公开(公告)号：US09215275B2

公开(公告)日：2015-12-15

申请号：US12894142

申请日：2010-09-30

申请人： Lalgudi Narayanan Kannan ,  Ronald Wai Lun Szeto ,  Lee Chen ,  Feilong Xu ,  Rajkumar Jalan

发明人： Lalgudi Narayanan Kannan ,  Ronald Wai Lun Szeto ,  Lee Chen ,  Feilong Xu ,  Rajkumar Jalan

IPC分类号： G06F15/16 ,  H04L29/08

CPC分类号： H04L67/1008 ,  H04L67/02 ,  H04L67/1002

摘要： A method, system, and computer program product for balancing servers based on server load status, include: receiving from a server a service response to a service request, the service response including a result from a processing of the service request and a server status indicating a computing load status of the server; obtaining the server status from the service response; receiving a next service request from a host, the next service request comprising a Uniform Resource Locator (URL); determining that the server is configured to process the URL; determining whether the server status indicates that the server is available to process the next service request; and in response to determining that the server status indicates that the server is available to process the next service request, sending the next service request to the server.

摘要翻译： 一种用于基于服务器负载状态平衡服务器的方法，系统和计算机程序产品，包括：从服务器接收对服务请求的服务响应，所述服务响应包括来自所述服务请求的处理的结果和指示 服务器的计算负载状态; 从服务响应获取服务器状态; 从主机接收下一服务请求，所述下一服务请求包括统一资源定位符（URL）; 确定服务器被配置为处理URL; 确定服务器状态是否指示服务器可用于处理下一个服务请求; 并且响应于确定服务器状态指示服务器可用于处理下一服务请求，将下一服务请求发送到服务器。

公开(公告)号：US20120084419A1

公开(公告)日：2012-04-05

申请号：US12894142

申请日：2010-09-30

申请人： Lalgudi Narayanan KANNAN ,  Ronald Wai Lun Szeto ,  Lee Chen ,  Feilong Xu ,  Rajkumar Jalan

发明人： Lalgudi Narayanan KANNAN ,  Ronald Wai Lun Szeto ,  Lee Chen ,  Feilong Xu ,  Rajkumar Jalan

IPC分类号： G06F15/16

CPC分类号： H04L67/1008 ,  H04L67/02 ,  H04L67/1002

摘要： A method, system, and computer program product for balancing servers based on server load status, include: receiving from a server a service response to a service request, the service response including a result from a processing of the service request and a server status indicating a computing load status of the server; obtaining the server status from the service response; receiving a next service request from a host, the next service request comprising a Uniform Resource Locator (URL); determining that the server is configured to process the URL; determining whether the server status indicates that the server is available to process the next service request; and in response to determining that the server status indicates that the server is available to process the next service request, sending the next service request to the server.

摘要翻译： 一种用于基于服务器负载状态平衡服务器的方法，系统和计算机程序产品，包括：从服务器接收对服务请求的服务响应，所述服务响应包括来自所述服务请求的处理的结果和指示 服务器的计算负载状态; 从服务响应获取服务器状态; 从主机接收下一服务请求，所述下一服务请求包括统一资源定位符（URL）; 确定服务器被配置为处理URL; 确定服务器状态是否指示服务器可用于处理下一个服务请求; 并且响应于确定服务器状态指示服务器可用于处理下一服务请求，将下一服务请求发送到服务器。

公开(公告)号：USRE44701E1

公开(公告)日：2014-01-14

申请号：US13413191

申请日：2012-03-06

申请人： Lee Chen ,  Ronald Wai Lun Szeto ,  Shih-Tsung Hwang

发明人： Lee Chen ,  Ronald Wai Lun Szeto ,  Shih-Tsung Hwang

IPC分类号： G01R31/08 ,  H04L12/56

CPC分类号： H04L47/10 ,  H04L63/1458

摘要： Provided is a method and system for TCP SYN cookie validation. The method includes receiving a session SYN packet by a TCP session setup module of a host server, generating a transition cookie including a time value representing the actual time, sending a session SYN/ACK packet, including the transition cookie, in response to the received session SYN packet, receiving a session ACK packet, and determining whether a candidate transition cookie in the received session ACK packet comprises a time value representing a time within a predetermined time interval from the time the session ACK packet is received.

