Service delivery framework
EP2659651B1 (en) 2010-12-29 2019-10-23 Citrix Systems Inc. Systems and methods for policy based integration to horizontally deployed wan optimization appliances
US8477730B2 (en) 2011-01-04 2013-07-02 Cisco Technology, Inc. Distributed load management on network devices
CN103477611B (en) * 2011-02-09 2016-09-28 思杰系统有限公司 The system and method redirected for N tier cache
CN102104548B (en) 2011-03-02 2015-06-10 中兴通讯股份有限公司 Method and device for receiving and processing data packets
US8732267B2 (en) * 2011-03-15 2014-05-20 Cisco Technology, Inc. Placement of a cloud service using network topology and infrastructure performance
US8694993B1 (en) * 2011-03-31 2014-04-08 Emc Corporation Virtualization platform for secured communications between a user device and an application server
KR101246889B1 (en) 2011-04-15 2013-03-25 서강대학교산학협력단 Method and system of controlling data transfer rate for downward vertical handover in overlayed network environment
KR101528825B1 (en) 2011-04-18 2015-06-15 닛본 덴끼 가부시끼가이샤 Terminal, control device, communication method, communication system, communication module, program, and information processing device
US8804620B2 (en) 2011-10-04 2014-08-12 Juniper Networks, Inc. Methods and apparatus for enforcing a common user policy within a network
US8885463B1 (en) 2011-10-17 2014-11-11 Juniper Networks, Inc. Path computation element communication protocol (PCEP) extensions for stateful label switched path management
US8897154B2 (en) 2011-10-24 2014-11-25 A10 Networks, Inc. Combining stateless and stateful server load balancing
US8918501B2 (en) 2011-11-10 2014-12-23 Microsoft Corporation Pattern-based computational health and configuration monitoring
EP2749118B1 (en) 2011-11-23 2018-01-10 Telefonaktiebolaget LM Ericsson (publ) Improving tcp performance in a cellular network
US9386088B2 (en) 2011-11-29 2016-07-05 A10 Networks, Inc. Accelerating service processing using fast path TCP
US8880689B2 (en) 2011-12-22 2014-11-04 Empire Technology Development Llc Apparatus, mobile terminal, and method to estimate quality of experience of application
US9094364B2 (en) 2011-12-23 2015-07-28 A10 Networks, Inc. Methods to manage services over a service gateway
US8874790B2 (en) 2011-12-30 2014-10-28 Verisign, Inc. DNS package in a partitioned network
US9380635B2 (en) 2012-01-09 2016-06-28 Google Technology Holdings LLC Dynamic TCP layer optimization for real-time field performance
US8898222B2 (en) 2012-01-19 2014-11-25 International Business Machines Corporation Processing STREAMS messages over a system area network
JP2013152095A (en) 2012-01-24 2013-08-08 Sony Corp Time control device, time control method and program
US10044582B2 (en) 2012-01-28 2018-08-07 A10 Networks, Inc. Generating secure name records
KR101348739B1 (en) 2012-02-22 2014-01-08 유대영 LED Lighting apparatus and LED Lighting system having the same
US9386128B2 (en) 2012-03-23 2016-07-05 Qualcomm Incorporated Delay based active queue management for uplink traffic in user equipment
US9118618B2 (en) 2012-03-29 2015-08-25 A10 Networks, Inc. Hardware-based packet editor
WO2013158098A1 (en) * 2012-04-19 2013-10-24 Empire Technology Development Llc Migration in place
US9027129B1 (en) 2012-04-30 2015-05-05 Brocade Communications Systems, Inc. Techniques for protecting against denial of service attacks
US9755994B2 (en) 2012-05-21 2017-09-05 Nvidia Corporation Mechanism for tracking age of common resource requests within a resource management subsystem
US8782221B2 (en) 2012-07-05 2014-07-15 A10 Networks, Inc. Method to allocate buffer for TCP proxy session based on dynamic network conditions
US9158577B2 (en) 2012-08-08 2015-10-13 Amazon Technologies, Inc. Immediately launching applications
WO2014031046A1 (en) 2012-08-23 2014-02-27 Telefonaktiebolaget L M Ericsson (Publ) Tcp proxy server
US10021174B2 (en) 2012-09-25 2018-07-10 A10 Networks, Inc. Distributing service sessions
US9843484B2 (en) 2012-09-25 2017-12-12 A10 Networks, Inc. Graceful scaling in software driven networks
US10002141B2 (en) 2012-09-25 2018-06-19 A10 Networks, Inc. Distributed database in software driven networks
US9106561B2 (en) 2012-12-06 2015-08-11 A10 Networks, Inc. Configuration of a virtual service network
US9705800B2 (en) 2012-09-25 2017-07-11 A10 Networks, Inc. Load distribution in data networks
US9338225B2 (en) 2012-12-06 2016-05-10 A10 Networks, Inc. Forwarding policies on a virtual service network
US9531846B2 (en) 2013-01-23 2016-12-27 A10 Networks, Inc. Reducing buffer usage for TCP proxy session based on delayed acknowledgement
US9900252B2 (en) 2013-03-08 2018-02-20 A10 Networks, Inc. Application delivery controller and global server load balancer
US20140258465A1 (en) 2013-03-11 2014-09-11 Cisco Technology, Inc. Identification of originating ip address and client port connection to a web server via a proxy server
WO2014144837A1 (en) 2013-03-15 2014-09-18 A10 Networks, Inc. Processing data packets using a policy based network path
US9148465B2 (en) 2013-04-01 2015-09-29 Oracle International Corporation Update management for a distributed computing system
US10027761B2 (en) 2013-05-03 2018-07-17 A10 Networks, Inc. Facilitating a secure 3 party network session by a network device
WO2014179753A2 (en) 2013-05-03 2014-11-06 A10 Networks, Inc. Facilitating secure network traffic by an application delivery controller
US9225638B2 (en) 2013-05-09 2015-12-29 Vmware, Inc. Method and system for service switching using service tags
US9319476B2 (en) 2013-05-28 2016-04-19 Verizon Patent And Licensing Inc. Resilient TCP splicing for proxy services
US9380646B2 (en) 2013-09-24 2016-06-28 At&T Intellectual Property I, L.P. Network selection architecture
US10230770B2 (en) 2013-12-02 2019-03-12 A10 Networks, Inc. Network proxy layer for policy-based application proxies
US9942152B2 (en) 2014-03-25 2018-04-10 A10 Networks, Inc. Forwarding data packets using a service-based forwarding policy
US9942162B2 (en) 2014-03-31 2018-04-10 A10 Networks, Inc. Active application response delay time
US9917851B2 (en) 2014-04-28 2018-03-13 Sophos Limited Intrusion detection using a heartbeat
US9906422B2 (en) 2014-05-16 2018-02-27 A10 Networks, Inc. Distributed system to determine a server's health
US10129122B2 (en) 2014-06-03 2018-11-13 A10 Networks, Inc. User defined objects for network devices
US9986061B2 (en) 2014-06-03 2018-05-29 A10 Networks, Inc. Programming a data network device using user defined scripts
US20150381465A1 (en) 2014-06-26 2015-12-31 Microsoft Corporation Real Time Verification of Cloud Services with Real World Traffic
US10268467B2 (en) 2014-11-11 2019-04-23 A10 Networks, Inc. Policy-driven management of application traffic for providing services to cloud-based applications

