Patents Assigned to F5 Networks, Inc.
  • Patent number: 9210239
    Abstract: A method, system, and apparatus are directed towards selectively compressing data for transmission over a network. In one embodiment, a sending network device and receiving network device negotiates different compression modes to communicate data between them. An initial compression mode may be selected based on a network bandwidth. The sending network device then reads data, and compresses using the selected compression mode. The compressed data may then be written out. Ratios of compression and the write times are then employed to selectively adjust the compression mode for subsequent data compressions. In one embodiment, a compression ratio is also employed to determine whether to employ the selected compression mode, or to reduce the level of compression by using a different compression mode. The receiving network device having received information about the selected compression mode, then employs that compression mode to decompress the received data.
    Type: Grant
    Filed: March 7, 2013
    Date of Patent: December 8, 2015
    Assignee: F5 Networks, Inc.
    Inventor: Saxon Carl Amdahl
  • Patent number: 9210094
    Abstract: A traffic management device (TMD) is situated between a one or more network devices providing jumbo network traffic and one or more device providing non-jumbo network traffic. The TMD is configured to employ TCP segmentation offload hardware within a Network Interface Card (NIC) at the level two/four layers of the OSI stack by rewriting maximum segment size (MSS) information during initial handshake operations, such that jumbo frames may be split into digestible size frames for a non-jumbo network communications.
    Type: Grant
    Filed: December 28, 2012
    Date of Patent: December 8, 2015
    Assignee: F5 Networks, Inc.
    Inventors: Jeffrey Michael Warren, Peter Michael Thornewell
  • Patent number: 9203771
    Abstract: Embodiments are directed towards improving the performance of network traffic management devices by optimizing the management of hot connection flows. A packet traffic management device (“PTMD”) employs a data flow segment (“DFS”) and control segment (“CS”). The CS performs high-level control functions and per-flow policy enforcement for connection flows maintained at the DFS, while the DFS performs statistics gathering, and per-packet policy enforcement, on connection flows maintained at the DFS. The DFS may include high-speed flow caches and other high-speed components. Making efficient use of the high speed flow cache capacity may be improved by maximizing the number of hot connection flows based on unique service and network traffic characteristics through adaptive feedback pattern learning together with administrator configurable service preferences that may have flow control data for most bandwidth hungry and desired hot services offloaded to the high-speed flow cache, at appropriate time.
    Type: Grant
    Filed: February 20, 2013
    Date of Patent: December 1, 2015
    Assignee: F5 Networks, Inc.
    Inventors: Hao Cai, Michael Thomas Barthelow, Paul Imre Szabo, Timothy Scott Michels
  • Patent number: 9197667
    Abstract: IP reflection comprising double static NAT (network address translation) is disclosed. In some embodiments, a packet having a public IP address is received at a protecting network. The public IP address of the packet is translated to a corresponding protected IP address associated with a protected network, and the packet is forwarded to the protected network for servicing. The protected IP address of a response to the packet from the protected network is translated back to the public IP address at the protected network before sending.
    Type: Grant
    Filed: February 25, 2014
    Date of Patent: November 24, 2015
    Assignee: F5 Networks, Inc.
    Inventor: Barrett Gibson Lyon
  • Patent number: 9195500
    Abstract: A method, non-transitory computer readable medium and device for seamless storage import includes importing file system structure entries stored in one or more storage devices. A request for an operation on one of the entries in the one or more storage devices is obtained during the importing. An import status of the requested one of the entries is determined. The obtained request is processed based on the determined import status of the requested one of the entries without interrupting the importing. The requested one of the entries is updated with the storage management computing device based on the processing. An aggregation of the imported entries with the updating of the requested one of the entries is stored.
    Type: Grant
    Filed: February 9, 2011
    Date of Patent: November 24, 2015
    Assignee: F5 Networks, Inc.
