公开(公告)号：US20150339164A1

公开(公告)日：2015-11-26

申请号：US14813567

申请日：2015-07-30

Applicant: Citrix Systems, Inc.

Inventor： Manikam Muthiah ,  Josephine Suganthi ,  Sandeep Kamath

IPC: G06F9/50 ,  H04L29/08

CPC classification number: G06F9/5011 ,  G06F2209/5011 ,  G06F2209/504 ,  H04L47/19 ,  H04L67/1002 ,  H04L67/1025 ,  Y02D10/22

Abstract: The present disclosure is directed to a system for managing spillover via a plurality of cores of a multi-core device intermediary to a plurality of clients and one or more services. The system may include a device intermediary to a plurality of clients and one or more services. The system may include a spillover limit of a resource. The device may also include a plurality of packet engines operating on a corresponding core of a plurality of cores of the device. The system may include a pool manager allocating to each of the plurality of packet engines a number of resource uses from an exclusive quota pool and shared quota pool based on the spillover limit. The device may also include a virtual server of a packet engine of the plurality of packet engines. The virtual server manages client requests to one or more services. The device determines that the number of resources used by a packet engine of the plurality of packet engine has reached the allocated number of resource uses of the packet engine, and responsive to the determination, forwards to a backup virtual server a request of a client of the plurality of clients received by the device for the virtual server.

Abstract translation: 本公开涉及一种用于经由多核设备的多个核心对多个客户端和一个或多个服务进行管理的溢出管理系统。 该系统可以包括多个客户端的设备中介和一个或多个服务。 系统可能包括资源的溢出限制。 该设备还可以包括在设备的多个核心的相应核心上操作的多个分组引擎。 系统可以包括池管理器，其基于溢出限制，从多个分组引擎中的每一个向独占配额池和共享配额池分配多个资源使用。 该设备还可以包括多个分组引擎的分组引擎的虚拟服务器。 虚拟服务器管理对一个或多个服务的客户端请求。 该设备确定多个分组引擎的分组引擎使用的资源的数量已经达到分组引擎的分配的资源使用数量，并且响应于该确定，向备份虚拟服务器转发客户端的请求 由虚拟服务器的设备接收到的多个客户端。

公开(公告)号：US20230114298A1

公开(公告)日：2023-04-13

申请号：US17497294

申请日：2021-10-08

Applicant: Citrix Systems, Inc.

Inventor： Ankur Gupta ,  Venkata Surya Narayana raju Datla ,  Anjana P Pai ,  Premkumar SJ ,  Manikam Muthiah

IPC: H04L29/06 ,  H04L29/08

Abstract: Described embodiments provide systems and methods for identifying malicious attempts to detect vulnerabilities in an application. At least one processor may determine a mean and a standard variation of character counts of each of a plurality of characters from a plurality of sets of data. The at least one processor may determine a distance metric for each of the characters in each of the sets of data. For a corresponding set of data, the at least one processor may determine a number of outliers to determine whether the corresponding set of data is anomalous.

公开(公告)号：US20220417266A1

公开(公告)日：2022-12-29

申请号：US17398094

申请日：2021-08-10

Applicant: Citrix Systems, Inc.

Inventor： Manikam Muthiah ,  Premkumar Sj ,  Sourabh Dalodia ,  Aneesh Pradeep ,  Rajan Kumar

IPC: H04L29/06

Abstract: Systems and methods for scraping detection include a device which receives a plurality of requests from a client to extract data from a resource. The device may classify activity of the client as activity of an autonomous program based at least on a number of the plurality of requests, and one of i) one or more content types of the requests, or ii) a frequency in which the requests are received. The device may block, responsive to classification of the activity, a subsequent request from the client to extract data from the resource.

公开(公告)号：US20220029901A1

公开(公告)日：2022-01-27

申请号：US17002048

申请日：2020-08-25

Applicant: Citrix Systems, Inc.

Inventor： Andreas Varnavas ,  Satyendra Tiwari ,  Manikam Muthiah ,  Nikolaos Georgakopoulos

IPC: H04L12/26

Abstract: Described embodiments provide systems and methods for monitoring server utilization and reallocating resources using upper bound values. A device can determine a value indicative of an upper bound of a processing load of a server using data points detected for the processing load over a first range of time. The upper bound can correspond to a percentage of the processing load during the first range of time. The device can monitor, using the value, the processing load of the server over a second range of time. A determination can be made whether the value of the processing load is greater than a threshold during the second range of time. The device can generate an alert for the device responsive to a comparison of the value of the processing load to the threshold.

