Patent application number | Description | Published |
20080212484 | Tracing connection paths through transparent proxies - In one embodiment, a method for tracing a connection path from a source node to a destination node through a network having one or more transparent proxies includes generating a trace packet at the source node, transmitting the trace packet over the network towards the destination node, and receiving trace response packets in response to transmission of the trace packet. The trace response packets include a packet from the destination node and a packet from each of the transparent proxies in a data path from the source node to the destination node. Each of the packets from the transparent proxies includes an identifier of the transparent proxy transmitting the packet. The method further includes identifying the transparent proxies in the connection path based on information in the trace response packets. An apparatus for tracing a connection path is also disclosed. | 09-04-2008 |
20100061253 | Tracing connection paths through transparent proxies - In one embodiment, a method for tracing a connection path from a source node to a destination node through a network having one or more transparent proxies includes generating a trace packet at the source node, transmitting the trace packet over the network towards the destination node, and receiving trace response packets in response to transmission of the trace packet. The trace response packets include a packet from the destination node and a packet from each of the transparent proxies in a data path from the source node to the destination node. Each of the packets from the transparent proxies includes an identifier of the transparent proxy transmitting the packet. The method further includes identifying the transparent proxies in the connection path based on information in the trace response packets. An apparatus for tracing a connection path is also disclosed. | 03-11-2010 |
20130031269 | Handling Perceived Packet Loops With Transparent Network Services - Techniques are provided to detect and correct for packet loops associated with network traffic that passes through a wide-area application services (WAAS) device in a data center network environment. The WAAS device receives a packet from a device in a first data center. The WAAS device determines the directionality of the packet relative to a destination device of the packet. The WAAS device also determines whether the packet has an indicator that associates the packet with the WAAS device. Based on whether the packet has an indicator that associates the packet with the wide area application services device, the WAAS device inserts an indicator within the packet when the directionality of the packet indicates that the packet is to be transmitted across a wide area network (WAN), wherein the indicator comprises information that associates the packet with the WAAS device. The WAAS device forwards the packet to a network based on its directionality. | 01-31-2013 |
20130073743 | Services controlled session based flow interceptor - In one embodiment, a method includes receiving session information at a traffic interceptor in communication with a plurality of service devices, the session information transmitted from one of the service devices and identifying flows associated with a session and the service device associated with the session, storing the session information at the traffic interceptor, and transmitting traffic received at the traffic interceptor to the service device selected based on the session information. An apparatus is also disclosed. | 03-21-2013 |
20130163470 | TRAFFIC OPTIMIZATION OVER NETWORK LINK - In one embodiment, a method includes receiving a TCP (Transmission Control Protocol) packet at a service device configured to optimize traffic over a network link, inserting a discovery identifier in the TCP packet, encapsulating the TCP packet in a UDP (User Datagram Protocol) packet, and transmitting the UDP packet over the network link. An apparatus is also disclosed. | 06-27-2013 |
20130238811 | Accelerating UDP Traffic - Systems and methods are disclosed for the acceleration of UDP traffic. tive action may be taken. Dynamic TCP tunnels may be established as the traffic flows from a source to a destination device. As the present approach is dynamic, the operational complexities are drastically reduced/eliminated. High availability systems become much easier to implement with acceleration that is dynamic and adapts to the traffic flow. | 09-12-2013 |
20130339727 | WAN Optimization Without Required User Configuration for WAN Secured VDI Traffic - In order for intermediary WAAS devices to process and accelerate ICA traffic, they must decrypt the ICA traffic in order to examine it. Disclosed is a mechanism by which the ICA traffic may be re-encrypted for transport over the WAN in a manner that does not require explicit configuration by the administrator of the WAAS devices. For example, VDI traffic may be intercepted and all data redundancy elimination messages may be encrypted and sent to a peer network device. | 12-19-2013 |
20160080195 | METHODS AND SYSTEMS FOR SERIAL DEVICE REPLACEMENT WITHIN A BRANCH ROUTING ARCHITECTURE - A method includes deploying in series a plurality of configurable devices in a network configured to communicate with one another via a protocol for exchanging state information wherein at least one of the plurality of configurable devices is in an active state and at least one of the plurality of devices is in a standby state, detecting, by the at least one of the plurality of configurable devices in a standby state, a failure of a configurable device in an active state via a protocol and switching the at least one configurable device in a standby state to an active state. | 03-17-2016 |
20160080211 | METHODS AND SYSTEMS FOR CONTROLLER-BASED DATA FORWARDING RULES WITHOUT ROUTING PROTOCOLS - A method includes determining a plurality of network segments comprising a network, determining a manner in which the plurality of segments are connected, determining network segments and how segments are connected, at least in part, without a routing protocol, discovering a plurality of external network segments via a hub device associated with the network and utilizing the plurality of network segments comprising the network, the manner in which the plurality of segments are connected and the plurality of external network segments. | 03-17-2016 |
