Abstract: A method for maintaining server persistency, including: (a) receiving, by an intermediate entity, a first session request from client to receive a service from a server out of a plurality of servers that are connected to the intermediate entity; (b) selecting a server out of the plurality of servers and directing to the selected server information indicative of the first session request; (c) receiving a response of the selected server to the information indicative of the first session request; (d) analyzing the response of the selected server, to provide an analysis result indicative whether the response includes code to be executed by the client and includes at least one instruction that facilitates sending, by the client, another request, to receive a service from a server out of the plurality of servers; (e) modifying, based on the analysis result, the code by adding information that will cause the client to send a selected server identifier in association to the sending of the other request; and (f) sendi

Abstract: An encrypted session is established between a client device and a target server device when the client device initiates network connections through a proxy device. The client device initiates an encrypted session with the proxy device. Once the encrypted session is established, the client device communicates the address of the target server device to the proxy device. Then, the proxy device sends an encrypted session renegotiation message to the client device. The client device responds to the encrypted session renegotiation message by transmitting an encrypted session handshake message to the proxy device. The proxy device forwards the encrypted session handshake message to the target server device, and continues to forward handshake messages between the client device and the target server device, enabling the client device and the target server device to establish an encrypted session.

Abstract: A systems and methods are disclosed that provide an efficient parallel pipeline for data processing using a multi-core processor. Embodiments allocate a shared memory portion of the memory that is accessible from more than one context of execution and/or process a frame in a plurality of processing stages processed by a context of execution. In some embodiments, each of the plurality of processing stages may be bound to a processing core of the multi-core processor. In other embodiments include one or more processing stages with a point-to-point communication mechanism that operates in shared memory.

Abstract: A facility for supporting the analysis of a multithreaded program is described. For each of a number of threads of the multithreaded program, the facility identifies a semantically meaningful point in the execution of the thread. The facility interrupts the execution of each thread at the point identified for the thread.

Abstract: Methods, systems, and devices are described for managing virtual network services provided to a network by a self-contained network services system. A controller application may receive a request for a change in network services provided by the self-contained network services system to the network. A new software configuration for a number of network services modules of the self-contained networks services system may be determined based on the received request, and the network services modules may be dynamically configured according to the determined new software configuration. The network and a router associated with the network services system may also be reconfigured to distribute traffic among the network services modules in accordance with the requested change in network services.

Abstract: A system and method for optimizing use of idle server connections comprises receiving, at a first network traffic management device of a cluster, a request from a client device to access a server. The first network traffic management device reserve an idle flow connection from an idle connection pool previously established between at least a second network traffic management device and the server. A flow cookie is retrieved from the second network traffic management device. The flow cookie comprises routing information associated with the retrieved idle flow connection, whereby the flow cookie is modified to represent the connection between the server and the first network traffic management device. The updated flow cookie is incorporated into the received request and forwarded to the server, wherein a server response contains the updated flow cookie such that the response is received by the first network traffic management device.

Abstract: An apparatus is related to connection management for a communications network. A control component receives a data flow requesting a resource from a client, identifies the client, and determines when the data flow is unassociated with a connection to a requested resource. The control component selects a new content server for an unassociated resource request when either the identified client was previously unknown or the identified client has exceeded a maximum number of connections with a previously selected content server. The control component selects the previously selected content server when the identified client has not exceeded the maximum number of connections. A switch component is employed to maintain a connection between the client and the selected content server such that the client receives the requested resource. Utilizing cached connection information for up to “N” connections enhances the speed of connections between the client and the selected content server.

Abstract: Embodiments are directed towards using policy rules that may be extended by scripting operative on a traffic management device. Each policy rule may have a condition and a corresponding action. If the condition is a script, a script engine separate from the policy engine may be employed to execute the script to determine if the condition is met. Otherwise, the policy engine may determine if the condition is met based on declarative expressions that comprise the condition. If the condition is met the action corresponding to the policy rule may be executed. Scripts may be used to compute the values of operands that may be used in one or more of the expression that comprise a condition for a policy rule. Also, the action corresponding to a policy rule may be implemented using a script that is executed by a script engine.

Abstract: A method, non-transitory computer readable medium and application manager computing device comprises obtaining at least one cryptographic key from a request by a client computing device for a user session. User information corresponding to a user is encrypted or decrypted using the cryptographic key. The request is authenticated based on encryption or decryption of the user information. The cryptographic key is deleted after the completion or termination of the user session.

Abstract: A method, computer readable medium, and network traffic management apparatus that accesses data in a compressed file system includes obtaining an original write request from a client computing device including at least object data. The object data is compressed into a plurality of compressed blocks. A mapping of each compressed block to a portion of the object data compressed therein is generated, wherein the portion of the object data compressed therein is represented in the mapping by a unique object identifier, a start offset, and a length. The compressed blocks and the mapping are stored in at least one data storage device. At least one data access request for at least a portion of the object data is serviced based on the mapping.

