Enabling planned upgrade/downgrade of network devices without impacting network sessions

Information

  • Patent Grant
  • 9806943
  • Patent Number
    9,806,943
  • Date Filed
    Thursday, April 24, 2014
    10 years ago
  • Date Issued
    Tuesday, October 31, 2017
    7 years ago
Abstract
Exemplary embodiments for enabling planned network changes such as an upgrade or downgrade of a network device are disclosed. The systems and methods provide for planned upgrades and downgrades for network devices without impacting existing network sessions, by utilizing two network devices simultaneously, and creating a redirect network session for a predetermined period of time. In so doing, all network traffic may be gradually transferred to the second network device, until the sessions processed by the first network device time out. The first network device can then be taken offline for upgrade or downgrade, without any disruption to the network service or loss of network traffic.
Description
TECHNICAL FIELD

The present disclosure relates generally to data processing, and, more specifically, to the operation of a network device during planned upgrades or downgrades of the network device.


BACKGROUND

The approaches described in this section could be pursued but are not necessarily approaches that have previously been conceived or pursued. Therefore, unless otherwise indicated, it should not be assumed that any of the approaches described in this section qualify as prior art merely by virtue of their inclusion in this section.


Websites, web and mobile applications, cloud computing, and various web and mobile services have been rising in popularity. Some examples of fast growing consumer services include smart phone applications, location based services, navigation services, e-book services, video applications, music applications, Internet television services, Voice over IP, and so forth. Subsequently, more and more servers hosting these applications are deployed within data networks including the Internet to accommodate the increasing computing and data storage needs. These servers are typically arranged in data centers or web farms, which may include intermediate network devices such as Application Delivery Controllers (ADC), Global Server Load Balancers (GSLB) and/or Server Load Balancers (SLB).


In a typical load balancing scenario, an application or service hosted by a group of servers is front-ended by a load balancer (LB) (also referred to herein as a LB device) which represents this service to clients as a virtual service. Clients needing the service can address their packets to the virtual service using a virtual Internet Protocol (IP) address and a virtual port. For example, www.example.com:80 is a service that is being load balanced and there is a group of servers that host this service. An LB can be configured with a virtual IP (VIP) e.g. 100.100.100.1 and virtual port (VPort) e.g. Port 80, which, in turn, are mapped to the IP addresses and port numbers of the servers handling this service. The Domain Name Service (DNS) server handling this domain can be configured to send packets to the VIP and VPort associated with this LB.


Once an ADC, or any other network device, has been deployed in a network, it may need to be upgraded or downgraded for any number of reasons. For services that need to operate continuously, any change in the intermediate network device will disrupt the flow of traffic over the network and the user's ability to access the service over the network through a client device. Data may also be lost in transit. This disruption in service may affect the quality of the service, as well as increase the response time for the client. Furthermore, once a network device has had a software update, it may need to be restarted, which will cause the existing session to be lost.


Additionally, Layer 7 network sessions may be particularly data-intensive. Thus, it may not be feasible to prepare a network device providing an application layer service for an upgrade or downgrade by copying all of the data from the first network device to a second network device. For example, a client device may be streaming a video over the network, or accessing an encrypted file. Copying the entire network session to a second network device to also provide the streaming video or encrypted file for all users may use too many resources.


Thus, a mechanism is needed whereby planned changes may be made to a network device within a network without resulting in disruption to the service being provided by the network device.


SUMMARY

This summary is provided to introduce a selection of concepts in a simplified form that are further described in the Detailed Description below. This summary is not intended to identify key features or essential features of the claimed subject matter, nor is it intended to be used as an aid in determining the scope of the claimed subject matter.


The present disclosure is related to approaches for conducting a planned upgrade or downgrade of a first network device without impacting the network sessions that are handled by that device. The method may comprise synchronizing a TCP session between a client device and the first network device with a second network device, the second device being a standby device, and creating a redirect network session for the TCP session at the second network device. During the planned network change, the second network device may become the active network device and receive the server response. The second network device may recognize that the server response is associated with the redirect network session, and redirect the server response to the first network device to be forwarded to the client device. The second network device may also handle all new service requests from the client device, since it now the active device for the service. The method may continue until all existing sessions handled by the first network device are completed or time out. The first network device may then be upgraded or downgraded without impacting any existing network sessions.


In further example embodiments of the present disclosure, the method steps are stored on a machine-readable medium comprising instructions, which when implemented by one or more processors perform the recited steps. In yet further example embodiments, hardware systems, or devices can be adapted to perform the recited steps. Other features, examples, and embodiments are described below.





BRIEF DESCRIPTION OF THE DRAWINGS

Embodiments are illustrated by way of example, and not by limitation, in the figures of the accompanying drawings, in which like references indicate similar elements.



FIG. 1 shows an environment within which a service may be provided to a user from one or more servers over a network.



FIG. 2 shows a flow for a data packet during a planned network change for an existing service, according to an example embodiment.



FIG. 3 shows a flow for a data packet during a planned network change, utilizing dual operation of two network devices to provide the service, according to an example embodiment.



FIG. 4 shows a diagrammatic representation of a computing device for a machine in the example electronic form of a computer system, within which a set of instructions for causing the machine to perform any one or more of the methodologies discussed herein can be executed.





DETAILED DESCRIPTION

The following detailed description includes references to the accompanying drawings, which form a part of the detailed description. The drawings show illustrations in accordance with example embodiments. These example embodiments, which are also referred to herein as “examples,” are described in enough detail to enable those skilled in the art to practice the present subject matter. The embodiments can be combined, other embodiments can be utilized, or structural, logical, and electrical changes can be made without departing from the scope of what is claimed. The following detailed description is therefore not to be taken in a limiting sense, and the scope is defined by the appended claims and their equivalents. In this document, the terms “a” and “an” are used, as is common in patent documents, to include one or more than one. In this document, the term “or” is used to refer to a nonexclusive “or,” such that “A or B” includes “A but not B,” “B but not A,” and “A and B,” unless otherwise indicated.


Embodiments disclosed herein may be implemented using a variety of technologies. For example, the methods described herein may be implemented in software executing on a computer system or in hardware utilizing either a combination of microprocessors or other specially designed application-specific integrated circuits (ASICs), programmable logic devices like FPGA's, or various combinations thereof. In particular, the methods described herein may be implemented by a series of computer-executable instructions residing on a storage medium such as a disk drive, or computer-readable medium. It should be noted that methods disclosed herein can be implemented by a computer, e.g., a desktop computer, tablet computer, laptop computer, smartphone and so forth.


