公开(公告)号：US20130091273A1

公开(公告)日：2013-04-11

申请号：US13436873

申请日：2012-03-31

Applicant: Kand Ly ,  Michael J. Demmer ,  Steven McCanne ,  Alfred Landrum

Inventor： Kand Ly ,  Michael J. Demmer ,  Steven McCanne ,  Alfred Landrum

IPC: H04L12/24

CPC classification number: H04L41/00 ,  H04L41/0663 ,  H04L43/10 ,  H04L61/2514 ,  H04L61/2567 ,  H04L61/2589 ,  H04L67/146 ,  H04L67/147 ,  H04L67/16 ,  H04L67/28 ,  H04L67/2804 ,  H04L67/2819 ,  H04L67/2842

Abstract: Proxy devices associate their direct connection with a client/server connection passing through one or more NAT devices. First proxy device receives a network connection request from a client. First proxy device stores connection information in association with a connection identifier. Connection information may reflect the usage of NAT devices between the two proxy devices. First proxy device sends a connection response including the connection identifier to the client. Second proxy device sends a direct connection request to first proxy device to establish a direct connection. Direct connection request includes the connection identifier, which is used by first proxy device to associate the direct connection with stored connection information. First proxy device may use the connection information to direct network traffic received via this direct connection to the correct destination and to divert network traffic from the server to the client through the direct connection and first and second proxy devices.

Abstract translation: 代理设备将其直接连接与通过一个或多个NAT设备的客户端/服务器连接相关联。 第一代理设备从客户端接收网络连接请求。 第一代理设备存储与连接标识符相关联的连接信息。 连接信息可能反映NAT设备在两个代理设备之间的使用情况。 第一代理设备向客户端发送包括连接标识符的连接响应。 第二代理设备向第一代理设备发送直接连接请求以建立直接连接。 直接连接请求包括连接标识符，第一代理设备使用该标识符将直接连接与存储的连接信息相关联。 第一代理设备可以使用连接信息将通过该直接连接接收的网络流量定向到正确的目的地，并且通过直接连接和第一和第二代理设备将网络流量从服务器转移到客户端。

公开(公告)号：US08411570B2

公开(公告)日：2013-04-02

申请号：US11494352

申请日：2006-07-26

Applicant: David Tze-Si Wu ,  Nitin Gupta ,  Kand Ly

Inventor： David Tze-Si Wu ,  Nitin Gupta ,  Kand Ly

IPC: H04L12/26

CPC classification number: H04L47/12 ,  H04L47/10 ,  H04L47/125 ,  H04L69/16 ,  H04L69/162 ,  H04L69/165 ,  H04L69/32

Abstract: Serial clustering uses two or more network devices connected in series via a local and/or wide-area network to provide additional capacity when network traffic exceeds the processing capabilities of a single network device. When a first network device reaches its capacity limit, any excess network traffic beyond that limit is passed through the first network device unchanged. A network device connected in series with the first network device intercepts and will process the excess network traffic provided that it has sufficient processing capacity. Additional network devices can process remaining network traffic in a similar manner until all of the excess network traffic has been processed or until there are no more additional network devices. Network devices may use rules to determine how to handle network traffic. Rules may be based on the attributes of received network packets, attributes of the network device, or attributes of the network.

公开(公告)号：US20090094371A1

公开(公告)日：2009-04-09

申请号：US12331257

申请日：2008-12-09

Applicant: Kand Ly ,  Joshua Tseng ,  Steve McCanne

Inventor： Kand Ly ,  Joshua Tseng ,  Steve McCanne

IPC: G06F15/16

CPC classification number: H04L67/14 ,  H04L67/2814 ,  H04L67/2876

Abstract: Two or more network traffic processors connected with the same LAN and WAN are identified as neighbors. Neighboring network traffic processors cooperate to overcome asymmetric routing, thereby ensuring that related sequences of network traffic are processed by the same network proxy. A network proxy can be included in a network traffic processor or as a standalone unit. A network traffic processor that intercepts a new connection initiation by a client assigns a network proxy to handle all messages associated with that connection. The network traffic processor conveys connection information to neighboring network traffic processors. The neighboring network traffic processors use the connection information to redirect network traffic associated with the connection to the assigned network proxy, thereby overcoming the effects of asymmetric routing. The assigned network proxy handles redirected network traffic in much the same way that it would handle network traffic received directly.

