Abstract: A system, apparatus, and method selectively provides content compression to a client based, in part, on whether the network connection from the client is determined to be a high latency, low-bandwidth connection. The present invention gathers one or more network metrics associated with the connection from the client. In one embodiment, the metrics include estimated TCP metrics, including smoothed round trip time, maximum segment size (MSS), and bandwidth delay product (BWDP). These estimated network metrics are employed to make an application layer decision of whether the client connection is a high latency, low-bandwidth connection. If it is, then content may be selectively compressed virtually on the fly for transfer over the network connection. In one embodiment, the selective compression uses a content encoding compression feature of the HTTP protocol standard.

Abstract: A method, system, an apparatus are directed towards selectively prefetching content over a network. A request for a content object is received. The content object may comprise a link to another content object. A cachability measure for the link may be determined based on whether a plurality of previous requests for the link returned the other content object, an annotation in a link map, a probability of traversing the link, a network metric, or the like. A prefetchability measure for the link may be determined based on the cachability measure and/or another factor relating to the link. The other factor may be an annotation of the link indicating that caching the other content object will cause a related object to be uncachable. Based on the prefetchability measure, the other content object is selectively prefetched for subsequent provisioning and/or display.

Abstract: Methods and systems for efficient allocation of resources between child nodes of a parent node in a hierarchical system. The parent node has a limited number of resources available in a resource allocation phrase. The limited number of resources are allocated according to requests from the child nodes in the resource allocation phase. It is determined whether at least one of the child nodes has a request not met by the allocated resources. A bookmark associated with the child node is set for the additional required resources. Additional resources are allocated to the child node according to the bookmark in a subsequent resource allocation phase.

Abstract: A method, computer readable medium, and system for enhancing TCP communications includes transmitting a payload fragment for each of one or more of packets. A determination of which of the one or more packets to complete and reorder is made and a sequence in a completion fragment for one or more of the packets is adjusted based on the determination. One or more of the completion fragments are transmitted based on the determining to reassemble one or more of the transmitted payload fragments with one or more of the transmitted completion fragments based on the determination and adjustment.

Abstract: A system, method and machine readable medium for automated policy building in a policy module of a network traffic management device is disclosed. Parsed network traffic data is received at a policy builder of a network traffic management device. The received network traffic data is analyzed in accordance with one or more threshold conditions specified by a user, via a user interface, for an existing policy. The existing policy is modified by the policy builder if the one or more threshold conditions for the network traffic have been met.

Abstract: A method, computer readable medium, and system for generating a response includes determining from which of a plurality of levels of cache to retrieve a response. The determination is based on a number of matches between current user session data associated with a current request and stored user session data rewritten into each of one or more metadata data variables for the response when a current request for the response matches at least one prior stored request for the response. The response from the determined level of the plurality of levels of cache is provided.

Abstract: Methods and systems are directed to dynamically mirroring a connection between network devices. Mirroring is managed by forwarding a packet between a first network device and a second network device. In one method, the first network device receives the packet from a client and communicates the packet to the second network device. A forwarding device, pre-determined from the first and second network devices, forwards the packet to a server. The first network device receives a response from the server, and communicates it to the second network device. The forwarding device forwards the response packet to the client. In one configuration, the first network device and forwarding device is an active device, and the second network device is a standby device. In another configuration, the first network device is a standby device, and the second network device and forwarding device is an active device.

Abstract: A method, computer readable medium, and a system for reconstituting a virtual snapshot of files in a file virtualization system includes forming at a file virtualization device a virtual snapshot that includes a plurality of physical snapshots associated with one or more file storage devices participating in the virtual snapshot, receiving a request for performing an operation on one or more physical snapshots in the plurality of physical snapshots, providing the one or more physical snapshots in response to the request for performing the operation when the one or more physical snapshots exists in the virtual snapshot, and reconstituting the virtual snapshot by including the one or more physical snapshots to form a reconstituted virtual snapshot in response to the request for performing the operation when the one or more physical snapshots do not exist in the virtual snapshot.

Abstract: A method, system, and apparatus are directed towards compression of content. A portion of content may be compressed using a compression mode. One or more criteria may be evaluated. Based on the evaluated criteria, a decision is made as to whether to select a different compression mode. If selected, the different compression mode may be used to compress another portion of the content. Additional compression modes may be selected and used to compress the content.

Abstract: A system, machine readable medium and method for utilizing protocol conversions in policy changing enforcement is disclosed. A message, in a first protocol, is received from a network gateway device including identifying information unique to a client attempting to access a resource from a server. The message is processed using one or more portions of the client identifying information as a unique key identifier. A policy access request is generated, in a second protocol, and includes at least the unique key identifier. The policy access request is sent to a policy server, wherein the policy server is configured to provide policy enforcement information of the client associated with the policy access request. The policy enforcement information is received and one or more policies from the policy enforcement information are enforced to network traffic between the client and the server.

