Method and system for optimizing a network by independently scaling control segments and data flow
원문보기
IPC분류정보
국가/구분
United States(US) Patent
등록
국제특허분류(IPC7판)
G06F-015/173
G06F-015/16
G06F-009/46
출원번호
US-0046266
(2008-03-11)
등록번호
US-8788665
(2014-07-22)
발명자
/ 주소
Gilde, Robert George
Harms, Steven Lee
출원인 / 주소
F5 Networks, Inc.
대리인 / 주소
LeClairRyan, a Professional Corporation
인용정보
피인용 횟수 :
9인용 특허 :
132
초록▼
A server array controller that includes a Data Flow Segment (DFS) and at least one Control Segment (CS). The DFS includes the hardware-optimized portion of the controller, while the CS includes the software-optimized portions. The DFS performs most of the repetitive chores including statistics gathe
A server array controller that includes a Data Flow Segment (DFS) and at least one Control Segment (CS). The DFS includes the hardware-optimized portion of the controller, while the CS includes the software-optimized portions. The DFS performs most of the repetitive chores including statistics gathering and per-packet policy enforcement (e.g. packet switching). The DFS also performs tasks such as that of a router, a switch, or a routing switch. The CS determines the translation to be performed on each flow of packets, and thus performs high-level control functions and per-flow policy enforcement. Network address translation (NAT) is performed by the combined operation of the CS and DFS. The CS and DFS may be incorporated into one or more separate blocks. The CS and DFS are independently scalable. Additionally, the functionality of either the DFS or the CS may be separately implemented in software and/or hardware.
대표청구항▼
1. A server array controller apparatus, comprising: a processor coupled to hardware logic of a data flow segment and a memory of a control segment, the hardware logic of the data flow segment configured to be capable of implementing: receiving a plurality of Internet Protocol (IP) data packets from
1. A server array controller apparatus, comprising: a processor coupled to hardware logic of a data flow segment and a memory of a control segment, the hardware logic of the data flow segment configured to be capable of implementing: receiving a plurality of Internet Protocol (IP) data packets from a client computing device requesting a resource;categorizing groups of one or more of the plurality of IP data packets into one or more data flows based on a flow signature, wherein the flow signature includes a timestamp;determining whether one of the IP data packets is associated with an existing connection to the requested resource;when the IP data packet is associated with an existing connection to the requested resource, directing the IP data packet to the requested resource; andwhen the IP data packet is not associated with an existing connection to the requested resource, sending a request for instructions for directing the IP data packet to the control segment, receiving instructions for directing the IP data packet from the control segment, and directing the IP data packet based on the instructions, wherein the processor is configured to be capable of executing programmed instructions stored in the memory of the control segment comprising: receiving the request for instructions for directing the IP data packet from the data flow segment;selecting one of a plurality of servers hosting the requested resource based on one or more load balancing factors and generating instructions for directing the IP data packet to the selected server, wherein the one or more load balancing factors comprise one or more of most active flow, least active flow, time flow opened, or most recent activity and the instructions comprise at least a destination IP address of the selected one of the plurality of servers; andproviding the instructions to the data flow segment. 2. The apparatus as set forth in claim 1 wherein the receiving instructions for directing the IP data packet from the control segment further comprises updating a flow table based on the received instructions to include a network address for the requested resource and the directing the IP data packet to the requested resource and the directing the IP data packet based on the instructions further comprise sending the IP data packet based on a network address of the requested resource stored in the flow table. 3. The apparatus as set forth in claim 1 wherein the configurable hardware logic of the data flow segment is further configured to be capable of implementing: determining whether one of the one or more data flows is active based at least in part on information stored in a flow table; andterminating the one data flow when it is determined that the one data flow is not active. 4. The apparatus as set forth in claim 1 further comprising a plurality of control segments configured to communicate with the data flow segment. 5. The apparatus as set forth in claim 4 wherein when one of the plurality of control segments is unable to process the request for instructions for directing the IP data packet, one or more other of the plurality of control segments processes the request to provide fault tolerance. 6. The apparatus as set forth in claim 4 further comprising a plurality of data flow segments, wherein a capacity of the data flow segments and a capacity of the control segments are independently scalable to add additional data flow segments to cooperate with one or more of the control segments or add additional control segments to cooperate with one or more of the data flow segments to support a scalable number of data flows between client devices and requested resources. 7. The apparatus as set forth in claim 1 wherein the processor is further configured to be capable of executing programmed instructions stored in the memory of the control segment further comprising performing control and policy enforcement actions for each data flow and the data flow segment is further configured to be capable of implementing collecting information regarding each flow including metrics and statistics. 