Patents Assigned to F5 Networks, Inc.
-
Patent number: 8627467Abstract: A system and method for selectively storing one or more web objects in a memory is disclosed. A server response is received at a network traffic management device, wherein the server response is associated with a client request sent from a client device and includes at least one web object. The server response is analyzed using a security module of the network traffic management device which determines if the at least a portion of the server response contains suspicious content in relation to one or more defined policy parameters handled by the security module. An instruction is sent from the security module to a cache module of the network traffic management device upon determining that the at least a portion of the server response contains suspicious information, wherein the cache module does not store the at least one web object upon receiving the instruction.Type: GrantFiled: October 19, 2011Date of Patent: January 7, 2014Assignee: F5 Networks, Inc.Inventors: Yuval Levy, Ron Talmor, Beni Serfaty
-
Patent number: 8621078Abstract: A method, system, and apparatus are directed towards dynamically managing certificates for a virtual host server. A certificate may be uniquely associated with each of the websites hosted on the virtual host. In one embodiment, the certificate is an X.509 certificate. Also, the certificate may be managed by a network device residing between a client and the virtual host server. When the client that is browsing one of the hosted websites, the network device may store a persistence record that maps client information to the hosted website. The client may employ an SSL protocol to establish a secure connection. When a certificate associated with the hosted website is to be provided, the network device uses the persistence record to determine which hosted website the client was browsing, selects, and provides the appropriate certificate to the client.Type: GrantFiled: September 29, 2005Date of Patent: December 31, 2013Assignee: F5 Networks, Inc.Inventors: Arindum Mukerji, Jesse Abraham Rothstein, Tao Liu, Jonathan Mini
-
Patent number: 8615010Abstract: A system and method is directed to routing a packet over a network to a probe. The system includes a replicator and a distributor. The replicator receives a packet from a client and replicates the packet. The distributor is either out-of-band or in-band to a flow of traffic between the client and a server. In the out-of-band configuration, the distributor forwards the replicate packet to at least one probe in a plurality of probes. The distributor receives a response to the replicate packet and transforms a source MAC address in the response to a MAC address of the distributor. The distributor forwards the transformed packet. The replicator forwards the original packet. In the in-band configuration, the distributor selects and forwards the original packet to a server using a first forwarding mechanism, and selects and forwards the replicate packet to a probe using a second forwarding mechanism.Type: GrantFiled: February 18, 2009Date of Patent: December 24, 2013Assignee: F5 Networks, Inc.Inventor: Richard Roderick Masters
-
Patent number: 8611222Abstract: A system, apparatus, and method are directed towards selectively combining data into a packet to modify a number of packets transmitted over a network based on a detection of a transaction boundary. If it is determined to concatenate the data, such concatenation may continue until an acknowledgement (ACK) is received, or a predetermined amount of data is concatenated in the packet, or a transaction boundary is detected. If at least one of these conditions is satisfied, concatenation may be inhibited, and the packet may be sent. Concatenation is then re-enabled. In one embodiment, Nagle's algorithm is used for concatenating data into a packet. In one embodiment, an ACK may be sent based on a write completion indicator included within a packet. Receipt of the ACK may disable concatenation.Type: GrantFiled: August 22, 2012Date of Patent: December 17, 2013Assignee: F5 Networks, Inc.Inventors: Arindum Mukerji, Jesse Abraham Rothstein
-
Patent number: 8612374Abstract: A method, computer readable, and apparatus for read-ahead prediction of subsequent requests to send data between a client coupled to a server via a network includes receiving at a traffic management device a request for a part of at least one of a data file and metadata. The traffic management device selects from two or more of a sequential prediction engine, an expert prediction engine and a learning prediction engine to predict a read-ahead of the at least one of the data file and metadata. One or more additional read-ahead parts of the at least one of the data file and metadata are determined with the traffic management device based on the selecting.Type: GrantFiled: November 23, 2009Date of Patent: December 17, 2013Assignee: F5 Networks, Inc.Inventors: Saxon Amdahl, Vinod Jayaraman
-
Patent number: 8613045Abstract: Embodiments are directed to providing access to a resource over a network. A client device may request access to a server. An application may be provided to the client device. The application may cause control of the client device to be switched from a first desktop to a secure desktop. The secure desktop may be configured to restrict applications access to within the secure desktop. An indication of the resource on the server to map to may be received at the client device. The indicated resource may be mapped onto a file system on the client device. Mapping may comprise using a remote file access protocol, using DLL injection, or adding a kernel module to an operating system on the client device. The mapped resource may be constrained to be accessed through the secure desktop.Type: GrantFiled: May 1, 2008Date of Patent: December 17, 2013Assignee: F5 Networks, Inc.Inventor: Andrey Shigapov
-
