公开(公告)号：WO2012050747A3

公开(公告)日：2012-05-31

申请号：PCT/US2011052225

申请日：2011-09-19

Applicant: A10 NETWORKS INC ,  KANNAN LALGUDI NARAYANAN ,  SZETO RONALD WAI LUN ,  CHEN LEE ,  XU FEILONG ,  JALAN RAJKUMAR

Inventor： KANNAN LALGUDI NARAYANAN ,  SZETO RONALD WAI LUN ,  CHEN LEE ,  XU FEILONG ,  JALAN RAJKUMAR

IPC: H04L12/24 ,  G06F15/16 ,  H04L29/06

CPC classification number: H04L67/1008 ,  H04L67/02 ,  H04L67/1002

Abstract: A method, system, and computer program product for balancing servers based on server load status, include: receiving from a server a service response to a service request, the service response including a result from a processing of the service request and a server status indicating a computing load status of the server; obtaining the server status from the service response; receiving a next service request from a host, the next service request comprising a Uniform Resource Locator (URL); determining that the server is configured to process the URL; determining whether the server status indicates that the server is available to process the next service request; and in response to determining that the server status indicates that the server is available to process the next service request, sending the next service request to the server.

Abstract translation: 一种用于基于服务器负载状态来平衡服务器的方法，系统和计算机程序产品，包括：从服务器接收对服务请求的服务响应，所述服务响应包括来自服务请求的处理的结果和指示服务器状态 服务器的计算负载状态; 从服务响应中获得服务器状态; 接收来自主机的下一个服务请求，所述下一个服务请求包括统一资源定位符（URL）; 确定服务器被配置为处理该URL; 确定服务器状态是否指示服务器可用于处理下一服务请求; 以及响应于确定服务器状态指示服务器可用于处理下一服务请求，向服务器发送下一服务请求。

公开(公告)号：WO2011149796A3

公开(公告)日：2012-04-19

申请号：PCT/US2011037475

申请日：2011-05-20

Applicant: A10 NETWORKS INC ,  CHEN LEE ,  CHIONG JOHN ,  OSHIBA DENNIS

Inventor： CHEN LEE ,  CHIONG JOHN ,  OSHIBA DENNIS

IPC: H04L12/22 ,  H04L29/06

CPC classification number: H04L63/0263 ,  G06F21/00 ,  G06F21/44 ,  H04L12/66 ,  H04L51/04 ,  H04L63/02 ,  H04L63/0227 ,  H04L63/0236 ,  H04L63/0245 ,  H04L63/0254 ,  H04L63/029 ,  H04L63/0407 ,  H04L63/08 ,  H04L63/10 ,  H04L63/102 ,  H04L63/105 ,  H04L63/164 ,  H04L63/168 ,  H04L63/20 ,  H04L63/30 ,  H04L65/1026 ,  H04L67/10 ,  H04L67/1004 ,  H04L67/104 ,  H04L67/141 ,  H04L67/22 ,  H04L67/306 ,  H04L67/42 ,  H04L69/28 ,  H04L69/329 ,  H04M1/72547 ,  H04W12/00

Abstract: Method for applying a security policy to an application session, includes: recognizing the application session between a network and an application via a security gateway; determining by the security gateway a user identity of the application session using information about the application session; obtaining by the security gateway the security policy comprising network parameters mapped to the user identity; and applying the security policy to the application session by the security gateway. The user identity may be a network user identity or an application user identity recognized from packets of the application session. The security policy may comprise a network traffic policy mapped and/or a document access policy mapped to the user identity, where the network traffic policy is applied to the application session. The security gateway may further generate a security report concerning the application of the security policy to the application session.

