公开(公告)号：US09172650B2

公开(公告)日：2015-10-27

申请号：US13913192

申请日：2013-06-07

Applicant: Citrix Systems, Inc.

Inventor： Roy Rajan ,  Saravanakumar Annamalaisami

IPC: H04L12/823 ,  H04L29/08 ,  H04L29/06

CPC classification number: H04L47/32 ,  H04L67/1002 ,  H04L67/1008 ,  H04L67/1029 ,  H04L69/16

Abstract: The present application is directed towards systems and methods for providing connection surge protection to one or more servers by an intermediary multi-core system. A packet processing engine of a multi-core device deployed as an intermediary between a plurality of clients and one or more servers determines an estimated number of total pending requests received by all packet processing engines based on a value of a local counter of received requests, the total number of pending requests received by all other packet processing engines at a last predetermined interval, and a rate of change of the total number of pending requests received by all other packet processing engines multiplied by the time since the last predetermined interval. The packet processing engine applies a surge protection policy to received pending requests responsive to the determined estimated number of total pending requests.

Abstract translation: 本申请涉及用于通过中间多核系统向一个或多个服务器提供连接浪涌保护的系统和方法。 作为在多个客户机和一个或多个服务器之间的中介部署的多核设备的分组处理引擎，基于接收到的请求的本地计数器的值来确定所有分组处理引擎接收的总待决请求的估计数量， 所有其他分组处理引擎以最后一个预定间隔接收到的未决请求的总数，以及所有其他分组处理引擎所接收的待处理请求总数乘以自上一个预定间隔以来的时间的变化率。 分组处理引擎响应于所确定的总待决请求的估计数量，将接收的未决请求应用浪涌保护策略。

公开(公告)号：US20140365563A1

公开(公告)日：2014-12-11

申请号：US14469194

申请日：2014-08-26

Applicant: Citrix Systems, Inc.

Inventor： Jagannath Raghu ,  Saravana Annamalaisami ,  Roy Rajan

IPC: H04L29/08 ,  H04L29/06

CPC classification number: H04L67/2823 ,  H04L67/02 ,  H04L67/2804 ,  H04L67/2819 ,  H04L67/42

Abstract: The present solution is directed towards a policy-based intermediary that dynamically and flexibly injects content in responses between a client and a server based on one or more policies. The present solution addresses the challenges of injecting content in a client-server transaction. The intermediary determines when and what content to inject into a response of a client-server transaction based on a request and/or response policy. The injected content may include timestamp and/or variable tracking of different events in a client-server transaction. For example, when an intermediary appliance is deployed in a system to accelerate system performance and improve user experience, the appliance may inject content based on policy to monitor the acceleration performance of the deployed appliance.

Abstract translation: 本解决方案针对基于策略的中介，其基于一个或多个策略来动态地和灵活地在客户端和服务器之间的响应中注入内容。 本解决方案解决了在客户端 - 服务器事务中注入内容的挑战。 中介确定根据请求和/或响应策略注入到客户机 - 服务器事务的响应中的何时和什么内容。 注入的内容可以包括客户端 - 服务器事务中的不同事件的时间戳和/或可变跟踪。 例如，当中间设备部署在系统中以加速系统性能并改善用户体验时，设备可以基于策略来注入内容以监视所部署的设备的加速性能。

公开(公告)号：US09497262B2

公开(公告)日：2016-11-15

申请号：US14335404

申请日：2014-07-18

Applicant: Citrix Systems, Inc.

Inventor： Roy Rajan ,  Saravanakumar Annamalaisami

IPC: G06F15/16 ,  H04L29/08 ,  H04L29/06

CPC classification number: H04L67/10 ,  H04L67/02 ,  H04L67/2804 ,  H04L67/2819 ,  H04L67/288 ,  H04L67/325 ,  H04L67/42

Abstract: A method for sampling management includes establishing, for a multi-core intermediary comprising a plurality of packet evaluation components executing on a corresponding plurality of cores, a frequency at which the multi-core intermediary intercepts a response transmitted from a server to a client and injects data into the intercepted response. For each of the plurality of packet evaluation components, an offset and a frequency based on a number of packet evaluation components in the plurality of packet evaluation components is established, a combination of the established frequencies substantially similar to the frequency established for the multi-core intermediary. One of the plurality of cores intercepts a response from the server to the client, at a time specified by the frequency and the offset. The packet evaluation component executing on the one of the plurality of cores injects data into the intercepted response.

Abstract translation: 一种用于采样管理的方法包括：对于包含在相应多个核上执行的多个分组评估组件的多核心中介，建立多核中介拦截从服务器发送到客户端的响应并注入的频率 数据进入截获的响应。 对于多个分组评估组件中的每一个，建立基于多个分组评估组件中的分组评估分量的数量的偏移和频率，所建立的频率的组合与为多核建立的频率基本相似 中介。 多个核心中的一个在由频率和偏移指定的时间内截获从服务器到客户端的响应。 在多个核心中的一个上执行的分组评估组件将数据注入被截获的响应中。

公开(公告)号：US09268736B2

公开(公告)日：2016-02-23

申请号：US13762129

申请日：2013-02-07

Applicant: Citrix Systems, Inc.

Inventor： Roy Rajan ,  Saravanakumar Annamalaisami

IPC: H04L9/00 ,  G06F15/167 ,  H04L29/06

CPC classification number: G06F15/167 ,  H04L63/123 ,  H04L63/168

Abstract: The present application is directed towards systems and methods for generating and maintaining cookie consistency for security protection across a plurality of cores in a multi-core system. A packet processing engine executing on one core designated as a primary packet processing engine generates and maintains a global random seed. The global random seed may be used as an initial seed for creation of cookie signatures by each of a plurality of packet processing engines executing on a plurality of cores of the multi-core system using a deterministic pseudo-random number generation function such that each core creates an identical set of cookie signatures.

