Patents Assigned to F5 Networks, Inc.
  • Patent number: 9553845
    Abstract: A method, non-transitory computer readable medium, and traffic management computing device that obtains one or more parameters for a packet. Firewall policies each corresponding to a logical firewall are applied to the parameters for the packet. A policy log for each of at least a subset of the firewall policies or a hit count for one or more of rules in an access list of each of the subset of the firewall policies is generated. The policy log includes an indication of one or more actions corresponding to at least one rule in the access list of each of the subset of the firewall policies, wherein the at least one rule matches one or more of the parameters of the packet. At least one of the generated policy log or hit counts for one or more of the at least a subset of the firewall policies is output.
    Type: Grant
    Filed: September 30, 2014
    Date of Patent: January 24, 2017
    Assignee: F5 Networks, Inc.
    Inventors: Ron Talmor, John N. Nugent, JC Ferguson
  • Patent number: 9554276
    Abstract: A system, machine readable medium and method for utilizing protocol conversions in policy changing enforcement is disclosed. A message, in a first protocol, is received from a network gateway device including identifying information unique to a client attempting to access a resource from a server. The message is processed using one or more portions of the client identifying information as a unique key identifier. A policy access request is generated, in a second protocol, and includes at least the unique key identifier. The policy access request is sent to a policy server, wherein the policy server is configured to provide policy enforcement information of the client associated with the policy access request. The policy enforcement information is received and one or more policies from the policy enforcement information are enforced to network traffic between the client and the server.
    Type: Grant
    Filed: October 28, 2011
    Date of Patent: January 24, 2017
    Assignee: F5 Networks, Inc.
    Inventors: Nat Thirasuttakorn, Jason Haworth, Brandon Burns, Ian Michael Smith
  • Patent number: 9554418
    Abstract: A system for hiding an internal topology of a network having plurality of client and server entities is provided herein. The system comprises a topology hiding node that coordinates communication between systems in two distinct networks: Home Public Land Mobile and Visited Public Land Mobile. The topology hiding node includes long term storage and a short term storage which includes a change list. A real identity of one system entity is represented by at least one virtual identity allocated from a group of at least two virtual identities, when communicating with the other system entities, and the relation between the virtual identities and the real identities of a current communication session is recorded in the change list and stored in short term storage and the relation between the virtual identities and the real identities of a previous communication sessions is stored in the long term storage.
    Type: Grant
    Filed: February 28, 2014
    Date of Patent: January 24, 2017
    Assignee: F5 Networks, Inc.
    Inventors: Leonid Ridel, Petro Flomin
  • Patent number: 9525632
    Abstract: Embodiments are directed towards employing a packet traffic management device that has a split data flow segment (“DFS”) and control segment (“CS”) to determine if a connection flow update provided by the DFS to the CS is valid. The CS may be utilized to establish connection flows at the DFS based on connection flow requests. The CS may generate a connection flow identifier (“CFID”) for a connection flow request. The CS may cache the CFID at the CS. The CS may establish a connection flow at the DFS based at least on the connection flow request and the CFID. After a connection flow is established, a DFS may provide a connection flow update and a corresponding CFID to the CS. The CS may determine that the connection flow update is valid if the corresponding CFID matches the CFID cached at the CS.
    Type: Grant
    Filed: May 1, 2012
    Date of Patent: December 20, 2016
    Assignee: F5 Networks, Inc.
    Inventors: Hao Cai, Paul Imre Szabo, Peter M. Thornewell, Timothy Scott Michels
  • Patent number: 9519501
    Abstract: A method performed by a hypervisor in a virtual network traffic management cluster, the method comprising: assigning a set of continuous available source media access control (SMAC) addresses to one or more virtual network traffic management devices in a network traffic management cluster, the one or more virtual network traffic management devices configured to handle connections for virtual guest instances; assigning a region of predetermined size in a SMAC-index mapping table to a corresponding virtual network traffic management device; wherein the assigned SMAC addresses and assigned region in the SMAC-index mapping table are accessible by the virtual guest instances; and maintaining SMAC-index pool allocation to virtual guest instances handled by corresponding virtual network traffic management devices.
