Abstract: A method and system for protection against denial of service attacks to a server coupled to a network. The server may establish connections with client computers through the network. Packets are received over the network directed to the server. It is determined whether the packets are associated with an established connection. The packets associated with the established connection are separated for processing by the server in a first buffer. The packets requesting a new connection are separated in a second buffer. The packets in the second buffer requesting a new connection are serviced at a lower priority than the packets relating to established connections.

Abstract: A computer-implemented method for providing software fault tolerance is provided. A multithreaded program is executed. The program execution includes a plurality of multithreaded processes. A set of inputs is provided to one of the multithreaded processes and the inputs set is copied to each of the other multithreaded processes. The executions of the multithreaded processes are divided into deterministic subsets of the execution that end at a checkpoint. An execution of the deterministic subset is speculatively executed continuously on one of the multithreaded processes. Upon completion of execution through the checkpoint, the successfully completed execution path through the deterministic subset is retired. Execution of the deterministic instructions subset on the other multithreaded process is continued along the completed execution path.

Abstract: The present invention provides a system for intermediating between client nodes and pools of server nodes in an NGN network where the server nodes provide network services to client nodes, wherein the client nodes use various communication protocols and at least part of said communication protocols are different from the communication protocol used by the server nodes. The system comprising: a cluster of associated gateway nodes providing an integrated service for the clients nodes, where each gateway provides services of at least one of: translations of request and answers between the client node and a provider server node, load balancing and managing scenario rules. Each gateway comprise: a database of scripts including, scenario rules, routing scripts and associated transformation scripts, an execution processing module for handling events of at least client requests and server answers according to scenario rules.

Abstract: A method, non-transitory computer readable medium, and network traffic management apparatus that receives a request for content from a client computing device. A length of the content is determined. A plurality of requests for a portion of the length of the content is sent to a plurality of server computing devices, wherein the portion of the length of the content is specified as a byte range in a range header of each of the plurality of requests. A plurality of responses to the plurality of requests is received. At least a subset of the plurality of responses is output to the client computing device.

Abstract: A method, apparatus, and system are directed toward managing network traffic over a plurality of Open Systems Interconnection (OSI) Level 2 switch ports. A network traffic is received over the plurality of OSI Level 2 switch ports. At least a part of the network traffic is categorized into a flow. The categorization may be based on a IP address, an OSI Level 4 port, a protocol type, a Virtual Local Area Network (VLAN) number, or the like, associated with the network traffic. One of the plurality of OSI Level 2 switch ports is selected based on a load-balancing metric. The load-balancing metric may be a priority of the flow, a congestion characteristic, a prediction of a load usage for the flow, a combination thereof, or the like. A frame associated with the flow is sent over the selected one of the plurality of OSI Level 2 switch ports.

Abstract: A system, apparatus, and method for managing the flow of data on a network. A plurality of processors are used to implement a virtual queue, for controlling a rate of flow of data on the network. Each of the processors has a member queue, the combination of member queues combining to form the virtual queue. Aspects of the invention use messages to communicate among the processors, to properly control the rate of flow.

Abstract: A traffic management device (TMD), system, and processor-readable storage medium are directed to determining that an end-to-end encrypted session has been established between a client and an authentication server, intercepting and decrypting subsequent task traffic from the client, and forwarding the intercepted traffic toward a server. In some embodiments, a second connection between the TMD and server may be employed to forward the intercepted traffic, and the second connection may be unencrypted or encrypted with a different mechanism than the encrypted connection to the authentication server. The encrypted connection to the authentication server may be maintained following authentication to enable termination of the second connection if the client becomes untrusted, and/or to enable logging of client requests, connection information, and the like. In some embodiments, the TMD may act as a proxy to provide client access to a number of servers and/or resources.

Abstract: A plurality of network file manager switches interoperate to provide remote file virtualization. Copies of file data and/or metadata are maintained at a central site and at one or more remote sites. The network file manager switch at the remote site may satisfy certain client requests locally without having to contact the network file manager switch at the central site. A global namespace is maintained and is communicated to all network file manager switches.

Abstract: A system, apparatus, and method are directed towards managing traffic over a network by imposing temporal delays in acknowledgments (ACKs). A Traffic Management Device (TMD), interposed between two network session end-points monitors a buffer of relayed packets. If the contents of the buffer exceed a threshold value, delays are imposed on sending of acknowledgements. If the buffer contents exceed the threshold, and the buffer's contents are increasing, the delays may be increased. If the buffer's contents are about at steady state, the acknowledgement delays may be decreased, or maintained at a current delay status. In one embodiment, if the sender is sending packets at a rate above a receiver's ability to receive the packets, and the sender appears not to be decreasing its rate of transmission, an explicit congestion notification echo (ECE) may be sent to the sender.