公开(公告)号：US20210176304A1

公开(公告)日：2021-06-10

申请号：US16705900

申请日：2019-12-06

Applicant: Citrix Systems, Inc.

Inventor： Manikam Muthiah ,  Chiradeep Vittal ,  Raghav SN ,  Sanchita Ghai ,  Vinay Shivananda

IPC: H04L29/08 ,  H04L29/06

Abstract: Disclosed herein includes a system, a method, and a device for providing persistence across applications using a content switching server. A device can receive a first request from a client for a version of an application having different versions provided by one or more servers. The device can provide access to each version of the application via different load balancing virtual servers. A content switching virtual server of the device can select a load balancing virtual server to handle the first request for the version of the application. The content switching virtual server can generate a session identifier for a session between the client and the version of the application to persist the session with the selected load balancing virtual server for subsequent requests from the client for the version of the application.

公开(公告)号：US09396330B2

公开(公告)日：2016-07-19

申请号：US13895279

申请日：2013-05-15

Applicant: Citrix Systems, Inc.

Inventor： Manikam Muthiah

IPC: H04L29/06 ,  G06F21/55 ,  H04L29/12 ,  H04L29/08

CPC classification number: G06F21/55 ,  H04L61/1511 ,  H04L61/6009 ,  H04L61/6013 ,  H04L63/10 ,  H04L63/1458 ,  H04L67/2804 ,  H04L67/2871

Abstract: The present solution reduces denial of service (DoS) attacks against dynamically generated next secure (NSEC) records. A domain name system (DNS) proxy may prevent spoofed IP addresses by forcing clients to transmit DNS queries via transmission control protocol (TCP), by replying to a user datagram protocol (UDP) DNS request with a blank or predetermined resource record with a truncation bit set to indicate that the record is too large to fit within a single UDP packet payload. Under the DNS specification, the client must re-transmit the DNS request via TCP. Upon receipt of the retransmitted request via TCP, the DNS proxy may generate fictitious neighbor addresses and a signed NSEC record and transmit the record to the client. Accordingly, the DNS Proxy need not waste time and processor cycles generating and signing records for requests from spoofed IP addresses via UDP.

Abstract translation: 本解决方案减少对动态生成的下一个安全（NSEC）记录的拒绝服务（DoS）攻击。 域名系统（DNS）代理可以通过强制客户端通过传输控制协议（TCP）传输DNS查询来防止欺骗性IP地址，通过用具有截断的空白或预定资源记录的用户数据报协议（UDP）DNS请求 位被设置为指示该记录太大以至于不能容纳在单个UDP分组有效载荷内。 在DNS规范下，客户端必须通过TCP重新发送DNS请求。 通过TCP接收到重传的请求后，DNS代理可以生成虚拟的邻居地址和签名的NSEC记录，并将记录传送给客户端。 因此，DNS代理不需要浪费时间和处理器周期，通过UDP生成和签署来自欺骗IP地址的请求的记录。

公开(公告)号：US20130315070A1

公开(公告)日：2013-11-28

申请号：US13953262

申请日：2013-07-29

Applicant: Citrix Systems, Inc.

Inventor： Manikam Muthiah ,  Raghav Somanahalli Narayana ,  Sumedh Degaonkar

IPC: H04L12/26

CPC classification number: H04L43/0876 ,  G06F9/505 ,  G06F9/5055 ,  H04L41/046 ,  H04L43/0817 ,  H04L43/0864 ,  H04L43/12

Abstract: The present invention is directed towards systems and methods for monitoring services in a multi-core system. The systems and methods distribute the monitors for a service and the ownership of a service across the cores of the multi-core device. The greater resources of the multi-core device process the workload of the monitors for the services and the workload for monitoring the states of the services more efficiently than a single packet engine on a core.

Abstract translation: 本发明涉及用于监视多核系统中的服务的系统和方法。 这些系统和方法通过多核设备的核心分配服务的监视器和服务的所有权。 多核设备的资源越多，处理服务器监视器的工作负载和工作负载，从而比核心上的单个数据包引擎更有效地监视服务状态。

公开(公告)号：US09313123B2

公开(公告)日：2016-04-12

申请号：US13951761

申请日：2013-07-26

Applicant: Citrix Systems, Inc.

