Abstract: Provided are methods and systems for recognizing network devices as trusted. A system for recognizing network devices as trusted may include a network module, a storage device, and a processor. The network module may be configured to receive a request from a network device to establish a data connection between the network device and a server based on a determination that the network device is trusted. The storage device may be configured to store a whitelist associated with a plurality of trusted network devices. The processor may be configured to determine that the network device is trusted. Based on the determination, the processor may associate the network device with the whitelist for a predetermined period of time.

Abstract: A method for electing a master blade in a virtual application distribution chassis (VADC), includes: sending by each blade a VADC message to each of the other blades; determining by each blade that the VADC message was not received from the master blade within a predetermined period of time; in response, sending a master claim message including a blade priority by each blade to the other blades; determining by each blade whether any of the blade priorities obtained from the received master claim messages is higher than the blade priority of the receiving blade; in response to determining that none of the blade priorities obtained is higher, setting a status of a given receiving blade to a new master blade; and sending by the given receiving blade a second VADC message to the other blades indicating the status of the new master blade of the given receiving blade.

Abstract: Provided are methods and systems for graceful scaling of data networks. In one example, an indication of removal of a node from a plurality of nodes of the data network is received. A service policy is generated to reassign service requests associated with the node to another node in the plurality of nodes. The service policy is then sent to each of the plurality of nodes of the data network. To scale out a data network, an indication of presence of a further node in the data network is received, and a further node service policy is generated and sent to each of the plurality of nodes of the data network and to the further node. Additional actions can be taken in order to prevent interruption of an existing heavy-duty connection while scaling the data network.

Abstract: Provided are methods and systems for distributing application traffic. A method for distributing application traffic may commence with relaying a first service request for a first service session from a service gateway to a server. The first service request may be received from a host and may be associated with a service request time. The method may further include receiving, from the server, a service response. The service response may be associated with a service response time. The method may continue with calculating a service processing time based on the service request time and the service response time and comparing the service processing time with an expected service processing time. The method may further include receiving, from the host, a second service request for a second service session. The method may continue with selectively relaying the second server request to the server based on the service processing time.

Abstract: Methods and systems for dynamic threat protection are disclosed. An example method for dynamic threat protection may commence with receiving real-time contextual data from at least one data source associated with a client. The method may further include analyzing the real-time contextual data to determine a security threat score associated with the client. The method may continue with assigning, based on the analysis, the security threat score to the client. The method may further include automatically applying a security policy to the client. The security policy may be applied based on the security threat score assigned to the client.

Abstract: Provided are methods and systems for load distribution in a data network. A method for load distribution in the data network comprises retrieving network data associated with the data network and service node data associated with one or more service nodes. The method further comprises analyzing the retrieved network data and service node data. Based on the analysis, a service policy is generated. Upon receiving one or more service requests, the one or more service requests are distributed among the service nodes according to the service policy.

Abstract: The processing of data packets sent over a communication session between a host and a server by a service gateway includes processing a data packet using a current hybrid-stateful or hybrid-stateless processing method. The processing then checks whether a hybrid-stateless or hybrid-stateful condition is satisfied. When one of the sets of conditions is satisfied, the process includes changing from a hybrid-stateful to a hybrid-stateless processing method, or vice versa, for a subsequently received data packet. If the conditions are not satisfied, the process continues as originally structured.

Abstract: Provided are methods and systems for balancing servers based on a server load status. A method for balancing servers based on a server load status may commence with receiving, from a server of a plurality of servers, a service response to a service request. The service response may include a computing load of the server. The method may continue with receiving a next service request from a host. The method may further include determining, based on the computing load of the server, whether the server is available to process the next service request. The method may include selectively sending the next service request to the server based on the determination that the server is available to process the next service request.

Abstract: Described herein are methods and systems for application aware fastpath processing over a data network. In some examples, application fastpath operates to facilitate application specific fastpath processing of data packets transferred between a client device and a server device over a network session of a data network.

Abstract: Methods and systems for load balancing are disclosed. An example method for load balancing commences with receiving a data packet from a host device. The method further includes identifying a header field of the data packet. After identifying the header field of the data packet, the method proceeds with matching the data packet to a network service based on the header field. Thereafter, the method generates a header field block for the data packet based on the network service. The method further includes sending the data packet to a processor module. The data packet is processed based on the header field block.

Abstract: In providing packet forwarding policies in a virtual service network that includes a network node and a pool of service load balancers serving a virtual service, the network node: receives a virtual service session request from a client device, the request including a virtual service network address for the virtual service; compares the virtual service network address in the request with the virtual service network address in each at least one packet forwarding policy; in response to finding a match between the virtual service network address in the request and a given virtual service network address in a given packet forwarding policy, determines the given destination in the given packet forwarding policy; and sends the request to a service load balancer in the pool of service load balancers associated with the given destination, where the service load balancer establishes a virtual service session with the client device.

