Abstract: The present invention provides systems and methods for maintaining site persistence in a hierarchical Global Server Load Balancing (GSLB) deployment. Via configuration of GSLB services locally and remotely on each of the GSLB appliances and LB appliances at a site, a site appliance identifies and associates requests from the GSLB with the site. Furthermore, the site appliance may receive a GSLB cookie with the client request and confirms the request is from the expected GSLB in the site hierarchy. When the load balancers receives a response from a server, the appliance may include the GSLB cookie with the response back to the client. The appliance may also include an LB cookie to identify the server selected by the LB. When the client sends another request, the request may include the GSLB and LB cookie. With this information, the GSLB and LB appliance may maintain site persistence for the client as well as server persistence at the site.

Abstract: In a method and appliance for determining responsiveness of a service via a particular protocol, a device intermediary to a plurality of clients and a plurality of services determines response times from each of a plurality of services to respond to requests via a first type of protocol of a plurality of protocols. The device calculates an average response time for the first type of protocol from each of the response times of the plurality of services. The device establishes a predetermined threshold for which a response time of a service for the first type of protocol may deviate from the average response time. The device identifies a service as available responsive to determining that a deviation of the response time of the service from the average response falls within the predetermined threshold.

Abstract: The intranet IP address management solution of the appliance and/or client described herein provides an environment for efficiently assigning, managing and querying virtual private network addresses, referred to as intranet IP (IIP) addresses of virtual private network users, such as a multitude of SSL VPN users on an enterprise network. The appliance provides techniques and policies for assigning previously assigned virtual private network addresses of a user to subsequent sessions of the user as the user logs in multiple times or roams between access points. This technique is referred to IIP stickiness as the appliance attempts to provide the same IIP address to a roaming VPN user. The appliance also provides a configurable user domain naming policy so that one can ping or query the virtual private network address of a user by an easily referenceable host name identifying the user.

Abstract: The present application is directed to systems and methods for providing failover connection mirroring between two or more multi-core devices intermediary between a client and a server. A first multi-core device may receive a hash key of a second multi-core device for mapping packets to cores of the second multi-core device. The first device may identify a core of the second device using (i) the hash key of the second device and (ii) tuple information corresponding to a connection between the client and the server via the first device. The first device may determine that the identified core is not a desired core for providing a failover connection. The first device may modify the tuple information so as to identify the desired core when used with the hash key of the second device. The first device may use the modified tuple information to establish the failover connection.

Abstract: The present invention provides methods and systems for performing load balancing via a plurality of virtual servers upon a failover using metrics from a backup virtual server. The methods and systems described herein provide systems and methods for an appliance detecting that a first virtual server of a plurality of virtual servers having one or more backup virtual servers load balanced by an appliance is not available, identifying at least a first backup virtual server of a one or more backup virtual servers of the first virtual server is available, maintaining a status of the first virtual server as available in response to the identification, obtaining one or more metrics from the first backup virtual server of a one or more backup virtual servers, and determining the load across the plurality of virtual servers using the metrics obtained from the first backup virtual server associated with the first virtual server.

Abstract: A method for enabling decentralized dynamic load balancing among a plurality of appliances providing access to a plurality of sites, each site comprising a local area network and at least one server includes: determining, by a first appliance, a first number of services currently available for access via a local area network connected to the first appliance; receiving, by the first appliance from a second appliance, a communication indicating a second number of services currently available for access via a local area network connected to the second appliance; receiving, by the first appliance, a plurality of requests to connect to a service; determining, by the first appliance, a weight to be assigned to the second appliance, wherein the determination is responsive to the second number; and forwarding, by the first appliance to the second appliance, a subset of the plurality of requests, wherein the number of requests comprising the subset is determined in response to the determined weight.

Abstract: Systems and methods for load balancing services based on fewest connections by decreasing granularity of service selection as a number of fewest connections serviced by the services increases may include establishing, by an appliance, a set of identifiers corresponding to a number of connections serviced by a service, the set comprising a first plurality of identifiers each identifying a predetermined number of connections and a second plurality of identifiers each identifying a predetermined range of numbers of connections. The appliance assigns, to each service servicing connections, an identifier corresponding to the number of connections serviced by the service, at least one of the identifiers selected from the second plurality of identifiers. The appliance receives a request for a service, and forwards the request to a service assigned to the identifier corresponding to a fewest number of connections with at least one service assigned to the identifier.

Abstract: The present invention provides methods and systems for performing load balancing via a plurality of virtual servers upon a failover using metrics from a backup virtual server. The methods and systems described herein provide systems and methods for an appliance detecting that a first virtual server of a plurality of virtual servers having one or more backup virtual servers load balanced by an appliance is not available, identifying at least a first backup virtual server of a one or more backup virtual servers of the first virtual server is available, maintaining a status of the first virtual server as available in response to the identification, obtaining one or more metrics from the first backup virtual server of a one or more backup virtual servers, and determining the load across the plurality of virtual servers using the metrics obtained from the first backup virtual server associated with the first virtual server.

Abstract: Methods for using a client agent to route client requests among a plurality of appliances using transport layer information include the steps of: establishing, by a client agent executing on a client, a first transport layer connection with a first appliance of a plurality of appliances, the first appliance providing access to one or more servers; establishing, by a client agent executing on the client, a second transport layer connection with a second appliance of a plurality of appliances, the second appliance providing access to one or more servers; intercepting, by the client agent, a packet transmitted by the client; selecting, by the client agent, one of the connections to transmit the intercepted packet based on a characteristic of at least one of: the transport layer connections, the plurality of appliances, or the servers; and transmitting the intercepted packet via the selected connection.

