Abstract: Provided are methods and systems for dynamically distributing a service session from a client device. The method may commence with receiving a packet associated with the service session from the client device by a gateway node. The method may include determining that the packet matches a service address in a forwarding policy. The method may continue with selecting one of a plurality of forwarding nodes for sending the packet to the one of the plurality of forwarding nodes. The method may include receiving the packet of the service session by the one of the plurality of forwarding nodes. The method may continue with determining that the packet matches the service address serviced by a servicing node of a plurality of servicing nodes. The method may further include sending the packet to the servicing node for forwarding the packet to a server by the servicing node.

Abstract: Provided are methods and systems for eliminating a redirection of data traffic in a cluster. An example method may include receiving, by one or more nodes of the cluster, a data packet associated with a service session. The method may include determining, by the node, that the data packet is directed to a further node in the cluster. The method may further include, in response to the determination, acquiring, by the node, a session context associated with the service session. Acquiring the session context may include sending, by the node, a request for the session context to the further node and receiving the session context from the further node. The method may further include processing, by the one or more nodes, the data packet based on the session context.

Abstract: Exemplary embodiments for a distributed system for determining a server's health are disclosed. The systems and methods provide for a network controller to direct one or more servicing nodes to check the health of one or more servers, and report a health score to the network controller. The network controller may then calculate, update and maintain a health score for each server in the network from the various health scores reported to it from the servicing nodes. This allows a distributed system to be used to facilitate network operations, as a single device is not relied on for periodically determining each server's health.

Abstract: Provided are methods and systems for processing data packets in a data network using a policy-based network path. The method may commence with receiving the data packet associated with a service session from a client. The method may continue with determining data packet information associated with the data packet. The method may further include determining the policy-based network path for the data packet based on the data packet information and one or more packet processing criteria. The method may continue with routing, based on the determination of the policy-based network path, the data packet along the policy-based network path.

Abstract: Facilitation of secure network traffic over an application session by an application delivery controller is provided herein. A method for secure network traffic transmission over an application session may include receiving, from a client device, a SYN data packet intended for an application server. The method may continue with determining, based on the SYN data packet, that the client device is a trusted source. The method may further include transmitting, based on the determination that the client device is the trusted source, a SYN/ACK packet to the client device. The SYN/ACK packet may include information for the client device to authenticate the client device to the application server directly as the trusted source.

Abstract: Provided are methods and systems for recognizing network devices as trusted. A system for recognizing network devices as trusted may include a network module, a storage device, and a processor. The network module may be configured to receive a request from a network device to establish a data connection between the network device and a server based on a determination that the network device is trusted. The storage device may be configured to store a whitelist associated with a plurality of trusted network devices. The processor may be configured to determine that the network device is trusted. Based on the determination, the processor may associate the network device with the whitelist for a predetermined period of time.

Abstract: Provided are methods and systems for graceful scaling of data networks. In one example, an indication of removal of a node from a plurality of nodes of the data network is received. A service policy is generated to reassign service requests associated with the node to another node in the plurality of nodes. The service policy is then sent to each of the plurality of nodes of the data network. To scale out a data network, an indication of presence of a further node in the data network is received, and a further node service policy is generated and sent to each of the plurality of nodes of the data network and to the further node. Additional actions can be taken in order to prevent interruption of an existing heavy-duty connection while scaling the data network.

Abstract: Provided are methods and systems for load distribution in a data network. A method for load distribution in the data network comprises retrieving network data associated with the data network and service node data associated with one or more service nodes. The method further comprises analyzing the retrieved network data and service node data. Based on the analysis, a service policy is generated. Upon receiving one or more service requests, the one or more service requests are distributed among the service nodes according to the service policy.

Abstract: Methods and systems for load balancing are disclosed. An example method for load balancing commences with receiving a data packet from a host device. The method further includes identifying a header field of the data packet. After identifying the header field of the data packet, the method proceeds with matching the data packet to a network service based on the header field. Thereafter, the method generates a header field block for the data packet based on the network service. The method further includes sending the data packet to a processor module. The data packet is processed based on the header field block.

Abstract: In providing packet forwarding policies in a virtual service network that includes a network node and a pool of service load balancers serving a virtual service, the network node: receives a virtual service session request from a client device, the request including a virtual service network address for the virtual service; compares the virtual service network address in the request with the virtual service network address in each at least one packet forwarding policy; in response to finding a match between the virtual service network address in the request and a given virtual service network address in a given packet forwarding policy, determines the given destination in the given packet forwarding policy; and sends the request to a service load balancer in the pool of service load balancers associated with the given destination, where the service load balancer establishes a virtual service session with the client device.