    Inventors: Stephen Rust, Michael Andrews, Brian Meifert
  • Patent number: 9178706
    Abstract: A traffic management device (TMD), system, and processor-readable storage medium are directed to determining that an end-to-end encrypted session has been established between a client and an authentication server, intercepting and decrypting subsequent task traffic from the client, and forwarding the intercepted traffic toward a server. In some embodiments, a second connection between the TMD and server may be employed to forward the intercepted traffic, and the second connection may be unencrypted or encrypted with a different mechanism than the encrypted connection to the authentication server. The encrypted connection to the authentication server may be maintained following authentication to enable termination of the second connection if the client becomes untrusted, and/or to enable logging of client requests, connection information, and the like. In some embodiments, the TMD may act as a proxy to provide client access to a number of servers and/or resources.
    Type: Grant
    Filed: February 27, 2013
    Date of Patent: November 3, 2015
    Assignee: F5 Networks, Inc.
    Inventors: Benn Sapin Bollay, Jonathan Mini Hawthorne
  • Patent number: 9172682
    Abstract: A traffic management device (TMD), system, and processor-readable storage medium are directed towards reducing a number of login web pages served by a server device over an end-to-end encrypted connection. In one embodiment, a TMD intercepts and processes requests for content addressed to the server device. The TMD may serve a stored copy of a login page corresponding to the requested content to the client device. In response, the client device may submit login information associated with the login page to the TMD. The TMD may extract the login information from the submitted response and send a request to the server device to authenticate the client device based on the extracted login information. If the client device is authenticated, the TMD may transmit a ‘login successful’ page to the client device.
    Type: Grant
    Filed: March 18, 2011
    Date of Patent: October 27, 2015
    Assignee: F5 Networks, Inc.
    Inventors: Benn Sapin Bollay, Jonathan Mini Hawthorne
  • Patent number: 9172753
    Abstract: A method, non-transitory computer readable medium and application management computing device includes receiving at an application management computing device a request from a client computing device which requires authentication. A determination is made by the application management computing device whether user network identification information currently is stored for the requesting client computing device. The stored user network identification information for the authentication is obtained by the application management computing device when the user network identification information is determined to be currently stored for the requesting client computing device. The authentication is completed by the application management computing device with the obtained user network identification information.
    Type: Grant
    Filed: February 20, 2012
    Date of Patent: October 27, 2015
    Assignee: F5 Networks, Inc.
    Inventors: Paul Jiang, Amit Jain, Satoshi Asami, Saxon Amdahl
  • Patent number: 9167006
    Abstract: Creating a connection between one of a first plurality of computing devices in a primary chassis and one of a second plurality of computing devices in a failover chassis. A first plurality of buckets may be associated with the primary chassis, a second plurality of buckets may be associated with the failover chassis, where the first plurality of buckets may correspond to the second plurality of buckets. One of the first plurality of computing devices may be associated with one of the first plurality of buckets, and can create a connection with attributes such that a disaggregator in the failover chassis routes the connection to one of the second plurality of computing devices, wherein the one of the second plurality of computing devices may be associated with a bucket of the second plurality of buckets that corresponds to the one of the first plurality of buckets.
    Type: Grant
    Filed: February 21, 2013
    Date of Patent: October 20, 2015
    Assignee: F5 Networks, Inc.
    Inventors: Anthony King, Paul Imre Szabo, William Ross Baumann
  • Patent number: 9166955
    Abstract: A traffic management device (TMD), system, and processor-readable storage medium directed towards re-establishing an encrypted connection of an encrypted session, the encrypted connection having initially been established between a client device and a first server device, causing the encrypted connection to terminate at a second server device. As described, a traffic management device (TMD) is interposed between the client device and the first server device. In some embodiments, the TMD may request that the client device renegotiate the encrypted connection. The TMD may redirect the response to the renegotiation request towards a second server device, such that the renegotiated encrypted connection is established between the client device and the second server device. In this way, a single existing end-to-end encrypted connection can be used to serve content from more than one server device.
    Type: Grant
    Filed: March 18, 2011
    Date of Patent: October 20, 2015
    Assignee: F5 Networks, Inc.
