公开(公告)号：US20180248917A1

公开(公告)日：2018-08-30

申请号：US15967448

申请日：2018-04-30

Applicant: A10 NETWORKS, INC.

Inventor： Rajkumar Jalan ,  Rishi Sampat

IPC: H04L29/06 ,  H04L29/08

Abstract: Provided are methods and systems for configuring a network device with user-defined instruction scripts. The method may commence with receiving a request for a network session between a client device and a server. The method may further include receiving a user-defined class and a user-defined object configuration. The user-defined class and the user-defined object configuration may include the user-defined instruction scripts provided by a user of the client device. The method may further include instructing an object virtual machine to generate at least one user-defined object based on the user-defined class and the user-defined object configuration. The method may continue with instructing an object virtual machine to generate at least one user-defined object based on the user-defined class and the user-defined object configuration.

公开(公告)号：US20180212835A1

公开(公告)日：2018-07-26

申请号：US15928345

申请日：2018-03-22

Applicant: A10 NETWORKS, INC.

Inventor： Lee Chen ,  John Chiong

IPC: H04L12/24 ,  H04L29/08 ,  H04L29/12

CPC classification number: H04L41/12 ,  H04L29/12066 ,  H04L61/1511 ,  H04L67/1002 ,  H04L67/1021 ,  H04L67/1036

Abstract: A method for web service load balancing may commence with receiving, from a local DNS server, a request for a web service. The local DNS server may be coupled to a web client requesting the web service. The request may include local DNS server information. The method may continue with determining a geographic location of the local DNS server based on the local DNS server information. The method may further include selecting a web server from a plurality of web servers based on the web service. The method may continue with determining a geographic location of the web server and determining that the geographic location of the local DNS server matches the geographic location of the web server. The method may further include selecting the web server based on the match. The method may continue with sending a response to the local DNS server.

公开(公告)号：US10021174B2

公开(公告)日：2018-07-10

申请号：US14279270

申请日：2014-05-15

Applicant: A10 Networks, Inc.

Inventor： Swaminathan Sankar ,  Hasnain Karampurwala ,  Rahul Gupta ,  Gurudeep Kamat ,  Rajkumar Jalan

IPC: H04L12/803 ,  H04L29/08 ,  H04L12/725

CPC classification number: H04L67/1004 ,  H04L45/306 ,  H04L67/1012

Abstract: Provided are methods and systems for distributing service sessions from a client device in a service data network. A packet of the service session is received by a forwarding node. The forwarding node determines whether the packet matches a service address associated with the service session. Responsive to the determining, a servicing node associated with the service address is selected based on a forwarding policy. The packet is sent to the selected servicing node. The servicing node determines whether the packet is a service request packet. A server is selected based on a service policy, wherein the server is configured to serve the service session. The packet is sent to the server. Before being received by a forwarding node, the packet is received by a gateway node. The gateway node determines whether the packet matches the service address and selects the forwarding node based on a notification.

公开(公告)号：US10020979B1

公开(公告)日：2018-07-10

申请号：US14225377

申请日：2014-03-25

Applicant: A10 NETWORKS, INC.

Inventor： Dennis Oshiba ,  Hong Xiao

IPC: G06F15/173 ,  H04L12/24

CPC classification number: H04L41/00 ,  H04L41/0896 ,  H04L43/0876

Abstract: Provided are methods and systems for allocating resources in a multi-core computing environment. The method comprises selecting, by one or more processors, at least one dedicated core for execution of a resource allocation algorithm. After selection of the dedicated core, the dedicated core allocates, based on the resource allocation algorithm, a network resource to a client. Furthermore, the dedicated core assigns the network resource to network packets associated with the client for processing by data cores. After the assigning of the network resource, the data cores process the network packets according to the allocated network resource.

公开(公告)号：US20180124169A1

公开(公告)日：2018-05-03

申请号：US15858578

申请日：2017-12-29

Applicant: A10 NETWORKS, INC.

Inventor： Rajkumar Jalan ,  Feilong Xu ,  Lalgudi Narayanan Kannan ,  Ronald Wai Lun Szeto

IPC: H04L29/08 ,  H04L12/66

CPC classification number: H04L67/1027 ,  H04L12/66 ,  H04L67/10 ,  H04L67/142 ,  H04L67/28 ,  H04L67/2819

Abstract: The processing of data packets sent over a communication session between a host and a server by a service gateway includes processing a data packet using a current hybrid-stateful or hybrid-stateless processing method. The processing then checks whether a hybrid-stateless or hybrid-stateful condition is satisfied. When one of the sets of conditions is satisfied, the process includes changing from a hybrid-stateful to a hybrid-stateless processing method, or vice versa, for a subsequently received data packet. If the conditions are not satisfied, the process continues as originally structured.

公开(公告)号：US20180124052A1

公开(公告)日：2018-05-03

申请号：US15858382

申请日：2017-12-29

Applicant: A10 NETWORKS, INC.

Inventor： Rajkumar Jalan ,  Gurudeep Kamat

IPC: H04L29/06

CPC classification number: H04L63/0892 ,  H04L63/1458 ,  H04L63/1466 ,  H04L63/166

Abstract: Facilitation of secure network traffic by an application delivery controller is provided herein. In some examples, a method includes: (a) receiving a data packet with information from a client indicating that the client is a trusted source; (b) embedding in the data packet a transmission control protocol (TCP) options header, the TCP options header comprising information including at least a sequence number for a protocol connection; and (c) forwarding the embedded data packet to a server.

公开(公告)号：US09954899B2

公开(公告)日：2018-04-24

申请号：US15157357

申请日：2016-05-17

Applicant: A10 Networks, Inc.

