Abstract: A system, apparatus, and method selectively provides content compression to a client based, in part, on whether the network connection from the client is determined to be a high latency, low-bandwidth connection. The present invention gathers one or more network metrics associated with the connection from the client. In one embodiment, the metrics include estimated TCP metrics, including smoothed round trip time, maximum segment size (MSS), and bandwidth delay product (BWDP). These estimated network metrics are employed to make an application layer decision of whether the client connection is a high latency, low-bandwidth connection. If it is, then content may be selectively compressed virtually on the fly for transfer over the network connection. In one embodiment, the selective compression uses a content encoding compression feature of the HTTP protocol standard.

Abstract: A method, computer readable medium, and system for enhancing TCP communications includes transmitting a payload fragment for each of one or more of packets. A determination of which of the one or more packets to complete and reorder is made and a sequence in a completion fragment for one or more of the packets is adjusted based on the determination. One or more of the completion fragments are transmitted based on the determining to reassemble one or more of the transmitted payload fragments with one or more of the transmitted completion fragments based on the determination and adjustment.

Abstract: Methods and systems for efficient allocation of resources between child nodes of a parent node in a hierarchical system. The parent node has a limited number of resources available in a resource allocation phrase. The limited number of resources are allocated according to requests from the child nodes in the resource allocation phase. It is determined whether at least one of the child nodes has a request not met by the allocated resources. A bookmark associated with the child node is set for the additional required resources. Additional resources are allocated to the child node according to the bookmark in a subsequent resource allocation phase.

Abstract: A system, method and machine readable medium for automated policy building in a policy module of a network traffic management device is disclosed. Parsed network traffic data is received at a policy builder of a network traffic management device. The received network traffic data is analyzed in accordance with one or more threshold conditions specified by a user, via a user interface, for an existing policy. The existing policy is modified by the policy builder if the one or more threshold conditions for the network traffic have been met.

Abstract: A method, computer readable medium, and system for generating a response includes determining from which of a plurality of levels of cache to retrieve a response. The determination is based on a number of matches between current user session data associated with a current request and stored user session data rewritten into each of one or more metadata data variables for the response when a current request for the response matches at least one prior stored request for the response. The response from the determined level of the plurality of levels of cache is provided.

Abstract: Methods and systems are directed to dynamically mirroring a connection between network devices. Mirroring is managed by forwarding a packet between a first network device and a second network device. In one method, the first network device receives the packet from a client and communicates the packet to the second network device. A forwarding device, pre-determined from the first and second network devices, forwards the packet to a server. The first network device receives a response from the server, and communicates it to the second network device. The forwarding device forwards the response packet to the client. In one configuration, the first network device and forwarding device is an active device, and the second network device is a standby device. In another configuration, the first network device is a standby device, and the second network device and forwarding device is an active device.

Abstract: A method, computer readable medium, and a system for reconstituting a virtual snapshot of files in a file virtualization system includes forming at a file virtualization device a virtual snapshot that includes a plurality of physical snapshots associated with one or more file storage devices participating in the virtual snapshot, receiving a request for performing an operation on one or more physical snapshots in the plurality of physical snapshots, providing the one or more physical snapshots in response to the request for performing the operation when the one or more physical snapshots exists in the virtual snapshot, and reconstituting the virtual snapshot by including the one or more physical snapshots to form a reconstituted virtual snapshot in response to the request for performing the operation when the one or more physical snapshots do not exist in the virtual snapshot.

Abstract: A method, system, and apparatus are directed towards compression of content. A portion of content may be compressed using a compression mode. One or more criteria may be evaluated. Based on the evaluated criteria, a decision is made as to whether to select a different compression mode. If selected, the different compression mode may be used to compress another portion of the content. Additional compression modes may be selected and used to compress the content.

Abstract: A load balancer, comprising a network interface, a power conservation unit, and a routing module configured to route client requests received through the network interface to a plurality of servers. The power conservation unit is characterized by having a learning mode and a routing mode. In the learning mode one or more operation parameters of the servers are determined for a plurality of different external conditions and for a plurality of different values of one or more operation parameters of the routing module, and to generate a correlation table between the operation parameters of the routing module and the external conditions. In the routing mode the power conservation unit adjusts the operation parameters of the routing module responsive to the external conditions, using the correlation table.

Abstract: Embodiments are directed towards providing protection to DNS servers against DNS flood attacks by causing a requesting device to perform multiple DNS lookup requests for resolving a resource record. A request from a network device for a resolution of a domain name may be received by a device interposed between the requesting network device and a DNS server. Upon receiving the request to resolve the domain name, the interposed device may respond with a CNAME that includes a cookie. The requesting device may then send another request that includes the cookie preceded CNAME. The interposed device may then validate the returned cookie returned in the CNAME and if valid, forward the domain name resolution request on to a DNS server. The response may then be forwarded to the requesting device.

Abstract: In an aggregated file system, a method of processing a user file retrieves user file metadata and user data from a metadata server and applies operations to the user data in accordance with a file open request from a client. At the end of the process, the method stores the processed user data at a location in accordance with a predefined rule and updates the metadata in the metadata server to reference the processed user data at the location. In some embodiments, the predefined rule is to choose a location between the metadata server and a separate storage server in accordance with the size of the processed user data. If the size is still smaller than a predetermined threshold, the user data is stored in the metadata server. Otherwise, the user data is stored in the storage server.

