Network proxy layer for policy-based application proxies

Description

BACKGROUND

Field of the Invention

The present invention relates generally to data networks, and more particularly to policy based data networks.

Description of the Related Art

The approaches described in this section could be pursued but are not necessarily approaches that have previously been conceived or pursued. Therefore, unless otherwise indicated, it should not be assumed that any of the approaches described in this section qualify as prior art merely by virtue of their inclusion in this section.

Data networks such as the Internet, enterprise data networks, mobile broadband networks, cloud networks, have become an integral part of our lives. We use applications over data networks to obtain news, gather product information, reserve a table for dinner, submit a payment, purchase a good, read a book, find a map, make or receive phone calls, conduct or join a conferencing event, participate in a meeting, work on a document, approve a promotion, chat with a friend, watch television and videos, book a plane ticket, and do many other things in our normal lifestyle or work style. Corporate computers use applications over data network for business transactions, factory control, corporate voice and telephony services, inventory, fleet management and many other business uses.

Typically a client computer requests a service from a network application being served by a server computer. The communication session between the client computer and the server computer passes through a data network. Often, for security reasons and for load balancing purposes, network applications of certain types of communication sessions are inspected by the data network, for example, using a server load balancer (SLB), an application delivery controller (ADC), a firewall, a hypervisor application server or a media gateway. These communication sessions may include HTTP sessions, TCP sessions, and SIP sessions. In one example, a HTTP application desires to be inspected in the data network. An application proxy for the HTTP application will be deployed in a network device in the data network where the network device intercepts a communication session of the HTTP application between a client and a server serving the HTTP application. The HTTP application proxy receives data packets from the client, examines the client data, performs a TCP/IP layer security control, performs a HTTP protocol layer security control, performs additional security and service processing specific to the HTTP application, and finally sends the client data, perhaps modified based on the above mentioned processing, to the server. On the reverse path, the HTTP application proxy receives data from the server and applies similar processing before sending the server data, modified when necessary, to the client. The HTTP application proxy needs to handle any data buffer management, and any necessary security handling associated with the HTTP application and the underlying protocol layers.

In another example, a network device performs a SIP application proxy for a Voice Over IP (VoIP) and media application, where the network device provides security and traffic policy services to enhance the VoIP and media application.

Typically, each network application proxy behaves similarly in deployment. When the number of network application proxies deployed in a network device increases, there may be redundant effort in the handling of application proxies. Also, the handling of proxies among the different application proxies may be inconsistent, leading sometimes to undesirable behavior of the network device.

Thus, there is a need to provide a common network proxy layer to offer a consistent and efficient mechanism for network application proxies.

SUMMARY

This summary is provided to introduce a selection of concepts in a simplified form that are further described in the Detailed Description below. This summary is not intended to identify key features or essential features of the claimed subject matter, nor is it intended to be used as an aid in determining the scope of the claimed subject matter.

The present disclosure is related to approaches for providing a network proxy layer for policy-based application proxies. In embodiments of the invention, a common network proxy layer may be provided so that one or more network application proxies on that layer process data efficiently, and in the same manner.

In an exemplary method for providing a network proxy layer, the method may comprise receiving a connection establishment event for a client connection of an application session, and sending a client connection event to an application proxy for the application session, the application proxy associated to an application of a server. The method may further comprise receiving one or more data packets from the client connection, receiving a connection establishment event for a server connection of the application session to the server; and receiving one or more data packets from the server connection.

In further example embodiments of the present disclosure, the method steps are stored on a computer-readable medium comprising instructions, which when implemented by one or more processors perform the recited steps. In yet further example embodiments, hardware systems, or devices can be adapted to perform the recited steps. Other features, examples, and embodiments are described below.

BRIEF DESCRIPTION OF THE DRAWINGS

Embodiments are illustrated by way of example and not limitation in the figures of the accompanying drawings, in which like references indicate similar elements and in which:

FIG. 1 illustrates an exemplary embodiment of a service gateway having a plurality of application proxies using a network proxy layer.

FIG. 2 illustrates components of an exemplary service gateway.

FIG. 3 illustrates an exemplary embodiment of a proxy state machine.

FIG. 4 illustrates an application proxy processing data packets exchanged over an application session in an exemplary embodiment.

FIG. 5 illustrates an exemplary HTTP application proxy using a network proxy layer.

FIG. 6 illustrates an exemplary TCP proxy using a network proxy layer.

FIG. 7 illustrates a plurality of application proxies over an application session in an exemplary embodiment.

FIG. 8 illustrates a diagrammatic representation of a computing device for a machine in the example electronic form of a computer system, within which a set of instructions for causing the machine to perform any one or more of the methodologies discussed herein can be executed.

DETAILED DESCRIPTION

The following detailed description includes references to the accompanying drawings, which form a part of the detailed description. The drawings show illustrations in accordance with example embodiments. These example embodiments, which are also referred to herein as “examples,” are described in enough detail to enable those skilled in the art to practice the present subject matter. The embodiments can be combined, other embodiments can be utilized, or structural, logical, and electrical changes can be made without departing from the scope of what is claimed. The following detailed description is therefore not to be taken in a limiting sense, and the scope is defined by the appended claims and their equivalents. In this document, the terms “a” and “an” are used, as is common in patent documents, to include one or more than one. In this document, the term “or” is used to refer to a nonexclusive “or,” such that “A or B” includes “A but not B,” “B but not A,” and “A and B,” unless otherwise indicated.

Referring now to the drawings, FIG. 1 illustrates a service gateway 300 servicing a plurality of application proxies 701, 702 using network proxy layer 620.

In an example embodiment, service gateway 300 connects to client device 100 over a data network 501. Data network 501 may comprise an Internet Protocol (IP) network, a corporate data network, a regional corporate data network, an Internet service provider network, a residential data network, a wired network such as Ethernet, a wireless network such as a WiFi network, or a cellular network. Data network 501 may reside in a data center, or connect to any other network or a cloud-based network.

In an example embodiment, service gateway 300 connects to server 200 over a data network 503. Data network 503 may comprise an Internet Protocol (IP) network, a corporate data network, a regional corporate data network, an Internet service provider network, a residential data network, a wired network such as Ethernet, a wireless network such as a WiFi network, or a cellular network. Data network 503 may reside in a data center, or connect to any other network or application network cloud. Data network 503 may also be the same as data network 501 in some embodiments.

Client device 100 is typically a computing device with network access capabilities. In example embodiments, client device 100 may be a workstation, a desktop personal computer, a laptop personal computer, a Personal Data Assistant (PDA), a tablet computing device, a smartphone, a cellular phone, a set-top box, an Internet media viewer, an Internet media player, a smart sensor, a smart medical device, a net-top box, a networked television set, a networked DVR, a networked Blu-ray player, a networked handheld gaming device, a media center, a mobile device, or a networked personal computing device.

In other embodiments, client device 100 may also be a residential broadband gateway, a business Internet gateway, a business computing server, a network customer premise device (CPE), or an Internet access gateway.

In exemplary embodiments, client device 100 may include a broadband remote access server (BRAS), a Digital Subscriber Line Access Multiplexer (DSLAM), a Cable Modem Terminating System (CMTS), or a service provider access gateway. Client device 100 may also include a mobile broadband access gateway such as a Gateway GPRS Support Node (GGSN), a Home Agent (HA), or a PDN Gateway (PGW).

In various embodiments, client device 100 may include a server load balancer, an application delivery controller, a traffic manager, a firewall, a VPN server, a remote access server, or an enterprise or datacenter access gateway. In one embodiment, client device 100 may be a device similar to service gateway 300.

In an exemplary method, client device 100 initiates application session 400 towards server 200 via service gateway 300.