Patent number: 8572219Abstract: A system, apparatus, and method are directed to network communication over a tunnel by downloading selective tunneling (STM) components into memory of a client device. The STM components selectively employ tunneling to route network traffic to a requested resource. The STM components may include a network API, application, and a tunnel manager that have been modified based in part on a client configuration. As a network request is made it is evaluated against the client configuration. If the connection is to be tunneled, a network tunnel is selectively established. If the client configuration and/or the request indicate that the request is to be un-tunneled, an un-tunneled network connection may instead be established. The client configuration may also indicate that the client device is to be redirected to enable remediation. When the application component is closed, or otherwise terminated, the client's memory may be purged of the loaded STM components.Type: GrantFiled: March 22, 2006Date of Patent: October 29, 2013Assignee: F5 Networks, Inc.Inventor: Andrey Shigapov
-
Patent number: 8565088Abstract: A system, apparatus, and method are directed towards selectively combining data into a packet to modify a number of packets transmitted over a network based on a detection of a transaction boundary. If it is determined to concatenate the data, such concatenation may continue until an acknowledgement (ACK) is received, or a predetermined amount of data is concatenated in the packet, or a transaction boundary is detected. If at least one of these conditions is satisfied, concatenation may be inhibited, and the packet may be sent. Concatenation is then re-enabled. In one embodiment, Nagle's algorithm is used for concatenating data into a packet. In one embodiment, an ACK may be sent based on a write completion indicator included within a packet. Receipt of the ACK may disable concatenation.Type: GrantFiled: March 2, 2006Date of Patent: October 22, 2013Assignee: F5 Networks, Inc.Inventors: Arindum Mukerji, Jesse Abraham Rothstein
-
Patent number: 8566452Abstract: A system, apparatus, and method are directed to converting from a use of a HTTPS connection to a tunnel connection while maintaining an underlying connection between a client and a server. An HTTPS connection is employed to establish a network connection between a client device and a network device. A gateway is selected to receive a request from the client device. In one embodiment, selecting may comprise using load-balancing, cookie-persistence, or the like. Subsequently, the HTTPS connection is transitioned to another application layer communication protocol connection. Transitioning may comprise converting from a use of a first protocol stack configured to process a HTTP connection to a second protocol stack configured to process a non-HTTP based application protocol connection, and establishing a tunnel between the client device and a server through the selected gateway.Type: GrantFiled: July 31, 2007Date of Patent: October 22, 2013Assignee: F5 Networks, Inc.Inventors: James S. Goodwin, III, Amit Jain, Ravi Natarajan
-
Patent number: 8566444Abstract: A method and system for checking data against a plurality of rules simultaneously. A data string having keywords in the data string is received. All of the keywords in the data string are simultaneously examined against rule keywords using for example, a finite state machine constructed by the Aho-Corasick algorithm. The rule keyword represents at least one rule of the plurality of rules. It is determined which of the plurality of rules are satisfied by the data string based on whether each keyword matches the rule keywords. Such rules may be used for application such as negative security policies.Type: GrantFiled: October 30, 2008Date of Patent: October 22, 2013Assignee: F5 Networks, Inc.Inventor: Shlomo Yona
-
Patent number: 8559313Abstract: A system, apparatus, and method are directed towards selectively combining data into a packet to modify a number of packets transmitted over a network based on a detection of a transaction boundary. If it is determined to concatenate the data, such concatenation may continue until an acknowledgement (ACK) is received, or a predetermined amount of data is concatenated in the packet, or a transaction boundary is detected. If at least one of these conditions is satisfied, concatenation may be inhibited, and the packet may be sent. Concatenation is then re-enabled. In one embodiment, Nagle's algorithm is used for concatenating data into a packet. In one embodiment, an ACK may be sent based on a write completion indicator included within a packet. Receipt of the ACK may disable concatenation.Type: GrantFiled: September 9, 2011Date of Patent: October 15, 2013Assignee: F5 Networks, Inc.Inventors: Arindum Mukerji, Jesse Abraham Rothstein
-
Patent number: 8560709Abstract: An apparatus and method are directed to managing access to an enterprise resource over a virtual private network by employing a dynamic policy. A client device is configured to log into a network device. The network device receives information about the client device, including information about its configuration and environment. Based, in part, on received information a policy for access is applied to the client device. For example, in one embodiment, the policy may allow only email access from a public kiosk client device, but full intranet access from an enterprise configured client device. The policy may further enable a restriction for the client device that may restrict, for example, what documents may be saved by the client device. In one embodiment, the restriction is enabled using a virtual sandbox.Type: GrantFiled: February 25, 2004Date of Patent: October 15, 2013Assignee: F5 Networks, Inc.Inventors: Sergey Shokhor, Andrey Shigapov
-
Patent number: 8554999Abstract: A method, computer readable medium, and system for generating a response includes determining from which of a plurality of levels of cache to retrieve a response. The determination is based on a number of matches between current user session data associated with a current request and stored user session data rewritten into each of one or more metadata data variables for the response when a current request for the response matches at least one prior stored request for the response. The response from the determined level of the plurality of levels of cache is provided.Type: GrantFiled: May 25, 2012Date of Patent: October 8, 2013Assignee: F5 Networks, Inc.Inventor: Ravi Natarajan
