Patents Assigned to F5 Networks, Inc.
-
Patent number: 9923829Abstract: A traffic management device (TMD), system, and processor-readable storage medium directed towards automatically configuring an AAA proxy device (also referred to herein as “the proxy”) to load-balance AAA request messages across a plurality of AAA server devices. In one embodiment the proxy receives an AAA handshake message from an AAA client device. The proxy forwards the handshake message to each of the plurality of server devices and, in reply, receives an AAA handshake response message from each of the plurality of server devices. The proxy extracts attributes from each of the handshake response messages and automatically configures itself based on the extracted attributes. The proxy then load-balances, modifies and/or routes subsequently received AAA request messages based on the extracted attributes.Type: GrantFiled: January 29, 2016Date of Patent: March 20, 2018Assignee: F5 Networks, Inc.Inventors: Tao Liu, Song Bo Zheng
-
Patent number: 9917887Abstract: A method, computer readable medium, and application delivery controller apparatus for content inlining includes obtaining content from one or more servers as requested by one or more clients, obtaining external content from the one or more servers as referenced by one or more external references included in the requested content, modifying the requested content to include at least one of the external content, and servicing the client request by communicating the modified requested content.Type: GrantFiled: October 31, 2014Date of Patent: March 13, 2018Assignee: F5 Networks, Inc.Inventor: George Michael Lowell
-
Patent number: 9906452Abstract: Embodiments are directed towards managing communication over a network assist application classification using predicted subscriber behavior. Subscriber information associated with a network flow may be determined. Prediction information that includes application identifiers may be generated based on the subscriber information. A classification engine may determine the applications associated with the network flow based on the prediction information and the network flow using a plurality of application classifiers that correspond to the applications. If an application identifier included in the prediction information is correspondent to an application classifier, the application may be determined based on the correspondent application classifier; otherwise the application is determined based on the remainder of the application classifiers. A policy for managing the network flow may be determined based on the determined application.Type: GrantFiled: May 29, 2014Date of Patent: February 27, 2018Assignee: F5 Networks, Inc.Inventors: Gennady Dosovitsky, Dmitry Rovniaguin, Amir Harush, Ron Talmor, Dan Eliezer Karpati, Assaf Jacob Mendelson
-
Patent number: 9887969Abstract: A method, non-transitory computer readable medium and device that assists obfuscating JavaScript includes obtaining a webpage requested by a client computing device. A determination of when javascript code is in the source code of the obtained webpage is made. A stored obfuscated javascript code is obtained when the javascript code is determined to be in the source code of the obtained webpage. The obtained obfuscated javascript code is embedded into the obtained webpage and the obtained webpage with the embedded obfuscated javascript code is sent to the requesting client computing device.Type: GrantFiled: May 2, 2016Date of Patent: February 6, 2018Assignee: F5 Networks, Inc.Inventors: Yaniv Shemesh, Bryan Appleby
-
Patent number: 9880814Abstract: Embodiments are directed towards dynamically generating a plugin module based on a customizable catalog. A plurality of application features may be determined based on a catalog of available application features of a visitor computer. One or more templates may be generated that lists application features. A plugin client and a corresponding plugin core that include application features listed in the one or more templates may be generated. The plugin client may then be provided to the host computer and the corresponding plugin core may be installed on the visitor computer. Information that may be associated with actions performed by users of the plugin client may be obtained from the host computer. Application features included in the plugin core may be determined based on the information obtained from the host computer. And, operations may be performed on the visitor computer based on the obtained information and the plugin core.Type: GrantFiled: August 12, 2016Date of Patent: January 30, 2018Assignee: F5 Networks, Inc.Inventors: Stephen Alan Fisher, Alain Joel Roy
-
