Abstract: A system, apparatus, and method are directed to managing network communications between a client and a server by enabling the client to make decisions involving the selection of alternate network paths. The client and/or the server may be multi-homed to a network. In one embodiment, a link load balancer provides the client with a message and/or path data that enables the client to improve its connections with the server by redirecting network packets using an alternate network path. The message may be based on a static policy at the server, changes in availability of the network connections between the client and server, changes in a quality of the network connections, paths, or the like. Redirecting the network packet by the client may include closing one network connection and establishing another network connection, and/or employing an available alternate network path to re-route network packets towards the server.

Abstract: In an aggregated file system, metadata is partitioned into multiple metadata volumes. On receipt of a file processing request, a file switch examines its mount entry cache to identify a target metadata volume that hosts the metadata of the requested file. The identification begins with mount entries at a root volume and continues recursively by examining a portion of the absolute pathname of the file until the target metadata volume is identified. Finally, the file switch forwards the request to a metadata server managing the target metadata volume. Since the identification process is carried out completely within the file switch, there is no need for multiple expensive network accesses to different metadata servers.

Abstract: A method, apparatus, and system are directed toward managing a Transmission Control Protocol/Internet Protocol (TCP/IP) handshake. A SYN-ACK cookie is determined based on a cryptographic operation using a secret key and at least one network characteristic. The SYN-ACK cookie is provided in a SYN message's field. The SYN message is sent from a client to a server. Another sequence number based on the received SYN-ACK cookie is included in a SYN-ACK message. The SYN-ACK message is sent to and received by the client. The other sequence number is validated based on the secret key to generate at least another network characteristic. A TCP/IP connection is established if the network characteristic matches the other network characteristic. In one embodiment, the component sending the SYN message may be a different component than the component receiving the SYN-ACK message. In this embodiment, the secret key may be shared between the two components.

Abstract: Upon detecting a data event initiating an update to a table, a first classifier index associated with the data event is identified. From a classifier table, the current position in a first dimension of the table associated with the classifier index is determined. An open position in the first dimension of the table is also identified. Updated data is stored in the open position within the table. In the classifier table, the open position storing the updated data is associated with the classifier index.

Abstract: A method and system for preventing excessive flood packets from switching devices in a network for routing packets between a source station having an address and a destination station in the network having an address. A first packet directed toward the destination station is received over the network via an incoming traffic switch. The incoming traffic switch includes a table without the address of the destination station. The first packet is flooded over the plurality of switches. The flooded first packet is received at a front facing switch coupled to the destination station. The front facing switch has a table including the source address of the packet. The source address of packet is flushed from the table of the front facing switch. A response packet is sent from the destination station to the source station. The response packet is flooded to the incoming traffic switch. The flooded response packet is received at the incoming traffic switch.

Abstract: In an aggregated file system, metadata is partitioned into multiple metadata volumes. On receipt of a file processing request, a file switch examines its mount entry cache to identify a target metadata volume that hosts the metadata of the requested file. The identification begins with mount entries at a root volume and continues recursively by examining a portion of the absolute pathname of the file until the target metadata volume is identified. Finally, the file switch forwards the request to a metadata server managing the target metadata volume. Since the identification process is carried out completely within the file switch, there is no need for multiple expensive network accesses to different metadata servers.

Abstract: A system, method, and apparatus are directed towards identifying adaptive length segments of redundant data for encoding a data structure. Initial boundaries are identified for an input matching segment within input data and for a candidate store matching segment in a synchronized store. The data prior to and after the boundaries are compared to identify matching data. As matching data is identified, at least one of the boundaries of the matching segments is revised. An encoded representation of the resulting input matching segment is then generated based in part on pointers and offsets into the synchronized store. A data structure is generated based on the encoded representation and unmatched portion, which is sent to a receiver. The receiver uses the data structure to extract matching data from the synchronized store, and together with the unmatched input data in the data structure, reconstruct the input data.

Abstract: Methods and apparatus provide an adaptive load balancer that presents a virtual data system to client computer systems. The virtual data system provides access to an aggregated set of data, such as files or web service objects, available from a plurality of server data systems respectively operating within a plurality of server computer systems. The adaptive load balancer receives a client data access transaction from a client computer system that specifies a data access operation to be performed relative to the virtual data system presented to the client computer system. The adaptive load balancer processes the client data access transaction in relation to metadata associated with the virtual data system to provide access to the file or service object within a server computer system, or to access the metadata.

Abstract: A method, system, and apparatus are directed towards selectively concatenating data into a packet to modify a number of packets transmitted over a network based on a combination of network and/or send-queue metrics. In one embodiment, Nagle's algorithm is used for concatenating data into a packet. The concatenation may be selectively enabled based on heuristics applied to the combination of metrics. In one embodiment, the result may indicate that there should be a concatenation, or that data should be sent immediately, or that a current state for whether to concatenate or not should be maintained. The heuristics may include an expert system, decision tree, truth table, function, or the like. The heuristics may be provided by a user, or another computing device. In another embodiment, the concatenation may be enabled based on a conditional probability determined from the combination of metrics.

Abstract: A method and apparatus for inserting and examining Cookies in the data streams of HTTP connections for the purpose of persistently directing HTTP connections to the same destination. A network device directs subsequent HTTP connections from the same client to the same server (destination) for accessing the requested resources. There are four modes for employing the Cookie to persistently direct HTTP connections. The associated mode inserts a Cookie that uniquely identifies the client into an HTTP response. The passive mode inserts Cookie information that uniquely identifies a previously selected destination into an HTTP response. In the rewrite mode, a network device manages the destination information that is rewritten over blank Cookie information generated by the destination producing the HTTP response. The insert mode inserts and removes Cookie information in the data packets for HTTP requests and response prior to processing by the destination.

