Abstract: Embodiments are directed to stateless communication using a stateful protocol. One or more NTMAs may establish a connection with a client computer based on data exchanged with a the client computer using the stateful protocol. The exchanged data may include validation information provided by the one or more NTMAs. The exchanged data and other information associated with the connection may be discarded from one or more memories of the one or more NTMAs. A network packet communicated over the network using the stateful protocol may be obtained. Verification information and candidate validation information may be generated based on one or more characteristics of the network packet. The network packet may be validated based on a comparison of the verification information and the candidate validation information. A reply that adheres to the stateful protocol may be provided to the client computer based on the validated network packet.

Abstract: Technology related to processing network packets with returnable values is disclosed. In one example, a method includes intercepting a Domain Name System (DNS) request including returnable request values in respective request packet fields. A hash function can be used to characterize or modify the intercepted returnable request values. The intercepted DNS request can be forwarded to a DNS server. A DNS response including returnable response values in respective response packet fields can be received. The returnable response values and the hash function can be used to determine whether the DNS response is legitimate. A legitimate DNS response can be forwarded to a client.

Abstract: Embodiments are directed to stateless communication using a stateful protocol. One or more NTMAs may establish a connection with a client computer based on data exchanged with a the client computer using the stateful protocol. The exchanged data may include validation information provided by the one or more NTMAs. The exchanged data and other information associated with the connection may be discarded from one or more memories of the one or more NTMAs. A network packet communicated over the network using the stateful protocol may be obtained. Verification information and candidate validation information may be generated based on one or more characteristics of the network packet. The network packet may be validated based on a comparison of the verification information and the candidate validation information. A reply that adheres to the stateful protocol may be provided to the client computer based on the validated network packet.

Abstract: Embodiments are directed to managing communication over a network with traffic management computers (TMCs). If network traffic that is statelessly monitored is selected for stateful monitoring, the TMCs may perform operations to transition from stateless monitoring to stateful monitoring with minimal disruption of users/clients. TMCs may receive the network traffic that include network packets. If the network packets are statelessly monitored by the TMCs one or more stateless network management operations may be performed on the network packets. If the network packets may be statefully monitored the TMCs may perform stateful network management operations on the network packets.

Abstract: Embodiments are directed to managing communication over a network with traffic management computers (TMCs). If network traffic that is statelessly monitored is selected for stateful monitoring, the TMCs may perform operations to transition from stateless monitoring to stateful monitoring with minimal disruption of users/clients. TMCs may receive the network traffic that include network packets. If the network packets are statelessly monitored by the TMCs one or more stateless network management operations may be performed on the network packets. If the network packets may be statefully monitored the TMCs may perform stateful network management operations on the network packets.

Abstract: Embodiments are directed towards improving the performance of network traffic management devices by optimizing the management of hot connection flows. A packet traffic management device (“PTMD”) may employ a data flow segment (“DFS”) and control segment (“CS”). The CS may perform high-level control functions and per-flow policy enforcement for connection flows maintained at the DFS, while the DFS may perform statistics gathering, per-packet policy enforcement (e.g., packet address translations), or the like, on connection flows maintained at the DFS. The DFS may include high-speed flow caches and other high-speed components that may be comprised of high-performance computer memory. Making efficient use of the high speed flow cache capacity may be improved by maximizing the number of hot connection flows and minimizing the number of malicious and/or in-operative connections flows (e.g., non-genuine flows) that may have flow control data stored in the high-speed flow cache.

Abstract: A traffic management device (TMD) is situated between a one or more network devices providing jumbo network traffic and one or more device providing non-jumbo network traffic. The TMD is configured to employ TCP segmentation offload hardware within a Network Interface Card (NIC) at the level two/four layers of the OSI stack by rewriting maximum segment size (MSS) information during initial handshake operations, such that jumbo frames may be split into digestible size frames for a non-jumbo network communications.

Abstract: Embodiments are directed towards minimizing the impact flood attacks may have on packet traffic management performance. A packet traffic management device (“PTMD”) may employ a data flow segment (“DFS”) and control segment (“CS”). The CS may perform high-level control functions and per-flow policy enforcement for connection flows maintained at the DFS, while the DFS may perform statistics gathering, per-packet policy enforcement (e.g., packet address translations), or the like, on connection flows maintained at the DFS. The DFS may include high-speed flow caches and other high-speed components that may be comprised of high-performance computer memory. The impact of flood attacks may be reduced by protecting the high-speed flow caches from being consumed by flow control data associated with malicious and/or in-operative non-genuine network connections.