Patents by Inventor Ashok Kumar Jagadeeswaran
Ashok Kumar Jagadeeswaran has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 9497106Abstract: Systems and methods of propagating maximum segment size and path maximum transmission unit of network paths between an intermediary device of a cluster with a plurality of destinations are described. A first core of a node including multiple cores and intermediary to a client and a plurality of servers may receive a response to a packet transmitted to a destination indicating that the packet has a size greater than a MTU of a network path between the node and a destination. The first core identifies the MTU of the network path and determines that the identified MTU is different than an MTU used by the first core. The first core replaces the MTU stored in an entry corresponding to the destination in a PMTU table maintained with the identified MTU. The first core transmits, to other cores of the node, the identified MTU to update each core's PMTU table.Type: GrantFiled: April 4, 2014Date of Patent: November 15, 2016Assignee: CITRIX SYSTEMS, INC.Inventors: Krishna Khanal, Ashok Kumar Jagadeeswaran
-
Patent number: 9491218Abstract: The virtual Server (vServer) of an intermediary device deployed between a plurality of clients and services supports parameters for setting maximum segment size (MSS) on a per vServer/service basis and for automatically learning the MSS among the back-end services. In case of vServer/service setting, all vServers will use the MSS value set through the parameter for the MSS value set in TCP SYN+ACK to clients. In the case of learning mode, the backend service MSS will be learnt through monitor probing. The vServer will monitor and learn the MSS that is being frequently used by the services. When the learning is active, the intermediary device may keep statistics of the MSS of backend services picked up during load balancing decisions and once an interval timer expires, the MSS value may be picked by a majority and set on the vServer. If there is no majority, then the highest MSS is picked up to be set on the vServer.Type: GrantFiled: March 5, 2014Date of Patent: November 8, 2016Assignee: CITRIX SYSTEMS, INC.Inventors: Ashok Kumar Jagadeeswaran, Saravana Annamalaisami
-
Patent number: 9438701Abstract: The present disclosure is directed towards a system and method for providing a SPDY to HTTP gateway via a device intermediary to a plurality of clients and a server. An NPN handshake by the intermediary device may establish SPDY support. The intermediary device may receive and process one or more control frames via SPDY session with the client. The intermediary device may generate and transmit HTTP communication to server corresponding to SPDY control frames. The intermediary device may receive and process one or more HTTP responses from server. The intermediary device may generate and transmit SPDY communication via SPDY session to client corresponding to HTTP response.Type: GrantFiled: May 3, 2013Date of Patent: September 6, 2016Assignee: CITRIX SYSTEMS, INC.Inventors: Saravana Annamalaisami, Ashok Kumar Jagadeeswaran, Rajesh Joshi
-
Patent number: 9088611Abstract: The present disclosure presents systems and methods for maintaining identification of network devices sending or traversing a network packet en route to an intermediary device deployed between a source and a destination network device. An intermediary may receive an acknowledgement packet comprising an option field identified by an option number for a transport layer connection established via the intermediary, comprising overlay network data that identifies IP addresses of the originating network device and host network devices intercepting and forwarding the network packet to the intermediary, and may determine the option number for the option field from which to obtain the overlay network data identifying IP addresses. The intermediary device may receive a second request of the client to access the server via the transport layer connection and insert IP addresses from the overlay network data into an application layer protocol header of the second request forwarded to the server.Type: GrantFiled: November 24, 2010Date of Patent: July 21, 2015Assignee: CITRIX SYSTEMS, INC.Inventors: Ashok Kumar Jagadeeswaran, Saravanakumar Annamalaisami
-
Publication number: 20150020074Abstract: Techniques are disclosed for providing thread specific protection levels in a multithreaded processing environment. An associated method includes generating a group of threads in a process, one of the group of threads opening a thread entity, and that one of the group of threads specifying one or more levels of access to the thread entity for the other threads. In one embodiment, when a first of the threads attempts to perform a specified operation on the thread entity, the method includes determining whether that first thread is the one of the group of threads that opened the thread entity. When the first thread is not that one of the group of threads, the first thread is allowed to perform the specified operation if and only if such operation is permitted by the specified one or more levels of access.Type: ApplicationFiled: September 26, 2014Publication date: January 15, 2015Inventors: SIVAKUMAR KRISHNASAMY, ASHOK KUMAR JAGADEESWARAN, ISMAIL S. KHAN, SHAJITH CHANDRAN
-
