Patents Assigned to F5 Networks, Inc.
  • Patent number: 9864606
    Abstract: A method and host computing device that restricts access by one or more applications to a configurable hardware logic device over a bus. At least a portion of the configurable hardware logic device is reconfigured. A determination is made when unplug and plug events have been generated by the configurable hardware logic device. The unplug and plug events are generated without disconnecting power supplied to the configurable hardware logic device. The configurable hardware logic device is re-enumerated on the bus when the determining indicates the unplug and plug events have been generated by the configurable hardware logic device.
    Type: Grant
    Filed: September 3, 2014
    Date of Patent: January 9, 2018
    Assignee: F5 Networks, Inc.
    Inventors: Alan B. Mimms, Tom Troksa
  • Patent number: 9843554
    Abstract: A method, computer readable medium, and device for dynamic DNS implementation, comprises receiving, at a network traffic management device, a first DNS response from a DNS server, wherein the first DNS response is compliant with Internet Protocol version 4 (IPv4). The first DNS response corresponds to a first DNS request from a client device being compliant with Internet Protocol version 6 (IPv6). The first DNS response is converted into a DNS second response that is compliant with IPv6, by attaching a prefix that identifies a network gateway device which is to handle receive subsequent non-DNS requests from the client device. The second DNS response is routed to the client device. Subsequent non-DNS requests from the client device that contain at least a part of the prefix allow the network traffic management device to route the non-DNS request through the designated network gateway device.
    Type: Grant
    Filed: February 15, 2012
    Date of Patent: December 12, 2017
    Assignee: F5 Networks, Inc.
    Inventors: Peter M. Thornewell, Jason Haworth, Ian Smith, Nat Thirasuttakorn
  • Patent number: 9838259
    Abstract: A method, non-transitory computer readable medium and an application traffic manager computing device for determining whether a received query from a client computing device to resolve a hostname comprises a domain name with a value indicating type of internet protocol version. The received query is processed by truncating a portion of the domain name with the value indicating type of internet protocol version from the received query when the domain name with the value indicating type of internet protocol version is determined to be present. An internet protocol address is received from at least one of a plurality of servers based on the truncated portion of the domain name with the value indicating type of internet protocol version. The format of the received internet protocol address is determined for conforming to one or more policies. One or more actions are performed based on the determination.
    Type: Grant
    Filed: March 10, 2014
    Date of Patent: December 5, 2017
    Assignee: F5 Networks, Inc.
    Inventors: Michael Earnhart, Brent Blood, George Michael Lowell, Jr., Nat Thirasuttakorn
  • Patent number: 9832069
    Abstract: Embodiments are directed towards managing persistence of network traffic using deep packet inspections of network response packets from an application server. In one embodiment, the network packets are associated with SIP messages. A traffic management device (TMD) interposed between client devices and a plurality of application servers receives messages from the client device and/or the application servers. The TMD performs a deep packet inspection to determine if a defined key value pair that includes a session identifier is detected. If so, and the message is from the application server, the session identifier is then mapped to an application server identifier to persistently refer each subsequent inbound packet from a client device having the same session identifier to the application server mapped to the session identifier.
    Type: Grant
    Filed: May 29, 2009
    Date of Patent: November 28, 2017
    Assignee: F5 Networks, Inc.
    Inventors: Randall Cleveland, Mike Schrock, Donald Glover, Nat Thirasuttakorn
  • Patent number: 9800470
    Abstract: Disclosed are methods and apparatus for implementing in an electronic device that includes a processor and memory. Virtual resources, which are associated with an execution of a user's applications in a cloud resource configuration including virtual machines, network services and storage, are identified. A first topology map of the virtual resources, including a plurality of nodes, is generated. The first topology map, including the nodes, is output. A vector, which is associated with each node, said vector including one or more features associated with each node, is generated. Based upon the vectors, a distribution of the plurality of nodes within two or more groups is determined. A second topology map, including each of the node groups in one of a collapsed format, wherein only a identifier of the node group is output or an expanded format, wherein a portion of the plurality of nodes the node group are output, is output.
