Patents Assigned to F5 Networks, Inc.
-
Patent number: 9864606Abstract: A method and host computing device that restricts access by one or more applications to a configurable hardware logic device over a bus. At least a portion of the configurable hardware logic device is reconfigured. A determination is made when unplug and plug events have been generated by the configurable hardware logic device. The unplug and plug events are generated without disconnecting power supplied to the configurable hardware logic device. The configurable hardware logic device is re-enumerated on the bus when the determining indicates the unplug and plug events have been generated by the configurable hardware logic device.Type: GrantFiled: September 3, 2014Date of Patent: January 9, 2018Assignee: F5 Networks, Inc.Inventors: Alan B. Mimms, Tom Troksa
-
Patent number: 9843554Abstract: A method, computer readable medium, and device for dynamic DNS implementation, comprises receiving, at a network traffic management device, a first DNS response from a DNS server, wherein the first DNS response is compliant with Internet Protocol version 4 (IPv4). The first DNS response corresponds to a first DNS request from a client device being compliant with Internet Protocol version 6 (IPv6). The first DNS response is converted into a DNS second response that is compliant with IPv6, by attaching a prefix that identifies a network gateway device which is to handle receive subsequent non-DNS requests from the client device. The second DNS response is routed to the client device. Subsequent non-DNS requests from the client device that contain at least a part of the prefix allow the network traffic management device to route the non-DNS request through the designated network gateway device.Type: GrantFiled: February 15, 2012Date of Patent: December 12, 2017Assignee: F5 Networks, Inc.Inventors: Peter M. Thornewell, Jason Haworth, Ian Smith, Nat Thirasuttakorn
-
Patent number: 9838259Abstract: A method, non-transitory computer readable medium and an application traffic manager computing device for determining whether a received query from a client computing device to resolve a hostname comprises a domain name with a value indicating type of internet protocol version. The received query is processed by truncating a portion of the domain name with the value indicating type of internet protocol version from the received query when the domain name with the value indicating type of internet protocol version is determined to be present. An internet protocol address is received from at least one of a plurality of servers based on the truncated portion of the domain name with the value indicating type of internet protocol version. The format of the received internet protocol address is determined for conforming to one or more policies. One or more actions are performed based on the determination.Type: GrantFiled: March 10, 2014Date of Patent: December 5, 2017Assignee: F5 Networks, Inc.Inventors: Michael Earnhart, Brent Blood, George Michael Lowell, Jr., Nat Thirasuttakorn
-
Patent number: 9832069Abstract: Embodiments are directed towards managing persistence of network traffic using deep packet inspections of network response packets from an application server. In one embodiment, the network packets are associated with SIP messages. A traffic management device (TMD) interposed between client devices and a plurality of application servers receives messages from the client device and/or the application servers. The TMD performs a deep packet inspection to determine if a defined key value pair that includes a session identifier is detected. If so, and the message is from the application server, the session identifier is then mapped to an application server identifier to persistently refer each subsequent inbound packet from a client device having the same session identifier to the application server mapped to the session identifier.Type: GrantFiled: May 29, 2009Date of Patent: November 28, 2017Assignee: F5 Networks, Inc.Inventors: Randall Cleveland, Mike Schrock, Donald Glover, Nat Thirasuttakorn
-
Patent number: 9800470Abstract: Disclosed are methods and apparatus for implementing in an electronic device that includes a processor and memory. Virtual resources, which are associated with an execution of a user's applications in a cloud resource configuration including virtual machines, network services and storage, are identified. A first topology map of the virtual resources, including a plurality of nodes, is generated. The first topology map, including the nodes, is output. A vector, which is associated with each node, said vector including one or more features associated with each node, is generated. Based upon the vectors, a distribution of the plurality of nodes within two or more groups is determined. A second topology map, including each of the node groups in one of a collapsed format, wherein only a identifier of the node group is output or an expanded format, wherein a portion of the plurality of nodes the node group are output, is output.Type: GrantFiled: November 10, 2014Date of Patent: October 24, 2017Assignee: F5 Networks, Inc.Inventors: Ankit Agarwal, Marion Le Borgne, Pascale Vicat-Blanc