Abstract translation: 与同一LAN和WAN连接的两个或多个网络流量处理器被识别为邻居。 相邻的网络流量处理器合作克服非对称路由，从而确保相同的网络流量的相关序列被相同的网络代理处理。 网络代理可以包含在网络流量处理器中或独立的单元中。 拦截客户端的新连接启动的网络流量处理器分配网络代理来处理与该连接相关联的所有消息。 网络流量处理器将连接信息传递给相邻网络流量处理器。 相邻网络流量处理器使用连接信息将与连接相关联的网络流量重定向到所分配的网络代理，从而克服非对称路由的影响。 分配的网络代理以与处理直接接收的网络流量大致相同的方式处理重定向的网络流量。

公开(公告)号：US20060248194A1

公开(公告)日：2006-11-02

申请号：US11377906

申请日：2006-03-15

Applicant: Kand Ly ,  Joshua Tseng ,  Steve McCanne

Inventor： Kand Ly ,  Joshua Tseng ,  Steve McCanne

IPC: G06F15/173

CPC classification number: H04L67/14 ,  H04L67/2814 ,  H04L67/2876

Abstract: Two or more network traffic processors connected with the same LAN and WAN are identified as neighbors. Neighboring network traffic processors cooperate to overcome asymmetric routing, thereby ensuring that related sequences of network traffic are processed by the same network proxy. A network proxy can be included in a network traffic processor or as a standalone unit. A network traffic processor that intercepts a new connection initiation by a client assigns a network proxy to handle all messages associated with that connection. The network traffic processor conveys connection information to neighboring network traffic processors. The neighboring network traffic processors use the connection information to redirect network traffic associated with the connection to the assigned network proxy, thereby overcoming the effects of asymmetric routing. The assigned network proxy handles redirected network traffic in much the same way that it would handle network traffic received directly.

公开(公告)号：US20100318665A1

公开(公告)日：2010-12-16

申请号：US12843754

申请日：2010-07-26

Applicant: Michael J. Demmer ,  Kand Ly ,  Nitin Gupta

Inventor： Michael J. Demmer ,  Kand Ly ,  Nitin Gupta

IPC: G06F15/16

CPC classification number: H04L67/14 ,  H04L29/12367 ,  H04L41/12 ,  H04L61/2514 ,  H04L67/2876 ,  H04L69/16 ,  H04L69/163 ,  H04L69/329 ,  H04L69/40

Abstract: Methods and apparatus are provided for intercepting a client-server communication connection in a computing environment. A first network intermediary configured to facilitate optimization of client-server transactions may be installed in a path of communications between the client and the server. A second network intermediary configured to cooperate with the first network intermediary is not in the path of communications between the client and the server. The first network intermediary intercepts a connection request from the client and forwards a modified request toward the server. A module within the server intercepts the connection request and redirects it to the second network intermediary. The client-server connection is thus split-terminated at the two network intermediaries, which establish cooperative sessions between themselves and with the client and with the server.

Abstract translation: 提供了用于在计算环境中拦截客户机 - 服务器通信连接的方法和装置。 配置为促进客户端 - 服务器事务的优化的第一网络中介可以安装在客户机和服务器之间的通信路径中。 配置为与第一网络中介进行协作的第二网络中介不在客户端和服务器之间的通信路径中。 第一个网络中介拦截来自客户端的连接请求，并向服务器转发修改的请求。 服务器内的一个模块拦截连接请求并将其重定向到第二个网络中介。 因此，客户机 - 服务器连接在两个网络中间件上分拆终止，这两个中间件在它们之间以及与客户端和服务器之间建立协作会话。

公开(公告)号：US20070283024A1

公开(公告)日：2007-12-06

申请号：US11683325

申请日：2007-03-07

Applicant: Alfred Landrum ,  Kand Ly ,  Steve McCanne

Inventor： Alfred Landrum ,  Kand Ly ,  Steve McCanne

IPC: G06F15/16

CPC classification number: H04L69/16 ,  H04L61/2528 ,  H04L61/2532 ,  H04L67/28 ,  H04L67/2876

