Patents Assigned to F5 Networks, Inc.
-
Patent number: 9553845Abstract: A method, non-transitory computer readable medium, and traffic management computing device that obtains one or more parameters for a packet. Firewall policies each corresponding to a logical firewall are applied to the parameters for the packet. A policy log for each of at least a subset of the firewall policies or a hit count for one or more of rules in an access list of each of the subset of the firewall policies is generated. The policy log includes an indication of one or more actions corresponding to at least one rule in the access list of each of the subset of the firewall policies, wherein the at least one rule matches one or more of the parameters of the packet. At least one of the generated policy log or hit counts for one or more of the at least a subset of the firewall policies is output.Type: GrantFiled: September 30, 2014Date of Patent: January 24, 2017Assignee: F5 Networks, Inc.Inventors: Ron Talmor, John N. Nugent, JC Ferguson
-
Patent number: 9554276Abstract: A system, machine readable medium and method for utilizing protocol conversions in policy changing enforcement is disclosed. A message, in a first protocol, is received from a network gateway device including identifying information unique to a client attempting to access a resource from a server. The message is processed using one or more portions of the client identifying information as a unique key identifier. A policy access request is generated, in a second protocol, and includes at least the unique key identifier. The policy access request is sent to a policy server, wherein the policy server is configured to provide policy enforcement information of the client associated with the policy access request. The policy enforcement information is received and one or more policies from the policy enforcement information are enforced to network traffic between the client and the server.Type: GrantFiled: October 28, 2011Date of Patent: January 24, 2017Assignee: F5 Networks, Inc.Inventors: Nat Thirasuttakorn, Jason Haworth, Brandon Burns, Ian Michael Smith
-
Patent number: 9554418Abstract: A system for hiding an internal topology of a network having plurality of client and server entities is provided herein. The system comprises a topology hiding node that coordinates communication between systems in two distinct networks: Home Public Land Mobile and Visited Public Land Mobile. The topology hiding node includes long term storage and a short term storage which includes a change list. A real identity of one system entity is represented by at least one virtual identity allocated from a group of at least two virtual identities, when communicating with the other system entities, and the relation between the virtual identities and the real identities of a current communication session is recorded in the change list and stored in short term storage and the relation between the virtual identities and the real identities of a previous communication sessions is stored in the long term storage.Type: GrantFiled: February 28, 2014Date of Patent: January 24, 2017Assignee: F5 Networks, Inc.Inventors: Leonid Ridel, Petro Flomin
-
Patent number: 9525632Abstract: Embodiments are directed towards employing a packet traffic management device that has a split data flow segment (“DFS”) and control segment (“CS”) to determine if a connection flow update provided by the DFS to the CS is valid. The CS may be utilized to establish connection flows at the DFS based on connection flow requests. The CS may generate a connection flow identifier (“CFID”) for a connection flow request. The CS may cache the CFID at the CS. The CS may establish a connection flow at the DFS based at least on the connection flow request and the CFID. After a connection flow is established, a DFS may provide a connection flow update and a corresponding CFID to the CS. The CS may determine that the connection flow update is valid if the corresponding CFID matches the CFID cached at the CS.Type: GrantFiled: May 1, 2012Date of Patent: December 20, 2016Assignee: F5 Networks, Inc.Inventors: Hao Cai, Paul Imre Szabo, Peter M. Thornewell, Timothy Scott Michels
-
Patent number: 9519501Abstract: A method performed by a hypervisor in a virtual network traffic management cluster, the method comprising: assigning a set of continuous available source media access control (SMAC) addresses to one or more virtual network traffic management devices in a network traffic management cluster, the one or more virtual network traffic management devices configured to handle connections for virtual guest instances; assigning a region of predetermined size in a SMAC-index mapping table to a corresponding virtual network traffic management device; wherein the assigned SMAC addresses and assigned region in the SMAC-index mapping table are accessible by the virtual guest instances; and maintaining SMAC-index pool allocation to virtual guest instances handled by corresponding virtual network traffic management devices.Type: GrantFiled: September 30, 2013Date of Patent: December 13, 2016Assignee: F5 Networks, Inc.Inventors: Hao Cai, Timothy S. Michels, Paul I. Szabo
