公开(公告)号：WO2014179753A3

公开(公告)日：2014-11-06

申请号：PCT/US2014/036676

申请日：2014-05-02

Applicant: A10 NETWORKS, INC.

Inventor： JALAN, Rajkumar ,  KAMAT, Gurudeep

IPC: H04L29/08

Abstract: Facilitation of secure network traffic by an application delivery controller is provided herein. In some examples, a method includes: (a) receiving a data packet with information from a client indicating that the client is a trusted source; (b) embedding in the data packet a transmission control protocol (TCP) options header, the TCP options header comprising information including at least a sequence number for a protocol connection; and (c) forwarding the embedded data packet to a server.

公开(公告)号：WO2013096019A1

公开(公告)日：2013-06-27

申请号：PCT/US2012/069026

申请日：2012-12-12

Applicant: A10 NETWORKS INC.

Inventor： JALAN, Rajkumar ,  XU, Feilong ,  SAMPAT, Rishi

IPC: H04L12/66 ,  H04L12/70

CPC classification number: H04L69/22 ,  G06F9/505 ,  H04L43/0817 ,  H04L61/00 ,  H04L61/103 ,  H04L61/1541 ,  H04L61/2007 ,  H04L61/255 ,  H04L67/00 ,  H04L67/02 ,  H04L67/1008 ,  H04L67/28 ,  H04L67/2814

Abstract: In activating a service, a service gateway retrieves a service table entry using a service or server address of the service entry, where the service table entry has an association with another service entry. An association to the service entry is added and a marker value is set to indicate associations with two service entries. After a time duration, the association with the other service entry is removed, and the marker value is changed accordingly. In deactivating a service entry, the service gateway calculates a hash value for the service or server address of the service entry. After matching the hash value to a hash value of another service entry, an association with the other service entry is added. A marker value is set to indicate associations with two service entries. After a time duration, the association with the service entry is removed, and the marker value is changed accordingly.

Abstract translation: 在激活服务时，服务网关使用服务条目的服务或服务器地址检索服务表条目，其中服务表条目具有与另一服务条目的关联。 添加与服务条目的关联，并且设置标记值以指示与两个服务条目的关联。 在一段时间之后，与其他服务条目的关联被去除，并且标记值相应地改变。 在停用服务条目时，服务网关计算服务条目的服务或服务器地址的哈希值。 将哈希值与其他服务条目的哈希值匹配后，将添加与其他服务条目的关联。 标记值被设置为指示与两个服务条目的关联。 在一段时间之后，与服务条目的关联被去除，并且标记值被相应地改变。

公开(公告)号：WO2014176461A1

公开(公告)日：2014-10-30

申请号：PCT/US2014/035365

申请日：2014-04-24

Applicant: A10 NETWORKS, INC.

Inventor： JALAN, Rajkumar ,  SZETO, Ronald Wai Lun ,  WU, Steven

IPC: G06F21/00

CPC classification number: H04L63/1466 ,  H04L63/0876 ,  H04L63/101 ,  H04L63/1458

Abstract: Network access control systems and methods are provided herein. A method includes receiving at a network device a SYN packet from a client device over a network, determining if the client device is a trusted source for the network using the SYN packet, if the client device is a trusted resource, receiving an acknowledgement (ACK) packet from the client device that includes identifying information for the client device plus an additional value, and identifying information for the network device, and establishing a connection with the network for the client device.

Abstract translation: 本文提供了网络访问控制系统和方法。 一种方法包括：在网络设备处通过网络从客户端设备接收SYN分组，确定客户端设备是否是使用SYN分组的网络的可信源，如果客户端设备是可信资源，则接收确认（ACK ）分组，其包括客户端设备的识别信息加上附加值，以及识别网络设备的信息，以及建立与客户端设备的网络的连接。

公开(公告)号：WO2014144837A1

公开(公告)日：2014-09-18

申请号：PCT/US2014/029415

申请日：2014-03-14

Applicant: A10 NETWORKS, INC.

Inventor： JALAN, Rajkumar ,  KAMAT, Gurudeep

IPC: G06F15/173

CPC classification number: H04L45/72 ,  H04L45/306 ,  H04L45/38 ,  H04L45/66

Abstract: Methods and systems are provided for processing data packets in a data network using a policy based network path. A policy enforcing point receives a data packet associated with a service session and routes it toward its destination along a network path which is determined according to data packet information and one or more packet processing criteria. The data packet information may include one or more of information associated with the packet, information associated with prior packets, and information obtained from a network computer. The network path may be selected from a database of network paths. The network path may include an order list of further policy enforcing points and corresponding network application appliances. The policy enforcing point may generate a new data packet based on the data packet and the policy based network path and send the new data packet to a next policy enforcing point.