The present technology provides various methods for operation of ADCs and GSLBs in data networks such as the Internet including a plurality of switches, routers, virtual switches, web farms, host servers, and other units. The present technology provides enhanced performance of ADC and allows implementing scalable business solutions for any services, applications, clouds and organizations. Furthermore, the present technology provides a scalable, high-performance application networking platform, which can delivers superior reliability and energy efficiency at lower total cost of ownership. An ADC can also provide increased infrastructure efficiency, a faster end user experience, comprehensive Layer 4-7 feature set and flexible virtualization technologies such as Virtual Chassis System, multi-tenancy, and more for public, private and hybrid cloud environments. The ADC and GSLB may include software and/or hardware components/platforms that may vary depending on a particular application, performance, infrastructure, network capacity, data traffic parameters, and so forth. The functionality of application delivery controllers and load balancers are also described in more detail in U.S. patent application Ser. No. 13/791,760 entitled “Application Delivery Controller and Global Server Load Balancer” which is incorporated herein by reference in its entirety.


Exemplary embodiments of the presently disclosed technology are deployed on a Layer 7 TCP/IP network. A TCP network session may be established between any two devices in the network via the TCP “handshake”. This is described in more detail in U.S. patent application Ser. No. 13/413,191 entitled “System and Method for an Adaptive TCP Syn Cookie with Time Validation” which is incorporated herein by reference in its entirety.


Referring now to the drawings, FIG. 1 illustrates an environment 100 within which a service may be provided to a user from one or more servers over a network. The environment 100 may include a network 110, a client 120, a client device 130, one or more network devices 160 for distributing network traffic, and one or more servers 140. The client 120 may include a user or a host associated with the network 110.


The network 110 may include the Internet or any other network capable of communicating data between devices. Suitable networks may include or interface with any one or more of, for instance, a local intranet, a PAN (Personal Area Network), a LAN (Local Area Network), a WAN (Wide Area Network), a MAN (Metropolitan Area Network), a virtual private network (VPN), a storage area network (SAN), a frame relay connection, an Advanced Intelligent Network (AIN) connection, a synchronous optical network (SONET) connection, a digital T1, T3, E1 or E3 line, Digital Data Service (DDS) connection, DSL (Digital Subscriber Line) connection, an Ethernet connection, an ISDN (Integrated Services Digital Network) line, a dial-up port such as a V.90, V.34 or V.34 bis analog modem connection, a cable modem, an ATM (Asynchronous Transfer Mode) connection, or an FDDI (Fiber Distributed Data Interface) or CDDI (Copper Distributed Data Interface) connection. Furthermore, communications may also include links to any of a variety of wireless networks, including WAP (Wireless Application Protocol), GPRS (General Packet Radio Service), GSM (Global System for Mobile Communication), CDMA (Code Division Multiple Access) or TDMA (Time Division Multiple Access), cellular phone networks, GPS (Global Positioning System), CDPD (cellular digital packet data), RIM (Research in Motion, Limited) duplex paging network, Bluetooth radio, or an IEEE 802.11-based radio frequency network.


The network 110 can further include or interface with any one or more of an RS-232 serial connection, an IEEE-1394 (Firewire) connection, a Fiber Channel connection, an IrDA (infrared) port, a SCSI (Small Computer Systems Interface) connection, a USB (Universal Serial Bus) connection or other wired or wireless, digital or analog interface or connection, mesh or Digi® networking. The network 110 may include a network of data processing nodes that are interconnected for the purpose of data communication. The network 110 may include software driven network (SDN). The SDN may include one or more of the above network types. Generally the network 110 may include a number of similar or dissimilar devices connected together by a transport medium enabling communication between the devices by using a predefined protocol. Those skilled in the art will recognize that the present disclosure may be practiced within a variety of network configuration environments and on a variety of computing devices.


As shown in FIG. 1, the client 120 may send one or more service requests 150 to (backened) servers 140 through a client device 130. The service requests 150 may include an HTTP request, a video streaming request, a file download request, a transaction request, a conference request, or any other service provided over a network. The client device 130 may include an end user computer, mobile phone, tablet, thin client, or any other device from which a user may access the service.


The servers 140 may include a web server, a wireless application server, an interactive television server, and so forth. The network device(s) 160 may include an ADC, GSLB, LB, or any other mechanism for service load distribution. The network device 160 may balance the flow of the service requests 150 among traffic forwarding devices of the network 110. The load balancing may enhance utilization of resources and enable maximize throughput with minimum response time, hence avoiding overloading of a single server. With this technology, network traffic may be distributed among different web farms, data centers, and servers 140 located at different geographical locations. Furthermore, as will be appreciated by those skilled in the art, network device 160 may act as a master to monitor “health” and responsiveness of services hosted by the servers 140.


The network device 160 may also analyze the flow of the service requests 150 and determine which and how many traffic forwarding devices of the network 110 are needed to deliver the service requests 150 to the servers 140. The network device 160 may also inspect incoming data packets and apply data policies or algorithms to determine the server(s) to deliver the service requests to. The policy may be a forwarding policy, security policy, service policy, or any other type of policy. In exemplary embodiments, the network device 160 may also modify the data packets as necessary before delivering the service requests 150 to the servers 140. The network device 160 may also inspect data packets and modify them as necessary in the server to client traffic direction.



FIG. 2 illustrates an exemplary flow for a data packet during a planned network change for an existing service provided to a user from one or more servers over a network. The steps of the flow may be performed in varying orders or concurrently. In various embodiments, the flow illustrated in FIG. 2 may apply to data packets of Layer 7 sessions. In flow 210, a client device 130 conducts a TCP handshake with network device A 160A and establishes a TCP network session with network device 160A. The TCP handshake may comprise the exchange of a SYN packet, SYN/ACK packet, and ACK packet, as understood by a person of ordinary skill in the art. In flow 220, the client device 130 may then send a service request to network device 160A. The service request may be for a virtual IP address, HTTP, GET, etc. In exemplary embodiments, network device 160A may then determine which server to deliver the service request to by conducting load balancing on a plurality of servers that are designated for the service. Network device 160A may then conduct a TCP handshake with the designated server 140 to establish a TCP network session between these two devices in flow 230. Alternatively, network device 160A may use an existing TCP network session with a server 140. The network device 160A may then deliver the service request to the server(s) in flow 240. The server 140 may be a server computer, load balancer, ADC, or any other network component.