Abstract translation: 将安全策略应用于应用会话的方法包括：通过安全网关识别网络与应用之间的应用会话; 使用关于应用会话的信息由安全网关确定应用会话的用户身份; 由安全网关获取包括映射到用户身份的网络参数的安全策略; 并将安全策略应用于安全网关的应用会话。 用户身份可以是从应用会话的分组识别的网络用户身份或应用用户身份。 安全策略可以包括被映射的网络流量策略和/或映射到用户身份的文档访问策略，其中将网络流量策略应用于应用会话。 安全网关还可以生成关于安全策略应用于应用会话的安全报告。

公开(公告)号：WO2011049770A2

公开(公告)日：2011-04-28

申请号：PCT/US2010/052209

申请日：2010-10-12

Applicant: A10 NETWORKS INC. ,  CHEN, Lee ,  CHIONG, John

Inventor： CHEN, Lee ,  CHIONG, John

IPC: H04L12/28

CPC classification number: H04L41/12 ,  H04L29/12066 ,  H04L61/1511 ,  H04L67/1002 ,  H04L67/1021 ,  H04L67/1036

Abstract: A method and system to determine a web server based on geo-location information is disclosed. The system includes: a local DNS server coupled to a web client; a plurality of web servers; and a global load balancer coupled to the local DNS server. The global load balancer: receives a request for a web service sent by the web client, the request comprising local DNS server information; determines a geographic location for the local DNs server based on the local DNS server information; determines a web server from the plurality of web servers based on the requested web service; determines a geographic location for the determined web server; determines that the geographic location for the local DNS server matches the geographic location for the determined web server; selects the determined web server; and sends a response comprising information on the selected web server to the local DNS server.

Abstract translation: 公开了一种基于地理位置信息确定Web服务器的方法和系统。 该系统包括：耦合到web客户端的本地DNS服务器; 多个web服务器; 以及耦合到本地DNS服务器的全局负载平衡器。 全局负载平衡器：接收由Web客户端发送的Web服务的请求，该请求包括本地DNS服务器信息; 基于本地DNS服务器信息确定本地DN服务器的地理位置; 基于所请求的web服务从多个web服务器确定web服务器; 确定所确定的web服务器的地理位置; 确定本地DNS服务器的地理位置与确定的Web服务器的地理位置相匹配; 选择确定的Web服务器; 并将包含所选web服务器上的信息的响应发送到本地DNS服务器。

公开(公告)号：WO2018013521A1

公开(公告)日：2018-01-18

申请号：PCT/US2017/041463

申请日：2017-07-11

Applicant: A10 NETWORKS, INC.

Inventor： JALAN, Rajkumar ,  SZETO, Ronald Wai Lun ,  SAMPAT, Rishi ,  LIN, Julia

IPC: G06F11/30 ,  G06F11/34 ,  G06F21/55 ,  H04L29/06

Abstract: Methods and systems are provided for automatically capturing network data for a detected anomaly. In some examples, a network node establishes a baseline usage by applying at least one baselining rule to network traffic to generate baseline statistics, detects an anomaly usage by applying at least one anomaly rule to network traffic and generating an anomaly event, and captures network data according to an anomaly event by triggering at least one capturing rule to be applied to network traffic when an associated anomaly event is generated.

Abstract translation: 提供了用于为检测到的异常自动捕获网络数据的方法和系统。 在一些示例中，网络节点通过将至少一个基线规则应用于网络流量来生成基线统计量，通过将至少一个异常规则应用于网络流量并生成异常事件来检测异常使用，并且捕获网络数据来建立基线使用 根据异常事件，通过触发至少一个捕获规则在发生相关异常事件时应用于网络流量。

公开(公告)号：WO2014179753A2

公开(公告)日：2014-11-06

申请号：PCT/US2014036676

申请日：2014-05-02

Applicant: A10 NETWORKS INC

Inventor： JALAN RAJKUMAR ,  KAMAT GURUDEEP

IPC: H04L29/06

CPC classification number: H04L63/0892 ,  H04L63/1458 ,  H04L63/1466 ,  H04L63/166

Abstract: Facilitation of secure network traffic by an application delivery controller is provided herein. In some examples, a method includes: (a) receiving a data packet with information from a client indicating that the client is a trusted source; (b) embedding in the data packet a transmission control protocol (TCP) options header, the TCP options header comprising information including at least a sequence number for a protocol connection; and (c) forwarding the embedded data packet to a server.

