公开(公告)号：WO2014179753A3

公开(公告)日：2014-11-06

申请号：PCT/US2014/036676

申请日：2014-05-02

Applicant: A10 NETWORKS, INC.

Inventor： JALAN, Rajkumar ,  KAMAT, Gurudeep

IPC: H04L29/08

Abstract: Facilitation of secure network traffic by an application delivery controller is provided herein. In some examples, a method includes: (a) receiving a data packet with information from a client indicating that the client is a trusted source; (b) embedding in the data packet a transmission control protocol (TCP) options header, the TCP options header comprising information including at least a sequence number for a protocol connection; and (c) forwarding the embedded data packet to a server.

公开(公告)号：WO2014151072A1

公开(公告)日：2014-09-25

申请号：PCT/US2014/024892

申请日：2014-03-12

Applicant: A10 NETWORKS, INC.

Inventor： OSHIBA, Dennis

IPC: H04L29/06

CPC classification number: H04L45/30 ,  H04L43/028 ,  H04L47/20 ,  H04L47/2408 ,  H04L47/2441

Abstract: Expertise, for performing classification of network traffic, can be encapsulated in a module. A set of modules, as currently available to a traffic controller, can be referred to as a collection. Programming language constructs are introduced that facilitate the writing of modules customized to identify network traffic that is peculiar to a particular user, or to a relatively small group of users. An example programming language, based on Tcl, is introduced. A key aspect is event-driven programming, and the "when" command construct is introduced. Three important event types, that can trigger a "when" command, are CLIENT_DATA, SERVER_DATA, and RULE_INIT. Another key aspect is an ability to keep state information between events. Constructs for intra-session, intra-module, and global state are introduced. A module can be blocked from executing more than once for a session. Successful execution of a module can be specified by a "match" statement.

Abstract translation: 用于执行网络流量分类的专长，可以封装在一个模块中。 当前可用于流量控制器的一组模块可以被称为集合。 引入了编程语言结构，便于编写定制的模块，以识别特定用户或相对较小的用户组特有的网络流量。 介绍了一种基于Tcl的示例编程语言。 一个关键的方面是事件驱动的编程，并引入了“when”命令结构。 可以触发“when”命令的三个重要事件类型是CLIENT_DATA，SERVER_DATA和RULE_INIT。 另一个关键方面是在事件之间保持状态信息的能力。 介绍会话，模块内和全局状态的构造。 可以阻止模块对会话执行多次。 模块的成功执行可以通过“match”语句来指定。

公开(公告)号：WO2013096019A1

公开(公告)日：2013-06-27

申请号：PCT/US2012/069026

申请日：2012-12-12

Applicant: A10 NETWORKS INC.

Inventor： JALAN, Rajkumar ,  XU, Feilong ,  SAMPAT, Rishi

IPC: H04L12/66 ,  H04L12/70

CPC classification number: H04L69/22 ,  G06F9/505 ,  H04L43/0817 ,  H04L61/00 ,  H04L61/103 ,  H04L61/1541 ,  H04L61/2007 ,  H04L61/255 ,  H04L67/00 ,  H04L67/02 ,  H04L67/1008 ,  H04L67/28 ,  H04L67/2814

Abstract: In activating a service, a service gateway retrieves a service table entry using a service or server address of the service entry, where the service table entry has an association with another service entry. An association to the service entry is added and a marker value is set to indicate associations with two service entries. After a time duration, the association with the other service entry is removed, and the marker value is changed accordingly. In deactivating a service entry, the service gateway calculates a hash value for the service or server address of the service entry. After matching the hash value to a hash value of another service entry, an association with the other service entry is added. A marker value is set to indicate associations with two service entries. After a time duration, the association with the service entry is removed, and the marker value is changed accordingly.

