Centralized TCP termination with multi-service chaining
    1.
    发明授权
    Centralized TCP termination with multi-service chaining 有权
    集中TCP终端与多业务链接

    公开(公告)号:US07913529B2

    公开(公告)日:2011-03-29

    申请号:US12101860

    申请日:2008-04-11

    IPC分类号: G06F15/173

    摘要: A network element having centralized TCP termination with multi-service chaining is described herein. According to one embodiment, a network element includes a switch fabric, a first service module coupled to the switch fabric, and a second and a third service modules coupled to the first service module over the switch fabric. In response to packets of a network transaction received from a client over a first network for access a server of a data center having multiple servers over a second network, the first service module is configured to terminate a TCP connection of the packets. The TCP terminated packets are transmitted to the second and third service modules over the switch fabric. The second and third service modules are configured to perform different application network services on the TCP terminated packets without having to perform a TCP process again. Other methods and apparatuses are also described.

    摘要翻译: 这里描述了具有多服务链接的集中式TCP终止的网络元件。 根据一个实施例,网络元件包括交换结构,耦合到交换结构的第一服务模块以及通过交换结构耦合到第一服务模块的第二和第三服务模块。 响应于通过第一网络从客户端接收的网络交易的分组,用于通过第二网络访问具有多个服务器的数据中心的服务器,所述第一服务模块被配置为终止分组的TCP连接。 TCP端接的数据包通过交换结构传输到第二和第三服务模块。 第二和第三服务模块被配置为在TCP终止的分组上执行不同的应用网络服务,而不必再次执行TCP进程。 还描述了其它方法和装置。

    HIGHLY SCALABLE APPLICATION NETWORK APPLIANCES WITH VIRTUALIZED SERVICES
    2.
    发明申请
    HIGHLY SCALABLE APPLICATION NETWORK APPLIANCES WITH VIRTUALIZED SERVICES 有权
    高可扩展应用网络设备与虚拟化服务

    公开(公告)号:US20090064288A1

    公开(公告)日:2009-03-05

    申请号:US12101871

    申请日:2008-04-11

    IPC分类号: H04L9/32 G06F21/20

    摘要: An application network appliance with virtualized services is described herein. According to one embodiment, a packet of a network transaction is received from a client for accessing an application server of a datacenter, where the network element operates as an application services gateway of the datacenter. A context associated with the application server is identified based on the packet, including information that identifies application services to be performed on the packet and resources to be allocated for performing the application services. A context includes information representing a logical instance of physical resources of the network element shared by multiple contexts. One or more application services are performed on the packet using the resources identified by the context. Other methods and apparatuses are also described.

    摘要翻译: 本文描述了具有虚拟化服务的应用网络设备。 根据一个实施例,从用于访问数据中心的应用服务器的客户端接收网络事务的分组,其中网络元件作为数据中心的应用服务网关操作。 基于分组识别与应用服务器相关联的上下文,包括标识要对分组执行的应用服务的信息和要分配用于执行应用服务的资源。 上下文包括表示由多个上下文共享的网络元素的物理资源的逻辑实例的信息。 使用由上下文识别的资源在分组上执行一个或多个应用服务。 还描述了其它方法和装置。

    HIGHLY SCALABLE APPLICATION LAYER SERVICE APPLIANCES
    3.
    发明申请
    HIGHLY SCALABLE APPLICATION LAYER SERVICE APPLIANCES 有权
    高可扩展应用层服务设备

    公开(公告)号:US20090063625A1

    公开(公告)日:2009-03-05

    申请号:US12101868

    申请日:2008-04-11

    IPC分类号: G06F15/16

    摘要: A highly scalable application layer service appliance is described herein. According to one embodiment, a network element includes a plurality of application service modules (ASMs), each providing one or more application services to network traffic, including layer 5-7 services, a lossless data transport fabric (LDTF), a network service module (NSM) coupled to each of the ASMs over the LDTF. In response to a packet of a network transaction received from a client over for accessing a server of a datacenter, the NSM is configured to perform layer 2-5 processes on the packet, generating a data stream. The NSM is configured to route the data stream to at least two ASMs over the LDTF to allow the ASMs to perform layer 5-7 services on the packet. Other methods and apparatuses are also described.