During normal operation, the server 140 may then process the service request 150 and generate a server response 250, which is delivered to network device 160A, and forwarded to client device 130. One or more security, forwarding, or other policies may also be employed at any stage of this process.


During a planned network change (such as an upgrade or downgrade of network device 160A), the network administrator may choose to remove network device 160A as the active device for any reason, and configure an additional network device 160B as the active device. Network device 160B may be a surplus network device previously connected to the network 110, or a new device added to the network for the planned network change. Network device 160B may have previously been configured as a backup for network device 160A, or may have been an active device for a different virtual service.


In an exemplary embodiment, once network device 160B has been configured as the active device for the virtual service, the server response 250 is delivered to network device 160B via flow 260. However, since network device 160B does not have the open TCP session with client device 130 for the service request 150, it will not recognize the network session for the server response 250. As such, network device 160B may not know where to deliver server response 250 and may simply drop the data packet(s) from the server, resulting in a loss of data. When client device 130 does not receive server response 250 after a designated amount of time, it may have to re-send service request 150 to start the process of requesting the service again.



FIG. 3 illustrates an exemplary embodiment of a flow for a data packet during a planned network change, utilizing dual operation of two network devices to provide the service over the network. The steps of the flow may be performed in varying orders or concurrently. In various embodiments, the flow illustrated in FIG. 3 may apply to data packets of Layer 7 sessions.


In preparation for a planned network change, such as an upgrade or downgrade, of network device 160A, a second network device 160B may be deployed as a standby or backup device to the active network device 160A. In exemplary embodiments, the standby network device 160B may be upgraded or downgrade first, before being deployed in the network. Alternatively, standby network device 160B may be upgraded or downgraded after network device 160A.


In an example embodiment, a client device 130 may conduct a TCP handshake with network device 160A and establish a TCP network session with network device 160A in flow 310. The TCP handshake may comprise the exchange of a SYN packet, SYN/ACK packet, and ACK packet, as understood by a person of ordinary skill in the art. In flow 320, network device 160A may then send information to the standby network device 160B to create a similar, local session on network device 160B. Network device 160B may then create a redirect TCP session, such that it can recognize incoming traffic originally destined for network device 160A as needing to be redirected to network device 160A. The redirect session created at network device 160B may comprise all of the data contained in the network session, or may contain only certain identifying information needed to recognize the network session. For example, the redirect session may contain only the source IP address, destination IP address, source port, destination port, and network protocol. Fewer or additional components may be a part of the redirect session, as will be understood by a person of ordinary skill in the art.


In flow 330, client device 130 may then send a service request 150 to network device 160A, since it is still the active network device for the service. The service request may be for a virtual IP address, HTTP, GET, etc. In exemplary embodiments, network device 160A may determine which server to deliver the service request to by conducting load balancing on a plurality of servers that are designated for the service. Network device 160A may then conduct a TCP handshake with the designated server 140 to establish a TCP network session between these two devices in flow 340. Alternatively, network device 160A may use an existing TCP network session with a server 140. The network device 160A may then deliver the service request to the server(s) in flow 350. The server 140 may be a server computer, load balancer, ADC, or any other network component.


In an example embodiment, the network administrator may decide to switch the active network device for the virtual service from network device 160A to network device 160B, in order to prepare network device 160A for upgrade. When the server 140 processes the service request 150, it may generate a server response 250, which may then be delivered to network device 160E in flow 360, since this is now the active device for the service. Network device 160E may then recognize information in the data packet(s) of server response 250 as being a part of the redirect session that originated from network device 160A. Network device 160B may then redirect server response 250 to network device 160A in flow 370, since that is the device for which the client device 130 has established the TCP session. In exemplary embodiments, network device 160B may also conduct a session lookup to match the received data in flow 360 with the redirect session entry created in flow 320. Network device 160B may match one or more of source IP address, destination IP address, source port, destination port, protocol, or any other information from the network session. The server response 250 may then be delivered to client device 130 in flow 380. One or more security, forwarding, or other policies may also be employed at any stage of this process as well.


In various embodiments, after network device 160B has been configured as the active device for the service, a new service request 150 from client device 130 may be directed to network device 160B, since it is now the active device. In these embodiments, network device 160B may receive the service request 150 from client device 130 and deliver the request to the server 140. Network device 160B may also receive the server response 250 and deliver it to the client device 130. However, a server response 250 from a service request 150 that was previously received by network device 160A, may continue to be redirected to network device 160A. As such, the two network devices 160A and 160B may both be handling service requests from client device 130 for a period of time.


The dual operation of network devices 160A and 160B may continue until all of the existing sessions from network device 160A have timed out or are completed. Once network device 160A has finished processing all of its existing sessions, it may be ready for upgrade or downgrade. Existing sessions from network device 160A may also be marked to time out faster or slower so that the planned network change can occur at a specific time. By waiting until network device 160A no longer has any open network sessions, the device may be upgraded or downgraded without any resulting data loss in the network. Additionally, client device 130 may receive the service seamlessly and without disruption over the network.


While embodiments have been described herein in the context of a single client 120 and client device 130, it will be understood by persons of ordinary skill in the art that any number of clients and client devices may be able to access a service of a network in a similar manner. Additionally, while the example embodiments have been depicted in FIGS. 2 and 3 with a single active network device and a single standby network device, any number of network devices may be utilized in a similar manner.



FIG. 4 shows a diagrammatic representation of a machine in the example electronic form of a computer system 400, within which a set of instructions for causing the machine to perform any one or more of the methodologies discussed herein may be executed. In various example embodiments, the machine operates as a standalone device or may be connected (e.g., networked) to other machines. In a networked deployment, the machine may operate in the capacity of a server or a client machine in a server-client network environment, or as a peer machine in a peer-to-peer (or distributed) network environment. The machine may be a PC, a tablet PC, a set-top box (STB), a cellular telephone, a portable music player (e.g., a portable hard drive audio device such as a Moving Picture Experts Group Audio Layer 3 (MP3) player), a web appliance, a network router, switch or bridge, or any machine capable of executing a set of instructions (sequential or otherwise) that specify actions to be taken by that machine. Further, while only a single machine is illustrated, the term “machine” shall also be taken to include any collection of machines that individually or jointly execute a set (or multiple sets) of instructions to perform any one or more of the methodologies discussed herein.


