Abstract: Embodiments are directed towards network address based flood attack mitigation methods. A PTMD disposed between one or more computers may monitor several network flows and generate metrics associated with malicious network activity, such as, flood attacks. If flood attacks are determined to be occurring, the PTMD may determine the network addresses targeted by the flood attack. Further, the PTMD may activate flood attack mitigation procedures for the targeted network addresses such that other network addresses associated with the monitored network flows are excluded from the flood attack mitigation procedure. The PTMD may monitor the network traffic subsequently communicated to the targeted network addresses. Accordingly, the PTMD may determine if the flood attack has ceased based on characteristics of the monitored network traffic. If the flood attack has ceased, the flood attack mitigation procedures for the targeted network addresses may be deactivated.

Abstract: A method and system for controlling provisioning and access to cache servers with an application programming interface (API). The API includes components for performing various actions including: (i) prepopulating content on at least one cache server from a content server; (ii) expiring content on at least one cache server; (iii) pinning content in a memory of at least one cache server; (iv) assigning resources on at least one cache server in accordance with a quota; (v) retrieving content from at least one cache server; and (vi) flushing deleted content from at least one selected cache. The API may include a security layer. The security layer determines whether a requestor has permission to cause the requested action to be performed.

Abstract: A method, apparatus, and system are directed to managing traffic towards a tunnel in a network. The invention enables a network device, to extract data from a received packet. A deep packet inspection is employed that enables examination of the extracted data at virtually any layer of an OSI layered protocol of the packet. If the extracted data does not satisfy the flow criteria, a second packet may be inspected at a deep packet level to determine whether the data of the first and second packet satisfies the flow criteria. If the extracted data satisfies the flow criteria a tunnel is determined based, in part, on the flow criteria. The packet is associated with and forwarded towards the determined tunnel.

Abstract: A method, non-transitory computer readable medium, and application acceleration management (AAM) computing device that modifies an obtained master playlist file such that a first set of meta information is appended to a network address of a secondary playlist file. The secondary playlist file is obtained and modified such that the first and second sets of meta information are appended to a network address of a media file. Alternatively to modifying the playlist files, first and second cookies including the first set of meta information and the first and second sets of meta information, respectively, can be used. A cache score is generated for the media file based on the first and second sets of meta information included in a request for the media file. The media file is obtained, stored in a cache as associated with the cache score, and sent in response to the request.

Abstract: A system, method, and computer readable medium for sharing bandwidth among executing application programs across a packetized bus for packets from multiple DMA channels includes receiving at a network traffic management device first and second network packets from respective first and second DMA channels. The received packets are segmented into respective one or more constituent CPU bus packets. The segmented constituent CPU bus packets are interleaved for transmission across a packetized CPU bus.

Abstract: A method, non-transitory computer readable medium and global traffic manager computing device for preventing distributed denial of service attack comprising machine executable code which when executed by at least one processor, causes the processor to perform steps including obtaining network information relating to a request in response to receiving the request. A rating is determined for the obtained network information based on one or more network parameters. An action to be taken for the received request is determined based on a comparison of the determined rating and a threshold rating. The determined action is executed for the received request.

Abstract: Embodiments are directed towards improving the performance of network traffic management devices by optimizing the management of hot connection flows. A packet traffic management device (“PTMD”) employs a data flow segment (“DFS”) and control segment (“CS”). The CS performs high-level control functions and per-flow policy enforcement for connection flows maintained at the DFS, while the DFS performs statistics gathering, and per-packet policy enforcement, on connection flows maintained at the DFS. The DFS may include high-speed flow caches and other high-speed components. Making efficient use of the high speed flow cache capacity may be improved by maximizing the number of hot connection flows based on unique service and network traffic characteristics through adaptive feedback pattern learning together with administrator configurable service preferences that may have flow control data for most bandwidth hungry and desired hot services offloaded to the high-speed flow cache, at appropriate time.

Abstract: A system, medium and method of automatically discovering a wide area network optimized route is disclosed. A client request is received at a second optimization device to access a server. The second optimization device is of a second local area network with respect to a wide area network (WAN) and is configured to communicate with the server. A probe request is received at the second optimization device from a first optimization device of a first local area network. The probe request establishes an optimization route with the first optimization device. A probe response is sent to the first optimization device, wherein the probe response provides identifying information of the second optimization device. A paired relationship is established, wherein configuration information of the first and second optimization devices are exchanged. An optimization route based on the configuration information is exchanged between the paired first and second optimization devices.

Abstract: Embodiments are directed towards detecting and thwarting incoming network requests by either throttling and/or redirecting the attack requests towards a honeypot. As network requests are received, TCP segments are examined to identify a presence of attack signatures before returning an ACK. Such attack signatures may identified based on an absence of referrer headers, an invalid cookie, known improper sender addresses, known valid sender addresses, examination of OSI layer 4 and/or above content of a packet, or the like. If an attack is identified, throttling may be employed by responding to the attack requests by dropping and/or rejecting packets within the request, acknowledging the client device's packets at a byte level, modifying a round trip time (RTT) calculation by responding at a defined slowed rate, and/or redirecting client requests to a honeypot.

Abstract: A method, non-transitory computer readable medium and an application delivery controller for receiving a notification from a client computing device when an application is selected. A configuration file including one or more instructions is identified from one or more memory locations. One or more instructions within the application delivery controller is updated with the one or more instructions present within the identified configuration file to provision the selected application. The selected application is provisioned to the requesting client computing device using the updated one or more instructions.

