Abstract: A method for generating a decision table for selecting an optimal path out of a plurality of data paths between a client and a destination server connected through a network system, each of the plurality of data paths is connected to a router configured with a unique internet protocol (IP) address is provided. The method includes for each subnet IP address of the remote destination server and each of the plurality of data paths, measuring a network proximity; factoring the network proximity measured for each of the plurality of data paths; and ranking the plurality of data paths based on a decision function computed using the factored network proximity.

Abstract: A method and system for load balancing over a cluster of authentication, authorization and accounting (AAA) servers. The method performs a distribution of AAA requests among AAA servers having an active AAA connection with an AAA client. The method includes establishing TCP connections with a plurality of AAA servers, using a TCP connection request received from at least one AAA client; opening AAA connections with a plurality of AAA servers, using an AAA connection request received from at least one AAA client, and distributing AAA requests to AAA servers with an active AAA connection according to a predefined load balancing algorithm. The method is further capable of multiplexing outbound messages and requests received from a plurality of AAA servers. The AAA protocol supported by the method includes, but is not limited to, a Diameter protocol, a lightweight directory access protocol (LDAP), and the likes.

Abstract: A system for computing an optimal deployment of at least one web application in a multi-datacenter system comprising a collector for collecting performance measurements with regard to a web application executed in the multi-datacenter system and grouping the performance measurements according to locations of a plurality of clients accessing the web application; a data repository for maintaining at least a performance table including at least the performance measurements grouped according to the plurality of client locations and a service level agreement (SLA) guaranteed to clients in the plurality of client locations; and an analyzer for processing at least information stored in the performance table for generating a recommendation on an optimal deployment of the web application in at least one combination of datacenters in the multi-datacenter system by computing an expected SLA that can be guaranteed to the clients in each combination of datacenters.

Abstract: A method and system for load balancing over a cluster of authentication, authorization and accounting (AAA) servers. The method performs a distribution of AAA requests among AAA servers having an active AAA connection with an AAA client. The method includes establishing TCP connections with a plurality of AAA servers, using a TCP connection request received from at least one AAA client; opening AAA connections with a plurality of AAA servers, using an AAA connection request received from at least one AAA client, and distributing AAA requests to AAA servers with an active AAA connection according to a predefined load balancing algorithm. The method is further capable of multiplexing outbound messages and requests received from a plurality of AAA servers. The AAA protocol supported by the method includes, but is not limited to, a Diameter protocol, a lightweight directory access protocol (LDAP), and the likes.

Abstract: A method and system for load balancing over a cluster of authentication, authorization and accounting (AAA) servers. The method performs a distribution of AAA requests among AAA servers having an active AAA connection with an AAA client. The method includes establishing TCP connections with a plurality of AAA servers, using a TCP connection request received from at least one AAA client; opening AAA connections with a plurality of AAA servers, using an AAA connection request received from at least one AAA client, and distributing AAA requests to AAA servers with an active AAA connection according to a predefined load balancing algorithm. The invention is further capable of multiplexing outbound messages and requests received from a plurality of AAA servers. The AAA protocol supported by the invention includes, but is not limited to, a Diameter protocol, a lightweight directory access protocol (LDAP), and the likes.

Abstract: A virtualized application delivery controller (ADC) device operable in a communication network comprises a hardware infrastructure including at least a memory, a plurality of core processors, and a network interface; a plurality of instances of virtual ADCs (vADCs), the plurality of vADCs are executed over the hardware infrastructure, each of the plurality of vADCs utilizes a portion of hardware resources of the hardware infrastructure, the portion of hardware resources are determined by at least one ADC capacity unit allocated for each of the plurality of the vADCs; a management module for at least creating the plurality of instances of the vADCs; and a traffic distributor for distributing incoming traffic to one of the plurality of vADCs and scheduling execution of the plurality of vADCs on the plurality of core processors, wherein each of the plurality of vADCs is independently executed on at least one of the plurality of core processors.