-
Patent number: 9516102Abstract: Embodiments may be directed towards enabling one or more load balance servers to maintain connection flow persistence if the server initiates to the communication to a client. A packet traffic management device may (PTMD) intercept the request from the server and generate reverse persistence information. The PTMD may include a portion of the reverse persistence information in the request before forwarding the request to the targeted client device. The client device may send the response to the PTMD. The PTMD may employ reverse persistence information to identify the target server. The PTMD may remove the reverse persistence information from the response sent by the client and forward the response to the determined server. Removing the reverse persistence information may remove evidence that the PTMD intervened in the connection between the client and server.Type: GrantFiled: March 7, 2013Date of Patent: December 6, 2016Assignee: F5 Networks, Inc.Inventors: Tao Liu, Nat Thirasuttakorn, Songbo Zheng
-
Patent number: 9509663Abstract: Securely transferring session credentials from a client-side traffic management device (TMD) to a second server-side TMD that replaces a first server-side TMD. A client-side TMD and the first server-side TMD have copies of secret data associated with an encrypted session between a client device and a server device. The first server-side TMD may be replaced with the second server-side TMD, which may not have the secret data. In response to a request to create an encrypted connection associated with the encrypted session, the client-side TMD encrypts the secret data using the server device's public key and transmits the encrypted secret data to the second server-side TMD. Using the server device's private key, the second server-side TMD decrypts the secret data and participates in the encrypted connection.Type: GrantFiled: December 13, 2010Date of Patent: November 29, 2016Assignee: F5 Networks, Inc.Inventors: Benn Sapin Bollay, Jeffrey Michael Warren
-
Patent number: 9509600Abstract: A method, non-transitory computer readable medium, and host device that receives, at a routing interface, a request from a transmission control protocol (TCP) connection with a stateful network device. A media access control (MAC) address of the stateful network device is determined and the MAC address and the routing interface are stored as associated with information for the TCP connection in a per-connection routing table. The request is sent to one of a plurality of virtual machines, a response is received from the one of the virtual machines, and the MAC address and routing interface are retrieved from the per-connection routing table based on a comparison of information included in the response to the information for the TCP connection. The response is sent to the stateful network device using the retrieved MAC address and routing interface.Type: GrantFiled: August 6, 2014Date of Patent: November 29, 2016Assignee: F5 Networks, Inc.Inventors: Paul I. Szabo, Daniel Wright, Dayne Miller
-
Patent number: 9503375Abstract: A method, computer readable medium, and device that manages traffic in a multi-service environment including determining a self score for a front virtual service which is coupled to one or more inner virtual services. An aggregate score for the front virtual service is determined based on an aggregate score for each of the one or more inner virtual services and a number of connections between each of the one or more inner virtual services and the front virtual service. An advertised score for the front virtual service for load balancing is obtained based on the determined self score and the determined aggregate score.Type: GrantFiled: June 30, 2011Date of Patent: November 22, 2016Assignee: F5 Networks, Inc.Inventors: Ravi Natarajan, Saxon Amdahl
-
Patent number: 9497285Abstract: Creating a connection between one of a first plurality of computing devices in a primary chassis and one of a second plurality of computing devices in a failover chassis. A first plurality of buckets may be associated with the primary chassis, a second plurality of buckets may be associated with the failover chassis, where the first plurality of buckets may correspond to the second plurality of buckets. One of the first plurality of computing devices may be associated with one of the first plurality of buckets, and can create a connection with attributes such that a disaggregator in the failover chassis routes the connection to one of the second plurality of computing devices, wherein the one of the second plurality of computing devices may be associated with a bucket of the second plurality of buckets that corresponds to the one of the first plurality of buckets.Type: GrantFiled: September 30, 2015Date of Patent: November 15, 2016Assignee: F5 Networks, Inc.Inventors: Anthony King, Paul Imre Szabo, William Ross Baumann