Abstract: Embodiments are directed towards providing protection to DNS servers against DNS flood attacks by causing a requesting device to perform multiple DNS lookup requests for resolving a resource record. A request from a network device for a resolution of a domain name may be received by a device interposed between the requesting network device and a DNS server. Upon receiving the request to resolve the domain name, the interposed device may respond with a CNAME that includes a cookie. The requesting device may then send another request that includes the cookie preceded CNAME. The interposed device may then validate the returned cookie returned in the CNAME and if valid, forward the domain name resolution request on to a DNS server. The response may then be forwarded to the requesting device.

Abstract: A load balancer, comprising a network interface, a power conservation unit, and a routing module configured to route client requests received through the network interface to a plurality of servers. The power conservation unit is characterized by having a learning mode and a routing mode. In the learning mode one or more operation parameters of the servers are determined for a plurality of different external conditions and for a plurality of different values of one or more operation parameters of the routing module, and to generate a correlation table between the operation parameters of the routing module and the external conditions. In the routing mode the power conservation unit adjusts the operation parameters of the routing module responsive to the external conditions, using the correlation table.

Abstract: In an aggregated file system, a method of processing a user file retrieves user file metadata and user data from a metadata server and applies operations to the user data in accordance with a file open request from a client. At the end of the process, the method stores the processed user data at a location in accordance with a predefined rule and updates the metadata in the metadata server to reference the processed user data at the location. In some embodiments, the predefined rule is to choose a location between the metadata server and a separate storage server in accordance with the size of the processed user data. If the size is still smaller than a predetermined threshold, the user data is stored in the metadata server. Otherwise, the user data is stored in the storage server.

Abstract: A system and method for handling a request from a client device to access a service from a server. The method comprises receiving a request from a user using a client device to access a service from a server. The request is received by a network traffic management device having a local external access management (EAM) agent. The EAM agent directly communicates with an EAM server that provides authentication policy information of a plurality of users able to at least partially access the server. User credential information is sent from the EAM agent to the EAM server, whereby the EAM agent receives access policy information of the user from the EAM server. The system and method selectively controls access of the user's request to the server in accordance with the received access policy information at the network traffic management device.

Abstract: A method and system for efficient direct DMA for processing connection state information or other expediting data packets. One example is the use of a network interface controller to buffer TCP type data packets that may contain connection state information. The connection state information is extracted from a received packet. The connection state information is stored in a special DMA descriptor that is stored in a ring buffer area of a buffer memory that is accessible by a host processor when an interrupt signal is received. The packet is then discarded. The host processor accesses the ring buffer memory only to retrieve the stored connection state information from the DMA descriptor without having to access a packet buffer area in the memory.

Abstract: A system and method for selectively storing one or more web objects in a memory is disclosed. A server response is received at a network traffic management device, wherein the server response is associated with a client request sent from a client device and includes at least one web object. The server response is analyzed using a security module of the network traffic management device which determines if the at least a portion of the server response contains suspicious content in relation to one or more defined policy parameters handled by the security module. An instruction is sent from the security module to a cache module of the network traffic management device upon determining that the at least a portion of the server response contains suspicious information, wherein the cache module does not store the at least one web object upon receiving the instruction.

Abstract: A method, system, machine-readable storage medium, and apparatus are directed towards upgrading a cluster by bifurcating the cluster into two virtual clusters, an “old” virtual cluster (old active cluster) and a “new” virtual cluster (new standby cluster), and iteratively upgrading members of the old cluster while moving them into the new cluster. While members are added to the new cluster, existing connections and new connections are seamlessly processed by the old cluster. Optionally, state mirroring occurs between the old cluster and the new cluster once the number of members of the old and new clusters are approximately equal. Once a threshold number of members have been transferred to the new cluster, control and processing may be taken over by the new cluster. Transfer of control from the old cluster to the new cluster may be performed by failing over connectivity from the old cluster to the new cluster.

Abstract: A method, computer readable medium, and a system for reconstituting a virtual snapshot of files in a file virtualization system includes forming at a file virtualization device a virtual snapshot that includes a plurality of physical snapshots associated with one or more file storage devices participating in the virtual snapshot, receiving a request for performing an operation on one or more physical snapshots in the plurality of physical snapshots, providing the one or more physical snapshots in response to the request for performing the operation when the one or more physical snapshots exists in the virtual snapshot, and reconstituting the virtual snapshot by including the one or more physical snapshots to form a reconstituted virtual snapshot in response to the request for performing the operation when the one or more physical snapshots do not exist in the virtual snapshot.

Abstract: The present invention relates to increasing performance of Wide Area Network (WAN) communications and in particular to a redundant proxy device associated with one end of a transport layer connection that monitors packet traffic and selectively reroutes packets to a proxy application.

Abstract: A method and system for controlling provisioning and access to cache servers with an application programming interface (API). The API includes components for performing various actions including: (i) prepopulating content on at least one cache server from a content server; (ii) expiring content on at least one cache server; (iii) pinning content in a memory of at least one cache server; (iv) assigning resources on at least one cache server in accordance with a quota; (v) retrieving content from at least one cache server; and (vi) flushing deleted content from at least one selected cache. The API may include a security layer. The security layer determines whether a requestor has permission to cause the requested action to be performed.