Abstract: A method and network device for managing a multi-homed network are provided. The method comprises receiving a request from a client within a client computer network directed to a remote server computer within a remote computer network, wherein the client and the remote server computer are connected through a plurality of data routes, each of the plurality of data routes is connected to a router; selecting a data route from the plurality of data routes to route the received request, wherein the selection of the data route is based on a decision function; translating a source IP address of the client to an IP address corresponding to the selected data route; and routing the received request from the client to the remote server computer over the selected data route.

Abstract: A mechanism for achieving resiliency and load balancing for SIP application services and, in particular, in geographic distributed sites. A method performs a distribution of SIP requests among SIP servers, where at least two sites with a load balancer in each site is configured. The method includes receiving a SIP request by a first load balancer in a first site; determining whether the SIP request should be redirected to a second site; and redirecting the SIP request to an address of a second load balancer in the second site. The invention also includes a SIP proxy including a receiving unit receiving SIP requests; a load balancing unit distributing SIP requests between SIP entities; and a health monitoring unit verifying availability of the SIP entities. The SIP proxy may further be configured with a proximity measuring unit determining a proximity to a SIP entity.

Abstract: A system, method and device for providing connection resiliency. The method including maintaining, by a first proxy, a TCP connection with a TCP client and a TCP connection with a TCP server through one or more TCP networks; maintaining information of both TCP connections by a forwarding component between the TCP networks and the first proxy; establishing, by the forwarding component, a new TCP connection with a second proxy for each of the TCP connections maintained by the first proxy; and forwarding data, to and from both the client and the server, to and from the second proxy without disconnection of the TCP connections of the TCP client and TCP server.

Abstract: A method and network device for managing a multi-homed network are provided. The method comprises receiving a request from a client within a client computer network directed to a remote server computer within a remote computer network, wherein the client and the remote server computer are connected through a plurality of data routes, each of the plurality of data routes is connected to a router; selecting a data route from the plurality of data routes to route the received request, wherein the selection of the data route is based on a decision function; translating a source IP address of the client to an IP address corresponding to the selected data route; and routing the received request from the client to the remote server computer over the selected data route.

Abstract: A system for computing an optimal deployment of at least one web application in a multi-datacenter system comprising a collector for collecting performance measurements with regard to a web application executed in the multi-datacenter system and grouping the performance measurements according to locations of a plurality of clients accessing the web application; a data repository for maintaining at least a performance table including at least the performance measurements grouped according to the plurality of client locations and a service level agreement (SLA) guaranteed to clients in the plurality of client locations; and an analyzer for processing at least information stored in the performance table for generating a recommendation on an optimal deployment of the web application in at least one combination of datacenters in the multi-datacenter system by computing an expected SLA that can be guaranteed to the clients in each combination of datacenters.

Abstract: A system for computing an optimal deployment of at least one web application in a multi-datacenter system comprising a collector for collecting performance measurements with regard to a web application executed in the multi-datacenter system and grouping the performance measurements according to locations of a plurality of clients accessing the web application; a data repository for maintaining at least a performance table including at least the performance measurements grouped according to the plurality of client locations and a service level agreement (SLA) guaranteed to clients in the plurality of client locations; and an analyzer for processing at least information stored in the performance table for generating a recommendation on an optimal deployment of the web application in at least one combination of datacenters in the multi-datacenter system by computing an expected SLA that can be guaranteed to the clients in each combination of datacenters.

Abstract: A method for generating a decision table for selecting an optimal path out of a plurality of data paths between a client and a destination server connected through a network system, each of the plurality of data paths is connected to a router configured with a unique internet protocol (IP) address is provided. The method includes for each subnet IP address of the remote destination server and each of the plurality of data paths, measuring a network proximity; factoring the network proximity measured for each of the plurality of data paths; and ranking the plurality of data paths based on a decision function computed using the factored network proximity.