Abstract: A system and method for directing network connections. The invention enables a network device to direct subsequent connections from a client to a server for accessing resources. A process extracts a persistence key from a received message, and employs the persistence key to identify the appropriate server. An interface is provided, enabling a user program to direct the process of extracting the persistence key. The invention also provides a way for multiple clients to persist to a common server.

Abstract: Methods and systems are directed to dynamically mirroring a connection between network devices. Mirroring is managed by forwarding a packet between a first network device and a second network device. In one method, the first network device receives the packet from a client and communicates the packet to the second network device. A forwarding device, pre-determined from the first and second network devices, forwards the packet to a server. The first network device receives a response from the server, and communicates it to the second network device. The forwarding device forwards the response packet to the client. In one configuration, the first network device and forwarding device is an active device, and the second network device is a standby device. In another configuration, the first network device is a standby device, and the second network device and forwarding device is an active device.

Abstract: Methods, systems, and devices are described for stateful failover in traffic manager module functioning as a proxy between at least one first network device and at least one server. In a first set of embodiments, an amount of synchronized state information may be reduced through a controlled use of acknowledgment messages. In a second set of embodiments, state information may be synchronized to a standby traffic manager module in response to changes in a sequence number delta between two logically paired connections. In a third set of embodiments, connections may be restored at a standby traffic manager module based on stored connection information, a synchronized sequence number delta stack, and rediscovered sequence numbers.

Abstract: Methods, systems, and devices are described for managing network communications. A traffic manager module may receive a message from a first network device to a second network device. The traffic manager module may serve as a proxy between the first network device and the second network device. The traffic manager module may perform an application layer inspection at the traffic manager module on at least one of the message or a response to the message from the second network device, and forward the message or the response to the message to a third network device based on the application layer inspection at the traffic manager module.

Abstract: Methods, systems, and devices are described for managing network communications at a traffic manager module serving as a proxy to at least one network service for at least one client device. The traffic manager module may maintaining a SYN request cache for a socket implemented by the traffic manager module. Active SYN request messages may be stored at the socket in the SYN request cache. The traffic manager module may determine a status of the SYN request cache and ignore additional SYN request messages at the socket based on the determined status of the SYN request cache.

Abstract: Methods, systems, and devices are described for managing network communications. A traffic manager module configured to serve as a proxy between a plurality of client devices and a network service may receive a plurality of messages for the network service. Each message may be associated with at least one QoS parameter. The traffic manager module may transmit the plurality of messages to the network service over a connection between the traffic manager module and the network service. The QoS of the connection between the traffic manager module and the network service may be dynamically altered during the transmission of a first message of the plurality of messages based on the at least one QoS parameter associated with the first message.

Abstract: Methods, systems, and devices are described for managing network communications. A traffic manager module may receive a script over a management plane of a packet core, interpret the script to identify a traffic management policy; and dynamically modify at least one aspect of a proxy connection over a bearer plane of the packet core at the traffic manager module based on the identified traffic management policy.

Abstract: A traffic manager system comprises communications servers, including one or more active and backup servers. At least one of the communications servers mirrors the communications of the other server involving one or more other network devices, including the encrypted communications. At least one backup server obtains a security value associated with the encrypted communications of at least one active server to independently derive the same key. The backup servers use the keys to engage in the encrypted communications when the active servers become unavailable, for example, without requiring the backup server to reinitiate the encrypted communications.

Abstract: Embodiments are directed towards establishing a plurality of connections between each of a plurality of first computing devices in a primary chassis with each of a plurality of second computing devices in a failover chassis. A first computing device uses the plurality of connections as mesh connections to select a second computing device in which to route information about received packets. Routing of information about the packets to the selected second computing device includes modifying a source port number in the packets to include an identifier of the first computing device and an identifier of the second computing device. The information may indicate that the failover chassis is to perform specialized routing of the modified packets.

Abstract: A method and system for reducing memory required to maintain connection states in a traffic manager. A network device receives a message from a client in which at least a portion of the message is to be forward to a first server. If the network device is maintaining information for facilitating a first connection with a second server, the network device maintains a subset of the information for use in restoring the first connection and frees memory associated with information that is not needed for restoring the first connection. The network device then employs other previously stored information to restore the state of a second connection to the first server. The network device then sends at least a portion of the message to the first server using the second connection.

Abstract: A system, non-transitory machine readable medium and method of delayed packetization of data packets is disclosed. The system and method includes requesting authorization from a QoS queue to transmit an intended data packet over a network, wherein the authorization request is sent from an application module of a transmitting network device. The system and method includes receiving from the QoS queue a transmission order to transmit the intended data packet at a future time. The system and method includes packetizing the intended data packet in accordance with the transmission order at the future time. The system and method includes transmitting the packetized data packet over a network to a receiving network device.