Patent number: 9864606Abstract: A method and host computing device that restricts access by one or more applications to a configurable hardware logic device over a bus. At least a portion of the configurable hardware logic device is reconfigured. A determination is made when unplug and plug events have been generated by the configurable hardware logic device. The unplug and plug events are generated without disconnecting power supplied to the configurable hardware logic device. The configurable hardware logic device is re-enumerated on the bus when the determining indicates the unplug and plug events have been generated by the configurable hardware logic device.Type: GrantFiled: September 3, 2014Date of Patent: January 9, 2018Assignee: F5 Networks, Inc.Inventors: Alan B. Mimms, Tom Troksa
-
Patent number: 9866489Abstract: Embodiments are directed towards managing communication over a network with a packet traffic management device that performs delayed proxy action. The PTMD includes a buffer for buffering network traffic. Also, the PTMD includes proxy data paths and standard data paths. Network policies associated with the network flows may be determined using the buffered data. If a determined network policy includes proxy policy rules it is a proxy network policy. Then the network flows are associated with a proxy data path. If the buffer is exhausted, the network flow is associated with a standard data path before a policy is determined. Otherwise, if the network policy includes only standard policy rules, the network flows are moved to a standard data path. After the network flow is associated with a data path, the network traffic may be communicated until it is closed or otherwise terminated.Type: GrantFiled: July 11, 2014Date of Patent: January 9, 2018Assignee: F5 Networks, Inc.Inventors: Gennady Dosovitsky, Dmitry Rovniaguin, Sumandra Majee, Ron Talmor
-
Patent number: 9843554Abstract: A method, computer readable medium, and device for dynamic DNS implementation, comprises receiving, at a network traffic management device, a first DNS response from a DNS server, wherein the first DNS response is compliant with Internet Protocol version 4 (IPv4). The first DNS response corresponds to a first DNS request from a client device being compliant with Internet Protocol version 6 (IPv6). The first DNS response is converted into a DNS second response that is compliant with IPv6, by attaching a prefix that identifies a network gateway device which is to handle receive subsequent non-DNS requests from the client device. The second DNS response is routed to the client device. Subsequent non-DNS requests from the client device that contain at least a part of the prefix allow the network traffic management device to route the non-DNS request through the designated network gateway device.Type: GrantFiled: February 15, 2012Date of Patent: December 12, 2017Assignee: F5 Networks, Inc.Inventors: Peter M. Thornewell, Jason Haworth, Ian Smith, Nat Thirasuttakorn
-
Patent number: 9838259Abstract: A method, non-transitory computer readable medium and an application traffic manager computing device for determining whether a received query from a client computing device to resolve a hostname comprises a domain name with a value indicating type of internet protocol version. The received query is processed by truncating a portion of the domain name with the value indicating type of internet protocol version from the received query when the domain name with the value indicating type of internet protocol version is determined to be present. An internet protocol address is received from at least one of a plurality of servers based on the truncated portion of the domain name with the value indicating type of internet protocol version. The format of the received internet protocol address is determined for conforming to one or more policies. One or more actions are performed based on the determination.Type: GrantFiled: March 10, 2014Date of Patent: December 5, 2017Assignee: F5 Networks, Inc.Inventors: Michael Earnhart, Brent Blood, George Michael Lowell, Jr., Nat Thirasuttakorn
-
Patent number: 9832069Abstract: Embodiments are directed towards managing persistence of network traffic using deep packet inspections of network response packets from an application server. In one embodiment, the network packets are associated with SIP messages. A traffic management device (TMD) interposed between client devices and a plurality of application servers receives messages from the client device and/or the application servers. The TMD performs a deep packet inspection to determine if a defined key value pair that includes a session identifier is detected. If so, and the message is from the application server, the session identifier is then mapped to an application server identifier to persistently refer each subsequent inbound packet from a client device having the same session identifier to the application server mapped to the session identifier.Type: GrantFiled: May 29, 2009Date of Patent: November 28, 2017Assignee: F5 Networks, Inc.Inventors: Randall Cleveland, Mike Schrock, Donald Glover, Nat Thirasuttakorn
