公开(公告)号：WO2014209660A1

公开(公告)日：2014-12-31

申请号：PCT/US2014/042588

申请日：2014-06-16

Applicant: A10 NETWORKS, INC.

Inventor： THOMPSON, Micheal

IPC: G01S5/14

CPC classification number: H04L63/083 ,  G06F21/31 ,  G06F2221/2111 ,  H04L63/08 ,  H04L63/0876 ,  H04L63/102 ,  H04L63/107 ,  H04L63/108 ,  H04L67/02 ,  H04L67/18 ,  H04L2463/121 ,  H04W4/02 ,  H04W12/06

Abstract: User authentication techniques based on geographical locations associated with a client device is provided. A network connection can be established between two or more host machines and a client device. Upon a request received from the client device by one of these host machines, round trip times of test messages may be measured between the client device and each of the host machines. The round trip times can be utilized to determine the current geographical location of the client device. If the location is within a tolerance geographical area, the client device may be authenticated. Otherwise, the authentication may fail or additional security procedures may be implemented. In some examples, a travel time from a historical geographical location to current geographical location can be determined. This data may be also utilized in the user authentication process.

Abstract translation: 提供了基于与客户端设备相关联的地理位置的用户认证技术。 可以在两台或多台主机和客户端设备之间建立网络连接。 在通过这些主机之一从客户端设备接收到请求时，可以在客户端设备和每个主机之间测量测试消息的往返时间。 可以利用往返时间来确定客户端设备的当前地理位置。 如果位置在公差地理区域内，则客户端设备可以被认证。 否则，认证可能失败或可能实施其他安全程序。 在一些示例中，可以确定从历史地理位置到当前地理位置的旅行时间。 该数据也可以用在用户认证过程中。

公开(公告)号：WO2014176461A1

公开(公告)日：2014-10-30

申请号：PCT/US2014/035365

申请日：2014-04-24

Applicant: A10 NETWORKS, INC.

Inventor： JALAN, Rajkumar ,  SZETO, Ronald Wai Lun ,  WU, Steven

IPC: G06F21/00

CPC classification number: H04L63/1466 ,  H04L63/0876 ,  H04L63/101 ,  H04L63/1458

Abstract: Network access control systems and methods are provided herein. A method includes receiving at a network device a SYN packet from a client device over a network, determining if the client device is a trusted source for the network using the SYN packet, if the client device is a trusted resource, receiving an acknowledgement (ACK) packet from the client device that includes identifying information for the client device plus an additional value, and identifying information for the network device, and establishing a connection with the network for the client device.

Abstract translation: 本文提供了网络访问控制系统和方法。 一种方法包括：在网络设备处通过网络从客户端设备接收SYN分组，确定客户端设备是否是使用SYN分组的网络的可信源，如果客户端设备是可信资源，则接收确认（ACK ）分组，其包括客户端设备的识别信息加上附加值，以及识别网络设备的信息，以及建立与客户端设备的网络的连接。

公开(公告)号：WO2014144837A1

公开(公告)日：2014-09-18

申请号：PCT/US2014/029415

申请日：2014-03-14

Applicant: A10 NETWORKS, INC.

Inventor： JALAN, Rajkumar ,  KAMAT, Gurudeep

IPC: G06F15/173

CPC classification number: H04L45/72 ,  H04L45/306 ,  H04L45/38 ,  H04L45/66

Abstract: Methods and systems are provided for processing data packets in a data network using a policy based network path. A policy enforcing point receives a data packet associated with a service session and routes it toward its destination along a network path which is determined according to data packet information and one or more packet processing criteria. The data packet information may include one or more of information associated with the packet, information associated with prior packets, and information obtained from a network computer. The network path may be selected from a database of network paths. The network path may include an order list of further policy enforcing points and corresponding network application appliances. The policy enforcing point may generate a new data packet based on the data packet and the policy based network path and send the new data packet to a next policy enforcing point.

Abstract translation: 提供了用于使用基于策略的网络路径来处理数据网络中的数据分组的方法和系统。 策略执行点接收与服务会话相关联的数据分组，并沿着根据数据分组信息和一个或多个分组处理标准确定的网络路径向其目的地路由它。 数据分组信息可以包括与分组相关联的信息，与先前分组相关联的信息以及从网络计算机获得的信息中的一个或多个。 可以从网络路径的数据库中选择网络路径。 网络路径可以包括另外的策略执行点和对应的网络应用设备的订单列表。 策略执行点可以基于数据分组和基于策略的网络路径生成新的数据分组，并将新的数据分组发送到下一个策略执行点。

公开(公告)号：WO2014088741A1

公开(公告)日：2014-06-12

申请号：PCT/US2013/068345

申请日：2013-11-04

Applicant: A10 NETWORKS, INC.

