公开(公告)号：US20200213151A1

公开(公告)日：2020-07-02

申请号：US16232451

申请日：2018-12-26

Applicant: Citrix Systems, Inc.

Inventor： Karthick Srivatsan ,  Chaitra Maraliga Ramaiah ,  Anand Medikeri ,  Rajnesh Raturi ,  Moorthi Subramaniyan ,  Sandeep Manohar Nirikhi

IPC: H04L12/46 ,  H04L12/751 ,  H04L12/715 ,  H04L12/743 ,  H04L12/721 ,  H04L9/06

Abstract: Described embodiments provide systems and methods of forming overlay tunnels for delivery of data between networked devices. A first intermediary device may transmit, responsive to a connection request from a client, a request having a source IP address corresponding to a first virtual IP address of the first device and a first payload including first security hash information to be processed by a second intermediary device. The first device may receive, from the second intermediary device, a response. The response may have a source IP address corresponding to the IP address of the server and a second payload including a virtual IP address of the second device, responsive to second security hash information corresponding to the first security hash information. The first device may establish an overlay tunnel using the first virtual IP address and the second virtual IP address for communicating data between the client and the server.

公开(公告)号：US20200177564A1

公开(公告)日：2020-06-04

申请号：US16209070

申请日：2018-12-04

Applicant: Citrix Systems, Inc.

Inventor： J Mohan Rao Arisankala ,  Chaitra Maraliga Ramaiah ,  Karthick Srivatsan

IPC: H04L29/06 ,  H04L9/08 ,  H04L29/08

Abstract: Described embodiments provide systems and apparatuses for enhanced quality of service, steering and policy enforcement for https traffic via intelligent in-line path discovery of a TLS terminating node. The system may include a first network device having a secure connection traversing through the first network device, and in communication with a second network device. The first network device and the second network device may be intermediary to a client device and a server. The first network device may determine that the second network device terminates the secure connection. The first network device may receive key generation information of the secure connection from the second network device following determining the second network device terminates the secure connection. The first network device may decipher packet(s) of the secure connection destined for the device or the server using the received key generation information, to regulate network traffic of the secure connection at the first network device.

公开(公告)号：US10574796B2

公开(公告)日：2020-02-25

申请号：US15796540

申请日：2017-10-27

Applicant: Citrix Systems, Inc.

Inventor： Chaitra Maraliga Ramaiah ,  Praveen Raja Dhanabalan

IPC: H04L1/00 ,  H04L29/06

Abstract: A system for optimizing network traffic is described. The system includes a packet engine configured to acquire data regarding a flow of a plurality of data packets over a link and to determine transport communication protocol (TCP) characteristics for the flow, and a TCP flavor selector configured to dynamically select a TCP flavor based on the TCP characteristics, where the TCP flavor can be used to modify the flow of data packets over the link. The TCP characteristics dynamically change with time. The TCP flavor selector is further configured to modify the flow using the TCP flavor.

公开(公告)号：US20190312937A1

公开(公告)日：2019-10-10

申请号：US16446739

申请日：2019-06-20

Applicant: CITRIX SYSTEMS,INC.

Inventor： Praveen Raja Dhanabalan ,  Chaitra Maraliga Ramaiah ,  Akshata Bhat

IPC: H04L29/08 ,  H04L29/06

Abstract: A system for optimizing network traffic is described. An appliance operates within a cluster of appliances. The appliance includes one or more network interfaces to facilitate a first secure session between a client device and the appliance, and a second secure session between the appliance and a server. One of the network interfaces is configured to receive a secure connection request to the server. A secure session exchange module acquires a message from another appliance, with the message indicating that the other appliance is acting as a primary instance for the server. The secure session exchange module determines whether a valid primary instance for the server exist, and requests from the other appliance at least one session-related parameter based on determination of existence of the valid primary instance for the server. A session to the server is used based on at least one session-related parameter acquired from the other appliance.

公开(公告)号：US10158575B2

公开(公告)日：2018-12-18

申请号：US14742264

申请日：2015-06-17

Applicant: Citrix Systems, Inc.

Inventor： Praveen Raja Dhanabalan ,  Chaitra Maraliga Ramaiah

IPC: H04L12/26 ,  H04L12/851 ,  H04L12/801 ,  H04L12/825 ,  H04L12/807 ,  H04L12/841 ,  H04L12/835

Abstract: An appliance for optimizing network traffic is described. The appliance includes a transport layer controller configured to acquire link characteristics of a link, determine a congestion window for a flow of a plurality of data packets over the link, and determine transport layer characteristics for the flow. The appliance also includes a traffic priority controller configured to acquire a flow priority of the flow, determine whether congestion is or going to occur using the transport layer characteristics and the link characteristics, and increase the congestion window for the flow based on the congestion determination and on the flow priority having been indicated as being higher priority. The appliance further includes a quality of service engine configured to output the flow according to the congestion window.

公开(公告)号：US09985898B2

公开(公告)日：2018-05-29

申请号：US14632848

申请日：2015-02-26

Applicant: Citrix Systems, Inc.

Inventor： Chaitra Maraliga Ramaiah ,  Praveen Raja Dhanabalan

IPC: H04L12/26 ,  H04L12/807 ,  H04L29/06 ,  H04L12/801 ,  H04L12/875 ,  H04L12/851

CPC classification number: H04L47/27 ,  H04L47/11 ,  H04L47/12 ,  H04L47/193 ,  H04L47/2433 ,  H04L47/56 ,  H04L69/16

Abstract: A system for optimizing network traffic is described. The system includes a transport communication protocol (TCP) controller configured to acquire data regarding a flow of a plurality of data packets over a link and to determine TCP characteristics for the flow, a traffic prioritization module configured to assign a flow priority to the flow, and a traffic priority controller configured detect congestion on the link and determine a congestion window size for the flow based on the flow priority and the TCP characteristics.