20160080212 | METHODS AND SYSTEMS FOR MULTI-TENANT CONTROLLER BASED MAPPING OF DEVICE IDENTITY TO NETWORK LEVEL IDENTITY - A method includes executing at a controller a horizontally scalable service Identity Definitions Manager (IDM) Service, mapping active directory (AD) domains to WAN network elements DNS ROLE and LDAP ROLE, instructing a plurality of network elements associated with a tenant to discover a plurality of AD domains and AD servers in an enterprise using the DNS ROLE, receiving from the plurality of network elements running DNS ROLE information indicative of changes to network attributes selected from the group consisting of AD domains, additions and subtractions of AD servers and changes in an IP address of AD servers and transmitting the received AD domains and AD servers to a tenant administrator and requesting credentials to communicate with added AD servers using LDAP. | 03-17-2016 |
20160080221 | METHODS AND SYSTEMS FOR CONTROLLER-BASED NETWORK TOPOLOGY IDENTIFICATION, SIMULATION AND LOAD TESTING - A method includes receiving information describing an addition of a first site comprising at least one application to an existing network wherein the information is selected from the group consisting of type of site, planned connectivity to the site and planned policies for the site and estimating an impact on the operation of the at least one application and associated network traffic using statistical analysis of monitored data collected from a second site similar to the first site. | 03-17-2016 |
20160080225 | METHODS AND SYSTEMS FOR TIME-BASED APPLICATION DOMAIN CLASSIFICATION AND MAPPING - A method includes detecting at a device on a network an application having an anchor domain, marking the application with a traffic source having an entry point domain that accessed the application and a time of detection and designating network flows from the traffic source within a predetermined time from the time of detection as belonging to the application. | 03-17-2016 |
20160080230 | METHODS AND SYSTEMS FOR DETECTION OF ASYMMETRIC NETWORK DATA TRAFFIC AND ASSOCIATED NETWORK DEVICES - A method includes monitoring a plurality of network devices to collect network performance data comprising data flow records of each device on the network and to create a network topology database, accessing the network topology database comprising information on an entry and exit point of each device, the manner in which the devices are connected and a plurality of data flow records on a single data flow from multiple devices on the network and utilizing the network topology database to perform an asymmetric detection algorithm to identify one or more data flows that exited a device via a first path and returned to the device via a different second path. | 03-17-2016 |
20160080250 | METHODS AND SYSTEMS FOR BUSINESS INTENT DRIVEN POLICY BASED NETWORK TRAFFIC CHARACTERIZATION, MONITORING AND CONTROL - A method includes determining a network requirement for at least one application, dynamically determining a link suitable for data transmission in accordance with a policy based at least in part on a current network condition to meet the network requirement and routing one or more application network data flows associated with the at least one application over the link. | 03-17-2016 |
20160080251 | METHODS AND SYSTEMS FOR DYNAMIC PATH SELECTION AND DATA FLOW FORWARDING - A method includes detecting a data flow and an associated originating interface on a network, determining a first link over which to forward the data flow, transmitting the data flow over the determined link, receiving a return data flow and moving a forward direction of the return data flow to a new path if the return data flow arrived via a link other than the first link, wherein all packets following a first packet on the flow are forwarded on the same path as the first packet. | 03-17-2016 |
20160080252 | METHODS AND SYSTEMS FOR APPLICATION SESSION MODELING AND PREDICTION OF GRANULAR BANDWIDTH REQUIREMENTS - A method includes receiving from a networked spoke device information describing network flows to and from an application, analyzing the information to characterize the application in at least one dimension selected from the group consisting of bi-directional bandwidth usage, network response times, application response times, a number of idle and active application sessions and a maximum number of concurrent application sessions and transmitting the dimensions to at least one networked spoke device as traffic profile information. | 03-17-2016 |
20160080268 | METHODS AND SYSTEMS FOR HUB HIGH AVAILABILITY AND NETWORK LOAD AND SCALING - A method includes receiving at a branch device an assigned first hub device and an assigned second hub device associated with a data center, establishing a VPN data tunnel to the assigned first and second hub devices, designating the first hub device as a primary device, designating the second hub device as a secondary device and switching traffic destined for the primary device to the secondary device based, at least in part, on a cost of a link. | 03-17-2016 |
20160080280 | METHODS AND SYSTEMS FOR APPLICATION PERFORMANCE PROFILES, LINK CAPACITY MEASUREMENT, TRAFFIC QUARANTINE AND PERFORMANCE CONTROLS - A method includes issuing a tuned request on a specified active link having an ingress shaper and an egress shaper to a server utilizing a link capacity to an extent in both a forward path and a return path, determining a link capacity for the active link, monitoring the active link and dropping any traffic traveling via the active link when a limit of at least one of the ingress shaper and the egress shaper is exceeded. | 03-17-2016 |
20160080285 | METHODS AND SYSTEMS FOR APPLICATION AND POLICY BASED NETWORK TRAFFIC ISOLATION AND DATA TRANSFER - A method includes allocating an identifier to each of a plurality of policies each comprising a network-isolation identifier associated with a VXWAN directive and transmitting each of the plurality of policies to one or more devices in a network. | 03-17-2016 |
20160080502 | METHODS AND SYSTEMS FOR CONTROLLER-BASED SECURE SESSION KEY EXCHANGE OVER UNSECURED NETWORK PATHS - A method includes generating at a multi-tenant controller on a network a common shared secret for establishing a link between a first site and a second site, transmitting the shared secret to each of the first site and the second site over a secured channel, assigning a wall clock based start and end validity period for the shared secret, sending the shared secret with a future validity to allow secure link communication to continue if one or more elements in both sites cannot communicate with the multi-tenant controller and using a separate shared secret per link per VXWAN. | 03-17-2016 |