The example computer system 400 includes a processor or multiple processors 402 (e.g., a central processing unit (CPU), a graphics processing unit (GPU), or both), a main memory 404 and a static memory 406, which communicate with each other via a bus 408. The computer system 400 may further include a video display unit 410 (e.g., a liquid crystal display (LCD) or a cathode ray tube (CRT)). The computer system 400 may also include an alpha-numeric input device 412 (e.g., a keyboard), a cursor control device 414 (e.g., a mouse), a disk drive unit 416, a signal generation device 418 (e.g., a speaker), and a network interface device 420.


The disk drive unit 416 includes a non-transitory computer-readable medium 422, on which is stored one or more sets of instructions and data structures (e.g., instructions 424) embodying or utilized by any one or more of the methodologies or functions described herein. The instructions 424 may also reside, completely or at least partially, within the main memory 404 and/or within the processors 402 during execution thereof by the computer system 400. The main memory 404 and the processors 402 may also constitute machine-readable media.


The instructions 424 may further be transmitted or received over a network 426 via the network interface device 420 utilizing any one of a number of well-known transfer protocols (e.g., Hyper Text Transfer Protocol (HTTP)).


While the computer-readable medium 422 is shown in an example embodiment to be a single medium, the term “computer-readable medium” should be taken to include a single medium or multiple media (e.g., a centralized or distributed database and/or associated caches and servers) that store the one or more sets of instructions. The term “computer-readable medium” shall also be taken to include any medium that is capable of storing, encoding, or carrying a set of instructions for execution by the machine and that causes the machine to perform any one or more of the methodologies of the present application, or that is capable of storing, encoding, or carrying data structures utilized by or associated with such a set of instructions. The term “computer-readable medium” shall accordingly be taken to include, but not be limited to, solid-state memories, optical and magnetic media, and carrier wave signals. Such media may also include, without limitation, hard disks, floppy disks, flash memory cards, digital video disks, random access memory (RAMs), read only memory (ROMs), and the like.


The example embodiments described herein can be implemented in an operating environment comprising computer-executable instructions (e.g., software) installed on a computer, in hardware, or in a combination of software and hardware. The computer-executable instructions can be written in a computer programming language or can be embodied in firmware logic. If written in a programming language conforming to a recognized standard, such instructions can be executed on a variety of hardware platforms and for interfaces to a variety of operating systems. Although not limited thereto, computer software programs for implementing the present method can be written in any number of suitable programming languages such as, for example, Hypertext Markup Language (HTML), Dynamic HTML, Extensible Markup Language (XML), Extensible Stylesheet Language (XSL), Document Style Semantics and Specification Language (DSSSL), Cascading Style Sheets (CSS), Synchronized Multimedia Integration Language (SMIL), Wireless Markup Language (WML), Java™, Jini™, C, C++, Perl, UNIX Shell, Visual Basic or Visual Basic Script, Virtual Reality Markup Language (VRML), ColdFusion™ or other compilers, assemblers, interpreters or other computer languages or platforms.


Thus, methods and systems for enabling planned upgrades and downgrades of a network device with minimum to no impact on network sessions are disclosed. Although embodiments have been described with reference to specific example embodiments, it will be evident that various modifications and changes can be made to these example embodiments without departing from the broader spirit and scope of the present application. Accordingly, the specification and drawings are to be regarded in an illustrative rather than a restrictive sense.