Abstract: A facility that for a multithreaded program executing on a root machine causes the threads of the program to be executed in a relative scheduling that produces an interesting result. The facility suspends execution of the program. The facility then tests a plurality of relative thread schedulings on one or more virtual machines and observes the result. Based upon the observed result the facility selects one of the tested relative thread schedulings. The facility then resumes execution of the program using the selected relative thread scheduling.

Abstract: Methods, systems, and devices are described for managing virtual network services provided to a network. Network services may be provided to a client network having a first network fabric at a self-contained network services system implementing a number of redundant instances of a network service application. The self-contained network services system may have a second network fabric. The second network fabric may be adapted to distribute network service tasks received from the client network which are associated with the network service application among the redundant instances of the network service application.

Abstract: A method and system for improving the security and control of internet/network web application processes, such as web applications. The invention enables validation of requests from web clients before the request reaches a web application server. Incoming web client requests are compared to an application model that may include an allowed navigation path within an underlying web application. Requests inconsistent with the application model are blocked before reaching the application server. The invention may also verify that application state data sent to application servers has not been inappropriately modified. Furthermore, the invention enables application models to be automatically generated by employing, for example, a web crawler to probe target applications. Once a preliminary application model is generated it can be operated in a training mode. An administrator may tune the application model by adding a request that was incorrectly marked as non-compliant to the application model.

Abstract: A system, method, and apparatus are directed towards identifying adaptive length segments of redundant data for encoding a data structure. Initial boundaries are identified for an input matching segment within input data and for a candidate store matching segment in a synchronized store. The data prior to and after the boundaries are compared to identify matching data. As matching data is identified, at least one of the boundaries of the matching segments is revised. An encoded representation of the resulting input matching segment is then generated based in part on pointers and offsets into the synchronized store. A data structure is generated based on the encoded representation and unmatched portion, which is sent to a receiver. The receiver uses the data structure to extract matching data from the synchronized store, and together with the unmatched input data in the data structure, reconstruct the input data.

Abstract: A method, non-transitory computer readable medium, and a system for communicating with networked clients and servers through a network device includes receiving a first network data packet destined for a first executing traffic management application of a plurality of executing traffic management applications operating in the network device. A first DMA channel is identified to allocate the received first network data packet. Further, the first network data packet is transmitted to the first traffic management executing application over the first identified DMA channel.

Abstract: Systems, methods, and devices are directed towards identifying a web browser by targeting a document parser component in a layout engine of a web browser. Malformed HTML may be provided to a client device having the web browser. Based on how the layout engine responds to the received malformed HTML, a fingerprint can be generated classifying/identifying a class, type, and other features of the web browser/layout engine. Other fingerprinting techniques may be combined with this malformed HTML approach to improve an accuracy of web browser identification, or to be used to detect/counter user-agent spoofing. Identification of the web browser/layout engine may then be used, among other things, to provide web content that is formatted to be useable by the receiving client device.

Abstract: A network device is arranged to perform frame chunking directed towards enabling fast video content starts on a client device. When a request for video content is received, characteristics of a connection to the client device, and the client device are used to determine a threshold bitrate that provides a defined amount of video content to the client device within a configurable amount of first play time. When a bitrate for the video content that satisfies the threshold bitrate is currently unavailable, then the first chunks or bytes of the video content may be optimized to satisfy the threshold bitrate. The optimized first chunks are then provided to the client device followed by the remaining video content at an available bitrate.

Abstract: Handling network data packets classified as being high throughput and low latency with a network traffic management device is disclosed. Packets are received from a network and classified as high throughput or low latency based on packet characteristics or other factors. Low latency classified packets are generally processed immediately, such as upon receipt, while the low latency packet processing is strategically interrupted to enable processing coalesced high throughput classified packets in an optimized manner. The determination to cease processing low latency packets in favor of high throughput packets may be based on a number of factors, including whether a threshold number of high throughput classified packets are received or based on periodically polling a high throughput packet memory storage location.

Abstract: A system, method and machine readable medium for automated policy building in a policy module of a network traffic management device is disclosed. Parsed network traffic data is received at a policy builder of a network traffic management device. The received network traffic data is analyzed in accordance with one or more threshold conditions specified by a user, via a user interface, for an existing policy. The existing policy is modified by the policy builder if the one or more threshold conditions for the network traffic have been met.

Abstract: The present invention disclose a system and method for mediating between signaling network peers of diameter type, where each peer is associated with different telecommunication service providers network or different application vendors.