公开(公告)号：US20140241360A1

公开(公告)日：2014-08-28

申请号：US14192556

申请日：2014-02-27

Applicant: Citrix Systems, Inc. ,  Citrix Systems, Inc.

Inventor： Steve Jackowski ,  Steve Jackowski ,  Seth Keith ,  Seth Keith ,  Daljit Singh ,  Daljit Singh ,  Ralph Wondra

IPC: H04L12/851 ,  H04L29/08 ,  H04L29/06

CPC classification number: H04L47/2441 ,  H04L41/0213 ,  H04L41/046 ,  H04L43/0829 ,  H04L43/0864 ,  H04L67/2819 ,  H04L69/22 ,  H04L69/32

Abstract: The present invention is directed towards systems and methods for providing multi-level classification of a network packet. In some embodiments, network performance may be enhanced and optimized by providing QoS and acceleration engines with packet- or data-specific information. In addition to source and destination IP addresses and port numbers, packet- or data-specific information can include direction of traffic (client to host or server; server or host to client; or both), Virtual LAN (VLAN) ID, source or destination application or associated application, service class, ICA priority, type of service, differentiated service code point (DSCP), or other information. Some or all of this information may be used to classify the network packet at a plurality of layers of a network stack, allowing for deep inspection of the packet and multiple levels of granularity of classification.

Abstract translation: 本发明涉及用于提供网络分组的多级分类的系统和方法。 在一些实施例中，可以通过向QoS和加速引擎提供分组或数据特定信息来增强和优化网络性能。 除了源和目标IP地址和端口号之外，数据包或数据特定信息可以包括流量方向（客户端到主机或服务器;服务器或主机到客户端;或两者），虚拟LAN（VLAN）ID，源或 目标应用程序或相关应用程序，服务类别，ICA优先级，服务类型，差异化服务代码点（DSCP）或其他信息。 这些信息中的一些或全部可以用于在网络堆栈的多个层对网络分组进行分类，允许对分组的深度检查和分级的多个级别的级别。

公开(公告)号：US09602577B2

公开(公告)日：2017-03-21

申请号：US14634322

申请日：2015-02-27

Applicant: Citrix Systems, Inc.

Inventor： Steve Jackowski ,  Seth Keith ,  Daljit Singh ,  Yao Li

IPC: G06F15/173 ,  H04L29/08 ,  H04L12/859 ,  H04L29/06 ,  H04L12/26 ,  H04L12/851

CPC classification number: H04L67/025 ,  H04L43/028 ,  H04L43/04 ,  H04L47/2433 ,  H04L47/2441 ,  H04L47/2475 ,  H04L47/2483 ,  H04L67/2819 ,  H04L67/322 ,  H04L67/42

Abstract: The present invention is directed towards systems and methods for providing discovery of applications for classification of a network packet for performing QoS and acceleration techniques. Remote display protocol traffic associated with a new application not previously included in a list of predetermined applications may be parsed for application information, and the new application may be added to the application list. The remote display protocol traffic may then be classified according to the new application, and network performance may be enhanced and optimized by providing QoS and acceleration engines with packet- or data-specific information corresponding to the newly identified application.

公开(公告)号：US20140185482A1

公开(公告)日：2014-07-03

申请号：US14143588

申请日：2013-12-30

Applicant: Citrix Systems, Inc.

Inventor： Steve Jackowski ,  Seth Keith ,  Mike Ovsiannikov

IPC: H04L12/26

CPC classification number: H04L43/0894 ,  H04L43/028 ,  H04L47/2441 ,  H04L47/2475 ,  H04L63/0281 ,  H04L63/0428

Abstract: The present invention is directed towards systems and methods for providing classification of an encrypted network packet for performing QoS and acceleration techniques. Encrypted packets may be classified by a first classifier at a first portion of a network stack of a device as corresponding to a first predetermined application, and an application identifier may be included with the packet. In some embodiments, the packets may be decrypted in an order dependent on a first classification of the encrypted network packet. After decryption, packets may be reclassified as corresponding to a second predetermined application by a second classifier operating at a second portion of a network stack of the device above the first portion. Thus, network performance may be enhanced and optimized by providing QoS and acceleration engines with packet- or data-specific information corresponding to the application, while avoiding inefficiencies due to a lack of prioritization of decryption.

Abstract translation: 本发明涉及用于提供用于执行QoS和加速技术的加密网络分组的分类的系统和方法。 加密分组可以由与第一预定应用相对应的设备的网络堆栈的第一部分处的第一分类器分类，并且应用标识符可以包括在分组中。 在一些实施例中，分组可以以取决于加密网络分组的第一分类的顺序被解密。 在解密之后，可以通过在第一部分上方的设备的网络堆栈的第二部分操作的第二分类器将分组重新分类为对应于第二预定应用。 因此，可以通过向QoS和加速引擎提供与应用相对应的分组或数据特定信息，同时避免由于缺乏解密优先级而导致的低效率，可以增强和优化网络性能。

公开(公告)号：US20150244767A1

公开(公告)日：2015-08-27

申请号：US14634322

申请日：2015-02-27

Applicant: Citrix Systems, Inc.