Patent number: 8910165Abstract: Techniques are disclosed for providing thread specific protection levels in a multithreaded processing environment. An associated method includes generating a group of threads in a process, one of the group of threads opening a thread entity, and that one of the group of threads specifying one or more levels of access to the thread entity for the other threads. In one embodiment, when a first of the threads attempts to perform a specified operation on the thread entity, the method of this invention determines whether that first thread is the one of the group of threads that opened the thread entity. When the first thread is not that one of the group of threads, the first thread is allowed to perform the specified operation if and only if such operation is permitted by the specified one or more levels of access.Type: GrantFiled: October 14, 2009Date of Patent: December 9, 2014Assignee: Lenovo Enterprise Solutions (Singapore) Pte. Ltd.Inventors: Sivakumar Krishnasamy, Ashok Kumar Jagadeeswaran, Ismail S. Khan, Shajith Chandran
-
Publication number: 20140301395Abstract: Systems and methods of propagating maximum segment size and path maximum transmission unit of network paths between an intermediary device of a cluster with a plurality of destinations are described. A first core of a node including multiple cores and intermediary to a client and a plurality of servers may receive a response to a packet transmitted to a destination indicating that the packet has a size greater than a MTU of a network path between the node and a destination. The first core identifies the MTU of the network path and determines that the identified MTU is different than an MTU used by the first core. The first core replaces the MTU stored in an entry corresponding to the destination in a PMTU table maintained with the identified MTU. The first core transmits, to other cores of the node, the identified MTU to update each core's PMTU table.Type: ApplicationFiled: April 4, 2014Publication date: October 9, 2014Applicant: Citrix Systems, Inc.Inventors: Krishna Khanal, Ashok Kumar Jagadeeswaran
-
Patent number: 8843645Abstract: Described herein is a method and system for preventing Denial of Service (DoS) attacks. An intermediary device is deployed between clients and servers. The device receives a first packet of an application layer transaction via a transport layer connection between the device and client. The device records a last activity time for the transport layer connection based upon the timestamp of the first packet. The device receives subsequent data packets and determines whether the data in the packets completes a protocol data structure of the application layer protocol. If the device determines that the subsequent packet completes the protocol data structure, the last activity time is updated. If the device determines that the application layer protocol remains incomplete, the device retains the last activity time and determines that the duration of inactivity for the transport layer connection exceeds a predetermined threshold. The device may subsequently drop the connection.Type: GrantFiled: June 24, 2010Date of Patent: September 23, 2014Assignee: Citrix Systems, Inc.Inventors: Saravanakumar Annamalaisami, Ashok Kumar Jagadeeswaran, Mahesh Mylarappa, Roy Rajan
-
Publication number: 20140247737Abstract: The virtual Server (vServer) of an intermediary device deployed between a plurality of clients and services supports parameters for setting maximum segment size (MSS) on a per vServer/service basis and for automatically learning the MSS among the back-end services. In case of vServer/service setting, all vServers will use the MSS value set through the parameter for the MSS value set in TCP SYN+ACK to clients. In the case of learning mode, the backend service MSS will be learnt through monitor probing. The vServer will monitor and learn the MSS that is being frequently used by the services. When the learning is active, the intermediary device may keep statistics of the MSS of backend services picked up during load balancing decisions and once an interval timer expires, the MSS value may be picked by a majority and set on the vServer. If there is no majority, then the highest MSS is picked up to be set on the vServer.Type: ApplicationFiled: March 5, 2014Publication date: September 4, 2014Applicant: Citrix Systems Inc.Inventors: Ashok Kumar Jagadeeswaran, Saravana Annamalaisami
-
Publication number: 20140149605Abstract: This disclosure is directed to dictionary-based compression, which may be employed to achieve stateful header compression without maintaining a complete deflate state. The compressor may maintain a history of data streams compressed by the compressor, compressed according to a compression dictionary. Responsive to the compression of the one or more data streams, the compressor may delete the first compression dictionary from the memory. Subsequent to the deletion, the compressor may compress an additional data stream using the maintained history. The compressor may generate a second compression dictionary from at least one of: the maintained history and a portion of the additional data stream. The compressor may allocate memory for a compression state of the additional data stream and may load the maintained history into the compression state.Type: ApplicationFiled: November 26, 2012Publication date: May 29, 2014Inventors: Saravana Annamalaisami, Ashok Kumar Jagadeeswaran, Syed Ahmed, Ashwin Jagadish
-