Abstract: A network management system, device and method for managing a computer network. The device is connected to the Internet through a plurality of routes, wherein the plurality of routes are assigned with respective IP addresses. The device includes a controller receiving a DNS resolution query from a remote computer for a domain name within the computer network, selecting one of the plurality of routes connecting the device to the Internet, and responding to the DNS resolution query with an IP address associated with the selected route. The IP address is used for resolution of the domain name.

Abstract: A network management system, device and method for managing a computer network. The device is connected to the Internet through a plurality of routes, wherein the plurality of routes are assigned with respective IP addresses. The device includes a controller receiving a DNS resolution query from a remote computer for a domain name within the computer network, selecting one of the plurality of routes connecting the device to the Internet, and responding to the DNS resolution query with an IP address associated with the selected route. The IP address is used for resolution of the domain name.

Abstract: A virtualized application delivery controller (ADC) device operable in a communication network comprises a hardware infrastructure including at least a memory, a plurality of core processors, and a network interface; a plurality of instances of virtual ADCs (vADCs), the plurality of vADCs are executed over the hardware infrastructure, each of the plurality of vADCs utilizes a portion of hardware resources of the hardware infrastructure, the portion of hardware resources are determined by at least one ADC capacity unit allocated for each of the plurality of the vADCs; a management module for at least creating the plurality of instances of the vADCs; and a traffic distributor for distributing incoming traffic to one of the plurality of vADCs and scheduling execution of the plurality of vADCs on the plurality of core processors, wherein each of the plurality of vADCs is independently executed on at least one of the plurality of core processors.

Abstract: A system for computing an optimal deployment of at least one web application in a multi-datacenter system comprising a collector for collecting performance measurements with regard to a web application executed in the multi-datacenter system and grouping the performance measurements according to locations of a plurality of clients accessing the web application; a data repository for maintaining at least a performance table including at least the performance measurements grouped according to the plurality of client locations and a service level agreement (SLA) guaranteed to clients in the plurality of client locations; and an analyzer for processing at least information stored in the performance table for generating a recommendation on an optimal deployment of the web application in at least one combination of datacenters in the multi-datacenter system by computing an expected SLA that can be guaranteed to the clients in each combination of datacenters.

Abstract: A method for profiling data communication activity of users of mobile devices, comprises sniffing traffic flows between a mobile device and the Internet through a cellular network; extracting a plurality of traffic attributes included in the traffic flows and associated with the mobile device; logging the extracted plurality of traffic attributes; analyzing the plurality of traffic attributes for generating a user profile for a user of the mobile device based on the plurality of traffic attributes, wherein the user profile includes at least one of an advertising targeted user profile and a security targeted user profile; and sharing information and alerts related to the generated user profile with at least one external system.

Abstract: A secure access system is used to connect an internal network, such as a private LAN, to an external network, such as the Internet. The system is provided with internal and external gateways, for connecting to the respective networks, as well as an inspection evaluator, content inspector, internal certificate authority, internal SSL terminator and external SSL initiator. Packets routed through the access system are inspected before they are forwarded from one gateway to the other, except those packets of designated users of the internal network which are directly forwarded without inspection. Encrypted packets received by the access system are decrypted, inspected, and then re-encrypted before they are forwarded.

Abstract: A method and system for load balancing over a cluster of authentication, authorization and accounting (AAA) servers. The method performs a distribution of AAA requests among AAA servers having an active AAA connection with an AAA client. The method includes establishing TCP connections with a plurality of AAA servers, using a TCP connection request received from at least one AAA client; opening AAA connections with a plurality of AAA servers, using an AAA connection request received from at least one AAA client, and distributing AAA requests to AAA servers with an active AAA connection according to a predefined load balancing algorithm. The invention is further capable of multiplexing outbound messages and requests received from a plurality of AAA servers. The AAA protocol supported by the invention includes, but is not limited to, a Diameter protocol, a lightweight directory access protocol (LDAP), and the likes.