Abstract: Described embodiments provide systems and methods for upgrading user space networking stacks without disruptions to network traffic. A first packet engine can read connection information of existing connections of a second packet engine written to a shared memory region by the second packet engine. The first packet engine can establish one or more virtual connections according to the connection information of existing connections of the second packet engine. Each of the first packet engine and the second packet engine can receive mirrored traffic data. The first packet engine can receive a first packet and determine that the first packet is associated with a virtual connection corresponding to an existing connection of the second packet engine. The first packet engine can drop the first packet responsive to the determination that the first packet is associated with the virtual connection.

Abstract: Described embodiments provide systems and methods for upgrading user space networking stacks without disruptions to network traffic. A first packet engine can read connection information of existing connections of a second packet engine written to a shared memory region by the second packet engine. The first packet engine can establish one or more virtual connections according to the connection information of existing connections of the second packet engine. Each of the first packet engine and the second packet engine can receive mirrored traffic data. The first packet engine can receive a first packet and determine that the first packet is associated with a virtual connection corresponding to an existing connection of the second packet engine. The first packet engine can drop the first packet responsive to the determination that the first packet is associated with the virtual connection.

Abstract: A network appliance is provided for establishing sessions between client devices and a network server(s) for exchanging network traffic therebetween. The network appliance may include a memory and a processor cooperating with the memory, with the processor being operable in a normal traffic mode and a forwarding traffic mode. The processor may be configured to establish new sessions for network traffic based upon new session requests from the client devices, and forward network traffic associated with prior existing sessions from the client devices to the network server(s). When in the forwarding traffic mode, the processor may forward network traffic not associated with a prior existing session or a new session request to the network server(s). When in the normal traffic mode, the processor may block network traffic not associated with a prior existing session or a new session request from reaching the network server(s).

Abstract: A network appliance is provided for establishing sessions between client devices and a network server(s) for exchanging network traffic therebetween. The network appliance may include a memory and a processor cooperating with the memory, with the processor being operable in a normal traffic mode and a forwarding traffic mode. The processor may be configured to establish new sessions for network traffic based upon new session requests from the client devices, and forward network traffic associated with prior existing sessions from the client devices to the network server(s). When in the forwarding traffic mode, the processor may forward network traffic not associated with a prior existing session or a new session request to the network server(s). When in the normal traffic mode, the processor may block network traffic not associated with a prior existing session or a new session request from reaching the network server(s).

Abstract: The present disclosure relates to methods and systems for providing load balancing for layer 2 devices. A device intermediary to a plurality of clients and a plurality of servers and a plurality of layer 2 devices establishes, for each layer 2 device, a first traffic domain corresponding to ingress traffic received from the plurality of clients and a second traffic domain of the device corresponding to ingress traffic received from the plurality of clients. The device associates a first virtual local area network (VLAN) with the first traffic domain and a second VLAN with the second traffic domain. The device establishes a plurality of services. Each service corresponds to a layer 2 device and includes a corresponding subnet internet protocol (SNIP) address hosted on the device. The device establishes a virtual server to load balance the plurality of services corresponding to each of the plurality of layer 2 devices.

Abstract: The present solution is directed to a system for specifying a source internet protocol (IP) address used by an intermediary device for a connection to a server. The system includes a device intermediary to a plurality of clients and a server. The device may have a net profile for sending traffic to servers. The net profile specifies one or more internet protocol (IP) addresses to use as a source IP address for a connection between the device and the server. The device receives a request from a client of the plurality of clients via a first transport layer connection between the client and the device, identifies the net profile for the request, and establishes, responsive to the request, a second transport layer connection between the device and the server using an IP address.