    Type: Grant
    Filed: September 30, 2013
    Date of Patent: December 13, 2016
    Assignee: F5 Networks, Inc.
    Inventors: Hao Cai, Timothy S. Michels, Paul I. Szabo
  • Patent number: 9516102
    Abstract: Embodiments may be directed towards enabling one or more load balance servers to maintain connection flow persistence if the server initiates to the communication to a client. A packet traffic management device may (PTMD) intercept the request from the server and generate reverse persistence information. The PTMD may include a portion of the reverse persistence information in the request before forwarding the request to the targeted client device. The client device may send the response to the PTMD. The PTMD may employ reverse persistence information to identify the target server. The PTMD may remove the reverse persistence information from the response sent by the client and forward the response to the determined server. Removing the reverse persistence information may remove evidence that the PTMD intervened in the connection between the client and server.
    Type: Grant
    Filed: March 7, 2013
    Date of Patent: December 6, 2016
    Assignee: F5 Networks, Inc.
    Inventors: Tao Liu, Nat Thirasuttakorn, Songbo Zheng
  • Patent number: 9509663
    Abstract: Securely transferring session credentials from a client-side traffic management device (TMD) to a second server-side TMD that replaces a first server-side TMD. A client-side TMD and the first server-side TMD have copies of secret data associated with an encrypted session between a client device and a server device. The first server-side TMD may be replaced with the second server-side TMD, which may not have the secret data. In response to a request to create an encrypted connection associated with the encrypted session, the client-side TMD encrypts the secret data using the server device's public key and transmits the encrypted secret data to the second server-side TMD. Using the server device's private key, the second server-side TMD decrypts the secret data and participates in the encrypted connection.
    Type: Grant
    Filed: December 13, 2010
    Date of Patent: November 29, 2016
    Assignee: F5 Networks, Inc.
    Inventors: Benn Sapin Bollay, Jeffrey Michael Warren
  • Patent number: 9509600
    Abstract: A method, non-transitory computer readable medium, and host device that receives, at a routing interface, a request from a transmission control protocol (TCP) connection with a stateful network device. A media access control (MAC) address of the stateful network device is determined and the MAC address and the routing interface are stored as associated with information for the TCP connection in a per-connection routing table. The request is sent to one of a plurality of virtual machines, a response is received from the one of the virtual machines, and the MAC address and routing interface are retrieved from the per-connection routing table based on a comparison of information included in the response to the information for the TCP connection. The response is sent to the stateful network device using the retrieved MAC address and routing interface.
    Type: Grant
    Filed: August 6, 2014
    Date of Patent: November 29, 2016
    Assignee: F5 Networks, Inc.
    Inventors: Paul I. Szabo, Daniel Wright, Dayne Miller
  • Patent number: 9503375
    Abstract: A method, computer readable medium, and device that manages traffic in a multi-service environment including determining a self score for a front virtual service which is coupled to one or more inner virtual services. An aggregate score for the front virtual service is determined based on an aggregate score for each of the one or more inner virtual services and a number of connections between each of the one or more inner virtual services and the front virtual service. An advertised score for the front virtual service for load balancing is obtained based on the determined self score and the determined aggregate score.
    Type: Grant
    Filed: June 30, 2011
    Date of Patent: November 22, 2016
    Assignee: F5 Networks, Inc.
    Inventors: Ravi Natarajan, Saxon Amdahl
  • Patent number: 9497285
    Abstract: Creating a connection between one of a first plurality of computing devices in a primary chassis and one of a second plurality of computing devices in a failover chassis. A first plurality of buckets may be associated with the primary chassis, a second plurality of buckets may be associated with the failover chassis, where the first plurality of buckets may correspond to the second plurality of buckets. One of the first plurality of computing devices may be associated with one of the first plurality of buckets, and can create a connection with attributes such that a disaggregator in the failover chassis routes the connection to one of the second plurality of computing devices, wherein the one of the second plurality of computing devices may be associated with a bucket of the second plurality of buckets that corresponds to the one of the first plurality of buckets.