    摘要翻译: 这里描述了高度可扩展的应用层服务设备。 根据一个实施例,网络元件包括多个应用服务模块(ASM),每个应用服务模块(ASM)为网络流量提供一个或多个应用服务,包括层5-7服务,无损数据传输结构(LDTF),网络服务模块 (NSM)耦合到LDTF上的每个ASM。 响应于从客户端接收的用于访问数据中心的服务器的网络事务的分组,NSM被配置为在分组上执行层2-5进程,生成数据流。 NSM被配置为通过LDTF将数据流路由到至少两个ASM,以允许ASM在分组上执行第5-7层服务。 还描述了其它方法和装置。

    Highly scalable architecture for application network appliances
    4.
    发明授权
    Highly scalable architecture for application network appliances 有权
    应用网络设备的高度可扩展架构

    公开(公告)号:US07921686B2

    公开(公告)日:2011-04-12

    申请号:US12101850

    申请日:2008-04-11

    IPC分类号: G06F15/173

    摘要: A highly scalable application network appliance is described herein. According to one embodiment, a network element includes a switch fabric, a first service module coupled to the switch fabric, and a second service module coupled to the first service module over the switch fabric. In response to packets of a network transaction received from a client over a first network to access a server of a data center having multiple servers over a second network, the first service module is configured to perform a first portion of OSI (open system interconnection) compatible layers of network processes on the packets while the second service module is configured to perform a second portion of the OSI compatible layers of network processes on the packets. The first portion includes at least one OSI compatible layer that is not included in the second portion. Other methods and apparatuses are also described.

    摘要翻译: 这里描述了高度可扩展的应用网络设备。 根据一个实施例,网络元件包括交换结构,耦合到交换结构的第一服务模块以及通过交换结构耦合到第一服务模块的第二服务模块。 响应于通过第一网络从客户端接收的网络事务的分组来访问具有多个服务器的数据中心的服务器,所述第一服务模块被配置为执行OSI的第一部分(开放系统互连) 在第二服务模块被配置为执行分组上的OSI兼容的网络进程层的第二部分时,分组上的网络进程的兼容层。 第一部分包括不包括在第二部分中的至少一个OSI兼容层。 还描述了其它方法和装置。

    Redundant application network appliances using a low latency lossless interconnect link
    5.
    发明授权
    Redundant application network appliances using a low latency lossless interconnect link 有权
    冗余应用网络设备使用低延迟无损互连链路

    公开(公告)号:US07895463B2

    公开(公告)日:2011-02-22

    申请号:US12101865

    申请日:2008-04-11

    IPC分类号: G06F11/00

    摘要: Redundant application network appliances using a low latency lossless interconnect link are described herein. According to one embodiment, in response to receiving at a first network element a packet of a network transaction from a client over a first network for accessing a server of a datacenter, a layer 2 network process is performed on the packet and a data stream is generated. The data stream is then replicated to a second network element via a layer 2 interconnect link to enable the second network element to perform higher layer processes on the data stream to obtain connection states of the network transaction. In response to a failure of the first network element, the second network element is configured to take over processes of the network transaction from the first network element using the obtained connection states without user interaction of the client. Other methods and apparatuses are also described.

    摘要翻译: 本文描述了使用低延迟无损互连链路的冗余应用网络设备。 根据一个实施例,响应于在第一网络元件处接收来自客户端的用于访问数据中心的服务器的来自客户端的网络事务的分组,对分组进行第2层网络处理,并且数据流是 生成。 然后,经由层2互连链路将数据流复制到第二网络元件,以使得第二网络元件能够在数据流上执行更高层次的过程以获得网络事务的连接状态。 响应于第一网络元件的故障,第二网络元件被配置为在没有客户端的用户交互的情况下使用所获得的连接状态从第一网络元件接管网络事务的过程。 还描述了其它方法和装置。

    REDUNDANT APPLICATION NETWORK APPLIANCES USING A LOW LATENCY LOSSLESS INTERCONNECT LINK
    6.
    发明申请
    REDUNDANT APPLICATION NETWORK APPLIANCES USING A LOW LATENCY LOSSLESS INTERCONNECT LINK 有权
    冗余应用网络设备使用低延迟无障碍互连链路