8. A method for directing communications over a network, comprising: receiving, with a hardware logic data flow segment of a server array controller, a plurality of Internet Protocol (IP) data packets from a client computing device requesting a resource;categorizing groups of one or more of the plurality of IP data packets into one or more data flows based on a flow signature, wherein the flow signature includes a timestamp;determining, with the data flow segment, whether one of the IP data packets is associated with an existing connection to the requested resource;when the IP data packet is associated with an existing connection to the requested resource, directing, with the data flow segment, the IP data packet to the requested resource; andwhen the IP data packet is not associated with an existing connection to the requested resource: sending, with the data flow segment, a request for instructions for directing the IP data packet to a control segment of the server array controller;selecting, with the control segment, one of a plurality of servers hosting the requested resource based on one or more load balancing factors and generating instructions for directing the IP data packet to the selected server, wherein the one or more load balancing factors comprise one or more of most active flow, least active flow, time flow opened, or most recent activity and the instructions comprise at least a destination IP address of the selected one of the plurality of servers;providing, with the control segment, the instructions to the IP data flow segment; anddirecting, with the data flow segment, in response to receiving the instructions, the IP data packet to the one of the plurality of resources based on the instructions. 9. The method as set forth in claim 8 wherein the receiving instructions for directing the IP data packet from the control segment further comprises updating a flow table based on the received instructions to include a network address for the requested resource and the directing the IP data packet to the requested resource and the directing the IP data packet based on the instructions further comprise sending the IP data packet based on a network address of the requested resource stored in the flow table. 10. The method as set forth in claim 8, further comprising: determining, with the data flow segment, whether one of the one or more data flows is active based at least in part on information stored in a flow table; andterminating, with the data flow segment, the one data flow when it is determined that the one data flow is not active. 11. The method as set forth in claim 8 wherein the control segment comprises a plurality of control segments configured to communicate with the data flow segment. 12. The method as set forth in claim 11 wherein when one of the plurality of control segments is unable to process the request for instructions for directing the IP data packet, one or more other of the plurality of control segments processes the request to provide fault tolerance. 13. The method as set forth in claim 11 wherein the data flow segment further comprises a plurality of data flow segments and a capacity of the data flow segments and a capacity of the control segments are independently scalable to add additional data flow segments to cooperate with one or more of the plurality of control segments or add additional control segments to cooperate with one or more of the plurality of data flow segments to support a scalable number of data flows between client devices and requested resources. 14. The method as set forth in claim 8, further comprising: performing, with the control segment, control and policy enforcement actions for each data flow; andcollecting, with the data flow segment, information regarding each flow including metrics and statistics. 15. A non-transitory computer readable medium having stored thereon instructions for directing communications over a network comprising machine executable code which when executed by at least one processor, causes the processor to perform steps comprising: receiving, from a hardware logic data flow segment of a server array controller, a request for instructions for directing an Internet Protocol (IP) data packet received from a client device requesting a resource, wherein the IP data packet is not associated with an existing connection to the requested resource and the data flow segment is further configured to receive a plurality of IP data packets and categorize groups of one of more of the plurality of IP data packets into one or more data flows based on a flow signature;selecting, in response to receiving the request for instructions for directing the IP data packet, one of a plurality of servers hosting the requested resource based on one or more load balancing factors and generating instructions for directing the IP data packet to the selected server, wherein the one or more load balancing factors comprise one or more of most active flow, least active flow, time flow opened, or most recent activity and the instructions comprise at least a destination IP address of the selected one of the plurality of servers; andproviding the instructions to the data flow segment, wherein the data flow segment is configured to direct the IP data packet to the one of the plurality of resources based on the instructions. 16. The medium as set forth in claim 15 wherein the control segment comprises a plurality of control segments configured to communicate with the data flow segment. 17. The medium as set forth in claim 16 wherein when one of the plurality of control segments is unable to process the request for instructions for directing the IP data packet, one or more other of the plurality of control segments processes the request to provide fault tolerance. 