    Type: Grant
    Filed: September 30, 2015
    Date of Patent: November 15, 2016
    Assignee: F5 Networks, Inc.
    Inventors: Anthony King, Paul Imre Szabo, William Ross Baumann
  • Patent number: 9497614
    Abstract: This technology discloses a controlling and steering device for maintaining national connection between a mobile device of a subscriber and a mobile network. The system comprises: a tracing module, a steering logic module and a communication module. The tracing module is configured to: (i) periodically sample a mobile device of a subscriber or a location of the mobile device; and (ii) check amount of data sent and received from the mobile device is below a specified threshold. The steering logic module is configured to determine if a national connection between a mobile device of a subscriber via a Mobility Management Entity (MME) and a mobile network via a Home Subscriber Server (HSS) is permitted and wherein the communication module is arranged to send and receive messages from HSS to MME and from MME to HSS.
    Type: Grant
    Filed: February 28, 2014
    Date of Patent: November 15, 2016
    Assignee: F5 Networks, Inc.
    Inventors: Leonid Ridel, Petrus Wilhelmus Andrianus Jacobus Maria Nas
  • Patent number: 9491157
    Abstract: Embodiments are directed towards managing network traffic that includes SSL secured NTLM acceleration. A Packet Traffic Management Computer (PTMC) may receive a challenge sent by a server computer before the challenge is provided to a client computer. After receiving the challenge from the server computer, the PTMC may generate a cookie that at least includes a session-ID that corresponds to the client computer. The PTMC may add the cookie to the challenge before the modified challenge is forwarded to the client computer. If response is received from the client computer and it includes the same cookie that was sent with the challenge. The session-ID may be extracted from the cookie and employed to determine which server computer should receive the message. If a server computer may be determined, the PTMC may forward the message to the determined server computer.
    Type: Grant
    Filed: September 26, 2014
    Date of Patent: November 8, 2016
    Assignee: F5 Networks, Inc.
    Inventors: Saxon Carl Amdahl, Ravi Natarajan, Richard Roderick Masters
  • Patent number: 9485143
    Abstract: Methods, systems, and devices are described for managing virtual network services provided to a network. Network services may be provided to a client network having a first network fabric at a self-contained network services system implementing a number of redundant instances of a network service application. The self-contained network services system may have a second network fabric. The second network fabric may be adapted to distribute network service tasks received from the client network which are associated with the network service application among the redundant instances of the network service application.
    Type: Grant
    Filed: February 16, 2015
    Date of Patent: November 1, 2016
    Assignee: F5 Networks, Inc.
    Inventors: Manish Vachharajani, John Giacomoni
  • Patent number: 9485158
    Abstract: A method, non-transitory computer readable medium and an multi-blade network traffic manager device that assists with aggregating per-session statistics on a clustered system includes receiving a request for a HTTP transaction. Presence of a cookie within the received request is determined. One or more actions is performed based on the determination of the presence of the cookie to prepare for aggregating session statistics within a clustered system. Session statistics information is aggregated upon performing the one or more actions and completing the request for the HTTP transaction.
    Type: Grant
    Filed: November 6, 2014
    Date of Patent: November 1, 2016
    Assignee: F5 Networks, Inc.
    Inventors: Peter Finkelshtein, Dmitry Rovniaguin
  • Patent number: 9444620
    Abstract: A method, computer readable medium, and apparatus for secure application delivery includes forming at a traffic management device a session identifier in response to a first request from a client device for access to a network application. The session identifier is encrypted for sending to the client device using a session variable formed by hashing at least one physical identifier associated uniquely with the client device in response to the first request. In a second request from the client device to access the network application, the encrypted session identifier is decrypted using an updated value of the session variable. The access to the network application is provided when the decrypted session identifier matches the formed session identifier, and denied when the decrypted session identifier does not match the formed session identifier.
    Type: Grant
    Filed: June 24, 2010
    Date of Patent: September 13, 2016
    Assignee: F5 Networks, Inc.