Abstract translation: 在激活服务时，服务网关使用服务条目的服务或服务器地址检索服务表条目，其中服务表条目具有与另一服务条目的关联。 添加与服务条目的关联，并且设置标记值以指示与两个服务条目的关联。 在一段时间之后，与其他服务条目的关联被去除，并且标记值相应地改变。 在停用服务条目时，服务网关计算服务条目的服务或服务器地址的哈希值。 将哈希值与其他服务条目的哈希值匹配后，将添加与其他服务条目的关联。 标记值被设置为指示与两个服务条目的关联。 在一段时间之后，与服务条目的关联被去除，并且标记值被相应地改变。

公开(公告)号：WO2012050747A3

公开(公告)日：2012-05-31

申请号：PCT/US2011052225

申请日：2011-09-19

Applicant: A10 NETWORKS INC ,  KANNAN LALGUDI NARAYANAN ,  SZETO RONALD WAI LUN ,  CHEN LEE ,  XU FEILONG ,  JALAN RAJKUMAR

Inventor： KANNAN LALGUDI NARAYANAN ,  SZETO RONALD WAI LUN ,  CHEN LEE ,  XU FEILONG ,  JALAN RAJKUMAR

IPC: H04L12/24 ,  G06F15/16 ,  H04L29/06

CPC classification number: H04L67/1008 ,  H04L67/02 ,  H04L67/1002

Abstract: A method, system, and computer program product for balancing servers based on server load status, include: receiving from a server a service response to a service request, the service response including a result from a processing of the service request and a server status indicating a computing load status of the server; obtaining the server status from the service response; receiving a next service request from a host, the next service request comprising a Uniform Resource Locator (URL); determining that the server is configured to process the URL; determining whether the server status indicates that the server is available to process the next service request; and in response to determining that the server status indicates that the server is available to process the next service request, sending the next service request to the server.

Abstract translation: 一种用于基于服务器负载状态来平衡服务器的方法，系统和计算机程序产品，包括：从服务器接收对服务请求的服务响应，所述服务响应包括来自服务请求的处理的结果和指示服务器状态 服务器的计算负载状态; 从服务响应中获得服务器状态; 接收来自主机的下一个服务请求，所述下一个服务请求包括统一资源定位符（URL）; 确定服务器被配置为处理该URL; 确定服务器状态是否指示服务器可用于处理下一服务请求; 以及响应于确定服务器状态指示服务器可用于处理下一服务请求，向服务器发送下一服务请求。

公开(公告)号：WO2011149796A3

公开(公告)日：2012-04-19

申请号：PCT/US2011037475

申请日：2011-05-20

Applicant: A10 NETWORKS INC ,  CHEN LEE ,  CHIONG JOHN ,  OSHIBA DENNIS

Inventor： CHEN LEE ,  CHIONG JOHN ,  OSHIBA DENNIS

IPC: H04L12/22 ,  H04L29/06

CPC classification number: H04L63/0263 ,  G06F21/00 ,  G06F21/44 ,  H04L12/66 ,  H04L51/04 ,  H04L63/02 ,  H04L63/0227 ,  H04L63/0236 ,  H04L63/0245 ,  H04L63/0254 ,  H04L63/029 ,  H04L63/0407 ,  H04L63/08 ,  H04L63/10 ,  H04L63/102 ,  H04L63/105 ,  H04L63/164 ,  H04L63/168 ,  H04L63/20 ,  H04L63/30 ,  H04L65/1026 ,  H04L67/10 ,  H04L67/1004 ,  H04L67/104 ,  H04L67/141 ,  H04L67/22 ,  H04L67/306 ,  H04L67/42 ,  H04L69/28 ,  H04L69/329 ,  H04M1/72547 ,  H04W12/00

Abstract: Method for applying a security policy to an application session, includes: recognizing the application session between a network and an application via a security gateway; determining by the security gateway a user identity of the application session using information about the application session; obtaining by the security gateway the security policy comprising network parameters mapped to the user identity; and applying the security policy to the application session by the security gateway. The user identity may be a network user identity or an application user identity recognized from packets of the application session. The security policy may comprise a network traffic policy mapped and/or a document access policy mapped to the user identity, where the network traffic policy is applied to the application session. The security gateway may further generate a security report concerning the application of the security policy to the application session.

