公开(公告)号：US09888042B2

公开(公告)日：2018-02-06

申请号：US14282954

申请日：2014-05-20

Applicant: Citrix Systems, Inc.

Inventor： Saravana Annamalaisami ,  Krishna Khanal ,  Varun Taneja ,  Mahesh Mylarappa

IPC: G06F15/16 ,  H04L29/06 ,  H04L12/707 ,  H04L29/08

CPC classification number: H04L65/1069 ,  H04L45/24 ,  H04L65/4076 ,  H04L69/14 ,  H04L69/163 ,  H04L69/326

Abstract: The present invention is directed towards systems and methods for multipath transmission control protocol connection (MPTCP) management. A first device, intermediary between a second device and a third device, may establish a protocol control structure responsive to establishment of a MPTCP session between the first device and the second device. The first device may maintain, via the protocol control structure, an identification of a plurality of subflows comprising transmission control protocol (TCP) connections in the MPTCP session between the first device and the second device. The first device may convert or translate, via the protocol control structure, subflow-specific sequence identifiers of packets transmitted via each of the plurality of subflows, to sequence identifiers unique across the plurality of subflows and identifying related packets from each subflows to be processed at the third device. The third device may receive the packets with the converted sequence identifiers in a single TCP connection.

公开(公告)号：US09497281B2

公开(公告)日：2016-11-15

申请号：US14245505

申请日：2014-04-04

Applicant: Citrix Systems, Inc.

Inventor： Ashwin Jagadish ,  Mahesh Mylarappa ,  Sandhya Gopinath ,  Saravana Annamalaisami ,  Shashidhara Nanjundaswamy

IPC: H04L12/747 ,  H04L29/08 ,  H04L12/743

CPC classification number: H04L67/2814 ,  H04L45/7453

Abstract: The present disclosure is directed towards methods and systems for caching packet steering sessions for steering data packets between intermediary devices of a cluster of intermediary devices intermediary to a client and a plurality of servers. A first intermediary device receives a first data packet and determines, from a hash of a tuple of the first packet, a second intermediary device to which to steer the first packet. The first device stores, to a session for storing packet steering information, the identity of the second device and the tuple. The first device receives a second packet having a corresponding tuple that matches the tuple of the first packet and determines, based on a lookup for the session using the tuple of the second packet, that the second device is the intermediary device to which to steer the second packet. The first device steers the second packet to the second device.

Abstract translation: 本公开涉及用于缓存用于在客户机中间的多个中间设备的集群的中间设备和多个服务器之间指导数据分组的分组导向会话的方法和系统。 第一中间设备接收第一数据分组，并且从第一分组的元组的散列中确定第二中介设备来引导第一分组。 第一设备存储分组转向信息的会话，第二设备和元组的身份。 第一设备接收具有与第一分组的元组匹配的对应元组的第二分组，并且基于对使用第二分组的元组的会话的查找确定第二设备是引导其的中间设备 第二个包。 第一设备将第二分组转向第二设备。

公开(公告)号：US10659367B2

公开(公告)日：2020-05-19

申请号：US15974905

申请日：2018-05-09

Applicant: Citrix Systems, Inc.

Inventor： Mustafa Kutluk Testicioglu ,  Mahesh Mylarappa

IPC: H04W4/00 ,  H04L12/803 ,  H04W28/02 ,  H04L12/26 ,  H04L5/00 ,  H04L12/801 ,  H04L12/825

Abstract: An appliance for controlling data transmission is described. The appliance includes a packet engine configured to acquire data regarding a flow of first data packets over a link and to determine transport communication protocol (TCP) characteristics for the flow. The appliance also includes a data transmission controller configured to receive second data packets, determine a rate of transmission based on the TCP characteristics, and determine, based on one or more criteria, whether to use a rate-based data transmission control to control a transmission of the second data packets. The data transmission controller is also configured to, responsive to determining that a rate-based data transmission control is to be used to control a transmission of the second data packets, cause the packet engine to transmit the second data packets in groups, wherein transmission times of each group of second data packets are determined based on the rate of transmission.

公开(公告)号：US09769288B2

公开(公告)日：2017-09-19

申请号：US13858002

申请日：2013-04-06

Applicant: Citrix Systems, Inc.

Inventor： Varun Taneja ,  Mahesh Mylarappa ,  Saravana Annamalaisami

IPC: G06F15/16 ,  H04L29/06 ,  H04L29/08 ,  H04L12/807

CPC classification number: H04L69/16 ,  H04L47/27 ,  H04L69/326

Abstract: The present disclosure relates to methods and systems for dynamically changing an advertised window for a transport layer connection. A device can receive data from a server destined for an application. The device identifies the size of the application buffer corresponding to the application and advertises the application buffer size as a window size to the server. The device stores the data in the device memory. The device then determines the memory usage by comparing the memory usage to one or more predetermined thresholds. If the device determines that the memory usage is below a first predetermined threshold, the device can implement an aggressive dynamic receive buffering policy in which the device increases the advertised window size by a first increment. If the device determines that the memory usage is above the first threshold and below a second threshold, the device executes a more conservative dynamic receive buffering policy.