Abstract: A system, apparatus, and method are directed to managing network communications by, in part, reducing a number of packets between a client and a server communicating through another device, such as a traffic management device (TMD). The invention reduces the number of packets communicated, in part, by coalescing acknowledgements (ACKs) and/or finish (FIN) flags into another packet. In one embodiment, if the client provides a substantially complete request for the server, an ACK to the request may be coalesced into a corresponding response from the server. When another request is to be provided to the server, within about half of the minimum retransmission timeout, an ACK to the prior response may be coalesced into a subsequent request to the server. Packet reduction may also be achieved by stretching a packet to insert additional data when the insertion maintains a packet size that is within a negotiated maximum segment size (MSS).

Abstract: A method and system for accessing network services. A client sends a request for a service. The request includes an address of the client. One or more resolvers receive the request for a service. The one or more resolvers determine at least one service location to return to the client based at least partially on the service requested and the address of the client. The at least one service location is then returned to the client. The service locations returned to the client may also be based on a policy, user preferences, client preferences, or client characteristics.

Abstract: A switched file system, also termed a file switch, is logically positioned between client computers and file servers in a computer network. The file switch distributes user files among multiple file servers using aggregated file, transaction and directory mechanisms. The file switch supports caching of a particular aggregated data file either locally in a client computer or in the file switch in accordance with the exclusivity level of an opportunistic lock granted to the entity that requested caching. The opportunistic lock can be obtained either on the individual data files stored in the file servers or on the metadata files that contain the location of each individual data files in the file servers. The opportunistic lock can be broken if another client tries to access the aggregated data file. Opportunistic locks allows client-side caching while preserving data integrity and consistency, hence the performance of the switched file system is increased.

Abstract: A method, system, and apparatus are directed towards compression of content over a network. The content may include content length information, such as within a header. In one embodiment, a portion of the content may be compressed to approximately fill a buffer of a predefined size. If there remains additional uncompressed content, a new content length may be determined based in part on the length of the compressed content and the remaining uncompressed content. The buffered content and the new content length may then be forwarded in response to the request. The remaining uncompressed content may be split into predefined blocks using identity compression. Identity compression may then be applied to the remaining uncompressed content which is then forwarded to a destination in response to the request.

Abstract: A system and method for directing network connections. The invention enables a network device to direct subsequent connections from a client to a server for accessing resources. A process extracts a persistence key from a received message, and employs the persistence key to identify the appropriate server. An interface is provided, enabling a user program to direct the process of extracting the persistence key. The invention also provides a way for multiple clients to persist to a common server.

Abstract: A method and computer program for automatically and continually extracting application protocols (i.e., defining a set of allowable or authorized actions) for any application. The method involves receiving a message from a server before it is sent or in parallel with sending to a client. The message may be in response to a specific request for it from the client. The program then extracts the application protocol data from the server message. Working with a copy of the message, the program strips off the communications protocol(s) from the message and parses the remaining message to identify user-selectable options contained in the message such as commands, fields, etc. These items represent the set of allowable or authorized user actions for the particular “stage” of the current version of the application as set forth in the message. The set of allowable user actions is then stored by the extraction program in a protocol database accessible to a gateway or filter module.

Abstract: A method and system for caching content, such as content requested from a server on the World Wide Web. Requests for dynamic content are forwarded directly to a content server to avoid caching data that might only be used once. Requests for static content are forwarded to a hot or a regular cache depending on the frequency at which the content is requested. When a hot cache does not contain the content, it forwards the request to the forwarder which then forwards the request to a regular cache. When the regular cache does not contain the content, it requests the content from the forwarder which then forwards the request to a content server. There may be more than two layers of cache.

Abstract: Disclosed is a method and apparatus for crossbar arbitration. In one embodiment, the crossbar arbitration includes a memory, a plurality of functional units that transfer data to and from the memory, a crossbar unit that provides a data path from each unit to the memory, and an arbitration unit that monitors data traffic generated by each functional unit through the crossbar unit and assigns a priority to each functional unit based on the data traffic. In another embodiment, the crossbar arbitration includes a method for data transfer arbitration including monitoring data transfers for a plurality of devices, and assigning a priority to each device corresponding to the amount of data transfers generated by the device.

Abstract: A system and method is directed to routing a packet over a network to a probe. The system includes a replicator and a distributor. The replicator receives a packet from a client and replicates the packet. The distributor is either out-of-band or in-band to a flow of traffic between the client and a server. In the out-of-band configuration, the distributor forwards the replicate packet to at least one probe in a plurality of probes. The distributor receives a response to the replicate packet and transforms a source MAC address in the response to a MAC address of the distributor. The distributor forwards the transformed packet. The replicator forwards the original packet. In the in-band configuration, the distributor selects and forwards the original packet to a server using a first forwarding mechanism, and selects and forwards the replicate packet to a probe using a second forwarding mechanism.

Abstract: A method and a system for improving Web hosting performance, enhancing content distribution and security on the Internet and stabilizing WEB Site connectivity, by means of creating a TCP terminating buffer around subscriber WEB Sites. A DNS agent diverts client requests to WEB Sites to a Virtual Host Accelerating (VHA) Site in closest proximity. The VHA Site comprises a set of physically identical computer units and processing is enhanced on those units by means of a hardware devise to accelerate database searches. The VHA determines if the client request is of a permitted type and if the request can be processed from recycled data. Both static and dynamic requests can be serviced from recycled material and only in certain circumstances are requests forwarded to the WEB Sites by means of permanent open connections. In some cases SSL requests are also served from recycled material.