-
Patent number: 9800568Abstract: Methods, non-transitory computer readable media, and network traffic management apparatuses that receive a request from a client device to access an application. The request comprises an original certificate. A determination is made when the certificate is valid. Data is extracted from one or more fields of the certificate, when the determining indicates that the user certificate is valid. A delegate certificate comprising the data and signed by a certificate authority trusted by a server device hosting the application is generated. The delegate certificate is sent to the server device. With this technology, network traffic management apparatuses can secure SSL connections using PFS-capable ciphers, while also inspecting payload data in network traffic exchanged between client and server devices in order to provide intelligent services in the network.Type: GrantFiled: June 30, 2016Date of Patent: October 24, 2017Assignee: F5 Networks, Inc.Inventors: Joel Moses, Kevin Stewart, William Church
-
Patent number: 9769136Abstract: A system and method which includes monitoring an existing first connection to a secured network domain. A first network configuration is employed to access the secured network domain via the first connection. An available second connection to the network domain is detected, whereby the system and method automatically switch to the second connection to access the secured network domain upon detecting a termination with the first connection. Access to the secured network domain, via the second connection, is established by employing a second network configuration. In an aspect, the first connection is by cable and the first network configuration is associated with direct access to the secured network domain. In an aspect, the second connection is a wired or wireless signal and the second network configuration is associated with a Virtual Private Network (VPN) connection.Type: GrantFiled: October 31, 2014Date of Patent: September 19, 2017Assignee: F5 Networks, Inc.Inventor: Andrey Shigapov
-
Patent number: 9762471Abstract: Virtual resources associated with an execution of a user's applications in a cloud or distributed resource configuration including virtual or physical machines, network services and storage are identified. A source and destination virtual machine, utilized by the user's applications, are determined, and at least one source or destination virtual machine belongs to the identified virtual resources. Measurement software for a virtual machine is downloaded. The measurement software acquires data for connections established in a transport layer for communicating between the source and destination virtual machine. Data acquired from the measurement software is received at a first time, and the data includes measurements of variables for the data communications via the connections. Based upon the measurements, metrics that characterize the data communications at a first time are generated. Measurements made at an additional number of times are also received.Type: GrantFiled: September 13, 2013Date of Patent: September 12, 2017Assignee: F5 Networks, Inc.Inventors: Pascale Vicat-Blanc, Romaric Guillier, Sebastien Soudan
-
Patent number: 9762492Abstract: Embodiments are directed towards improving the performance of network traffic management devices by optimizing the management of hot connection flows. A packet traffic management device (“PTMD”) may employ a data flow segment (“DFS”) and control segment (“CS”). The CS may perform high-level control functions and per-flow policy enforcement for connection flows maintained at the DFS, while the DFS may perform statistics gathering, per-packet policy enforcement (e.g., packet address translations), or the like, on connection flows maintained at the DFS. The DFS may include high-speed flow caches and other high-speed components that may be comprised of high-performance computer memory. Making efficient use of the high speed flow cache capacity may be improved by maximizing the number of hot connection flows and minimizing the number of malicious and/or in-operative connections flows (e.g., non-genuine flows) that may have flow control data stored in the high-speed flow cache.Type: GrantFiled: April 8, 2016Date of Patent: September 12, 2017Assignee: F5 Networks, Inc.Inventors: Paul Imre Szabo, Peter M. Thornewell, Timothy Scott Michels
-