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7792113B1 (en) * 2002-10-21 2010-09-07 Cisco Technology, Inc. Method and system for policy-based forwarding
US20110110294A1 (en) * 2009-11-06 2011-05-12 Vamsidhar Valluri VIRTUAL CARE-OF ADDRESS FOR MOBILE IP (Internet Protocol)
US7991859B1 (en) * 2009-12-28 2011-08-02 Amazon Technologies, Inc. Using virtual networking devices to connect managed computer networks
US8224971B1 (en) * 2009-12-28 2012-07-17 Amazon Technologies, Inc. Using virtual networking devices and routing information to initiate external actions

Cited By (61)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
USRE47296E1 (en) 2006-02-21 2019-03-12 A10 Networks, Inc. System and method for an adaptive TCP SYN cookie with time validation
US9497201B2 (en) 2006-10-17 2016-11-15 A10 Networks, Inc. Applying security policy to an application session
US10305859B2 (en) 2006-10-17 2019-05-28 A10 Networks, Inc. Applying security policy to an application session
US9219751B1 (en) 2006-10-17 2015-12-22 A10 Networks, Inc. System and method to apply forwarding policy to an application session
US9253152B1 (en) 2006-10-17 2016-02-02 A10 Networks, Inc. Applying a packet routing policy to an application session
US9270705B1 (en) 2006-10-17 2016-02-23 A10 Networks, Inc. Applying security policy to an application session
US9954899B2 (en) 2006-10-17 2018-04-24 A10 Networks, Inc. Applying a network traffic policy to an application session
US9661026B2 (en) 2006-10-17 2017-05-23 A10 Networks, Inc. Applying security policy to an application session
US10735267B2 (en) 2009-10-21 2020-08-04 A10 Networks, Inc. Determining an application delivery server based on geo-location information
US9960967B2 (en) 2009-10-21 2018-05-01 A10 Networks, Inc. Determining an application delivery server based on geo-location information
US10447775B2 (en) 2010-09-30 2019-10-15 A10 Networks, Inc. System and method to balance servers based on server load status
US9215275B2 (en) 2010-09-30 2015-12-15 A10 Networks, Inc. System and method to balance servers based on server load status
US9961135B2 (en) 2010-09-30 2018-05-01 A10 Networks, Inc. System and method to balance servers based on server load status
US9961136B2 (en) 2010-12-02 2018-05-01 A10 Networks, Inc. Distributing application traffic to servers based on dynamic service response time
US9609052B2 (en) 2010-12-02 2017-03-28 A10 Networks, Inc. Distributing application traffic to servers based on dynamic service response time
US10178165B2 (en) 2010-12-02 2019-01-08 A10 Networks, Inc. Distributing application traffic to servers based on dynamic service response time
US9906591B2 (en) 2011-10-24 2018-02-27 A10 Networks, Inc. Combining stateless and stateful server load balancing
US10484465B2 (en) 2011-10-24 2019-11-19 A10 Networks, Inc. Combining stateless and stateful server load balancing
US8897154B2 (en) 2011-10-24 2014-11-25 A10 Networks, Inc. Combining stateless and stateful server load balancing
US9270774B2 (en) 2011-10-24 2016-02-23 A10 Networks, Inc. Combining stateless and stateful server load balancing
US9386088B2 (en) 2011-11-29 2016-07-05 A10 Networks, Inc. Accelerating service processing using fast path TCP
US9094364B2 (en) 2011-12-23 2015-07-28 A10 Networks, Inc. Methods to manage services over a service gateway
US9979801B2 (en) 2011-12-23 2018-05-22 A10 Networks, Inc. Methods to manage services over a service gateway
US10044582B2 (en) 2012-01-28 2018-08-07 A10 Networks, Inc. Generating secure name records
US10069946B2 (en) 2012-03-29 2018-09-04 A10 Networks, Inc. Hardware-based packet editor
US9742879B2 (en) 2012-03-29 2017-08-22 A10 Networks, Inc. Hardware-based packet editor
US9154584B1 (en) 2012-07-05 2015-10-06 A10 Networks, Inc. Allocating buffer for TCP proxy session based on dynamic network conditions