Server 200 is a computing device typically coupled to a processor and a computer readable medium which stores computer readable program code. Server 200, with the processor and the computer readable program code, may implement the functionality of a Web server, a file server, a video server, a database server, an application server, a voice system, a conferencing server, a media gateway, a media center, an app server or a network server providing an application service to client device 100 using the application session 400. In one embodiment, server 200 may be a device similar to service gateway 300.

Service gateway 300, illustrated in FIG. 2, may be operationally coupled to a processor module 310, a memory module 320, a network interface module 330, and a computer readable medium 340. The computer readable medium 340 stores computer readable program code, which when executed by the processor module 310 using the memory module 320, may implement the various embodiments of the present invention as described herein. In some embodiments, service gateway 300 may be implemented as a server load balancer, an application delivery controller, a service delivery platform, a traffic manager, a security gateway, a component of a firewall system, a component of a virtual private network (VPN), a network proxy gateway, a network application server, a load balancer for video servers, a gateway to distribute load to one or more servers, a Web or HTTP server, a network address translation (NAT) gateway, or a TCP server.

Returning to FIG. 1, service gateway 300 may implement the functionality of TCP/IP layer 610, network proxy layer 620, and at least one application proxy, which may include application proxy 701 and/or application proxy 702. In one embodiment, network proxy layer 620 is implemented in network interface module 330 and network interface module 330 may include a network processor or an ASIC/FPGA circuitry capable of processing network proxy layer 620. In one embodiment, network proxy layer 620 is implemented in processor module 310.

Application session 400 may be a TCP session conducted via service gateway 300. In an exemplary embodiment, application proxy 701 processes application session 400. Service gateway 300 receives data packets of application session 400. TCP/IP layer 610 receives and processes the received application session 400 data packets and passes the processed data packets to network proxy layer 620. Network proxy layer 620 provides additional processing to the data packets and sends the processed data packets to application proxy 701. Upon processing the received application session 400 data packets, application proxy 701 may send responses based on the received application session 400 data packet to network proxy layer 620, which in turns processes the responses and sends to the TCP/IP layer 610, which further processes the received responses from network proxy layer 620 and transmits the results to client device 100 via data network 501 or server 200 via data network 503.

Application proxy 701 may relate to an application of server 200 serving application session 400.

FIG. 3 illustrates an exemplary embodiment of network proxy layer 620. In one embodiment, network proxy layer 620 may include a state machine with three states—client connected state 621, server connecting state 623 and server connected state 625. In an example embodiment, network proxy layer 620 receives a client establishment event 612 from TCP/IP layer 610. Client establishment event 612 may be received when TCP/IP layer 610 exchanges or successfully establishes a TCP session connection with client device 100. Upon receiving client establishment event 612, network proxy layer 620 sets to client connected state 621.

In various embodiments, network proxy layer 620 may indicate the client establishment event 612 to application proxy 701. Network proxy layer 620 may send a client connection event 629 to application proxy 701 to indicate receipt of client establishment event 612. Client connection event 629 may include information about client device 100. Client connection event 629 may also include the TCP session connection with client device 100.

In one embodiment, network proxy layer 620 may include a client transmit buffer 622. Client transmit buffer 622 may store client data sent by application proxy 701 towards server 200. Client transmit buffer 622 will be further described below. In an example embodiment, network proxy layer 620 may determine that client transmit buffer 622 is not empty and has data to be transmitted to server 200 while network proxy layer 620 is in client connected state 621. Network proxy layer 620 may then change to server connecting state 623. Network proxy layer 620 may establish a TCP session with server 200. In one embodiment, network proxy layer 620 instructs TCP/IP layer 610 to establish a TCP session with server 200. In one embodiment, application proxy 701 informs network proxy layer 620 the address of server 200 for the TCP session. In one embodiment, the client transmit buffer 622 includes the server 200 address information.

Once TCP/IP layer 610 successfully establishes a TCP session with server 200, TCP/IP layer 610 may send a server establishment event 615 to network proxy layer 620. Upon receiving the server establishment event 615, network proxy layer 620 may change to server connected state 625. At the server connected state 625, service gateway 300 has a TCP session with client device 100 and a TCP session with server 200. Client device 100 and server 200 can exchange data packets for the application session 400 via service gateway 300.

FIG. 4 illustrates an example embodiment of data packets exchanged between client device 100 and server 200 where application proxy 701 processes the exchanged data packets.

In an example embodiment, network proxy layer 620 receives a client data packet 617 from client device 100 via TCP/IP layer 610. Network proxy layer 620 processes client data packet 617, generates client received data 627 using client data packet 617, and sends client received data 627 to application proxy 701. Network proxy layer 620 may also send client received data 627 to application proxy 701 after processing and combining one or more client data packets from client device 100. Furthermore, network proxy layer 620 may also perform one or more security checks or other policy based services on client data packet 617 prior to sending to application proxy 701. Network proxy layer 620 may also include a client connection event in client received data 627.

In one embodiment, application proxy 701 puts data into client transmit buffer 622. Application proxy 701 may also put data derived from client received data 627 into client transmit buffer 622. In one embodiment, application proxy 701 performs a proxy function on behalf of a corresponding application on server 200 serving application session 400. In various embodiments, application proxy 701 may also include information about server 200. In an example embodiment, application proxy 701 selects server 200 based on client received data 627. Application proxy 701 may include information about server 200 as a request to establish a session with server 200. Network proxy layer 620 may detect presence of data in client transmit buffer 622, and send the data in client transmit buffer 622 to server 200, via TCP/IP layer 610 onto the established server TCP session with server 200. The data in client transmit buffer 622 may include information about server 200. Network proxy layer 620 may use the server information to establish the server TCP session with server 200. Network proxy layer 620 may also establish the server TCP session with server 200 if the server TCP session is not present. In one embodiment, network proxy layer 620 establishes the server TCP session with server 200 if the information about server 200 differs from the existing server TCP session.

In an example embodiment, network proxy layer 620 receives a server data packet 618 from server 200 via TCP/IP layer 610. In one embodiment, network proxy layer 620 generates server received data 628 from server data packet 618 and sends server received data 628 to application proxy 701. Network proxy layer 620 may perform additional processing such as security or modification of server data packet 618 prior to generating server received data 628.

In exemplary embodiments, application proxy 701 may put data into server transmit buffer 624. Application proxy 701 may put data derived from server received data 628 into server transmit buffer 624. In one embodiment, application proxy 701 performs a proxy function on behalf of a service application on server 200 serving application session 400.

Network proxy layer 620 may also detect presence of data in server transmit buffer 624, and send the data in server transmit buffer 624 to client device 100, via TCP/IP layer 610 on the established client TCP session with client device 100.

FIG. 5 illustrates an example embodiment of a HTTP application proxy 721. In exemplary embodiments, HTTP application proxy 721 may include a client request state 722 and a server response state 724. HTTP application proxy 721 may receive client received data 627 from network proxy layer 620. HTTP application proxy 721 determines client received data 627 is from client device 100. HTTP application proxy 721 may then set to client request state 722. HTTP application proxy 721 examines client received data 627 and determines client received data 627 includes a HTTP request 726.

In some embodiments, client request state 722 may include a HTTP request protocol parser 725 which determines if client received data 627 satisfies the HTTP request protocol. In an example embodiment, HTTP request protocol parser 725 determines that client received data 627 satisfies the protocol. HTTP request protocol parser 725 may generate a record showing the components of the HTTP request 726. HTTP application proxy 721 may then process HTTP request 726. In some embodiments, HTTP request protocol parser may be included in network proxy layer 620 and network proxy layer 620 processes client received data 627 against HTTP request protocol parser 725 to generate the record for the HTTP request 726. In some embodiments, client received data 627 may include the record for the HTTP request 726.

