Abstract: Methods and systems for an IPv4-IPv6 proxy mode for DNS servers are provided. According to one embodiment, a DNS query is received by a network device from a dual-stack client. A determination is made the network device whether a first record type containing an Internet Protocol (IP) address for a server associated with the query exists within a DNS database of the network device. If the first record type exists for the server, then communication is enabled between the client and the server based on the first record type; otherwise it is automatically determined whether a second record type usable by the client exists for the server. Responsive to a determination that the second record type exists, data associated with the second record type is shared with the client by the network device to enable communication between the client and the server.

Abstract: Methods and systems for an IPv4-IPv6 proxy mode for DNS servers are provided. According to one embodiment, a DNS query is received by a network device from a dual-stack client. A determination is made the network device whether a first record type containing an Internet Protocol (IP) address for a server associated with the query exists within a DNS database of the network device. If the first record type exists for the server, then communication is enabled between the client and the server based on the first record type; otherwise it is automatically determined whether a second record type usable by the client exists for the server. Responsive to a determination that the second record type exists, data associated with the second record type is shared with the client by the network device to enable communication between the client and the server.

Abstract: Methods and systems for an IPv4-IPv6 proxy mode for DNS servers are provided. According to one embodiment, a DNS query is received by a network device from a dual-stack client. A determination is made the network device whether a first record type containing an Internet Protocol (IP) address for a server associated with the query exists within a DNS database of the network device. If the first record type exists for the server, then communication is enabled between the client and the server based on the first record type; otherwise it is automatically determined whether a second record type usable by the client exists for the server. Responsive to a determination that the second record type exists, data associated with the second record type is shared with the client by the network device to enable communication between the client and the server.

Abstract: Systems and methods for improving the performance of DDoS mitigation by monitoring the health of a protected network resource are provided. According to one embodiment, health of a network device protected by DoS mitigation device can be evaluated and packet/traffic received on the DoS mitigation device can be selectively/conditionally forwarded to the protected network device or can be dropped based on the health of the protected network device. According to one embodiment, at-least a part of the traffic is blocked when the health of the protected network device is below a predetermined health threshold. In an exemplary implementation, a measure of volume of traffic originated by different computing devices and handled by the protected network device can be computed, and packet filtering or conditional forwarding can be enabled when the computed measure of volume of traffic exceeds a predetermined traffic volume threshold.

Abstract: Systems and methods for an improved DDoS mitigation approach are provided. According to one embodiment, a current threshold for a network connection characteristic is established within a Denial-of-Service (DoS) mitigation device logically interposed between a protected resource of a private network and multiple client devices residing external to the private network. A number of connections between the client devices and the protected network resource are tracked. During a period of time in which the number of connections exceeds a connection count threshold: (i) for each of the connections, a measured value for the network connection characteristic is compared to the current threshold; (ii) responsive to a determination that the measured value exceeds the current threshold, the connection is dropped; and (iii) the current threshold is periodically reduced, such that only those connections complying with the current threshold are maintained.

Abstract: Methods and systems for efficient data transactions between applications running on devices associated with the same host. According to one embodiment, a host system includes an HTTP proxy and an SSL/TLS proxy operatively coupled with each other. The SSL/TLS proxy may be configured to perform SSL negotiation with a client and the HTTP proxy may be configured to communicate with a web server in clear text. Data can be transferred directly between the proxies through a pair of connected sockets using a handle of the other proxy's socket. The handle includes a pointer to an address within a memory of a first device upon which the other proxy is running. In this manner, data stored at the address may be processed by a proxy running on a second device without copying the data to the second device and without the overhead associated with the TCP/IP protocol stack.

Abstract: Methods and systems for an IPv4-IPv6 proxy mode for DNS servers are provided. According to one embodiment, a DNS query is received by a network device from a dual-stack client. A determination is made the network device whether a first record type containing an Internet Protocol (IP) address for a server associated with the query exists within a DNS database of the network device. If the first record type exists for the server, then communication is enabled between the client and the server based on the first record type; otherwise it is automatically determined whether a second record type usable by the client exists for the server. Responsive to a determination that the second record type exists, data associated with the second record type is shared with the client by the network device to enable communication between the client and the server.

Abstract: Methods and systems for an IPv4-IPv6 proxy mode for DNS servers are provided. According to one embodiment, a DNS query is received by a network device from a dual-stack client. A determination is made the network device whether a first record type containing an Internet Protocol (IP) address for a server associated with the query exists within a DNS database of the network device. If the first record type exists for the server, then communication is enabled between the client and the server based on the first record type; otherwise it is automatically determined whether a second record type usable by the client exists for the server. Responsive to a determination that the second record type exists, data associated with the second record type is shared with the client by the network device to enable communication between the client and the server.

Abstract: Systems and methods for an improved DDoS mitigation approach are provided. According to one embodiment, a current threshold for a network connection characteristic is established within a Denial-of-Service (DoS) mitigation device logically interposed between a protected resource of a private network and multiple client devices residing external to the private network. A number of connections between the client devices and the protected network resource are tracked. During a period of time in which the number of connections exceeds a connection count threshold: (i) for each of the connections, a measured value for the network connection characteristic is compared to the current threshold; (ii) responsive to a determination that the measured value exceeds the current threshold, the connection is dropped; and (iii) the current threshold is periodically reduced, such that only those connections complying with the current threshold are maintained.

