公开(公告)号：US20150227396A1

公开(公告)日：2015-08-13

申请号：US14697209

申请日：2015-04-27

Applicant: Citrix Systems, Inc.

Inventor： Chitti Nimmagadda ,  Rajiv Mirani ,  Ragu Goyal ,  Surabh Dave

IPC: G06F9/50 ,  H04L12/64 ,  G06F9/455 ,  H04L29/08 ,  H04L12/24

CPC classification number: G06F9/45533 ,  G06F9/455 ,  G06F9/45537 ,  G06F9/4555 ,  G06F9/45558 ,  G06F9/5077 ,  G06F13/00 ,  G06F13/10 ,  G06F13/102 ,  G06F13/105 ,  G06F2009/45579 ,  G06F2009/45583 ,  H04L12/6418 ,  H04L41/0806 ,  H04L67/10

Abstract: This disclosure describes a system for Single Root I/O Virtualization (SR-IOV) pass-thru for network packet processing via a virtualized environment of a device. The system includes a device comprising a virtualized environment and a plurality of virtual machines having a virtual network interface for receiving and transmitting network packets. A driver for the physical network interface of the device creates a plurality of virtual devices corresponding to the physical network interface, which appear as a Peripheral Component Interconnect (PCI) device to the virtualized environment. A virtual device of the plurality of virtual devices is assigned via the virtualized environment to each virtual machine of the plurality of virtual machines. The virtual machine uses the virtual device assigned to the virtual machine, to receive and transmit network packets via the physical network interface of the device.

Abstract translation: 本公开描述了用于通过设备的虚拟化环境进行网络分组处理的单根I / O虚拟化（SR-IOV）系统。 该系统包括包括虚拟化环境的设备和具有用于接收和发送网络分组的虚拟网络接口的多个虚拟机。 用于设备的物理网络接口的驱动器创建对应于物理网络接口的多个虚拟设备，该物理网络接口作为外围组件互连（PCI）设备呈现给虚拟化环境。 多个虚拟设备中的虚拟设备经由虚拟化环境分配给多个虚拟机的每个虚拟机。 虚拟机使用分配给虚拟机的虚拟设备，通过设备的物理网络接口接收和发送网络数据包。

公开(公告)号：US10270740B2

公开(公告)日：2019-04-23

申请号：US14175616

申请日：2014-02-07

Applicant: Citrix Systems, Inc.

Inventor： Puneet Agarwal ,  Srinivasan Thirunarayanan ,  Vamsi Korrapatti ,  Prakash Khemani ,  Rajiv Mirani ,  Anoop Reddy

IPC: H04L29/06 ,  H04L29/08

Abstract: The present disclosure provides solutions for an enterprise providing services to a variety of clients to enable the client to use the resources provided by the enterprise by modifying URLs received and the URLs from the responses from the servers to the client's requests before forwarding the requests and the responses to the intended destinations. An intermediary may identify an access profile for a clients' request to access a server via a clientless SSL VPN session. The intermediary may detect one or more URLs in content served by the server in response to the request using one or more regular expressions of the access profile. The intermediary may rewrite or modify, responsive to detecting, the one or more detected URLs in accordance with a URL transformation specified by one or more rewrite policies of the access profile. The response with modified URLs may be forwarded to the client.

公开(公告)号：US09407554B2

公开(公告)日：2016-08-02

申请号：US13929985

申请日：2013-06-28

Applicant: Citrix Systems, Inc.

Inventor： Rajiv Mirani ,  Rajiv Sinha ,  Abhishek Chauhan ,  Anil Shetty

IPC: H04L12/28 ,  H04L12/803 ,  G06F9/50 ,  H04L12/861 ,  H04L29/12 ,  H04L29/08

CPC classification number: H04L47/125 ,  G06F9/5005 ,  G06F2209/5016 ,  H04L29/12066 ,  H04L49/90 ,  H04L61/1511 ,  H04L67/02 ,  H04L67/14

Abstract: The present solution is related to a method for distributing flows of network traffic across a plurality of packet processing engines executing on a corresponding core of a multi-core device. The method includes receiving, by a multi-core device intermediary to clients and servers, a packet of a first flow of network traffic between a client and server. The method also includes assigning, by a flow distributor of the multi-core device, the first flow of network traffic to a first core executing a packet processing engine and distributing the packet to this core. The flow distributor may distribute packets of another or second flow of traffic between another client and server to a second core executing a second packet processing engine. When a packet for the flow of traffic assigned to the first core is received, such as a third packet, the flow distributor distributes this packet to the first core.

公开(公告)号：US09160768B2

公开(公告)日：2015-10-13

申请号：US13935320

申请日：2013-07-03

Applicant: Citrix Systems, Inc.