    Inventors: Alan Murphy, Ido Breger
  • Patent number: 9438471
    Abstract: A network traffic management cluster, medium and method is disclosed. The cluster includes a plurality of network traffic management devices, a backplane switch coupled to the network traffic management devices. A network traffic management device of the plurality includes a network interface and a hardwire failover switch. The switch has a primary bus coupled to the network interface and a secondary bus coupled to the backplane switch. The switch passes network traffic to the network interface via the primary bus when the network traffic management device is operational. The switch automatically redirects the network traffic to the backplane switch via the secondary bus when the network traffic management device experiences a failure. The backplane switch redistributes the redirected network traffic to one or more other network traffic management devices in the cluster.
    Type: Grant
    Filed: December 31, 2012
    Date of Patent: September 6, 2016
    Assignee: F5 Networks, Inc.
    Inventor: Saxon Amdahl
  • Patent number: 9420049
    Abstract: A system and method for preventing web scraping which includes receiving a request between a web client and a web server for the web client to receive web content. A client side language script is injected into a response to be sent to the requesting web client, wherein the client side language script contains an event listener to detect a keystroke and/or a mouse movement at the web client. Information is collected from the client side language script relating to whether the keystroke and/or the mouse movement were detected. The web client is selectively allowed to access the web server to receive the web content based on the collected information.
    Type: Grant
    Filed: June 30, 2010
    Date of Patent: August 16, 2016
    Assignee: F5 Networks, Inc.
    Inventors: Ron Talmor, Shlomo Yóna, Orit Margalit, Beni Serfaty
  • Patent number: 9356824
    Abstract: A method, system, and apparatus are directed towards managing content over a network. A request from a requestor for a resource is received over the network. The request may include a request for resource identified by a Network Resource Identifier (NRI). The request may also include Systems Interconnection (OSI) level 2-7 data. Characteristics of the requestor are determined based on the request. The characteristics are mapped onto a label. A unique key is generated based on the request, the characteristics, and/or the label. A version of the resource to cache is determined based on the request, the characteristics, the label, and/or the unique key. The version of the resource is cached based on the unique key.
    Type: Grant
    Filed: September 29, 2006
    Date of Patent: May 31, 2016
    Assignee: F5 Networks, Inc.
    Inventor: Bhushan P. Khanal
  • Patent number: 9356998
    Abstract: A system, computer readable medium and method of load balancing of requests between Diameter-enabled network devices is disclosed. Processing occurs at a signal controller in communication with a first Diameter-enabled network device and a second Diameter-enabled network device, request handling capacity of at least the second Diameter-enabled network device. One or more tokens are allocated for inbound requests from the first Diameter-enabled network device to the second Diameter-enabled network device. The second Diameter-enabled network device is notified of the one or more allocated tokens for handling a corresponding number of requests from the first Diameter-enabled network device. Transmission of the corresponding number of requests from the first Diameter-enabled network device to the second Diameter-enabled network device is coordinated by the signal controller.
    Type: Grant
    Filed: November 3, 2014
    Date of Patent: May 31, 2016
    Assignee: F5 Networks, Inc.
    Inventors: Leonid Ridel, Valentin Tumarkin
  • Patent number: 9344865
    Abstract: A method, non-transitory computer readable medium, and network traffic management apparatus that selects a first one of a plurality of Short Message Service Center (SMSC) servers based on a load balancing decision in response to an external short messaging entity (ESME) SMPP request message received from a first one of a plurality of ESMEs. A first sequence number is generated for the ESME SMPP request message. The first sequence number is stored in a first entry of a mapping table as associated with a sequence number included in the ESME SMPP request message and an indication of the first one of the plurality of SMSC servers. The sequence number included in the ESME SMPP request message is replaced with the first sequence number. The ESME SMPP request message is sent to the first one of the plurality of SMSC servers.
    Type: Grant
    Filed: March 6, 2014
    Date of Patent: May 17, 2016
    Assignee: F5 Networks, Inc.
    Inventors: Nat Thirasuttakorn, Tao Liu, David Hansen