    Type: Grant
    Filed: November 10, 2014
    Date of Patent: October 24, 2017
    Assignee: F5 Networks, Inc.
    Inventors: Ankit Agarwal, Marion Le Borgne, Pascale Vicat-Blanc
  • Patent number: 9800568
    Abstract: Methods, non-transitory computer readable media, and network traffic management apparatuses that receive a request from a client device to access an application. The request comprises an original certificate. A determination is made when the certificate is valid. Data is extracted from one or more fields of the certificate, when the determining indicates that the user certificate is valid. A delegate certificate comprising the data and signed by a certificate authority trusted by a server device hosting the application is generated. The delegate certificate is sent to the server device. With this technology, network traffic management apparatuses can secure SSL connections using PFS-capable ciphers, while also inspecting payload data in network traffic exchanged between client and server devices in order to provide intelligent services in the network.
    Type: Grant
    Filed: June 30, 2016
    Date of Patent: October 24, 2017
    Assignee: F5 Networks, Inc.
    Inventors: Joel Moses, Kevin Stewart, William Church
  • Patent number: 9769136
    Abstract: A system and method which includes monitoring an existing first connection to a secured network domain. A first network configuration is employed to access the secured network domain via the first connection. An available second connection to the network domain is detected, whereby the system and method automatically switch to the second connection to access the secured network domain upon detecting a termination with the first connection. Access to the secured network domain, via the second connection, is established by employing a second network configuration. In an aspect, the first connection is by cable and the first network configuration is associated with direct access to the secured network domain. In an aspect, the second connection is a wired or wireless signal and the second network configuration is associated with a Virtual Private Network (VPN) connection.
    Type: Grant
    Filed: October 31, 2014
    Date of Patent: September 19, 2017
    Assignee: F5 Networks, Inc.
    Inventor: Andrey Shigapov
  • Patent number: 9762471
    Abstract: Virtual resources associated with an execution of a user's applications in a cloud or distributed resource configuration including virtual or physical machines, network services and storage are identified. A source and destination virtual machine, utilized by the user's applications, are determined, and at least one source or destination virtual machine belongs to the identified virtual resources. Measurement software for a virtual machine is downloaded. The measurement software acquires data for connections established in a transport layer for communicating between the source and destination virtual machine. Data acquired from the measurement software is received at a first time, and the data includes measurements of variables for the data communications via the connections. Based upon the measurements, metrics that characterize the data communications at a first time are generated. Measurements made at an additional number of times are also received.
    Type: Grant
    Filed: September 13, 2013
    Date of Patent: September 12, 2017
    Assignee: F5 Networks, Inc.
    Inventors: Pascale Vicat-Blanc, Romaric Guillier, Sebastien Soudan
  • Patent number: 9762492
    Abstract: Embodiments are directed towards improving the performance of network traffic management devices by optimizing the management of hot connection flows. A packet traffic management device (“PTMD”) may employ a data flow segment (“DFS”) and control segment (“CS”). The CS may perform high-level control functions and per-flow policy enforcement for connection flows maintained at the DFS, while the DFS may perform statistics gathering, per-packet policy enforcement (e.g., packet address translations), or the like, on connection flows maintained at the DFS. The DFS may include high-speed flow caches and other high-speed components that may be comprised of high-performance computer memory. Making efficient use of the high speed flow cache capacity may be improved by maximizing the number of hot connection flows and minimizing the number of malicious and/or in-operative connections flows (e.g., non-genuine flows) that may have flow control data stored in the high-speed flow cache.
    Type: Grant
    Filed: April 8, 2016
    Date of Patent: September 12, 2017
    Assignee: F5 Networks, Inc.
    Inventors: Paul Imre Szabo, Peter M. Thornewell, Timothy Scott Michels
  • Patent number: 9760587
    Abstract: A tool for assisting the operation of a network of interconnected physical equipment includes a physical infrastructure manager associated with a first data structure in which the equipment items are registered under a resource identifier in relation to a first sequence of dated values of global utilizable functional capacity, and a virtual infrastructure manager associated with a second data structure in which virtual units are registered under a unit identifier in relation to a second sequence of dated values of global utilizable functional capacity, and with a third data structure in which a virtual unit identifier is associated with a group of resource identifiers and hence with the corresponding sequences of dated capacity values. The virtual infrastructure manager dynamically reconfigures a virtual infrastructure object in accordance with the rights and capacities requested by a user.