Abstract: The present invention is directed towards a method for using a listening policy for a virtual server on an intermediary device. An intermediary device establishes for a first virtual server a first listening policy with an expression for evaluating packets received by the intermediary device to determine whether the packet may access the first virtual server. The intermediary device listens for packets at a first internet protocol (IP) address and a first port specified for the first virtual server. Then, the intermediary device evaluates the expression of the first listening policy to a first packet received at the first IP address and first port and determines whether to provide the first packet to the first virtual server based on a result of the evaluation.

Abstract: The present invention is directed towards systems and methods for providing static proximity load balancing via a multi-core intermediary device. An intermediary device providing global server load balancing identifies a size of a location database comprising static proximity information. The intermediary device stores the location database to an external storage of the intermediary device responsive to determining the size of the location database is greater than a predetermined threshold. A first packet processing engine on the device receives a domain name service request for a first location, determines that proximity information for the first location is not stored in a first memory cache, transmits a request to a second packet processing engine for proximity information of the first location, and transmits a request to the external storage for proximity information of the first location responsive to the second packet processing engine not having the proximity information.

Abstract: The present disclosure presents systems and methods for maintaining original source and destination IP addresses of a request while performing intermediary cache redirection. An intermediary receives a request from a client destined to a server identifying a client IP address as a source IP address and a server IP address as a destination IP address. The intermediary transmits the request to a cache server, the request maintaining original IP addresses and identifying a MAC address of the cache server as the destination MAC address. The intermediary receives the request from the cache server responsive to a cache miss, the received request maintaining the original source and destination IP addresses. The intermediary identifying that the third request is coming from the cache server via one or more data link layer properties of the third transport layer connection.

Abstract: The present disclosure is directed to a a system for managing spillover via a plurality of cores of a multi-core device intermediary to a plurality of clients and one or more services. The system may include a device intermediary to a plurality of clients and one or more services. The system may include a spillover limit of a resource. The device may also include a plurality of packet engines operating on a corresponding core of a plurality of cores of the device. The system may include a pool manager allocating to each of the plurality of packet engines a number of resource uses from an exclusive quota pool and shared quota pool based on the spillover limit. The device may also include a virtual server of a packet engine of the plurality of packet engines. The virtual server manages client requests to one or more services.

Abstract: Methods for using a client agent to route client requests among a plurality of appliances using transport layer information include the steps of: establishing, by a client agent executing on a client, a first transport layer connection with a first appliance of a plurality of appliances, the first appliance providing access to one or more servers; establishing, by a client agent executing on the client, a second transport layer connection with a second appliance of a plurality of appliances, the second appliance providing access to one or more servers; intercepting, by the client agent, a packet transmitted by the client; selecting, by the client agent, one of the connections to transmit the intercepted packet based on a characteristic of at least one of: the transport layer connections, the plurality of appliances, or the servers; and transmitting the intercepted packet via the selected connection.

Abstract: A method for enabling decentralized dynamic load balancing among a plurality of appliances providing access to a plurality of sites, each site comprising a local area network and at least one server includes: determining, by a first appliance, a first number of services currently available for access via a local area network connected to the first appliance; receiving, by the first appliance from a second appliance, a communication indicating a second number of services currently available for access via a local area network connected to the second appliance; receiving, by the first appliance, a plurality of requests to connect to a service; determining, by the first appliance, a weight to be assigned to the second appliance, wherein the determination is responsive to the second number; and forwarding, by the first appliance to the second appliance, a subset of the plurality of requests, wherein the number of requests comprising the subset is determined in response to the determined weight.

Abstract: The present invention is directed towards systems and methods for using a distributed hash table to maintain the same configuration and resource persistency across a plurality of cores in a multi-core system. The distributed hash table includes a plurality of partitions, each partition being owned by a respective core of the multi-core system. A core may establish resources in the partition it owns. A core may request other cores to establish resources in the partitions they own and send resource information to the core. The core may locally cache the resource information.

Abstract: The present application is directed towards systems and methods for handling a multi-connection protocol communication between a client and a server traversing a multi-core system. The multi-connection protocol comprises a first connection and a second connection, which may be used respectively for control communications and data communications. Because different cores in the multi-core system may handle the first connection and second connection, the present invention provides systems and methods for efficiently coordinating protocol management between a plurality of cores.

Abstract: Systems and methods for consolidating metrics and statistics used for load balancing by a plurality of cores of a multi-core intermediary are disclosed. A timer operating on each packet engine of each core in a multi-core system may expire. A consolidator may store, responsive to expiration of the timer, a set of counter values from each of the packet engines to a first storage location. The consolidator may send to each packet engine a message to update the set of counter values. The consolidator may, upon completion of updating the set of counter values by the packet engines, send a second message to the packet engines that includes a consolidated set of counter values determined based on the updated set of values from each packet engine. Each packet engine may establish settings and parameters for load balancing based on the consolidated set of counter values.

Abstract: Described are methods and systems for managing the connections between a client, an intermediary appliance and a server, so that asynchronous messages can be transmitted over HTTP from the server to a client. When a connection is established between a client and an intermediary, and the intermediary and a server to establish a logical client-server connection, that logical client-server connection is labeled and not maintained, while the connection between the client and the intermediary is maintained. Messages generated by the server and destined for the client are transmitted to the intermediary along with the connection label. The intermediary can then use the connection label to determine which client should receive the message.

Abstract: In a method and appliance for determining responsiveness of a service via a particular protocol, a device intermediary to a plurality of clients and a plurality of services determines response times from each of a plurality of services to respond to requests via a first type of protocol of a plurality of protocols. The device calculates an average response time for the first type of protocol from each of the response times of the plurality of services. The device establishes a predetermined threshold for which a response time of a service for the first type of protocol may deviate from the average response time. The device identifies a service as available responsive to determining that a deviation of the response time of the service from the average response falls within the predetermined threshold.