Claims
  • 1. A method for enabling a planned upgrade or a planned downgrade of a first network device, the method comprising: establishing, at the first network device, a TCP session with a client device;receiving, at the first network device, a request for a virtual service over a network by the client device;creating a redirect network session for the TCP session at a second network device based on information associated with the TCP session, the second network device being a standby device for the first network device, wherein the information associated with the TCP session is sent by the first network device to the second network device upon establishing the TCP session with the client device;delivering, by the first network device, the request for the virtual service over a network to a server;receiving a change from a network administrator designating the second network device as an active device for the virtual service;receiving a server response at the second network device;recognizing, at the second network device, that the server response is associated with the redirect network session;redirecting, by the second network device, the server response to the first network device in accordance with the redirect network session; andsending, by the first network device, the server response to the client device,wherein the first network device delivers further requests associated with the TCP session from the client device directly to the server until the virtual service is completed, andwherein the second network device redirects further server responses associated with the redirect network session to the first network device until the virtual service is completed.
  • 2. The method of claim 1, wherein the redirect network session comprises at least one of a source IP address, a destination IP address, a source port, destination port, and protocol.
  • 3. The method of claim 1, wherein the virtual service is a virtual IP address.
  • 4. The method of claim 1, wherein the request for the virtual service is a GET request.
  • 5. The method of claim 1, wherein the delivering the request for the virtual service over a network to the server by the first network device further comprises load balancing of a plurality of servers.
  • 6. The method of claim 1, wherein the recognizing, at the second network device, that the server response is associated with the redirect network session further comprises conducting a session lookup at the second network device to determine the TCP session that corresponds with the server response received.
  • 7. The method of claim 1, wherein the first network device is an application delivery controller.
  • 8. The method of claim 1, wherein the first network device is a global server load balancer.
  • 9. The method of claim 1, wherein the second network device is an application delivery controller.
  • 10. The method of claim 1, wherein the second network device is a global server load balancer.
  • 11. The method of claim 1, further comprising upgrading the first network device after the redirect network session times out.
  • 12. A system for enabling a planned upgrade or a planned downgrade of a first network device during a TCP session, the first network device configured to: establish a TCP session with a client device;receive a request for a virtual service over a network by the client device;deliver the request for the virtual service over a network to a server;receive a change from a network administrator designating a second network device as an active device for the virtual service, the second network device being a standby device for the first network device, the second device creating a redirect network session for the TCP session based on information associated with the TCP session, wherein the information associated with the TCP session is sent by the first network device to the second network device upon establishing the TCP session with the client device;receive a redirected server response from the second network device; andsend the redirected server response to the client device,wherein the first network device delivers further requests associated with the TCP session from the client device directly to the server until the virtual service is completed, andwherein the second network device redirects further server responses associated with the redirect network session to the first network device until the virtual service is completed.
  • 13. The system of claim 12, wherein the virtual service is a virtual IP address.
  • 14. The system of claim 12, wherein the request for the virtual service is a GET request.
  • 15. The system of claim 12, wherein the first network device is further configured to load balance a plurality of servers before delivering the request for the virtual service over a network to the server.
  • 16. The system of claim 12, wherein the first network device is an application delivery controller.
  • 17. The system of claim 12, wherein the first network device is a global server load balancer.
  • 18. The system of claim 12 further comprising the second network device configured to: receive a server response;recognize that the server response is associated with the redirect network session; andredirect the server response to the first network device.
  • 19. The system of claim 18, wherein the redirect network session comprises at least one of a source IP address, a destination IP address, a source port, destination port, and protocol.