    Type: Grant
    Filed: April 14, 2011
    Date of Patent: September 12, 2017
    Assignee: F5 Networks, Inc.
    Inventors: Pascale Vicat-Blanc-Primet, Sebastian Soudan, Guilherme Koslovski
  • Patent number: 9742806
    Abstract: A method, system, and apparatus are directed towards enabling access to payload by a third -party sent over an SSL session. The third-party may be a proxy situated between a client and a server. SSL handshake messages are sent between the client and the server to establish the SSL connection. As the SSL handshake messages are routed through the proxy, the proxy may extract data. In addition, one of the client or the server may send another message within, or out-of-band to, the series of SSL handshake message directly to the proxy. The other SSL message may include secret data that the proxy may use to generate a session key the SSL connection. With the session key, the proxy may receive SSL messages over the SSL connection, modify and/or transpose the payload within the received SSL messages, and/or terminate the SSL connection at the proxy.
    Type: Grant
    Filed: June 30, 2014
    Date of Patent: August 22, 2017
    Assignee: F5 Networks, Inc.
    Inventors: Jesse Abraham Rothstein, Arindum Mukerji, David D. Schmitt, John R. Hughes
  • Patent number: 9742674
    Abstract: A method, non-transitory computer readable medium, and multi-blade network traffic management apparatus that obtains, with a primary blade and one or more secondary blades, statistical data regarding network traffic respectively managed by each of the blades. The statistical data respectively obtained by each of the blades is stored by each of the blades in a respective database associated with each of the blades. A request for statistical data is received with the primary blade. Each of the databases is queried with the primary blade to retrieve at least a subset of the statistical data stored therein in response to the obtained request. The retrieved at least a subset of the statistical data is consolidated with the primary blade to generate a response to the received request.
    Type: Grant
    Filed: August 15, 2013
    Date of Patent: August 22, 2017
    Assignee: F5 Networks, Inc.
    Inventor: Valery Kreidenko
  • Patent number: 9712460
    Abstract: Embodiments are directed towards selecting a local port number for server side connections that hash to a same processor as a matching client side flow on a multiprocessor device using Receive Side Scaling (RSS) for the disaggregation hash. A hash of a flow key is computed with an initial port number. An exclusive-or (XOR) distance is computed to a desired hash, using least significant bits. An XOR is performed on a corrected pre-computed collision value, to transform the source port number to a value that hashes correctly with other elements within the flow key. The transformed source port number may then be inserted into network packets sent to a server device, such that the transformed source port number can be used in a returning RSS hash to again select the same processor.
    Type: Grant
    Filed: August 26, 2013
    Date of Patent: July 18, 2017
    Assignee: F5 Networks, Inc.
    Inventor: Lars Pearson Friend
  • Patent number: 9705852
    Abstract: A traffic management device (TMD), system, and processor-readable storage medium are directed to determining that an end-to-end encrypted session has been established between a client and an authentication server, intercepting and decrypting subsequent task traffic from the client, and forwarding the intercepted traffic toward a server. In some embodiments, a second connection between the TMD and server may be employed to forward the intercepted traffic, and the second connection may be unencrypted or encrypted with a different mechanism than the encrypted connection to the authentication server. The encrypted connection to the authentication server may be maintained following authentication to enable termination of the second connection if the client becomes untrusted, and/or to enable logging of client requests, connection information, and the like. In some embodiments, the TMD may act as a proxy to provide client access to a number of servers and/or resources.
    Type: Grant
    Filed: September 16, 2015
    Date of Patent: July 11, 2017
    Assignee: F5 Networks, Inc.
    Inventors: Benn Sapin Bollay, Jonathan Mini Hawthorne
  • Patent number: 9705821
    Abstract: A method, non-transitory computer readable medium and an application manager computing device that assists with provisioning applications based on user anticipated workloads includes obtaining, a user anticipated resource based on information within a user workload database, prior to receiving a request from a client computing device. The obtained user anticipated resource is provisioned. The provisioned user anticipated resource is provided upon establishing a session with the requesting client computing device.
