Abstract: A method, system, and apparatus are directed towards selectively concatenating data into a packet to modify a number of packets transmitted over a network based on a combination of network and/or send-queue metrics. In one embodiment, Nagle's algorithm is used for concatenating data into a packet. The concatenation may be selectively enabled based on heuristics applied to the combination of metrics. In one embodiment, the result may indicate that there should be a concatenation, or that data should be sent immediately, or that a current state for whether to concatenate or not should be maintained. The heuristics may include an expert system, decision tree, truth table, function, or the like. The heuristics may be provided by a user, or another computing device. In another embodiment, the concatenation may be enabled based on a conditional probability determined from the combination of metrics.

Abstract: A method and apparatus for inserting and examining Cookies in the data streams of HTTP connections for the purpose of persistently directing HTTP connections to the same destination. A network device directs subsequent HTTP connections from the same client to the same server (destination) for accessing the requested resources. There are four modes for employing the Cookie to persistently direct HTTP connections. The associated mode inserts a Cookie that uniquely identifies the client into an HTTP response. The passive mode inserts Cookie information that uniquely identifies a previously selected destination into an HTTP response. In the rewrite mode, a network device manages the destination information that is rewritten over blank Cookie information generated by the destination producing the HTTP response. The insert mode inserts and removes Cookie information in the data packets for HTTP requests and response prior to processing by the destination.

Abstract: A system, apparatus, and method are directed to managing network communications by, in part, reducing a number of packets between a client and a server communicating through another device, such as a traffic management device (TMD). The invention reduces the number of packets communicated, in part, by coalescing acknowledgements (ACKs) and/or finish (FIN) flags into another packet. In one embodiment, if the client provides a substantially complete request for the server, an ACK to the request may be coalesced into a corresponding response from the server. When another request is to be provided to the server, within about half of the minimum retransmission timeout, an ACK to the prior response may be coalesced into a subsequent request to the server. Packet reduction may also be achieved by stretching a packet to insert additional data when the insertion maintains a packet size that is within a negotiated maximum segment size (MSS).

Abstract: A method and system for accessing network services. A client sends a request for a service. The request includes an address of the client. One or more resolvers receive the request for a service. The one or more resolvers determine at least one service location to return to the client based at least partially on the service requested and the address of the client. The at least one service location is then returned to the client. The service locations returned to the client may also be based on a policy, user preferences, client preferences, or client characteristics.

Abstract: A switched file system, also termed a file switch, is logically positioned between client computers and file servers in a computer network. The file switch distributes user files among multiple file servers using aggregated file, transaction and directory mechanisms. The file switch supports caching of a particular aggregated data file either locally in a client computer or in the file switch in accordance with the exclusivity level of an opportunistic lock granted to the entity that requested caching. The opportunistic lock can be obtained either on the individual data files stored in the file servers or on the metadata files that contain the location of each individual data files in the file servers. The opportunistic lock can be broken if another client tries to access the aggregated data file. Opportunistic locks allows client-side caching while preserving data integrity and consistency, hence the performance of the switched file system is increased.

Abstract: A method, system, and apparatus are directed towards compression of content over a network. The content may include content length information, such as within a header. In one embodiment, a portion of the content may be compressed to approximately fill a buffer of a predefined size. If there remains additional uncompressed content, a new content length may be determined based in part on the length of the compressed content and the remaining uncompressed content. The buffered content and the new content length may then be forwarded in response to the request. The remaining uncompressed content may be split into predefined blocks using identity compression. Identity compression may then be applied to the remaining uncompressed content which is then forwarded to a destination in response to the request.

Abstract: A method and computer program for automatically and continually extracting application protocols (i.e., defining a set of allowable or authorized actions) for any application. The method involves receiving a message from a server before it is sent or in parallel with sending to a client. The message may be in response to a specific request for it from the client. The program then extracts the application protocol data from the server message. Working with a copy of the message, the program strips off the communications protocol(s) from the message and parses the remaining message to identify user-selectable options contained in the message such as commands, fields, etc. These items represent the set of allowable or authorized user actions for the particular “stage” of the current version of the application as set forth in the message. The set of allowable user actions is then stored by the extraction program in a protocol database accessible to a gateway or filter module.

Abstract: A system and method for directing network connections. The invention enables a network device to direct subsequent connections from a client to a server for accessing resources. A process extracts a persistence key from a received message, and employs the persistence key to identify the appropriate server. An interface is provided, enabling a user program to direct the process of extracting the persistence key. The invention also provides a way for multiple clients to persist to a common server.

Abstract: A method and system for caching content, such as content requested from a server on the World Wide Web. Requests for dynamic content are forwarded directly to a content server to avoid caching data that might only be used once. Requests for static content are forwarded to a hot or a regular cache depending on the frequency at which the content is requested. When a hot cache does not contain the content, it forwards the request to the forwarder which then forwards the request to a regular cache. When the regular cache does not contain the content, it requests the content from the forwarder which then forwards the request to a content server. There may be more than two layers of cache.

Abstract: Disclosed is a method and apparatus for crossbar arbitration. In one embodiment, the crossbar arbitration includes a memory, a plurality of functional units that transfer data to and from the memory, a crossbar unit that provides a data path from each unit to the memory, and an arbitration unit that monitors data traffic generated by each functional unit through the crossbar unit and assigns a priority to each functional unit based on the data traffic. In another embodiment, the crossbar arbitration includes a method for data transfer arbitration including monitoring data transfers for a plurality of devices, and assigning a priority to each device corresponding to the amount of data transfers generated by the device.

