Abstract: Methods, non-transitory computer readable media, rendezvous gateway (RG) apparatuses, and network security systems that send an RG synchronization message (SYN) to an application in a secure domain following receipt, from a client, of a client SYN comprising an indication of the application. A rendezvous agent (RA) SYN is received, via a firewall coupled to the security domain and in response to the RG SYN, from an RA in the secure domain. A first RG synchronization-acknowledgement message (SYN+ACK) is sent to the client in response to the client SYN. A second RG SYN+ACK is sent, via the firewall, to the RA in response to the RA SYN. The RA is notified of receipt of a client acknowledgement message (ACK) from the client. An RA ACK is received, from the RA and via the firewall, in response to the notification, to thereby establish a full connection between the client and the application.

Abstract: A method, computer readable medium, and device for dynamic DNS implementation, comprises receiving, at a network traffic management device, a first DNS response from a DNS server, wherein the first DNS response is compliant with Internet Protocol version 4 (IPv4). The first DNS response corresponds to a first DNS request from a client device being compliant with Internet Protocol version 6 (IPv6). The first DNS response is converted into a DNS second response that is compliant with IPv6, by attaching a prefix that identifies a network gateway device which is to handle receive subsequent non-DNS requests from the client device. The second DNS response is routed to the client device. Subsequent non-DNS requests from the client device that contain at least a part of the prefix allow the network traffic management device to route the non-DNS request through the designated network gateway device.

Abstract: Embodiments are directed towards improving the performance of network traffic management devices by optimizing the management of hot connection flows. A packet traffic management device (“PTMD”) may employ a data flow segment (“DFS”) and control segment (“CS”). The CS may perform high-level control functions and per-flow policy enforcement for connection flows maintained at the DFS, while the DFS may perform statistics gathering, per-packet policy enforcement (e.g., packet address translations), or the like, on connection flows maintained at the DFS. The DFS may include high-speed flow caches and other high-speed components that may be comprised of high-performance computer memory. Making efficient use of the high speed flow cache capacity may be improved by maximizing the number of hot connection flows and minimizing the number of malicious and/or in-operative connections flows (e.g., non-genuine flows) that may have flow control data stored in the high-speed flow cache.

Abstract: Embodiments are directed towards employing a packet traffic management device that has a split data flow segment (“DFS”) and control segment (“CS”) to determine if a connection flow update provided by the DFS to the CS is valid. The CS may be utilized to establish connection flows at the DFS based on connection flow requests. The CS may generate a connection flow identifier (“CFID”) for a connection flow request. The CS may cache the CFID at the CS. The CS may establish a connection flow at the DFS based at least on the connection flow request and the CFID. After a connection flow is established, a DFS may provide a connection flow update and a corresponding CFID to the CS. The CS may determine that the connection flow update is valid if the corresponding CFID matches the CFID cached at the CS.

Abstract: Embodiments are directed towards improving the performance of network traffic management devices by optimizing the management of hot connection flows. A packet traffic management device (“PTMD”) may employ a data flow segment (“DFS”) and control segment (“CS”). The CS may perform high-level control functions and per-flow policy enforcement for connection flows maintained at the DFS, while the DFS may perform statistics gathering, per-packet policy enforcement (e.g., packet address translations), or the like, on connection flows maintained at the DFS. The DFS may include high-speed flow caches and other high-speed components that may be comprised of high-performance computer memory. Making efficient use of the high speed flow cache capacity may be improved by maximizing the number of hot connection flows and minimizing the number of malicious and/or in-operative connections flows (e.g., non-genuine flows) that may have flow control data stored in the high-speed flow cache.

Abstract: A method, non-transitory computer readable medium, and network device that generates a network communication including a destination address associated with a second network device and a destination port number, wherein the destination port number corresponds to a service operating on the second network device. An initial SSL handshake protocol message is generated and at least the destination port number is inserted into a server name indicator (SNI) extension of the initial SSL handshake protocol message. An SSL connection is established with the second network device using a predetermined port number and the initial SSL handshake protocol message is sent to the second network device. Information included in the network communication is sent to the second network device using the SSL connection.

Abstract: Methods, computer-readable media, and apparatuses for network flow state preservation include migration of at least one application hosted on a first server device to a second server device coupled to a second traffic management device is detected at a first traffic management device. At least a portion of connection state information associated with a network connection between at least one client device and the application is communicated by the first traffic management device to the second traffic management device via a communication channel between the first and second traffic management devices. The application is provided by the first traffic management device to the at least one client device during the migration based upon the connection state information.

Abstract: A method, computer readable medium, and device for handling requests between different resource record types includes receiving at a traffic management device a first resource record type from one or more server devices in response to a request from a client device. The traffic management device validates the first resource record type, and creates a second resource record type corresponding to the first resource record type after the validating. Signing the second resource record type at the traffic management device is carried out for servicing the request from the client device.