Abstract translation: 提供了用于使用基于策略的网络路径来处理数据网络中的数据分组的方法和系统。 策略执行点接收与服务会话相关联的数据分组，并沿着根据数据分组信息和一个或多个分组处理标准确定的网络路径向其目的地路由它。 数据分组信息可以包括与分组相关联的信息，与先前分组相关联的信息以及从网络计算机获得的信息中的一个或多个。 可以从网络路径的数据库中选择网络路径。 网络路径可以包括另外的策略执行点和对应的网络应用设备的订单列表。 策略执行点可以基于数据分组和基于策略的网络路径生成新的数据分组，并将新的数据分组发送到下一个策略执行点。

公开(公告)号：WO2014088741A1

公开(公告)日：2014-06-12

申请号：PCT/US2013/068345

申请日：2013-11-04

Applicant: A10 NETWORKS, INC.

Inventor： JALAN, Rajkumar ,  KAMAT, Gurudeep

IPC: H04L12/28

CPC classification number: H04L67/1002 ,  H04L45/74 ,  H04L67/10 ,  H04L67/12 ,  H04L67/32 ,  H04L67/42

Abstract: In providing packet forwarding policies in a virtual service network that includes a network node and a pool of service load balancers serving a virtual service, the network node: receives a virtual service session request from a client device, the request including a virtual service network address for the virtual service; compares the virtual service network address in the request with the virtual service network address in each of a plurality of packet forwarding policies; in response to finding a match between the virtual service network address in the request and a given virtual service network address in a given packet forwarding policy, determines the given destination in the given packet forwarding policy; and sends the request to a service load balancer in the pool of service load balancers associated with the given destination, where the service load balancer establishes a virtual service session with the client device.

Abstract translation: 在包括服务于虚拟服务的网络节点和服务负载平衡器池的虚拟服务网络中提供分组转发策略时，网络节点从客户端设备接收虚拟服务会话请求，该请求包括虚拟服务网络地址 为虚拟服务; 将请求中的虚拟服务网络地址与多个分组转发策略中的每一个中的虚拟服务网络地址进行比较; 响应于在给定分组转发策略中找到请求中的虚拟服务网络地址与给定虚拟服务网络地址之间的匹配，确定给定分组转发策略中的给定目的地; 并将请求发送到与给定目的地相关联的服务负载平衡器池中的服务负载平衡器，其中服务负载平衡器与客户端设备建立虚拟服务会话。

公开(公告)号：WO2018013521A1

公开(公告)日：2018-01-18

申请号：PCT/US2017/041463

申请日：2017-07-11

Applicant: A10 NETWORKS, INC.

Inventor： JALAN, Rajkumar ,  SZETO, Ronald Wai Lun ,  SAMPAT, Rishi ,  LIN, Julia

IPC: G06F11/30 ,  G06F11/34 ,  G06F21/55 ,  H04L29/06

Abstract: Methods and systems are provided for automatically capturing network data for a detected anomaly. In some examples, a network node establishes a baseline usage by applying at least one baselining rule to network traffic to generate baseline statistics, detects an anomaly usage by applying at least one anomaly rule to network traffic and generating an anomaly event, and captures network data according to an anomaly event by triggering at least one capturing rule to be applied to network traffic when an associated anomaly event is generated.

Abstract translation: 提供了用于为检测到的异常自动捕获网络数据的方法和系统。 在一些示例中，网络节点通过将至少一个基线规则应用于网络流量来生成基线统计量，通过将至少一个异常规则应用于网络流量并生成异常事件来检测异常使用，并且捕获网络数据来建立基线使用 根据异常事件，通过触发至少一个捕获规则在发生相关异常事件时应用于网络流量。

公开(公告)号：WO2012170226A2

公开(公告)日：2012-12-13

申请号：PCT/US2012/039782

申请日：2012-05-27

Applicant: A10 NETWORKS INC. ,  JALAN, Rajkumar ,  OSHIBA, Dennis

Inventor： JALAN, Rajkumar ,  OSHIBA, Dennis

IPC: G06F15/16 ,  G06F9/44

CPC classification number: H04L41/084 ,  H04L29/06 ,  H04L41/0806 ,  H04L41/0816 ,  H04L67/34