-
Patent number: 9800568Abstract: Methods, non-transitory computer readable media, and network traffic management apparatuses that receive a request from a client device to access an application. The request comprises an original certificate. A determination is made when the certificate is valid. Data is extracted from one or more fields of the certificate, when the determining indicates that the user certificate is valid. A delegate certificate comprising the data and signed by a certificate authority trusted by a server device hosting the application is generated. The delegate certificate is sent to the server device. With this technology, network traffic management apparatuses can secure SSL connections using PFS-capable ciphers, while also inspecting payload data in network traffic exchanged between client and server devices in order to provide intelligent services in the network.Type: GrantFiled: June 30, 2016Date of Patent: October 24, 2017Assignee: F5 Networks, Inc.Inventors: Joel Moses, Kevin Stewart, William Church
-
Patent number: 9800470Abstract: Disclosed are methods and apparatus for implementing in an electronic device that includes a processor and memory. Virtual resources, which are associated with an execution of a user's applications in a cloud resource configuration including virtual machines, network services and storage, are identified. A first topology map of the virtual resources, including a plurality of nodes, is generated. The first topology map, including the nodes, is output. A vector, which is associated with each node, said vector including one or more features associated with each node, is generated. Based upon the vectors, a distribution of the plurality of nodes within two or more groups is determined. A second topology map, including each of the node groups in one of a collapsed format, wherein only a identifier of the node group is output or an expanded format, wherein a portion of the plurality of nodes the node group are output, is output.Type: GrantFiled: November 10, 2014Date of Patent: October 24, 2017Assignee: F5 Networks, Inc.Inventors: Ankit Agarwal, Marion Le Borgne, Pascale Vicat-Blanc
-
Patent number: 9769136Abstract: A system and method which includes monitoring an existing first connection to a secured network domain. A first network configuration is employed to access the secured network domain via the first connection. An available second connection to the network domain is detected, whereby the system and method automatically switch to the second connection to access the secured network domain upon detecting a termination with the first connection. Access to the secured network domain, via the second connection, is established by employing a second network configuration. In an aspect, the first connection is by cable and the first network configuration is associated with direct access to the secured network domain. In an aspect, the second connection is a wired or wireless signal and the second network configuration is associated with a Virtual Private Network (VPN) connection.Type: GrantFiled: October 31, 2014Date of Patent: September 19, 2017Assignee: F5 Networks, Inc.Inventor: Andrey Shigapov
-
Patent number: 9762492Abstract: Embodiments are directed towards improving the performance of network traffic management devices by optimizing the management of hot connection flows. A packet traffic management device (“PTMD”) may employ a data flow segment (“DFS”) and control segment (“CS”). The CS may perform high-level control functions and per-flow policy enforcement for connection flows maintained at the DFS, while the DFS may perform statistics gathering, per-packet policy enforcement (e.g., packet address translations), or the like, on connection flows maintained at the DFS. The DFS may include high-speed flow caches and other high-speed components that may be comprised of high-performance computer memory. Making efficient use of the high speed flow cache capacity may be improved by maximizing the number of hot connection flows and minimizing the number of malicious and/or in-operative connections flows (e.g., non-genuine flows) that may have flow control data stored in the high-speed flow cache.Type: GrantFiled: April 8, 2016Date of Patent: September 12, 2017Assignee: F5 Networks, Inc.Inventors: Paul Imre Szabo, Peter M. Thornewell, Timothy Scott Michels
-
