Abstract: A system, method, and computer readable medium for sharing bandwidth among executing application programs across a packetized bus for packets from multiple DMA channels includes receiving at a network traffic management device first and second network packets from respective first and second DMA channels. The received packets are segmented into respective one or more constituent CPU bus packets. The segmented constituent CPU bus packets are interleaved for transmission across a packetized CPU bus.

Abstract: A system and method which includes monitoring an existing first connection to a secured network domain. A first network configuration is employed to access the secured network domain via the first connection. An available second connection to the network domain is detected, whereby the system and method automatically switch to the second connection to access the secured network domain upon detecting a termination with the first connection. Access to the secured network domain, via the second connection, is established by employing a second network configuration. In an aspect, the first connection is by cable and the first network configuration is associated with direct access to the secured network domain. In an aspect, the second connection is a wired or wireless signal and the second network configuration is associated with a Virtual Private Network (VPN) connection.

Abstract: A system, computer readable medium and method of load balancing of requests between Diameter-enabled network devices is disclosed. Processing occurs at a signal controller in communication with a first Diameter-enabled network device and a second Diameter-enabled network device, request handling capacity of at least the second Diameter-enabled network device. One or more tokens are allocated for inbound requests from the first Diameter-enabled network device to the second Diameter-enabled network device. The second Diameter-enabled network device is notified of the one or more allocated tokens for handling a corresponding number of requests from the first Diameter-enabled network device. Transmission of the corresponding number of requests from the first Diameter-enabled network device to the second Diameter-enabled network device is coordinated by the signal controller.

Abstract: A method and system for forwarding messages received at a traffic manager. A traffic manager receives a message from a first connection to a client computer. At least a part of the message is to be forwarded to a server. If a connection exists to the server that matches the first connection, at least a part of the message is forwarded to the server by employing the existing connection. Otherwise, a source address is selected with which to communicate with the server. A new connection that includes the source address and a destination address associated with the server is opened. In addition, information associating the source address and the destination address with the first connection is stored. This information may then be used to map a response received from the server to the first connection.

Abstract: A method, computer readable medium, system and apparatus that acquires data link timing includes sequentially introducing a delay and sampling data on a link after each sequentially introduced delay. A starting edge of a valid data eye and a trailing edge of the valid data eye during the sequentially introducing the delay and the sampling of the data is determined. The sequentially introduced delay when the starting edge of the valid data eye is detected and a subsequently introduced delay when the trailing edge of the valid data eye is detected are recorded. A bit sampling time that provides the timing for the sampling of data in the valid data eye between the sequentially introduced delay and the subsequently introduced delay is determined. By way of example, an optimum bit sampling time is determined as a mean from the transition of the starting edge of the valid data eye to the trailing edge of the valid data eye. The bit sampling time for the sampling of data is applied and the link is established.

Abstract: A system, apparatus, and method for managing TCP over TCP communications using multiple TCP network connections. A plurality of tunneled network connections may be established between network devices. The network devices may employ one of the tunneled network connections over which to establish a plurality of application sessions. If congestion is detected on the employed tunneled network connection that exceeds a threshold, then a reset flag may be sent to abort that tunneled network connection. At least some of the application sessions are also transferred to another one of plurality of tunneled network connections, without terminating the moved application sessions. In one embodiment, at least one more tunneled network connection may be established between the network devices.

Abstract: A method, computer readable medium, and device for providing authenticated domain name service includes forwarding at a traffic management device a request for a domain name from a client device to one or more servers coupled to the traffic management device. The traffic management device receives a first response comprising at least a portion of the domain name from the one or more servers. The traffic management device attaches a first signature to the first response when the first response is determined by the traffic management device to be an unauthenticated response, and provides the first response with the first signature to the client device.

Abstract: A method, computer readable medium, and system for implementing adaptive forward error correction in a network includes converting at a first computing device a number K of original data packets into a number N of error correction packets for forward error correction for a transmission to a second computing device. A subset number S1 of the number N of the error correction packets which is less than the number N of error correction packets is determined at the first computing device based on a loss rate for the transmission to the second computing device. The determined subset number S1 of the number N of the error correction packets is transmitted from the first computing device to the second computing device.

Abstract: An inventive apparatus that integrates the operation of a hard disk emulator and a cryptographic accelerator on a single blade server card. An application with cryptographic operations can off load computationally intensive calculations to the cryptographic accelerator so that the speed at which the application performs actions can be increased significantly. Typically, the hard disk emulator is a flash memory component and the accelerator can perform at least modular exponentiation calculations. One bus is employed for communication between the hard disk emulator and the accelerator. Another bus is employed to communicate with other resources off the card. Often, the card is configured to operate as one of a several blade servers in a chassis.

Abstract: A facility for identifying functionally distinct memory access reorderings for a multithreaded program is described. The facility monitors execution of the program to detect, for each of one or more memory locations, an order in which the memory location was accessed by the threads of the program, each access being at least one of a read access and a write access. Among a number of possible memory access reorderings of a read access by a reading thread to a location and a write access by a writing thread to the same location where the write access preceded the read access, the facility identifies as functionally distinct memory access reorderings those possible memory access reorderings where the reading thread could have become newly aware of changed state of the writing thread as a result of the indicated read access.

