Patents Assigned to A10 Networks, Inc.
  • Patent number: 9258332
    Abstract: A system and method for a distributed multi-processing security gateway establishes a host side session, selects a proxy network address for a server, uses the proxy network address to establish a server side session, receives a data packet, assigns a central processing unit core from a plurality of central processing unit cores in a multi-core processor of the security gateway to process the data packet, processes the data packet according to security policies, and sends the processed data packet. The proxy network address is selected such that a same central processing unit core is assigned to process data packets from the server side session and the host side session. By assigning central processing unit cores in this manner, higher capable security gateways are provided.
    Type: Grant
    Filed: October 23, 2014
    Date of Patent: February 9, 2016
    Assignee: A10 Networks, Inc.
    Inventors: Lee Chen, Ronald Wai Lun Szeto
  • Patent number: 9253152
    Abstract: A security gateway includes packet routing policies, each including a host network address, an application network address, and a forwarding interface. In routing data packets of an application session, the security gateway: recognizes the application session between a network and an application; determines a user identity from an application session record for the application session; determines packet routing policies applicable to the application session based on the user identity; receives a data packet for the application session, including a source network address and a destination network address; compares the source network address with the host network address, and the destination network address with the application network address; and in response to finding a match between the source network address and the host network address, and between the destination network address and the application network address, processes the data packet using the forwarding interface of the packet routing policy.
    Type: Grant
    Filed: July 3, 2014
    Date of Patent: February 2, 2016
    Assignee: A10 Networks, Inc.
    Inventors: Lee Chen, Dennis Oshiba, John Chiong
  • Patent number: 9219751
    Abstract: Method for applying a security policy to an application session, includes: recognizing the application session between a network and an application via a security gateway; determining by the security gateway a user identity of the application session using information about the application session; obtaining by the security gateway the security policy comprising network parameters mapped to the user identity; and applying the security policy to the application session by the security gateway. The user identity may be a network user identity or an application user identity recognized from packets of the application session. The security policy may comprise a network traffic policy mapped and/or a document access policy mapped to the user identity, where the network traffic policy is applied to the application session. The security gateway may further generate a security report concerning the application of the security policy to the application session.
    Type: Grant
    Filed: July 16, 2013
    Date of Patent: December 22, 2015
    Assignee: A10 Networks, Inc.
    Inventors: Lee Chen, John Chiong, Dennis Oshiba
  • Patent number: 9215275
    Abstract: A method, system, and computer program product for balancing servers based on server load status, include: receiving from a server a service response to a service request, the service response including a result from a processing of the service request and a server status indicating a computing load status of the server; obtaining the server status from the service response; receiving a next service request from a host, the next service request comprising a Uniform Resource Locator (URL); determining that the server is configured to process the URL; determining whether the server status indicates that the server is available to process the next service request; and in response to determining that the server status indicates that the server is available to process the next service request, sending the next service request to the server.
    Type: Grant
    Filed: September 30, 2010
    Date of Patent: December 15, 2015
    Assignee: A10 Networks, Inc.
    Inventors: Lalgudi Narayanan Kannan, Ronald Wai Lun Szeto, Lee Chen, Feilong Xu, Rajkumar Jalan
  • Publication number: 20150350379
    Abstract: Exemplary embodiments for programming a network device using user-defined scripts are disclosed. The systems and methods provide for a servicing node to receive a request for a network session between a client device and a server, receive a user defined class and a user defined object configuration from a node controller, and use the information to instruct an object virtual machine to generate at least one user defined object. The servicing node can then apply the at least one user defined object to a data packet of the network session, where the user defined object allows a user to configure the network device with user-defined instruction scripts.
    Type: Application
    Filed: June 3, 2014
    Publication date: December 3, 2015
    Applicant: A10 Networks, Inc.
    Inventors: Rajkumar Jalan, Rishi Sampat
  • Publication number: 20150333988
    Abstract: Exemplary embodiments for a distributed system for determining a server's health are disclosed. The systems and methods provide for a network controller to direct one or more servicing nodes to check the health of one or more servers, and report a health score to the network controller. The network controller may then calculate, update and maintain a health score for each server in the network from the various health scores reported to it from the servicing nodes. This allows a distributed system to be used to facilitate network operations, as a single device is not relied on for periodically determining each server's health.
    Type: Application
    Filed: May 16, 2014
    Publication date: November 19, 2015
    Applicant: A10 Networks, Inc.
    Inventors: Rajkumar Jalan, Swaminathan Sankar, Gurudeep Kamat
  • Patent number: 9154584
    Abstract: Allocation of buffers for a TCP proxy session between a client and a server by a service gateway includes: monitoring dynamic network behaviors for server and client side sessions of the TCP proxy session; and allocating capacity for a server side buffer and capacity for a client side buffer in a memory buffer based on the dynamic server side network behaviors, the dynamic client side network behaviors, and a weighted average of a capacity of the memory buffer. In one approach to the allocation, the gateway determines whether an available capacity of the server or client side buffer is sufficient to store a data packet. If not sufficient, the allocated capacity of the server or client side buffer is increased based on measurements of the dynamic network behaviors and the weighted average, and the available capacity of the server or client side buffer is adjusted accordingly.