    Type: Grant
    Filed: September 30, 2014
    Date of Patent: July 11, 2017
    Assignee: F5 Networks, Inc.
    Inventors: Amit Jain, Charles Cano
  • Patent number: 9674144
    Abstract: IP reflection comprising double static NAT (network address translation) is disclosed. In some embodiments, a packet having a public IP address is received at a protecting network. The public IP address of the packet is translated to a corresponding protected IP address associated with a protected network, and the packet is forwarded to the protected network for servicing. The protected IP address of a response to the packet from the protected network is translated back to the public IP address at the protected network before sending.
    Type: Grant
    Filed: October 30, 2015
    Date of Patent: June 6, 2017
    Assignee: F5 Networks, Inc.
    Inventor: Barrett Gibson Lyon
  • Patent number: 9667601
    Abstract: A traffic management device (TMD), system, and processor-readable storage medium directed towards re-establishing an encrypted connection of an encrypted session, the encrypted connection having initially been established between a client device and a first server device, causing the encrypted connection to terminate at a second server device. As described, a traffic management device (TMD) is interposed between the client device and the first server device. In some embodiments, the TMD may request that the client device renegotiate the encrypted connection. The TMD may redirect the response to the renegotiation request towards a second server device, such that the renegotiated encrypted connection is established between the client device and the second server device.
    Type: Grant
    Filed: September 11, 2015
    Date of Patent: May 30, 2017
    Assignee: F5 Networks, Inc.
    Inventors: Benn Sapin Bollay, David Alan Hansen, David Dean Schmitt, Jonathan Mini Hawthorne
  • Patent number: 9667553
    Abstract: Methods, systems, and devices are described for managing network communications. A traffic manager module may receive a message from a first network device to a second network device. The traffic manager module may serve as a proxy between the first network device and the second network device. The traffic manager module may perform an application layer inspection at the traffic manager module on at least one of the message or a response to the message from the second network device, and forward the message or the response to the message to a third network device based on the application layer inspection at the traffic manager module.
    Type: Grant
    Filed: August 19, 2013
    Date of Patent: May 30, 2017
    Assignee: F5 Networks, Inc.
    Inventors: Manish Vachharajani, John Giacomoni, Mark Terrel, Leonard Maiorani
  • Patent number: 9647954
    Abstract: A server array controller that includes a Data Flow Segment (DFS) and at least one Control Segment (CS). The DFS includes the hardware-optimized portion of the controller, while the CS includes the software-optimized portions. The DFS performs most of the repetitive chores including statistics gathering and per-packet policy enforcement (e.g. packet switching). The DFS also performs tasks such as that of a router, a switch, or a routing switch. The CS determines the translation to be performed on each flow of packets, and thus performs high-level control functions and per-flow policy enforcement. Network address translation (NAT) is performed by the combined operation of the CS and DFS. The CS and DFS may be incorporated into one or more separate blocks. The CS and DFS are independently scalable. Additionally, the functionality of either the DFS or the CS may be separately implemented in software and/or hardware.
    Type: Grant
    Filed: June 20, 2014
    Date of Patent: May 9, 2017
    Assignee: F5 Networks, Inc.
    Inventors: Robert George Gilde, Steven Lee Harms
  • Patent number: 9635024
    Abstract: A method, non-transitory computer readable medium, and access policy management computing device that obtains a first set of attributes based on a login request received from a client device. The first set of attributes includes at least credentials for a user of the client device. A persistent data store record for the user is identified and a second set of attributes associated with the user, and included in the persistent data store record, is imported into a session cache record for the user. A fingerprint including the second set of attributes is compared to the first set of attributes. A multifactor or single factor authentication is initiated based on a result of the comparison to determine when the credentials for the user are valid. A session for the user is established and access by the user to network resource(s) is allowed, when the credentials for the user are valid.
    Type: Grant
    Filed: December 15, 2014
    Date of Patent: April 25, 2017
    Assignee: F5 Networks, Inc.
    Inventors: Vinod Pisharody, Amit Jain