US8977749B1 (en) 2012-07-05 2015-03-10 A10 Networks, Inc. Allocating buffer for TCP proxy session based on dynamic network conditions
US9602442B2 (en) 2012-07-05 2017-03-21 A10 Networks, Inc. Allocating buffer for TCP proxy session based on dynamic network conditions
US10021174B2 (en) 2012-09-25 2018-07-10 A10 Networks, Inc. Distributing service sessions
US10491523B2 (en) 2012-09-25 2019-11-26 A10 Networks, Inc. Load distribution in data networks
US10002141B2 (en) 2012-09-25 2018-06-19 A10 Networks, Inc. Distributed database in software driven networks
US10516577B2 (en) 2012-09-25 2019-12-24 A10 Networks, Inc. Graceful scaling in software driven networks
US9705800B2 (en) 2012-09-25 2017-07-11 A10 Networks, Inc. Load distribution in data networks
US9843484B2 (en) 2012-09-25 2017-12-12 A10 Networks, Inc. Graceful scaling in software driven networks
US10862955B2 (en) 2012-09-25 2020-12-08 A10 Networks, Inc. Distributing service sessions
US9544364B2 (en) 2012-12-06 2017-01-10 A10 Networks, Inc. Forwarding policies on a virtual service network
US9338225B2 (en) 2012-12-06 2016-05-10 A10 Networks, Inc. Forwarding policies on a virtual service network
US10341427B2 (en) 2012-12-06 2019-07-02 A10 Networks, Inc. Forwarding policies on a virtual service network
US9531846B2 (en) 2013-01-23 2016-12-27 A10 Networks, Inc. Reducing buffer usage for TCP proxy session based on delayed acknowledgement
US9900252B2 (en) 2013-03-08 2018-02-20 A10 Networks, Inc. Application delivery controller and global server load balancer
US11005762B2 (en) 2013-03-08 2021-05-11 A10 Networks, Inc. Application delivery controller and global server load balancer
US9992107B2 (en) 2013-03-15 2018-06-05 A10 Networks, Inc. Processing data packets using a policy based network path
US10659354B2 (en) 2013-03-15 2020-05-19 A10 Networks, Inc. Processing data packets using a policy based network path
US10038693B2 (en) 2013-05-03 2018-07-31 A10 Networks, Inc. Facilitating secure network traffic by an application delivery controller
US10305904B2 (en) 2013-05-03 2019-05-28 A10 Networks, Inc. Facilitating secure network traffic by an application delivery controller
US10027761B2 (en) 2013-05-03 2018-07-17 A10 Networks, Inc. Facilitating a secure 3 party network session by a network device
US10230770B2 (en) 2013-12-02 2019-03-12 A10 Networks, Inc. Network proxy layer for policy-based application proxies
US9942152B2 (en) 2014-03-25 2018-04-10 A10 Networks, Inc. Forwarding data packets using a service-based forwarding policy
US10257101B2 (en) 2014-03-31 2019-04-09 A10 Networks, Inc. Active application response delay time
US9942162B2 (en) 2014-03-31 2018-04-10 A10 Networks, Inc. Active application response delay time
US10686683B2 (en) 2014-05-16 2020-06-16 A10 Networks, Inc. Distributed system to determine a server's health
US9906422B2 (en) 2014-05-16 2018-02-27 A10 Networks, Inc. Distributed system to determine a server's health
US10129122B2 (en) 2014-06-03 2018-11-13 A10 Networks, Inc. User defined objects for network devices
US9992229B2 (en) 2014-06-03 2018-06-05 A10 Networks, Inc. Programming a data network device using user defined scripts with licenses
US9986061B2 (en) 2014-06-03 2018-05-29 A10 Networks, Inc. Programming a data network device using user defined scripts
US10749904B2 (en) 2014-06-03 2020-08-18 A10 Networks, Inc. Programming a data network device using user defined scripts with licenses
US10880400B2 (en) 2014-06-03 2020-12-29 A10 Networks, Inc. Programming a data network device using user defined scripts
US10268467B2 (en) 2014-11-11 2019-04-23 A10 Networks, Inc. Policy-driven management of application traffic for providing services to cloud-based applications
US10581976B2 (en) 2015-08-12 2020-03-03 A10 Networks, Inc. Transmission control of protocol state exchange for dynamic stateful service insertion
US10243791B2 (en) 2015-08-13 2019-03-26 A10 Networks, Inc. Automated adjustment of subscriber policies