    Type: Grant
    Filed: December 17, 2014
    Date of Patent: October 6, 2015
    Assignee: A10 Networks, Inc.
    Inventor: Liang Han
  • Patent number: 9154577
    Abstract: Synchronization of configuration files of a virtual application distribution chassis, includes: processing a configuration command received by a master blade; updating a first configuration file with the configuration command and an updated tag by the master blade; sending a configuration message by the master blade to the slave blades informing of the updated configuration file, the configuration message comprising the updated tag; in response to receiving the configuration message by a given slave blade of the one or more slave blades, comparing the updated tag in the configuration message with a tag in a second configuration file stored at the given slave blade; and in response to determining that the updated tag in the configuration message is more recent than the tag in the second configuration file stored at the given slave blade, sending a request for the updated configuration file to the master blade by the given slave blade.
    Type: Grant
    Filed: June 6, 2011
    Date of Patent: October 6, 2015
    Assignee: A10 Networks, Inc.
    Inventors: Rajkumar Jalan, Dennis Oshiba
  • Patent number: 9122853
    Abstract: User authentication techniques based on geographical locations associated with a client device is provided. A network connection can be established between two or more host machines and a client device. Upon a request received from the client device by one of these host machines, round trip times of test messages may be measured between the client device and each of the host machines. The round trip times can be utilized to determine the current geographical location of the client device. If the location is within a tolerance geographical area, the client device may be authenticated. Otherwise, the authentication may fail or additional security procedures may be implemented. In some examples, a travel time from a historical geographical location to current geographical location can be determined. This data may be also utilized in the user authentication process.
    Type: Grant
    Filed: June 24, 2013
    Date of Patent: September 1, 2015
    Assignee: A10 Networks, Inc.
    Inventor: Micheal Thompson
  • Patent number: 9124550
    Abstract: Systems and methods for a distributed multi-processing security gateway establishes a host side session, selects a proxy network address for a server based on network information, and using the proxy network address to establish a server side session. The proxy network address is selected such that a same processing element is assigned to process data packets from the server side session and the host side session. The network information includes a security gateway network address and a host network address. By assigning processing elements in this manner, higher capable security gateways are provided.
    Type: Grant
    Filed: March 17, 2015
    Date of Patent: September 1, 2015
    Assignee: A10 Networks, Inc.
    Inventors: Lee Chen, Ronald Wai Lun Szeto
  • Patent number: 9118618
    Abstract: Hardware-based packet editor receives a packet editing script which includes script entries indicating modifications to a data packet and a data block with data for the modified data packet. For a script entry in the packet editing script, the packet editor copies data in the data block at a block location and with a block length identified in the script entry into a packet buffer. The packet editor repeats the copying for the remaining script entries for the modified data packet. The packet editor then generates the modified data packet with the data in the packet buffer. The packet editing script is generated such that a script entry is created for data to be included in the modified data packet and data to be inserted into the modified data packet. Creation of a script entry is omitted for data to be removed.
    Type: Grant
    Filed: March 29, 2012
    Date of Patent: August 25, 2015
    Assignee: A10 Networks, Inc.
    Inventor: Ian E. Davis
  • Patent number: 9118620
    Abstract: Hardware-based packet editor receives a packet editing script which includes script entries indicating modifications to a data packet and a data block with data for the modified data packet. For a script entry in the packet editing script, the packet editor copies data in the data block at a block location and with a block length identified in the script entry into a packet buffer. The packet editor repeats the copying for the remaining script entries for the modified data packet. The packet editor then generates the modified data packet with the data in the packet buffer. The packet editing script is generated such that a script entry is created for data to be included in the modified data packet and data to be inserted into the modified data packet. Creation of a script entry is omitted for data to be removed.
    Type: Grant
    Filed: June 20, 2012
    Date of Patent: August 25, 2015
    Assignee: A10 Networks, Inc.
    Inventor: Ian E. Davis
  • Patent number: 9106561
    Abstract: Configuration of a virtual service network by a configuring node includes: determining that the virtual service is to be configured; determining a configuration associated with the virtual service and including packet forwarding policies associated with the virtual service, each packet forwarding policy including a virtual service network address and a destination; and sending the packet forwarding policies in the configuration to a network node. The network node: stores the packet forwarding policies; receives a data packet for the virtual service and including a virtual service network address; determines a match between the virtual service network address in the data packet with the virtual service network address in a given packet forwarding policy of the stored packet forwarding policies; obtains a given destination in the given packet forwarding policy; and sends the data packet to a service load balancer associated with the given destination by the network node.
    Type: Grant
    Filed: December 15, 2012
    Date of Patent: August 11, 2015
    Assignee: A10 Networks, Inc.