18. The medium as set forth in claim 16 wherein the data flow segment further comprises a plurality of data flow segments and a capacity of the data flow segments and a capacity of the control segments are independently scalable to add additional data flow segments to cooperate with one or more of the control segments or add additional control segments to cooperate with one or more of the data flow segments to support a scalable number of data flows between client devices and requested resources. 19. The medium as set forth in claim 15 further having stored thereon instructions comprising machine executable code which when executed by the at least one processor, causes the processor to perform steps further comprising performing control and policy enforcement actions for each data flow. 20. A system for directing communications over a network, comprising: one or more server array controllers each comprising a processor coupled to configurable hardware logic of one or more data flow segments and a memory of each of a plurality of control segments, the configurable hardware logic of the data flow segments configured to be capable of implementing: receiving a plurality of Internet Protocol (IP) data packets from a client computing device requesting a resource;categorizing groups of one or more of the plurality of IP data packets into one or more data flows based on a flow signature, wherein the flow signature includes a timestamp;determining whether one of the IP data packets is associated with an existing connection to the requested resource;when the IP data packet is associated with an existing connection to the requested resource, directing the IP data packet to the requested resource; andwhen the IP data packet is not associated with an existing connection to the requested resource, sending a request for instructions for directing the IP data packet to at least one of the plurality of control segments of the one or more server array controllers, receiving instructions for directing the IP data packet from at least one of the plurality of control segments, and directing the IP data packet based on the instructions, wherein the processor is configured to be capable of executing programmed instructions stored in the memory of each of the control segments comprising: selecting, in response to receiving a request from one or more of the data flow segments, one of a plurality of servers hosting the requested resource based on one or more load balancing factors and generating instructions for directing the IP data packet to the selected server, wherein the one or more load balancing factors comprise one or more of most active flow, least active flow, time flow opened, or most recent activity and the instructions comprise at least a destination IP address of the selected one of the plurality of servers; andproviding the instructions to the requesting data flow segment. 21. The system as set forth in claim 20 wherein the receiving instructions for directing the IP data packet from the at least one of the plurality of the control segments further comprises updating a flow table based on the received instructions to include a network address for the requested resource and the directing the IP data packet to the requested resource and the directing the IP data packet based on the instructions further comprise sending the IP data packet based on a network address of the requested resource stored in the flow table. 22. The system as set forth in claim 20 wherein the configurable hardware logic of the one or more data flow segments is further configured to be capable of implementing: determining whether one of the one or more data flows is active based at least in part on information stored in a flow table; andterminating the one data flow when it is determined that the one data flow is not active. 23. The system as set forth in claim 20 wherein when one of the plurality of control segments is unable to process the request for instructions for directing the IP data packet, one or more other of the plurality of control segments processes the request to provide fault tolerance. 24. The system as set forth in claim 20 wherein the one or more data flow segments comprises a plurality of data flow segments, wherein a capacity of the data flow segments and a capacity of the control segments are independently scalable to add additional data flow segments to cooperate with one or more of the control segments or add additional control segments to cooperate with one or more of the data flow segments to support a scalable number of data flows between client devices and requested resources. 25. The system as set forth in claim 20 wherein the processor is further configured to be capable of executing programmed instructions stored in the memory of each of the control segments further comprising performing control and policy enforcement actions for each data flow and the one or more data flow segments are further configured to be capable of implementing collecting information regarding each flow including metrics and statistics.
연구과제 타임라인
LOADING...
LOADING...
LOADING...
LOADING...
LOADING...
이 특허에 인용된 특허 (132)
Morita, Yoichiro; Nakae, Masayuki, Access control system, access control method, and access control program.
Susai, Michel K.; Sinha, Rajiv; Shetty, Anil, Apparatus, method and computer program product for efficiently pooling connections between clients and servers.
Sohn Sung Won,KRX ; Doh Yoon Mi,KRX ; Kim Jong Oh,KRX, Asynchronous transfer mode (ATM) layer function processing apparatus with an enlarged structure.
Sathaye Shirish S. (North Chelmsford MA) Hannigan Brendan (West Newton MA) Hawe William R. (Pepperell MA), Automatic assignment of addresses in a computer communications network.