Patent number: 9762471Abstract: Virtual resources associated with an execution of a user's applications in a cloud or distributed resource configuration including virtual or physical machines, network services and storage are identified. A source and destination virtual machine, utilized by the user's applications, are determined, and at least one source or destination virtual machine belongs to the identified virtual resources. Measurement software for a virtual machine is downloaded. The measurement software acquires data for connections established in a transport layer for communicating between the source and destination virtual machine. Data acquired from the measurement software is received at a first time, and the data includes measurements of variables for the data communications via the connections. Based upon the measurements, metrics that characterize the data communications at a first time are generated. Measurements made at an additional number of times are also received.Type: GrantFiled: September 13, 2013Date of Patent: September 12, 2017Assignee: F5 Networks, Inc.Inventors: Pascale Vicat-Blanc, Romaric Guillier, Sebastien Soudan
-
Patent number: 9760587Abstract: A tool for assisting the operation of a network of interconnected physical equipment includes a physical infrastructure manager associated with a first data structure in which the equipment items are registered under a resource identifier in relation to a first sequence of dated values of global utilizable functional capacity, and a virtual infrastructure manager associated with a second data structure in which virtual units are registered under a unit identifier in relation to a second sequence of dated values of global utilizable functional capacity, and with a third data structure in which a virtual unit identifier is associated with a group of resource identifiers and hence with the corresponding sequences of dated capacity values. The virtual infrastructure manager dynamically reconfigures a virtual infrastructure object in accordance with the rights and capacities requested by a user.Type: GrantFiled: April 14, 2011Date of Patent: September 12, 2017Assignee: F5 Networks, Inc.Inventors: Pascale Vicat-Blanc-Primet, Sebastian Soudan, Guilherme Koslovski
-
Patent number: 9742806Abstract: A method, system, and apparatus are directed towards enabling access to payload by a third -party sent over an SSL session. The third-party may be a proxy situated between a client and a server. SSL handshake messages are sent between the client and the server to establish the SSL connection. As the SSL handshake messages are routed through the proxy, the proxy may extract data. In addition, one of the client or the server may send another message within, or out-of-band to, the series of SSL handshake message directly to the proxy. The other SSL message may include secret data that the proxy may use to generate a session key the SSL connection. With the session key, the proxy may receive SSL messages over the SSL connection, modify and/or transpose the payload within the received SSL messages, and/or terminate the SSL connection at the proxy.Type: GrantFiled: June 30, 2014Date of Patent: August 22, 2017Assignee: F5 Networks, Inc.Inventors: Jesse Abraham Rothstein, Arindum Mukerji, David D. Schmitt, John R. Hughes
-
Patent number: 9742674Abstract: A method, non-transitory computer readable medium, and multi-blade network traffic management apparatus that obtains, with a primary blade and one or more secondary blades, statistical data regarding network traffic respectively managed by each of the blades. The statistical data respectively obtained by each of the blades is stored by each of the blades in a respective database associated with each of the blades. A request for statistical data is received with the primary blade. Each of the databases is queried with the primary blade to retrieve at least a subset of the statistical data stored therein in response to the obtained request. The retrieved at least a subset of the statistical data is consolidated with the primary blade to generate a response to the received request.Type: GrantFiled: August 15, 2013Date of Patent: August 22, 2017Assignee: F5 Networks, Inc.Inventor: Valery Kreidenko
-
Patent number: 9712460Abstract: Embodiments are directed towards selecting a local port number for server side connections that hash to a same processor as a matching client side flow on a multiprocessor device using Receive Side Scaling (RSS) for the disaggregation hash. A hash of a flow key is computed with an initial port number. An exclusive-or (XOR) distance is computed to a desired hash, using least significant bits. An XOR is performed on a corrected pre-computed collision value, to transform the source port number to a value that hashes correctly with other elements within the flow key. The transformed source port number may then be inserted into network packets sent to a server device, such that the transformed source port number can be used in a returning RSS hash to again select the same processor.Type: GrantFiled: August 26, 2013Date of Patent: July 18, 2017Assignee: F5 Networks, Inc.Inventor: Lars Pearson Friend
-
Patent number: D815102Type: GrantFiled: October 5, 2016Date of Patent: April 10, 2018Assignee: F5 Networks, Inc.Inventors: William Gothmann, Teng Moua