Abstract translation: 将安全策略应用于应用会话的方法包括：通过安全网关识别网络与应用之间的应用会话; 使用关于应用会话的信息由安全网关确定应用会话的用户身份; 由安全网关获取包括映射到用户身份的网络参数的安全策略; 并将安全策略应用于安全网关的应用会话。 用户身份可以是从应用会话的分组识别的网络用户身份或应用用户身份。 安全策略可以包括被映射的网络流量策略和/或映射到用户身份的文档访问策略，其中将网络流量策略应用于应用会话。 安全网关还可以生成关于安全策略应用于应用会话的安全报告。

公开(公告)号：WO2011049770A2

公开(公告)日：2011-04-28

申请号：PCT/US2010/052209

申请日：2010-10-12

Applicant: A10 NETWORKS INC. ,  CHEN, Lee ,  CHIONG, John

Inventor： CHEN, Lee ,  CHIONG, John

IPC: H04L12/28

CPC classification number: H04L41/12 ,  H04L29/12066 ,  H04L61/1511 ,  H04L67/1002 ,  H04L67/1021 ,  H04L67/1036

Abstract: A method and system to determine a web server based on geo-location information is disclosed. The system includes: a local DNS server coupled to a web client; a plurality of web servers; and a global load balancer coupled to the local DNS server. The global load balancer: receives a request for a web service sent by the web client, the request comprising local DNS server information; determines a geographic location for the local DNs server based on the local DNS server information; determines a web server from the plurality of web servers based on the requested web service; determines a geographic location for the determined web server; determines that the geographic location for the local DNS server matches the geographic location for the determined web server; selects the determined web server; and sends a response comprising information on the selected web server to the local DNS server.

Abstract translation: 公开了一种基于地理位置信息确定Web服务器的方法和系统。 该系统包括：耦合到web客户端的本地DNS服务器; 多个web服务器; 以及耦合到本地DNS服务器的全局负载平衡器。 全局负载平衡器：接收由Web客户端发送的Web服务的请求，该请求包括本地DNS服务器信息; 基于本地DNS服务器信息确定本地DN服务器的地理位置; 基于所请求的web服务从多个web服务器确定web服务器; 确定所确定的web服务器的地理位置; 确定本地DNS服务器的地理位置与确定的Web服务器的地理位置相匹配; 选择确定的Web服务器; 并将包含所选web服务器上的信息的响应发送到本地DNS服务器。

公开(公告)号：WO2018013521A1

公开(公告)日：2018-01-18

申请号：PCT/US2017/041463

申请日：2017-07-11

Applicant: A10 NETWORKS, INC.

Inventor： JALAN, Rajkumar ,  SZETO, Ronald Wai Lun ,  SAMPAT, Rishi ,  LIN, Julia

IPC: G06F11/30 ,  G06F11/34 ,  G06F21/55 ,  H04L29/06

Abstract: Methods and systems are provided for automatically capturing network data for a detected anomaly. In some examples, a network node establishes a baseline usage by applying at least one baselining rule to network traffic to generate baseline statistics, detects an anomaly usage by applying at least one anomaly rule to network traffic and generating an anomaly event, and captures network data according to an anomaly event by triggering at least one capturing rule to be applied to network traffic when an associated anomaly event is generated.

Abstract translation: 提供了用于为检测到的异常自动捕获网络数据的方法和系统。 在一些示例中，网络节点通过将至少一个基线规则应用于网络流量来生成基线统计量，通过将至少一个异常规则应用于网络流量并生成异常事件来检测异常使用，并且捕获网络数据来建立基线使用 根据异常事件，通过触发至少一个捕获规则在发生相关异常事件时应用于网络流量。

公开(公告)号：WO2014179753A2

公开(公告)日：2014-11-06

申请号：PCT/US2014036676

申请日：2014-05-02

Applicant: A10 NETWORKS INC

Inventor： JALAN RAJKUMAR ,  KAMAT GURUDEEP

IPC: H04L29/06

CPC classification number: H04L63/0892 ,  H04L63/1458 ,  H04L63/1466 ,  H04L63/166

Abstract: Facilitation of secure network traffic by an application delivery controller is provided herein. In some examples, a method includes: (a) receiving a data packet with information from a client indicating that the client is a trusted source; (b) embedding in the data packet a transmission control protocol (TCP) options header, the TCP options header comprising information including at least a sequence number for a protocol connection; and (c) forwarding the embedded data packet to a server.