Abstract translation: 本申请涉及用于生成和维护跨多核系统中的多个核心的安全保护的cookie一致性的系统和方法。 在指定为主分组处理引擎的一个核上执行的分组处理引擎生成并维护全局随机种子。 全局随机种子可以被用作通过使用确定性伪随机数生成函数在多核系统的多个核上执行的多个分组处理引擎中的每一个来创建cookie签名的初始种子，使得每个核心 创建一组相同的cookie签名。

公开(公告)号：US20150019630A1

公开(公告)日：2015-01-15

申请号：US14335404

申请日：2014-07-18

Applicant: Citrix Systems, Inc.

Inventor： Roy Rajan ,  Saravanakumar Annamalaisami

IPC: H04L29/08 ,  H04L29/06

CPC classification number: H04L67/10 ,  H04L67/02 ,  H04L67/2804 ,  H04L67/2819 ,  H04L67/288 ,  H04L67/325 ,  H04L67/42

Abstract: A method for sampling management includes establishing, for a multi-core intermediary comprising a plurality of packet evaluation components executing on a corresponding plurality of cores, a frequency at which the multi-core intermediary intercepts a response transmitted from a server to a client and injects data into the intercepted response. For each of the plurality of packet evaluation components, an offset and a frequency based on a number of packet evaluation components in the plurality of packet evaluation components is established, a combination of the established frequencies substantially similar to the frequency established for the multi-core intermediary. One of the plurality of cores intercepts a response from the server to the client, at a time specified by the frequency and the offset. The packet evaluation component executing on the one of the plurality of cores injects data into the intercepted response.

Abstract translation: 一种采样管理方法包括：对于包含在相应多个核上执行的多个分组评估组件的多核心中介，建立多核中介拦截从服务器向客户发送的响应的频率，并注入 数据进入截获的响应。 对于多个分组评估组件中的每一个，建立基于多个分组评估组件中的分组评估分量的数量的偏移和频率，所建立的频率的组合与为多核建立的频率基本相似 中介。 多个核心中的一个在由频率和偏移指定的时间内截获从服务器到客户端的响应。 在多个核心中的一个上执行的分组评估组件将数据注入被截获的响应中。

公开(公告)号：US20130275617A1

公开(公告)日：2013-10-17

申请号：US13913192

申请日：2013-06-07

Applicant: Citrix Systems, Inc.

Inventor： Roy Rajan ,  Saravanakumar Annamalaisami

IPC: H04L12/70

CPC classification number: H04L47/32 ,  H04L67/1002 ,  H04L67/1008 ,  H04L67/1029 ,  H04L69/16

Abstract: The present application is directed towards systems and methods for providing connection surge protection to one or more servers by an intermediary multi-core system. A packet processing engine of a multi-core device deployed as an intermediary between a plurality of clients and one or more servers determines an estimated number of total pending requests received by all packet processing engines based on a value of a local counter of received requests, the total number of pending requests received by all other packet processing engines at a last predetermined interval, and a rate of change of the total number of pending requests received by all other packet processing engines multiplied by the time since the last predetermined interval. The packet processing engine applies a surge protection policy to received pending requests responsive to the determined estimated number of total pending requests.

Abstract translation: 本申请涉及用于通过中间多核系统向一个或多个服务器提供连接浪涌保护的系统和方法。 作为在多个客户机和一个或多个服务器之间的中介部署的多核设备的分组处理引擎，基于接收到的请求的本地计数器的值来确定所有分组处理引擎接收的总待决请求的估计数量， 所有其他分组处理引擎以最后一个预定间隔接收到的未决请求的总数，以及所有其他分组处理引擎所接收的待处理请求总数乘以自上一个预定间隔以来的时间的变化率。 分组处理引擎响应于所确定的总待决请求的估计数量，将接收的未决请求应用浪涌保护策略。

公开(公告)号：US09363328B2

公开(公告)日：2016-06-07

申请号：US14469194

申请日：2014-08-26

Applicant: Citrix Systems, Inc.

Inventor： Jagannath Raghu ,  Saravana Annamalaisami ,  Roy Rajan

IPC: G06F15/16 ,  H04L29/08 ,  H04L29/06

CPC classification number: H04L67/2823 ,  H04L67/02 ,  H04L67/2804 ,  H04L67/2819 ,  H04L67/42

Abstract: The present solution is directed towards a policy-based intermediary that dynamically and flexibly injects content in responses between a client and a server based on one or more policies. The present solution addresses the challenges of injecting content in a client-server transaction. The intermediary determines when and what content to inject into a response of a client-server transaction based on a request and/or response policy. The injected content may include timestamp and/or variable tracking of different events in a client-server transaction. For example, when an intermediary appliance is deployed in a system to accelerate system performance and improve user experience, the appliance may inject content based on policy to monitor the acceleration performance of the deployed appliance.

Abstract translation: 本解决方案针对基于策略的中介，其基于一个或多个策略来动态地和灵活地在客户端和服务器之间的响应中注入内容。 本解决方案解决了在客户端 - 服务器事务中注入内容的挑战。 中介确定根据请求和/或响应策略注入到客户机 - 服务器事务的响应中的何时和什么内容。 注入的内容可以包括客户端 - 服务器事务中的不同事件的时间戳和/或可变跟踪。 例如，当中间设备部署在系统中以加速系统性能并改善用户体验时，设备可以基于策略来注入内容以监视所部署的设备的加速性能。