Inventor： Lee Chen ,  Dennis Oshiba ,  John Chiong

IPC: H04L29/06 ,  H04L29/08 ,  H04L12/725 ,  H04L29/12 ,  G06F21/00 ,  H04L12/58 ,  H04M1/725 ,  H04W12/00

CPC classification number: H04L63/20 ,  G06F21/00 ,  H04L45/308 ,  H04L51/04 ,  H04L61/20 ,  H04L61/2596 ,  H04L61/3065 ,  H04L63/02 ,  H04L63/0227 ,  H04L63/0236 ,  H04L63/029 ,  H04L63/0407 ,  H04L63/08 ,  H04L63/0892 ,  H04L65/1026 ,  H04L67/02 ,  H04L67/06 ,  H04L67/10 ,  H04L67/14 ,  H04L67/22 ,  H04L67/306 ,  H04L67/42 ,  H04L69/22 ,  H04M1/72547 ,  H04W12/00

Abstract: Embodiments of the present technology relate to a method for applying a security policy to an application session, comprising: determining, by a security gateway, a first user identity and a second user identity from a data packet for an application session; obtaining, by the security gateway, a security policy for the application session; and applying the security policy to the application session by the security gateway. The user identity may be a network user identity or an application user identity recognized from packets of the application session. The security policy may comprise a network traffic policy mapped and/or a document access policy mapped to the user identity, where the network traffic policy is applied to the application session. The security gateway may further generate a security report concerning the application of the security policy to the application session.

公开(公告)号：US09806943B2

公开(公告)日：2017-10-31

申请号：US14261310

申请日：2014-04-24

Applicant: A10 NETWORKS, INC.

Inventor： Ali Golshan ,  Swaminathan Sankar ,  Venky Natham

IPC: H04L12/24 ,  H04L29/08

CPC classification number: H04L41/0803 ,  H04L67/1023 ,  H04L67/1027 ,  H04L67/145 ,  H04L67/148 ,  H04L67/34

Abstract: Exemplary embodiments for enabling planned network changes such as an upgrade or downgrade of a network device are disclosed. The systems and methods provide for planned upgrades and downgrades for network devices without impacting existing network sessions, by utilizing two network devices simultaneously, and creating a redirect network session for a predetermined period of time. In so doing, all network traffic may be gradually transferred to the second network device, until the sessions processed by the first network device time out. The first network device can then be taken offline for upgrade or downgrade, without any disruption to the network service or loss of network traffic.

公开(公告)号：US20170289106A1

公开(公告)日：2017-10-05

申请号：US15601954

申请日：2017-05-22

Applicant: A10 NETWORKS, INC.

Inventor： Lee CHEN ,  Dennis OSHIBA ,  John CHIONG

IPC: H04L29/06 ,  H04L12/66 ,  H04L29/08 ,  G06F21/44

CPC classification number: H04L63/0263 ,  G06F21/00 ,  G06F21/44 ,  H04L12/66 ,  H04L51/04 ,  H04L63/02 ,  H04L63/0227 ,  H04L63/0236 ,  H04L63/0245 ,  H04L63/0254 ,  H04L63/029 ,  H04L63/0407 ,  H04L63/08 ,  H04L63/10 ,  H04L63/102 ,  H04L63/105 ,  H04L63/164 ,  H04L63/168 ,  H04L63/20 ,  H04L63/30 ,  H04L65/1026 ,  H04L67/10 ,  H04L67/1004 ,  H04L67/104 ,  H04L67/141 ,  H04L67/22 ,  H04L67/306 ,  H04L67/42 ,  H04L69/28 ,  H04L69/329 ,  H04M1/72547 ,  H04W12/00

Abstract: Applying a security policy to an application session, includes recognizing the application session between a network and an application via a security gateway, determining by the security gateway a user identity of the application session using information about the application session, obtaining by the security gateway the security policy comprising network parameters mapped to the user identity, and applying the security policy to the application session by the security gateway. The user identity may be a network user identity or an application user identity recognized from packets of the application session. The security policy may comprise a network traffic policy mapped and/or a document access policy mapped to the user identity, where the network traffic policy is applied to the application session. The security gateway may further generate a security report concerning the application of the security policy to the application session.

公开(公告)号：US09712493B2

公开(公告)日：2017-07-18

申请号：US15054583

申请日：2016-02-26

Applicant: A10 Networks, Inc.

Inventor： Xin Wang ,  Lee Chen ,  John Chiong

IPC: G06F15/16 ,  H04L29/06 ,  H04L29/08 ,  H04L29/12

CPC classification number: H04L63/102 ,  H04L12/66 ,  H04L29/06 ,  H04L61/6022 ,  H04L61/6068 ,  H04L63/02 ,  H04L63/0281 ,  H04L63/04 ,  H04L63/08 ,  H04L63/0853 ,  H04L63/10 ,  H04L63/30 ,  H04L63/308 ,  H04L65/1003 ,  H04L65/1006 ,  H04L65/1069 ,  H04L65/4007 ,  H04L67/14 ,  H04L67/141 ,  H04L67/146

Abstract: The inventive system includes a host, a network including a security gateway, and a public application. Established are an access session between the network and the host and an application session between the public application and the network. An application session record is created for the application session, and includes the user's public user identity used to access the public application, the user's private user identity used to access the network, a host identity, and an application session time. To determine the private user identity for the application session, the security gateway sends a query with the host identity and the application session time. These are compared with the host identity and access session time in an access session record, if they match, then the private user identity in the access session record is returned, and it is stored as the private user identity in the application session record.