Abstract: Methods, non-transitory computer readable media, network traffic management apparatuses, and network traffic management systems that utilize a reverse tunnel proxy in a cloud environment. The reverse tunnel proxy in a cloud environment automatically discovers its environment and creates an appropriate tunnel without using a public IP. The reverse tunnel proxy in a cloud environment utilizes an outgoing connection along with an initialization and channelization to connect to the cloud and accepts an incoming connection in response. In embodiments, a cloud initiates a connection and a tunnel is created without need for additional IP addresses. In embodiments, the reverse tunnel proxy in a cloud environment connects to a client as a server and a private key is stored at a server side without pushing private keys into a public environment.

Abstract: The disclosed technology includes accessing a first network application programming interface exposed by a first cloud provider of the plurality of cloud providers to identify a first pricing profile, the first pricing profile associated with the first Cloud provider. Upon identifying the first pricing profile, accessing a second network application programming interface exposed by a second cloud provider of the plurality of cloud providers to identify a second pricing profile, the second pricing profile associated with the second Cloud provider. A load balancing decision is determined comparing the identified first pricing profile with the identified second pricing profile. Next, the determined load balancing decision is executed on a monitored computing-traffic.

Abstract: Methods, non-transitory computer readable media, network traffic management apparatuses, and network traffic management systems that utilize a reverse tunnel proxy in a cloud environment. The reverse tunnel proxy in a cloud environment automatically discovers its environment and creates an appropriate tunnel without using a public IP. The reverse tunnel proxy in a cloud environment utilizes an outgoing connection along with an initialization and channelization to connect to the cloud and accepts an incoming connection in response. In embodiments, a cloud initiates a connection and a tunnel is created without need for additional IP addresses. In embodiments, the reverse tunnel proxy in a cloud environment connects to a client as a server and a private key is stored at a server side without pushing private keys into a public environment.

Abstract: Embodiments are directed towards improving the performance of network traffic management devices by optimizing the management of hot connection flows. A packet traffic management device (“PTMD”) may employ a data flow segment (“DFS”) and control segment (“CS”). The CS may perform high-level control functions and per-flow policy enforcement for connection flows maintained at the DFS, while the DFS may perform statistics gathering, per-packet policy enforcement (e.g., packet address translations), or the like, on connection flows maintained at the DFS. The DFS may include high-speed flow caches and other high-speed components that may be comprised of high-performance computer memory. Making efficient use of the high speed flow cache capacity may be improved by maximizing the number of hot connection flows and minimizing the number of malicious and/or in-operative connections flows (e.g., non-genuine flows) that may have flow control data stored in the high-speed flow cache.

Abstract: Embodiments are directed towards network address based flood attack mitigation methods. A PTMD disposed between one or more computers may monitor several network flows and generate metrics associated with malicious network activity, such as, flood attacks. If flood attacks are determined to be occurring, the PTMD may determine the network addresses targeted by the flood attack. Further, the PTMD may activate flood attack mitigation procedures for the targeted network addresses such that other network addresses associated with the monitored network flows are excluded from the flood attack mitigation procedure. The PTMD may monitor the network traffic subsequently communicated to the targeted network addresses. Accordingly, the PTMD may determine if the flood attack has ceased based on characteristics of the monitored network traffic. If the flood attack has ceased, the flood attack mitigation procedures for the targeted network addresses may be deactivated.

Abstract: Embodiments are directed towards improving the performance of network traffic management devices by optimizing the management of hot connection flows. A packet traffic management device (“PTMD”) employs a data flow segment (“DFS”) and control segment (“CS”). The CS performs high-level control functions and per-flow policy enforcement for connection flows maintained at the DFS, while the DFS performs statistics gathering, and per-packet policy enforcement, on connection flows maintained at the DFS. The DFS may include high-speed flow caches and other high-speed components. Making efficient use of the high speed flow cache capacity may be improved by maximizing the number of hot connection flows based on unique service and network traffic characteristics through adaptive feedback pattern learning together with administrator configurable service preferences that may have flow control data for most bandwidth hungry and desired hot services offloaded to the high-speed flow cache, at appropriate time.

Abstract: Embodiments are directed towards employing a packet traffic management device that has a split data flow segment (“DFS”) and control segment (“CS”) to determine if a connection flow update provided by the DFS to the CS is valid. The CS may be utilized to establish connection flows at the DFS based on connection flow requests. The CS may generate a connection flow identifier (“CFID”) for a connection flow request. The CS may cache the CFID at the CS. The CS may establish a connection flow at the DFS based at least on the connection flow request and the CFID. After a connection flow is established, a DFS may provide a connection flow update and a corresponding CFID to the CS. The CS may determine that the connection flow update is valid if the corresponding CFID matches the CFID cached at the CS.