Abstract: Facilitation of processing a chain of network applications by a network controller is provided herein. In some examples, a network controller comprising a fast path module receives a service request data packet from a client side session between a client and the network controller and determines that the service request data packet matches a network application chain order, the network application chain order indicating a configuration to apply a plurality of network applications. The fast path module processes the service request data packet according to the configuration indicated in the network application chain order.

Abstract: Facilitation of secure network traffic by an application delivery controller is provided herein. In some examples, a method includes: (a) receiving a data packet with information from a client indicating that the client is a trusted source; (b) embedding in the data packet a transmission control protocol (TCP) options header, the TCP options header comprising information including at least a sequence number for a protocol connection; and (c) forwarding the embedded data packet to a server.

Abstract: Methods and systems for synchronization of configuration files of a plurality of blades in a virtual application distribution chassis are disclosed. In an exemplary method, a master blade processes a configuration command, updates a first configuration file with the configuration command and generates an updated tag, and sends a configuration message to at least one slave blade of the virtual application distribution chassis informing of the updated configuration file. The configuration message is received by a given slave blade of the one or more slave blades and compared with a second configuration file stored at the given slave blade; and in response to determining that the updated tag in the configuration message is more recent than the tag in the second configuration file stored at the given slave blade, the slave blade sends a request for the updated configuration file to the master blade.

Abstract: Provided are methods and systems for distributing application traffic. A method for distributing application traffic may commence with relaying a first service request for a first service session from a service gateway to a server. The first service request may be received from a host and may be associated with a service request time. The method may further include receiving, from the server, a service response. The service response may be associated with a service response time. The method may continue with calculating a service processing time based on the service request time and the service response time and comparing the service processing time with an expected service processing time. The method may further include receiving, from the host, a second service request for a second service session. The method may continue with selectively relaying the second server request to the server based on the service processing time.

Abstract: Provided are methods and systems for recognizing network devices as trusted. A system for recognizing network devices as trusted may include a network module, a storage device, and a processor. The network module may be configured to receive a request from a network device to establish a data connection between the network device and a server based on a determination that the network device is trusted. The storage device may be configured to store a whitelist associated with a plurality of trusted network devices. The processor may be configured to determine that the network device is trusted. Based on the determination, the processor may associate the network device with the whitelist for a predetermined period of time.

Abstract: Provided are systems and methods for configuring a network servicing node with user-defined instruction scripts. A method for configuring a network servicing node with user-defined instruction scripts may commence with receiving, from a user of the network servicing node, a user loadable program. The user loadable program may include at least the user-defined instruction scripts. The method may continue with receiving a data packet from a data network associated with the user. The method may further include determining a condition associated with the data packet. The method may continue with identifying, in a name table, a program name associated with a program using the condition. The program may be the user loadable program. The method may further include processing the data packet by getting an instruction of the user-defined instruction scripts from a storage module and applying the instruction to the data packet.

Abstract: Systems and methods for TCP fast open support in proxy devices are provided. An example system may include at least one circuit and at least one data plane communicatively coupled to the circuit. The circuit may be configured to receive at least one SYN packet. The at least one SYN packet is associated with at least one client device and includes a cookie. The circuit can be configured to validate the cookie. If the result of the validation is positive, the data plane can be configured to initiate, based on the at least one SYN packet, a connection between the at least one client device and at least one server. If the result of the validation is negative, the circuit can be configured to generate, based on the SYN packet, a new cookie and send a SYN-ACK packet to the client, the SYN-ACK packet including the new cookie.

Abstract: Provided are methods and systems for distributing application traffic. A method for distributing application traffic may commence with receiving, from a host, a first service request for a first service session. The first service request may be associated with a service request time. The method may continue with relaying the first service request from a service gateway to a server. The method may further include receiving, from the server, a service response. The service response may be associated with a service response time. The method may continue with calculating a service processing time for the first service request based on the service request time and the service response time. The method may further include receiving, from the host, a second service request for a second service session. The method may continue with selectively relaying the second server request to the server based on the service processing time.

Abstract: Provided are methods and systems for network access control. A method for network access control may commence with determining whether a client device is a trusted source or an untrusted source. The determination may be performed using a SYN packet received from the client device. The SYN packet may include identifying information for the client device. When it is determined that the client device is neither the trusted source nor the untrusted source, the method may continue with transmitting a SYN/ACK packet to the client device. The SYN/ACK packet may include a SYN cookie and identifying information for a network device. The method may further include receiving an ACK packet from the client device that may include the identifying information for the client device, identifying information for the network device, and the SYN cookie. The method may continue with establishing a connection with a network for the client device.