公开(公告)号：US20130091273A1

公开(公告)日：2013-04-11

申请号：US13436873

申请日：2012-03-31

Applicant: Kand Ly ,  Michael J. Demmer ,  Steven McCanne ,  Alfred Landrum

Inventor： Kand Ly ,  Michael J. Demmer ,  Steven McCanne ,  Alfred Landrum

IPC: H04L12/24

CPC classification number: H04L41/00 ,  H04L41/0663 ,  H04L43/10 ,  H04L61/2514 ,  H04L61/2567 ,  H04L61/2589 ,  H04L67/146 ,  H04L67/147 ,  H04L67/16 ,  H04L67/28 ,  H04L67/2804 ,  H04L67/2819 ,  H04L67/2842

Abstract: Proxy devices associate their direct connection with a client/server connection passing through one or more NAT devices. First proxy device receives a network connection request from a client. First proxy device stores connection information in association with a connection identifier. Connection information may reflect the usage of NAT devices between the two proxy devices. First proxy device sends a connection response including the connection identifier to the client. Second proxy device sends a direct connection request to first proxy device to establish a direct connection. Direct connection request includes the connection identifier, which is used by first proxy device to associate the direct connection with stored connection information. First proxy device may use the connection information to direct network traffic received via this direct connection to the correct destination and to divert network traffic from the server to the client through the direct connection and first and second proxy devices.

Abstract translation: 代理设备将其直接连接与通过一个或多个NAT设备的客户端/服务器连接相关联。 第一代理设备从客户端接收网络连接请求。 第一代理设备存储与连接标识符相关联的连接信息。 连接信息可能反映NAT设备在两个代理设备之间的使用情况。 第一代理设备向客户端发送包括连接标识符的连接响应。 第二代理设备向第一代理设备发送直接连接请求以建立直接连接。 直接连接请求包括连接标识符，第一代理设备使用该标识符将直接连接与存储的连接信息相关联。 第一代理设备可以使用连接信息将通过该直接连接接收的网络流量定向到正确的目的地，并且通过直接连接和第一和第二代理设备将网络流量从服务器转移到客户端。

公开(公告)号：US08411570B2

公开(公告)日：2013-04-02

申请号：US11494352

申请日：2006-07-26

Applicant: David Tze-Si Wu ,  Nitin Gupta ,  Kand Ly

Inventor： David Tze-Si Wu ,  Nitin Gupta ,  Kand Ly

IPC: H04L12/26

CPC classification number: H04L47/12 ,  H04L47/10 ,  H04L47/125 ,  H04L69/16 ,  H04L69/162 ,  H04L69/165 ,  H04L69/32

Abstract: Serial clustering uses two or more network devices connected in series via a local and/or wide-area network to provide additional capacity when network traffic exceeds the processing capabilities of a single network device. When a first network device reaches its capacity limit, any excess network traffic beyond that limit is passed through the first network device unchanged. A network device connected in series with the first network device intercepts and will process the excess network traffic provided that it has sufficient processing capacity. Additional network devices can process remaining network traffic in a similar manner until all of the excess network traffic has been processed or until there are no more additional network devices. Network devices may use rules to determine how to handle network traffic. Rules may be based on the attributes of received network packets, attributes of the network device, or attributes of the network.

公开(公告)号：US20090094371A1

公开(公告)日：2009-04-09

申请号：US12331257

申请日：2008-12-09

Applicant: Kand Ly ,  Joshua Tseng ,  Steve McCanne

Inventor： Kand Ly ,  Joshua Tseng ,  Steve McCanne

IPC: G06F15/16

CPC classification number: H04L67/14 ,  H04L67/2814 ,  H04L67/2876

Abstract: Two or more network traffic processors connected with the same LAN and WAN are identified as neighbors. Neighboring network traffic processors cooperate to overcome asymmetric routing, thereby ensuring that related sequences of network traffic are processed by the same network proxy. A network proxy can be included in a network traffic processor or as a standalone unit. A network traffic processor that intercepts a new connection initiation by a client assigns a network proxy to handle all messages associated with that connection. The network traffic processor conveys connection information to neighboring network traffic processors. The neighboring network traffic processors use the connection information to redirect network traffic associated with the connection to the assigned network proxy, thereby overcoming the effects of asymmetric routing. The assigned network proxy handles redirected network traffic in much the same way that it would handle network traffic received directly.