    Inventors: Rajkumar Jalan, Gurudeep Kamat
  • Patent number: 9094364
    Abstract: In activating a service, a service gateway retrieves a service table entry using a service or server address of the service entry, where the service table entry has an association with another service entry. An association to the service entry is added and a marker value is set to indicate associations with two service entries. After a time duration, the association with the other service entry is removed, and the marker value is changed accordingly. In deactivating a service entry, the service gateway calculates a hash value for the service or server address of the service entry. After matching the hash value to a hash value of another service entry, an association with the other service entry is added. A marker value is set to indicate associations with two service entries. After a time duration, the association with the service entry is removed, and the marker value is changed accordingly.
    Type: Grant
    Filed: December 23, 2011
    Date of Patent: July 28, 2015
    Assignee: A10 Networks, Inc.
    Inventors: Rajkumar Jalan, Feilong Xu, Rishi Sampat
  • Patent number: 9060003
    Abstract: The inventive system includes a host, a network including a security gateway, and a public application. Established are an access session between the network and the host and an application session between the public application and the network. An application session record is created for the application session, and includes the user's public user identity used to access the public application, the user's private user identity used to access the network, a host identity, and an application session time, To determine the private user identity for the application session, the security gateway sends a query with the host identity and the application session time. These are compared with the host identity and access session time in an access session record, if they match, then the private user identity in the access session record is returned, and it is stored as the private user identity in the application session record.
    Type: Grant
    Filed: October 17, 2013
    Date of Patent: June 16, 2015
    Assignee: A10 Networks, Inc.
    Inventors: Xin Wang, Lee Chen, John Chiong
  • Patent number: 9032502
    Abstract: A system and method for a distributed multi-processing security gateway establishes a host side session, selects a proxy network address for a server based on network information, and using the proxy network address to establish a server side session. The proxy network address is selected such that a same processing element is assigned to process data packets from the server side session and the host side session. The network information includes a security gateway network address and a host network address. By assigning processing elements in this manner, higher capable security gateways are provided.
    Type: Grant
    Filed: October 2, 2013
    Date of Patent: May 12, 2015
    Assignee: A10 Networks, Inc.
    Inventors: Lee Chen, Ronald Wai Lun Szeto
  • Patent number: 8977749
    Abstract: Allocation of buffers for a TCP proxy session between a client and a server by a service gateway includes: monitoring dynamic network behaviors for server and client side sessions of the TCP proxy session; and allocating capacity for a server side buffer and capacity for a client side buffer in a memory buffer based on the dynamic server side network behaviors, the dynamic client side network behaviors, and a weighted average of a capacity of the memory buffer. In one approach to the allocation, the gateway determines whether an available capacity of the server or client side buffer is sufficient to store a data packet. If not sufficient, the allocated capacity of the server or client side buffer is increased based on measurements of the dynamic network behaviors and the weighted average, and the available capacity of the server or client side buffer is adjusted accordingly.
    Type: Grant
    Filed: June 2, 2014
    Date of Patent: March 10, 2015
    Assignee: A10 Networks, Inc.
    Inventor: Liang Han
  • Patent number: 8943577
    Abstract: A system and method for a distributed multi-processing security gateway establishes a host side session, selects a proxy network address for a server, uses the proxy network address to establish a server side session, receives a data packet, assigns a central processing unit core from a plurality of central processing unit cores in a multi-core processor of the security gateway to process the data packet, processes the data packet according to security policies, and sends the processed data packet. The proxy network address is selected such that a same central processing unit core is assigned to process data packets from the server side session and the host side session. By assigning central processing unit cores in this manner, higher capable security gateways are provided.
    Type: Grant
    Filed: May 1, 2013
    Date of Patent: January 27, 2015
    Assignee: A10 Networks, Inc.
    Inventors: Lee Chen, Ronald Wai Lun Szeto
  • Patent number: 8918857
    Abstract: A system and method for a distributed multi-processing security gateway establishes a host side session, selects a proxy network address for a server, uses the proxy network address to establish a server side session, receives a data packet, assigns a central processing unit core from a plurality of central processing unit cores in a multi-core processor of the security gateway to process the data packet, processes the data packet according to security policies, and sends the processed data packet. The proxy network address is selected such that a same central processing unit core is assigned to process data packets from the server side session and the host side session. By assigning central processing unit cores in this manner, higher capable security gateways are provided.
    Type: Grant
    Filed: May 1, 2013
    Date of Patent: December 23, 2014
    Assignee: A10 Networks, Inc.
    Inventors: Lee Chen, Ronald Wai Lun Szeto
  • Patent number: 8914871
    Abstract: A system and method for a distributed multi-processing security gateway establishes a host side session, selects a proxy network address for a server, uses the proxy network address to establish a server side session, receives a data packet, assigns a central processing unit core from a plurality of central processing unit cores in a multi-core processor of the security gateway to process the data packet, processes the data packet according to security policies, and sends the processed data packet. The proxy network address is selected such that a same central processing unit core is assigned to process data packets from the server side session and the host side session. By assigning central processing unit cores in this manner, higher capable security gateways are provided.
    Type: Grant
    Filed: May 1, 2013
    Date of Patent: December 16, 2014
    Assignee: A10 Networks, Inc.
    Inventors: Lee Chen, Ronald Wai Lun Szeto