Abstract: In one embodiment, a method for tracing a connection path from a source node to a destination node through a network having one or more transparent proxies includes generating a trace packet at the source node, transmitting the trace packet over the network towards the destination node, and receiving trace response packets in response to transmission of the trace packet. The trace response packets include a packet from the destination node and a packet from each of the transparent proxies in a data path from the source node to the destination node. Each of the packets from the transparent proxies includes an identifier of the transparent proxy transmitting the packet. The method further includes identifying the transparent proxies in the connection path based on information in the trace response packets. An apparatus for tracing a connection path is also disclosed.

Abstract: In one embodiment, a method for tracing a connection path from a source node to a destination node through a network having one or more transparent proxies includes generating a trace packet at the source node, transmitting the trace packet over the network towards the destination node, and receiving trace response packets in response to transmission of the trace packet. The trace response packets include a packet from the destination node and a packet from each of the transparent proxies in a data path from the source node to the destination node. Each of the packets from the transparent proxies includes an identifier of the transparent proxy transmitting the packet. The method further includes identifying the transparent proxies in the connection path based on information in the trace response packets. An apparatus for tracing a connection path is also disclosed.

Abstract: In various embodiments, data processing apparatus, software, or machine-implemented methods can optimize NFSv3 asynchronous write requests or MSRPC calls that traverse a wide area network, for example, by receiving, from a client, a first request directed to a server across a wide area network; determining whether a related second request has been received previously; when a related second request has been received previously, sending, to the client, a first reply to the second request and forwarding the first request to the server, and otherwise forwarding the first request to the server without sending any reply to the client for the first request. Sending local replies from a WAN optimizer induces the client to send continuous requests, improving throughput, but at least one client request remains unreplied to, and one server error reply is always reported to the client, facilitating correct error processing at the client.

Abstract: A method is disclosed for reducing network traffic. At a sender, a data chunk is identified for transmission to a receiver, which is connected to the sender over a communication link. The sender computes a signature of the data chunk and determines whether the data chunk has been previously transmitted by looking up the signature in a sender index table. The sender index table associates the signatures of previously transmitted data chunks with unique index values. A message is transmitted to the receiver, where if the data chunk has previously been transmitted then the message includes an index value from the sender index table that is associated with the signature of the data chunk. At the receiver, the data chunk is located in a receiver cache that stores the previously transmitted data chunks by looking up the index value included in the message in a receiver index table.

Abstract: A method and apparatus is disclosed for local access authorization of cached resources. A first request to perform an operation on a first object that is stored in a cache is received. An entity identifier associated with the entity that sent the first request, an operation identifier associated with the operation, and an Access Control List (ACL) associated with the first object are determined based on the first request. A record that includes at least the operation identifier, the ACL, and an authorization indicator is accessed. The authorization indicator indicates whether the entity has previously successfully performed the operation on any object in the cache that is associated with the ACL. Based on the authorization indicator included in the record, a determination is made whether to authorize the entity to perform the operation on the first object.

Abstract: A method is disclosed for accessing information based on Distributed File System (DFS) paths and for automatically and transparently modifying the DFS target server set with additional servers that are preferable to a client. A request to resolve a path to a file is sent to a DFS root node. A response is received from the DFS root node. The response includes one or more first DFS referrals. Each of the one or more first DFS referrals identifies a network entity and a directory that is exported by the network entity, where the file is stored in the directory. A second DFS referral is added to the response. The second DFS referral identifies a particular network entity and a particular directory that is exported by the particular network entity. The response is sent to the client.

Abstract: In one embodiment, a method for providing secure communications using a proxy is provided. The proxy negotiates with a client and a server to determine a session key to use with communications between the client and the proxy and between the proxy and the server. Encrypted data may then be received from the client at the proxy. The proxy can decrypt the encrypted data for processing using the session key. In one embodiment, the decrypted data is not altered. The proxy then sends the encrypted data that was received from the client to the server without re-encrypting the data that was decrypted. Because the proxy did not alter the data in its processing of the decrypted data and the same session key is used between communications for the proxy and the server, the encrypted data stream that was received from the client can be forwarded to the server.

Abstract: In one embodiment, a method for tracing a connection path from a source node to a destination node through a network having one or more transparent proxies includes generating a trace packet at the source node, transmitting the trace packet over the network towards the destination node, and receiving trace response packets in response to transmission of the trace packet. The trace response packets include a packet from the destination node and a packet from each of the transparent proxies in a data path from the source node to the destination node. Each of the packets from the transparent proxies includes an identifier of the transparent proxy transmitting the packet. The method further includes identifying the transparent proxies in the connection path based on information in the trace response packets. An apparatus for tracing a connection path is also disclosed.