Abstract translation: 本文提供了由应用传送控制器促进安全网络流量。 在一些示例中，一种方法包括：（a）从客户端接收指示客户端是可信源的信息的数据分组; （b）在数据分组中嵌入传输控制协议（TCP）选项报头，所述TCP选项报头包括至少包括用于协议连接的序列号的信息; 和（c）将嵌入的数据分组转发到服务器。

公开(公告)号：WO2014150617A1

公开(公告)日：2014-09-25

申请号：PCT/US2014/023801

申请日：2014-03-11

Applicant: A10 NETWORKS, INC.

Inventor： OSHIBA, Dennis

IPC: G06F15/173

CPC classification number: H04L43/028 ,  H04L43/04 ,  H04L47/2441 ,  H04L67/141 ,  H04L67/146

Abstract: Expertise, for performing classification of a type of network traffic, can be encapsulated in a module. A set of modules, as currently available to a traffic controller, can be referred to as a collection. An improved process, for updating a collection of modules, is presented. A traffic controller can have two or more locations, each storing a module collection. While an old collection remains active, a new collection can be loaded. Once the new collection is loaded, transitioning can be undertaken, on a session-by-session basis that keeps a traffic controller active, from the old collection to the new collection.

Abstract translation: 用于执行一种类型的网络流量分类的专长，可以封装在一个模块中。 当前可用于流量控制器的一组模块可以被称为集合。 提出了一种用于更新模块集合的改进过程。 流量控制器可以具有两个或更多个位置，每个位置存储模块集合。 当旧的集合保持活动状态时，可以加载新的集合。 一旦加载了新的集合，就可以在逐个会话的基础上进行转换，使流量控制器处于活动状态，从旧集合到新集合。

公开(公告)号：WO2012170226A3

公开(公告)日：2013-02-28

申请号：PCT/US2012039782

申请日：2012-05-27

Applicant: A10 NETWORKS INC ,  JALAN RAJKUMAR ,  OSHIBA DENNIS

Inventor： JALAN RAJKUMAR ,  OSHIBA DENNIS

IPC: G06F15/16 ,  G06F9/44

CPC classification number: H04L41/084 ,  H04L29/06 ,  H04L41/0806 ,  H04L41/0816 ,  H04L67/34

Abstract: Synchronization of configuration files of a virtual application distribution chassis, includes: processing a configuration command received by a master blade; updating a first configuration file with the configuration command and an updated tag by the master blade; sending a configuration message by the master blade to the slave blades informing of the updated configuration file, the configuration message comprising the updated tag; in response to receiving the configuration message by a given slave blade of the one or more slave blades, comparing the updated tag in the configuration message with a tag in a second configuration file stored at the given slave blade; and in response to determining that the updated tag in the configuration message is more recent than the tag in the second configuration file stored at the given slave blade, sending a request for the updated configuration file to the master blade by the given slave blade.

Abstract translation: 虚拟应用分发机箱的配置文件同步包括：处理主刀片接收的配置命令; 使用配置命令更新第一配置文件和由主刀片更新的标签; 将所述主刀片的配置消息发送到所述从属刀片，通知所述更新的配置文件，所述配置消息包括所述更新的标签; 响应于由一个或多个从属刀片的给定从属刀片接收配置消息，将配置消息中的更新标签与存储在给定从属刀片上的第二配置文件中的标签进行比较; 并且响应于确定配置消息中的更新的标签比存储在给定从属刀片中的第二配置文件中的标签更新，由给定从属刀片向主刀片发送对更新的配置文件的请求。