In an example embodiment, HTTP application proxy 721 may select server 200 based on HTTP request 726. HTTP application proxy 721 may also select server 200 based on a server selection policy (not shown). In exemplary embodiments, HTTP application proxy 721 may modify HTTP request 726 and put HTTP request 726 or the modified HTTP request into client transmit buffer 622. HTTP application proxy 721 may also inform network proxy layer 620 to establish a session with server 200 for HTTP request 726. As illustrated elsewhere, network proxy layer 620 may establish a TCP session with server 200 and transmit data in client transmit buffer 622 to server 200.

In exemplary embodiments, HTTP application proxy 721 may examine HTTP request 726 based on one or more security policies, such as detection of denial of service, or any other appropriate security policy application to HTTP protocol or the HTTP application associated to HTTP application proxy 721.

In an example embodiment, HTTP application proxy 721 changes state from client request state 722 to server response state 724. During server response state 724, HTTP application proxy 721 may receive server received data 628 from network proxy layer 620. Server response state 724 may continue to receive server received data 628. In server response state 724, HTTP application proxy 721 may inspect server received data 628 against HTTP response format. In server response state 724, it may generate a record showing the components of HTTP response 728. HTTP application proxy 721 may process HTTP response 728 or modify HTTP response 728. In some embodiments HTTP application proxy 721 mat process HTTP response 728 using a service policy. HTTP application proxy 721 may then place processed HTTP response onto server transmit buffer 624 for network proxy layer 620 to send to client device 100.

In embodiments, HTTP application proxy 721 may process HTTP response 728 based on one or more security policies such as detecting a phishing response, a virus or any other appropriate security policies application to HTTP response or the HTTP application associated to HTTP application proxy 721.

HTTP application proxy 721 may also perform load balancing for HTTP request 726, among a plurality of servers which includes server 200. In an exemplary embodiment, HTTP application proxy 721 performs a HTTP firewall function. In another exemplary embodiment, HTTP application proxy 721 performs an access control based on geographic information about client device 100. HTTP application proxy 721 may also perform content caching for server 200.

FIG. 6 illustrates an exemplary embodiment of a TCP application proxy 730. In exemplary embodiments, TCP application proxy 730 receives client received data 627 from network proxy layer 620. TCP application proxy 730 may place client received data 627 into client transmit buffer 622. If TCP application proxy 730 determines client received data 627 indicates a new TCP proxy session from client device 100, TCP application proxy 730 may inform network proxy layer 620 to establish a server session with server 200. TCP application proxy 730 may obtain server 200 information based on client received data 627.

In exemplary embodiments, TCP application proxy 730 receives server received data 628 from network proxy layer 620. TCP application proxy 730 may place server received data 628 into server transmit buffer 624.

In some embodiments, TCP application proxy 730 may process and perhaps modify client received data 627 or server received data 628 prior to placing the data into either client transmit buffer 622 or server transmit buffer 624. In one embodiment, TCP application proxy 730 processes client received data 627 or server received data 628 based on a security policy such as detection of a Denial of Service event (DOS), or other TCP security processing; or based on a service policy such as bandwidth policy, traffic management policy or other configured service policies. In one embodiment, TCP application proxy 730 applies additional session protocol processing such as encryption, decryption, compression, or TCP profiling.

FIG. 7 illustrates an exemplary embodiment of a second application proxy 742 being applied after a first application proxy 741. In one embodiment, application session 400 is processed by two application proxies 741 and 742. In the client to server traffic direction, application proxy 741 may be applied before application proxy 742. In the server to client traffic direction, application proxy 741 may also be applied after application proxy 742. Alternatively, in some embodiments, application proxy 742 may be applied prior to application proxy 741 in the client to server traffic direction, and/or in the server to client traffic direction.

In an exemplary embodiment, application proxy 741 receives client received data 627, processes client received data 627, and generates client data 637 using client received data 627. In one embodiment, application proxy 741 places data 637 into client transmit buffer 622 and network proxy layer 620 sends client data 637 as modified client received data 727 for application proxy 742. In one embodiment, application proxy 741 sends data 637 as modified client received data 727 to application proxy 742. Application proxy 742 may process modified client received data 727 and place processed modified client received data 727 into client transmit buffer 622 such that network proxy layer 620 can send data from client transmit buffer 622 to server 200.

In exemplary embodiments, application proxy 742 may receive server received data 628, process server received data 628, and generates server data 638 using server received data 628. In one embodiment, application proxy 742 places server data 638 into server transmit buffer 624 and network proxy layer 620 places server data 638 from server transmit buffer 624 as modified server received data 728 for application proxy 741. In one embodiment, application proxy 742 sends server data 638 as modified server received data 728 to application proxy 741. Application proxy 741 processes modified server received data 728 and places processed modified server received data into server transmit buffer 624 such that network proxy layer 620 can send data from server transmit buffer 624 to client device 100.

FIG. 8 shows a diagrammatic representation of a machine in the example electronic form of a computer system 800, within which a set of instructions for causing the machine to perform any one or more of the methodologies discussed herein may be executed. In various example embodiments, the machine operates as a standalone device or may be connected (e.g., networked) to other machines. In a networked deployment, the machine may operate in the capacity of a server or a client machine in a server-client network environment, or as a peer machine in a peer-to-peer (or distributed) network environment. The machine may be a PC, a tablet PC, a set-top box (STB), a cellular telephone, a portable music player (e.g., a portable hard drive audio device such as an Moving Picture Experts Group Audio Layer 3 (MP3) player), a web appliance, a network router, switch or bridge, or any machine capable of executing a set of instructions (sequential or otherwise) that specify actions to be taken by that machine. Further, while only a single machine is illustrated, the term “machine” shall also be taken to include any collection of machines that individually or jointly execute a set (or multiple sets) of instructions to perform any one or more of the methodologies discussed herein.

The example computer system 800 includes a processor or multiple processors 802 (e.g., a central processing unit (CPU), a graphics processing unit (GPU), or both), a main memory 804 and a static memory 806, which communicate with each other via a bus 808. The computer system 800 may further include a video display unit 810 (e.g., a liquid crystal display (LCD) or a cathode ray tube (CRT)). The computer system 800 may also include an alphanumeric input device 812 (e.g., a keyboard), a cursor control device 814 (e.g., a mouse), a disk drive unit 816, a signal generation device 818 (e.g., a speaker), and a network interface device 820.

The disk drive unit 816 includes a non-transitory computer-readable medium 822, on which is stored one or more sets of instructions and data structures (e.g., instructions 824) embodying or utilized by any one or more of the methodologies or functions described herein. The instructions 824 may also reside, completely or at least partially, within the main memory 804 and/or within the processors 802 during execution thereof by the computer system 800. The main memory 804 and the processors 802 may also constitute machine-readable media.

The instructions 824 may further be transmitted or received over a network 826 via the network interface device 820 utilizing any one of a number of well-known transfer protocols (e.g., Hyper Text Transfer Protocol (HTTP)).

While the computer-readable medium 822 is shown in an example embodiment to be a single medium, the term “computer-readable medium” should be taken to include a single medium or multiple media (e.g., a centralized or distributed database and/or associated caches and servers) that store the one or more sets of instructions. The term “computer-readable medium” shall also be taken to include any medium that is capable of storing, encoding, or carrying a set of instructions for execution by the machine and that causes the machine to perform any one or more of the methodologies of the present application, or that is capable of storing, encoding, or carrying data structures utilized by or associated with such a set of instructions. The term “computer-readable medium” shall accordingly be taken to include, but not be limited to, solid-state memories, optical and magnetic media, and carrier wave signals. Such media may also include, without limitation, hard disks, floppy disks, flash memory cards, digital video disks, random access memory (RAMs), read only memory (ROMs), and the like.

