Abstract: A method, system, and apparatus are directed towards selectively compressing data for transmission over a network. In one embodiment, a sending network device and receiving network device negotiates different compression modes to communicate data between them. An initial compression mode may be selected based on a network bandwidth. The sending network device then reads data, and compresses using the selected compression mode. The compressed data may then be written out. Ratios of compression and the write times are then employed to selectively adjust the compression mode for subsequent data compressions. In one embodiment, a compression ratio is also employed to determine whether to employ the selected compression mode, or to reduce the level of compression by using a different compression mode. The receiving network device having received information about the selected compression mode, then employs that compression mode to decompress the received data.

Abstract: A traffic management device (TMD) is situated between a one or more network devices providing jumbo network traffic and one or more device providing non-jumbo network traffic. The TMD is configured to employ TCP segmentation offload hardware within a Network Interface Card (NIC) at the level two/four layers of the OSI stack by rewriting maximum segment size (MSS) information during initial handshake operations, such that jumbo frames may be split into digestible size frames for a non-jumbo network communications.

Abstract: Embodiments are directed towards improving the performance of network traffic management devices by optimizing the management of hot connection flows. A packet traffic management device (“PTMD”) employs a data flow segment (“DFS”) and control segment (“CS”). The CS performs high-level control functions and per-flow policy enforcement for connection flows maintained at the DFS, while the DFS performs statistics gathering, and per-packet policy enforcement, on connection flows maintained at the DFS. The DFS may include high-speed flow caches and other high-speed components. Making efficient use of the high speed flow cache capacity may be improved by maximizing the number of hot connection flows based on unique service and network traffic characteristics through adaptive feedback pattern learning together with administrator configurable service preferences that may have flow control data for most bandwidth hungry and desired hot services offloaded to the high-speed flow cache, at appropriate time.

Abstract: IP reflection comprising double static NAT (network address translation) is disclosed. In some embodiments, a packet having a public IP address is received at a protecting network. The public IP address of the packet is translated to a corresponding protected IP address associated with a protected network, and the packet is forwarded to the protected network for servicing. The protected IP address of a response to the packet from the protected network is translated back to the public IP address at the protected network before sending.

Abstract: A method, non-transitory computer readable medium and device for seamless storage import includes importing file system structure entries stored in one or more storage devices. A request for an operation on one of the entries in the one or more storage devices is obtained during the importing. An import status of the requested one of the entries is determined. The obtained request is processed based on the determined import status of the requested one of the entries without interrupting the importing. The requested one of the entries is updated with the storage management computing device based on the processing. An aggregation of the imported entries with the updating of the requested one of the entries is stored.

Abstract: A traffic management device (TMD), system, and processor-readable storage medium are directed to determining that an end-to-end encrypted session has been established between a client and an authentication server, intercepting and decrypting subsequent task traffic from the client, and forwarding the intercepted traffic toward a server. In some embodiments, a second connection between the TMD and server may be employed to forward the intercepted traffic, and the second connection may be unencrypted or encrypted with a different mechanism than the encrypted connection to the authentication server. The encrypted connection to the authentication server may be maintained following authentication to enable termination of the second connection if the client becomes untrusted, and/or to enable logging of client requests, connection information, and the like. In some embodiments, the TMD may act as a proxy to provide client access to a number of servers and/or resources.

Abstract: A traffic management device (TMD), system, and processor-readable storage medium are directed towards reducing a number of login web pages served by a server device over an end-to-end encrypted connection. In one embodiment, a TMD intercepts and processes requests for content addressed to the server device. The TMD may serve a stored copy of a login page corresponding to the requested content to the client device. In response, the client device may submit login information associated with the login page to the TMD. The TMD may extract the login information from the submitted response and send a request to the server device to authenticate the client device based on the extracted login information. If the client device is authenticated, the TMD may transmit a ‘login successful’ page to the client device.

Abstract: A method, non-transitory computer readable medium and application management computing device includes receiving at an application management computing device a request from a client computing device which requires authentication. A determination is made by the application management computing device whether user network identification information currently is stored for the requesting client computing device. The stored user network identification information for the authentication is obtained by the application management computing device when the user network identification information is determined to be currently stored for the requesting client computing device. The authentication is completed by the application management computing device with the obtained user network identification information.

Abstract: Creating a connection between one of a first plurality of computing devices in a primary chassis and one of a second plurality of computing devices in a failover chassis. A first plurality of buckets may be associated with the primary chassis, a second plurality of buckets may be associated with the failover chassis, where the first plurality of buckets may correspond to the second plurality of buckets. One of the first plurality of computing devices may be associated with one of the first plurality of buckets, and can create a connection with attributes such that a disaggregator in the failover chassis routes the connection to one of the second plurality of computing devices, wherein the one of the second plurality of computing devices may be associated with a bucket of the second plurality of buckets that corresponds to the one of the first plurality of buckets.

Abstract: A traffic management device (TMD), system, and processor-readable storage medium directed towards re-establishing an encrypted connection of an encrypted session, the encrypted connection having initially been established between a client device and a first server device, causing the encrypted connection to terminate at a second server device. As described, a traffic management device (TMD) is interposed between the client device and the first server device. In some embodiments, the TMD may request that the client device renegotiate the encrypted connection. The TMD may redirect the response to the renegotiation request towards a second server device, such that the renegotiated encrypted connection is established between the client device and the second server device. In this way, a single existing end-to-end encrypted connection can be used to serve content from more than one server device.