Inventor： Namit Sikka ,  Anoop Reddy ,  Rajiv Mirani ,  Abhishek Chauhan

IPC: H04L29/06

CPC classification number: H04L63/20 ,  H04L63/102

Abstract: Systems and methods for configuring and evaluating policies that direct processing of one or more data streams are described. A configuration interface is described for allowing users to specify object oriented policies. These object oriented policies may allow any data structures to be applied with respect to a payload of a received packet stream, including any portions of HTTP traffic. A configuration interface may also allow the user to control the order in which policies and policy groups are executed, in addition to specifying actions to be taken if one or more policies are undefined. Systems and methods for processing the policies may allow efficient processing of object-oriented policies by applying potentially complex data structures to unstructured data streams. A device may also interpret and process a number of flow control commands and policy group invocation statements to determine an order of execution among a number of policies and policy groups. These policy configurations and processing may allow configuration and processing of complex network behaviors relating to load balancing, VPNs, SSL offloading, content switching, application security, acceleration, and caching.

Abstract translation: 描述用于配置和评估直接处理一个或多个数据流的策略的系统和方法。 描述了用于允许用户指定面向对象策略的配置界面。 这些面向对象的策略可以允许针对所接收的分组流的有效载荷（包括HTTP流量的任何部分）应用任何数据结构。 配置界面还可以允许用户控制执行策略和策略组的顺序，以及如果未定义一个或多个策略，则指定要采取的操作。 用于处理策略的系统和方法可以允许通过将潜在的复杂数据结构应用于非结构化数据流来有效地处理面向对象的策略。 设备还可以解释和处理多个流控制命令和策略组调用语句以确定多个策略和策略组中的执行顺序。 这些策略配置和处理可能允许配置和处理与负载均衡，VPN，SSL卸载，内容切换，应用安全，加速和缓存相关的复杂网络行为。

公开(公告)号：US20130286839A1

公开(公告)日：2013-10-31

申请号：US13929985

申请日：2013-06-28

Applicant: Citrix Systems, Inc.

Inventor： Rajiv Mirani ,  Rajiv Sinha ,  Abhishek Chauhan ,  Anil Shetty

IPC: H04L12/70

CPC classification number: H04L47/125 ,  G06F9/5005 ,  G06F2209/5016 ,  H04L29/12066 ,  H04L49/90 ,  H04L61/1511 ,  H04L67/02 ,  H04L67/14

Abstract: The present solution is related to a method for distributing flows of network traffic across a plurality of packet processing engines executing on a corresponding core of a multi-core device. The method includes receiving, by a multi-core device intermediary to clients and servers, a packet of a first flow of network traffic between a client and server. The method also includes assigning, by a flow distributor of the multi-core device, the first flow of network traffic to a first core executing a packet processing engine and distributing the packet to this core. The flow distributor may distribute packets of another or second flow of traffic between another client and server to a second core executing a second packet processing engine. When a packet for the flow of traffic assigned to the first core is received, such as a third packet, the flow distributor distributes this packet to the first core.

Abstract translation: 本解决方案涉及在多核设备的相应核上执行的多个分组处理引擎上分配网络流量流的方法。 所述方法包括：通过多核设备中介向客户端和服务器接收在客户端和服务器之间的第一流网络流量的分组。 该方法还包括将多核设备的流分配器将第一流网络流量分配给执行分组处理引擎的第一核心，并将该分组分发到该核心。 流分配器可将另一客户端和服务器之间的另一或第二流量流的分组分发到执行第二分组处理引擎的第二核心。 当接收到分配给第一核的流量流的分组（例如第三分组）时，流分发器将该分组分发到第一核心。

公开(公告)号：US10019128B2

公开(公告)日：2018-07-10

申请号：US14491515

申请日：2014-09-19

Applicant: Citrix Systems, Inc.

Inventor： Thomas Goodwin ,  Rajiv Mirani ,  Abhishek Chauhan ,  Frank Suchomel ,  Deepak Goel

IPC: G06F9/455 ,  G06F3/0481 ,  G06F11/34 ,  H04L29/08

CPC classification number: G06F3/0481 ,  G06F9/45558 ,  G06F11/3438 ,  G06F11/3495 ,  G06F2009/45562 ,  G06F2009/4557 ,  G06F2009/45591 ,  G06F2201/815 ,  G06F2201/865 ,  H04L67/10

Abstract: The present disclosure is directed to systems and method for providing a virtual appliance. One or more application delivery controller appliances intermediary to a plurality of clients and a plurality of servers perform a plurality of application delivery control functions on network traffic communicated between the plurality of clients and the plurality of servers. A virtual application delivery controller is deployed on a device intermediary to the plurality of clients and the plurality of servers. The virtual application delivery controller executing on the device performs one or more of the plurality of application delivery control functions on network traffic communicated between the plurality of clients and the plurality of servers.

公开(公告)号：US09600313B2

公开(公告)日：2017-03-21

申请号：US14697209

申请日：2015-04-27

Applicant: Citrix Systems, Inc.