The example embodiments described herein can be implemented in an operating environment comprising computer-executable instructions (e.g., software) installed on a computer, in hardware, or in a combination of software and hardware. The computer-executable instructions can be written in a computer programming language or can be embodied in firmware logic. If written in a programming language conforming to a recognized standard, such instructions can be executed on a variety of hardware platforms and for interfaces to a variety of operating systems. Although not limited thereto, computer software programs for implementing the present method can be written in any number of suitable programming languages such as, for example, Hypertext Markup Language (HTML), Dynamic HTML, Extensible Markup Language (XML), Extensible Stylesheet Language (XSL), Document Style Semantics and Specification Language (DSSSL), Cascading Style Sheets (CSS), Synchronized Multimedia Integration Language (SMIL), Wireless Markup Language (WML), Java™, Jini™, C, C++, Perl, UNIX Shell, Visual Basic or Visual Basic Script, Virtual Reality Markup Language (VRML), ColdFusion™ or other compilers, assemblers, interpreters or other computer languages or platforms.

Thus, methods and systems for providing a network proxy layer are disclosed. Although embodiments have been described with reference to specific example embodiments, it will be evident that various modifications and changes can be made to these example embodiments without departing from the broader spirit and scope of the present application. Accordingly, the specification and drawings are to be regarded in an illustrative rather than a restrictive sense.

Claims

1. A method for providing a network proxy layer, comprising: receiving, by a service gateway, a connection establishment event for a client connection of an application session, the connection establishment event indicating that the client connection is established between the service gateway and a client, the client connection being established based on a request received from the client;sending, by the service gateway, a client connection event to an application proxy for the application session upon receiving the connection establishment event for the client connection associated with the client, the application proxy being associated with an application of one or more of a plurality of servers, the client connection event including at least client data associated with the client, the application proxy storing the client data to a client transmit buffer based on the client connection event;receiving, by the application proxy, one or more data packets from the client connection;based on the client data the one or more data packets received from the client connection, and a server selection policy, selecting, by the application proxy, a server from the plurality of servers, the server being associated with server data;storing, by the application proxy, the one or more data packets and the server data of the server selected by the application proxy to the client transmit buffer;determining, by the service gateway, a presence of the one or more data packets in the client transmit buffer;based on the determining, initiating, by the service gateway, establishing a server connection of the application session with the server based on the server data stored in the client transmit buffer;receiving, by the service gateway, a server establishment event for the server connection of the application session to the server, the server establishment event indicating that the server connection is established between the service gateway and the server;upon receiving the server establishment event, sending, by the service gateway, the one or more data packets to the server based on the server data stored in the client transmit buffer; andreceiving, by the application proxy, one or more data packets from the server connection.
2. The method of claim 1, wherein the receiving one or more data packets from the client connection further comprises: sending a client data to the application proxy, the client data derived from the one or more data packets from the client connection.
3. The method of claim 1, wherein the receiving one or more data packets from the client connection further comprises: processing the one or more data packets from the client connection based on a security or service policy.
4. The method of claim 1, wherein the receiving one or more data packets from the client connection further comprises: processing the one or more data packets from the client connection based on a protocol format associated to the application proxy.
5. The method of claim 1, wherein the receiving the server establishment event for the server connection of the application session to the server comprises: receiving a request for the server connection; andestablishing the server connection with the server upon receiving the request for the server connection.
6. The method of claim 5, wherein the receiving a request for the server connection comprises an address of the server.
7. The method of claim 6, wherein the establishing the server connection with the server upon receiving the request for the server connection is based on the address of the server.
8. The method of claim 1, wherein the receiving one or more data packets from the server connection further comprises: sending a server data to the application proxy wherein the server data is derived from the one or more data packets from the server connection.
9. The method of claim 1, wherein the receiving one or more data packets from the server connection further comprises: processing the one or more data packets from the server connection based on a security or service policy.
10. The method of claim 1, wherein the receiving one or more data packets from the server connection further comprises: processing the one or more data packets from the server connection based on a protocol format associated to the application proxy.
11. The method of claim 1, further comprising: receiving client transmit data from the application proxy; and sending the client transmit data to the server connection.
12. The method of claim 11, wherein the client transmit data is sent to the server connection as one or more data packets.
13. The method of claim 1, further comprising: receiving server transmit data from the application proxy; and sending the server transmit data to the client connection.
14. The method of claim 13, wherein the server transmit data is sent to the client connection as one or more data packets.
15. The method of claim 1, wherein the client connection or the server connection is an TCP connection.
16. The method of claim 1, wherein the application is one of a TCP application, a secure TCP application, a HTTP application, a secure HTTP application, a SIP application, or a secure SIP application.
17. A non-transitory computer-readable storage medium having instructions stored thereon, the instructions being executable by one or more processors to perform a method for providing a network proxy layer, the method comprising: receiving, by a service gateway, a connection establishment event for a client connection of an application session, the connection establishment event indicating that the client connection is established between the service gateway and a client, the client connection being established based on a request received from the client;sending, by the service gateway, a client connection event to an application proxy for the application session upon receiving the connection establishment event for the client connection associated with the client, the application proxy being associated with an application of one or more of a plurality of servers, the client connection event including at least client data associated with the client, the application proxy storing the client data to a client transmit buffer based on the client connection event;receiving, by the application proxy, one or more data packets from the client connection;based on the client data, the one or more data packets received from the client connection, and a server selection policy, selecting, by the application proxy, a server from the plurality of servers, the server being associated with server data;storing, by the application proxy, the one or more data packets and the server data of the server selected by the application proxy to the client transmit buffer;determining, by the service gateway, a presence of the one or more data packets in the client transmit buffer;based on the determining, initiating, by the service gateway, establishing a server connection of the application session with the server based on the server data stored in the client transmit buffer;receiving, by the service gateway, a server establishment event for the server connection of the application session to the server, the server establishment event indicating that the server connection is established between the service gateway and the server;upon receiving the server establishment event, sending, by the service gateway, the one or more data packets to the server based on the server data stored in the client transmit buffer; and receiving, by the application proxy, one or more data packets from the server connection.
18. The non-transitory computer-readable storage medium of claim 17, wherein the receiving one or more data packets from the client connection further comprises: sending a client data to the application proxy, the client data derived from the one or more data packets from the client connection.
19. The non-transitory computer-readable storage medium of claim 17, wherein the receiving one or more data packets from the client connection further comprises: processing the one or more data packets from the client connection based on a security or service policy.
20. The non-transitory computer-readable storage medium of claim 17, wherein the receiving one or more data packets from the client connection further comprises: processing the one or more data packets from the client connection based on a protocol format associated to the application proxy.
21. The non-transitory computer-readable storage medium of claim 17, wherein the receiving the server establishment event for the server connection of the application session to the server comprises: receiving a request for the server connection; andestablishing the server connection with the server upon receiving the request for the server connection.
22. The non-transitory computer-readable storage medium of claim 21, wherein the receiving a request for the server connection comprises an address of the server.
23. The non-transitory computer-readable storage medium of claim 22, wherein the establishing the server connection with the server upon receiving the request for the server connection is based on the address of the server.
24. The non-transitory computer-readable storage medium of claim 17, wherein the receiving one or more data packets from the server connection further comprises: sending a server data to the application proxy wherein the server data is derived from the one or more data packets from the server connection.
25. The non-transitory computer-readable storage medium of claim 17, wherein the receiving one or more data packets from the server connection further comprises: processing the one or more data packets from the server connection based on a security or service policy.
26. The non-transitory computer-readable storage medium of claim 17, wherein the receiving one or more data packets from the server connection further comprises: processing the one or more data packets from the server connection based on a protocol format associated to the application proxy.
27. The non-transitory computer-readable storage medium of claim 17, further comprising: receiving client transmit data from the application proxy; and sending the client transmit data to the server connection.
28. The non-transitory computer-readable storage medium of claim 27, wherein the client transmit data is sent to the server connection as one or more data packets.
29. The non-transitory computer-readable storage medium of claim 17, further comprising: receiving server transmit data from the application proxy; and sending the server transmit data to the client connection.
30. The non-transitory computer-readable storage medium of claim 29, wherein the server transmit data is sent to the client connection as one or more data packets.
31. The non-transitory computer-readable storage medium of claim 17, wherein the client connection or the server connection is an TCP connection.
32. The non-transitory computer-readable storage medium of claim 17, wherein the application is one of a TCP application, a secure TCP application, a HTTP application, a secure HTTP application, a SIP application, or a secure SIP application.