Abstract: Embodiments are directed towards providing protection to DNS servers against DNS flood attacks by causing a requesting device to perform multiple DNS lookup requests for resolving a resource record. A request from a network device for a resolution of a domain name may be received by a device interposed between the requesting network device and a DNS server. Upon receiving the request to resolve the domain name, the interposed device may respond with a CNAME that includes a cookie. The requesting device may then send another request that includes the cookie preceded CNAME. The interposed device may then validate the returned cookie returned in the CNAME and if valid, forward the domain name resolution request on to a DNS server. The response may then be forwarded to the requesting device.

Abstract: A method, computer readable medium, and device for providing authenticated domain name service includes forwarding at a traffic management device a request for a domain name from a client device to one or more servers coupled to the traffic management device. The traffic management device receives a first response comprising at least a portion of the domain name from the one or more servers. The traffic management device attaches a first signature to the first response when the first response is determined by the traffic management device to be an unauthenticated response, and provides the first response with the first signature to the client device.

Abstract: A method, computer readable medium, and device for dynamic DNS implementation, comprises receiving, at a network traffic management device, a first DNS response from a DNS server, wherein the first DNS response is compliant with Internet Protocol version 4 (IPv4). The first DNS response corresponds to a first DNS request from a client device being compliant with Internet Protocol version 6 (IPv6). The first DNS response is converted into a DNS second response that is compliant with IPv6, by attaching a prefix that identifies a network gateway device which is to handle receive subsequent non-DNS requests from the client device. The second DNS response is routed to the client device. Subsequent non-DNS requests from the client device that contain at least a part of the prefix allow the network traffic management device to route the non-DNS request through the designated network gateway device.

Abstract: A method, computer readable medium, and device for providing authenticated domain name service includes forwarding at a traffic management device a request for a domain name from a client device to one or more servers coupled to the traffic management device. The traffic management device receives a first response comprising at least a portion of the domain name from the one or more servers. The traffic management device attaches a first signature to the first response when the first response is determined by the traffic management device to be an unauthenticated response, and provides the first response with the first signature to the client device.

Abstract: Embodiments are directed towards providing protection to DNS servers against DNS flood attacks by causing a requesting device to perform multiple DNS lookup requests for resolving a resource record. A request from a network device for a resolution of a domain name may be received by a device interposed between the requesting network device and a DNS server. Upon receiving the request to resolve the domain name, the interposed device may respond with a CNAME that includes a cookie. The requesting device may then send another request that includes the cookie preceded CNAME. The interposed device may then validate the returned cookie returned in the CNAME and if valid, forward the domain name resolution request on to a DNS server. The response may then be forwarded to the requesting device.

Abstract: A method, computer readable medium, and device for handling requests between different resource record types includes receiving at a traffic management device a first resource record type from one or more server devices in response to a request from a client device. The traffic management device validates the first resource record type, and creates a second resource record type corresponding to the first resource record type after the validating. Signing the second resource record type at the traffic management device is carried out for servicing the request from the client device.

Abstract: Disclosed are methods and systems for providing persistence across multiple requests in a WAN load-balanced environment. More than one load balancing system may be used to provide persistence while load balancing. One method and system disclosed provides persistence by using modulus arithmetic to load balance requests. Another method and system disclosed provides persistence using topology information contained in the request. Another method and system disclosed provides persistence by storing connection information to refer a timely continuation request of a prior request to the same server the prior request was referred to. When more than one load balancing system is used with this method, the load balancing systems periodically exchange the stored connection information so that each load balancing system may provide persistence to repeat requests.

Abstract: Disclosed are methods and systems for providing persistence across multiple requests in a WAN load-balanced environment. More than one load balancing system may be used to provide persistence while load balancing. One method and system disclosed provides persistence by using modulus arithmetic to load balance requests. Another method and system disclosed provides persistence using topology information contained in the request. Another method and system disclosed provides persistence by storing connection information to refer a timely continuation request of a prior request to the same server the prior request was referred to. When more than one load balancing system is used with this method, the load balancing systems periodically exchange the stored connection information so that each load balancing system may provide persistence to repeat requests.

Abstract: Disclosed are methods and systems for providing persistence across multiple requests in a WAN load-balanced environment. More than one load balancing system may be used to provide persistence while load balancing. One method and system disclosed provides persistence by using modulus arithmetic to load balance requests. Another method and system disclosed provides persistence using topology information contained in the request. Another method and system disclosed provides persistence by storing connection information to refer a timely continuation request of a prior request to the same server the prior request was referred to. When more than one load balancing system is used with this method, the load balancing systems periodically exchange the stored connection information so that each load balancing system may provide persistence to repeat requests.

Abstract: A method, computer readable medium, and device for providing authenticated domain name service includes forwarding at a traffic management device a request for a domain name from a client device to one or more servers coupled to the traffic management device. The traffic management device receives a first response comprising at least a portion of the domain name from the one or more servers. The traffic management device attaches a first signature to the first response when the first response is determined by the traffic management device to be an unauthenticated response, and provides the first response with the first signature to the client device.