  • 20. A non-transitory processor-readable medium having instructions stored thereon, which when executed by one or more processors, cause the one or more processors to perform the following operations: establishing, at the first network device, a TCP session with a client device;receiving, at the first network device, a request for a virtual service over a network by the client device;creating a redirect network session for the TCP session at a second network device based on information associated with the TCP session, the second network device being a standby device for the first network device, wherein the information associated with the TCP session is sent by the first network device to the second network device upon establishing the TCP session with the client device;delivering, by the first network device, the request for the virtual service over a network to a server;receiving a change from a network administrator designating the second network device as an active device for the virtual service;receiving a server response at the second network device;recognizing, at the second network device, that the server response is associated with the redirect network session;redirecting, by the second network device, the server response to the first network device in accordance with the redirect network session; andsending, by the first network device, the server response to the client device,wherein the first network device delivers further requests associated with the TCP session from the client device directly to the server until the virtual service is completed, andwherein the second network device redirects further server responses associated with the redirect network session to the first network device until the virtual service is completed.
US Referenced Citations (340)
Number Name Date Kind
4720850 Oberlander et al. Jan 1988 A
4864492 Blakely-Fogel et al. Sep 1989 A
4882699 Evensen Nov 1989 A
5218676 Ben-Ayed et al. Jun 1993 A
5293488 Riley et al. Mar 1994 A
5432908 Heddes et al. Jul 1995 A
5774660 Brendel et al. Jun 1998 A
5781550 Templin et al. Jul 1998 A
5862339 Bonnaure et al. Jan 1999 A
5875185 Wang et al. Feb 1999 A
5931914 Chiu Aug 1999 A
5958053 Denker Sep 1999 A
6003069 Cavill Dec 1999 A
6047268 Bartoli et al. Apr 2000 A
6075783 Voit Jun 2000 A
6131163 Wiegel Oct 2000 A
6141749 Coss et al. Oct 2000 A
6167428 Ellis Dec 2000 A
6321338 Porras et al. Nov 2001 B1
6324286 Lai et al. Nov 2001 B1
6360265 Falck et al. Mar 2002 B1
6363075 Huang et al. Mar 2002 B1
6374300 Masters Apr 2002 B2
6389462 Cohen et al. May 2002 B1
6415329 Gelman et al. Jul 2002 B1
6456617 Oda et al. Sep 2002 B1
6483600 Schuster et al. Nov 2002 B1
6519243 Nonaka et al. Feb 2003 B1
6535516 Leu et al. Mar 2003 B1
6578066 Logan et al. Jun 2003 B1
6587866 Modi et al. Jul 2003 B1
6600738 Alperovich et al. Jul 2003 B1
6658114 Farn et al. Dec 2003 B1
6772205 Lavian et al. Aug 2004 B1
6772334 Glawitsch Aug 2004 B1
6779033 Watson et al. Aug 2004 B1
6804224 Schuster et al. Oct 2004 B1
6832322 Boden et al. Dec 2004 B1
7010605 Dharmarajan Mar 2006 B1
7013338 Nag et al. Mar 2006 B1
7058718 Fontes et al. Jun 2006 B2
7058789 Henderson et al. Jun 2006 B2
7058973 Sultan Jun 2006 B1
7069438 Balabine et al. Jun 2006 B2
7086086 Ellis Aug 2006 B2
7111162 Bagepalli et al. Sep 2006 B1
7143087 Fairweather Nov 2006 B2
7167927 Philbrick et al. Jan 2007 B2
7181524 Lele Feb 2007 B1
7228359 Monteiro Jun 2007 B1
7254133 Govindarajan et al. Aug 2007 B2
7266604 Nathan et al. Sep 2007 B1
7269850 Govindarajan et al. Sep 2007 B2
7284272 Howard et al. Oct 2007 B2
7290050 Smith et al. Oct 2007 B1
7301899 Goldstone Nov 2007 B2
7308710 Yarborough Dec 2007 B2
7310686 Uysal Dec 2007 B2
7328267 Bashyam et al. Feb 2008 B1
7337241 Boucher et al. Feb 2008 B2
7343399 Hayball et al. Mar 2008 B2
7370100 Gunturu May 2008 B1
7370353 Yang May 2008 B2
7373500 Ramelson et al. May 2008 B2
7391725 Huitema et al. Jun 2008 B2
7398317 Chen et al. Jul 2008 B2
7406709 Maher, III et al. Jul 2008 B2
7423977 Joshi Sep 2008 B1
7430755 Hughes et al. Sep 2008 B1
7441270 Edwards et al. Oct 2008 B1
7451312 Medvinsky et al. Nov 2008 B2
7467202 Savchuk Dec 2008 B2
7506360 Wilkinson et al. Mar 2009 B1
7512980 Copeland et al. Mar 2009 B2
7516485 Lee et al. Apr 2009 B1
7529242 Lyle May 2009 B1
7552323 Shay Jun 2009 B2
7568041 Turner et al. Jul 2009 B1
7583668 Mayes et al. Sep 2009 B1
7584262 Wang et al. Sep 2009 B1
7590736 Hydrie et al. Sep 2009 B2
7591001 Shay Sep 2009 B2
7603454 Piper Oct 2009 B2
7610622 Touitou et al. Oct 2009 B2
7613193 Swami et al. Nov 2009 B2
7613822 Joy et al. Nov 2009 B2
7673072 Boucher et al. Mar 2010 B2
7675854 Chen et al. Mar 2010 B2
7711790 Barrett et al. May 2010 B1
7716369 Le Pennec et al. May 2010 B2
7733866 Mishra et al. Jun 2010 B2
7747748 Allen Jun 2010 B2
7779130 Toutonghi Aug 2010 B1
7826487 Mukerji et al. Nov 2010 B1
7908651 Maher Mar 2011 B2
7948952 Hurtta et al. May 2011 B2
7965727 Sakata et al. Jun 2011 B2
7979694 Touitou et al. Jul 2011 B2
7990847 Leroy et al. Aug 2011 B1
7992201 Aldridge et al. Aug 2011 B2
8079077 Chen et al. Dec 2011 B2
8081640 Ozawa et al. Dec 2011 B2
8090866 Bashyam et al. Jan 2012 B1
8099492 Dahlin et al. Jan 2012 B2
8116312 Riddoch et al. Feb 2012 B2
8122116 Matsunaga et al. Feb 2012 B2
8151019 Le et al. Apr 2012 B1
8185651 Moran et al. May 2012 B2
8244876 Sollee Aug 2012 B2
8255644 Sonnier et al. Aug 2012 B2
8261339 Aldridge et al. Sep 2012 B2
8291487 Chen et al. Oct 2012 B1
8327128 Prince et al. Dec 2012 B1
8332925 Chen et al. Dec 2012 B2
8347392 Chess et al. Jan 2013 B2
8379515 Mukerji Feb 2013 B1
8387128 Chen et al. Feb 2013 B1
8464333 Chen et al. Jun 2013 B1
8520615 Mehta et al. Aug 2013 B2
8559437 Mishra et al. Oct 2013 B2
8560693 Wang et al. Oct 2013 B1
8595383 Chen et al. Nov 2013 B2
8595819 Chen et al. Nov 2013 B1
RE44701 Chen et al. Jan 2014 E
8675488 Sidebottom et al. Mar 2014 B1
8681610 Mukerji Mar 2014 B1
8782221 Han Jul 2014 B2
8904512 Chen et al. Dec 2014 B1
8914871 Chen et al. Dec 2014 B1
8918857 Chen et al. Dec 2014 B1
RE45347 Chun et al. Jan 2015 E
8943577 Chen et al. Jan 2015 B1
8977749 Han Mar 2015 B1
8996670 Kupinsky et al. Mar 2015 B2
9032502 Chen et al. May 2015 B1
