公开(公告)号：US10250475B2

公开(公告)日：2019-04-02

申请号：US15373001

申请日：2016-12-08

Applicant: A10 Networks, Inc.

Inventor： Yichao He ,  Yang Yang ,  Ali Golshan

IPC: H04L12/26 ,  H04L29/12 ,  H04L29/08

Abstract: A method and system for measuring application response delay is described. The method may commence with receiving a Domain Name System (DNS) request from a client DNS server. The method may include measuring round trip time between the client DNS server and a first Global Server Load Balancing (GSLB) controller, between the first GSLB controller and a server load balancer (SLB) collocated with the first GSLB controller, and between the SLB and an application server. The method may further include receiving measurements of round trip time between the client DNS server and a second GSLB controller, between the second GSLB controller and an SLB collocated with the second GSLB controller, and between the second GSLB controller and a further application server. A cumulative response time associated with the application servers may be calculated based on the measurements to select an application server having a lowest cumulative response time.

公开(公告)号：US20190098083A1

公开(公告)日：2019-03-28

申请号：US16203661

申请日：2018-11-29

Applicant: A10 Networks, Inc.

Inventor： Rajkumar Jalan ,  Ronald Wai Lun Szeto ,  Feilong Xu

IPC: H04L29/08 ,  H04L12/859 ,  H04L12/26 ,  H04L12/24 ,  G06F9/50

CPC classification number: H04L67/1008 ,  G06F9/505 ,  H04L41/082 ,  H04L41/5038 ,  H04L41/5096 ,  H04L43/0817 ,  H04L43/16 ,  H04L47/2475 ,  H04L67/14 ,  H04L67/28 ,  H04L67/322

Abstract: Provided are methods and systems for distributing application traffic. A method for distributing application traffic may commence with relaying a first service request for a first service session from a service gateway to a server. The first service request may be received from a host and may be associated with a service request time. The method may further include receiving, from the server, a service response. The service response may be associated with a service response time. The method may continue with calculating a service processing time based on the service request time and the service response time and comparing the service processing time with an expected service processing time. The method may further include receiving, from the host, a second service request for a second service session. The method may continue with selectively relaying the second server request to the server based on the service processing time.

公开(公告)号：US20190098044A1

公开(公告)日：2019-03-28

申请号：US16198981

申请日：2018-11-23

Applicant: A10 Networks, Inc.

Inventor： Rajkumar Jalan ,  Gurudeep Kamat ,  Ronald Wai Lun Szeto

IPC: H04L29/06

CPC classification number: H04L63/1458 ,  H04L63/1416 ,  H04L63/1425

Abstract: Provided are methods and systems for recognizing network devices as trusted. A system for recognizing network devices as trusted may include a network module, a storage device, and a processor. The network module may be configured to receive a request from a network device to establish a data connection between the network device and a server based on a determination that the network device is trusted. The storage device may be configured to store a whitelist associated with a plurality of trusted network devices. The processor may be configured to determine that the network device is trusted. Based on the determination, the processor may associate the network device with the whitelist for a predetermined period of time.

公开(公告)号：US10187377B2

公开(公告)日：2019-01-22

申请号：US15428036

申请日：2017-02-08

Applicant: A10 Networks, Inc.

Inventor： Ali Golshan ,  Xuyang Jiang ,  Yang Yang

IPC: H04L29/06

Abstract: Provided are methods and systems for caching network generated security certificates. An example system may include a security gateway node and a storage module. The security gateway node may be operable to receive, from a client, a session request to establish a secure connection with a server. Based on the session request, the security gateway node may establish a first secure session between the client and the security gateway node and a second secure session between the security gateway node and the server. The security gateway node may receive a server certificate from the server. The security gateway node may match the server certificate against a gateway certificate table. Based on the matching, the security gateway node may receive a gateway certificate associated with the gateway certificate entry that matches the server certificate. The gateway certificate may be used for performing the first secure session.

公开(公告)号：US20180367430A1

公开(公告)日：2018-12-20

申请号：US16052396

申请日：2018-08-01

Applicant: A10 NETWORKS, INC.

Inventor： Liang Han ,  Yang Yang

IPC: H04L12/26 ,  H04L12/24 ,  H04L29/12 ,  H04L12/64

Abstract: Provided are a service gateway and a method for generating secure name records. The method may commence with receiving a name service request from a host. The name service request may include a name. The method may further include obtaining a service server name record from a name service server. The service server name record may include a plurality of name entries corresponding to the name. The method may then continue with generating a plurality of service gateway name records using the name and the plurality of name entries. The method may further include sending a service gateway name record of the plurality of service gateway name records to the host as a response to the name service request.