Patent number: 9760587Abstract: A tool for assisting the operation of a network of interconnected physical equipment includes a physical infrastructure manager associated with a first data structure in which the equipment items are registered under a resource identifier in relation to a first sequence of dated values of global utilizable functional capacity, and a virtual infrastructure manager associated with a second data structure in which virtual units are registered under a unit identifier in relation to a second sequence of dated values of global utilizable functional capacity, and with a third data structure in which a virtual unit identifier is associated with a group of resource identifiers and hence with the corresponding sequences of dated capacity values. The virtual infrastructure manager dynamically reconfigures a virtual infrastructure object in accordance with the rights and capacities requested by a user.Type: GrantFiled: April 14, 2011Date of Patent: September 12, 2017Assignee: F5 Networks, Inc.Inventors: Pascale Vicat-Blanc-Primet, Sebastian Soudan, Guilherme Koslovski
-
Patent number: 9742806Abstract: A method, system, and apparatus are directed towards enabling access to payload by a third -party sent over an SSL session. The third-party may be a proxy situated between a client and a server. SSL handshake messages are sent between the client and the server to establish the SSL connection. As the SSL handshake messages are routed through the proxy, the proxy may extract data. In addition, one of the client or the server may send another message within, or out-of-band to, the series of SSL handshake message directly to the proxy. The other SSL message may include secret data that the proxy may use to generate a session key the SSL connection. With the session key, the proxy may receive SSL messages over the SSL connection, modify and/or transpose the payload within the received SSL messages, and/or terminate the SSL connection at the proxy.Type: GrantFiled: June 30, 2014Date of Patent: August 22, 2017Assignee: F5 Networks, Inc.Inventors: Jesse Abraham Rothstein, Arindum Mukerji, David D. Schmitt, John R. Hughes
-
Patent number: 9742674Abstract: A method, non-transitory computer readable medium, and multi-blade network traffic management apparatus that obtains, with a primary blade and one or more secondary blades, statistical data regarding network traffic respectively managed by each of the blades. The statistical data respectively obtained by each of the blades is stored by each of the blades in a respective database associated with each of the blades. A request for statistical data is received with the primary blade. Each of the databases is queried with the primary blade to retrieve at least a subset of the statistical data stored therein in response to the obtained request. The retrieved at least a subset of the statistical data is consolidated with the primary blade to generate a response to the received request.Type: GrantFiled: August 15, 2013Date of Patent: August 22, 2017Assignee: F5 Networks, Inc.Inventor: Valery Kreidenko
-
Patent number: 9712460Abstract: Embodiments are directed towards selecting a local port number for server side connections that hash to a same processor as a matching client side flow on a multiprocessor device using Receive Side Scaling (RSS) for the disaggregation hash. A hash of a flow key is computed with an initial port number. An exclusive-or (XOR) distance is computed to a desired hash, using least significant bits. An XOR is performed on a corrected pre-computed collision value, to transform the source port number to a value that hashes correctly with other elements within the flow key. The transformed source port number may then be inserted into network packets sent to a server device, such that the transformed source port number can be used in a returning RSS hash to again select the same processor.Type: GrantFiled: August 26, 2013Date of Patent: July 18, 2017Assignee: F5 Networks, Inc.Inventor: Lars Pearson Friend
-
Patent number: 9705852Abstract: A traffic management device (TMD), system, and processor-readable storage medium are directed to determining that an end-to-end encrypted session has been established between a client and an authentication server, intercepting and decrypting subsequent task traffic from the client, and forwarding the intercepted traffic toward a server. In some embodiments, a second connection between the TMD and server may be employed to forward the intercepted traffic, and the second connection may be unencrypted or encrypted with a different mechanism than the encrypted connection to the authentication server. The encrypted connection to the authentication server may be maintained following authentication to enable termination of the second connection if the client becomes untrusted, and/or to enable logging of client requests, connection information, and the like. In some embodiments, the TMD may act as a proxy to provide client access to a number of servers and/or resources.Type: GrantFiled: September 16, 2015Date of Patent: July 11, 2017Assignee: F5 Networks, Inc.Inventors: Benn Sapin Bollay, Jonathan Mini Hawthorne
-