Abstract: Described herein is a method and system for distributing request and responses across a multi-core system. Each core executes a packet engine that further processes data packets allocated to that core. A flow distributor executing within the multi-core system forwards client requests to a packet engine on a core that is selected based on a value generated when a hash is applied to a tuple comprising a client IP address, a client port, a server IP address and a server port identified in the request. The packet engine selects a first IP address and a first port of the core, and determines whether a hash of a tuple comprising those values identifies the selected core. A modification is then made to the client request so that the client request includes a tuple comprising the first IP address, the server IP address, the first port and the server port.

Abstract: Embodiments of the present solution provide a cloud bridge to bring network transparency between the otherwise disparate networks of the datacenter and cloud service provider. For example, appliances may be deployed in the datacenter and on the edge of the cloud. These appliances may be configured or designed and constructed to communicate with each other and recognize and understand the local IP and/or public IP network information of the on-premise datacenter of the enterprise and the cloud datacenter. These appliances may manage the flow of network traffic between the on-premise and cloud datacenters in a manner to appear and act seamlessly and transparently as a single network spanning both the on-premise and cloud data centers.

Abstract: The present application is directed towards systems and methods for providing link management in a multi-core system. In some embodiments, the present application describes solutions for managing address resolution in IPv4 networks in a multi-core system. In other embodiments, the present application describes solutions for managing neighbor discovery in IPv6 networks in a multi-core system. In still other embodiments, the present application describes solutions for managing network bridging in a multi-core system. In yet other embodiments, the present application describes solutions for managing link aggregation in a multi-core system. And in still other embodiments, the present application describes solutions for managing virtual routers in a multi-core system.

Abstract: Described herein is a method and system for distributing request and responses across a multi-core system. Each core executes a packet engine that further processes data packets allocated to that core. A flow distributor executing within the multi-core system forwards client requests to a packet engine on a core that is selected based on a value generated when a hash is applied to a tuple comprising a client IP address, a client port, a server IP address and a server port identified in the request. The packet engine selects a first IP address and a first port of the core, and determines whether a hash of a tuple comprising those values identifies the selected core. A modification is then made to the client request so that the client request includes a tuple comprising the first IP address, the server IP address, the first port and the server port.

Abstract: Systems and methods are described for link load balancing, by a multi-core intermediary device, a plurality of Internet links. The method may include load balancing, by a multi-core device intermediary to a plurality of devices and a plurality of Internet links, network traffic across the plurality of Internet links. The multi-core device providing persistence of network traffic to a selected Internet link based on a persistence type. A first core of the multi-core device receives, a packet to be transmitted via an Internet link to be selected from the plurality of Internet links. The first core sends to a second core of the multi-core device a request for persistence information responsive to identifying that the second core is an owner core of a session for persistence based on the persistence type.

Abstract: The present disclosure relates to methods and systems for providing load balancing for layer 2 devices. A device intermediary to a plurality of clients and a plurality of servers and a plurality of layer 2 devices establishes, for each layer 2 device, a first traffic domain corresponding to ingress traffic received from the plurality of clients and a second traffic domain of the device corresponding to ingress traffic received from the plurality of clients. The device associates a first virtual local area network (VLAN) with the first traffic domain and a second VLAN with the second traffic domain. The device establishes a plurality of services. Each service corresponds to a layer 2 device and includes a corresponding subnet internet protocol (SNIP) address hosted on the device. The device establishes a virtual server to load balance the plurality of services corresponding to each of the plurality of layer 2 devices.

Abstract: The present solution is directed to providing, transparently and seamlessly to any client or server, layer 2 redirection of client requests to any services of a device deployed in parallel to an intermediary device An intermediary device deployed between the client and the server may intercept a client request and check if the request is to be processed by a service provided by one of the devices deployed in parallel with the intermediary device. The service may be any type and form of service or feature for processing, checking or modifying the request, including a firewall, a cache server, a encryption/decryption engine, a security device, an authentication device, an authorization device or any other type and form of service or device described herein. The intermediary device may select the machine to process the request and use layer 2 redirection to the machine.