Abstract translation: 本文提供了由应用传送控制器促进安全网络流量。 在一些示例中，一种方法包括：（a）从客户端接收指示客户端是可信源的信息的数据分组; （b）在数据分组中嵌入传输控制协议（TCP）选项报头，所述TCP选项报头包括至少包括用于协议连接的序列号的信息; 和（c）将嵌入的数据分组转发到服务器。

公开(公告)号：WO2014150617A1

公开(公告)日：2014-09-25

申请号：PCT/US2014/023801

申请日：2014-03-11

Applicant: A10 NETWORKS, INC.

Inventor： OSHIBA, Dennis

IPC: G06F15/173

CPC classification number: H04L43/028 ,  H04L43/04 ,  H04L47/2441 ,  H04L67/141 ,  H04L67/146

Abstract: Expertise, for performing classification of a type of network traffic, can be encapsulated in a module. A set of modules, as currently available to a traffic controller, can be referred to as a collection. An improved process, for updating a collection of modules, is presented. A traffic controller can have two or more locations, each storing a module collection. While an old collection remains active, a new collection can be loaded. Once the new collection is loaded, transitioning can be undertaken, on a session-by-session basis that keeps a traffic controller active, from the old collection to the new collection.

Abstract translation: 用于执行一种类型的网络流量分类的专长，可以封装在一个模块中。 当前可用于流量控制器的一组模块可以被称为集合。 提出了一种用于更新模块集合的改进过程。 流量控制器可以具有两个或更多个位置，每个位置存储模块集合。 当旧的集合保持活动状态时，可以加载新的集合。 一旦加载了新的集合，就可以在逐个会话的基础上进行转换，使流量控制器处于活动状态，从旧集合到新集合。

公开(公告)号：WO2012170226A3

公开(公告)日：2013-02-28

申请号：PCT/US2012039782

申请日：2012-05-27

Applicant: A10 NETWORKS INC ,  JALAN RAJKUMAR ,  OSHIBA DENNIS

Inventor： JALAN RAJKUMAR ,  OSHIBA DENNIS

IPC: G06F15/16 ,  G06F9/44

CPC classification number: H04L41/084 ,  H04L29/06 ,  H04L41/0806 ,  H04L41/0816 ,  H04L67/34

Abstract: Synchronization of configuration files of a virtual application distribution chassis, includes: processing a configuration command received by a master blade; updating a first configuration file with the configuration command and an updated tag by the master blade; sending a configuration message by the master blade to the slave blades informing of the updated configuration file, the configuration message comprising the updated tag; in response to receiving the configuration message by a given slave blade of the one or more slave blades, comparing the updated tag in the configuration message with a tag in a second configuration file stored at the given slave blade; and in response to determining that the updated tag in the configuration message is more recent than the tag in the second configuration file stored at the given slave blade, sending a request for the updated configuration file to the master blade by the given slave blade.

Abstract translation: 虚拟应用分发机箱的配置文件同步包括：处理主刀片接收的配置命令; 使用配置命令更新第一配置文件和由主刀片更新的标签; 将所述主刀片的配置消息发送到所述从属刀片，通知所述更新的配置文件，所述配置消息包括所述更新的标签; 响应于由一个或多个从属刀片的给定从属刀片接收配置消息，将配置消息中的更新标签与存储在给定从属刀片上的第二配置文件中的标签进行比较; 并且响应于确定配置消息中的更新的标签比存储在给定从属刀片中的第二配置文件中的标签更新，由给定从属刀片向主刀片发送对更新的配置文件的请求。

公开(公告)号：WO2012170226A2

公开(公告)日：2012-12-13

申请号：PCT/US2012/039782

申请日：2012-05-27

Applicant: A10 NETWORKS INC. ,  JALAN, Rajkumar ,  OSHIBA, Dennis

Inventor： JALAN, Rajkumar ,  OSHIBA, Dennis

IPC: G06F15/16 ,  G06F9/44

CPC classification number: H04L41/084 ,  H04L29/06 ,  H04L41/0806 ,  H04L41/0816 ,  H04L67/34

Abstract: Synchronization of configuration files of a virtual application distribution chassis, includes: processing a configuration command received by a master blade; updating a first configuration file with the configuration command and an updated tag by the master blade; sending a configuration message by the master blade to the slave blades informing of the updated configuration file, the configuration message comprising the updated tag; in response to receiving the configuration message by a given slave blade of the one or more slave blades, comparing the updated tag in the configuration message with a tag in a second configuration file stored at the given slave blade; and in response to determining that the updated tag in the configuration message is more recent than the tag in the second configuration file stored at the given slave blade, sending a request for the updated configuration file to the master blade by the given slave blade.