Abstract: In address-manipulation enabled transaction accelerators, the transaction accelerators include outer-connection addressing information in packets emitted over an inner connection between transaction accelerators and inner-connection addressing information is added in packets sent over the inner connection. The inner-connection addressing information can be carried in TCP option fields, directly in other fields, or indirectly through data structures maintained by the endpoints processing the connection. Address information can be encoded into header fields originally intended for other purposes but that are unused or encoded into used fields, overlaid in combination with other data that is being carried in those used fields. The existence of inner-connection addressing information in a packet can be signaled by a flag in the packet, by a bit or other designated encoding. The flag can be in an unused header field or overlaid. Where replacement and option addition is needed, swappers and unswappers might be used.

Abstract translation: 在启用地址处理的事务加速器中，事务加速器包括在事务加速器之间的内部连接上发送的分组中的外部连接寻址信息，并且内部连接寻址信息被添加到通过内部连接发送的分组中。 内部连接寻址信息可以在TCP选项字段中直接在其他字段中承载，也可以通过处理连接的端点维护的数据结构进行间接传输。 地址信息可以被编码为原始用于其他目的的标题字段，但是未被使用或编码为使用字段的报头字段，与在这些字段中携带的其他数据相结合。 分组中的内部连接寻址信息的存在可以通过分组中的标志，位或其他指定的编码来发出信号。 标志可以在未使用的标题字段中或覆盖。 在需要替换和选项的情况下，可能会使用swappers和unswappers。

公开(公告)号：US08782395B1

公开(公告)日：2014-07-15

申请号：US13436874

申请日：2012-03-31

Applicant: Kand Ly

Inventor： Kand Ly

IPC: H04L29/06

CPC classification number: H04L67/2842 ,  H04L61/1511 ,  H04L61/2514 ,  H04W76/11

Abstract: Content delivery networks may associate each WAN optimized network connection with a specific client-to-cloud-service connection using connection identifiers. When an edge node of a content delivery network receives or intercepts a network connection request from a client device including an auto-discovery indicator from an upstream WAN optimization module, the edge node stores a connection identifier for this network connection. The edge node sends a connection response back to the client device including an auto-discovery response indicator. In response, the WAN optimization module sends one or more inner connection setup messages including the connection identifier to a second WAN optimization module in the content delivery network to establish a direct connection, referred to as an inner connection. The connection identifier is matched with the previously stored connection identifier to associate an inner connection with the network connection between the client and the cloud service.

Abstract translation: 内容传送网络可以使用连接标识符将每个WAN优化的网络连接与特定的客户端到云服务连接相关联。 当内容传送网络的边缘节点从包括来自上游WAN优化模块的自动发现指示符的客户端设备接收或截取网络连接请求时，边缘节点存储用于该网络连接的连接标识符。 边缘节点将连接响应发送回客户端设备，包括自动发现响应指示符。 作为响应，WAN优化模块将包括连接标识符的一个或多个内部连接建立消息发送到内容传送网络中的第二WAN优化模块，以建立被称为内部连接的直接连接。 连接标识符与先前存储的连接标识符相匹配，以将内部连接与客户端和云服务之间的网络连接相关联。

公开(公告)号：US08473620B2

公开(公告)日：2013-06-25

申请号：US12843754

申请日：2010-07-26

Applicant: Michael J. Demmer ,  Kand Ly ,  Nitin Gupta

Inventor： Michael J. Demmer ,  Kand Ly ,  Nitin Gupta

IPC: G06F15/16

CPC classification number: H04L67/14 ,  H04L29/12367 ,  H04L41/12 ,  H04L61/2514 ,  H04L67/2876 ,  H04L69/16 ,  H04L69/163 ,  H04L69/329 ,  H04L69/40

Abstract: Methods and apparatus are provided for intercepting a client-server communication connection in a computing environment. A first network intermediary configured to facilitate optimization of client-server transactions may be installed in a path of communications between the client and the server. A second network intermediary configured to cooperate with the first network intermediary is not in the path of communications between the client and the server. The first network intermediary intercepts a connection request from the client and forwards a modified request toward the server. A module within the server intercepts the connection request and redirects it to the second network intermediary. The client-server connection is thus split-terminated at the two network intermediaries, which establish cooperative sessions between themselves and with the client and with the server.