Abstract: One embodiment comprises an apparatus for automatic proxy registration and discovery in a multi-proxy communication system. The apparatus executes a proxy server that is configured to provide optimized connections to remote proxy servers that are communicatively connected to the proxy server over a Wide Area Network (WAN). A file server, which is communicatively connected to the proxy server over a Local Area Network (LAN), is automatically discovered. An association record corresponding to the file server is created, where the association record identifies the file server and the proxy server and indicates that the proxy server is configured to provide the remote proxy servers with optimized connections to the file server. The association record is registered with a centralized database server, where the remote proxy servers are communicatively connected to the centralized database server over the WAN.

Abstract: A method and apparatus is disclosed for balancing throughput and compression in a network communication system. A message is received. A first compression mechanism is applied to the message to generate a first compressed message, where applying the first compression mechanism comprises gathering compression information. Based on the compression information, a compression metric associated with the first compressed message is computed. The compression metric is compared to a threshold value. A second compression mechanism is applied to the first compressed message to generate a second compressed message only when the compression metric does not exceed the threshold value. The second compressed message is then transmitted.

Abstract: A method and apparatus is disclosed for local access authorization of cached resources. A first request to perform an operation on a first object that is stored in a cache is received. An entity identifier associated with the entity that sent the first request, an operation identifier associated with the operation, and an Access Control List (ACL) associated with the first object are determined based on the first request. A record that includes at least the operation identifier, the ACL, and an authorization indicator is accessed. The authorization indicator indicates whether the entity has previously successfully performed the operation on any object in the cache that is associated with the ACL. Based on the authorization indicator included in the record, a determination is made whether to authorize the entity to perform the operation on the first object.

Abstract: A method for enabling access to a data resource, which is held on a file server (25) on a first local area network (LAN) (21a), by a client (28) on a second LAN (21b). A proxy receiver (48) on the second LAN (21b) intercepts a request for the data resource submitted by the client (28) and transmits a message via a wide area network (WAN) (29) to a proxy transmitter (52) on the first LAN (21a), requesting the data resource. The proxy transmitter (52) retrieves a replica of the data resource from the file server (25) and conveys the replica of the data resource over the WAN (29) to the proxy receiver (48), which serves the replica of the data resource from the proxy receiver (48) to the client (28) over the second LAN (21b).

Abstract: A method is disclosed for reducing network traffic. At a sender, a data chunk is identified for transmission to a receiver, which is connected to the sender over a communication link. The sender computes a signature of the data chunk and determines whether the data chunk has been previously transmitted by looking up the signature in a sender index table. The sender index table associates the signatures of previously transmitted data chunks with unique index values. A message is transmitted to the receiver, where if the data chunk has previously been transmitted then the message includes an index value from the sender index table that is associated with the signature of the data chunk. At the receiver, the data chunk is located in a receiver cache that stores the previously transmitted data chunks by looking up the index value included in the message in a receiver index table.

Abstract: A method is disclosed for accessing information based on Distributed File System (DFS) paths and for automatically and transparently modifying the DFS target server set with additional servers that are preferable to a client. A request to resolve a path to a file is sent to a DFS root node. A response is received from the DFS root node. The response includes one or more first DFS referrals. Each of the one or more first DFS referrals identifies a network entity and a directory that is exported by the network entity, where the file is stored in the directory. A second DFS referral is added to the response. The second DFS referral identifies a particular network entity and a particular directory that is exported by the particular network entity. The response is sent to the client.

Abstract: A method for enabling access to a data resource, which is held on a file server (25) on a first local area network (LAN) (21a), by a client (28) on a second LAN (21b). A proxy receiver (48) on the second LAN (21b) intercepts a request for the data resource submitted by the client (28) and transmits a message via a wide area network (WAN) (29) to a proxy transmitter (52) on the first LAN (21a), requesting the data resource. The proxy transmitter (52) retrieves a replica of the data resource from the file server (25) and conveys the replica of the data resource over the WAN (29) to the proxy receiver (48), which serves the replica of the data resource from the proxy receiver (48) to the client (28) over the second LAN (21b).

Abstract: A method for enabling access to a data resource, which is held on a file server (25) on a first local area network (LAN) (21a), by a client (28) on a second LAN (21b). A proxy receiver (48) on the second LAN (21b) intercepts a request for the data resource submitted by the client (28) and transmits a message via a wide area network (WAN) (29) to a proxy transmitter (52) on the first LAN (21a), requesting the data resource. The proxy transmitter (52) retrieves a replica of the data resource from the file server (25) and conveys the replica of the data resource over the WAN (29) to the proxy receiver (48), which serves the replica of the data resource from the proxy receiver (48) to the client (28) over the second LAN (21b).