Abstract: Embodiments are directed towards minimizing the impact flood attacks may have on packet traffic management performance. A packet traffic management device (“PTMD”) may employ a data flow segment (“DFS”) and control segment (“CS”). The CS may perform high-level control functions and per-flow policy enforcement for connection flows maintained at the DFS, while the DFS may perform statistics gathering, per-packet policy enforcement (e.g., packet address translations), or the like, on connection flows maintained at the DFS. The DFS may include high-speed flow caches and other high-speed components that may be comprised of high-performance computer memory. The impact of flood attacks may be reduced by protecting the high-speed flow caches from being consumed by flow control data associated with malicious and/or in-operative non-genuine network connections.

Abstract: A method and system for efficient direct DMA for processing connection state information or other expediting data packets. One example is the use of a network interface controller to buffer TCP type data packets that may contain connection state information. The connection state information is extracted from a received packet. The connection state information is stored in a special DMA descriptor that is stored in a ring buffer area of a buffer memory that is accessible by a host processor when an interrupt signal is received. The packet is then discarded. The host processor accesses the ring buffer memory only to retrieve the stored connection state information from the DMA descriptor without having to access a packet buffer area in the memory.

Abstract: A method, computer readable medium, and system independently managing network applications within a network traffic management device communicating with networked clients and servers include monitoring with a network device a plurality of applications communicating over a plurality of direct memory access (DMA) channels established across a bus. The network device receives a request from a first application communicating over a first DMA channel in the plurality of DMA channels to restart the first DMA channel. In response to the request, the first DMA channel is disabled with the network device while allowing other executing applications in the plurality of applications to continue to communicate over other DMA channels in the plurality of DMA channels. A state of the first DMA channel is cleared independently from other DMA channels in the plurality of DMA channels, and communications for the first application over the first DMA channel are resumed with the network device.

Abstract: A method and system is directed to distributing a flow of packets over a network to multiple traffic management devices. An apparatus receives each packet from a network and may act as a layer 2 switch, or router, to distribute the packet to one of a group of traffic management devices. The apparatus also may receive packets from servers for which the traffic management devices are managing communications. When distributing packets, a target traffic management device is selected from the group of traffic management devices. A connection key associated with the received packet and an identifier associated with the selected traffic management device are saved such that subsequent received packets in the flow of packets are delivered to the same traffic management device.

Abstract: Methods, computer-readable media, and apparatuses for network flow state preservation include migration of at least one application hosted on a first server device to a second server device coupled to a second traffic management device is detected at a first traffic management device. At least a portion of connection state information associated with a network connection between at least one client device and the application is communicated by the first traffic management device to the second traffic management device via a communication channel between the first and second traffic management devices. The application is provided by the first traffic management device to the at least one client device during the migration based upon the connection state information.

Abstract: Layer-7 application layer message (“message”) classification is disclosed. A network traffic management device (“NTMD”) receives incoming messages over a first TCP/IP connection from a first network for transmission to a second network. Before transmitting the incoming messages onto the second network, however, the NTMD classifies the incoming messages according to some criteria, such as by assigning one or more priorities to the messages. The NTMD transmits the classified messages in the order of their message classification. Where the classification is priority based, first priority messages are transmitted over second priority messages, and so forth, for example.

Abstract: Methods and systems are directed to dynamically mirroring a connection between network devices. Mirroring is managed by forwarding a packet between a first network device and a second network device. In one method, the first network device receives the packet from a client and communicates the packet to the second network device. A forwarding device, pre-determined from the first and second network devices, forwards the packet to a server. The first network device receives a response from the server, and communicates it to the second network device. The forwarding device forwards the response packet to the client. In one configuration, the first network device and forwarding device is an active device, and the second network device is a standby device. In another configuration, the first network device is a standby device, and the second network device and forwarding device is an active device.

Abstract: Embodiments are directed towards exposing access to network metrics to a late binding user customized set of computer instructions within a traffic manager device (TMD) for use in managing a request for a resource. In one embodiment, the TMD may be interposed between client devices and a plurality of network devices. Request specific data is extracted from a client request received by the user's instructions. Various network metrics about the network devices are provided to the user's instructions to selectively provide the request from the client device to a network device. In one embodiment, an election hash is described as an action performed by the user's instructions.

Abstract: A method, computer readable medium, and device for handling requests between different resource record types includes receiving at a traffic management device a first resource record type from one or more server devices in response to a request from a client device. The traffic management device validates the first resource record type, and creates a second resource record type corresponding to the first resource record type after the validating. Signing the second resource record type at the traffic management device is carried out for servicing the request from the client device.

Abstract: A system and method is directed to managing network communications and improving network security. In a communication protocol, an improved method of generating a value that encodes information received in an incoming message, and a corresponding way of validating an incoming message with an encoded value, improves network security. A technique for directing a network device to delay communications includes sending an instruction designating an initial window size of zero to the device. Another technique uses a TCP fast retransmit protocol. The techniques can be used to provide layer four switching, change to layer seven switching when desired, and then change back to layer four switching to improve security in a layer four switching device. Levels of trust can also be used to selectively perform aspects of the invention.