Inventor： JALAN, Rajkumar ,  KAMAT, Gurudeep

IPC: H04L12/28

CPC classification number: H04L67/1002 ,  H04L45/74 ,  H04L67/10 ,  H04L67/12 ,  H04L67/32 ,  H04L67/42

Abstract: In providing packet forwarding policies in a virtual service network that includes a network node and a pool of service load balancers serving a virtual service, the network node: receives a virtual service session request from a client device, the request including a virtual service network address for the virtual service; compares the virtual service network address in the request with the virtual service network address in each of a plurality of packet forwarding policies; in response to finding a match between the virtual service network address in the request and a given virtual service network address in a given packet forwarding policy, determines the given destination in the given packet forwarding policy; and sends the request to a service load balancer in the pool of service load balancers associated with the given destination, where the service load balancer establishes a virtual service session with the client device.

Abstract translation: 在包括服务于虚拟服务的网络节点和服务负载平衡器池的虚拟服务网络中提供分组转发策略时，网络节点从客户端设备接收虚拟服务会话请求，该请求包括虚拟服务网络地址 为虚拟服务; 将请求中的虚拟服务网络地址与多个分组转发策略中的每一个中的虚拟服务网络地址进行比较; 响应于在给定分组转发策略中找到请求中的虚拟服务网络地址与给定虚拟服务网络地址之间的匹配，确定给定分组转发策略中的给定目的地; 并将请求发送到与给定目的地相关联的服务负载平衡器池中的服务负载平衡器，其中服务负载平衡器与客户端设备建立虚拟服务会话。

公开(公告)号：WO2012097015A2

公开(公告)日：2012-07-19

申请号：PCT/US2012/020847

申请日：2012-01-10

Applicant: A10 NETWORKS INC. ,  RAJKUMAR, Jalan ,  OSHIBA, Dennis

Inventor： RAJKUMAR, Jalan ,  OSHIBA, Dennis

IPC: G06F9/06 ,  G06F9/44

CPC classification number: H04L67/1008 ,  G06F9/45558 ,  G06F9/5061 ,  G06F11/1469 ,  G06F11/2025 ,  G06F11/3466 ,  G06F2009/45595 ,  H04L41/0668 ,  H04L49/70 ,  H04L67/101 ,  H04L67/1031 ,  H04L67/1034 ,  H04L67/1095 ,  H04L67/322 ,  H04L67/325

Abstract: A method for electing a master blade in a virtual application distribution chassis (VADC), includes: sending by each blade a VADC message to each of the other blades; determining by each blade that the VADC message was not received from the master blade within a predetermined period of time; in response, sending a master claim message including a blade priority by each blade to the other blades; determining by each blade whether any of the blade priorities obtained from the received master claim messages is higher than the blade priority of the receiving blade; in response to determining that none of the blade priorities obtained is higher, setting a status of a given receiving blade to a new master blade; and sending by the given receiving blade a second VADC message to the other blades indicating the status of the new master blade of the given receiving blade.

Abstract translation: 一种用于在虚拟应用分发机架（VADC）中选择主刀片的方法，包括：由每个刀片发送VADC消息给每个其他刀片; 在预定时间段内由每个刀片确定VADC消息未被从主刀片接收; 作为响应，将包括由每个刀片的刀片优先级的主要声明消息发送到其他刀片; 由每个刀片确定从所接收的主机声明消息获得的任何刀片优先级是否高于接收刀片的刀片优先级; 响应于确定没有获得的叶片优先级更高，将给定接收叶片的状态设置为新的主叶片; 并且由给定接收刀片发送第二VADC消息给另一个刀片，指示给定接收刀片的新主刀片的状态。

公开(公告)号：WO2018132146A1

公开(公告)日：2018-07-19

申请号：PCT/US2017/057722

申请日：2017-10-20

Applicant: A10 NETWORKS, INC.

Inventor： JALAN, Rajkumar ,  SAMPAT, Rishi ,  SANKAR, Swaminathan

IPC: H04L12/24 ,  G06F9/445

Abstract: Described herein are methods and systems for application aware fastpath processing over a data network. In some examples, application fastpath operates to facilitate application specific fastpath processing of data packets transferred between a client device and a server device over a network session of a data network.

公开(公告)号：WO2015164026A1

公开(公告)日：2015-10-29

申请号：PCT/US2015/022857

申请日：2015-03-26

Applicant: A10 NETWORKS, INC.

Inventor： GOLSHAN, Ali ,  SANKAR, Swaminathan ,  NATHAM, Venky

IPC: H04L5/12

CPC classification number: H04L41/0803 ,  H04L67/1023 ,  H04L67/1027 ,  H04L67/145 ,  H04L67/148 ,  H04L67/34

Abstract: Exemplary embodiments for enabling planned network changes such as an upgrade or downgrade of a network device are disclosed. The systems and methods provide for planned upgrades and downgrades for network devices without impacting existing network sessions, by utilizing two network devices simultaneously, and creating a redirect network session for a predetermined period of time. In so doing, all network traffic may be gradually transferred to the second network device, until the sessions processed by the first network device time out. The first network device can then be taken offline for upgrade or downgrade, without any disruption to the network service or loss of network traffic.