Abstract translation: 与同一LAN和WAN连接的两个或多个网络流量处理器被识别为邻居。 相邻的网络流量处理器合作克服非对称路由，从而确保相同的网络流量的相关序列被相同的网络代理处理。 网络代理可以包含在网络流量处理器中或独立的单元中。 拦截客户端的新连接启动的网络流量处理器分配网络代理来处理与该连接相关联的所有消息。 网络流量处理器将连接信息传递给相邻网络流量处理器。 相邻网络流量处理器使用连接信息将与连接相关联的网络流量重定向到所分配的网络代理，从而克服非对称路由的影响。 分配的网络代理以与处理直接接收的网络流量大致相同的方式处理重定向的网络流量。

公开(公告)号：US20060248194A1

公开(公告)日：2006-11-02

申请号：US11377906

申请日：2006-03-15

Applicant: Kand Ly ,  Joshua Tseng ,  Steve McCanne

Inventor： Kand Ly ,  Joshua Tseng ,  Steve McCanne

IPC: G06F15/173

CPC classification number: H04L67/14 ,  H04L67/2814 ,  H04L67/2876

Abstract: Two or more network traffic processors connected with the same LAN and WAN are identified as neighbors. Neighboring network traffic processors cooperate to overcome asymmetric routing, thereby ensuring that related sequences of network traffic are processed by the same network proxy. A network proxy can be included in a network traffic processor or as a standalone unit. A network traffic processor that intercepts a new connection initiation by a client assigns a network proxy to handle all messages associated with that connection. The network traffic processor conveys connection information to neighboring network traffic processors. The neighboring network traffic processors use the connection information to redirect network traffic associated with the connection to the assigned network proxy, thereby overcoming the effects of asymmetric routing. The assigned network proxy handles redirected network traffic in much the same way that it would handle network traffic received directly.

公开(公告)号：US08954957B2

公开(公告)日：2015-02-10

申请号：US12496430

申请日：2009-07-01

Applicant: David Tze-Si Wu ,  Kand Ly ,  Lap Nathan Trac ,  Alexei Potashnik

Inventor： David Tze-Si Wu ,  Kand Ly ,  Lap Nathan Trac ,  Alexei Potashnik

IPC: G06F9/455 ,  G06F15/173 ,  H04L12/46 ,  H04L12/931

CPC classification number: H04L12/4625 ,  G06F9/45558 ,  G06F2009/45595 ,  H04L49/70

Abstract: Network devices include hosted virtual machines and virtual machine applications. Hosted virtual machines and their applications implement additional functions and services in network devices. Network devices include data taps for directing network traffic to hosted virtual machines and allowing hosted virtual machines to inject network traffic. Network devices include unidirectional data flow specifications, referred to as hyperswitches. Each hyperswitch is associated with a hosted virtual machine and receives network traffic received by the network device from a single direction. Each hyperswitch processes network traffic according to rules and rule criteria. A hosted virtual machine can be associated with multiple hyperswitches, thereby independently specifying the data flow of network traffic to and from the hosted virtual machine from multiple networks. The network device architecture also enables the communication of additional information between the network device and one or more virtual machine applications using an extended non-standard network protocol.

Abstract translation: 网络设备包括托管虚拟机和虚拟机应用程序。 托管虚拟机及其应用程序在网络设备中实现附加功能和服务。 网络设备包括用于将网络流量引导到托管虚拟机并允许托管虚拟机注入网络流量的数据分接头。 网络设备包括单向数据流规范，称为超开关。 每个超级交换机与托管虚拟机相关联，并从单个方向接收网络设备接收的网络流量。 每个超级交换机根据规则和规则标准处理网络流量。 托管的虚拟机可以与多个超级交换机相关联，从而独立地指定来自多个网络的托管虚拟机的网络流量的数据流。 网络设备架构还使得能够使用扩展的非标准网络协议在网络设备和一个或多个虚拟机应用之间进行附加信息的通信。

