公开(公告)号：US10694003B2

公开(公告)日：2020-06-23

申请号：US15676483

申请日：2017-08-14

Applicant: Citrix Systems, Inc.

Inventor： Varun Taneja ,  Mahesh Mylarappa ,  Saravana Annamalaisami

IPC: G06F15/16 ,  H04L29/06 ,  H04L29/08 ,  H04L12/807

Abstract: The present disclosure relates to methods and systems for dynamically changing an advertised window for a transport layer connection. A device can receive data from a server destined for an application. The device identifies the size of the application buffer corresponding to the application and advertises the application buffer size as a window size to the server. The device stores the data in the device memory. The device then determines the memory usage by comparing the memory usage to one or more predetermined thresholds. If the device determines that the memory usage is below a first predetermined threshold, the device can implement an aggressive dynamic receive buffering policy in which the device increases the advertised window size by a first increment. If the device determines that the memory usage is above the first threshold and below a second threshold, the device executes a more conservative dynamic receive buffering policy.

公开(公告)号：US09584427B2

公开(公告)日：2017-02-28

申请号：US14463234

申请日：2014-08-19

Applicant: Citrix Systems, Inc.

Inventor： Ashwin Jagadish ,  Saravana Annamalaisami ,  Muthukumar Shunmugiah ,  Mohit Prakash Saxena

IPC: H04W80/04 ,  H04L12/805 ,  H04L12/46

CPC classification number: H04L47/365 ,  H04L12/4641

Abstract: Systems and methods of providing fine grained control over MSS values of transport layer connections. A device intermediary to a plurality of clients and a plurality of servers can identify a first MSS value based on a MTU value of a VLAN interface responsive to a request to establish a transport layer connection. Device determines that a MSS value of the VLAN is less than the first MSS value. Device updates, responsive to the determination, the first MSS value to a second MSS value corresponding to the MSS value of the VLAN. Device determines that an MSS value specified by a profile configured for a virtual server of the device is less than the second MSS value. Device updates the second MSS value to the MSS value of the profile responsive to determining that the MSS value specified by the profile is less than the second MSS value.

Abstract translation: 对传输层连接的MSS值提供细粒度控制的系统和方法。 响应于建立传输层连接的请求，多个客户端和多个服务器的设备中介可以基于VLAN接口的MTU值来识别第一MSS值。 设备确定VLAN的MSS值小于第一个MSS值。 设备更新响应于确定，将第一个MSS值更新为与该VLAN的MSS值对应的第二个MSS值。 设备确定由为设备的虚拟服务器配置的配置文件指定的MSS值小于第二个MSS值。 响应于确定由该配置文件指定的MSS值小于第二MSS值，设备将第二MSS值更新为该配置文件的MSS值。

公开(公告)号：US09118569B2

公开(公告)日：2015-08-25

申请号：US13858003

申请日：2013-04-06

Applicant: Citrix Systems, Inc.

Inventor： Varun Taneja ,  Saravana Annamalaisami ,  Rajesh Joshi

IPC: G06F15/16 ,  H04L12/801

CPC classification number: H04L47/12

Abstract: Methods and systems for providing congestion control to a transport control protocol implementation are described. A device detects that there is a congestion event on a transport control protocol (TCP) connection of the device. The device determines that a bandwidth estimate is lower than half a current value of a slow start threshold for the TCP connection. In response to the determination, the device changes the slow start threshold to half of the current value of the slow start threshold for the TCP connection. The bandwidth estimate can be the product of the eligible rate estimate and the minimum round trip time. In some implementations, the transport control protocol implementation is a TCP Westwood implementation.

Abstract translation: 描述了用于向传输控制协议实现提供拥塞控制的方法和系统。 设备检测到设备的传输控制协议（TCP）连接上存在拥塞事件。 该设备确定带宽估计值低于TCP连接的慢启动阈值的当前值的一半。 响应于该确定，设备将慢启动阈值改变为TCP连接的慢启动阈值的当前值的一半。 带宽估计可以是合格率估计和最小往返时间的乘积。 在一些实现中，传输控制协议实现是TCP Westwood实现。

公开(公告)号：US20150026567A1

公开(公告)日：2015-01-22

申请号：US14448642

申请日：2014-07-31

Applicant: Citrix Systems, Inc.

Inventor： Henk Bots ,  Srikanth Devarajan ,  Saravana Annamalaisami ,  Nicholas Stavrakos ,  Jeff Monks ,  Fred Koopmans ,  Chris Koopmans ,  Kapil Dakhane

IPC: G06F17/30 ,  H04L29/08

CPC classification number: H04L67/2828 ,  G06F17/30076 ,  G06F17/30902 ,  H03M7/30 ,  H04L67/02 ,  H04L67/06 ,  H04L67/2852 ,  H04L69/04 ,  H04W8/245 ,  H04W80/06

Abstract: Systems and methods for reducing file sizes for files delivered over a network are disclosed. A method comprises receiving a first file comprising sequences of data; creating a hash table having entries corresponding to overlapping sequences of data; receiving a second file comprising sequences of data; comparing each of the sequences of data in the second file to the sequences of data in the hash table to determine sequences of data present in both the first and second files; and creating a third file comprising sequences of data from the second file and representations of locations and lengths of said sequences of data present in both the first and second files.

