Abstract: A method, non-transitory computer readable medium and application management computing device includes receiving at an application management computing device a request from a client computing device which requires authentication. A determination is made by the application management computing device whether user network identification information currently is stored for the requesting client computing device. The stored user network identification information for the authentication is obtained by the application management computing device when the user network identification information is determined to be currently stored for the requesting client computing device. The authentication is completed by the application management computing device with the obtained user network identification information.

Abstract: Creating a connection between one of a first plurality of computing devices in a primary chassis and one of a second plurality of computing devices in a failover chassis. A first plurality of buckets may be associated with the primary chassis, a second plurality of buckets may be associated with the failover chassis, where the first plurality of buckets may correspond to the second plurality of buckets. One of the first plurality of computing devices may be associated with one of the first plurality of buckets, and can create a connection with attributes such that a disaggregator in the failover chassis routes the connection to one of the second plurality of computing devices, wherein the one of the second plurality of computing devices may be associated with a bucket of the second plurality of buckets that corresponds to the one of the first plurality of buckets.

Abstract: A traffic management device (TMD), system, and processor-readable storage medium directed towards re-establishing an encrypted connection of an encrypted session, the encrypted connection having initially been established between a client device and a first server device, causing the encrypted connection to terminate at a second server device. As described, a traffic management device (TMD) is interposed between the client device and the first server device. In some embodiments, the TMD may request that the client device renegotiate the encrypted connection. The TMD may redirect the response to the renegotiation request towards a second server device, such that the renegotiated encrypted connection is established between the client device and the second server device. In this way, a single existing end-to-end encrypted connection can be used to serve content from more than one server device.

Abstract: A method and system for efficient direct DMA for processing connection state information or other expediting data packets. One example is the use of a network interface controller to buffer TCP type data packets that may contain connection state information. The connection state information is extracted from a received packet. The connection state information is stored in a special DMA descriptor that is stored in a ring buffer area of a buffer memory that is accessible by a host processor when an interrupt signal is received. The packet is then discarded. The host processor accesses the ring buffer memory only to retrieve the stored connection state information from the DMA descriptor without having to access a packet buffer area in the memory.

Abstract: A method and system is directed to distributing a flow of packets over a network to multiple traffic management devices. An apparatus receives each packet from a network and may act as a layer 2 switch, or router, to distribute the packet to one of a group of traffic management devices. The apparatus also may receive packets from servers for which the traffic management devices are managing communications. When distributing packets, a target traffic management device is selected from the group of traffic management devices. A connection key associated with the received packet and an identifier associated with the selected traffic management device are saved such that subsequent received packets in the flow of packets are delivered to the same traffic management device.

Abstract: A method, computer readable medium, and system independently managing network applications within a network traffic management device communicating with networked clients and servers include monitoring with a network device a plurality of applications communicating over a plurality of direct memory access (DMA) channels established across a bus. The network device receives a request from a first application communicating over a first DMA channel in the plurality of DMA channels to restart the first DMA channel. In response to the request, the first DMA channel is disabled with the network device while allowing other executing applications in the plurality of applications to continue to communicate over other DMA channels in the plurality of DMA channels. A state of the first DMA channel is cleared independently from other DMA channels in the plurality of DMA channels, and communications for the first application over the first DMA channel are resumed with the network device.

Abstract: Embodiments are directed towards minimizing the impact flood attacks may have on packet traffic management performance. A packet traffic management device (“PTMD”) may employ a data flow segment (“DFS”) and control segment (“CS”). The CS may perform high-level control functions and per-flow policy enforcement for connection flows maintained at the DFS, while the DFS may perform statistics gathering, per-packet policy enforcement (e.g., packet address translations), or the like, on connection flows maintained at the DFS. The DFS may include high-speed flow caches and other high-speed components that may be comprised of high-performance computer memory. The impact of flood attacks may be reduced by protecting the high-speed flow caches from being consumed by flow control data associated with malicious and/or in-operative non-genuine network connections.

Abstract: Layer-7 application layer message (“message”) classification is disclosed. A network traffic management device (“NTMD”) receives incoming messages over a first TCP/IP connection from a first network for transmission to a second network. Before transmitting the incoming messages onto the second network, however, the NTMD classifies the incoming messages according to some criteria, such as by assigning one or more priorities to the messages. The NTMD transmits the classified messages in the order of their message classification. Where the classification is priority based, first priority messages are transmitted over second priority messages, and so forth, for example.

Abstract: Methods, computer-readable media, and apparatuses for network flow state preservation include migration of at least one application hosted on a first server device to a second server device coupled to a second traffic management device is detected at a first traffic management device. At least a portion of connection state information associated with a network connection between at least one client device and the application is communicated by the first traffic management device to the second traffic management device via a communication channel between the first and second traffic management devices. The application is provided by the first traffic management device to the at least one client device during the migration based upon the connection state information.