公开(公告)号：US08739244B1

公开(公告)日：2014-05-27

申请号：US13249195

申请日：2011-09-29

Applicant: David Tze-Si Wu ,  John S. Cho ,  Kand Ly

Inventor： David Tze-Si Wu ,  John S. Cho ,  Kand Ly

IPC: H04L29/06 ,  G06F21/00

CPC classification number: H04L69/04 ,  H04L67/2847

Abstract: WAN optimization devices and content delivery networks together optimize network traffic on both private networks and public WANs such as the internet. A WAN optimization device intercepts and optimizes network traffic from clients within a private network. The WAN optimization device communicates this first optimized network traffic to the nearest edge computer in the content delivery network via a public WAN, such as the internet. This edge computer further optimizes the network traffic and communicates the doubly optimized network traffic via the content delivery network to a second edge computer nearest to the network traffic destination. The second edge computer converts the doubly optimized network traffic back to its original format and communicates the reconstructed network traffic from the second edge computer to the destination via a public WAN. Licensing and configuration portals configure WAN optimization devices for specific network protocols, types of network traffic, applications, and/or cloud services.

Abstract translation: WAN优化设备和内容传送网络一起优化了私有网络和公共WAN（如互联网）上的网络流量。 WAN优化设备拦截并优化来自私有网络内客户端的网络流量。 WAN优化设备经由诸如因特网的公共WAN将该第一优化网络流量传送到内容传送网络中的最近边缘计算机。 该边缘计算机进一步优化网络流量，并将经双向优化的网络流量通过内容传送网络传送到最靠近网络流量目的地的第二边缘计算机。 第二边缘计算机将双重优化的网络业务转换回其原始格式，并通过公共WAN将重建的网络流量从第二边缘计算机传送到目的地。 许可和配置门户为特定网络协议，网络流量类型，应用程序和/或云服务配置WAN优化设备。

公开(公告)号：US08140690B2

公开(公告)日：2012-03-20

申请号：US12331257

申请日：2008-12-09

Applicant: Kand Ly ,  Joshua Tseng ,  Steve McCanne

Inventor： Kand Ly ,  Joshua Tseng ,  Steve McCanne

IPC: G06F15/16 ,  G06F15/173

CPC classification number: H04L67/14 ,  H04L67/2814 ,  H04L67/2876

Abstract: Two or more network traffic processors connected with the same LAN and WAN are identified as neighbors. Neighboring network traffic processors cooperate to overcome asymmetric routing, thereby ensuring that related sequences of network traffic are processed by the same network proxy. A network proxy can be included in a network traffic processor or as a standalone unit. A network traffic processor that intercepts a new connection initiation by a client assigns a network proxy to handle all messages associated with that connection. The network traffic processor conveys connection information to neighboring network traffic processors. The neighboring network traffic processors use the connection information to redirect network traffic associated with the connection to the assigned network proxy, thereby overcoming the effects of asymmetric routing. The assigned network proxy handles redirected network traffic in much the same way that it would handle network traffic received directly.

Abstract translation: 与同一LAN和WAN连接的两个或多个网络流量处理器被识别为邻居。 相邻的网络流量处理器合作克服非对称路由，从而确保相同的网络流量的相关序列被相同的网络代理处理。 网络代理可以包含在网络流量处理器中或独立的单元中。 拦截客户端的新连接启动的网络流量处理器分配网络代理来处理与该连接相关联的所有消息。 网络流量处理器将连接信息传递给相邻网络流量处理器。 相邻网络流量处理器使用连接信息将与连接相关联的网络流量重定向到所分配的网络代理，从而克服非对称路由的影响。 分配的网络代理以与处理直接接收的网络流量大致相同的方式处理重定向的网络流量。

公开(公告)号：US20100268829A1

公开(公告)日：2010-10-21

申请号：US12825296

申请日：2010-06-28

Applicant: Kand Ly ,  Maksim Ioffe ,  Alfred Landrum ,  Mark Stuart Day

Inventor： Kand Ly ,  Maksim Ioffe ,  Alfred Landrum ,  Mark Stuart Day

IPC: G06F15/16

CPC classification number: H04L69/16 ,  H04L67/1002 ,  H04L67/1023 ,  H04L67/28 ,  H04L67/2876 ,  H04L67/288 ,  H04L69/163

Abstract: Network devices include proxies and where multiple proxies are present on a network, they can probe to determine the existence of other proxies. Where more than two proxies are present and thus different proxy pairings are possible, the proxies are programmed to determine which proxies should form a proxy pair. Marked probe packets are used by proxies to discover each other and probing is done such a connection can be eventually formed even if some probe packets fail due to the marking Asymmetric routing can be detected and proxies configured for connection forwarding as necessary.