Also Published As

Publication number Publication date
US9544364B2 (en) 2017-01-10
US10341427B2 (en) 2019-07-02
US20160173579A1 (en) 2016-06-16
US20140164617A1 (en) 2014-06-12
US9338225B2 (en) 2016-05-10
US20170111441A1 (en) 2017-04-20

Similar Documents

Publication Publication Date Title
US10341427B2 (en) Forwarding policies on a virtual service network
US10694005B2 (en) Hardware-based packet forwarding for the transport layer
US10484465B2 (en) Combining stateless and stateful server load balancing
US9106561B2 (en) Configuration of a virtual service network
JP7125788B2 (en) System and method for communicating between secure and unsecure devices using proxies
US9602591B2 (en) Managing TCP anycast requests
US8549146B2 (en) Stateless forwarding of load balanced packets
EP3186930B1 (en) Relay optimization using software defined networking
US20160380966A1 (en) Media Relay Server
US10412159B1 (en) Direct load balancing using a multipath protocol
US20070214265A1 (en) Scalable captive portal redirect
US11171809B2 (en) Identity-based virtual private network tunneling
US20080069116A1 (en) Network architecture with a light-weight TCP stack
US20240015099A1 (en) Network traffic routing in an sd-wan

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 13859928

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 13859928

Country of ref document: EP

Kind code of ref document: A1