Abstract translation: 公开了用于减少通过网络传送的文件的文件大小的系统和方法。 一种方法包括：接收包括数据序列的第一文件; 创建具有对应于重叠数据序列的条目的哈希表; 接收包括数据序列的第二文件; 将第二文件中的数据序列中的每一个与散列表中的数据序列进行比较，以确定存在于第一和第二文件中的数据序列; 以及创建包括来自所述第二文件的数据序列的第三文件以及存在于所述第一和第二文件中的所述数据序列的位置和长度的表示。

公开(公告)号：US20140304798A1

公开(公告)日：2014-10-09

申请号：US13858008

申请日：2013-04-06

Applicant: CITRIX SYSTEMS, INC.

Inventor： Meghashree Iyengar ,  Krishna Khanal ,  Saravana Annamalaisami ,  Shashidhara Nanjundaswamy

IPC: H04L29/06

CPC classification number: H04L63/1458 ,  H04L63/02 ,  H04L63/102 ,  H04L63/168

Abstract: The present disclosure is directed generally to systems and methods for changing an application layer transaction timeout to prevent Denial of Service attacks. A device intermediary to a client and a server may receive, via a transport layer connection between the device and the client, a packet of an application layer transaction. The device may increment an attack counter for the transport layer connection by a first predetermined amount responsive to a size of the packet being less than a predetermined fraction of a maximum segment size for the transport layer connection. The device may increment the attack counter by a second predetermined amount responsive to an inter-packet-delay between the packet and a previous packet being more than a predetermined multiplier of a round trip time. The device may change a timeout for the application layer transaction responsive to comparing the attack counter to a predetermined threshold.

Abstract translation: 本公开一般涉及用于改变应用层事务超时以防止拒绝服务攻击的系统和方法。 客户机和服务器的设备中介可以经由设备和客户端之间的传输层连接来接收应用层事务的分组。 响应于分组的大小小于传输层连接的最大分段大小的预定分数，设备可以将用于传输层连接的攻击计数器增加第一预定量。 响应于分组与先前分组之间的分组间延迟多于往返时间的预定乘数，设备可以使攻击计数器增加第二预定量。 响应于将攻击计数器与预定阈值进行比较，设备可以改变应用层事务的超时。

公开(公告)号：US20140301388A1

公开(公告)日：2014-10-09

申请号：US14245505

申请日：2014-04-04

Applicant: Citrix Systems, Inc.

Inventor： Ashwin Jagadish ,  Mahesh Mylarappa ,  Sandhya Gopinath ,  Saravana Annamalaisami ,  Shashidhara Nanjundaswamy

IPC: H04L12/747

CPC classification number: H04L67/2814 ,  H04L45/7453

Abstract: The present disclosure is directed towards methods and systems for caching packet steering sessions for steering data packets between intermediary devices of a cluster of intermediary devices intermediary to a client and a plurality of servers. A first intermediary device receives a first data packet and determines, from a hash of a tuple of the first packet, a second intermediary device to which to steer the first packet. The first device stores, to a session for storing packet steering information, the identity of the second device and the tuple. The first device receives a second packet having a corresponding tuple that matches the tuple of the first packet and determines, based on a lookup for the session using the tuple of the second packet, that the second device is the intermediary device to which to steer the second packet. The first device steers the second packet to the second device.

Abstract translation: 本公开涉及用于缓存用于在客户机中间的多个中间设备的集群的中间设备和多个服务器之间指导数据分组的分组导向会话的方法和系统。 第一中间设备接收第一数据分组，并且从第一分组的元组的散列中确定第二中介设备来引导第一分组。 第一设备存储分组转向信息的会话，第二设备和元组的身份。 第一设备接收具有与第一分组的元组匹配的对应元组的第二分组，并且基于对使用第二分组的元组的会话的查找确定第二设备是引导其的中间设备 第二个包。 第一设备将第二分组转向第二设备。

公开(公告)号：US20140301213A1

公开(公告)日：2014-10-09

申请号：US14244315

申请日：2014-04-03

Applicant: Citrix Systems, Inc.