Inventor： Steve Jackowski ,  Seth Keith ,  Daljit Singh ,  Yao Li

IPC: H04L29/08 ,  H04L29/06

CPC classification number: H04L67/025 ,  H04L43/028 ,  H04L43/04 ,  H04L47/2433 ,  H04L47/2441 ,  H04L47/2475 ,  H04L47/2483 ,  H04L67/2819 ,  H04L67/322 ,  H04L67/42

Abstract: The present invention is directed towards systems and methods for providing discovery of applications for classification of a network packet for performing QoS and acceleration techniques. Remote display protocol traffic associated with a new application not previously included in a list of predetermined applications may be parsed for application information, and the new application may be added to the application list. The remote display protocol traffic may then be classified according to the new application, and network performance may be enhanced and optimized by providing QoS and acceleration engines with packet- or data-specific information corresponding to the newly identified application.

Abstract translation: 本发明涉及用于提供用于分类用于执行QoS和加速技术的网络分组的应用的发现的系统和方法。 与先前未包含在预定应用程序列表中的新应用相关联的远程显示协议流量可以被解析用于应用信息，并且可以将新应用添加到应用列表中。 然后可以根据新的应用对远程显示协议流量进行分类，并且可以通过向QoS和加速引擎提供与新识别的应用相对应的分组或数据特定信息来增强和优化网络性能。

公开(公告)号：US09294378B2

公开(公告)日：2016-03-22

申请号：US14143588

申请日：2013-12-30

Applicant: Citrix Systems, Inc.

Inventor： Steve Jackowski ,  Seth Keith ,  Mike Ovsiannikov ,  Daljit Singh

IPC: H04L12/26 ,  H04L12/851 ,  H04L12/859 ,  H04L29/06

CPC classification number: H04L43/0894 ,  H04L43/028 ,  H04L47/2441 ,  H04L47/2475 ,  H04L63/0281 ,  H04L63/0428

Abstract: The present invention is directed towards systems and methods for providing classification of an encrypted network packet for performing QoS and acceleration techniques. Encrypted packets may be classified by a first classifier at a first portion of a network stack of a device as corresponding to a first predetermined application, and an application identifier may be included with the packet. In some embodiments, the packets may be decrypted in an order dependent on a first classification of the encrypted network packet. After decryption, packets may be reclassified as corresponding to a second predetermined application by a second classifier operating at a second portion of a network stack of the device above the first portion. Thus, network performance may be enhanced and optimized by providing QoS and acceleration engines with packet- or data-specific information corresponding to the application, while avoiding inefficiencies due to a lack of prioritization of decryption.

Abstract translation: 本发明涉及用于提供用于执行QoS和加速技术的加密网络分组的分类的系统和方法。 加密分组可以由与第一预定应用相对应的设备的网络堆栈的第一部分处的第一分类器分类，并且应用标识符可以包括在分组中。 在一些实施例中，分组可以以取决于加密网络分组的第一分类的顺序被解密。 在解密之后，可以通过在第一部分上方的设备的网络堆栈的第二部分操作的第二分类器将分组重新分类为对应于第二预定应用。 因此，可以通过向QoS和加速引擎提供与应用相对应的分组或数据特定信息，同时避免由于缺乏解密优先级而导致的低效率，可以增强和优化网络性能。

公开(公告)号：US09071542B2

公开(公告)日：2015-06-30

申请号：US14192556

申请日：2014-02-27

Applicant: Citrix Systems, Inc.

Inventor： Steve Jackowski ,  Seth Keith ,  Daljit Singh ,  Ralph Wondra

IPC: H04L12/56 ,  H04L12/851 ,  H04L29/06 ,  H04L12/24 ,  H04L12/26 ,  H04L29/08

CPC classification number: H04L47/2441 ,  H04L41/0213 ,  H04L41/046 ,  H04L43/0829 ,  H04L43/0864 ,  H04L67/2819 ,  H04L69/22 ,  H04L69/32

Abstract: The present invention is directed towards systems and methods for providing multi-level classification of a network packet. In some embodiments, network performance may be enhanced and optimized by providing QoS and acceleration engines with packet- or data-specific information. In addition to source and destination IP addresses and port numbers, packet- or data-specific information can include direction of traffic (client to host or server; server or host to client; or both), Virtual LAN (VLAN) ID, source or destination application or associated application, service class, ICA priority, type of service, differentiated service code point (DSCP), or other information. Some or all of this information may be used to classify the network packet at a plurality of layers of a network stack, allowing for deep inspection of the packet and multiple levels of granularity of classification.

Abstract translation: 本发明涉及用于提供网络分组的多级分类的系统和方法。 在一些实施例中，可以通过向QoS和加速引擎提供分组或数据特定信息来增强和优化网络性能。 除了源和目标IP地址和端口号之外，数据包或数据特定信息可以包括流量方向（客户端到主机或服务器;服务器或主机到客户端;或两者），虚拟LAN（VLAN）ID，源或 目标应用程序或相关应用程序，服务类别，ICA优先级，服务类型，差异化服务代码点（DSCP）或其他信息。 这些信息中的一些或全部可以用于在网络堆栈的多个层对网络分组进行分类，允许对分组的深度检查和分级的多个级别的级别。