    公开(公告)号:US20090063893A1

    公开(公告)日:2009-03-05

    申请号:US12101865

    申请日:2008-04-11

    IPC分类号: G06F11/20

    摘要: Redundant application network appliances using a low latency lossless interconnect link are described herein. According to one embodiment, in response to receiving at a first network element a packet of a network transaction from a client over a first network for accessing a server of a datacenter, a layer 2 network process is performed on the packet and a data stream is generated. The data stream is then replicated to a second network element via a layer 2 interconnect link to enable the second network element to perform higher layer processes on the data stream to obtain connection states of the network transaction. In response to a failure of the first network element, the second network element is configured to take over processes of the network transaction from the first network element using the obtained connection states without user interaction of the client. Other methods and apparatuses are also described.

    摘要翻译: 本文描述了使用低延迟无损互连链路的冗余应用网络设备。 根据一个实施例,响应于在第一网络元件处接收来自客户端的用于访问数据中心的服务器的来自客户端的网络事务的分组,对分组进行第2层网络处理,并且数据流是 生成。 然后,经由层2互连链路将数据流复制到第二网络元件,以使得第二网络元件能够在数据流上执行更高层次的过程以获得网络事务的连接状态。 响应于第一网络元件的故障,第二网络元件被配置为在没有客户端的用户交互的情况下使用所获得的连接状态从第一网络元件接管网络事务的过程。 还描述了其它方法和装置。

    APPLICATION NETWORK APPLIANCES WITH INTER-MODULE COMMUNICATIONS USING A UNIVERSAL SERIAL BUS
    7.
    发明申请
    APPLICATION NETWORK APPLIANCES WITH INTER-MODULE COMMUNICATIONS USING A UNIVERSAL SERIAL BUS 审中-公开
    使用通用串行总线的应用网络设备与互联模块通信

    公开(公告)号:US20090063747A1

    公开(公告)日:2009-03-05

    申请号:US12101874

    申请日:2008-04-11

    IPC分类号: G06F13/00

    摘要: An application network appliance having inter-module communication using a universal serial bus (USB) is described herein. According to one embodiment, a network element includes a lossless data transport fabric (LDTF), multiple service modules coupled to each other over the LDTF, and a service control module (SCM) coupled to each of the service modules over the LDTF for routing network data between the SCM and the service modules. The SCM is also coupled to each of the service modules via a universal serial bus (USB) for managing the service modules, where the network element operates as a security gateway to a datacenter having multiple servers. Other methods and apparatuses are also described.

    摘要翻译: 本文描述了具有使用通用串行总线(USB)的模块间通信的应用网络设备。 根据一个实施例,网络元件包括无损数据传输结构(LDTF),通过LDTF彼此耦合的多个服务模块以及通过LDTF耦合到每个服务模块的服务控制模块(SCM),用于路由网络 SCM和服务模块之间的数据。 SCM还通过用于管理服务模块的通用串行总线(USB)耦合到每个服务模块,其中网络元件作为具有多个服务器的数据中心的安全网关操作。 还描述了其它方法和装置。

    CENTRALIZED TCP TERMINATION WITH MULTI-SERVICE CHAINING
    8.
    发明申请
    CENTRALIZED TCP TERMINATION WITH MULTI-SERVICE CHAINING 有权
    具有多业务链路的中心TCP终止

    公开(公告)号:US20090063688A1

    公开(公告)日:2009-03-05

    申请号:US12101860

    申请日:2008-04-11

    IPC分类号: G06F15/16

    摘要: A network element having centralized TCP termination with multi-service chaining is described herein. According to one embodiment, a network element includes a switch fabric, a first service module coupled to the switch fabric, and a second and a third service modules coupled to the first service module over the switch fabric. In response to packets of a network transaction received from a client over a first network for access a server of a data center having multiple servers over a second network, the first service module is configured to terminate a TCP connection of the packets. The TCP terminated packets are transmitted to the second and third service modules over the switch fabric. The second and third service modules are configured to perform different application network services on the TCP terminated packets without having to perform a TCP process again. Other methods and apparatuses are also described.