Inventor： Sumedh Degaonkar ,  Manikam Muthiah

IPC: G06F15/16 ,  H04L12/741 ,  H04L29/12

CPC classification number: H04L45/74 ,  H04L29/12066 ,  H04L29/12339 ,  H04L29/12952 ,  H04L61/1511 ,  H04L61/2503 ,  H04L61/6077

Abstract: Described herein are systems and methods for improving networked communication systems by transforming IP addresses. In particular, an intermediary device disposed in a network between a plurality of clients and a plurality of servers can receive a request for a service offered at a specified domain name. The appliance can also receive a DNS-resolved primary address for a server associated with the domain name, and transform the primary address to a secondary address for the server. The address transformation can be done by the intermediary to prevent service interruption between a client and server due, for example, to server maintenance.

公开(公告)号：US20140344925A1

公开(公告)日：2014-11-20

申请号：US13895279

申请日：2013-05-15

Applicant: Citrix Systems, Inc.

Inventor： Manikam Muthiah

IPC: G06F21/55

CPC classification number: G06F21/55 ,  H04L61/1511 ,  H04L61/6009 ,  H04L61/6013 ,  H04L63/10 ,  H04L63/1458 ,  H04L67/2804 ,  H04L67/2871

Abstract: In one aspect, the present disclosure is directed to a method for reducing denial of service (DoS) attacks against dynamically generated next secure (NSEC) records. A domain name system (DNS) proxy may prevent spoofed IP addresses by forcing clients to transmit DNS queries via transmission control protocol (TCP), by replying to a user datagram protocol (UDP) DNS request with a blank or predetermined resource record with a truncation bit set to indicate that the record is too large to fit within a single UDP packet payload. Under the DNS specification, the client must re-transmit the DNS request via TCP. Upon receipt of the retransmitted request via TCP, the DNS proxy may generate fictitious neighbor addresses and a signed NSEC record and transmit the record to the client. Accordingly, the DNS Proxy need not waste time and processor cycles generating and signing records for requests from spoofed IP addresses via UDP.

Abstract translation: 一方面，本公开涉及一种用于减少对动态生成的下一个安全（NSEC）记录的拒绝服务（DoS）攻击的方法。 域名系统（DNS）代理可以通过强制客户端通过传输控制协议（TCP）传输DNS查询来防止欺骗性IP地址，通过用具有截断的空白或预定资源记录的用户数据报协议（UDP）DNS请求 位被设置为指示该记录太大以至于不能容纳在单个UDP分组有效载荷内。 在DNS规范下，客户端必须通过TCP重新发送DNS请求。 通过TCP接收到重传的请求后，DNS代理可以生成虚拟的邻居地址和签名的NSEC记录，并将记录传送给客户端。 因此，DNS代理不需要浪费时间和处理器周期，通过UDP生成和签署来自欺骗IP地址的请求的记录。

公开(公告)号：US20140304399A1

公开(公告)日：2014-10-09

申请号：US14244329

申请日：2014-04-03

Applicant: Citrix Systems, Inc.

Inventor： Aman Chaudhary ,  Manikam Muthiah

IPC: H04L12/26

CPC classification number: H04L41/5009 ,  G06F11/3006 ,  G06F11/3048 ,  G06F11/3093 ,  G06F2201/815 ,  H04L63/20

Abstract: The present application is directed towards systems and methods for providing monitoring in a cluster system. The systems and methods distribute the monitors for a service and the ownership of a service across a cluster system comprising a plurality of nodes. The nodes in the cluster can be configured to have different sets of virtual servers (sometimes referred to as “vservers”) and services. The ownership and monitoring of the services can be distributed among all the nodes in the cluster. The system can identify a service in a cluster system and identify a master node that has ownership of the service. The master node can transmit a service status update to other nodes in the cluster system.

Abstract translation: 本申请涉及用于在集群系统中提供监控的系统和方法。 所述系统和方法通过包括多个节点的集群系统分配服务的监视器和服务的所有权。 集群中的节点可以配置为具有不同的虚拟服务器集（有时称为“vserver”）和服务。 服务的所有权和监控可以在集群中的所有节点之间分配。 系统可以识别集群系统中的服务，并识别拥有该服务所有权的主节点。 主节点可以将服务状态更新发送到集群系统中的其他节点。