-
Patent number: 8548953Abstract: A method and apparatus for removing duplicated data in a file system utilizing the concept of storage tiers. A synthetic namespace is created via file virtualization, and is comprised of one or more file systems. Deduplication is applied at the namespace level and on all of the file systems comprising the synthetic namespace. All files in a file system in a higher storage tier whose contents are identical to at least one other file in the synthetic namespace are moved to a destination file system in a lower storage tier. For each set of duplicated files that are moved from the original servers, a single instance copy of the file is left behind as a mirror copy. Read access to a duplicated file is redirected to its mirror copy. When the first write to a duplicated file is received, the association from the duplicated file stored in the destination server to its mirror copy that is stored in the origin server is discarded.Type: GrantFiled: November 11, 2008Date of Patent: October 1, 2013Assignee: F5 Networks, Inc.Inventors: Thomas K. Wong, Ron S. Vogel
-
Patent number: 8549582Abstract: A method, computer readable medium, and system that handles a multi-protocol name in a virtualization environment includes determining and predicting with a virtualization management computing device when a name collision occurs between content names of different content accessible by two or more protocols. The virtualization management computing device restricts access to the different content in one or more network attached storage devices when the name collision is determined to occur to one or more of the protocols which can distinguish the different content. It preserves access to the different content in certain cases where the collision can be predicted.Type: GrantFiled: July 9, 2009Date of Patent: October 1, 2013Assignee: F5 Networks, Inc.Inventors: Michael John Andrews, Stephen Thomas Rust
-
Patent number: 8537825Abstract: Upon detecting a data event initiating an update to a table, a first classifier index associated with the data event is identified. From a classifier table, the current position in a first dimension of the table associated with the classifier index is determined. An open position in the first dimension of the table is also identified. Updated data is stored in the open position within the table. In the classifier table, the open position storing the updated data is associated with the classifier index.Type: GrantFiled: March 9, 2011Date of Patent: September 17, 2013Assignee: F5 Networks, Inc.Inventor: Alan Mimms
-
Patent number: 8539062Abstract: A system and method for directing network connections. The invention enables a network device to direct subsequent connections from a client to a server for accessing resources. A process extracts a persistence key from a received message, and employs the persistence key to identify the appropriate server. An interface is provided, enabling a user program to direct the process of extracting the persistence key. The invention also provides a way for multiple clients to persist to a common server.Type: GrantFiled: April 12, 2012Date of Patent: September 17, 2013Assignee: F5 Networks, Inc.Inventors: Richard Roderick Masters, David A. Hansen
-
Patent number: 8533308Abstract: A traffic management device or other intermediate network device is configured to enable the device to support connection splitting and/or connection aggregation or to otherwise process network transactions for an arbitrary transaction-oriented protocol. The configuration may be accomplished by providing one or more traffic management rules defined by way of a scripting language and provided to an interpreter. The traffic management rule may follow a basic approach common to many protocols and is adapted to the particular protocol being supported. The rule may configure the network device to inspect incoming data, extract length and record type specifiers, buffer an appropriate amount of data to determine transactions or transaction boundaries, and perform other operations.Type: GrantFiled: October 5, 2005Date of Patent: September 10, 2013Assignee: F5 Networks, Inc.Inventor: Jesse Abraham Rothstein
-
Patent number: 8533254Abstract: A system and method is directed to replicating packet transactions over a network. The system includes a replication component and a plurality of servers enabled to include substantially the same content. The replication component receives a packet from a client and forwards it to a first server. If the packet is to be replicated, a replicate of the packet is forwarded to the other servers in the plurality of servers so that at least a portion of the content on the first server and the other servers are synchronized. Forwarding of the replicate packet may be delayed for some period of time, and need not be concurrent. If responses received from each server are substantially the same, a message is sent to the client. Moreover, transaction replication can occur across servers arranged in different configurations, including disparate databases.Type: GrantFiled: June 17, 2003Date of Patent: September 10, 2013Assignee: F5 Networks, Inc.Inventors: William Charles Whitson, Jr., Richard Roderick Masters
-
Patent number: 8533662Abstract: The present invention provides a method and system for performing operations on data using XML streams. An XML schema defines a limited set of operations that may be performed on data. These operations include addition, subtraction, multiplication and division. The operations are placed in an XML stream that conforms to the XML schema. The XML stream may perform one or more of the defined operations on the data. The limited set of operations allows data to be validated and processed without excessive overhead.Type: GrantFiled: October 5, 2007Date of Patent: September 10, 2013Assignee: F5 Networks, Inc.Inventor: Arun T. Jacob