Abstract translation: 公开了用于实现诸如网络设备的升级或降级的计划的网络改变的示例性实施例。 这些系统和方法通过同时利用两个网络设备并且在预定时间段内创建重定向网络会话来提供网络设备的计划升级和降级，而不影响现有网络会话。 在这样做时，所有网络流量可能会逐渐转移到第二个网络设备，直到由第一个网络设备处理的会话超时。 然后可以将第一个网络设备脱机以进行升级或降级，而不会对网络服务造成任何中断或网络流量的丢失。

公开(公告)号：WO2015030977A1

公开(公告)日：2015-03-05

申请号：PCT/US2014/048730

申请日：2014-07-29

Applicant: A10 NETWORKS, INC.

Inventor： THOMPSON, Micheal ,  GROVES, Richard

IPC: G06F11/00

CPC classification number: H04L63/1458 ,  H04L63/1416

Abstract: Provided are methods and systems for mitigating a DDoS event. The method may comprise receiving an indication of a collapse of a collapsible virtual data circuit associated with network data traffic. In response to the received indication of the collapse, the collapse may be attributed to the DDoS event. Furthermore, the method may comprise redirecting the network data traffic to one or more DDoS mitigation services. The method may further comprise mitigating the DDoS event by the one or more DDoS mitigation services.

Abstract translation: 提供了减轻DDoS事件的方法和系统。 该方法可以包括接收与网络数据业务相关联的可折叠虚拟数据电路的崩溃的指示。 响应收到的崩溃指示，崩溃可能归因于DDoS事件。 此外，该方法可以包括将网络数据流量重定向到一个或多个DDoS缓解服务。 该方法还可以包括通过一个或多个DDoS缓解服务减轻DDoS事件。

公开(公告)号：WO2014093829A1

公开(公告)日：2014-06-19

申请号：PCT/US2013/075023

申请日：2013-12-13

Applicant: A10 NETWORKS, INC.

Inventor： JALAN, Rajkumar ,  KAMAT, Gurudeep

IPC: G06F15/173

CPC classification number: H04L47/125 ,  G06F9/45558 ,  G06F2009/45595 ,  H04L12/4641 ,  H04L41/0893 ,  H04L45/38 ,  H04L67/1002 ,  H04L67/288

Abstract: Configuration of a virtual service network by a configuring node includes: determining that the virtual service is to be configured; determining a configuration associated with the virtual service and including packet forwarding policies associated with the virtual service, each packet forwarding policy including a virtual service network address and a destination; and sending the packet forwarding policies in the configuration to a network node. The network node: stores the packet forwarding policies; receives a data packet for the virtual service and including a virtual service network address; determines a match between the virtual service network address in the data packet with the virtual service network address in a given packet forwarding policy of the stored packet forwarding policies; obtains a given destination in the given packet forwarding policy; and sends the data packet to a service load balancer associated with the given destination by the network node.

Abstract translation: 配置节点对虚拟业务网络的配置包括：确定要配置虚拟业务; 确定与所述虚拟服务相关联的配置并且包括与所述虚拟服务相关联的分组转发策略，每个分组转发策略包括虚拟服务网络地址和目的地; 并将配置中的分组转发策略发送到网络节点。 网络节点：存储数据包转发策略; 接收虚拟业务的数据包，并包括虚拟业务网络地址; 确定数据包中的虚拟服务网络地址与存储的分组转发策略的给定分组转发策略中的虚拟服务网络地址的匹配; 在给定的分组转发策略中获取给定的目的地; 并将数据分组发送到由网络节点与给定目的地相关联的业务负载平衡器。

公开(公告)号：WO2014052099A2

公开(公告)日：2014-04-03

申请号：PCT/US2013060207

申请日：2013-09-17

Applicant: A10 NETWORKS INC

Inventor： SANKAR SWAMINATHAN ,  KARAMPURWALA HASNAIN ,  GUPTA RAHUL ,  KAMAT GURUDEEP ,  SAMPAT RISHI ,  JALAN RAJKUMAR

CPC classification number: H04L47/125 ,  H04L67/101 ,  H04L67/1012 ,  H04L67/1025 ,  H04L67/1031

Abstract: Provided are methods and systems for load distribution in a data network. A method for load distribution in the data network may comprise retrieving network data associated with the data network and service node data associated with one or more service nodes. The method may further comprise analyzing the retrieved network data and service node data. Based on the analysis, a service policy may be generated. Upon receiving one or more service requests, the one or more service requests may be distributed among the service nodes according to the service policy.

Abstract translation: 提供了用于数据网络中的负载分配的方法和系统。 用于数据网络中的负载分配的方法可以包括检索与数据网络相关联的网络数据以及与一个或多个服务节点相关联的服务节点数据。 该方法可以进一步包括分析检索到的网络数据和服务节点数据。 基于该分析，可以生成服务策略。 在接收到一个或多个服务请求时，可以根据服务策略在服务节点之间分配一个或多个服务请求。