公开(公告)号：US20140303934A1

公开(公告)日：2014-10-09

申请号：US13858010

申请日：2013-04-06

Applicant: CITRIX SYSTEMS, INC.

Inventor： Mahesh Mylarappa ,  Meghashree Iyengar ,  Saravana Annamalaisami ,  Rajesh Joshi

IPC: G06F11/30

CPC classification number: H04L67/2819 ,  G06F11/006 ,  G06F11/3006 ,  G06F11/3089 ,  G06F11/3409 ,  G06F11/3419 ,  G06F11/3433 ,  G06F11/3495 ,  G06F2201/875 ,  G06F2201/88 ,  H04L43/026 ,  H04L43/06 ,  H04L43/08 ,  H04L67/2804

Abstract: The present disclosure is directed towards systems and methods for application performance measurement. A device may receive a first document for transmission to a client, comprising instructions for the client to transmit a request for an embedded object. A flow monitor executed the device may generate a unique identification associated with the first document, the unique identification identifying a first access of the first document, and transmit the first document and unique identification to the client. The device may receive, from the client, a request for the embedded object comprising the unique identification, and transmit, to a server, the request for the embedded object at a transmit time. The device may receive, from the server, the embedded object at a receipt time, and may transmit a performance record comprising an identification of the object, the server, the transmit time, the receipt time, and the unique identification to a data collector.

Abstract translation: 本公开涉及用于应用性能测量的系统和方法。 设备可以接收用于传输到客户端的第一文档，包括用于客户端发送对嵌入对象的请求的指令。 所执行的流量监视器可以生成与第一文档相关联的唯一标识，唯一标识识别第一文档的第一访问，并将第一文档和唯一标识发送给客户端。 该设备可以从客户端接收包括唯一标识的嵌入式对象的请求，并在发送时间向服务器发送对嵌入对象的请求。 设备可以在接收时从服务器接收嵌入对象，并且可以向数据收集器发送包括对象的标识，服务器，发送时间，接收时间和唯一标识的性能记录。

公开(公告)号：US20180146015A1

公开(公告)日：2018-05-24

申请号：US15876847

申请日：2018-01-22

Applicant: Citrix Systems, Inc.

Inventor： Saravana Annamalaisami ,  Krishna Khanal ,  Varun Taneja ,  Mahesh Mylarappa

IPC: H04L29/06 ,  H04L12/707 ,  H04L29/08

Abstract: The present invention is directed towards systems and methods for multipath transmission control protocol connection (MPTCP) management. A first device, intermediary between a second device and a third device, may establish a protocol control structure responsive to establishment of a MPTCP session between the first device and the second device. The first device may maintain, via the protocol control structure, an identification of a plurality of subflows comprising transmission control protocol (TCP) connections in the MPTCP session between the first device and the second device. The first device may convert or translate, via the protocol control structure, subflow-specific sequence identifiers of packets transmitted via each of the plurality of subflows, to sequence identifiers unique across the plurality of subflows and identifying related packets from each subflows to be processed at the third device. The third device may receive the packets with the converted sequence identifiers in a single TCP connection.

公开(公告)号：US09706004B2

公开(公告)日：2017-07-11

申请号：US13858010

申请日：2013-04-06

Applicant: Citrix Systems, Inc.

Inventor： Mahesh Mylarappa ,  Meghashree Iyengar ,  Saravana Annamalaisami ,  Rajesh Joshi

IPC: H04L29/08 ,  G06F11/30 ,  H04L12/26

CPC classification number: H04L67/2819 ,  G06F11/006 ,  G06F11/3006 ,  G06F11/3089 ,  G06F11/3409 ,  G06F11/3419 ,  G06F11/3433 ,  G06F11/3495 ,  G06F2201/875 ,  G06F2201/88 ,  H04L43/026 ,  H04L43/06 ,  H04L43/08 ,  H04L67/2804

Abstract: The present disclosure is directed towards systems and methods for application performance measurement. A device may receive a first document for transmission to a client, comprising instructions for the client to transmit a request for an embedded object. A flow monitor executed the device may generate a unique identification associated with the first document, the unique identification identifying a first access of the first document, and transmit the first document and unique identification to the client. The device may receive, from the client, a request for the embedded object comprising the unique identification, and transmit, to a server, the request for the embedded object at a transmit time. The device may receive, from the server, the embedded object at a receipt time, and may transmit a performance record comprising an identification of the object, the server, the transmit time, the receipt time, and the unique identification to a data collector.

公开(公告)号：US09246940B2

公开(公告)日：2016-01-26

申请号：US14245533

申请日：2014-04-04

Applicant: Citrix Systems, Inc.