    摘要翻译: 这里描述了具有多服务链接的集中式TCP终止的网络元件。 根据一个实施例,网络元件包括交换结构,耦合到交换结构的第一服务模块,以及通过交换结构耦合到第一服务模块的第二和第三服务模块。 响应于通过第一网络从客户端接收的网络交易的分组,用于通过第二网络访问具有多个服务器的数据中心的服务器,所述第一服务模块被配置为终止分组的TCP连接。 TCP端接的数据包通过交换结构传输到第二和第三服务模块。 第二和第三服务模块被配置为在TCP终止的分组上执行不同的应用网络服务,而不必再次执行TCP进程。 还描述了其它方法和装置。

    HIGHLY SCALABLE ARCHITECTURE FOR APPLICATION NETWORK APPLIANCES
    9.
    发明申请
    HIGHLY SCALABLE ARCHITECTURE FOR APPLICATION NETWORK APPLIANCES 有权
    应用网络设备的高可扩展架构

    公开(公告)号:US20110173441A1

    公开(公告)日:2011-07-14

    申请号:US13070588

    申请日:2011-03-24

    IPC分类号: H04L9/00

    摘要: A highly scalable application network appliance is described herein. According to one embodiment, a network element includes a switch fabric, a first service module coupled to the switch fabric, and a second service module coupled to the first service module over the switch fabric. In response to packets of a network transaction received from a client over a first network to access a server of a data center having multiple servers over a second network, the first service module is configured to perform a first portion of OSI (open system interconnection) compatible layers of network processes on the packets while the second service module is configured to perform a second portion of the OSI compatible layers of network processes on the packets. The first portion includes at least one OSI compatible layer that is not included in the second portion. Other methods and apparatuses are also described.

    摘要翻译: 这里描述了高度可扩展的应用网络设备。 根据一个实施例,网络元件包括交换结构,耦合到交换结构的第一服务模块以及通过交换结构耦合到第一服务模块的第二服务模块。 响应于通过第一网络从客户端接收的网络交易的分组来访问具有多个服务器的数据中心的服务器,所述第一服务模块被配置为执行OSI(开放系统互连)的第一部分, 在第二服务模块被配置为执行分组上的OSI兼容的网络进程层的第二部分时,分组上的网络进程的兼容层。 第一部分包括不包括在第二部分中的至少一个OSI兼容层。 还描述了其它方法和装置。

    APPLICATION NETWORK APPLIANCE WITH BUILT-IN VIRTUAL DIRECTORY INTERFACE
    10.
    发明申请
    APPLICATION NETWORK APPLIANCE WITH BUILT-IN VIRTUAL DIRECTORY INTERFACE 审中-公开
    应用网络设备与内置虚拟目录接口

    公开(公告)号:US20090064300A1

    公开(公告)日:2009-03-05

    申请号:US12101872

    申请日:2008-04-11

    IPC分类号: H04L9/32

    摘要: An application network appliance with a built-in virtual directory interface is described herein. According to one embodiment, a network element includes a virtual directory interface (VDI) coupled to multiple directory servers, and an authentication and authorization unit coupled to the VDI. In response to a packet of a network transaction received from a client over a first network for accessing a server of a datacenter over a second network, the authentication and authorization unit obtains user attributes from the directory servers via the VDI and performs authentication and authorization using the user attributes to determine whether a user of the client is eligible to access the server of the datacenter, where the network element operates as a security gateway to the datacenter. Other methods and apparatuses are also described.

    摘要翻译: 本文描述了具有内置虚拟目录接口的应用网络设备。 根据一个实施例,网络元件包括耦合到多个目录服务器的虚拟目录接口(VDI)以及耦合到VDI的认证和授权单元。 响应于通过第一网络从客户端接收到的网络事务的分组,用于通过第二网络访问数据中心的服务器,认证和授权单元经由VDI从目录服务器获取用户属性,并使用 用户属性来确定客户端的用户是否有资格访问数据中心的服务器,其中网络元件作为数据中心的安全网关。 还描述了其它方法和装置。