-
Patent number: 9497614Abstract: This technology discloses a controlling and steering device for maintaining national connection between a mobile device of a subscriber and a mobile network. The system comprises: a tracing module, a steering logic module and a communication module. The tracing module is configured to: (i) periodically sample a mobile device of a subscriber or a location of the mobile device; and (ii) check amount of data sent and received from the mobile device is below a specified threshold. The steering logic module is configured to determine if a national connection between a mobile device of a subscriber via a Mobility Management Entity (MME) and a mobile network via a Home Subscriber Server (HSS) is permitted and wherein the communication module is arranged to send and receive messages from HSS to MME and from MME to HSS.Type: GrantFiled: February 28, 2014Date of Patent: November 15, 2016Assignee: F5 Networks, Inc.Inventors: Leonid Ridel, Petrus Wilhelmus Andrianus Jacobus Maria Nas
-
Patent number: 9491157Abstract: Embodiments are directed towards managing network traffic that includes SSL secured NTLM acceleration. A Packet Traffic Management Computer (PTMC) may receive a challenge sent by a server computer before the challenge is provided to a client computer. After receiving the challenge from the server computer, the PTMC may generate a cookie that at least includes a session-ID that corresponds to the client computer. The PTMC may add the cookie to the challenge before the modified challenge is forwarded to the client computer. If response is received from the client computer and it includes the same cookie that was sent with the challenge. The session-ID may be extracted from the cookie and employed to determine which server computer should receive the message. If a server computer may be determined, the PTMC may forward the message to the determined server computer.Type: GrantFiled: September 26, 2014Date of Patent: November 8, 2016Assignee: F5 Networks, Inc.Inventors: Saxon Carl Amdahl, Ravi Natarajan, Richard Roderick Masters
-
Patent number: 9485143Abstract: Methods, systems, and devices are described for managing virtual network services provided to a network. Network services may be provided to a client network having a first network fabric at a self-contained network services system implementing a number of redundant instances of a network service application. The self-contained network services system may have a second network fabric. The second network fabric may be adapted to distribute network service tasks received from the client network which are associated with the network service application among the redundant instances of the network service application.Type: GrantFiled: February 16, 2015Date of Patent: November 1, 2016Assignee: F5 Networks, Inc.Inventors: Manish Vachharajani, John Giacomoni
-
Patent number: 9485158Abstract: A method, non-transitory computer readable medium and an multi-blade network traffic manager device that assists with aggregating per-session statistics on a clustered system includes receiving a request for a HTTP transaction. Presence of a cookie within the received request is determined. One or more actions is performed based on the determination of the presence of the cookie to prepare for aggregating session statistics within a clustered system. Session statistics information is aggregated upon performing the one or more actions and completing the request for the HTTP transaction.Type: GrantFiled: November 6, 2014Date of Patent: November 1, 2016Assignee: F5 Networks, Inc.Inventors: Peter Finkelshtein, Dmitry Rovniaguin
-
Patent number: 9444620Abstract: A method, computer readable medium, and apparatus for secure application delivery includes forming at a traffic management device a session identifier in response to a first request from a client device for access to a network application. The session identifier is encrypted for sending to the client device using a session variable formed by hashing at least one physical identifier associated uniquely with the client device in response to the first request. In a second request from the client device to access the network application, the encrypted session identifier is decrypted using an updated value of the session variable. The access to the network application is provided when the decrypted session identifier matches the formed session identifier, and denied when the decrypted session identifier does not match the formed session identifier.Type: GrantFiled: June 24, 2010Date of Patent: September 13, 2016Assignee: F5 Networks, Inc.Inventors: Alan Murphy, Ido Breger
