Patents Assigned to F5 Networks, Inc.
  • Patent number: 8627467
    Abstract: A system and method for selectively storing one or more web objects in a memory is disclosed. A server response is received at a network traffic management device, wherein the server response is associated with a client request sent from a client device and includes at least one web object. The server response is analyzed using a security module of the network traffic management device which determines if the at least a portion of the server response contains suspicious content in relation to one or more defined policy parameters handled by the security module. An instruction is sent from the security module to a cache module of the network traffic management device upon determining that the at least a portion of the server response contains suspicious information, wherein the cache module does not store the at least one web object upon receiving the instruction.
    Type: Grant
    Filed: October 19, 2011
    Date of Patent: January 7, 2014
    Assignee: F5 Networks, Inc.
    Inventors: Yuval Levy, Ron Talmor, Beni Serfaty
  • Patent number: 8621078
    Abstract: A method, system, and apparatus are directed towards dynamically managing certificates for a virtual host server. A certificate may be uniquely associated with each of the websites hosted on the virtual host. In one embodiment, the certificate is an X.509 certificate. Also, the certificate may be managed by a network device residing between a client and the virtual host server. When the client that is browsing one of the hosted websites, the network device may store a persistence record that maps client information to the hosted website. The client may employ an SSL protocol to establish a secure connection. When a certificate associated with the hosted website is to be provided, the network device uses the persistence record to determine which hosted website the client was browsing, selects, and provides the appropriate certificate to the client.
    Type: Grant
    Filed: September 29, 2005
    Date of Patent: December 31, 2013
    Assignee: F5 Networks, Inc.
    Inventors: Arindum Mukerji, Jesse Abraham Rothstein, Tao Liu, Jonathan Mini
  • Patent number: 8615010
    Abstract: A system and method is directed to routing a packet over a network to a probe. The system includes a replicator and a distributor. The replicator receives a packet from a client and replicates the packet. The distributor is either out-of-band or in-band to a flow of traffic between the client and a server. In the out-of-band configuration, the distributor forwards the replicate packet to at least one probe in a plurality of probes. The distributor receives a response to the replicate packet and transforms a source MAC address in the response to a MAC address of the distributor. The distributor forwards the transformed packet. The replicator forwards the original packet. In the in-band configuration, the distributor selects and forwards the original packet to a server using a first forwarding mechanism, and selects and forwards the replicate packet to a probe using a second forwarding mechanism.
    Type: Grant
    Filed: February 18, 2009
    Date of Patent: December 24, 2013
    Assignee: F5 Networks, Inc.
    Inventor: Richard Roderick Masters
  • Patent number: 8611222
    Abstract: A system, apparatus, and method are directed towards selectively combining data into a packet to modify a number of packets transmitted over a network based on a detection of a transaction boundary. If it is determined to concatenate the data, such concatenation may continue until an acknowledgement (ACK) is received, or a predetermined amount of data is concatenated in the packet, or a transaction boundary is detected. If at least one of these conditions is satisfied, concatenation may be inhibited, and the packet may be sent. Concatenation is then re-enabled. In one embodiment, Nagle's algorithm is used for concatenating data into a packet. In one embodiment, an ACK may be sent based on a write completion indicator included within a packet. Receipt of the ACK may disable concatenation.
    Type: Grant
    Filed: August 22, 2012
    Date of Patent: December 17, 2013
    Assignee: F5 Networks, Inc.
    Inventors: Arindum Mukerji, Jesse Abraham Rothstein
  • Patent number: 8612374
    Abstract: A method, computer readable, and apparatus for read-ahead prediction of subsequent requests to send data between a client coupled to a server via a network includes receiving at a traffic management device a request for a part of at least one of a data file and metadata. The traffic management device selects from two or more of a sequential prediction engine, an expert prediction engine and a learning prediction engine to predict a read-ahead of the at least one of the data file and metadata. One or more additional read-ahead parts of the at least one of the data file and metadata are determined with the traffic management device based on the selecting.
    Type: Grant
    Filed: November 23, 2009
    Date of Patent: December 17, 2013
    Assignee: F5 Networks, Inc.
    Inventors: Saxon Amdahl, Vinod Jayaraman
  • Patent number: 8613045
    Abstract: Embodiments are directed to providing access to a resource over a network. A client device may request access to a server. An application may be provided to the client device. The application may cause control of the client device to be switched from a first desktop to a secure desktop. The secure desktop may be configured to restrict applications access to within the secure desktop. An indication of the resource on the server to map to may be received at the client device. The indicated resource may be mapped onto a file system on the client device. Mapping may comprise using a remote file access protocol, using DLL injection, or adding a kernel module to an operating system on the client device. The mapped resource may be constrained to be accessed through the secure desktop.
    Type: Grant
    Filed: May 1, 2008
    Date of Patent: December 17, 2013
    Assignee: F5 Networks, Inc.