Abstract translation: 虚拟应用分发机箱的配置文件同步包括：处理主刀片接收的配置命令; 使用配置命令更新第一配置文件和由主刀片更新的标签; 将所述主刀片的配置消息发送到所述从属刀片，通知所述更新的配置文件，所述配置消息包括所述更新的标签; 响应于由一个或多个从属刀片的给定从属刀片接收配置消息，将配置消息中的更新标签与存储在给定从属刀片上的第二配置文件中的标签进行比较; 并且响应于确定配置消息中的更新的标签比存储在给定从属刀片中的第二配置文件中的标签更新，由给定从属刀片向主刀片发送对更新的配置文件的请求。

公开(公告)号：WO2008067013A3

公开(公告)日：2008-09-04

申请号：PCT/US2007079133

申请日：2007-09-21

Applicant: A10 NETWORKS INC ,  CHEN LEE ,  CHIONG JOHN ,  WANG XIN

Inventor： CHEN LEE ,  CHIONG JOHN ,  WANG XIN

IPC: G06F9/00

CPC classification number: H04L63/102 ,  H04L12/66 ,  H04L29/06 ,  H04L61/6022 ,  H04L61/6068 ,  H04L63/02 ,  H04L63/0281 ,  H04L63/04 ,  H04L63/08 ,  H04L63/0853 ,  H04L63/10 ,  H04L63/30 ,  H04L63/308 ,  H04L65/1003 ,  H04L65/1006 ,  H04L65/1069 ,  H04L65/4007 ,  H04L67/14 ,  H04L67/141 ,  H04L67/146

Abstract: The inventive system includes a host, a network including a security gateway, and a public application. Established are an access session between the network and the host and an application session between the public application and the network. An application session record is created for the application session, and includes the user's public user identity used to access the public application, the user's private user identity used to access the network, a host identity, and an application session time. To determine the private user identity for the application session, the security gateway sends a query with the host identity and the application session time. These are compared with the host identity and access session time in an access session record. If they match, then the private user identity in the access session record is returned, and it is stored as the private user identity in the application session record.

Abstract translation: 本发明的系统包括主机，包括安全网关的网络和公共应用。 建立在网络和主机之间的访问会话以及公共应用程序和网络之间的应用程序会话。 为应用会话创建应用会话记录，并且包括用于访问公共应用的用户的公共用户标识，用于访问网络的用户的私有用户标识，主机标识和应用会话时间。 为了确定应用程序会话的私有用户身份，安全网关发送具有主机标识和应用程序会话时间的查询。 这些与访问会话记录中的主机身份和访问会话时间进行比较。 如果匹配，则返回访问会话记录中的私有用户身份，并将其作为私有用户身份存储在应用程序会话记录中。

公开(公告)号：WO2015164027A1

公开(公告)日：2015-10-29

申请号：PCT/US2015/022858

申请日：2015-03-26

Applicant: A10 NETWORKS, INC.

Inventor： KAMAT, Gurudeep ,  SANKAR, Swaminathan

IPC: G06F15/173

CPC classification number: H04L67/10 ,  G06F12/12 ,  H04L67/1008

Abstract: Provided are methods and systems for processing a data packet associated with a service session. The data packet directed to a first servicing node can be received by a forwarding node. The forwarding node can determine that the first servicing node is unavailable. Based on the determination, the forwarding node can select a second servicing node from a plurality of servicing nodes. The selection can be based on a high availability policy. The forwarding node can then send the data packet to the second servicing node.

Abstract translation: 提供了用于处理与服务会话相关联的数据分组的方法和系统。 指向第一服务节点的数据分组可以由转发节点接收。 转发节点可以确定第一服务节点不可用。 基于确定，转发节点可以从多个服务节点中选择第二服务节点。 选择可以基于高可用性策略。 然后，转发节点可以将数据分组发送到第二服务节点。