Abstract: Facilitation of secure network traffic by an application delivery controller is provided herein. In some examples, a method includes: (a) receiving a data packet with information from a client indicating that the client is a trusted source; (b) embedding in the data packet a transmission control protocol (TCP) options header, the TCP options header comprising information including at least a sequence number for a protocol connection; and (c) forwarding the embedded data packet to a server.

Abstract: A method for routing Internet traffic is disclosed. The method comprises receiving an IPv6 packet. Further, the method comprises determining if the IPv6 packet comprises an extension header with geo-location information. Finally, responsive to a determination that the IPv6 packet comprises an extension header with geo-location information, the method comprises performing an action based on the geo-location information, wherein the action is selected from the group consisting of: authenticating the IPv6 packet, prioritizing the IPv6 packet relative to other packets, routing the IPv6 packet, and monitoring of the IPv6 packet.

Abstract: Provided are methods and systems for recognizing network devices as trusted. A system for recognizing network devices as trusted may include a network module, a storage device, and a processor. The network module may be configured to receive a request from a network device to establish a data connection between the network device and a server based on a determination that the network device is trusted. The storage device may be configured to store a whitelist associated with a plurality of trusted network devices. The processor may be configured to determine that the network device is trusted. Based on the determination, the processor may associate the network device with the whitelist for a predetermined period of time.

Abstract: Provided are methods and systems for mitigating a denial of service attack. A system for mitigating a denial of service attack may include a network module, a storage module, and a processor module. The network module may be operable to receive a request from a network device to establish a data connection between the network device and a server based on a determination that the network device is trusted. The storage module may be operable to store a whitelist associated with a plurality of trusted network devices. The processor module may be operable to determine that the network device is trusted. Based on the determination, the processor module may associate the network device with the whitelist for a predetermined period of time.

Abstract: Facilitation of secure network traffic over an application session by an application delivery controller is provided herein. A method for secure network traffic transmission over an application session may include receiving, from a client device, a SYN data packet intended for an application server. The method may continue with determining, based on the SYN data packet, that the client device is a trusted source. The method may further include transmitting, based on the determination that the client device is the trusted source, a SYN/ACK packet to the client device. The SYN/ACK packet may include information for the client device to authenticate the client device to the application server directly as the trusted source.

Abstract: Provided are methods and systems for dynamically distributing a service session from a client device. The method may commence with receiving a packet associated with the service session from the client device by a gateway node. The method may include determining that the packet matches a service address in a forwarding policy. The method may continue with selecting one of a plurality of forwarding nodes for sending the packet to the one of the plurality of forwarding nodes. The method may include receiving the packet of the service session by the one of the plurality of forwarding nodes. The method may continue with determining that the packet matches the service address serviced by a servicing node of a plurality of servicing nodes. The method may further include sending the packet to the servicing node for forwarding the packet to a server by the servicing node.

Abstract: Provided are methods and systems for processing data packets in a data network using a policy-based network path. The method may commence with receiving the data packet associated with a service session from a client. The method may continue with determining data packet information associated with the data packet. The method may further include determining the policy-based network path for the data packet based on the data packet information and one or more packet processing criteria. The method may continue with routing, based on the determination of the policy-based network path, the data packet along the policy-based network path.

Abstract: Provided are methods and systems for eliminating a redirection of data traffic in a cluster. An example method may include receiving, by one or more nodes of the cluster, a data packet associated with a service session. The method may include determining, by the node, that the data packet is directed to a further node in the cluster. The method may further include, in response to the determination, acquiring, by the node, a session context associated with the service session. Acquiring the session context may include sending, by the node, a request for the session context to the further node and receiving the session context from the further node. The method may further include processing, by the one or more nodes, the data packet based on the session context.

Abstract: Facilitation of secure network traffic by an application delivery controller is provided herein. In some examples, a method includes: (a) receiving a data packet with information from a client indicating that the client is a trusted source; (b) embedding in the data packet a transmission control protocol (TCP) options header, the TCP options header comprising information including at least a sequence number for a protocol connection; and (c) forwarding the embedded data packet to a server.

Abstract: Facilitation of secure network traffic over an application session by an application delivery controller is provided herein. In some examples, a network device receives a TCP SYN packet from a client device, to establish a TCP connection. The network device transmits a SYN/ACK packet to the client device, including a SYN cookie with identifying information to authenticate the client device to the application as a trusted source for the network. The client device then returns an ACK packet directly to the application server to establish the TCP connection.