Patent number: 8717916Abstract: The virtual Server (vServer) of an intermediary device deployed between a plurality of clients and services supports parameters for setting maximum segment size (MSS) on a per vServer/service basis and for automatically learning the MSS among the back-end services. In case of vServer/service setting, all vServers will use the MSS value set through the parameter for the MSS value set in TCP SYN+ACK to clients. In the case of learning mode, the backend service MSS will be learnt through monitor probing. The vServer will monitor and learn the MSS that is being frequently used by the services. When the learning is active, the intermediary device may keep statistics of the MSS of backend services picked up during load balancing decisions and once an interval timer expires, the MSS value may be picked by a majority and set on the vServer. If there is no majority, then the highest MSS is picked up to be set on the vServer.Type: GrantFiled: March 28, 2011Date of Patent: May 6, 2014Assignee: Citrix Systems, Inc.Inventors: Ashok Kumar Jagadeeswaran, Saravana Annamalaisami
-
Patent number: 8644157Abstract: The present solution is directed to a system for handling network interface card (NIC) congestion by a NIC aware application. The system may include a device having a plurality of network interface cards (NICs), a transmission queue corresponding to a NIC of the plurality of NICs; and an overflow queue for storing packets for the NIC when congested. The system may also include an application executing on the device outputting a plurality of packets to the transmission queue responsive to detecting that the NIC is identified as not congested. The device identifies the NIC as congested responsive to determining that a number of packets stored in the transmission queue has reached a predetermined threshold and responsive to detecting identification of the NIC as congested, the application stores one or more packets to the overflow queue. The device transmits one or more of the plurality of packets stored in the transmission queue and transmits a predetermined number of packets from the overflow queue.Type: GrantFiled: March 28, 2011Date of Patent: February 4, 2014Assignee: Citrix Systems, Inc.Inventors: Ashok Kumar Jagadeeswaran, Saravana Annamalaisami, Ramanjaneyulu Talla, Jyotheesh Rao Kurma, Mohit Saxena
-
Publication number: 20130297814Abstract: The present disclosure is directed towards a system and method for providing a SPDY to HTTP gateway via a device intermediary to a plurality of clients and a server. An NPN handshake by the intermediary device may establish SPDY support. The intermediary device may receive and process one or more control frames via SPDY session with the client. The intermediary device may generate and transmit HTTP communication to server corresponding to SPDY control frames. The intermediary device may receive and process one or more HTTP responses from server. The intermediary device may generate and transmit SPDY communication via SPDY session to client corresponding to HTTP response.Type: ApplicationFiled: May 3, 2013Publication date: November 7, 2013Applicant: Citrix Systems, Inc.Inventors: Saravana Annamalaisami, Ashok Kumar Jagadeeswaran, Rajesh Joshi
-
Publication number: 20120250530Abstract: The virtual Server (vServer) of an intermediary device deployed between a plurality of clients and services supports parameters for setting maximum segment size (MSS) on a per vServer/service basis and for automatically learning the MSS among the back-end services. In case of vServer/service setting, all vServers will use the MSS value set through the parameter for the MSS value set in TCP SYN+ACK to clients. In the case of learning mode, the backend service MSS will be learnt through monitor probing. The vServer will monitor and learn the MSS that is being frequently used by the services. When the learning is active, the intermediary device may keep statistics of the MSS of backend services picked up during load balancing decisions and once an interval timer expires, the MSS value may be picked by a majority and set on the vServer. If there is no majority, then the highest MSS is picked up to be set on the vServer.Type: ApplicationFiled: March 28, 2011Publication date: October 4, 2012Inventors: Ashok Kumar Jagadeeswaran, Saravana Annamalaisami
-
Publication number: 20120250512Abstract: The present solution is directed to a system for handling network interface card (NIC) congestion by a NIC aware application. The system may include a device having a plurality of network interface cards (NICs), a transmission queue corresponding to a NIC of the plurality of NICs; and an overflow queue for storing packets for the NIC when congested. The system may also include an application executing on the device outputting a plurality of packets to the transmission queue responsive to detecting that the NIC is identified as not congested. The device identifies the NIC as congested responsive to determining that a number of packets stored in the transmission queue has reached a predetermined threshold and responsive to detecting identification of the NIC as congested, the application stores one or more packets to the overflow queue. The device transmits one or more of the plurality of packets stored in the transmission queue and transmits a predetermined number of packets from the overflow queue.Type: ApplicationFiled: March 28, 2011Publication date: October 4, 2012Inventors: ASHOK KUMAR JAGADEESWARAN, Saravana Annamalaisami, Ramanjaneyulu Talla, Jyotheesh Rao Kurma, Mohit Saxena
-