Inventor： Krishna Khanal ,  Shekhar Chandra ,  Saravana Annamalaisami

IPC: H04L12/26

CPC classification number: H04L43/12 ,  H04L43/02 ,  H04L43/04

Abstract: The present solution relates to systems and methods for capturing and consolidating packet tracing in a cluster system. A multi-nodal cluster processing network traffic contains multiple nodes each handling some of the processing. A node may initially receive a flow and transfer processing of the flow to another node for processing. A flow may therefore pass from one node to another, from two nodes to many nodes. In some instances, it is helpful to generate a trace of a flow. For example, in debugging a network communication flow, a trace of the flow through the cluster can be helpful. Each node has a packet engine (“PE”) which processes data packets and can, when trace is enabled, generate a trace file for the packets processed at the respective node. A trace aggregator merges these distinct trace files into an aggregate trace for the cluster

Abstract translation: 本解决方案涉及在集群系统中捕获和合并数据包跟踪的系统和方法。 多节点群集处理网络流量包含多个节点，每个节点处理一些处理。 节点可以初始地接收流并且将流的传送处理转移到另一个节点进行处理。 因此，流可以从一个节点传递到另一个节点，从两个节点到多个节点。 在某些情况下，生成流的踪迹是有帮助的。 例如，在调试网络通信流程中，通过集群的流程的跟踪可能是有帮助的。 每个节点具有处理数据分组的分组引擎（“PE”），并且当启用跟踪时，可以为在相应节点处理的分组生成跟踪文件。 跟踪聚合器将这些不同的跟踪文件合并到集群的聚合跟踪中

公开(公告)号：US08788581B2

公开(公告)日：2014-07-22

申请号：US13744614

申请日：2013-01-18

Applicant: Citrix Systems, Inc.

Inventor： Prabakar Sundarrajan ,  Prakash Khemani ,  Kailash Kailash ,  Ajay Soni ,  Rajiv Sinha ,  Saravana Annamalaisami ,  Bharath Bhushan K. R. ,  Anil Kumar

IPC: G06F12/00

CPC classification number: H04L67/42 ,  G06F17/30902

Abstract: A method for maintaining a cache of dynamically generated objects. The method includes storing in the cache dynamically generated objects previously served from an originating server to a client. A communication between the client and server is intercepted by the cache. The cache parses the communication to identify an object determinant and to determine whether the object determinant indicates whether a change has occurred or will occur in an object at the originating server. The cache marks the object stored in the cache as invalid if the object determinant so indicates. If the object has been marked as invalid, the cache retrieves the object from the originating server.

Abstract translation: 一种用于维护动态生成的对象的缓存的方法。 该方法包括将先前从始发服务器提供的动态生成的对象存储到缓存器中。 客户端和服务器之间的通信被缓存拦截。 高速缓存解析通信以识别对象行列式，并且确定对象行列式是否指示发生服务器上的对象是否已发生或将发生更改。 如果对象行列式指示，高速缓存将存储在缓存中的对象标记为无效。 如果对象被标记为无效，缓存将从始发服务器检索该对象。

公开(公告)号：US20130297814A1

公开(公告)日：2013-11-07

申请号：US13887004

申请日：2013-05-03

Applicant: CITRIX SYSTEMS, INC.

Inventor： Saravana Annamalaisami ,  Ashok Kumar Jagadeeswaran ,  Rajesh Joshi

IPC: H04L29/06

CPC classification number: H04L69/08 ,  H04L67/02 ,  H04L69/26

Abstract: The present disclosure is directed towards a system and method for providing a SPDY to HTTP gateway via a device intermediary to a plurality of clients and a server. An NPN handshake by the intermediary device may establish SPDY support. The intermediary device may receive and process one or more control frames via SPDY session with the client. The intermediary device may generate and transmit HTTP communication to server corresponding to SPDY control frames. The intermediary device may receive and process one or more HTTP responses from server. The intermediary device may generate and transmit SPDY communication via SPDY session to client corresponding to HTTP response.

Abstract translation: 本公开涉及一种用于经由多个客户端和服务器的设备中介向HTTP网关提供SPDY的系统和方法。 中介设备的NPN握手可以建立SPDY支持。 中间设备可以经由与客户端的SPDY会话来接收和处理一个或多个控制帧。 中间设备可以生成并发送对应于SPDY控制帧的服务器的HTTP通信。 中间设备可以从服务器接收和处理一个或多个HTTP响应。 中间设备可以通过SPDY会话生成并发送与HTTP响应相对应的客户端的SPDY通信。

公开(公告)号：US10834205B2

公开(公告)日：2020-11-10

申请号：US16012963

申请日：2018-06-20

Applicant: CITRIX SYSTEMS, INC.

Inventor： Jyotheesh Rao Kurma ,  Saravana Annamalaisami ,  Muthukumar Shunmugiah ,  Saravanan Jayaraman ,  Subash Dangol

IPC: H04L29/08 ,  H04L29/06

Abstract: A network appliance is provided for establishing sessions between client devices and a network server(s) for exchanging network traffic therebetween. The network appliance may include a memory and a processor cooperating with the memory, with the processor being operable in a normal traffic mode and a forwarding traffic mode. The processor may be configured to establish new sessions for network traffic based upon new session requests from the client devices, and forward network traffic associated with prior existing sessions from the client devices to the network server(s). When in the forwarding traffic mode, the processor may forward network traffic not associated with a prior existing session or a new session request to the network server(s). When in the normal traffic mode, the processor may block network traffic not associated with a prior existing session or a new session request from reaching the network server(s).