Abstract: Embodiments may be directed towards enabling one or more load balance servers to maintain connection flow persistence if the server initiates to the communication to a client. A packet traffic management device may (PTMD) intercept the request from the server and generate reverse persistence information. The PTMD may include a portion of the reverse persistence information in the request before forwarding the request to the targeted client device. The client device may send the response to the PTMD. The PTMD may employ reverse persistence information to identify the target server. The PTMD may remove the reverse persistence information from the response sent by the client and forward the response to the determined server. Removing the reverse persistence information may remove evidence that the PTMD intervened in the connection between the client and server.

Abstract: A method and apparatus of accessing data through an independent intermediary mechanism (IIM) is described. The method includes displaying a frame including a user interface of the IIM, the frame framing a destination server display area (DSDA). The method further includes having one or more of the following functions provided by the IIM: a home page, a history list, bookmarks, a one-click account log-in function, a transaction record accessible to the user, a forms database permitting new forms to be added to the forms database, a user profile, and automatic form-fill function based on the forms database and the user profile.

Abstract: The present invention relates to increasing performance of Wide Area Network (WAN) communications and in particular to a redundant proxy device associated with one end of a transport layer connection that monitors packet traffic and selectively reroutes packets to a proxy application.

Abstract: A system and method for reducing processing load on an encapsulated data packet transmitted over a virtual private network. The method includes handling an initial encapsulated data packet to be transmitted over an established VPN tunnel connection to a receiving device, the initial encapsulated data packet having a Layer 2 (L2) protocol header, an IP data packet and at least one framing element; removing the at least one framing element; removing the L2 protocol header; appending an alternate L2 encapsulated protocol header to the IP data packet to generate a modified encapsulated data packet, wherein the alternate header contains information of the IP data packet; and sending the modified encapsulated data packet to the receiving device, wherein the alternate encapsulated protocol header allows the receiving device to handle the IP data packet using less computational resources in comparison to receiving the initial encapsulated data packet.

Abstract: A network traffic management device (NTMD) capable of gracefully handling remote file transfer errors is disclosed. A first local area network (LAN) may include a first NTMD and a client device. A second LAN may include a file server and an optional second NTMD. The first and second LANs are connected by a wide area network. The first NTMD optimizes network file transfer protocol (e.g., CIFS, NFS) operations by locally acknowledging file write command messages from the client device and reliably handling any file transfer errors that may occur by withholding flush data command messages from the client device until determining the locally acknowledged and forwarded file write commands were received by the file server. If any errors are encountered, the first NTMD returns a failed flush message to the client device or terminates the TCP/IP connection between the client device and the file server to indicate the error.

Abstract: Methods and systems for efficient transmission of data between a requesting computer and a server. A request is received for server data from a requesting computer and the request is sent to the server over at least one network. The requested server data responsive to the request is forwarded on to the requesting computer. It is determined whether the requested server data has been previously forwarded either to the requesting computer or at least one other requesting computer. A preemptive acknowledgement signal is sent to the transmitting server substantially upon determining the requested server data has been previously forwarded for causing the transmitting server to cease transmitting any remaining, un-transmitted portions of the requested server data. These methods and systems increase the efficiency of transmission resources in a network.

Abstract: A server array controller that includes a Data Flow Segment (DFS) and at least one Control Segment (CS). The DFS includes the hardware-optimized portion of the controller, while the CS includes the software-optimized portions. The DFS performs most of the repetitive chores including statistics gathering and per-packet policy enforcement (e.g. packet switching). The DFS also performs tasks such as that of a router, a switch, or a routing switch. The CS determines the translation to be performed on each flow of packets, and thus performs high-level control functions and per-flow policy enforcement. Network address translation (NAT) is performed by the combined operation of the CS and DFS. The CS and DFS may be incorporated into one or more separate blocks. The CS and DFS are independently scalable. Additionally, the functionality of either the DFS or the CS may be separately implemented in software and/or hardware.

Abstract: A method, system, and apparatus for integrating a rate shaping class analysis with a load balancing decision across multiple network links to improve traffic management decisions. For each of the available multiple network links, a determination is made as to how much bandwidth is available to each class associated with that network link. When a request for a connection is received, the request's class is determined. A load balancing decision is based on the available bandwidths for the determined class for the request. The invention may also integrate other Quality of Service metrics into the load balancing decision, including link type, failure rates, or the like.

Abstract: A method, system, and apparatus are directed towards enabling access to payload by a third-party sent over an SSL session. The third-party may be a proxy situated between a client and a server. SSL handshake messages are sent between the client and the server to establish the SSL connection. As the SSL handshake messages are routed through the proxy, the proxy may extract data. In addition, one of the client or the server may send another message within, or out-of-band to, the series of SSL handshake message directly to the proxy. The other SSL message may include secret data that the proxy may use to generate a session key for the SSL connection. With the session key, the proxy may receive SSL messages over the SSL connection, modify and/or transpose the payload within the received SSL messages, and/or terminate the SSL connection at the proxy.

Abstract: A system and method for providing persistence in a secure network access by using a client certificate sent by a client device to maintain the identity of a target. A security handshake is performed with a client device to establish a secure session. A target is determined. A client certificate is associated with the target. During subsequent secure sessions, the client certificate is used to maintain persistent communications between the client and a target. A session ID can be used in combination with the client certificate, by identifying the target based on the session ID or the client certificate, depending on which one is available in a client message.