Abstract: Synchronization of configuration files of a virtual application distribution chassis, includes: processing a configuration command received by a master blade; updating a first configuration file with the configuration command and an updated tag by the master blade; sending a configuration message by the master blade to the slave blades informing of the updated configuration file, the configuration message comprising the updated tag; in response to receiving the configuration message by a given slave blade of the one or more slave blades, comparing the updated tag in the configuration message with a tag in a second configuration file stored at the given slave blade; and in response to determining that the updated tag in the configuration message is more recent than the tag in the second configuration file stored at the given slave blade, sending a request for the updated configuration file to the master blade by the given slave blade.

Abstract translation: 虚拟应用分发机箱的配置文件同步包括：处理主刀片接收的配置命令; 使用配置命令更新第一配置文件和由主刀片更新的标签; 将所述主刀片的配置消息发送到所述从属刀片，通知所述更新的配置文件，所述配置消息包括所述更新的标签; 响应于由一个或多个从属刀片的给定从属刀片接收配置消息，将配置消息中的更新标签与存储在给定从属刀片上的第二配置文件中的标签进行比较; 并且响应于确定配置消息中的更新的标签比存储在给定从属刀片中的第二配置文件中的标签更新，由给定从属刀片向主刀片发送对更新的配置文件的请求。

公开(公告)号：WO2014052099A3

公开(公告)日：2014-04-03

申请号：PCT/US2013/060207

申请日：2013-09-17

Applicant: A10 NETWORKS, INC.

Inventor： SANKAR, Swaminathan ,  KARAMPURWALA, Hasnain ,  GUPTA, Rahul ,  KAMAT, Gurudeep ,  SAMPAT, Rishi ,  JALAN, Rajkumar

IPC: G06F15/177

Abstract: Provided are methods and systems for load distribution in a data network. A method for load distribution in the data network may comprise retrieving network data associated with the data network and service node data associated with one or more service nodes. The method may further comprise analyzing the retrieved network data and service node data. Based on the analysis, a service policy may be generated. Upon receiving one or more service requests, the one or more service requests may be distributed among the service nodes according to the service policy.

公开(公告)号：WO2013070391A1

公开(公告)日：2013-05-16

申请号：PCT/US2012/060317

申请日：2012-10-15

Applicant: A10 NETWORKS INC.

Inventor： JALAN, Rajkumar ,  XU, Feilong ,  KANNAN, Lalgudi Narayanan ,  SZETO, Ronald Wai Lun

IPC: H04L12/66 ,  H04L12/56 ,  H04L12/24

CPC classification number: H04L67/1027 ,  H04L12/66 ,  H04L67/10 ,  H04L67/142 ,  H04L67/28 ,  H04L67/2819

Abstract: The processing of data packets sent over a communication session between a host and a server by a service gateway, includes: processing a data packet using a current hybrid-stateful or hybrid-stateless, processing method; checking whether a hybrid-stateless, or hybrid-stateful, condition is satisfied; when the condition is satisfied, changing from a hybrid-stateful to a hybrid-stateless processing method, or vice versa, for a subsequently received data packet; and otherwise, continue processing the subsequently received data packet using the current hybrid processing method.

Abstract translation: 通过服务网关在主机与服务器之间的通信会话中发送的数据分组的处理包括：使用当前混合状态或混合无状态的处理方法处理数据分组; 检查是否满足混合无国籍或混合状态条件; 当满足条件时，对于随后接收的数据分组，从混合状态转换到混合无状态处理方法，反之亦然; 否则，使用当前的混合处理方法继续处理随后接收的数据分组。

公开(公告)号：WO2018132146A1

公开(公告)日：2018-07-19

申请号：PCT/US2017/057722

申请日：2017-10-20

Applicant: A10 NETWORKS, INC.

Inventor： JALAN, Rajkumar ,  SAMPAT, Rishi ,  SANKAR, Swaminathan

IPC: H04L12/24 ,  G06F9/445

Abstract: Described herein are methods and systems for application aware fastpath processing over a data network. In some examples, application fastpath operates to facilitate application specific fastpath processing of data packets transferred between a client device and a server device over a network session of a data network.