Patent number: 9705821Abstract: A method, non-transitory computer readable medium and an application manager computing device that assists with provisioning applications based on user anticipated workloads includes obtaining, a user anticipated resource based on information within a user workload database, prior to receiving a request from a client computing device. The obtained user anticipated resource is provisioned. The provisioned user anticipated resource is provided upon establishing a session with the requesting client computing device.Type: GrantFiled: September 30, 2014Date of Patent: July 11, 2017Assignee: F5 Networks, Inc.Inventors: Amit Jain, Charles Cano
-
Patent number: 9674144Abstract: IP reflection comprising double static NAT (network address translation) is disclosed. In some embodiments, a packet having a public IP address is received at a protecting network. The public IP address of the packet is translated to a corresponding protected IP address associated with a protected network, and the packet is forwarded to the protected network for servicing. The protected IP address of a response to the packet from the protected network is translated back to the public IP address at the protected network before sending.Type: GrantFiled: October 30, 2015Date of Patent: June 6, 2017Assignee: F5 Networks, Inc.Inventor: Barrett Gibson Lyon
-
Patent number: 9667601Abstract: A traffic management device (TMD), system, and processor-readable storage medium directed towards re-establishing an encrypted connection of an encrypted session, the encrypted connection having initially been established between a client device and a first server device, causing the encrypted connection to terminate at a second server device. As described, a traffic management device (TMD) is interposed between the client device and the first server device. In some embodiments, the TMD may request that the client device renegotiate the encrypted connection. The TMD may redirect the response to the renegotiation request towards a second server device, such that the renegotiated encrypted connection is established between the client device and the second server device.Type: GrantFiled: September 11, 2015Date of Patent: May 30, 2017Assignee: F5 Networks, Inc.Inventors: Benn Sapin Bollay, David Alan Hansen, David Dean Schmitt, Jonathan Mini Hawthorne
-
Patent number: 9667553Abstract: Methods, systems, and devices are described for managing network communications. A traffic manager module may receive a message from a first network device to a second network device. The traffic manager module may serve as a proxy between the first network device and the second network device. The traffic manager module may perform an application layer inspection at the traffic manager module on at least one of the message or a response to the message from the second network device, and forward the message or the response to the message to a third network device based on the application layer inspection at the traffic manager module.Type: GrantFiled: August 19, 2013Date of Patent: May 30, 2017Assignee: F5 Networks, Inc.Inventors: Manish Vachharajani, John Giacomoni, Mark Terrel, Leonard Maiorani
-
Patent number: 9647954Abstract: A server array controller that includes a Data Flow Segment (DFS) and at least one Control Segment (CS). The DFS includes the hardware-optimized portion of the controller, while the CS includes the software-optimized portions. The DFS performs most of the repetitive chores including statistics gathering and per-packet policy enforcement (e.g. packet switching). The DFS also performs tasks such as that of a router, a switch, or a routing switch. The CS determines the translation to be performed on each flow of packets, and thus performs high-level control functions and per-flow policy enforcement. Network address translation (NAT) is performed by the combined operation of the CS and DFS. The CS and DFS may be incorporated into one or more separate blocks. The CS and DFS are independently scalable. Additionally, the functionality of either the DFS or the CS may be separately implemented in software and/or hardware.Type: GrantFiled: June 20, 2014Date of Patent: May 9, 2017Assignee: F5 Networks, Inc.Inventors: Robert George Gilde, Steven Lee Harms
-
Patent number: 9635024Abstract: A method, non-transitory computer readable medium, and access policy management computing device that obtains a first set of attributes based on a login request received from a client device. The first set of attributes includes at least credentials for a user of the client device. A persistent data store record for the user is identified and a second set of attributes associated with the user, and included in the persistent data store record, is imported into a session cache record for the user. A fingerprint including the second set of attributes is compared to the first set of attributes. A multifactor or single factor authentication is initiated based on a result of the comparison to determine when the credentials for the user are valid. A session for the user is established and access by the user to network resource(s) is allowed, when the credentials for the user are valid.Type: GrantFiled: December 15, 2014Date of Patent: April 25, 2017Assignee: F5 Networks, Inc.Inventors: Vinod Pisharody, Amit Jain