Abstract: Embodiments are directed towards improving the performance of network traffic management devices by optimizing the management of hot connection flows. A packet traffic management device (“PTMD”) may employ a data flow segment (“DFS”) and control segment (“CS”). The CS may perform high-level control functions and per-flow policy enforcement for connection flows maintained at the DFS, while the DFS may perform statistics gathering, per-packet policy enforcement (e.g., packet address translations), or the like, on connection flows maintained at the DFS. The DFS may include high-speed flow caches and other high-speed components that may be comprised of high-performance computer memory. Making efficient use of the high speed flow cache capacity may be improved by maximizing the number of hot connection flows and minimizing the number of malicious and/or in-operative connections flows (e.g., non-genuine flows) that may have flow control data stored in the high-speed flow cache.

Abstract: Embodiments are directed towards improving the performance of network traffic management devices by optimizing the management of hot connection flows. A packet traffic management device (“PTMD”) may employ a data flow segment (“DFS”) and control segment (“CS”). The CS may perform high-level control functions and per-flow policy enforcement for connection flows maintained at the DFS, while the DFS may perform statistics gathering, per-packet policy enforcement (e.g., packet address translations), or the like, on connection flows maintained at the DFS. The DFS may include high-speed flow caches and other high-speed components that may be comprised of high-performance computer memory. Making efficient use of the high speed flow cache capacity may be improved by maximizing the number of hot connection flows and minimizing the number of malicious and/or in-operative connections flows (e.g., non-genuine flows) that may have flow control data stored in the high-speed flow cache.

Abstract: Embodiments are directed towards improving the performance of network traffic management devices by optimizing the management of hot connection flows. A packet traffic management device (“PTMD”) employs a data flow segment (“DFS”) and control segment (“CS”). The CS performs high-level control functions and per-flow policy enforcement for connection flows maintained at the DFS, while the DFS performs statistics gathering, and per-packet policy enforcement, on connection flows maintained at the DFS. The DFS may include high-speed flow caches and other high-speed components. Making efficient use of the high speed flow cache capacity may be improved by maximizing the number of hot connection flows based on unique service and network traffic characteristics through adaptive feedback pattern learning together with administrator configurable service preferences that may have flow control data for most bandwidth hungry and desired hot services offloaded to the high-speed flow cache, at appropriate time.

Abstract: Embodiments are directed towards minimizing the impact flood attacks may have on packet traffic management performance. A packet traffic management device (“PTMD”) may employ a data flow segment (“DFS”) and control segment (“CS”). The CS may perform high-level control functions and per-flow policy enforcement for connection flows maintained at the DFS, while the DFS may perform statistics gathering, per-packet policy enforcement (e.g., packet address translations), or the like, on connection flows maintained at the DFS. The DFS may include high-speed flow caches and other high-speed components that may be comprised of high-performance computer memory. The impact of flood attacks may be reduced by protecting the high-speed flow caches from being consumed by flow control data associated with malicious and/or in-operative non-genuine network connections.

Abstract: Embodiments are directed towards improving the performance of network traffic management devices by optimizing the management of hot connection flows. A packet traffic management device (“PTMD”) employs a data flow segment (“DFS”) and control segment (“CS”). The CS performs high-level control functions and per-flow policy enforcement for connection flows maintained at the DFS, while the DFS performs statistics gathering, and per-packet policy enforcement, on connection flows maintained at the DFS. The DFS may include high-speed flow caches and other high-speed components. Making efficient use of the high speed flow cache capacity may be improved by maximizing the number of hot connection flows based on unique service and network traffic characteristics through adaptive feedback pattern learning together with administrator configurable service preferences that may have flow control data for most bandwidth hungry and desired hot services offloaded to the high-speed flow cache, at appropriate time.

Abstract: Embodiments are directed towards network address based flood attack mitigation methods. A PTMD disposed between one or more computers may monitor several network flows and generate metrics associated with malicious network activity, such as, flood attacks. If flood attacks are determined to be occurring, the PTMD may determine the network addresses targeted by the flood attack. Further, the PTMD may activate flood attack mitigation procedures for the targeted network addresses such that other network addresses associated with the monitored network flows are excluded from the flood attack mitigation procedure. The PTMD may monitor the network traffic subsequently communicated to the targeted network addresses. Accordingly, the PTMD may determine if the flood attack has ceased based on characteristics of the monitored network traffic. If the flood attack has ceased, the flood attack mitigation procedures for the targeted network addresses may be deactivated.

