Abstract: Embodiments are directed towards using policy rules that may be extended by scripting operative on a traffic management device. Each policy rule may have a condition and a corresponding action. If the condition is a script, a script engine separate from the policy engine may be employed to execute the script to determine if the condition is met. Otherwise, the policy engine may determine if the condition is met based on declarative expressions that comprise the condition. If the condition is met the action corresponding to the policy rule may be executed. Scripts may be used to compute the values of operands that may be used in one or more of the expression that comprise a condition for a policy rule. Also, the action corresponding to a policy rule may be implemented using a script that is executed by a script engine.

Abstract: Embodiments are directed towards overprovisioning IP addresses among a plurality of traffic management devices (TMDs). A plurality of IP addresses may be distributed among a plurality of available TMDs. A corresponding mirror TMD may be determined for each IP address. The corresponding mirror TMD for an IP address may be different than the available TMD currently associated with the IP address. In various embodiments, connections associated with each IP address may be mirrored at their corresponding mirror TMDs. The available TMDs may be employed to perform traffic management tasks on received packets based on at least a destination IP address of the received packets and the IP addresses associated with the available TMDs. If a TMD becomes unavailable, the IP addresses associated with the unavailable TMD may be redistributed to at least one remaining available TMD.

Abstract: Embodiments are directed towards network address based flood attack mitigation methods. A PTMD disposed between one or more computers may monitor several network flows and generate metrics associated with malicious network activity, such as, flood attacks. If flood attacks are determined to be occurring, the PTMD may determine the network addresses targeted by the flood attack. Further, the PTMD may activate flood attack mitigation procedures for the targeted network addresses such that other network addresses associated with the monitored network flows are excluded from the flood attack mitigation procedure. The PTMD may monitor the network traffic subsequently communicated to the targeted network addresses. Accordingly, the PTMD may determine if the flood attack has ceased based on characteristics of the monitored network traffic. If the flood attack has ceased, the flood attack mitigation procedures for the targeted network addresses may be deactivated.

Abstract: A method performed by a hypervisor in a virtual network traffic management cluster, the method comprising: assigning a set of continuous available source media access control (SMAC) addresses to one or more virtual network traffic management devices in a network traffic management cluster, the one or more virtual network traffic management devices configured to handle connections for virtual guest instances; assigning a region of predetermined size in a SMAC-index mapping table to a corresponding virtual network traffic management device; wherein the assigned SMAC addresses and assigned region in the SMAC-index mapping table are accessible by the virtual guest instances; and maintaining SMAC-index pool allocation to virtual guest instances handled by corresponding virtual network traffic management devices.

Abstract: A method, non-transitory computer readable medium, and host device that receives, at a routing interface, a request from a transmission control protocol (TCP) connection with a stateful network device. A media access control (MAC) address of the stateful network device is determined and the MAC address and the routing interface are stored as associated with information for the TCP connection in a per-connection routing table. The request is sent to one of a plurality of virtual machines, a response is received from the one of the virtual machines, and the MAC address and routing interface are retrieved from the per-connection routing table based on a comparison of information included in the response to the information for the TCP connection. The response is sent to the stateful network device using the retrieved MAC address and routing interface.

Abstract: Embodiments are directed towards overprovisioning IP addresses among a plurality of traffic management devices (TMDs). A plurality of IP addresses may be distributed among a plurality of available TMDs. A corresponding mirror TMD may be determined for each IP address. The corresponding mirror TMD for an IP address may be different than the available TMD currently associated with the IP address. In various embodiments, connections associated with each IP address may be mirrored at their corresponding mirror TMDs. The available TMDs may be employed to perform traffic management tasks on received packets based on at least a destination IP address of the received packets and the IP addresses associated with the available TMDs. If a TMD becomes unavailable, the IP addresses associated with the unavailable TMD may be redistributed to at least one remaining available TMD.

Abstract: Handling network data packets classified as being high throughput and low latency with a network traffic management device is disclosed. Packets are received from a network and classified as high throughput or low latency based on packet characteristics or other factors. Low latency classified packets are generally processed immediately, such as upon receipt, while the low latency packet processing is strategically interrupted to enable processing coalesced high throughput classified packets in an optimized manner. The determination to cease processing low latency packets in favor of high throughput packets may be based on a number of factors, including whether a threshold number of high throughput classified packets are received or based on periodically polling a high throughput packet memory storage location.

Abstract: A method and system is directed to distributing a flow of packets over a network to multiple traffic management devices. An apparatus receives each packet from a network and may act as a layer 2 switch, or router, to distribute the packet to one of a group of traffic management devices. The apparatus also may receive packets from servers for which the traffic management devices are managing communications. When distributing packets, a target traffic management device is selected from the group of traffic management devices. A connection key associated with the received packet and an identifier associated with the selected traffic management device are saved such that subsequent received packets in the flow of packets are delivered to the same traffic management device.

Abstract: A method and system for efficient direct DMA for processing connection state information or other expediting data packets. One example is the use of a network interface controller to buffer TCP type data packets that may contain connection state information. The connection state information is extracted from a received packet. The connection state information is stored in a special DMA descriptor that is stored in a ring buffer area of a buffer memory that is accessible by a host processor when an interrupt signal is received. The packet is then discarded. The host processor accesses the ring buffer memory only to retrieve the stored connection state information from the DMA descriptor without having to access a packet buffer area in the memory.

Abstract: Embodiments are directed towards exposing access to network metrics to a late binding user customized set of computer instructions within a traffic manager device (TMD) for use in managing a request for a resource. In one embodiment, the TMD may be interposed between client devices and a plurality of network devices. Request specific data is extracted from a client request received by the user's instructions. Various network metrics about the network devices are provided to the user's instructions to selectively provide the request from the client device to a network device. In one embodiment, an election hash is described as an action performed by the user's instructions.