Abstract: A system and method is directed to routing a packet over a network to a probe. The system includes a replicator and a distributor. The replicator receives a packet from a client and replicates the packet. The distributor is either out-of-band or in-band to a flow of traffic between the client and a server. In the out-of-band configuration, the distributor forwards the replicate packet to at least one probe in a plurality of probes. The distributor receives a response to the replicate packet and transforms a source MAC address in the response to a MAC address of the distributor. The distributor forwards the transformed packet. The replicator forwards the original packet. In the in-band configuration, the distributor selects and forwards the original packet to a server using a first forwarding mechanism, and selects and forwards the replicate packet to a probe using a second forwarding mechanism.

Abstract: A system and computer implementable method for updating content on servers coupled to a network. The method includes updating an origin server with a version of files used to provide content, retrieving data that indicates an action to be performed on one or more cache servers in conjunction with updating the origin server, and performing the action to update entries in the one or more cache servers. Each entry in each cache server is associated with a subset of the content on the origin server and may include an expiration field and/or a time to live field. An example of a subset of content to which a cache entry may be associated is a Web page. Cache servers are not required to poll origin servers to determine whether new content is available. Cache servers may be pre-populated using push or pull techniques.

Abstract: A method and a system for improving Web hosting performance, enhancing content distribution and security on the Internet and stabilizing WEB Site connectivity, by means of creating a TCP terminating buffer around subscriber WEB Sites. A DNS agent diverts client requests to WEB Sites to a Virtual Host Accelerating (VHA) Site in closest proximity. The VHA Site comprises a set of physically identical computer units and processing is enhanced on those units by means of a hardware devise to accelerate database searches. The VHA determines if the client request is of a permitted type and if the request can be processed from recycled data. Both static and dynamic requests can be serviced from recycled material and only in certain circumstances are requests forwarded to the WEB Sites by means of permanent open connections. In some cases SSL requests are also served from recycled material.

Abstract: Disclosed are methods and systems for providing persistence across multiple requests in a WAN load-balanced environment. More than one load balancing system may be used to provide persistence while load balancing. One method and system disclosed provides persistence by using modulus arithmetic to load balance requests. Another method and system disclosed provides persistence using topology information contained in the request. Another method and system disclosed provides persistence by storing connection information to refer a timely continuation request of a prior request to the same server the prior request was referred to. When more than one load balancing system is used with this method, the load balancing systems periodically exchange the stored connection information so that each load balancing system may provide persistence to repeat requests.

Abstract: A system and method are directed to managing text input. An image of a virtual keyboard is displayed to a user. The user enters text by using the virtual keyboard image and an input device, such as a pointing device. The image is repeatedly altered, such as by position, size, angle, or shape. One technique includes altering the image after each selection of a virtual key is made. One aspect of the invention includes determining sensitive input fields within a page and facilitating the use of the virtual keyboard for those fields. The invention can be used to improve security when the possibility of keyboard sniffers exists.

Abstract: A method and system is directed to routing a flow of packets over a network to multiple traffic management devices. An apparatus receives each packet from a network and forwards the packet to one of a group of traffic management devices. The apparatus also may receive packets from servers for which the traffic management devices are managing communications. When forwarding packets, a traffic management device is selected from the group of traffic management devices by employing a hash of an IP address and port number. The IP address and port number are selected from source or destination information in the packet that has a greater port number. When the traffic management device performs a network address translation, further actions may be performed so that packets that are part of a flow between two network devices are delivered to the same traffic management device.

Abstract: A system for distributing network traffic to multiple traffic management devices. A distributor receives each packet from a network and may act as a layer 2 switch, a router, or distribute the packet to one of a group of traffic management devices. The distributor may receive packets from servers that the traffic management devices are managing communications to. When distributing packets to traffic management devices, information such as source and destination addresses may be used to determine which traffic management device each packet should be sent to. The distributor causes packets that are part of a flow to be delivered to the same traffic management device.

Abstract: A method and system for authenticating and authorizing requesters interacting with content servers. A message including a request is forwarded from an upstream device and received by an intermediate device. The intermediate device authenticates the upstream device. Then, if the intermediate device is authorized to make decisions as to which sender may access the content server, the intermediate device determines whether the sender of the message has authority to access the content server as requested in the request. Otherwise, the message is forwarded towards the content server with an indication that the intermediate device authenticated the upstream device.

Abstract: A method, system, machine-readable storage medium, and apparatus are directed towards upgrading a cluster by bifurcating the cluster into two virtual clusters, an “old” virtual cluster (old active cluster) and a “new” virtual cluster (new standby cluster), and iteratively upgrading members of the old cluster while moving them into the new cluster. While members are added to the new cluster, existing connections and new connections are seamlessly processed by the old cluster. Optionally, state mirroring occurs between the old cluster and the new cluster once the number of members of the old and new clusters are approximately equal. Once a threshold number of members have been transferred to the new cluster, control and processing may be taken over by the new cluster. Transfer of control from the old cluster to the new cluster may be performed by failing over connectivity from the old cluster to the new cluster.

Abstract: A system, apparatus, and method are directed to managing multiple back-end connections for pipelined HTTP communications. A traffic management device is configured to open back-end connections to multiple servers. The traffic management device distributes HTTP requests from a client device across multiple server connections. Instead of buffering the responses to ensure that each are returned in a same order as the requests, the traffic management device throttles a TCP receive window between all of the back-end server connections, but that back-end server connection associated with a first expected response. As each response is sent to the client device, the TCP window for the next back-end server connection is opened. This effectively offloads any significant buffering onto the back-end servers, enabling the traffic management device to return the responses in the same order as the requests.