Inventor： Chitti Nimmagadda ,  Rajiv Mirani ,  Raghu Goyal ,  Saurabh Dave

IPC: G06F9/455 ,  G06F3/00 ,  G06F9/44 ,  G06F9/46 ,  G06F13/00 ,  G06F13/10 ,  G06F9/50 ,  H04L12/64 ,  H04L12/24 ,  H04L29/08

CPC classification number: G06F9/45533 ,  G06F9/455 ,  G06F9/45537 ,  G06F9/4555 ,  G06F9/45558 ,  G06F9/5077 ,  G06F13/00 ,  G06F13/10 ,  G06F13/102 ,  G06F13/105 ,  G06F2009/45579 ,  G06F2009/45583 ,  H04L12/6418 ,  H04L41/0806 ,  H04L67/10

Abstract: This disclosure describes a system for Single Root I/O Virtualization (SR-IOV) pass-thru for network packet processing via a virtualized environment of a device. The system includes a device comprising a virtualized environment and a plurality of virtual machines having a virtual network interface for receiving and transmitting network packets. A driver for the physical network interface of the device creates a plurality of virtual devices corresponding to the physical network interface, which appear as a Peripheral Component Interconnect (PCI) device to the virtualized environment. A virtual device of the plurality of virtual devices is assigned via the virtualized environment to each virtual machine of the plurality of virtual machines. The virtual machine uses the virtual device assigned to the virtual machine, to receive and transmit network packets via the physical network interface of the device.

公开(公告)号：US20140157361A1

公开(公告)日：2014-06-05

申请号：US14175616

申请日：2014-02-07

Applicant: CITRIX SYSTEMS, INC.

Inventor： Puneet Agarwal ,  Srinivasan Thirunarayanan ,  Vamsi Korrapatti ,  Prakash Khemani ,  Rajiv Mirani ,  Anoop Reddy

IPC: H04L29/06

CPC classification number: H04L63/0272 ,  H04L29/08846 ,  H04L63/0281 ,  H04L63/105 ,  H04L63/166 ,  H04L63/20 ,  H04L67/02 ,  H04L67/14 ,  H04L67/2814

Abstract: The present disclosure provides solutions for an enterprise providing services to a variety of clients to enable the client to use the resources provided by the enterprise by modifying URLs received and the URLs from the responses from the servers to the client's requests before forwarding the requests and the responses to the intended destinations. An intermediary may identify an access profile for a clients' request to access a server via a clientless SSL VPN session. The intermediary may detect one or more URLs in content served by the server in response to the request using one or more regular expressions of the access profile. The intermediary may rewrite or modify, responsive to detecting, the one or more detected URLs in accordance with a URL transformation specified by one or more rewrite policies of the access profile. The response with modified URLs may be forwarded to the client.

Abstract translation: 本公开提供了向各种客户端提供服务的企业的解决方案，以使得客户端能够在转发请求之前通过修改所接收的URL和从服务器的响应到客户端的请求来使用企业提供的资源，并且 对预期目的地的回应。 中介可以识别客户端通过无客户端SSL VPN会话访问服务器的请求的访问配置文件。 响应于使用访问简档的一个或多个正则表达式的请求，中介可以检测服务器所服务的内容中的一个或多个URL。 根据由访问简档的一个或多个重写策略指定的URL变换，中介可以响应于检测到一个或多个检测到的URL来重写或修改。 具有修改的URL的响应可以转发给客户端。

公开(公告)号：US20130298190A1

公开(公告)日：2013-11-07

申请号：US13935320

申请日：2013-07-03

Applicant: Citrix Systems, Inc.

Inventor： Namit Sikka ,  Anoop Reddy ,  Rajiv Mirani ,  Abhishek Chauhan

IPC: H04L29/06

CPC classification number: H04L63/20 ,  H04L63/102

Abstract: Systems and methods for configuring and evaluating policies that direct processing of one or more data streams are described. A configuration interface is described for allowing users to specify object oriented policies. These object oriented policies may allow any data structures to be applied with respect to a payload of a received packet stream, including any portions of HTTP traffic. A configuration interface may also allow the user to control the order in which policies and policy groups are executed, in addition to specifying actions to be taken if one or more policies are undefined. Systems and methods for processing the policies may allow efficient processing of object-oriented policies by applying potentially complex data structures to unstructured data streams. A device may also interpret and process a number of flow control commands and policy group invocation statements to determine an order of execution among a number of policies and policy groups. These policy configurations and processing may allow configuration and processing of complex network behaviors relating to load balancing, VPNs, SSL offloading, content switching, application security, acceleration, and caching.

Abstract translation: 描述用于配置和评估直接处理一个或多个数据流的策略的系统和方法。 描述了用于允许用户指定面向对象策略的配置界面。 这些面向对象的策略可以允许针对所接收的分组流的有效载荷（包括HTTP流量的任何部分）应用任何数据结构。 配置界面还可以允许用户控制执行策略和策略组的顺序，以及如果未定义一个或多个策略，则指定要采取的操作。 用于处理策略的系统和方法可以允许通过将潜在的复杂数据结构应用于非结构化数据流来有效地处理面向对象的策略。 设备还可以解释和处理多个流控制命令和策略组调用语句以确定多个策略和策略组中的执行顺序。 这些策略配置和处理可能允许配置和处理与负载均衡，VPN，SSL卸载，内容切换，应用安全，加速和缓存相关的复杂网络行为。