Abstract: A method, apparatus, and system are directed toward managing a Transmission Control Protocol/Internet Protocol (TCP/IP) handshake. A SYN-ACK cookie is determined based on a cryptographic operation using a secret key and at least one network characteristic. The SYN-ACK cookie is provided in a SYN message's field. The SYN message is sent from a client to a server. Another sequence number based on the received SYN-ACK cookie is included in a SYN-ACK message. The SYN-ACK message is sent to and received by the client. The other sequence number is validated based on the secret key to generate at least another network characteristic. A TCP/IP connection is established if the network characteristic matches the other network characteristic. In one embodiment, the component sending the SYN message may be a different component than the component receiving the SYN-ACK message. In this embodiment, the secret key may be shared between the two components.

Abstract: In a switched file system, a file switching device is logically positioned between clients and file servers and communicates with the clients and the file servers using standard network file protocols. The file switching device appears as a server to the client devices and as a client to the file servers. The file switching device aggregates storage from multiple file servers into a global filesystem and presents a global namespace to the client devices. The file switching device typically supports a “native” mode for integrating legacy files into the global namespace and an “extended” mode for actively managing files across one or more file servers. Typically, native-mode files may be accessed directly or indirectly via the file switching device, while extended-mode files may be accessed only through the file switching device. The file switching device may manage file storage using various types of rules, e.g., for managing multiple storage tiers or for applying different types of encoding schemes to files.

Abstract: A switched file system, also termed a file switch, is logically positioned between client computers and file servers in a computer network. The file switch distributes user files among multiple file servers using aggregated file, transaction and directory mechanisms. The file switch distributes and aggregates the client data files in accordance with a predetermined set of aggregation rules. Each rule can be modified independently of the other rules. Different aggregation rules can be used for different types of files, thereby adapting the characteristics of the switched file system to the intended use and to the expected or historical access patterns for different data files.

Abstract: A method, apparatus, and system are directed toward managing network traffic over a plurality of Open Systems Interconnection (OSI) Level 2 switch ports. A network traffic is received over the plurality of OSI Level 2 switch ports. At least a part of the network traffic is categorized into a flow. The categorization may be based on a IP address, an OSI Level 4 port, a protocol type, a Virtual Local Area Network (VLAN) number, or the like, associated with the network traffic. One of the plurality of OSI Level 2 switch ports is selected based on a load-balancing metric. The load-balancing metric may be a priority of the flow, a congestion characteristic, a prediction of a load usage for the flow, a combination thereof, or the like. A frame associated with the flow is sent over the selected one of the plurality of OSI Level 2 switch ports.

Abstract: A system, apparatus, and method for managing TCP over TCP communications using multiple TCP network connections. A plurality of tunneled network connections may be established between network devices. The network devices may employ one of the tunneled network connections over which to establish a plurality of application sessions. If congestion is detected on the employed tunneled network connection that exceeds a threshold, then a reset flag may be sent to abort that tunneled network connection. At least some of the application sessions are also transferred to another one of plurality of tunneled network connections, without terminating the moved application sessions. In one embodiment, at least one more tunneled network connection may be established between the network devices.

Abstract: Load sharing clusters in which each node is responsible for one or more non-overlapping subset(s) of the cluster namespace and will process only those requests that access file or directory objects in the partitioned namespace that the node controls while redirecting requests designated for other nodes. A non-overlapping subset may be migrated from a source node to a destination node, for example, for load sharing or hotspot mitigation. Migration typically includes maintaining a file virtualization link from the destination node to the source node to permit forwarding of requests by the destination node to the source node during migration of metadata and then migration of data from the source node. After migration is complete, the file virtualization link is broken and the destination node services requests for the non-overlapping subset from the migrated metadata and data.

Abstract: A method, computer readable medium, and device for handling requests between different resource record types includes receiving at a traffic management device a first resource record type from one or more server devices in response to a request from a client device. The traffic management device validates the first resource record type, and creates a second resource record type corresponding to the first resource record type after the validating. Signing the second resource record type at the traffic management device is carried out for servicing the request from the client device.

Abstract: A system and method for directing network connections. The invention enables a network device to direct subsequent connections from a client to a server for accessing resources. A process extracts a persistence key from a received message, and employs the persistence key to identify the appropriate server. An interface is provided, enabling a user program to direct the process of extracting the persistence key. The invention also provides a way for multiple clients to persist to a common server.

Abstract: The present invention relates to increasing performance of Wide Area Network (WAN) communications and in particular to a redundant proxy device associated with one end of a transport layer connection that monitors packet traffic and selectively reroutes packets to a proxy application.

Abstract: A system and method for directing network connections. The invention enables a network device to direct subsequent connections from a client to a server for accessing resources. A process extracts a persistence key from a received message, and employs the persistence key to identify the appropriate server. An interface is provided, enabling a user program to direct the process of extracting the persistence key. The invention also provides a way for multiple clients to persist to a common server.