    Inventor: Andrey Shigapov
  • Patent number: 8572219
    Abstract: A system, apparatus, and method are directed to network communication over a tunnel by downloading selective tunneling (STM) components into memory of a client device. The STM components selectively employ tunneling to route network traffic to a requested resource. The STM components may include a network API, application, and a tunnel manager that have been modified based in part on a client configuration. As a network request is made it is evaluated against the client configuration. If the connection is to be tunneled, a network tunnel is selectively established. If the client configuration and/or the request indicate that the request is to be un-tunneled, an un-tunneled network connection may instead be established. The client configuration may also indicate that the client device is to be redirected to enable remediation. When the application component is closed, or otherwise terminated, the client's memory may be purged of the loaded STM components.
    Type: Grant
    Filed: March 22, 2006
    Date of Patent: October 29, 2013
    Assignee: F5 Networks, Inc.
    Inventor: Andrey Shigapov
  • Patent number: 8565088
    Abstract: A system, apparatus, and method are directed towards selectively combining data into a packet to modify a number of packets transmitted over a network based on a detection of a transaction boundary. If it is determined to concatenate the data, such concatenation may continue until an acknowledgement (ACK) is received, or a predetermined amount of data is concatenated in the packet, or a transaction boundary is detected. If at least one of these conditions is satisfied, concatenation may be inhibited, and the packet may be sent. Concatenation is then re-enabled. In one embodiment, Nagle's algorithm is used for concatenating data into a packet. In one embodiment, an ACK may be sent based on a write completion indicator included within a packet. Receipt of the ACK may disable concatenation.
    Type: Grant
    Filed: March 2, 2006
    Date of Patent: October 22, 2013
    Assignee: F5 Networks, Inc.
    Inventors: Arindum Mukerji, Jesse Abraham Rothstein
  • Patent number: 8566452
    Abstract: A system, apparatus, and method are directed to converting from a use of a HTTPS connection to a tunnel connection while maintaining an underlying connection between a client and a server. An HTTPS connection is employed to establish a network connection between a client device and a network device. A gateway is selected to receive a request from the client device. In one embodiment, selecting may comprise using load-balancing, cookie-persistence, or the like. Subsequently, the HTTPS connection is transitioned to another application layer communication protocol connection. Transitioning may comprise converting from a use of a first protocol stack configured to process a HTTP connection to a second protocol stack configured to process a non-HTTP based application protocol connection, and establishing a tunnel between the client device and a server through the selected gateway.
    Type: Grant
    Filed: July 31, 2007
    Date of Patent: October 22, 2013
    Assignee: F5 Networks, Inc.
    Inventors: James S. Goodwin, III, Amit Jain, Ravi Natarajan
  • Patent number: 8566444
    Abstract: A method and system for checking data against a plurality of rules simultaneously. A data string having keywords in the data string is received. All of the keywords in the data string are simultaneously examined against rule keywords using for example, a finite state machine constructed by the Aho-Corasick algorithm. The rule keyword represents at least one rule of the plurality of rules. It is determined which of the plurality of rules are satisfied by the data string based on whether each keyword matches the rule keywords. Such rules may be used for application such as negative security policies.
    Type: Grant
    Filed: October 30, 2008
    Date of Patent: October 22, 2013
    Assignee: F5 Networks, Inc.
    Inventor: Shlomo Yona
  • Patent number: 8559313
    Abstract: A system, apparatus, and method are directed towards selectively combining data into a packet to modify a number of packets transmitted over a network based on a detection of a transaction boundary. If it is determined to concatenate the data, such concatenation may continue until an acknowledgement (ACK) is received, or a predetermined amount of data is concatenated in the packet, or a transaction boundary is detected. If at least one of these conditions is satisfied, concatenation may be inhibited, and the packet may be sent. Concatenation is then re-enabled. In one embodiment, Nagle's algorithm is used for concatenating data into a packet. In one embodiment, an ACK may be sent based on a write completion indicator included within a packet. Receipt of the ACK may disable concatenation.
    Type: Grant
    Filed: September 9, 2011
    Date of Patent: October 15, 2013
    Assignee: F5 Networks, Inc.
    Inventors: Arindum Mukerji, Jesse Abraham Rothstein
  • Patent number: 8560709
    Abstract: An apparatus and method are directed to managing access to an enterprise resource over a virtual private network by employing a dynamic policy. A client device is configured to log into a network device. The network device receives information about the client device, including information about its configuration and environment. Based, in part, on received information a policy for access is applied to the client device. For example, in one embodiment, the policy may allow only email access from a public kiosk client device, but full intranet access from an enterprise configured client device. The policy may further enable a restriction for the client device that may restrict, for example, what documents may be saved by the client device. In one embodiment, the restriction is enabled using a virtual sandbox.
    Type: Grant
    Filed: February 25, 2004
    Date of Patent: October 15, 2013
    Assignee: F5 Networks, Inc.
    Inventors: Sergey Shokhor, Andrey Shigapov
  • Patent number: 8554999
    Abstract: A method, computer readable medium, and system for generating a response includes determining from which of a plurality of levels of cache to retrieve a response. The determination is based on a number of matches between current user session data associated with a current request and stored user session data rewritten into each of one or more metadata data variables for the response when a current request for the response matches at least one prior stored request for the response. The response from the determined level of the plurality of levels of cache is provided.