US Referenced Citations (434)

Number	Name	Date	Kind
5218602	Grant et al.	Jun 1993	A
5774660	Brendel et al.	Jun 1998	A
5862339	Bonnaure et al.	Jan 1999	A
5875185	Wang et al.	Feb 1999	A
5935207	Logue et al.	Aug 1999	A
5941988	Bhagwat	Aug 1999	A
5958053	Denker	Sep 1999	A
5995981	Wikstrom	Nov 1999	A
6003069	Cavill	Dec 1999	A
6014700	Bainbridge	Jan 2000	A
6047268	Bartoli et al.	Apr 2000	A
6075783	Voit	Jun 2000	A
6131163	Wiegel	Oct 2000	A
6219706	Fan et al.	Apr 2001	B1
6259705	Takahashi et al.	Jul 2001	B1
6321338	Porras et al.	Nov 2001	B1
6374300	Masters	Apr 2002	B2
6456617	Oda et al.	Sep 2002	B1
6459682	Ellesson et al.	Oct 2002	B1
6483600	Schuster et al.	Nov 2002	B1
6535516	Leu et al.	Mar 2003	B1
6578066	Logan et al.	Jun 2003	B1
6587866	Modi et al.	Jul 2003	B1
6600738	Alperovich et al.	Jul 2003	B1
6658114	Farn et al.	Dec 2003	B1
6748414	Bournas	Jun 2004	B1
6772205	Lavian et al.	Aug 2004	B1
6772334	Glawitsch	Aug 2004	B1
6779017	Lamberton et al.	Aug 2004	B1
6779033	Watson et al.	Aug 2004	B1
6804224	Schuster et al.	Oct 2004	B1
6877036	Smith	Apr 2005	B1
6952728	Alles et al.	Oct 2005	B1
7010605	Dharmarajan	Mar 2006	B1
7013482	Krumel	Mar 2006	B1
7058718	Fontes et al.	Jun 2006	B2
7069438	Balabine et al.	Jun 2006	B2
7076555	Orman et al.	Jul 2006	B1
7143087	Fairweather	Nov 2006	B2
7167927	Philbrick et al.	Jan 2007	B2
7181524	Lele	Feb 2007	B1
7218722	Turner et al.	May 2007	B1
7228359	Monteiro	Jun 2007	B1
7234161	Maufer et al.	Jun 2007	B1
7236457	Joe	Jun 2007	B2
7254133	Govindarajan et al.	Aug 2007	B2
7269850	Govindarajan et al.	Sep 2007	B2
7277963	Dolson et al.	Oct 2007	B2
7293099	Kalajan	Nov 2007	B1
7301899	Goldstone	Nov 2007	B2
7308499	Chavez	Dec 2007	B2
7310686	Uysal	Dec 2007	B2
7328267	Bashyam et al.	Feb 2008	B1
7334232	Jacobs et al.	Feb 2008	B2
7337241	Boucher et al.	Feb 2008	B2
7343399	Hayball et al.	Mar 2008	B2
7349970	Clement et al.	Mar 2008	B2
7370353	Yang	May 2008	B2
7373500	Ramelson et al.	May 2008	B2
7391725	Huitema et al.	Jun 2008	B2
7398317	Chen et al.	Jul 2008	B2
7423977	Joshi	Sep 2008	B1
7430755	Hughes et al.	Sep 2008	B1
7463648	Eppstein et al.	Dec 2008	B1
7467202	Savchuk	Dec 2008	B2
7472190	Robinson	Dec 2008	B2
7492766	Cabeca et al.	Feb 2009	B2
7506360	Wilkinson et al.	Mar 2009	B1
7509369	Tormasov	Mar 2009	B1
7512980	Copeland et al.	Mar 2009	B2
7533409	Keane et al.	May 2009	B2
7552323	Shay	Jun 2009	B2
7584262	Wang et al.	Sep 2009	B1
7584301	Joshi	Sep 2009	B1
7590736	Hydrie et al.	Sep 2009	B2
7610622	Touitou et al.	Oct 2009	B2
7613193	Swami et al.	Nov 2009	B2
7613822	Joy et al.	Nov 2009	B2
7673072	Boucher et al.	Mar 2010	B2
7675854	Chen et al.	Mar 2010	B2
7703102	Eppstein et al.	Apr 2010	B1
7707295	Szeto et al.	Apr 2010	B1
7711790	Barrett et al.	May 2010	B1
7733866	Mishra et al.	Jun 2010	B2
7747748	Allen	Jun 2010	B2
7765328	Bryers et al.	Jul 2010	B2
7792113	Foschiano et al.	Sep 2010	B1
7808994	Vinokour et al.	Oct 2010	B1
7826487	Mukerji et al.	Nov 2010	B1
7881215	Daigle et al.	Feb 2011	B1
7948952	Hurtta et al.	May 2011	B2
7965727	Sakata et al.	Jun 2011	B2
7970934	Patel	Jun 2011	B1
7979694	Touitou et al.	Jul 2011	B2
7983258	Ruben et al.	Jul 2011	B1
7990847	Leroy et al.	Aug 2011	B1
7991859	Miller et al.	Aug 2011	B1
7992201	Aldridge et al.	Aug 2011	B2
8019870	Eppstein et al.	Sep 2011	B1
8032634	Eppstein et al.	Oct 2011	B1
8081640	Ozawa et al.	Dec 2011	B2
8090866	Bashyam et al.	Jan 2012	B1
8099492	Dahlin et al.	Jan 2012	B2
8116312	Riddoch et al.	Feb 2012	B2
8122116	Matsunaga et al.	Feb 2012	B2
8151019	Le et al.	Apr 2012	B1
8179809	Eppstein et al.	May 2012	B1
8185651	Moran et al.	May 2012	B2
8191106	Choyi et al.	May 2012	B2
8224971	Miller et al.	Jul 2012	B1
8261339	Aldridge et al.	Sep 2012	B2
8296434	Miller et al.	Oct 2012	B1
8312507	Chen et al.	Nov 2012	B2
8379515	Mukerji	Feb 2013	B1
8499093	Grosser et al.	Jul 2013	B2
8539075	Bali et al.	Sep 2013	B2
8554929	Szeto et al.	Oct 2013	B1
8559437	Mishra et al.	Oct 2013	B2
8560693	Wang et al.	Oct 2013	B1
8584199	Chen et al.	Nov 2013	B1
8595791	Chen et al.	Nov 2013	B1
RE44701	Chen et al.	Jan 2014	E
8675488	Sidebottom et al.	Mar 2014	B1
8681610	Mukerji	Mar 2014	B1
8750164	Casado et al.	Jun 2014	B2
8782221	Han	Jul 2014	B2
8813180	Chen et al.	Aug 2014	B1
8826372	Chen et al.	Sep 2014	B1
8879427	Krumel	Nov 2014	B2
8885463	Medved et al.	Nov 2014	B1
8897154	Jalan et al.	Nov 2014	B2
8965957	Barros	Feb 2015	B2
8977749	Han	Mar 2015	B1
8990262	Chen et al.	Mar 2015	B2
9094364	Jalan et al.	Jul 2015	B2
9106561	Jalan et al.	Aug 2015	B2
9154584	Han	Oct 2015	B1
9215275	Kannan et al.	Dec 2015	B2
9219751	Chen et al.	Dec 2015	B1
9253152	Chen et al.	Feb 2016	B1
9270705	Chen et al.	Feb 2016	B1
9270774	Jalan et al.	Feb 2016	B2
9338225	Jalan et al.	May 2016	B2
9350744	Chen et al.	May 2016	B2
9356910	Chen et al.	May 2016	B2
9386088	Zheng et al.	Jul 2016	B2
20010042200	Lamberton et al.	Nov 2001	A1
20010049741	Skene et al.	Dec 2001	A1
20020026515	Michielsens et al.	Feb 2002	A1
20020032777	Kawata et al.	Mar 2002	A1
20020032799	Wiedeman et al.	Mar 2002	A1
20020078164	Reinschmidt	Jun 2002	A1
20020091844	Craft et al.	Jul 2002	A1
20020103916	Chen et al.	Aug 2002	A1
20020133491	Sim et al.	Sep 2002	A1