Abstract: Embodiments are directed towards employing a traffic management system (TMS) that is enabled to deploy component virtual machines (CVM) to the cloud to perform tasks of the TMS. In some embodiments, a TMS may be employed with one or more CVMs. In at least one embodiment, the TMS may maintain an image of each CVM. Each CVM may be configured to perform one or more tasks, to operate in specific cloud infrastructures, or the like. The TMS may deploy one or more CVMs locally and/or to one or more public and/or private clouds. In some embodiments, deployment of the CVMs may be based on a type of task to be performed, anticipated resource utilization, customer policies, or the like. The deployment of the CVMs may be dynamically updated based on monitored usage patterns, task completions, customer policies, or the like.

Abstract: A system and method for providing real time holographic reporting data of at least a portion of a data center to a user. Initializing a reporting profile of a data center via a network traffic management device, wherein the reporting profile includes a plurality of network sources of the data canter identified by the user to provide reporting information, the reporting profile including a user established policy configured to instruct how to process the reporting information from the identified network sources; receiving reporting information from one or more identified network sources of the data center; compiling the received reporting information of the one or more network sources in conformance with the user established policy; generating network statistics data of the data center based on compiling instructions of the user established policy; generating a report configured to display the generated network statistics data of a user identified portion of the data center.

Abstract: A method and system for use of XML Schema in conjunction with XML Schema aware applications on a SOAP message including a request with a method defined by a WSDL document. A WSDL document is converted offline to XML Schema. A SOAP message containing a request is received. An XML Schema aware operation is performed on the SOAP message based on previously determined XML Schema derived from the WSDL document.

Abstract: A method, non-transitory computer readable medium, and traffic management computing device that obtains one or more parameters for a packet. Firewall policies each corresponding to a logical firewall are applied to the parameters for the packet. A policy log for each of at least a subset of the firewall policies or a hit count for one or more of rules in an access list of each of the subset of the firewall policies is generated. The policy log includes an indication of one or more actions corresponding to at least one rule in the access list of each of the subset of the firewall policies, wherein the at least one rule matches one or more of the parameters of the packet. At least one of the generated policy log or hit counts for one or more of the at least a subset of the firewall policies is output.

Abstract: A system for hiding an internal topology of a network having plurality of client and server entities is provided herein. The system comprises a topology hiding node that coordinates communication between systems in two distinct networks: Home Public Land Mobile and Visited Public Land Mobile. The topology hiding node includes long term storage and a short term storage which includes a change list. A real identity of one system entity is represented by at least one virtual identity allocated from a group of at least two virtual identities, when communicating with the other system entities, and the relation between the virtual identities and the real identities of a current communication session is recorded in the change list and stored in short term storage and the relation between the virtual identities and the real identities of a previous communication sessions is stored in the long term storage.

Abstract: A system, machine readable medium and method for utilizing protocol conversions in policy changing enforcement is disclosed. A message, in a first protocol, is received from a network gateway device including identifying information unique to a client attempting to access a resource from a server. The message is processed using one or more portions of the client identifying information as a unique key identifier. A policy access request is generated, in a second protocol, and includes at least the unique key identifier. The policy access request is sent to a policy server, wherein the policy server is configured to provide policy enforcement information of the client associated with the policy access request. The policy enforcement information is received and one or more policies from the policy enforcement information are enforced to network traffic between the client and the server.

Abstract: Embodiments are directed towards employing a packet traffic management device that has a split data flow segment (“DFS”) and control segment (“CS”) to determine if a connection flow update provided by the DFS to the CS is valid. The CS may be utilized to establish connection flows at the DFS based on connection flow requests. The CS may generate a connection flow identifier (“CFID”) for a connection flow request. The CS may cache the CFID at the CS. The CS may establish a connection flow at the DFS based at least on the connection flow request and the CFID. After a connection flow is established, a DFS may provide a connection flow update and a corresponding CFID to the CS. The CS may determine that the connection flow update is valid if the corresponding CFID matches the CFID cached at the CS.

Abstract: A method performed by a hypervisor in a virtual network traffic management cluster, the method comprising: assigning a set of continuous available source media access control (SMAC) addresses to one or more virtual network traffic management devices in a network traffic management cluster, the one or more virtual network traffic management devices configured to handle connections for virtual guest instances; assigning a region of predetermined size in a SMAC-index mapping table to a corresponding virtual network traffic management device; wherein the assigned SMAC addresses and assigned region in the SMAC-index mapping table are accessible by the virtual guest instances; and maintaining SMAC-index pool allocation to virtual guest instances handled by corresponding virtual network traffic management devices.

Abstract: Embodiments may be directed towards enabling one or more load balance servers to maintain connection flow persistence if the server initiates to the communication to a client. A packet traffic management device may (PTMD) intercept the request from the server and generate reverse persistence information. The PTMD may include a portion of the reverse persistence information in the request before forwarding the request to the targeted client device. The client device may send the response to the PTMD. The PTMD may employ reverse persistence information to identify the target server. The PTMD may remove the reverse persistence information from the response sent by the client and forward the response to the determined server. Removing the reverse persistence information may remove evidence that the PTMD intervened in the connection between the client and server.

Abstract: A method, non-transitory computer readable medium, and host device that receives, at a routing interface, a request from a transmission control protocol (TCP) connection with a stateful network device. A media access control (MAC) address of the stateful network device is determined and the MAC address and the routing interface are stored as associated with information for the TCP connection in a per-connection routing table. The request is sent to one of a plurality of virtual machines, a response is received from the one of the virtual machines, and the MAC address and routing interface are retrieved from the per-connection routing table based on a comparison of information included in the response to the information for the TCP connection. The response is sent to the stateful network device using the retrieved MAC address and routing interface.