公开(公告)号：US10110429B2

公开(公告)日：2018-10-23

申请号：US15798236

申请日：2017-10-30

Applicant: A10 NETWORKS, INC.

Inventor： Ali Golshan ,  Swaminathan Sankar ,  Venky Natham

IPC: H04L12/24 ,  H04L29/08

Abstract: Exemplary embodiments for enabling planned network changes such as an upgrade or downgrade of a network device are disclosed. The systems and methods provide for planned upgrades and downgrades for network devices without impacting existing network sessions, by utilizing two network devices simultaneously, and creating a redirect network session for a predetermined period of time. In so doing, all network traffic may be gradually transferred to the second network device, until the sessions processed by the first network device time out. The first network device can then be taken offline for upgrade or downgrade, without any disruption to the network service or loss of network traffic.

公开(公告)号：US20180295182A1

公开(公告)日：2018-10-11

申请号：US16004265

申请日：2018-06-08

Applicant: A10 NETWORKS, INC.

Inventor： Swaminathan Sankar ,  Hasnain Karampurwala ,  Rahul Gupta ,  Gurudeep Kamat ,  Rajkumar Jalan

IPC: H04L29/08 ,  H04L12/725

Abstract: Provided are methods and systems for dynamically distributing a service session from a client device. The method may commence with receiving a packet associated with the service session from the client device by a gateway node. The method may include determining that the packet matches a service address in a forwarding policy. The method may continue with selecting one of a plurality of forwarding nodes for sending the packet to the one of the plurality of forwarding nodes. The method may include receiving the packet of the service session by the one of the plurality of forwarding nodes. The method may continue with determining that the packet matches the service address serviced by a servicing node of a plurality of servicing nodes. The method may further include sending the packet to the servicing node for forwarding the packet to a server by the servicing node.

公开(公告)号：US20180288009A1

公开(公告)日：2018-10-04

申请号：US15473360

申请日：2017-03-29

Applicant: A10 Networks, Inc.

Inventor： Yang Yang ,  Stephen Bafico ,  Xuyang Jiang

IPC: H04L29/06 ,  H04L9/08 ,  H04L9/14

CPC classification number: H04L63/0428 ,  H04L63/06

Abstract: Provided are a method and a system for intercepting secure shell (SSH) sessions. The method may commence with intercepting, by a client-facing SSH gateway, a session request to establish an SSH session between a client and a server. The method may continue with establishing a first SSH session between the client and the client-facing SSH gateway and receiving encrypted data packets of the SSH session from the client via the first SSH session. The client-facing SSH gateway may decrypt the encrypted data packets, establish a communication session with a server-facing SSH gateway, and forward decrypted data packets to the server-facing SSH gateway via the communication session. The server-facing SSH gateway may receive the decrypted data packets, establish a second SSH session between the server-facing SSH gateway and the server, encrypt the decrypted data packets, and forward the encrypted data packets to the server via the second SSH session.

公开(公告)号：US20180262413A1

公开(公告)日：2018-09-13

申请号：US15453757

申请日：2017-03-08

Applicant: A10 Networks, Inc.

Inventor： Saurabh Sureka

IPC: H04L12/26 ,  H04L12/923

Abstract: A method for dynamic allocating of a resource capacity in a cloud computing deployment is disclosed. According to the method, a resource capacity allocation of a network instance is determined and a resource capacity demand of the network instance is monitored. If the resource capacity demand exceeds a first threshold value, the resource capacity allocation of the network instance is increased by allocating additional resource capacity of a shared pool of network instances. However, if the resource capacity demand falls below a second threshold value, the resource capacity allocation of the network instance is decreased by deallocating the additional resource capacity back to the shared pool of network instances.

公开(公告)号：US20180248805A1

公开(公告)日：2018-08-30

申请号：US15967423

申请日：2018-04-30

Applicant: A10 NETWORKS, INC.

Inventor： Gurudeep Kamat ,  Swaminathan Sankar ,  Gennady Dosovitsky ,  Rajkumar Jalan

IPC: H04L12/851 ,  H04L12/927 ,  H04L12/813 ,  H04L29/08 ,  H04L12/803

Abstract: Provided are methods and systems for eliminating a redirection of data traffic in a cluster. An example method may include receiving, by one or more nodes of the cluster, a data packet associated with a service session. The method may include determining, by the node, that the data packet is directed to a further node in the cluster. The method may further include, in response to the determination, acquiring, by the node, a session context associated with the service session. Acquiring the session context may include sending, by the node, a request for the session context to the further node and receiving the session context from the further node. The method may further include processing, by the one or more nodes, the data packet based on the session context.