9094364 Jalan et al. Jul 2015 B2
9106561 Jalan et al. Aug 2015 B2
9118618 Davis Aug 2015 B2
9118620 Davis Aug 2015 B1
9124550 Chen et al. Sep 2015 B1
9137301 Dunlap et al. Sep 2015 B1
9154584 Han Oct 2015 B1
9258332 Chen et al. Feb 2016 B2
9386088 Zheng et al. Jul 2016 B2
9531846 Han et al. Dec 2016 B2
9602442 Han Mar 2017 B2
20010015812 Sugaya Aug 2001 A1
20010023442 Masters Sep 2001 A1
20010042200 Lamberton et al. Nov 2001 A1
20020026515 Michielsens et al. Feb 2002 A1
20020026531 Keane et al. Feb 2002 A1
20020032799 Wiedeman et al. Mar 2002 A1
20020046348 Brustoloni Apr 2002 A1
20020053031 Bendinelli et al. May 2002 A1
20020078164 Reinschmidt Jun 2002 A1
20020091844 Craft et al. Jul 2002 A1
20020103916 Chen et al. Aug 2002 A1
20020138618 Szabo Sep 2002 A1
20020141386 Minert et al. Oct 2002 A1
20020141448 Matsunaga Oct 2002 A1
20020143955 Shimada et al. Oct 2002 A1
20020143991 Chow et al. Oct 2002 A1
20020188678 Edecker et al. Dec 2002 A1
20030009591 Hayball et al. Jan 2003 A1
20030035409 Wang et al. Feb 2003 A1
20030061506 Cooper et al. Mar 2003 A1
20030065950 Yarborough Apr 2003 A1
20030081624 Aggarwal et al. May 2003 A1
20030088788 Yang May 2003 A1
20030135625 Fontes et al. Jul 2003 A1
20030135653 Marovich Jul 2003 A1
20030152078 Henderson et al. Aug 2003 A1
20030167340 Jonsson Sep 2003 A1
20030229809 Wexler et al. Dec 2003 A1
20040010545 Pandya Jan 2004 A1
20040054920 Wilson et al. Mar 2004 A1
20040062246 Boucher et al. Apr 2004 A1
20040073703 Boucher et al. Apr 2004 A1
20040078419 Ferrari et al. Apr 2004 A1
20040078480 Boucher et al. Apr 2004 A1
20040103315 Cooper et al. May 2004 A1
20040107360 Herrmann et al. Jun 2004 A1
20040184442 Jones et al. Sep 2004 A1
20040243718 Fujiyoshi Dec 2004 A1
20040250059 Ramelson Dec 2004 A1
20050005207 Herneque Jan 2005 A1
20050027947 Landin Feb 2005 A1
20050033985 Xu et al. Feb 2005 A1
20050036511 Baratakke et al. Feb 2005 A1
20050038898 Mittig et al. Feb 2005 A1
20050039033 Meyers et al. Feb 2005 A1
20050050364 Feng Mar 2005 A1
20050074001 Mattes et al. Apr 2005 A1
20050080890 Yang et al. Apr 2005 A1
20050114492 Arberg et al. May 2005 A1
20050135422 Yeh Jun 2005 A1
20050144468 Northcutt et al. Jun 2005 A1
20050163073 Heller et al. Jul 2005 A1
20050169285 Wills et al. Aug 2005 A1
20050198335 Brown et al. Sep 2005 A1
20050213586 Cyganski et al. Sep 2005 A1
20050240989 Kim et al. Oct 2005 A1
20050251856 Araujo et al. Nov 2005 A1
20050281190 McGee Dec 2005 A1
20060023721 Miyake et al. Feb 2006 A1
20060031506 Redgate Feb 2006 A1
20060036610 Wang Feb 2006 A1
20060041745 Parnes Feb 2006 A1
20060062142 Appanna et al. Mar 2006 A1
20060063517 Oh et al. Mar 2006 A1
20060064440 Perry Mar 2006 A1
20060069804 Miyake et al. Mar 2006 A1
20060080446 Bahl Apr 2006 A1
20060126625 Schollmeier et al. Jun 2006 A1
20060164978 Werner et al. Jul 2006 A1
20060168319 Trossen Jul 2006 A1
20060195698 Pinkerton et al. Aug 2006 A1
20060227771 Raghunath et al. Oct 2006 A1
20060230129 Swami et al. Oct 2006 A1
20060233100 Luft et al. Oct 2006 A1
20060280121 Matoba Dec 2006 A1
20070002857 Maher Jan 2007 A1
20070011419 Conti Jan 2007 A1
20070019543 Wei et al. Jan 2007 A1
20070022479 Sikdar et al. Jan 2007 A1
20070076653 Park et al. Apr 2007 A1
20070124487 Yoshimoto et al. May 2007 A1
20070124502 Li May 2007 A1
20070165622 O'Rourke et al. Jul 2007 A1
20070177506 Singer et al. Aug 2007 A1
20070180119 Khivesara et al. Aug 2007 A1
20070180226 Schory et al. Aug 2007 A1
20070180513 Raz et al. Aug 2007 A1
20070185998 Touitou et al. Aug 2007 A1
20070195792 Chen et al. Aug 2007 A1
20070230337 Igarashi et al. Oct 2007 A1
20070242738 Park et al. Oct 2007 A1
20070243879 Park et al. Oct 2007 A1
20070245090 King et al. Oct 2007 A1
20070248009 Petersen Oct 2007 A1
20070294694 Jeter et al. Dec 2007 A1
20080016161 Tsirtsis et al. Jan 2008 A1
20080031263 Ervin et al. Feb 2008 A1
20080034111 Kamath et al. Feb 2008 A1
20080034419 Mullick et al. Feb 2008 A1
20080040789 Chen et al. Feb 2008 A1
20080076432 Senarath et al. Mar 2008 A1
20080120129 Seubert et al. May 2008 A1
20080216177 Yokosato et al. Sep 2008 A1
20080225722 Khemani et al. Sep 2008 A1
20080253390 Das et al. Oct 2008 A1
20080289044 Choi Nov 2008 A1
20080291911 Lee et al. Nov 2008 A1
20080298303 Tsirtsis Dec 2008 A1
20090024722 Sethuraman Jan 2009 A1
20090031415 Aldridge et al. Jan 2009 A1
20090049537 Chen et al. Feb 2009 A1
20090077651 Poeluev Mar 2009 A1
20090092124 Singhal et al. Apr 2009 A1
20090113536 Zhang et al. Apr 2009 A1
20090138606 Moran et al. May 2009 A1
20090138945 Savchuk May 2009 A1
20090164614 Christian et al. Jun 2009 A1
20090210698 Candelore Aug 2009 A1
20090285196 Lee et al. Nov 2009 A1
20090288134 Foottit et al. Nov 2009 A1
20100042869 Szabo Feb 2010 A1
20100054139 Chun et al. Mar 2010 A1
20100061319 Aso et al. Mar 2010 A1
20100064008 Yan et al. Mar 2010 A1
20100095018 Khemani et al. Apr 2010 A1
20100106854 Kim et al. Apr 2010 A1
20100205310 Altshuler et al. Aug 2010 A1
20100228819 Wei Sep 2010 A1
20100235522 Chen et al. Sep 2010 A1
20100238828 Russell Sep 2010 A1
20100257278 Gunturu Oct 2010 A1
20100262819 Yang et al. Oct 2010 A1
20100265824 Chao et al. Oct 2010 A1
20100268814 Cross et al. Oct 2010 A1
20100318631 Shukla Dec 2010 A1
20100322252 Suganthi et al. Dec 2010 A1
20100333101 Pope et al. Dec 2010 A1
20100333209 Alve Dec 2010 A1
20110007652 Bai Jan 2011 A1
20110032941 Quach et al. Feb 2011 A1
20110060831 Ishii et al. Mar 2011 A1
20110083174 Aldridge et al. Apr 2011 A1
20110093522 Chen et al. Apr 2011 A1
20110099623 Garrard et al. Apr 2011 A1
20110149879 Noriega et al. Jun 2011 A1
20110209157 Sumida et al. Aug 2011 A1
20110276982 Nakayama et al. Nov 2011 A1
20110302256 Sureshehandra et al. Dec 2011 A1
20110307606 Cobb Dec 2011 A1
20120008495 Shen et al. Jan 2012 A1
20120026897 Guichard et al. Feb 2012 A1
20120039175 Sridhar et al. Feb 2012 A1
20120117382 Larson et al. May 2012 A1
