Abstract: A method, computer readable medium, and application delivery controller apparatus for content inlining includes obtaining content from one or more servers as requested by one or more clients, obtaining external content from the one or more servers as referenced by one or more external references included in the requested content, modifying the requested content to include at least one of the external content, and servicing the client request by communicating the modified requested content.

Abstract: Embodiments are directed to providing access to a resource over a network. A client device may request access to a server. An application may be provided to the client device. The application may cause control of the client device to be switched from a first desktop to a secure desktop. The secure desktop may be configured to restrict applications access to within the secure desktop. An indication of the resource on the server to map to may be received at the client device. The indicated resource may be mapped onto a file system on the client device. Mapping may comprise using a remote file access protocol, using DLL injection, or adding a kernel module to an operating system on the client device. The mapped resource may be constrained to be accessed through the secure desktop.

Abstract: A method, computer readable medium, and system independently managing network applications within a network traffic management device communicating with networked clients and servers include monitoring with a network device a plurality of applications communicating over a plurality of direct memory access (DMA) channels established across a bus. The network device receives a request from a first application communicating over a first DMA channel in the plurality of DMA channels to restart the first DMA channel. In response to the request, the first DMA channel is disabled with the network device while allowing other executing applications in the plurality of applications to continue to communicate over other DMA channels in the plurality of DMA channels. A state of the first DMA channel is cleared independently from other DMA channels in the plurality of DMA channels, and communications for the first application over the first DMA channel are resumed with the network device.

Abstract: A system and method for improving TCP performance in a L2 tunneling environment by snooping TCP/IP packets from the tunnel interface, terminating TCP locally and proxying TCP data in separate TCP connections. In particular, the system and method detects an encapsulated outgoing packet utilizing a Layer 2 tunneling protocol, processes a Point to Point Protocol layer in the outgoing packet to establishing Layer 2 tunneling protocol for a connection. The system and method also removes the Point to Point Protocol layer from the outgoing packet and inspects the outgoing packet for TCP information in the packet. The system and method forwards the outgoing packet to a locally driven application protocol path if TCP information is present, wherein the outgoing packet is encapsulated in association with the application protocol path.

Abstract: A system and method of idle driven scheduling in a network device is disclosed. An interrupt signal is received from a timer, wherein a network processing component of a network device awakes from sleep mode of a first sleep duration for a first cycle upon receiving the interrupt signal. Load information of a computer processing unit in the network device for the first cycle is determined. A second sleep duration is selected for the network processing component in a second cycle based on the load information, wherein the second sleep duration is different from the first sleep duration. The timer is then instructed to send the interrupt signal to the network processing component at an expiration of the second sleep duration.

Abstract: A program code data structure is described. The data structure contains substantive code of a multithreaded computer program that includes a plurality of communicating instructions that effect communication between threads. The data structure further contains, at each of one or more points in the substantive code, an indication that, when the computer program is being executed, one or more communicating instructions that are in a selected relationship with the indication should be executed by any thread that reaches the point in a particular order relative to execution of one or more other communicating instructions by other threads. The contents of the data structure may be used to determine an order in which to execute communicating instructions.

Abstract: A system and method of idle driven scheduling in a network device is disclosed. An interrupt signal is received from a timer, wherein a network processing component of a network device awakes from sleep mode of a first sleep duration for a first cycle upon receiving the interrupt signal. Load information of a computer processing unit in the network device for the first cycle is determined. A second sleep duration is selected for the network processing component in a second cycle based on the load information, wherein the second sleep duration is different from the first sleep duration. The timer is then instructed to send the interrupt signal to the network processing component at an expiration of the second sleep duration.

Abstract: Embodiments are directed towards providing protection to DNS servers against DNS flood attacks by causing a requesting device to perform multiple DNS lookup requests for resolving a resource record. A request from a network device for a resolution of a domain name may be received by a device interposed between the requesting network device and a DNS server. Upon receiving the request to resolve the domain name, the interposed device may respond with a CNAME that includes a cookie. The requesting device may then send another request that includes the cookie preceded CNAME. The interposed device may then validate the returned cookie returned in the CNAME and if valid, forward the domain name resolution request on to a DNS server. The response may then be forwarded to the requesting device.

Abstract: A system, apparatus, and method are directed to managing an ordered page flow browsing of a website. As a request is received for a webpage on the website, a referrer is examined. If the referrer indicates that the request is from another website, the request may be redirected to a pre-selected webpage on the website. In addition, a cookie may be generated that includes, in part, the request and a secret. The request and rotating secret may also be encrypted. The cookie may then be provided along with a response to the request. When another request is received with the cookie, the cookie may be compared, in part, with the referrer and the secret to determine if the request is from an ordered page within the website. If it is not, the request may be redirected to the pre-selected webpage, thereby enforcing orderly page flow browsing.

Abstract: A method and apparatus for handling packets received from a server over a network based upon quality of network service on DMA channels includes inspecting a packet received by a network device, classifying the inspected packet with the network device based on one or more class of service identifiers in the packet, assigning with the network device the classified packet to one of a plurality of DMA rings associated with a DMA channel based on the one or more class of service identifiers in the packet, and moving the assigned packet to a host memory based upon the assigning.