20020138618	Szabo	Sep 2002	A1
20020141386	Minert et al.	Oct 2002	A1
20020143991	Chow et al.	Oct 2002	A1
20020152307	Doyle	Oct 2002	A1
20020178259	Doyle et al.	Nov 2002	A1
20020188678	Edecker et al.	Dec 2002	A1
20020191575	Kalavade et al.	Dec 2002	A1
20020194335	Maynard	Dec 2002	A1
20020194350	Lu et al.	Dec 2002	A1
20030009591	Hayball et al.	Jan 2003	A1
20030014544	Pettey	Jan 2003	A1
20030023711	Parmar et al.	Jan 2003	A1
20030023873	Ben-Itzhak	Jan 2003	A1
20030035409	Wang et al.	Feb 2003	A1
20030035420	Niu	Feb 2003	A1
20030061506	Cooper et al.	Mar 2003	A1
20030091028	Chang et al.	May 2003	A1
20030131245	Linderman	Jul 2003	A1
20030135625	Fontes et al.	Jul 2003	A1
20030195962	Kikuchi et al.	Oct 2003	A1
20040010545	Pandya	Jan 2004	A1
20040062246	Boucher et al.	Apr 2004	A1
20040073703	Boucher et al.	Apr 2004	A1
20040078419	Ferrari et al.	Apr 2004	A1
20040078480	Boucher et al.	Apr 2004	A1
20040103315	Cooper et al.	May 2004	A1
20040111516	Cain	Jun 2004	A1
20040128312	Shalabi et al.	Jul 2004	A1
20040139057	Hirata et al.	Jul 2004	A1
20040139108	Tang et al.	Jul 2004	A1
20040141005	Banatwala et al.	Jul 2004	A1
20040143599	Shalabi et al.	Jul 2004	A1
20040187032	Gels et al.	Sep 2004	A1
20040199616	Karhu	Oct 2004	A1
20040199646	Susai et al.	Oct 2004	A1
20040202182	Lund et al.	Oct 2004	A1
20040210623	Hydrie et al.	Oct 2004	A1
20040210663	Phillips et al.	Oct 2004	A1
20040213158	Collett et al.	Oct 2004	A1
20040250059	Ramelson et al.	Dec 2004	A1
20050005207	Herneque	Jan 2005	A1
20050009520	Herrero et al.	Jan 2005	A1
20050021848	Jorgenson	Jan 2005	A1
20050027862	Nguyen et al.	Feb 2005	A1
20050036501	Chung et al.	Feb 2005	A1
20050036511	Baratakke et al.	Feb 2005	A1
20050039033	Meyers et al.	Feb 2005	A1
20050044270	Grove et al.	Feb 2005	A1
20050074013	Hershey et al.	Apr 2005	A1
20050080890	Yang et al.	Apr 2005	A1
20050102400	Nakahara et al.	May 2005	A1
20050125276	Rusu	Jun 2005	A1
20050163073	Heller et al.	Jul 2005	A1
20050198335	Brown et al.	Sep 2005	A1
20050213586	Cyganski et al.	Sep 2005	A1
20050240989	Kim et al.	Oct 2005	A1
20050249225	Singhal	Nov 2005	A1
20050259586	Hatid et al.	Nov 2005	A1
20050281190	McGee et al.	Dec 2005	A1
20060023721	Miyake et al.	Feb 2006	A1
20060036610	Wang	Feb 2006	A1
20060036733	Fujimoto et al.	Feb 2006	A1
20060041745	Parnes	Feb 2006	A1
20060064478	Sirkin	Mar 2006	A1
20060069774	Chen et al.	Mar 2006	A1
20060069804	Miyake et al.	Mar 2006	A1
20060077926	Rune	Apr 2006	A1
20060092950	Arregoces et al.	May 2006	A1
20060098645	Walkin	May 2006	A1
20060112170	Sirkin	May 2006	A1
20060164978	Werner et al.	Jul 2006	A1
20060168319	Trossen	Jul 2006	A1
20060187901	Cortes et al.	Aug 2006	A1
20060190997	Mahajani et al.	Aug 2006	A1
20060209789	Gupta et al.	Sep 2006	A1
20060230129	Swami et al.	Oct 2006	A1
20060233100	Luft et al.	Oct 2006	A1
20060251057	Kwon et al.	Nov 2006	A1
20060277303	Hegde et al.	Dec 2006	A1
20060280121	Matoba	Dec 2006	A1
20070019543	Wei et al.	Jan 2007	A1
20070022479	Sikdar et al.	Jan 2007	A1
20070076653	Park et al.	Apr 2007	A1
20070086382	Narayanan et al.	Apr 2007	A1
20070094396	Takano et al.	Apr 2007	A1
20070118881	Mitchell et al.	May 2007	A1
20070124502	Li	May 2007	A1
20070156919	Potti et al.	Jul 2007	A1
20070165622	O'Rourke et al.	Jul 2007	A1
20070180119	Khivesara et al.	Aug 2007	A1
20070185998	Touitou et al.	Aug 2007	A1
20070195792	Chen et al.	Aug 2007	A1
20070230337	Igarashi et al.	Oct 2007	A1
20070242738	Park et al.	Oct 2007	A1
20070243879	Park et al.	Oct 2007	A1
20070245090	King	Oct 2007	A1
20070248009	Petersen	Oct 2007	A1
20070259673	Willars et al.	Nov 2007	A1
20070283429	Chen et al.	Dec 2007	A1
20070286077	Wu	Dec 2007	A1
20070288247	Mackay	Dec 2007	A1
20070294209	Strub et al.	Dec 2007	A1
20080016161	Tsirtsis et al.	Jan 2008	A1
20080031263	Ervin et al.	Feb 2008	A1
20080076432	Senarath et al.	Mar 2008	A1
20080101396	Miyata	May 2008	A1
20080109452	Patterson	May 2008	A1
20080109554	Jing	May 2008	A1
20080109870	Sherlock et al.	May 2008	A1
20080120129	Seubert et al.	May 2008	A1
20080134332	Keohane et al.	Jun 2008	A1
20080162679	Maher et al.	Jul 2008	A1
20080225722	Khemani et al.	Sep 2008	A1
20080228781	Chen et al.	Sep 2008	A1
20080250099	Shen et al.	Oct 2008	A1
20080253390	Das et al.	Oct 2008	A1
20080263209	Pisharody et al.	Oct 2008	A1
20080271130	Ramamoorthy	Oct 2008	A1
20080282254	Blander et al.	Nov 2008	A1
20080291911	Lee et al.	Nov 2008	A1
20080298303	Tsirtsis	Dec 2008	A1
20090024722	Sethuraman et al.	Jan 2009	A1
20090031415	Aldridge et al.	Jan 2009	A1
20090049198	Blinn et al.	Feb 2009	A1
20090070470	Bauman et al.	Mar 2009	A1
20090077651	Poeluev	Mar 2009	A1
20090092124	Singhal et al.	Apr 2009	A1
20090106830	Maher	Apr 2009	A1
20090138606	Moran et al.	May 2009	A1
20090138945	Savchuk	May 2009	A1
20090141634	Rothstein et al.	Jun 2009	A1
20090164614	Christian et al.	Jun 2009	A1
20090172093	Matsubara	Jul 2009	A1
20090213858	Dolganow et al.	Aug 2009	A1
20090222583	Josefsberg et al.	Sep 2009	A1
20090227228	Hu et al.	Sep 2009	A1
20090228547	Miyaoka et al.	Sep 2009	A1
20090262741	Jungck et al.	Oct 2009	A1
20090271472	Scheifler et al.	Oct 2009	A1
20090285196	Lee et al.	Nov 2009	A1
