公开(公告)号：US20170324778A1

公开(公告)日：2017-11-09

申请号：US15147125

申请日：2016-05-05

Applicant: IXIA

Inventor： Scott Register ,  Shardendu Pandey ,  Glenn Chagnot ,  Deepesh Arora

IPC: H04L29/06 ,  H04L12/26

CPC classification number: H04L63/20 ,  H04L43/0864 ,  H04L43/106 ,  H04L43/16

Abstract: Latency-based timeouts are used for concurrent security processing by multiple in-line network security tools. A network system forwards secure network packets to the tools and uses latency-based timeouts with respect to the return of processed packets from the tools. Initially, the network system measures processing latencies for the tools and sets at least one timeout threshold based upon the processing latencies. The network system then receives an input packet from a network source, generates a timestamp, concurrently sends an output packet to the tools based upon the input packet, tracks return packets from the tools, and determines whether a timeout has occurred with respect to the timeout threshold based upon a difference between the timestamp and a current timestamp. If a timeout does not occur, a secure packet is forwarded to a network destination. If a timeout does occur, return packet tracking for the input packet is ended.

公开(公告)号：US10051006B2

公开(公告)日：2018-08-14

申请号：US15147125

申请日：2016-05-05

Applicant: IXIA

Inventor： Scott Register ,  Shardendu Pandey ,  Glenn Chagnot ,  Deepesh Arora

IPC: H04L29/06 ,  H04L12/26

Abstract: Latency-based timeouts are used for concurrent security processing by multiple in-line network security tools. A network system forwards secure network packets to the tools and uses latency-based timeouts with respect to the return of processed packets from the tools. Initially, the network system measures processing latencies for the tools and sets at least one timeout threshold based upon the processing latencies. The network system then receives an input packet from a network source, generates a timestamp, concurrently sends an output packet to the tools based upon the input packet, tracks return packets from the tools, and determines whether a timeout has occurred with respect to the timeout threshold based upon a difference between the timestamp and a current timestamp. If a timeout does not occur, a secure packet is forwarded to a network destination. If a timeout does occur, return packet tracking for the input packet is ended.

公开(公告)号：US10333896B2

公开(公告)日：2019-06-25

申请号：US15147174

申请日：2016-05-05

Applicant: IXIA

Inventor： Scott Register ,  Shardendu Pandey ,  Glenn Chagnot

IPC: H04L29/00 ,  H04L29/06 ,  G06F16/901 ,  H04L12/761 ,  H04L12/26

Abstract: Systems and methods provide concurrent security processing for multiple network security tools. An input packet is received at a network packet forwarding system from a network packet source, and the network packet forwarding system concurrently sends an output packet based upon the input packet to multiple security tools. Return packets are received based upon the output packet from the security tools after their respective security processing. Once return packets are received from each of the security tools, the network packet forwarding system forwards a secure packet to a packet destination. If a timeout occurs before all return packets are received, the network packet forwarding system can assume that the original packet was unsafe and discard information stored for the input packet. If security tools are configured to modify packets, these modifications can also be tracked.

公开(公告)号：US20170324708A1

公开(公告)日：2017-11-09

申请号：US15147174

申请日：2016-05-05

Applicant: IXIA

Inventor： Scott Register ,  Shardendu Pandey ,  Glenn Chagnot

IPC: H04L29/06 ,  H04L12/761 ,  H04L12/26 ,  G06F17/30

CPC classification number: H04L63/0227 ,  G06F16/9014 ,  H04L43/0864 ,  H04L45/16 ,  H04L63/20

Abstract: Systems and methods provide concurrent security processing for multiple network security tools. An input packet is received at a network packet forwarding system from a network packet source, and the network packet forwarding system concurrently sends an output packet based upon the input packet to multiple security tools. Return packets are received based upon the output packet from the security tools after their respective security processing. Once return packets are received from each of the security tools, the network packet forwarding system forwards a secure packet to a packet destination. If a timeout occurs before all return packets are received, the network packet forwarding system can assume that the original packet was unsafe and discard information stored for the input packet. If security tools are configured to modify packets, these modifications can also be tracked.