    Type: Grant
    Filed: May 25, 2012
    Date of Patent: October 8, 2013
    Assignee: F5 Networks, Inc.
    Inventor: Ravi Natarajan
  • Patent number: 8548953
    Abstract: A method and apparatus for removing duplicated data in a file system utilizing the concept of storage tiers. A synthetic namespace is created via file virtualization, and is comprised of one or more file systems. Deduplication is applied at the namespace level and on all of the file systems comprising the synthetic namespace. All files in a file system in a higher storage tier whose contents are identical to at least one other file in the synthetic namespace are moved to a destination file system in a lower storage tier. For each set of duplicated files that are moved from the original servers, a single instance copy of the file is left behind as a mirror copy. Read access to a duplicated file is redirected to its mirror copy. When the first write to a duplicated file is received, the association from the duplicated file stored in the destination server to its mirror copy that is stored in the origin server is discarded.
    Type: Grant
    Filed: November 11, 2008
    Date of Patent: October 1, 2013
    Assignee: F5 Networks, Inc.
    Inventors: Thomas K. Wong, Ron S. Vogel
  • Patent number: 8549582
    Abstract: A method, computer readable medium, and system that handles a multi-protocol name in a virtualization environment includes determining and predicting with a virtualization management computing device when a name collision occurs between content names of different content accessible by two or more protocols. The virtualization management computing device restricts access to the different content in one or more network attached storage devices when the name collision is determined to occur to one or more of the protocols which can distinguish the different content. It preserves access to the different content in certain cases where the collision can be predicted.
    Type: Grant
    Filed: July 9, 2009
    Date of Patent: October 1, 2013
    Assignee: F5 Networks, Inc.
    Inventors: Michael John Andrews, Stephen Thomas Rust
  • Patent number: 8537825
    Abstract: Upon detecting a data event initiating an update to a table, a first classifier index associated with the data event is identified. From a classifier table, the current position in a first dimension of the table associated with the classifier index is determined. An open position in the first dimension of the table is also identified. Updated data is stored in the open position within the table. In the classifier table, the open position storing the updated data is associated with the classifier index.
    Type: Grant
    Filed: March 9, 2011
    Date of Patent: September 17, 2013
    Assignee: F5 Networks, Inc.
    Inventor: Alan Mimms
  • Patent number: 8539062
    Abstract: A system and method for directing network connections. The invention enables a network device to direct subsequent connections from a client to a server for accessing resources. A process extracts a persistence key from a received message, and employs the persistence key to identify the appropriate server. An interface is provided, enabling a user program to direct the process of extracting the persistence key. The invention also provides a way for multiple clients to persist to a common server.
    Type: Grant
    Filed: April 12, 2012
    Date of Patent: September 17, 2013
    Assignee: F5 Networks, Inc.
    Inventors: Richard Roderick Masters, David A. Hansen
  • Patent number: 8533308
    Abstract: A traffic management device or other intermediate network device is configured to enable the device to support connection splitting and/or connection aggregation or to otherwise process network transactions for an arbitrary transaction-oriented protocol. The configuration may be accomplished by providing one or more traffic management rules defined by way of a scripting language and provided to an interpreter. The traffic management rule may follow a basic approach common to many protocols and is adapted to the particular protocol being supported. The rule may configure the network device to inspect incoming data, extract length and record type specifiers, buffer an appropriate amount of data to determine transactions or transaction boundaries, and perform other operations.
    Type: Grant
    Filed: October 5, 2005
    Date of Patent: September 10, 2013
    Assignee: F5 Networks, Inc.
    Inventor: Jesse Abraham Rothstein
  • Patent number: 8533254
    Abstract: A system and method is directed to replicating packet transactions over a network. The system includes a replication component and a plurality of servers enabled to include substantially the same content. The replication component receives a packet from a client and forwards it to a first server. If the packet is to be replicated, a replicate of the packet is forwarded to the other servers in the plurality of servers so that at least a portion of the content on the first server and the other servers are synchronized. Forwarding of the replicate packet may be delayed for some period of time, and need not be concurrent. If responses received from each server are substantially the same, a message is sent to the client. Moreover, transaction replication can occur across servers arranged in different configurations, including disparate databases.
    Type: Grant
    Filed: June 17, 2003
    Date of Patent: September 10, 2013
    Assignee: F5 Networks, Inc.
    Inventors: William Charles Whitson, Jr., Richard Roderick Masters
  • Patent number: 8533662
    Abstract: The present invention provides a method and system for performing operations on data using XML streams. An XML schema defines a limited set of operations that may be performed on data. These operations include addition, subtraction, multiplication and division. The operations are placed in an XML stream that conforms to the XML schema. The XML stream may perform one or more of the defined operations on the data. The limited set of operations allows data to be validated and processed without excessive overhead.
    Type: Grant
    Filed: October 5, 2007
    Date of Patent: September 10, 2013
    Assignee: F5 Networks, Inc.
    Inventor: Arun T. Jacob