摘要翻译： 提供了一种用于TCP SYN cookie验证的方法和系统。 所述方法包括：通过主机服务器的TCP会话建立模块接收会话SYN分组，生成包含表示实际时间的时间值的转换cookie，响应于接收到的发送包括转换cookie的会话SYN / ACK分组 会话SYN分组，接收会话ACK分组，以及确定接收到的会话ACK分组中的候选转移cookie是否包括表示从接收到会话ACK分组的时间起的预定时间间隔内的时间的时间值。

公开(公告)号：US08464333B1

公开(公告)日：2013-06-11

申请号：US13347027

申请日：2012-01-10

申请人： Lee Chen ,  Ronald Wai Lun Szeto

发明人： Lee Chen ,  Ronald Wai Lun Szeto

IPC分类号： G06F21/00

CPC分类号： H04L63/20 ,  H04L29/12433 ,  H04L29/12481 ,  H04L61/2539 ,  H04L61/2557 ,  H04L63/0209 ,  H04L63/0218 ,  H04L63/0227 ,  H04L63/0281 ,  H04L65/1069

摘要： A system and method for a distributed multi-processing security gateway establishes a host side session, selects a proxy network address for a server, uses the proxy network address to establish a server side session, receives a data packet, assigns a central processing unit core from a plurality of central processing unit cores in a multi-core processor of the security gateway to process the data packet, processes the data packet according to security policies, and sends the processed data packet. The proxy network address is selected such that a same central processing unit core is assigned to process data packets from the server side session and the host side session. By assigning central processing unit cores in this manner, higher capable security gateways are provided.

摘要翻译： 用于分布式多处理安全网关的系统和方法建立主机侧会话，为服务器选择代理网络地址，使用代理网络地址建立服务器端会话，接收数据包，分配中央处理单元核心 从安全网关的多核处理器中的多个中央处理单元核心处理数据分组，根据安全策略处理数据分组，并发送处理后的数据分组。 代理网络地址被选择为使得相同的中央处理单元核心被分配以处理来自服务器端会话和主机侧会话的数据分组。 通过以这种方式分配中央处理单元核心，提供了更高能力的安全网关。

公开(公告)号：US20080040789A1

公开(公告)日：2008-02-14

申请号：US11501607

申请日：2006-08-08

申请人： Lee Chen ,  Ronald Wai Lun Szeto

发明人： Lee Chen ,  Ronald Wai Lun Szeto

IPC分类号： G06F15/16

CPC分类号： H04L63/0236 ,  H04L63/0227 ,  H04L63/0281 ,  H04L63/20 ,  H04L67/28

摘要： A system and method for a distributed multi-processing security gateway establishes a host side session, selects a proxy network address for a server based on network information, and using the proxy network address to establish a server side session. The proxy network address is selected such that a same processing element is assigned to process data packets from the server side session and the host side session. The network information includes a security gateway network address and a host network address. By assigning processing elements in this manner, higher capable security gateways are provided.

摘要翻译： 用于分布式多处理安全网关的系统和方法建立主机侧会话，基于网络信息为服务器选择代理网络地址，并使用代理网络地址建立服务器端会话。 选择代理网络地址，使得分配相同的处理元件来处理来自服务器端会话和主机侧会话的数据分组。 网络信息包括安全网关网络地址和主机网络地址。 通过以这种方式分配处理元件，提供了更高能力的安全网关。

公开(公告)号：US07675854B2

公开(公告)日：2010-03-09

申请号：US11358245

申请日：2006-02-21

申请人： Lee Chen ,  Ronald Wai Lun Szeto ,  Shih-Tsung Hwang

发明人： Lee Chen ,  Ronald Wai Lun Szeto ,  Shih-Tsung Hwang

IPC分类号： G01R31/08

CPC分类号： H04L47/10 ,  H04L63/1458

摘要： Provided is a method and system for TCP SYN cookie validation. The method includes receiving a session SYN packet by a TCP session setup module of a host server, generating a transition cookie including a time value representing the actual time, sending a session SYN/ACK packet, including the transition cookie, in response to the received session SYN packet, receiving a session ACK packet, and determining whether a candidate transition cookie in the received session ACK packet comprises a time value representing a time within a predetermined time interval from the time the session ACK packet is received.

摘要翻译： 提供了一种用于TCP SYN cookie验证的方法和系统。 所述方法包括：通过主机服务器的TCP会话建立模块接收会话SYN分组，生成包含表示实际时间的时间值的转换cookie，响应于接收到的发送包括转换cookie的会话SYN / ACK分组 会话SYN分组，接收会话ACK分组，以及确定接收到的会话ACK分组中的候选转移cookie是否包括表示从接收到会话ACK分组的时间起的预定时间间隔内的时间的时间值。

公开(公告)号：US20090049537A1

公开(公告)日：2009-02-19

申请号：US11947755

申请日：2007-11-29

申请人： Lee Chen ,  Ronald Wai Lun Szeto

发明人： Lee Chen ,  Ronald Wai Lun Szeto

IPC分类号： G06F21/00

CPC分类号： H04L63/20 ,  H04L29/12433 ,  H04L29/12481 ,  H04L61/2539 ,  H04L61/2557 ,  H04L63/0209 ,  H04L63/0218 ,  H04L63/0227 ,  H04L63/0281 ,  H04L65/1069

摘要： A system and method for a distributed multi-processing security gateway establishes a host side session, selects a proxy network address for a server, uses the proxy network address to establish a server side session, receives a data packet, assigns a central processing unit core from a plurality of central processing unit cores in a multi-core processor of the security gateway to process the data packet, processes the data packet according to security policies, and sends the processed data packet. The proxy network address is selected such that a same central processing unit core is assigned to process data packets from the server side session and the host side session. By assigning central processing unit cores in this manner, higher capable security gateways are provided.