Abstract: Methods and systems are directed to dynamically mirroring a connection between network devices. Mirroring is managed by forwarding a packet between a first network device and a second network device. In one method, the first network device receives the packet from a client and communicates the packet to the second network device. A forwarding device, pre-determined from the first and second network devices, forwards the packet to a server. The first network device receives a response from the server, and communicates it to the second network device. The forwarding device forwards the response packet to the client. In one configuration, the first network device and forwarding device is an active device, and the second network device is a standby device. In another configuration, the first network device is a standby device, and the second network device and forwarding device is an active device.

Abstract: Embodiments are directed towards exposing access to network metrics to a late binding user customized set of computer instructions within a traffic manager device (TMD) for use in managing a request for a resource. In one embodiment, the TMD may be interposed between client devices and a plurality of network devices. Request specific data is extracted from a client request received by the user's instructions. Various network metrics about the network devices are provided to the user's instructions to selectively provide the request from the client device to a network device. In one embodiment, an election hash is described as an action performed by the user's instructions.

Abstract: A system and method is directed to managing network communications and improving network security. In a communication protocol, an improved method of generating a value that encodes information received in an incoming message, and a corresponding way of validating an incoming message with an encoded value, improves network security. A technique for directing a network device to delay communications includes sending an instruction designating an initial window size of zero to the device. Another technique uses a TCP fast retransmit protocol. The techniques can be used to provide layer four switching, change to layer seven switching when desired, and then change back to layer four switching to improve security in a layer four switching device. Levels of trust can also be used to selectively perform aspects of the invention.

Abstract: A method for maintaining server persistency, including: (a) receiving, by an intermediate entity, a first session request from client to receive a service from a server out of a plurality of servers that are connected to the intermediate entity; (b) selecting a server out of the plurality of servers and directing to the selected server information indicative of the first session request; (c) receiving a response of the selected server to the information indicative of the first session request; (d) analyzing the response of the selected server, to provide an analysis result indicative whether the response includes code to be executed by the client and includes at least one instruction that facilitates sending, by the client, another request, to receive a service from a server out of the plurality of servers; (e) modifying, based on the analysis result, the code by adding information that will cause the client to send a selected server identifier in association to the sending of the other request; and (f) sendi

Abstract: A method, computer readable medium, and device for handling requests between different resource record types includes receiving at a traffic management device a first resource record type from one or more server devices in response to a request from a client device. The traffic management device validates the first resource record type, and creates a second resource record type corresponding to the first resource record type after the validating. Signing the second resource record type at the traffic management device is carried out for servicing the request from the client device.

Abstract: An encrypted session is established between a client device and a target server device when the client device initiates network connections through a proxy device. The client device initiates an encrypted session with the proxy device. Once the encrypted session is established, the client device communicates the address of the target server device to the proxy device. Then, the proxy device sends an encrypted session renegotiation message to the client device. The client device responds to the encrypted session renegotiation message by transmitting an encrypted session handshake message to the proxy device. The proxy device forwards the encrypted session handshake message to the target server device, and continues to forward handshake messages between the client device and the target server device, enabling the client device and the target server device to establish an encrypted session.

Abstract: A systems and methods are disclosed that provide an efficient parallel pipeline for data processing using a multi-core processor. Embodiments allocate a shared memory portion of the memory that is accessible from more than one context of execution and/or process a frame in a plurality of processing stages processed by a context of execution. In some embodiments, each of the plurality of processing stages may be bound to a processing core of the multi-core processor. In other embodiments include one or more processing stages with a point-to-point communication mechanism that operates in shared memory.

Abstract: A facility for supporting the analysis of a multithreaded program is described. For each of a number of threads of the multithreaded program, the facility identifies a semantically meaningful point in the execution of the thread. The facility interrupts the execution of each thread at the point identified for the thread.

Abstract: Methods, systems, and devices are described for managing virtual network services provided to a network by a self-contained network services system. A controller application may receive a request for a change in network services provided by the self-contained network services system to the network. A new software configuration for a number of network services modules of the self-contained networks services system may be determined based on the received request, and the network services modules may be dynamically configured according to the determined new software configuration. The network and a router associated with the network services system may also be reconfigured to distribute traffic among the network services modules in accordance with the requested change in network services.

Abstract: A system and method for optimizing use of idle server connections comprises receiving, at a first network traffic management device of a cluster, a request from a client device to access a server. The first network traffic management device reserve an idle flow connection from an idle connection pool previously established between at least a second network traffic management device and the server. A flow cookie is retrieved from the second network traffic management device. The flow cookie comprises routing information associated with the retrieved idle flow connection, whereby the flow cookie is modified to represent the connection between the server and the first network traffic management device. The updated flow cookie is incorporated into the received request and forwarded to the server, wherein a server response contains the updated flow cookie such that the response is received by the first network traffic management device.

Abstract: An apparatus is related to connection management for a communications network. A control component receives a data flow requesting a resource from a client, identifies the client, and determines when the data flow is unassociated with a connection to a requested resource. The control component selects a new content server for an unassociated resource request when either the identified client was previously unknown or the identified client has exceeded a maximum number of connections with a previously selected content server. The control component selects the previously selected content server when the identified client has not exceeded the maximum number of connections. A switch component is employed to maintain a connection between the client and the selected content server such that the client receives the requested resource. Utilizing cached connection information for up to “N” connections enhances the speed of connections between the client and the selected content server.