Abstract: Embodiments are directed towards improving the performance of network traffic management devices by optimizing the management of hot connection flows. A packet traffic management device (“PTMD”) employs a data flow segment (“DFS”) and control segment (“CS”). The CS performs high-level control functions and per-flow policy enforcement for connection flows maintained at the DFS, while the DFS performs statistics gathering, and per-packet policy enforcement, on connection flows maintained at the DFS. The DFS may include high-speed flow caches and other high-speed components. Making efficient use of the high speed flow cache capacity may be improved by maximizing the number of hot connection flows based on unique service and network traffic characteristics through adaptive feedback pattern learning together with administrator configurable service preferences that may have flow control data for most bandwidth hungry and desired hot services offloaded to the high-speed flow cache, at appropriate time.

Abstract: Embodiments are directed towards network address based flood attack mitigation methods. A PTMD disposed between one or more computers may monitor several network flows and generate metrics associated with malicious network activity, such as, flood attacks. If flood attacks are determined to be occurring, the PTMD may determine the network addresses targeted by the flood attack. Further, the PTMD may activate flood attack mitigation procedures for the targeted network addresses such that other network addresses associated with the monitored network flows are excluded from the flood attack mitigation procedure. The PTMD may monitor the network traffic subsequently communicated to the targeted network addresses. Accordingly, the PTMD may determine if the flood attack has ceased based on characteristics of the monitored network traffic. If the flood attack has ceased, the flood attack mitigation procedures for the targeted network addresses may be deactivated.

Abstract: An apparatus is related to connection management for a communications network. A control component receives a data flow requesting a resource from a client, identifies the client, and determines when the data flow is unassociated with a connection to a requested resource. The control component selects a new content server for an unassociated resource request when either the identified client was previously unknown or the identified client has exceeded a maximum number of connections with a previously selected content server. The control component selects the previously selected content server when the identified client has not exceeded the maximum number of connections. A switch component is employed to maintain a connection between the client and the selected content server such that the client receives the requested resource. Utilizing cached connection information for up to “N” connections enhances the speed of connections between the client and the selected content server.

Abstract: Embodiments are directed towards using policy rules that may be extended by scripting operative on a traffic management device. Each policy rule may have a condition and a corresponding action. If the condition is a script, a script engine separate from the policy engine may be employed to execute the script to determine if the condition is met. Otherwise, the policy engine may determine if the condition is met based on declarative expressions that comprise the condition. If the condition is met the action corresponding to the policy rule may be executed. Scripts may be used to compute the values of operands that may be used in one or more of the expression that comprise a condition for a policy rule. Also, the action corresponding to a policy rule may be implemented using a script that is executed by a script engine.

Abstract: Handling network data packets classified as being high throughput and low latency with a network traffic management device is disclosed. Packets are received from a network and classified as high throughput or low latency based on packet characteristics or other factors. Low latency classified packets are generally processed immediately, such as upon receipt, while the low latency packet processing is strategically interrupted to enable processing coalesced high throughput classified packets in an optimized manner. The determination to cease processing low latency packets in favor of high throughput packets may be based on a number of factors, including whether a threshold number of high throughput classified packets are received or based on periodically polling a high throughput packet memory storage location.

Abstract: A method, computer readable medium, and network traffic management apparatus that manages contended resource utilization includes obtaining at least one value for at least one utilization parameter for at least one contended resource and determining when the obtained value of the utilization parameter for the at least one contended resource exceeds a threshold value. When the obtained value of the utilization parameter is determined to exceed the threshold value, a work rate for one or more of a plurality of processing units is reduced or the at least one contended resource is reallocated among the plurality of processing units.

Abstract: A method and system is directed to distributing a flow of packets over a network to multiple traffic management devices. An apparatus receives each packet from a network and may act as a layer 2 switch, or router, to distribute the packet to one of a group of traffic management devices. The apparatus also may receive packets from servers for which the traffic management devices are managing communications. When distributing packets, a target traffic management device is selected from the group of traffic management devices. A connection key associated with the received packet and an identifier associated with the selected traffic management device are saved such that subsequent received packets in the flow of packets are delivered to the same traffic management device.

Abstract: Distributing network traffic to multiple traffic management devices. A distributor receives packets from a network and may act as a layer 2 switch or router, to distribute the packet to one of a group of traffic management devices. The distributor may receive packets from servers that the traffic management devices are managing communications to. When distributing packets to traffic management devices, information may be used to determine which traffic management device each packet should be sent to. The distributor causes packets in a flow to be delivered to the same traffic management device. Many configurations are possible for connecting the distributor to the traffic management devices, including connecting each traffic management device to a physical or virtual port on the distributor, connecting the traffic management devices to the distributor using a virtual local area network, and connecting the traffic management devices to a layer 2 switch.

Abstract: A method, computer readable medium, and apparatus for managing server resources includes receiving at a traffic management device one or more requests in a message based protocol. The traffic management device determines a difference between a level of utilization of resources maintained by a server that handles the one or more received requests and a threshold level of utilization of resources that can be maintained by the server; and randomly delays the one or more requests based upon the determined difference.

Abstract: An apparatus is related to connection management for a communications network. A control component receives a data flow requesting a resource from a client, identifies the client, and determines when the data flow is unassociated with a connection to a requested resource. The control component selects a new content server for an unassociated resource request when either the identified client was previously unknown or the identified client has exceeded a maximum number of connections with a previously selected content server. The control component selects the previously selected content server when the identified client has not exceeded the maximum number of connections. A switch component is employed to maintain a connection between the client and the selected content server such that the client receives the requested resource. Utilizing cached connection information for up to “N” connections enhances the speed of connections between the client and the selected content server.