    Inventors: Benn Sapin Bollay, David Alan Hansen, David Dean Schmitt, Jonathan Mini Hawthorne
  • Patent number: 9154423
    Abstract: Embodiments are directed towards minimizing the impact flood attacks may have on packet traffic management performance. A packet traffic management device (“PTMD”) may employ a data flow segment (“DFS”) and control segment (“CS”). The CS may perform high-level control functions and per-flow policy enforcement for connection flows maintained at the DFS, while the DFS may perform statistics gathering, per-packet policy enforcement (e.g., packet address translations), or the like, on connection flows maintained at the DFS. The DFS may include high-speed flow caches and other high-speed components that may be comprised of high-performance computer memory. The impact of flood attacks may be reduced by protecting the high-speed flow caches from being consumed by flow control data associated with malicious and/or in-operative non-genuine network connections.
    Type: Grant
    Filed: March 13, 2013
    Date of Patent: October 6, 2015
    Assignee: F5 Networks, Inc.
    Inventors: Paul Imre Szabo, Peter Michael Thornewell, Timothy Scott Michels, Hao Cai
  • Patent number: 9154453
    Abstract: A method and system for efficient direct DMA for processing connection state information or other expediting data packets. One example is the use of a network interface controller to buffer TCP type data packets that may contain connection state information. The connection state information is extracted from a received packet. The connection state information is stored in a special DMA descriptor that is stored in a ring buffer area of a buffer memory that is accessible by a host processor when an interrupt signal is received. The packet is then discarded. The host processor accesses the ring buffer memory only to retrieve the stored connection state information from the DMA descriptor without having to access a packet buffer area in the memory.
    Type: Grant
    Filed: January 27, 2012
    Date of Patent: October 6, 2015
    Assignee: F5 Networks, Inc.
    Inventors: Timothy Michels, William R. Baumann, Paul I. Szabo
  • Patent number: 9152483
    Abstract: A method, computer readable medium, and system independently managing network applications within a network traffic management device communicating with networked clients and servers include monitoring with a network device a plurality of applications communicating over a plurality of direct memory access (DMA) channels established across a bus. The network device receives a request from a first application communicating over a first DMA channel in the plurality of DMA channels to restart the first DMA channel. In response to the request, the first DMA channel is disabled with the network device while allowing other executing applications in the plurality of applications to continue to communicate over other DMA channels in the plurality of DMA channels. A state of the first DMA channel is cleared independently from other DMA channels in the plurality of DMA channels, and communications for the first application over the first DMA channel are resumed with the network device.
    Type: Grant
    Filed: January 19, 2010
    Date of Patent: October 6, 2015
    Assignee: F5 Networks, Inc.
    Inventors: Timothy Michels, Clay Jones
  • Patent number: 9154424
    Abstract: A method and system is directed to distributing a flow of packets over a network to multiple traffic management devices. An apparatus receives each packet from a network and may act as a layer 2 switch, or router, to distribute the packet to one of a group of traffic management devices. The apparatus also may receive packets from servers for which the traffic management devices are managing communications. When distributing packets, a target traffic management device is selected from the group of traffic management devices. A connection key associated with the received packet and an identifier associated with the selected traffic management device are saved such that subsequent received packets in the flow of packets are delivered to the same traffic management device.
    Type: Grant
    Filed: September 5, 2013
    Date of Patent: October 6, 2015
    Assignee: F5 Networks, Inc.
    Inventors: Paul I. Szabo, Greg W. Davis, David D. Schmitt, Alan B. Mimms, Richard Roderick Masters
  • Patent number: 9141625
    Abstract: Methods, computer-readable media, and apparatuses for network flow state preservation include migration of at least one application hosted on a first server device to a second server device coupled to a second traffic management device is detected at a first traffic management device. At least a portion of connection state information associated with a network connection between at least one client device and the application is communicated by the first traffic management device to the second traffic management device via a communication channel between the first and second traffic management devices. The application is provided by the first traffic management device to the at least one client device during the migration based upon the connection state information.
