PROCESSING DATA PACKETS USING A POLICY BASED NETWORK PATH

    公开(公告)号:US20180287937A1

    公开(公告)日:2018-10-04

    申请号:US15997446

    申请日:2018-06-04

    IPC分类号: H04L12/721 H04L12/725

    摘要: Provided are methods and systems for processing data packets in a data network using a policy-based network path. The method may commence with receiving the data packet associated with a service session from a client. The method may continue with determining data packet information associated with the data packet. The method may further include determining the policy-based network path for the data packet based on the data packet information and one or more packet processing criteria. The method may continue with routing, based on the determination of the policy-based network path, the data packet along the policy-based network path.

    Distributing service sessions
    2.
    发明授权

    公开(公告)号:US10021174B2

    公开(公告)日:2018-07-10

    申请号:US14279270

    申请日:2014-05-15

    摘要: Provided are methods and systems for distributing service sessions from a client device in a service data network. A packet of the service session is received by a forwarding node. The forwarding node determines whether the packet matches a service address associated with the service session. Responsive to the determining, a servicing node associated with the service address is selected based on a forwarding policy. The packet is sent to the selected servicing node. The servicing node determines whether the packet is a service request packet. A server is selected based on a service policy, wherein the server is configured to serve the service session. The packet is sent to the server. Before being received by a forwarding node, the packet is received by a gateway node. The gateway node determines whether the packet matches the service address and selects the forwarding node based on a notification.

    Forwarding Policies on a Virtual Service Network

    公开(公告)号:US20170111441A1

    公开(公告)日:2017-04-20

    申请号:US15394669

    申请日:2016-12-29

    IPC分类号: H04L29/08 H04L12/741

    摘要: In providing packet forwarding policies in a virtual service network that includes a network node and a pool of service load balancers serving a virtual service, the network node: receives a virtual service session request from a client device, the request including a virtual service network address for the virtual service; compares the virtual service network address in the request with the virtual service network address in each at least one packet forwarding policy; in response to finding a match between the virtual service network address in the request and a given virtual service network address in a given packet forwarding policy, determines the given destination in the given packet forwarding policy; and sends the request to a service load balancer in the pool of service load balancers associated with the given destination, where the service load balancer establishes a virtual service session with the client device.

    DISTRIBUTING SERVICE SESSIONS
    5.
    发明申请
    DISTRIBUTING SERVICE SESSIONS 有权
    分销服务会议

    公开(公告)号:US20160044095A1

    公开(公告)日:2016-02-11

    申请号:US14279270

    申请日:2014-05-15

    IPC分类号: H04L29/08 H04L12/861

    摘要: Provided are methods and systems for distributing service sessions from a client device in a service data network. A packet of the service session is received by a forwarding node. The forwarding node determines whether the packet matches a service address associated with the service session. Responsive to the determining, a servicing node associated with the service address is selected based on a forwarding policy. The packet is sent to the selected servicing node. The servicing node determines whether the packet is a service request packet. A server is selected based on a service policy, wherein the server is configured to serve the service session. The packet is sent to the server. Before being received by a forwarding node, the packet is received by a gateway node. The gateway node determines whether the packet matches the service address and selects the forwarding node based on a notification.

    摘要翻译: 提供了用于从服务数据网络中的客户端设备分发服务会话的方法和系统。 服务会话的分组由转发节点接收。 转发节点确定分组是否匹配与服务会话相关联的服务地址。 响应于确定,基于转发策略来选择与服务地址相关联的服务节点。 数据包被发送到所选择的服务节点。 服务节点确定分组是否是服务请求分组。 基于服务策略选择服务器,其中服务器被配置为服务于服务会话。 数据包被发送到服务器。 在被转发节点接收之前,该分组被网关节点接收。 网关节点确定分组是否匹配服务地址,并根据通知选择转发节点。

    GRACEFUL SCALING IN SOFTWARE DRIVEN NETWORKS
    6.
    发明申请
    GRACEFUL SCALING IN SOFTWARE DRIVEN NETWORKS 有权
    软件驱动网络中的严格分级

    公开(公告)号:US20160043901A1

    公开(公告)日:2016-02-11

    申请号:US14326325

    申请日:2014-07-08

    IPC分类号: H04L12/24

    CPC分类号: H04L41/12 H04L67/1031

    摘要: Provided are methods and systems for graceful scaling of data networks. In one example, an indication of removal of a node from a plurality of nodes of the data network is received. A service policy is generated to reassign service requests associated with the node to another node in the plurality of nodes. The service policy is then sent to each of the plurality of nodes of the data network. To scale out a data network, an indication of presence of a further node in the data network is received, and a further node service policy is generated and sent to each of the plurality of nodes of the data network and to the further node. Additional actions can be taken in order to prevent interruption of an existing heavy-duty connection while scaling the data network.