Abstract: Systems and methods are described for link load balancing, by a multi-core intermediary device, a plurality of Internet links. The method may include load balancing, by a multi-core device intermediary to a plurality of devices and a plurality of Internet links, network traffic across the plurality of Internet links. The multi-core device providing persistence of network traffic to a selected Internet link based on a persistence type. A first core of the multi-core device receives, a packet to be transmitted via an Internet link to be selected from the plurality of Internet links. The first core sends to a second core of the multi-core device a request for persistence information responsive to identifying that the second core is an owner core of a session for persistence based on the persistence type.

Abstract: The present solution is directed to a system for specifying a source internet protocol (IP) address used by an intermediary device for a connection to a server. The system includes a device intermediary to a plurality of clients and a server. The device may have a net profile for sending traffic to servers. The net profile specifies one or more internet protocol (IP) addresses to use as a source IP address for a connection between the device and the server.

Abstract: The present solution is directed to a system for handling network interface card (NIC) congestion by a NIC aware application. The system may include a device having a plurality of network interface cards (NICs), a transmission queue corresponding to a NIC of the plurality of NICs; and an overflow queue for storing packets for the NIC when congested. The system may also include an application executing on the device outputting a plurality of packets to the transmission queue responsive to detecting that the NIC is identified as not congested. The device identifies the NIC as congested responsive to determining that a number of packets stored in the transmission queue has reached a predetermined threshold and responsive to detecting identification of the NIC as congested, the application stores one or more packets to the overflow queue. The device transmits one or more of the plurality of packets stored in the transmission queue and transmits a predetermined number of packets from the overflow queue.

Abstract: Systems and methods are described for link load balancing, by a multi-core intermediary device, a plurality of Internet links. The method may include load balancing, by a multi-core device intermediary to a plurality of devices and a plurality of Internet links, network traffic across the plurality of Internet links. The multi-core device providing persistence of network traffic to a selected Internet link based on a persistence type. A first core of the multi-core device receives, a packet to be transmitted via an Internet link to be selected from the plurality of Internet links. The first core sends to a second core of the multi-core device a request for persistence information responsive to identifying that the second core is an owner core of a session for persistence based on the persistence type.

Abstract: The present solution is directed to providing, transparently and seamlessly to any client or server, layer 2 redirection of client requests to any services of a device deployed in parallel to an intermediary device An intermediary device deployed between the client and the server may intercept a client request and check if the request is to be processed by a service provided by one of the devices deployed in parallel with the intermediary device. The service may be any type and form of service or feature for processing, checking or modifying the request, including a firewall, a cache server, a encryption/decryption engine, a security device, an authentication device, an authorization device or any other type and form of service or device described herein. The intermediary device may select the machine to process the request and use layer 2 redirection to the machine.

Abstract: The present disclosure presents systems and methods for maintaining operation of a first multi-core appliance 200 by a second multi-core appliance upon failover of the first multi-core appliance. A secondary appliance may receive information about configuration settings and operations of a plurality of packet processing engines (PPEs), each of the PPEs operating on one of a plurality of cores of the primary multi-core appliance. Status of operation of the plurality of PPEs of the primary appliance may be monitored by exchanging communication between the primary and secondary appliances. Configuration settings for each of a PPEs operating on the cores of the secondary appliance may be established responsive to detection that one or more of the PPEs of the primary appliance is unavailable. Configuration information for each of the PPEs of the secondary appliance may be propagated to the plurality of the PPEs of the secondary appliance.

Abstract: Embodiments of the present solution provide a cloud bridge to bring network transparency between the otherwise disparate networks of the datacenter and cloud service provider. For example, appliances may be deployed in the datacenter and on the edge of the cloud. These appliances may be configured or designed and constructed to communicate with each other and recognize and understand the local IP and/or public IP network information of the on-premise datacenter of the enterprise and the cloud datacenter. These appliances may manage the flow of network traffic between the on-premise and cloud datacenters in a manner to appear and act seamlessly and transparently as a single network spanning both the on-premise and cloud data centers.