Abstract translation: 网络设备包括代理，网络中存在多个代理，它们可以探测以确定其他代理的存在。 如果存在两个以上的代理，因此不同的代理配对是可能的，则代理被编程以确定哪些代理应当形成代理对。 标记的探测数据包被代理使用以发现对方，并且进行探测完成这样的连接可以最终形成，即使一些探测分组由于标记失败可以被检测，并且代理被配置用于必要的连接转发。

公开(公告)号：US07769834B2

公开(公告)日：2010-08-03

申请号：US11755692

申请日：2007-05-30

Applicant: Kand Ly ,  Maksim Ioffe ,  Alfred Landrum ,  Mark Stuart Day

Inventor： Kand Ly ,  Maksim Ioffe ,  Alfred Landrum ,  Mark Stuart Day

IPC: G06F15/177

CPC classification number: H04L69/16 ,  H04L67/1002 ,  H04L67/1023 ,  H04L67/28 ,  H04L67/2876 ,  H04L67/288 ,  H04L69/163

Abstract: Network devices include proxies and where multiple proxies are present on a network, they can probe to determine the existence of other proxies. Where more than two proxies are present and thus different proxy pairings are possible, the proxies are programmed to determine which proxies should form a proxy pair. Marked probe packets are used by proxies to discover each other and probing is done such a connection can be eventually formed even if some probe packets fail due to the marking. Asymmetric routing can be detected and proxies configured for connection forwarding as necessary.

Abstract translation: 网络设备包括代理，网络中存在多个代理，它们可以探测以确定其他代理的存在。 如果存在两个以上的代理，因此不同的代理配对是可能的，则代理被编程以确定哪些代理应当形成代理对。 代理使用标记的探测数据包来发现对方，并且探测完成，即使某些探测包由于标记失败，也可能最终形成这样的连接。 可以检测到非对称路由，并根据需要配置代理连接转发。

公开(公告)号：US08782395B1

公开(公告)日：2014-07-15

申请号：US13436874

申请日：2012-03-31

Applicant: Kand Ly

Inventor： Kand Ly

IPC: H04L29/06

CPC classification number: H04L67/2842 ,  H04L61/1511 ,  H04L61/2514 ,  H04W76/11

Abstract: Content delivery networks may associate each WAN optimized network connection with a specific client-to-cloud-service connection using connection identifiers. When an edge node of a content delivery network receives or intercepts a network connection request from a client device including an auto-discovery indicator from an upstream WAN optimization module, the edge node stores a connection identifier for this network connection. The edge node sends a connection response back to the client device including an auto-discovery response indicator. In response, the WAN optimization module sends one or more inner connection setup messages including the connection identifier to a second WAN optimization module in the content delivery network to establish a direct connection, referred to as an inner connection. The connection identifier is matched with the previously stored connection identifier to associate an inner connection with the network connection between the client and the cloud service.

Abstract translation: 内容传送网络可以使用连接标识符将每个WAN优化的网络连接与特定的客户端到云服务连接相关联。 当内容传送网络的边缘节点从包括来自上游WAN优化模块的自动发现指示符的客户端设备接收或截取网络连接请求时，边缘节点存储用于该网络连接的连接标识符。 边缘节点将连接响应发送回客户端设备，包括自动发现响应指示符。 作为响应，WAN优化模块将包括连接标识符的一个或多个内部连接建立消息发送到内容传送网络中的第二WAN优化模块，以建立被称为内部连接的直接连接。 连接标识符与先前存储的连接标识符相匹配，以将内部连接与客户端和云服务之间的网络连接相关联。