Abstract translation: 提供了用于在计算环境中拦截客户机 - 服务器通信连接的方法和装置。 配置为促进客户端 - 服务器事务的优化的第一网络中介可以安装在客户机和服务器之间的通信路径中。 配置为与第一网络中介进行协作的第二网络中介不在客户端和服务器之间的通信路径中。 第一个网络中介拦截来自客户端的连接请求，并向服务器转发修改的请求。 服务器内的一个模块拦截连接请求并将其重定向到第二个网络中介。 因此，客户机 - 服务器连接在两个网络中间件上分拆终止，这两个中间件在它们之间以及与客户端和服务器之间建立协作会话。

公开(公告)号：US08386637B2

公开(公告)日：2013-02-26

申请号：US13410032

申请日：2012-03-01

Applicant: Kand Ly ,  Joshua Tseng ,  Steve McCanne

Inventor： Kand Ly ,  Joshua Tseng ,  Steve McCanne

IPC: G06F15/173

CPC classification number: H04L67/14 ,  H04L67/2814 ,  H04L67/2876

Abstract: Two or more network traffic processors connected with the same LAN and WAN are identified as neighbors. Neighboring network traffic processors cooperate to overcome asymmetric routing, thereby ensuring that related sequences of network traffic are processed by the same network proxy. A network proxy can be included in a network traffic processor or as a standalone unit. A network traffic processor that intercepts a new connection initiation by a client assigns a network proxy to handle all messages associated with that connection. The network traffic processor conveys connection information to neighboring network traffic processors. The neighboring network traffic processors use the connection information to redirect network traffic associated with the connection to the assigned network proxy, thereby overcoming the effects of asymmetric routing. The assigned network proxy handles redirected network traffic in much the same way that it would handle network traffic received directly.

Abstract translation: 与同一LAN和WAN连接的两个或多个网络流量处理器被识别为邻居。 相邻的网络流量处理器合作克服非对称路由，从而确保相同的网络流量的相关序列被相同的网络代理处理。 网络代理可以包含在网络流量处理器中或独立的单元中。 拦截客户端的新连接启动的网络流量处理器分配网络代理来处理与该连接相关联的所有消息。 网络流量处理器将连接信息传递给相邻网络流量处理器。 相邻网络流量处理器使用连接信息将与连接相关联的网络流量重定向到所分配的网络代理，从而克服非对称路由的影响。 分配的网络代理以与处理直接接收的网络流量大致相同的方式处理重定向的网络流量。

公开(公告)号：US08380825B2

公开(公告)日：2013-02-19

申请号：US12825296

申请日：2010-06-28

Applicant: Kand Ly ,  Maksim Ioffe ,  Alfred Landrum ,  Mark Stuart Day

Inventor： Kand Ly ,  Maksim Ioffe ,  Alfred Landrum ,  Mark Stuart Day

IPC: G06F15/177

CPC classification number: H04L69/16 ,  H04L67/1002 ,  H04L67/1023 ,  H04L67/28 ,  H04L67/2876 ,  H04L67/288 ,  H04L69/163

Abstract: Network devices include proxies and where multiple proxies are present on a network, they can probe to determine the existence of other proxies. Where more than two proxies are present and thus different proxy pairings are possible, the proxies are programmed to determine which proxies should form a proxy pair. Marked probe packets are used by proxies to discover each other and probing is done such a connection can be eventually formed even if some probe packets fail due to the marking. Asymmetric routing can be detected and proxies configured for connection forwarding as necessary.

Abstract translation: 网络设备包括代理，网络中存在多个代理，它们可以探测以确定其他代理的存在。 如果存在两个以上的代理，因此不同的代理配对是可能的，则代理被编程以确定哪些代理应当形成代理对。 代理使用标记的探测数据包来发现对方，并且探测完成，即使某些探测包由于标记失败，也可能最终形成这样的连接。 可以检测到非对称路由，并根据需要配置代理连接转发。