Abstract: Embodiments are directed towards improving the performance of network traffic management devices by optimizing the management of hot connection flows. A packet traffic management device (“PTMD”) may employ a data flow segment (“DFS”) and control segment (“CS”). The CS may perform high-level control functions and per-flow policy enforcement for connection flows maintained at the DFS, while the DFS may perform statistics gathering, per-packet policy enforcement (e.g., packet address translations), or the like, on connection flows maintained at the DFS. The DFS may include high-speed flow caches and other high-speed components that may be comprised of high-performance computer memory. Making efficient use of the high speed flow cache capacity may be improved by maximizing the number of hot connection flows and minimizing the number of malicious and/or in-operative connections flows (e.g., non-genuine flows) that may have flow control data stored in the high-speed flow cache.

Abstract: A switching device for forwarding network traffic to a desired destination on a network, such as a telephone or computer network. The switching device includes multiple ports and uses a lookup table to determine which port to forward network traffic over. The lookup table includes network addresses that are maintained in ascending or descending order. The switching device includes multiple binary search engines coupled in series including one or more precursor binary search engines and a final stage binary search engine. Together, the binary search engines perform an N iteration binary search. Additionally, a single search engine can perform multiple concurrent searches so that source and destination addresses can be obtained simultaneously and without wasted memory cycles.

Abstract: A switching device for forwarding network traffic to a desired destination on a network, such as a telephone or computer network. The switching device includes multiple ports and uses a lookup table containing lookup keys to determine which port to forward network traffic over. The lookup tables are populated based on use. Consequently, the lookup tables on different ports contain different addresses. By storing only addresses that a port uses, each port's lookup table is unique to that port's characteristics. Additionally, aging techniques are used on both source and destination addresses in the lookup table so that stale entries are removed and memory is conserved.

Abstract: A switching device for forwarding network traffic to a desired destination on a network, such as a telephone or computer network. The switching device includes multiple ports and uses a lookup table containing lookup keys to determine which port to forward network traffic over. The lookup table includes disparate forwarding databases that contain database entries in different formats. For example, one forwarding databases may relate to MAC addresses, while another database relates to IP addresses. The disparate databases are maintained in a single lookup table and a binary search engine searches the table without regard to the database format. Like-kind database entries are grouped within the lookup table and the lookup table is maintained in sorted order by prepending format identification bits to the lookup keys. Memory availability for the disparate databases can be dynamically changed allowing customization for a particular user application.

Abstract: A switching device for forwarding network traffic to a desired destination on a network, such as a telephone or computer network. The switching device includes multiple ports and uses a lookup table to determine which port to forward network traffic over. The lookup table includes network addresses that are maintained in ascending or descending order. The lookup table also includes network address that differ in length. Fictitious network addresses may also be added to the lookup table to expedite searches in the lookup table. The fictitious network addresses are used in conjunction with a comparison field stored in the lookup table. The comparison field allows network addresses and collapsed network addresses (which represent groups of network addresses) to be stored within the same table. The collapsed network addresses allows for a reduction of overall lookup table size, thereby increasing the speed while reducing the cost of the switching device.

Abstract: A switching device for forwarding network traffic to a desired destination on a network, such as a telephone or computer network. The switching device includes multiple ports and uses a lookup table to determine which port to forward network traffic over. The lookup table includes network addresses that are maintained in ascending or descending order. The switching device includes multiple binary search engines coupled in series including one or more precursor binary search engines and a final stage binary search engine. Together, the binary search engines perform an N iteration binary search. Additionally, a single search engine can perform multiple concurrent searches so that source and destination addresses can be obtained simultaneously and without wasted memory cycles.

Abstract: A switching device for forwarding network traffic to a desired destination on a network, such as a telephone or computer network. The switching device includes multiple ports and uses a lookup table to determine which port to forward network traffic over. The lookup table includes network addresses that are maintained in ascending or descending order. The switching device includes multiple binary search engines coupled in series including one or more precursor binary search engines and a final stage binary search engine. Together, the binary search engines perform an N iteration binary search. Additionally, a single search engine can perform multiple concurrent searches so that source and destination addresses can be obtained simultaneously and without wasted memory cycles.