20090313379	Rydnell et al.	Dec 2009	A1
20100008229	Bi et al.	Jan 2010	A1
20100023621	Ezolt et al.	Jan 2010	A1
20100036952	Hazlewood et al.	Feb 2010	A1
20100054139	Chun et al.	Mar 2010	A1
20100061319	Aso et al.	Mar 2010	A1
20100064008	Yan et al.	Mar 2010	A1
20100082787	Kommula et al.	Apr 2010	A1
20100083076	Ushiyama	Apr 2010	A1
20100094985	Abu-Samaha et al.	Apr 2010	A1
20100095018	Khemani et al.	Apr 2010	A1
20100098417	Tse-Au	Apr 2010	A1
20100106833	Banerjee et al.	Apr 2010	A1
20100106854	Kim et al.	Apr 2010	A1
20100128606	Patel et al.	May 2010	A1
20100162378	Jayawardena et al.	Jun 2010	A1
20100205310	Altshuler et al.	Aug 2010	A1
20100210265	Borzsei et al.	Aug 2010	A1
20100217793	Preiss	Aug 2010	A1
20100217819	Chen et al.	Aug 2010	A1
20100223630	Degenkolb et al.	Sep 2010	A1
20100228819	Wei	Sep 2010	A1
20100235507	Szeto et al.	Sep 2010	A1
20100235522	Chen et al.	Sep 2010	A1
20100235880	Chen et al.	Sep 2010	A1
20100238828	Russell	Sep 2010	A1
20100265824	Chao et al.	Oct 2010	A1
20100268814	Cross et al.	Oct 2010	A1
20100293296	Hsu et al.	Nov 2010	A1
20100312740	Clemm et al.	Dec 2010	A1
20100318631	Shukla	Dec 2010	A1
20100322252	Suganthi et al.	Dec 2010	A1
20100330971	Selitser et al.	Dec 2010	A1
20100333101	Pope et al.	Dec 2010	A1
20110007652	Bai	Jan 2011	A1
20110019550	Bryers et al.	Jan 2011	A1
20110023071	Li et al.	Jan 2011	A1
20110029599	Pulleyn et al.	Feb 2011	A1
20110032941	Quach et al.	Feb 2011	A1
20110040826	Chadzelek et al.	Feb 2011	A1
20110047294	Singh et al.	Feb 2011	A1
20110060831	Ishii et al.	Mar 2011	A1
20110083174	Aldridge et al.	Apr 2011	A1
20110093522	Chen et al.	Apr 2011	A1
20110099403	Miyata et al.	Apr 2011	A1
20110099623	Garrard et al.	Apr 2011	A1
20110110294	Valluri et al.	May 2011	A1
20110145324	Reinart et al.	Jun 2011	A1
20110149879	Noriega et al.	Jun 2011	A1
20110153834	Bharrat	Jun 2011	A1
20110178985	San Martin Arribas et al.	Jul 2011	A1
20110185073	Jagadeeswaran et al.	Jul 2011	A1
20110191773	Pavel et al.	Aug 2011	A1
20110196971	Reguraman et al.	Aug 2011	A1
20110276695	Maldaner	Nov 2011	A1
20110276982	Nakayama et al.	Nov 2011	A1
20110289496	Steer	Nov 2011	A1
20110292939	Subramaian et al.	Dec 2011	A1
20110302256	Sureshehandra et al.	Dec 2011	A1
20110307541	Walsh et al.	Dec 2011	A1
20120008495	Shen et al.	Jan 2012	A1
20120023231	Ueno	Jan 2012	A1
20120026897	Guichard et al.	Feb 2012	A1
20120030341	Jensen et al.	Feb 2012	A1
20120066371	Patel et al.	Mar 2012	A1
20120084419	Kannan et al.	Apr 2012	A1
20120084460	McGinnity et al.	Apr 2012	A1
20120106355	Ludwig	May 2012	A1
20120117382	Larson et al.	May 2012	A1
20120117571	Davis et al.	May 2012	A1
20120144014	Natham et al.	Jun 2012	A1
20120144015	Jalan et al.	Jun 2012	A1
20120151353	Joanny	Jun 2012	A1
20120170548	Rajagopalan et al.	Jul 2012	A1
20120173759	Agarwal et al.	Jul 2012	A1
20120191839	Maynard	Jul 2012	A1
20120215910	Wada	Aug 2012	A1
20120239792	Banerjee et al.	Sep 2012	A1
20120240185	Kapoor et al.	Sep 2012	A1
20120290727	Tivig	Nov 2012	A1
20120297046	Raja et al.	Nov 2012	A1
20130046876	Narayana et al.	Feb 2013	A1
20130058335	Koponen et al.	Mar 2013	A1
20130074177	Varadhan et al.	Mar 2013	A1
20130083725	Mallya et al.	Apr 2013	A1
20130100958	Jalan et al.	Apr 2013	A1
20130124713	Feinberg et al.	May 2013	A1
20130135996	Torres et al.	May 2013	A1
20130136139	Zheng et al.	May 2013	A1
20130148500	Sonoda et al.	Jun 2013	A1
20130166762	Jalan et al.	Jun 2013	A1
20130173795	McPherson	Jul 2013	A1
20130176854	Chisu et al.	Jul 2013	A1
20130191486	Someya et al.	Jul 2013	A1
20130198385	Han et al.	Aug 2013	A1
20130250765	Ehsan et al.	Sep 2013	A1
20130258846	Damola	Oct 2013	A1
20130282791	Kruglick	Oct 2013	A1
20140012972	Han	Jan 2014	A1
20140089500	Sankar et al.	Mar 2014	A1
20140164617	Jalan et al.	Jun 2014	A1
20140169168	Jalan et al.	Jun 2014	A1
20140207845	Han et al.	Jul 2014	A1
20140258465	Li	Sep 2014	A1
20140258536	Chiong	Sep 2014	A1
20140269728	Jalan et al.	Sep 2014	A1
20140286313	Fu et al.	Sep 2014	A1
20140298091	Carlen et al.	Oct 2014	A1
20140330982	Jalan et al.	Nov 2014	A1
20140334485	Jain et al.	Nov 2014	A1
20140359052	Joachimpillai	Dec 2014	A1
20150039671	Jalan et al.	Feb 2015	A1
20150215436	Kancherla	Jul 2015	A1
20150237173	Virkki et al.	Aug 2015	A1
20150244566	Puimedon	Aug 2015	A1
20150281087	Jalan et al.	Oct 2015	A1
20150281104	Golshan et al.	Oct 2015	A1
20150296058	Jalan et al.	Oct 2015	A1
20150312092	Golshan et al.	Oct 2015	A1
20150312268	Ray	Oct 2015	A1
20150333988	Jalan et al.	Nov 2015	A1
20150334086	Zhao	Nov 2015	A1
20150350048	Sampat et al.	Dec 2015	A1
20150350379	Jalan et al.	Dec 2015	A1
20160014052	Han	Jan 2016	A1
20160014126	Jalan et al.	Jan 2016	A1
20160036778	Chen et al.	Feb 2016	A1
20160042014	Jalan et al.	Feb 2016	A1
20160043901	Sankar et al.	Feb 2016	A1
20160044095	Sankar et al.	Feb 2016	A1
20160050233	Chen et al.	Feb 2016	A1
20160088074	Kannan et al.	Mar 2016	A1
20160105395	Chen et al.	Apr 2016	A1
20160105446	Chen et al.	Apr 2016	A1
20160119287	Khazan	Apr 2016	A1
20160119382	Chen et al.	Apr 2016	A1
20160139910	Ramanathan et al.	May 2016	A1
20160156708	Jalan et al.	Jun 2016	A1
20160173579	Jalan et al.	Jun 2016	A1