Patent number: 8214505Abstract: The present application presents systems and methods for handling by an HTTP virtual server (HTTPVS), connections via which non-HTTP data is transmitted between clients and servers. HTTPVS intercepts a request from a client to establish first transport layer connection (TLC) with a server. HTTPVS establishes second TLC with the servers in response to receiving an acknowledgment from a client to establish the first TLC. HTTPVS determines if a first network packet transmitted via first TLC comprises an HTTP payload or non-HTTP payload. If HTTPVP the first network packet includes HTTP payload, HTTPVS may process all transmissions from the first TLC in accordance with connection tracking and forward the processed transmissions to the server via the second TLC. If HTTPVS determines that the first network packet does not include an HTTP payload, HTTPVS may link the first TLC and the second TLC so the client and server exchange non-HTTP communication without interruption.Type: GrantFiled: June 22, 2010Date of Patent: July 3, 2012Assignee: Citrix Systems, Inc.Inventors: Ashok Kumar Jagadeeswaran, Roy Rajan, Saravanakumar Annamalaisami
-
Publication number: 20110320617Abstract: Described herein is a method and system for preventing Denial of Service (DoS) attacks. An intermediary device is deployed between clients and servers. The device receives a first packet of an application layer transaction via a transport layer connection between the device and client. The device records a last activity time for the transport layer connection based upon the timestamp of the first packet. The device receives subsequent data packets and determines whether the data in the packets completes a protocol data structure of the application layer protocol. If the device determines that the subsequent packet completes the protocol data structure, the last activity time is updated. If the device determines that the application layer protocol remains incomplete, the device retains the last activity time and determines that the duration of inactivity for the transport layer connection exceeds a predetermined threshold. The device may subsequently drop the connection.Type: ApplicationFiled: June 24, 2010Publication date: December 29, 2011Inventors: Saravanakumar Annamalaisami, Ashok Kumar Jagadeeswaran, Mahesh Mylarappa, Roy Rajan
-
Publication number: 20110185073Abstract: The present disclosure presents systems and methods for maintaining identification of network devices sending or traversing a network packet en route to an intermediary device deployed between a source and a destination network device. An intermediary may receive an acknowledgement packet comprising an option field identified by an option number for a transport layer connection established via intermediary. The acknowledgement packet may comprise overlay network data that identifies IP addresses of the originating network device and host network devices intercepting and forwarding the network packet to the intermediary. The intermediary device may determine the option number for the option field from which to obtain the overlay network data identifying IP addresses.Type: ApplicationFiled: November 24, 2010Publication date: July 28, 2011Inventors: Ashok Kumar Jagadeeswaran, Saravanakumar Annamalaisami
-
Publication number: 20110088033Abstract: A method, system and computer program product is disclosed for providing thread specific protection levels in a multithreaded processing environment. The method comprises generating a group of threads in a process, one of the group of threads opening a thread entity, and that one of the group of threads specifying one or more levels of access to the thread entity for the other threads. In one embodiment, when a first of the threads attempts to perform a specified operation on the thread entity, the method of this invention determines whether that first thread is the one of the group of threads that opened the thread entity. When the first thread is not that one of the group of threads, the first thread is allowed to perform the specified operation if and only if that operation is permitted by the specified one or more levels of access.Type: ApplicationFiled: October 14, 2009Publication date: April 14, 2011Applicant: Inernational Business Machines CorporationInventors: Sivakumar Krishnasamy, Ashok Kumar Jagadeeswaran, Ismail S. Khan, Shajith Chandran
-
Publication number: 20100325287Abstract: The present application presents systems and methods for handling by an HTTP virtual server (HTTPVS), connections via which non-HTTP data is transmitted between clients and servers. HTTPVS intercepts a request from a client to establish first transport layer connection (TLC) with a server. HTTPVS establishes second TLC with the servers in response to receiving an acknowledgment from a client to establish the first TLC. HTTPVS determines if a first network packet transmitted via first TLC comprises an HTTP payload or non-HTTP payload. If HTTPVP the first network packet includes HTTP payload, HTTPVS may process all transmissions from the first TLC in accordance with connection tracking and forward the processed transmissions to the server via the second TLC. If HTTPVS determines that the first network packet does not include an HTTP payload, HTTPVS may link the first TLC and the second TLC so the client and server exchange non-HTTP communication without interruption.Type: ApplicationFiled: June 22, 2010Publication date: December 23, 2010Inventors: Ashok Kumar Jagadeeswaran, Roy Rajan, Saravanakumar Annamalaisami