    摘要翻译: 提供了数据网络优雅扩展的方法和系统。 在一个示例中,接收到从数据网络的多个节点移除节点的指示。 生成服务策略以将与节点相关联的服务请求重新分配给多个节点中的另一节点。 然后将服务策略发送到数据网络的多个节点中的每一个。 为了扩展数据网络,接收到在数据网络中存在另外的节点的指示,并且生成另外的节点服务策略并将其发送到数据网络的多个节点中的每个节点以及另一个节点。 可以采取额外的措施,以防止在缩放数据网络时中断现有重型连接。

    Mitigating TCP SYN DDOS attacks using TCP reset

    公开(公告)号:US10536481B2

    公开(公告)日:2020-01-14

    申请号:US16198981

    申请日:2018-11-23

    IPC分类号: H04L29/06

    摘要: Provided are methods and systems for recognizing network devices as trusted. A system for recognizing network devices as trusted may include a network module, a storage device, and a processor. The network module may be configured to receive a request from a network device to establish a data connection between the network device and a server based on a determination that the network device is trusted. The storage device may be configured to store a whitelist associated with a plurality of trusted network devices. The processor may be configured to determine that the network device is trusted. Based on the determination, the processor may associate the network device with the whitelist for a predetermined period of time.

    MITIGATING TCP SYN DDOS ATTACKS USING TCP RESET

    公开(公告)号:US20190098044A1

    公开(公告)日:2019-03-28

    申请号:US16198981

    申请日:2018-11-23

    IPC分类号: H04L29/06

    摘要: Provided are methods and systems for recognizing network devices as trusted. A system for recognizing network devices as trusted may include a network module, a storage device, and a processor. The network module may be configured to receive a request from a network device to establish a data connection between the network device and a server based on a determination that the network device is trusted. The storage device may be configured to store a whitelist associated with a plurality of trusted network devices. The processor may be configured to determine that the network device is trusted. Based on the determination, the processor may associate the network device with the whitelist for a predetermined period of time.

    DISTRIBUTING SERVICE SESSIONS
    9.
    发明申请

    公开(公告)号:US20180295182A1

    公开(公告)日:2018-10-11

    申请号:US16004265

    申请日:2018-06-08

    IPC分类号: H04L29/08 H04L12/725

    摘要: Provided are methods and systems for dynamically distributing a service session from a client device. The method may commence with receiving a packet associated with the service session from the client device by a gateway node. The method may include determining that the packet matches a service address in a forwarding policy. The method may continue with selecting one of a plurality of forwarding nodes for sending the packet to the one of the plurality of forwarding nodes. The method may include receiving the packet of the service session by the one of the plurality of forwarding nodes. The method may continue with determining that the packet matches the service address serviced by a servicing node of a plurality of servicing nodes. The method may further include sending the packet to the servicing node for forwarding the packet to a server by the servicing node.

    ELIMINATING DATA TRAFFIC REDIRECTION IN SCALABLE CLUSTERS

    公开(公告)号:US20180248805A1

    公开(公告)日:2018-08-30

    申请号:US15967423

    申请日:2018-04-30

    摘要: Provided are methods and systems for eliminating a redirection of data traffic in a cluster. An example method may include receiving, by one or more nodes of the cluster, a data packet associated with a service session. The method may include determining, by the node, that the data packet is directed to a further node in the cluster. The method may further include, in response to the determination, acquiring, by the node, a session context associated with the service session. Acquiring the session context may include sending, by the node, a request for the session context to the further node and receiving the session context from the further node. The method may further include processing, by the one or more nodes, the data packet based on the session context.