Yang Henry S. (Andover MA) Sathaye Shirish S. (North Chelmsford MA) Ben-Nun Michael (Jerusalem ILX) De-Leon Moshe (Jerusalem ILX) Ben-Michael Simoni (Givaat Zeev ILX), Buffer descriptor prefetch in network and I/O design.
Fitzgerald Albion J. (Ridgewood NJ) Fitzgerald Joseph J. (New Paltz NY), Distributed computer network including hierarchical resource information structure and related method of distributing re.
Dobbins Kurt ; Grant Thomas A. ; Ruffen David J. ; Kane Laura ; Len Theodore ; Andlauer Philip ; Bahi David H. ; Yohe Kevin ; Fee Brendan ; Oliver Chris ; Cullerot David L. ; Skubisz Michael, Distributed connection-oriented services for switched communications networks.
Shi Shaw-Ben ; Ault Michael Bradford ; Plassmann Ernst Robert ; Rich Bruce Arland ; Rosiles Mickella Ann ; Shrader Theodore Jack London, Distributed file system web server user authentication with cookies.
Couland Ghislaine,FRX ; Hunt Guerney Douglass Holloway ; Levy-Abegnoli Eric Michel,FRX ; Jean-Marie Mauduit Daniel Georges,FRX, Distributed scalable device for selecting a server from a server cluster and a switched path to the selected server.
Albert, Mark; Howes, Richard A.; Jordan, James A.; Kersey, Edward A.; LeBlanc, William M.; Menditto, Louis F.; O'Rourke, Chris; Tiwari, Pranav Kumar; Tsang, Tzu-Ming, Handling packet fragments in a distributed network service environment.
Tokuyo, Masanaga; Nakagawa, Itaru; Chikuma, Satoru; Fujino, Nobutsugu; Taniguchi, Tetsuya; Hisanaga, Takanori; Chikada, Michiyasu; Kuwata, Daisuke, IP router device having a TCP termination function and a medium thereof.
Daniel Arthur A. (Rochester MN) Moore Robert E. (Durham NC) Anderson Catherine J. (Raleigh NC) Gelm Thomas J. (Raleigh NC) Kiter Raymond F. (Poughkeepsie NY) Meeham John P. (Raleigh NC) Stevenson Joh, Method and apparatus for communication network alert message construction.
Pani, Diana; Marinier, Paul; Cave, Christopher R., Method and apparatus for layer 2 processing and creation of protocol data units for wireless communications.
Attanasio Clement R. (Peekskill NY) Smith Stephen E. (Mahopac NY), Method and apparatus for making a cluster of computers appear as a single host on a network.
Walter A. Hubis ; William G. Deitz, Method and system for controlling access share storage devices in a network environment by configuring host-to-volume mapping data structures in the controller memory for granting and denying access .
Colby Steven ; Krawczyk John J. ; Nair Raj Krishnan ; Royce Katherine ; Siegel Kenneth P. ; Stevens Richard C. ; Wasson Scott, Method and system for directing a flow between a client and a server.
Pardee,Peter; Dillon,Douglas; Border,John; Bartlett,Nigel, Method and system for integrating performance enhancing functions in a virtual private network (VPN).
Linville John Walter ; Makrucki Brad Alan ; Suffern Edward Stanley ; Warren Jeffrey Robert, Method and system for monitoring and controlling data flow in a network congestion state by changing each calculated pause time by a random amount.
Leighton Frank T. (459 Chestnut Hill Ave. Newtonville MA) Micali Silvio (459 Chestnut Hill Ave. Brookline MA 02146), Method for enabling users of a cryptosystem to generate and use a private pair key for enciphering communications betwee.
Zhang,Hui; de la Iglesia,Erik; Gomez,Miguel; Liu,Liang; Lowe,Rick K.; Wallace,Mark Aaron; Wang,Wei, Method of and system for allocating resources to resource requests.
Choquier Philippe,FRX ; Peyroux Jean-Francios ; Griffin William J., Method of redirecting a client service session to a second application server without interrupting the session by forwa.
Albert, Mark; Howes, Richard A.; Jordan, James A.; Kersey, Edward A.; LeBlanc, William M.; McGuire, Jacob Mark; