公开(公告)号：US09294378B2

公开(公告)日：2016-03-22

申请号：US14143588

申请日：2013-12-30

Applicant: Citrix Systems, Inc.

Inventor： Steve Jackowski ,  Seth Keith ,  Mike Ovsiannikov ,  Daljit Singh

IPC: H04L12/26 ,  H04L12/851 ,  H04L12/859 ,  H04L29/06

CPC classification number: H04L43/0894 ,  H04L43/028 ,  H04L47/2441 ,  H04L47/2475 ,  H04L63/0281 ,  H04L63/0428

Abstract: The present invention is directed towards systems and methods for providing classification of an encrypted network packet for performing QoS and acceleration techniques. Encrypted packets may be classified by a first classifier at a first portion of a network stack of a device as corresponding to a first predetermined application, and an application identifier may be included with the packet. In some embodiments, the packets may be decrypted in an order dependent on a first classification of the encrypted network packet. After decryption, packets may be reclassified as corresponding to a second predetermined application by a second classifier operating at a second portion of a network stack of the device above the first portion. Thus, network performance may be enhanced and optimized by providing QoS and acceleration engines with packet- or data-specific information corresponding to the application, while avoiding inefficiencies due to a lack of prioritization of decryption.

Abstract translation: 本发明涉及用于提供用于执行QoS和加速技术的加密网络分组的分类的系统和方法。 加密分组可以由与第一预定应用相对应的设备的网络堆栈的第一部分处的第一分类器分类，并且应用标识符可以包括在分组中。 在一些实施例中，分组可以以取决于加密网络分组的第一分类的顺序被解密。 在解密之后，可以通过在第一部分上方的设备的网络堆栈的第二部分操作的第二分类器将分组重新分类为对应于第二预定应用。 因此，可以通过向QoS和加速引擎提供与应用相对应的分组或数据特定信息，同时避免由于缺乏解密优先级而导致的低效率，可以增强和优化网络性能。

公开(公告)号：US09071542B2

公开(公告)日：2015-06-30

申请号：US14192556

申请日：2014-02-27

Applicant: Citrix Systems, Inc.

Inventor： Steve Jackowski ,  Seth Keith ,  Daljit Singh ,  Ralph Wondra

IPC: H04L12/56 ,  H04L12/851 ,  H04L29/06 ,  H04L12/24 ,  H04L12/26 ,  H04L29/08

CPC classification number: H04L47/2441 ,  H04L41/0213 ,  H04L41/046 ,  H04L43/0829 ,  H04L43/0864 ,  H04L67/2819 ,  H04L69/22 ,  H04L69/32

Abstract: The present invention is directed towards systems and methods for providing multi-level classification of a network packet. In some embodiments, network performance may be enhanced and optimized by providing QoS and acceleration engines with packet- or data-specific information. In addition to source and destination IP addresses and port numbers, packet- or data-specific information can include direction of traffic (client to host or server; server or host to client; or both), Virtual LAN (VLAN) ID, source or destination application or associated application, service class, ICA priority, type of service, differentiated service code point (DSCP), or other information. Some or all of this information may be used to classify the network packet at a plurality of layers of a network stack, allowing for deep inspection of the packet and multiple levels of granularity of classification.

Abstract translation: 本发明涉及用于提供网络分组的多级分类的系统和方法。 在一些实施例中，可以通过向QoS和加速引擎提供分组或数据特定信息来增强和优化网络性能。 除了源和目标IP地址和端口号之外，数据包或数据特定信息可以包括流量方向（客户端到主机或服务器;服务器或主机到客户端;或两者），虚拟LAN（VLAN）ID，源或 目标应用程序或相关应用程序，服务类别，ICA优先级，服务类型，差异化服务代码点（DSCP）或其他信息。 这些信息中的一些或全部可以用于在网络堆栈的多个层对网络分组进行分类，允许对分组的深度检查和分级的多个级别的级别。

公开(公告)号：US20130304796A1

公开(公告)日：2013-11-14

申请号：US13869831

申请日：2013-04-24

Applicant: Citrix Systems, Inc.

Inventor： Steven J. Jackowski ,  Seth Keith ,  Kutluk Testicioglu

IPC: H04L29/08

CPC classification number: H04L67/10 ,  H04L47/19 ,  H04L47/24 ,  H04L47/6275 ,  H04L47/803 ,  H04L47/825 ,  H04L65/80

Abstract: The present invention is directed towards systems and methods for providing Quality of Service (QoS) via a flow controlled tunnel. Traffic from a plurality of applications may be directed into a single connection or flow-controlled tunnel and QoS policies may be applied across the plurality of applications without configuration of individual link speeds, enabling QoS scheduling to dynamically adjust traffic transmission and reception rates to ensure priority management of applications regardless of a final endpoint of the application communications. Accordingly, traffic of different types, including VPN, HTTP, Voice-over-IP (VoIP), remote desktop protocol traffic, or other traffic may be easily balanced and prioritized. In many embodiments, the tunnel may be transparent to applications, such that without any application configuration, application traffic may still be prioritized by QoS requirements.

Abstract translation: 本发明涉及通过流控隧道提供服务质量（QoS）的系统和方法。 来自多个应用的​​业务可以被引导到单个连接或流量控制的隧道中，并且可以跨多个应用应用QoS策略，而不需要配置各个链路速度，使得QoS调度能够动态地调整业务传输和接收速率以确保优先级 无论应用程序通信的最终端点如何，都可以管理应用程序。 因此，可以容易地平衡和优先考虑不同类型的流量，包括VPN，HTTP，IP语音（VoIP），远程桌面协议流量或其他流量。 在许多实施例中，隧道对于应用可以是透明的，使得在没有任何应用配置的情况下，仍然可以通过QoS要求对应用业务进行优先级排序。