Foreign Referenced Citations (86)

Number	Date	Country
1372662	Oct 2002	CN
1408089	Apr 2003	CN
1449618	Oct 2003	CN
1473300	Feb 2004	CN
1529460	Sep 2004	CN
1575582	Feb 2005	CN
1714545	Dec 2005	CN
1725702	Jan 2006	CN
1910869	Feb 2007	CN
101004740	Jul 2007	CN
101094225	Dec 2007	CN
101163336	Apr 2008	CN
101169785	Apr 2008	CN
101189598	May 2008	CN
101247349	Aug 2008	CN
101261644	Sep 2008	CN
101442425	May 2009	CN
0N101682532	Mar 2010	CN
101946493	Jan 2011	CN
0N102123156	Jul 2011	CN
102238226	Nov 2011	CN
102546590	Jul 2012	CN
102918801	Feb 2013	CN
103533018	Jan 2014	CN
103944954	Jul 2014	CN
104796396	Jul 2015	CN
102577252	Mar 2016	CN
102918801	May 2016	CN
102571742	Jul 2016	CN
1209876	May 2002	EP
1770915	Apr 2007	EP
1885096	Feb 2008	EP
02296313	Mar 2011	EP
2577910	Apr 2013	EP
2760170	Jul 2014	EP
2772026	Sep 2014	EP
2760170	Dec 2015	EP
261CHE2014	Jul 2016	IN
H09-097233	Apr 1997	JP
1999096128	Apr 1999	JP
H11-338836	Oct 1999	JP
2000276432	Oct 2000	JP
2000307634	Nov 2000	JP
2001051859	Feb 2001	JP
2001298449	Oct 2001	JP
2002091936	Mar 2002	JP
2003141068	May 2003	JP
2003186776	Jul 2003	JP
2005141441	Jun 2005	JP
2006332825	Dec 2006	JP
2008040718	Feb 2008	JP
2013528330	May 2011	JP
5855663	Dec 2015	JP
5906263	Apr 2016	JP
5946189	Jun 2016	JP
10-0830413	May 2008	KR
1020120117461	Aug 2013	KR
101576585	Dec 2015	KR
101632187	Jun 2016	KR
269763	Feb 1996	TW
425821	Mar 2001	TW
444478	Jul 2001	TW
0113228	Feb 2001	WO
2001014990	Mar 2001	WO
WO2001045349	Jun 2001	WO
2003103237	Dec 2003	WO
WO2004084085	Sep 2004	WO
WO2006098033	Sep 2006	WO
2008053954	May 2008	WO
WO2008078593	Jul 2008	WO
2011049770	Apr 2011	WO
WO2011079381	Jul 2011	WO
2012050747	Apr 2012	WO
2012075237	Jun 2012	WO
2013081952	Jun 2013	WO
2013096019	Jun 2013	WO
2013112492	Aug 2013	WO
WO2014031046	Feb 2014	WO
2014052099	Apr 2014	WO
2014088741	Jun 2014	WO
2014093829	Jun 2014	WO
WO2014138483	Sep 2014	WO
WO2014144837	Sep 2014	WO
WO2014179753	Nov 2014	WO
WO2015153020	Oct 2015	WO
WO2015164026	Oct 2015	WO

Non-Patent Literature Citations (17)

Entry
Cardellini et al., “Dynamic Load Balancing on Web-server Systems”, IEEE Internet Computing, vol. 3, No. 3, pp. 28-39, May-Jun. 1999.
Hunt et al. NetDispatcher: A TCP Connection Router, IBM Research Report RC 20853 May 19, 1997.
Spatscheck et al., “Optimizing TCP Forwarder Performance”, IEEE/ACM Transactions on Networking, vol. 8, No. 2, Apr. 2000.
Kjaer et al. “Resource allocation and disturbance rejection in web servers using SLAs and virtualized servers”, IEEE on Transactions on Network and Service Management, IEEE, US, vol. 6, No. 4, Dec. 1, 2009.
Sharifian et al. “An approximation-based load-balancing algorithm with admission control for cluster web servers with dynamic workloads”, The Journal of Supercomputing, Kluwer Academic Publishers, BO, vol. 53, No. 3, Jul. 3, 2009.
Koike et al., “Transport Middleware for Network-Based Control,” IEICE Technical Report, Jun. 22, 2000, vol. 100, No. 53, pp. 13-18.
Yamamoto et al., “Performance Evaluation of Window Size in Proxy-based TCP for Multi-hop Wireless Networks,” IPSJ SIG Technical Reports, May 15, 2008, vol. 2008, No. 44, pp. 109-114.
Abe et al., “Adaptive Split Connection Schemes in Advanced Relay Nodes,” IEICE Technical Report, Feb. 22, 2010, vol. 109, No. 438, pp. 25-30.
Gite, Vivek, “Linux Tune Network Stack (Buffers Size) to Increase Networking Performance,” nixCraft [online], Jul. 8, 2009 [retreived on Apr. 13, 2016], Retreived from the Internt: <URL:http://www.cyberciti.biz/faq/linux-tcp-tuning/>.
FreeBSD, “tcp—TCP Protocol,” Linux Programmer's Manual [online], Nov. 25, 2007 [retreived on Apr. 13, 2016], Retreived from the Internet: <URL:https://www.freebsd.org/cgi/man.cgi?query=tcp&apropos=0&sektion=7&manpath=SuSE+Linux%2Fi386+11.0&format=asci>.
“Enhanced Interior Gateway Routing Protocol”, Cisco, Document ID 16406, Sep. 9, 2005 update, 43 pages.
Crotti, Manuel et al., “Detecting HTTP Tunnels with Statistical Mechanisms”, IEEE International Conference on Communications, Jun. 24-28, 2007, pp. 6162-6168.
Haruyama, Takahiro et al., “Dial-to-Connect VPN System for Remote DLNA Communication”, IEEE Consumer Communications and Networking Conference, CCNC 2008. 5th IEEE, Jan. 10-12, 2008, pp. 1224-1225.
Chen, Jianhua et al., “SSL/TLS-based Secure Tunnel Gateway System Design and Implementation”, IEEE International Workshop on Anti-counterfeiting, Security, Identification, Apr. 16-18, 2007, pp. 258-261.
“EIGRP MPLS VPN PE-CE Site of Origin (SoO)”, Cisco Systems, Feb. 28, 2006, 14 pages.
Search Report dated Jul. 5, 2017 for Chinese Application No. 2014107207243.
Office Action dated Dec. 8, 2017 for Chinese Application No. 201410720724.3.

Related Publications (1)

	Number	Date	Country
	20150156223 A1	Jun 2015	US

Network proxy layer for policy-based application proxies

Information

Patent Number

Date Filed

Date Issued

Inventors

Original Assignees

Examiners

Agents

CPC

Field of Search

US

International Classifications