Inventor： Krishna Khanal ,  Saravana Annamalaisami ,  Mahesh Mylarappa

IPC: G06F12/14 ,  H04L29/06

CPC classification number: H04L63/1466 ,  H04L63/0428

Abstract: The present solution is directed to systems and methods for synchronizing a random seed value among a plurality of multi-core nodes in a cluster of nodes for generating a cookie signature. The cookie signature may be used for protection from SYN flood attacks. A cluster of nodes comprises one master node and one or more other nodes. Each node comprises one master core and one or more other cores. A random number is generated at the master core of the master node. The random number is synchronized across every other core. The random number is used to generated a secret key value that is attached in the encoded initial sequence number of a SYN-ACK packet. If the responding ACK packet does not contain the secret key value, then the ACK packet is dropped.

Abstract translation: 本解决方案涉及用于在节点簇中的多个多核节点之间同步随机种子值以产生Cookie签名的系统和方法。 Cookie签名可用于防止SYN Flood攻击。 一组节点包括一个主节点和一个或多个其他节点。 每个节点包括一个主核和一个或多个其他核。 在主节点的主核心处生成随机数。 随机数在每隔一个核心上同步。 随机数用于产生附加在SYN-ACK分组的经编码的初始序列号中的秘密密钥值。 如果响应的ACK分组不包含密钥值，则ACK分组被丢弃。

公开(公告)号：US20140351447A1

公开(公告)日：2014-11-27

申请号：US14282954

申请日：2014-05-20

Applicant: Citrix Systems, Inc.

Inventor： Saravana Annamalaisami ,  Krishna Khanal ,  Varun Taneja ,  Mahesh Mylarappa

IPC: H04L29/06 ,  H04L12/707

CPC classification number: H04L65/1069 ,  H04L45/24 ,  H04L65/4076 ,  H04L69/14 ,  H04L69/163 ,  H04L69/326

Abstract: The present invention is directed towards systems and methods for multipath transmission control protocol connection (MPTCP) management. A first device, intermediary between a second device and a third device, may establish a protocol control structure responsive to establishment of a MPTCP session between the first device and the second device. The first device may maintain, via the protocol control structure, an identification of a plurality of subflows comprising transmission control protocol (TCP) connections in the MPTCP session between the first device and the second device. The first device may convert or translate, via the protocol control structure, subflow-specific sequence identifiers of packets transmitted via each of the plurality of subflows, to sequence identifiers unique across the plurality of subflows and identifying related packets from each subflows to be processed at the third device. The third device may receive the packets with the converted sequence identifiers in a single TCP connection.

Abstract translation: 本发明涉及用于多径传输控制协议连接（MPTCP）管理的系统和方法。 响应于建立第一设备和第二设备之间的MPTCP会话，第一设备，第二设备和第三设备之间的中介可以建立协议控制结构。 第一设备可以经由协议控制结构维护包括第一设备和第二设备之间的MPTCP会话中的传输控制协议（TCP）连接的多个子流的标识。 第一设备可以经由协议控制结构将经由多个子流中的每一个发送的分组的子流特定序列标识符转换或翻译成在多个子流中唯一的序列标识符，并且从每个子流识别相关分组以在 第三个设备。 第三设备可以在单个TCP连接中接收具有转换的序列标识符的分组。

公开(公告)号：US20140304810A1

公开(公告)日：2014-10-09

申请号：US14245533

申请日：2014-04-04

Applicant: Citrix Systems, Inc.

Inventor： Krishna Khanal ,  Saravana Annamalaisami ,  Mahesh Mylarappa

IPC: H04L29/06

CPC classification number: H04L63/1466 ,  H04L63/0428

Abstract: The present solution is directed to systems and methods for synchronizing a random seed value among a plurality of multi-core nodes in a cluster of nodes for generating a cookie signature. The cookie signature may be used for protection from SYN flood attacks. A cluster of nodes comprises one master node and one or more other nodes. Each node comprises one master core and one or more other cores. A random number is generated at the master core of the master node. The random number is synchronized across every other core. The random number is used to generated a secret key value that is attached in the encoded initial sequence number of a SYN-ACK packet. If the responding ACK packet does not contain the secret key value, then the ACK packet is dropped.

Abstract translation: 本解决方案涉及用于在节点簇中的多个多核节点之间同步随机种子值以产生Cookie签名的系统和方法。 Cookie签名可用于防止SYN Flood攻击。 一组节点包括一个主节点和一个或多个其他节点。 每个节点包括一个主核和一个或多个其他核。 在主节点的主核心处生成随机数。 随机数在每隔一个核心上同步。 随机数用于产生附加在SYN-ACK分组的经编码的初始序列号中的秘密密钥值。 如果响应的ACK分组不包含密钥值，则ACK分组被丢弃。