-
Patent number: 9438471Abstract: A network traffic management cluster, medium and method is disclosed. The cluster includes a plurality of network traffic management devices, a backplane switch coupled to the network traffic management devices. A network traffic management device of the plurality includes a network interface and a hardwire failover switch. The switch has a primary bus coupled to the network interface and a secondary bus coupled to the backplane switch. The switch passes network traffic to the network interface via the primary bus when the network traffic management device is operational. The switch automatically redirects the network traffic to the backplane switch via the secondary bus when the network traffic management device experiences a failure. The backplane switch redistributes the redirected network traffic to one or more other network traffic management devices in the cluster.Type: GrantFiled: December 31, 2012Date of Patent: September 6, 2016Assignee: F5 Networks, Inc.Inventor: Saxon Amdahl
-
Patent number: 9420049Abstract: A system and method for preventing web scraping which includes receiving a request between a web client and a web server for the web client to receive web content. A client side language script is injected into a response to be sent to the requesting web client, wherein the client side language script contains an event listener to detect a keystroke and/or a mouse movement at the web client. Information is collected from the client side language script relating to whether the keystroke and/or the mouse movement were detected. The web client is selectively allowed to access the web server to receive the web content based on the collected information.Type: GrantFiled: June 30, 2010Date of Patent: August 16, 2016Assignee: F5 Networks, Inc.Inventors: Ron Talmor, Shlomo Yóna, Orit Margalit, Beni Serfaty
-
Patent number: 9356824Abstract: A method, system, and apparatus are directed towards managing content over a network. A request from a requestor for a resource is received over the network. The request may include a request for resource identified by a Network Resource Identifier (NRI). The request may also include Systems Interconnection (OSI) level 2-7 data. Characteristics of the requestor are determined based on the request. The characteristics are mapped onto a label. A unique key is generated based on the request, the characteristics, and/or the label. A version of the resource to cache is determined based on the request, the characteristics, the label, and/or the unique key. The version of the resource is cached based on the unique key.Type: GrantFiled: September 29, 2006Date of Patent: May 31, 2016Assignee: F5 Networks, Inc.Inventor: Bhushan P. Khanal
-
Patent number: 9356998Abstract: A system, computer readable medium and method of load balancing of requests between Diameter-enabled network devices is disclosed. Processing occurs at a signal controller in communication with a first Diameter-enabled network device and a second Diameter-enabled network device, request handling capacity of at least the second Diameter-enabled network device. One or more tokens are allocated for inbound requests from the first Diameter-enabled network device to the second Diameter-enabled network device. The second Diameter-enabled network device is notified of the one or more allocated tokens for handling a corresponding number of requests from the first Diameter-enabled network device. Transmission of the corresponding number of requests from the first Diameter-enabled network device to the second Diameter-enabled network device is coordinated by the signal controller.Type: GrantFiled: November 3, 2014Date of Patent: May 31, 2016Assignee: F5 Networks, Inc.Inventors: Leonid Ridel, Valentin Tumarkin
-
Patent number: 9344865Abstract: A method, non-transitory computer readable medium, and network traffic management apparatus that selects a first one of a plurality of Short Message Service Center (SMSC) servers based on a load balancing decision in response to an external short messaging entity (ESME) SMPP request message received from a first one of a plurality of ESMEs. A first sequence number is generated for the ESME SMPP request message. The first sequence number is stored in a first entry of a mapping table as associated with a sequence number included in the ESME SMPP request message and an indication of the first one of the plurality of SMSC servers. The sequence number included in the ESME SMPP request message is replaced with the first sequence number. The ESME SMPP request message is sent to the first one of the plurality of SMSC servers.Type: GrantFiled: March 6, 2014Date of Patent: May 17, 2016Assignee: F5 Networks, Inc.Inventors: Nat Thirasuttakorn, Tao Liu, David Hansen