Abstract: A system, computer readable medium and method of load balancing of requests between Diameter-enabled network devices is disclosed. Processing occurs at a signal controller in communication with a first Diameter-enabled network device and a second Diameter-enabled network device, request handling capacity of at least the second Diameter-enabled network device. One or more tokens are allocated for inbound requests from the first Diameter-enabled network device to the second Diameter-enabled network device. The second Diameter-enabled network device is notified of the one or more allocated tokens for handling a corresponding number of requests from the first Diameter-enabled network device. Transmission of the corresponding number of requests from the first Diameter-enabled network device to the second Diameter-enabled network device is coordinated by the signal controller.

Abstract: A system and method which includes monitoring an existing first connection to a secured network domain. A first network configuration is employed to access the secured network domain via the first connection. An available second connection to the network domain is detected, whereby the system and method automatically switch to the second connection to access the secured network domain upon detecting a termination with the first connection. Access to the secured network domain, via the second connection, is established by employing a second network configuration. In an aspect, the first connection is by cable and the first network configuration is associated with direct access to the secured network domain. In an aspect, the second connection is a wired or wireless signal and the second network configuration is associated with a Virtual Private Network (VPN) connection.

Abstract: A system, method, and computer readable medium for sharing bandwidth among executing application programs across a packetized bus for packets from multiple DMA channels includes receiving at a network traffic management device first and second network packets from respective first and second DMA channels. The received packets are segmented into respective one or more constituent CPU bus packets. The segmented constituent CPU bus packets are interleaved for transmission across a packetized CPU bus.

Abstract: A method and system for forwarding messages received at a traffic manager. A traffic manager receives a message from a first connection to a client computer. At least a part of the message is to be forwarded to a server. If a connection exists to the server that matches the first connection, at least a part of the message is forwarded to the server by employing the existing connection. Otherwise, a source address is selected with which to communicate with the server. A new connection that includes the source address and a destination address associated with the server is opened. In addition, information associating the source address and the destination address with the first connection is stored. This information may then be used to map a response received from the server to the first connection.

Abstract: A method, computer readable medium, system and apparatus that acquires data link timing includes sequentially introducing a delay and sampling data on a link after each sequentially introduced delay. A starting edge of a valid data eye and a trailing edge of the valid data eye during the sequentially introducing the delay and the sampling of the data is determined. The sequentially introduced delay when the starting edge of the valid data eye is detected and a subsequently introduced delay when the trailing edge of the valid data eye is detected are recorded. A bit sampling time that provides the timing for the sampling of data in the valid data eye between the sequentially introduced delay and the subsequently introduced delay is determined. By way of example, an optimum bit sampling time is determined as a mean from the transition of the starting edge of the valid data eye to the trailing edge of the valid data eye. The bit sampling time for the sampling of data is applied and the link is established.

Abstract: A method, computer readable medium, and device for providing authenticated domain name service includes forwarding at a traffic management device a request for a domain name from a client device to one or more servers coupled to the traffic management device. The traffic management device receives a first response comprising at least a portion of the domain name from the one or more servers. The traffic management device attaches a first signature to the first response when the first response is determined by the traffic management device to be an unauthenticated response, and provides the first response with the first signature to the client device.

Abstract: A system, apparatus, and method for managing TCP over TCP communications using multiple TCP network connections. A plurality of tunneled network connections may be established between network devices. The network devices may employ one of the tunneled network connections over which to establish a plurality of application sessions. If congestion is detected on the employed tunneled network connection that exceeds a threshold, then a reset flag may be sent to abort that tunneled network connection. At least some of the application sessions are also transferred to another one of plurality of tunneled network connections, without terminating the moved application sessions. In one embodiment, at least one more tunneled network connection may be established between the network devices.

Abstract: A method, computer readable medium, and system for implementing adaptive forward error correction in a network includes converting at a first computing device a number K of original data packets into a number N of error correction packets for forward error correction for a transmission to a second computing device. A subset number S1 of the number N of the error correction packets which is less than the number N of error correction packets is determined at the first computing device based on a loss rate for the transmission to the second computing device. The determined subset number S1 of the number N of the error correction packets is transmitted from the first computing device to the second computing device.

Abstract: An inventive apparatus that integrates the operation of a hard disk emulator and a cryptographic accelerator on a single blade server card. An application with cryptographic operations can off load computationally intensive calculations to the cryptographic accelerator so that the speed at which the application performs actions can be increased significantly. Typically, the hard disk emulator is a flash memory component and the accelerator can perform at least modular exponentiation calculations. One bus is employed for communication between the hard disk emulator and the accelerator. Another bus is employed to communicate with other resources off the card. Often, the card is configured to operate as one of a several blade servers in a chassis.

Abstract: A facility for identifying functionally distinct memory access reorderings for a multithreaded program is described. The facility monitors execution of the program to detect, for each of one or more memory locations, an order in which the memory location was accessed by the threads of the program, each access being at least one of a read access and a write access. Among a number of possible memory access reorderings of a read access by a reading thread to a location and a write access by a writing thread to the same location where the write access preceded the read access, the facility identifies as functionally distinct memory access reorderings those possible memory access reorderings where the reading thread could have become newly aware of changed state of the writing thread as a result of the indicated read access.