Abstract: A method, system, machine-readable storage medium, and apparatus are directed towards upgrading a cluster by bifurcating the cluster into two virtual clusters, an “old” virtual cluster (old active cluster) and a “new” virtual cluster (new standby cluster), and iteratively upgrading members of the old cluster while moving them into the new cluster. While members are added to the new cluster, existing connections and new connections are seamlessly processed by the old cluster. Optionally, state mirroring occurs between the old cluster and the new cluster once the number of members of the old and new clusters are approximately equal. Once a threshold number of members have been transferred to the new cluster, control and processing may be taken over by the new cluster. Transfer of control from the old cluster to the new cluster may be performed by failing over connectivity from the old cluster to the new cluster.

Abstract: A method, computer readable medium, and a system for reconstituting a virtual snapshot of files in a file virtualization system includes forming at a file virtualization device a virtual snapshot that includes a plurality of physical snapshots associated with one or more file storage devices participating in the virtual snapshot, receiving a request for performing an operation on one or more physical snapshots in the plurality of physical snapshots, providing the one or more physical snapshots in response to the request for performing the operation when the one or more physical snapshots exists in the virtual snapshot, and reconstituting the virtual snapshot by including the one or more physical snapshots to form a reconstituted virtual snapshot in response to the request for performing the operation when the one or more physical snapshots do not exist in the virtual snapshot.

Abstract: The present invention relates to increasing performance of Wide Area Network (WAN) communications and in particular to a redundant proxy device associated with one end of a transport layer connection that monitors packet traffic and selectively reroutes packets to a proxy application.

Abstract: A method and system for controlling provisioning and access to cache servers with an application programming interface (API). The API includes components for performing various actions including: (i) prepopulating content on at least one cache server from a content server; (ii) expiring content on at least one cache server; (iii) pinning content in a memory of at least one cache server; (iv) assigning resources on at least one cache server in accordance with a quota; (v) retrieving content from at least one cache server; and (vi) flushing deleted content from at least one selected cache. The API may include a security layer. The security layer determines whether a requestor has permission to cause the requested action to be performed.

Abstract: A method, apparatus, and system are directed toward managing a Transmission Control Protocol/Internet Protocol (TCP/IP) handshake. A SYN-ACK cookie is determined based on a cryptographic operation using a secret key and at least one network characteristic. The SYN-ACK cookie is provided in a SYN message's field. The SYN message is sent from a client to a server. Another sequence number based on the received SYN-ACK cookie is included in a SYN-ACK message. The SYN-ACK message is sent to and received by the client. The other sequence number is validated based on the secret key to generate at least another network characteristic. A TCP/IP connection is established if the network characteristic matches the other network characteristic. In one embodiment, the component sending the SYN message may be a different component than the component receiving the SYN-ACK message. In this embodiment, the secret key may be shared between the two components.

Abstract: A switched file system, also termed a file switch, is logically positioned between client computers and file servers in a computer network. The file switch distributes user files among multiple file servers using aggregated file, transaction and directory mechanisms. The file switch distributes and aggregates the client data files in accordance with a predetermined set of aggregation rules. Each rule can be modified independently of the other rules. Different aggregation rules can be used for different types of files, thereby adapting the characteristics of the switched file system to the intended use and to the expected or historical access patterns for different data files.

Abstract: In a switched file system, a file switching device is logically positioned between clients and file servers and communicates with the clients and the file servers using standard network file protocols. The file switching device appears as a server to the client devices and as a client to the file servers. The file switching device aggregates storage from multiple file servers into a global filesystem and presents a global namespace to the client devices. The file switching device typically supports a “native” mode for integrating legacy files into the global namespace and an “extended” mode for actively managing files across one or more file servers. Typically, native-mode files may be accessed directly or indirectly via the file switching device, while extended-mode files may be accessed only through the file switching device. The file switching device may manage file storage using various types of rules, e.g., for managing multiple storage tiers or for applying different types of encoding schemes to files.

Abstract: A method, apparatus, and system are directed toward managing network traffic over a plurality of Open Systems Interconnection (OSI) Level 2 switch ports. A network traffic is received over the plurality of OSI Level 2 switch ports. At least a part of the network traffic is categorized into a flow. The categorization may be based on a IP address, an OSI Level 4 port, a protocol type, a Virtual Local Area Network (VLAN) number, or the like, associated with the network traffic. One of the plurality of OSI Level 2 switch ports is selected based on a load-balancing metric. The load-balancing metric may be a priority of the flow, a congestion characteristic, a prediction of a load usage for the flow, a combination thereof, or the like. A frame associated with the flow is sent over the selected one of the plurality of OSI Level 2 switch ports.

Abstract: A system, apparatus, and method for managing TCP over TCP communications using multiple TCP network connections. A plurality of tunneled network connections may be established between network devices. The network devices may employ one of the tunneled network connections over which to establish a plurality of application sessions. If congestion is detected on the employed tunneled network connection that exceeds a threshold, then a reset flag may be sent to abort that tunneled network connection. At least some of the application sessions are also transferred to another one of plurality of tunneled network connections, without terminating the moved application sessions. In one embodiment, at least one more tunneled network connection may be established between the network devices.