Abstract: Methods, systems, and apparatus are directed towards managing a network communication. A Secured Socket Layer (SSL) session identifier (ID) is received within an SSL handshake protocol message for establishing an SSL connection. The SSL session ID is combined with a pre-determined ID associated with a network device to generate another ID. The other ID may comprise a plurality of information associated with an operation for caching the SSL session ID and/or for caching other information usable in re-establishing an SSL session over the SSL connection. The plurality of information may comprise an expiration time, a cache line, a cache ID, and a unique ID. Based on at least a portion of the other ID, a failure statistic associated with re-establishing the SSL session for the SSL connection is determined. A session cache and/or the operation for caching are tuned based on the failure statistic.

Abstract: A method, computer readable medium, and a system for communicating with networked clients and servers through a network device is disclosed. A first network data packet is received at a first port of a network device. The first network data packet is destined for a first executing application of a plurality of executing applications operating in the network device. The plurality of executing applications are associated with corresponding application drivers utilizing independent and unique direct memory access (DMA) channels. A first DMA channel is identified, wherein the first DMA channel is mapped to the first port and associated with a first application driver corresponding to the first executing application. The first network data packet is transmitted to the first executing application over the first identified DMA channel.

Abstract: Layer-7 application layer message (“message”) classification is disclosed. A network traffic management device (“NTMD”) receives incoming messages over a first TCP/IP connection from a first network for transmission to a second network. Before transmitting the incoming messages onto the second network, however, the NTMD classifies the incoming messages according to some criteria, such as by assigning one or more priorities to the messages. The NTMD transmits the classified messages in the order of their message classification. Where the classification is priority based, first priority messages are transmitted over second priority messages, and so forth, for example.

Abstract: Methods and systems for creating a back channel between two network nodes using a packet trailer. The sending node establishes a communication channel between itself and the destination node. A packet is prepared having a header and a payload. Data associated with the tasks of the back channel from a lower data link layer is written into a trailer on the header. The packet is received at the second node and the data in the trailer is read. The trailer is stripped out prior to sending the packet to a higher layer of the destination node.

Abstract: A non-distruptive migration of a native volume from a source server to a destination server performed by a file switch involves converting the source native volume to a native with metadata volume. The native with metadata volume is converted to a mirrored native with metadata volume including the source server and the destination server. The destination server includes a mirror copy of the native with metadata volume. The source server is removed from the mirrored native with metadata volume. The mirror copy of the native with metadata volume on the destination server is converted to a destination native volume on the destination server.

Abstract: A switched file system, also termed a file switch, is logically positioned between client computers and file servers in a computer network. The file switch distributes user files among multiple file servers using aggregated file, transaction and directory mechanisms. The file switch distributes and aggregates the client data files in accordance with a predetermined set of aggregation rules. Each rule can be modified independently of the other rules. Different aggregation rules can be used for different types of files, thereby adapting the characteristics of the switched file system to the intended use and to the expected or historical access patterns for different data files.

Abstract: A method and system for efficient direct DMA for processing connection state information or other expediting data packets. One example is the use of a network interface controller to buffer TCP type data packets that may contain connection state information. The connection state information is extracted from a received packet. The connection state information is stored in a special DMA descriptor that is stored in a ring buffer area of a buffer memory that is accessible by a host processor when an interrupt signal is received. The packet is then discarded. The host processor accesses the ring buffer memory only to retrieve the stored connection state information from the DMA descriptor without having to access a packet buffer area in the memory.

Abstract: Disclosed is a system and method for providing persistence in network access, by enhancing the likelihood that a gateway that is employed by a server array controller to send a client's message to a resource in another network outside of a local network behind the server array controller, is the same gateway employed by the resource for a responding message. In one embodiment, an outbound gateway is selected based on load-balanced gateways that have been enabled for automatic mapping of a source address to an available corresponding global Internet Protocol address. In another embodiment, multiple server array controllers are employed in a multi-active mode that enables multiple network address translation tables to be available in the event of a failover of one or more of the server array controllers.

Abstract: A method and apparatus for inserting and examining Cookies in the data streams of HTTP connections for the purpose of persistently directing HTTP connections to the same destination. A network device directs subsequent HTTP connections from the same client to the same server (destination) for accessing the requested resources. There are four modes for employing the Cookie to persistently direct HTTP connections. The associated mode inserts a Cookie that uniquely identifies the client into an HTTP response. The passive mode inserts Cookie information that uniquely identifies a previously selected destination into an HTTP response. In the rewrite mode, a network device manages the destination information that is rewritten over blank Cookie information generated by the destination producing the HTTP response. The insert mode inserts and removes Cookie information in the data packets for HTTP requests and response prior to processing by the destination.

Abstract: Client computers are decoupled from file servers in a computer network, by placing a network node, also termed a file switch or file switch computer, between the client computers and the file servers. To the client computers, the file switch appears to be a file server having enormous storage capabilities and high throughput. To the file servers, the file switch appears to be a client as it delegates a single transaction received from a client computer to multiple file servers. The file switch aggregates the file servers' responses to the client computer's request and presents a single response back to the client computer. The file switch performs this transaction aggregation function in a manner that is transparent to both the client computers and the file servers.