摘要翻译： 用于分布式多处理安全网关的系统和方法建立主机侧会话，为服务器选择代理网络地址，使用代理网络地址建立服务器端会话，接收数据包，分配中央处理单元核心 从安全网关的多核处理器中的多个中央处理单元核心处理数据分组，根据安全策略处理数据分组，并发送处理后的数据分组。 代理网络地址被选择为使得相同的中央处理单元核心被分配以处理来自服务器端会话和主机侧会话的数据分组。 通过以这种方式分配中央处理单元核心，提供了更高能力的安全网关。

公开(公告)号：US09032502B1

公开(公告)日：2015-05-12

申请号：US14044673

申请日：2013-10-02

申请人： Lee Chen ,  Ronald Wai Lun Szeto

发明人： Lee Chen ,  Ronald Wai Lun Szeto

IPC分类号： G06F21/00 ,  H04L29/08 ,  H04L29/06

CPC分类号： H04L63/0236 ,  H04L63/0227 ,  H04L63/0281 ,  H04L63/20 ,  H04L67/28

摘要： A system and method for a distributed multi-processing security gateway establishes a host side session, selects a proxy network address for a server based on network information, and using the proxy network address to establish a server side session. The proxy network address is selected such that a same processing element is assigned to process data packets from the server side session and the host side session. The network information includes a security gateway network address and a host network address. By assigning processing elements in this manner, higher capable security gateways are provided.

摘要翻译： 用于分布式多处理安全网关的系统和方法建立主机侧会话，基于网络信息为服务器选择代理网络地址，并使用代理网络地址建立服务器端会话。 选择代理网络地址，使得分配相同的处理元件来处理来自服务器端会话和主机侧会话的数据分组。 网络信息包括安全网关网络地址和主机网络地址。 通过以这种方式分配处理元件，提供了更高能力的安全网关。

公开(公告)号：US08387128B1

公开(公告)日：2013-02-26

申请号：US13284869

申请日：2011-10-29

申请人： Lee Chen ,  Ronald Wai Lun Szeto

发明人： Lee Chen ,  Ronald Wai Lun Szeto

IPC分类号： G06F21/00

CPC分类号： H04L63/20 ,  H04L29/12433 ,  H04L29/12481 ,  H04L61/2539 ,  H04L61/2557 ,  H04L63/0209 ,  H04L63/0218 ,  H04L63/0227 ,  H04L63/0281 ,  H04L65/1069

摘要： A system and method for a distributed multi-processing security gateway establishes a host side session, selects a proxy network address for a server, uses the proxy network address to establish a server side session, receives a data packet, assigns a central processing unit core from a plurality of central processing unit cores in a multi-core processor of the security gateway to process the data packet, processes the data packet according to security policies, and sends the processed data packet. The proxy network address is selected such that a same central processing unit core is assigned to process data packets from the server side session and the host side session. By assigning central processing unit cores in this manner, higher capable security gateways are provided.

公开(公告)号：US08332925B2

公开(公告)日：2012-12-11

申请号：US11501607

申请日：2006-08-08

申请人： Lee Chen ,  Ronald Wai Lun Szeto

发明人： Lee Chen ,  Ronald Wai Lun Szeto

IPC分类号： G06F21/00

CPC分类号： H04L63/0236 ,  H04L63/0227 ,  H04L63/0281 ,  H04L63/20 ,  H04L67/28

摘要： A system and method for a distributed multi-processing security gateway establishes a host side session, selects a proxy network address for a server based on network information, and using the proxy network address to establish a server side session. The proxy network address is selected such that a same processing element is assigned to process data packets from the server side session and the host side session. The network information includes a security gateway network address and a host network address. By assigning processing elements in this manner, higher capable security gateways are provided.

摘要翻译： 用于分布式多处理安全网关的系统和方法建立主机侧会话，基于网络信息为服务器选择代理网络地址，并使用代理网络地址建立服务器端会话。 选择代理网络地址，使得分配相同的处理元件来处理来自服务器端会话和主机侧会话的数据分组。 网络信息包括安全网关网络地址和主机网络地址。 通过以这种方式分配处理元件，提供了更高能力的安全网关。