20120155495 Clee et al. Jun 2012 A1
20120173759 Agarwal et al. Jul 2012 A1
20120215910 Wada Aug 2012 A1
20120290727 Tivig Nov 2012 A1
20130089099 Pollock et al. Apr 2013 A1
20130135996 Torres et al. May 2013 A1
20130136139 Zheng et al. May 2013 A1
20130166762 Jalan et al. Jun 2013 A1
20130176854 Chisu et al. Jul 2013 A1
20130176908 Baniel et al. Jul 2013 A1
20130191486 Someya et al. Jul 2013 A1
20130191548 Boddukuri et al. Jul 2013 A1
20130212242 Mendiratta et al. Aug 2013 A1
20130227165 Liu Aug 2013 A1
20130250765 Ehsan et al. Sep 2013 A1
20130258846 Damola Oct 2013 A1
20130262702 Davis Oct 2013 A1
20130311686 Fetterman et al. Nov 2013 A1
20130315241 Kamat et al. Nov 2013 A1
20140012972 Han Jan 2014 A1
20140086052 Cai et al. Mar 2014 A1
20140169168 Jalan et al. Jun 2014 A1
20140207845 Han et al. Jul 2014 A1
20140254367 Jeong et al. Sep 2014 A1
20140258536 Chiong Sep 2014 A1
20140286313 Fu et al. Sep 2014 A1
20140359052 Joachimpillai et al. Dec 2014 A1
20150026794 Zuk et al. Jan 2015 A1
20150047012 Chen et al. Feb 2015 A1
20150156223 Xu et al. Jun 2015 A1
20150237173 Virkki et al. Aug 2015 A1
20150244566 Puimedon Aug 2015 A1
20150296058 Jalan et al. Oct 2015 A1
20150350048 Sampat et al. Dec 2015 A1
20150350379 Jalan et al. Dec 2015 A1
20150350383 Davis Dec 2015 A1
20160014052 Han Jan 2016 A1
20160014126 Jalan et al. Jan 2016 A1
20160065619 Chen et al. Mar 2016 A1
20170048107 Dosovitsky et al. Feb 2017 A1
20170048356 Thompson et al. Feb 2017 A1
Foreign Referenced Citations (83)
Number Date Country
1372662 Oct 2002 CN
1473300 Feb 2004 CN
1529460 Sep 2004 CN
1575582 Feb 2005 CN
1910869 Feb 2007 CN
1921457 Feb 2007 CN
1937591 Mar 2007 CN
101189598 May 2008 CN
101442425 May 2009 CN
101495993 Jul 2009 CN
101682532 Mar 2010 CN
101878663 Nov 2010 CN
ZL 200780001807.5 Feb 2011 CN
102123156 Jul 2011 CN
102577252 Jul 2012 CN
103365654 Oct 2013 CN
103428261 Dec 2013 CN
103533018 Jan 2014 CN
101878663 Jun 2014 CN
103944954 Jul 2014 CN
104040990 Sep 2014 CN
104137491 Nov 2014 CN
104796396 Jul 2015 CN
102577252 Mar 2016 CN
1209876 May 2002 EP
1482685 Dec 2004 EP
1720287 Nov 2006 EP
2575328 Oct 2008 EP
2057552 May 2009 EP
2215863 Aug 2010 EP
2296313 Mar 2011 EP
2667571 Nov 2013 EP
2760170 Jul 2014 EP
2575328 Nov 2014 EP
2760170 Dec 2015 EP
1182547 Nov 2013 HK
1188498 May 2014 HK
1189438 Jun 2014 HK
1190539 Jul 2014 HK
1182547 Apr 2015 HK
1199153 Jun 2015 HK
1199779 Jul 2015 HK
1200617 Aug 2015 HK
261CHE2014 Jul 2016 IN
2000307634 Nov 2000 JP
2004350188 Dec 2004 JP
2005-518595 Jun 2005 JP
2006180295 Jul 2006 JP
2006333245 Dec 2006 JP
2007048052 Feb 2007 JP
2011505752 Feb 2011 JP
5480959 Feb 2013 JP
2013059122 Mar 2013 JP
2013070423 Apr 2013 JP
2013078134 Apr 2013 JP
5364101 Sep 2013 JP
5579820 Jul 2014 JP
5579821 Jul 2014 JP
2014143686 Aug 2014 JP
5906263 Apr 2016 JP
1020130096624 Aug 2013 KR
101576585 Dec 2015 KR
I086309 Feb 1996 TW
I109955 Dec 1999 TW
I130506 Mar 2001 TW
I137392 Jul 2001 TW
WO0113228 Feb 2001 WO
WO0114990 Mar 2001 WO
03073216 Sep 2003 WO
03103233 Dec 2003 WO
WO03103237 Dec 2003 WO
2006065691 Jun 2006 WO
2007076883 Jul 2007 WO
2008021620 Feb 2008 WO
WO2008053954 May 2008 WO
2009073295 Jun 2009 WO
WO2011049770 Apr 2011 WO
WO2011079381 Jul 2011 WO
WO2013081952 Jun 2013 WO
WO2013096019 Jun 2013 WO
WO2014031046 Feb 2014 WO
WO2014093829 Jun 2014 WO
WO2015164026 Oct 2015 WO
Non-Patent Literature Citations (15)
Entry
Goldszmidt et al., “NetDispatcher: A TCP Connection Router,” IBM Research Report RC 20853, May 19, 1997, pp. 1-31.
Koike et al., “Transport Middleware for Network-Based Control,” IEICE Technical Report, Jun. 22, 2000, vol. 100, No. 53, pp. 13-18.
Yamamoto et al., “Performance Evaluation of Window Size in Proxy-based TCP for Multi-hop Wireless Networks,” IPSJ SIG Technical Reports, May 15, 2008, vol. 2008, No. 44, pp. 109-114.
Abe et al., “Adaptive Split Connection Schemes in Advanced Relay Nodes,” IEICE Technical Report, Feb. 22, 2010, vol. 109, No. 438, pp. 25-30.
Gite, Vivek, “Linux Tune Network Stack (Buffers Size) to Increase Networking Performance,” nixCraft [online], Jul. 8, 2009 [retreived on Apr. 13, 2016], Retreived from the Internt: <URL:http://www.cyberciti.biz/faq/linux-tcp-tuning/>, 24 pages.
FreeBSD, “tcp—TCP Protocol,” Linux Programmer's Manual [online], Nov. 25, 2007 [retreived on Apr. 13, 2016], Retreived from the Internet: <URL:https://www.freebsd.org/cgi/man.cgi?query=tcp&apropos=0&sektion=7&manpath=SuSE+Linux%2Fi386+11.0&format=asci>, 11 pages.
Chiussi et al., “A Network Architecture for MPLS-Based Micro-Mobility”, IEEE WCNC 02, Orlando, Mar. 2002.
Smith, M. et al; “Network Security Using NAT and NAPT”, 10th IEEE International Converence on Aug. 27-30, 2002, Piscataway, NJ, USA, 2012; Aug. 27, 2002; pp. 355-360.
Cardellini et al., “Dynamic Load Balancing on Web-server Systems”, IEEE Internet Computing, vol. 3, No. 3, pp. 28-39, May-Jun. 1999.
Wang et al., “Shield: Vulnerability Driven Network Filters for Preventing Known Vulnerability Exploits”, SIGCOMM'04, Aug. 30-Sep. 3, 2004, Portland, Oregon, USA.
“Enhanced Interior Gateway Routing Protocol”, Cisco, Document ID 16406, Sep. 9, 2005 update, 43 pages.
Crotti, Manuel et al., “Detecting HTTP Tunnels with Statistical Mechanisms”, IEEE International Conference on Communications, Jun. 24-28, 2007, pp. 6162-6168.
Haruyama, Takahiro et al., “Dial-to-Connect VPN System for Remote DLNA Communication”, IEEE Consumer Communications and Networking Conference, CCNC 2008. 5th IEEE, Jan. 10-12, 2008, pp. 1224-1225.
Chen, Jianhua et al., “SSL/TLS-based Secure Tunnel Gateway System Design and Implementation”, IEEE International Workshop on Anti-counterfeiting, Security, Identification, Apr. 16-18, 2007, pp. 258-261.
“EIGRP MPLS VPN PE-CE Site of Origin (SoO)”, Cisco Systems, Feb. 28, 2006, 14 pages.
Related Publications (1)
Number Date Country
20150312092 A1 Oct 2015 US