Abstract: Systems and methods for improving the performance of DoS mitigation by monitoring the health of a protected network resource are provided. According to one embodiment, health of a network device protected by DoS mitigation device can be evaluated and packet/traffic received on the DoS mitigation device can be selectively/conditionally forwarded to the protected network device or can be dropped based on the health of the protected network device. According to one embodiment, at-least a part of the traffic is blocked when the health of the protected network device is below a predetermined health threshold. In an exemplary implementation, a measure of volume of traffic originated by different computing devices and handled by the protected network device can be computed, and packet filtering or conditional forwarding can be enabled when the computed measure of volume of traffic exceeds a predetermined traffic volume threshold.

Abstract: Methods and systems for efficient data transactions between applications running on devices associated with the same host. According to one embodiment, a host system includes an HTTP proxy and an SSL/TLS proxy operatively coupled with each other. The SSL/TLS proxy may be configured to perform SSL negotiation with a client and the HTTP proxy may be configured to communicate with a web server in clear text. Data can be transferred directly between the proxies through a pair of connected sockets using a handle of the other proxy's socket. The handle includes a pointer to an address within a memory of a first device upon which the other proxy is running. In this manner, data stored at the address may be processed by a proxy running on a second device without copying the data to the second device and without the overhead associated with the TCP/IP protocol stack.

Abstract: Methods and systems for efficient data transactions between applications running on devices associated with the same host. According to one embodiment, a host system includes an HTTP proxy and an SSL/TLS proxy operatively coupled with each other. The SSL/TLS proxy may be configured to perform SSL negotiation with a client and the HTTP proxy may be configured to communicate with a web server in clear text. Data can be transferred directly between the proxies through a pair of connected sockets using a handle of the other proxy's socket. The handle includes a pointer to an address within a memory of a first device upon which the other proxy is running. In this manner, data stored at the address may be processed by a proxy running on a second device without copying the data to the second device and without the overhead associated with the TCP/IP protocol stack.

Abstract: Methods and systems for an IPv4-IPv6 proxy mode for DNS servers are provided. According to one embodiment, a DNS query is received by a network device from a dual-stack client. A determination is made the network device whether a first record type containing an Internet Protocol (IP) address for a server associated with the query exists within a DNS database of the network device. If the first record type exists for the server, then communication is enabled between the client and the server based on the first record type; otherwise it is automatically determined whether a second record type usable by the client exists for the server. Responsive to a determination that the second record type exists, data associated with the second record type is shared with the client by the network device to enable communication between the client and the server.

Abstract: Methods and systems for efficient data transactions between applications running on devices associated with the same host. According to one embodiment, a host system includes an HTTP proxy and an SSL/TLS proxy operatively coupled with each other. The SSL/TLS proxy may be configured to perform SSL negotiation with a client and the HTTP proxy may be configured to communicate with a web server in clear text. Data can be transferred directly between the proxies through a pair of connected sockets using a handle of the other proxy's socket. The handle includes a pointer to an address within a memory of a first device upon which the other proxy is running In this manner, data stored at the address may be processed by a proxy running on a second device without copying the data to the second device and without the overhead associated with the TCP/IP protocol stack.

Abstract: A computer system having a shared disk file system running on multiple computers each having their own instance of an operating system and being coupled for parallel data sharing access to files residing on network attached shared disks. A metadata node manages file metadata for parallel read and write actions. Metadata tokens are used for controlled access to the metadata and initial selection and changing of the metadata node.

Abstract: A computer system having a shared disk file system running on multiple computers each having their own instance of an operating system and being coupled for parallel data sharing access to files residing on network attached shared disks. Locking techniques reduce the overhead of a token manager which is also used in the file system recovery if a computer participating in the management of shared disks becomes unavailable or failed. Synchronous and asynchronous takeover of a metadata node occurs for correction of metadata which was under modification and a new computer node to be a metadata node for that file. Locks are not constantly required to allocate new blocks on behalf of a user.

Abstract: A computer system having a shared disk file system running on multiple computers each having their own instance of an operating system and being coupled for parallel data sharing access to files residing on network attached shared disks. Access to a file by a processor node is controlled by tokens transferred to the node from a token manager. To prevent another processor node from removing a token after the token has been received, but before it performs the operation on the file, each process can lock the token after it has been received. A node with a token can lock a byte range of a file, which byte range may include all or only some of byte range cornered by the token.

Abstract: In a fault-tolerant distributed file system, the server state needs to be reconstructed after the server restarts or when its function is taken over by another node. A crucial part of the server state is determining whether or not in-flight, directory-operations initiated by the clients have been completed. Described is a check-before-request scheme that solves this problem. A global lock is obtained on the directory or directories first. A check is made on the directories to see if the operation would succeed, and if so a request is made to the server for the operation. If the server were to fail during the execution of the operation, completion of the operation prior to failure can be determined by merely re-examining the directory contents.

Abstract: A system and method for allowing a distributed, coherent network filesystem to have virtual filesystem instantiations existent on any number of client nodes as well as on the server node that maintains the physical instantiation. On the server node only one image of the filesystem is visible even though two instantiations (physical and virtual) have been realized on that node. The rendering the physical instantation invisible and inaccessible is accomplished by performing a "takeover" of the physical filesystems data structures by the virtual filesystems mounting subroutines.

Abstract: A system and method for non-disruptive recovery from a file server failure. State information for a file system managed by a server is maintained among a plurality of client nodes of a distributed system. When a failure of the server is detected, all ongoing requests to server are suspended. Then, the state information in each client node is transferred to an identified back-up server. Based on the state information, the file server state prior to the failure is reconstructed. After the reconstructing the file system, the suspended requests are restarted on the back-up server.