    Type: Grant
    Filed: June 22, 2011
    Date of Patent: September 22, 2015
    Assignee: F5 Networks, Inc.
    Inventors: Peter M. Thornewell, Songbo Zheng, Nojan Moshiri, David Kushi, Charles Cano
  • Patent number: 9143451
    Abstract: Layer-7 application layer message (“message”) classification is disclosed. A network traffic management device (“NTMD”) receives incoming messages over a first TCP/IP connection from a first network for transmission to a second network. Before transmitting the incoming messages onto the second network, however, the NTMD classifies the incoming messages according to some criteria, such as by assigning one or more priorities to the messages. The NTMD transmits the classified messages in the order of their message classification. Where the classification is priority based, first priority messages are transmitted over second priority messages, and so forth, for example.
    Type: Grant
    Filed: January 25, 2013
    Date of Patent: September 22, 2015
    Assignee: F5 Networks, Inc.
    Inventors: Saxon Amdahl, Robert Lennie, Richard Larson
  • Patent number: 9137097
    Abstract: Methods and systems are directed to dynamically mirroring a connection between network devices. Mirroring is managed by forwarding a packet between a first network device and a second network device. In one method, the first network device receives the packet from a client and communicates the packet to the second network device. A forwarding device, pre-determined from the first and second network devices, forwards the packet to a server. The first network device receives a response from the server, and communicates it to the second network device. The forwarding device forwards the response packet to the client. In one configuration, the first network device and forwarding device is an active device, and the second network device is a standby device. In another configuration, the first network device is a standby device, and the second network device and forwarding device is an active device.
    Type: Grant
    Filed: May 14, 2013
    Date of Patent: September 15, 2015
    Assignee: F5 Networks, Inc.
    Inventors: Keith R. Reynolds, John R. Hughes
  • Patent number: 9130846
    Abstract: Embodiments are directed towards exposing access to network metrics to a late binding user customized set of computer instructions within a traffic manager device (TMD) for use in managing a request for a resource. In one embodiment, the TMD may be interposed between client devices and a plurality of network devices. Request specific data is extracted from a client request received by the user's instructions. Various network metrics about the network devices are provided to the user's instructions to selectively provide the request from the client device to a network device. In one embodiment, an election hash is described as an action performed by the user's instructions.
    Type: Grant
    Filed: August 27, 2008
    Date of Patent: September 8, 2015
    Assignee: F5 Networks, Inc.
    Inventors: Paul I. Szabo, Nathan McMahon, David A. Hansen
  • Patent number: 9106699
    Abstract: A method, computer readable medium, and device for handling requests between different resource record types includes receiving at a traffic management device a first resource record type from one or more server devices in response to a request from a client device. The traffic management device validates the first resource record type, and creates a second resource record type corresponding to the first resource record type after the validating. Signing the second resource record type at the traffic management device is carried out for servicing the request from the client device.
    Type: Grant
    Filed: November 4, 2010
    Date of Patent: August 11, 2015
    Assignee: F5 Networks, Inc.
    Inventors: Peter M. Thornewell, Christopher R. Baker
  • Patent number: 9106479
    Abstract: A system and method is directed to managing network communications and improving network security. In a communication protocol, an improved method of generating a value that encodes information received in an incoming message, and a corresponding way of validating an incoming message with an encoded value, improves network security. A technique for directing a network device to delay communications includes sending an instruction designating an initial window size of zero to the device. Another technique uses a TCP fast retransmit protocol. The techniques can be used to provide layer four switching, change to layer seven switching when desired, and then change back to layer four switching to improve security in a layer four switching device. Levels of trust can also be used to selectively perform aspects of the invention.
    Type: Grant
    Filed: November 25, 2003
    Date of Patent: August 11, 2015
    Assignee: F5 Networks, Inc.
    Inventors: Arindum Mukerji, Jesse A. Rothstein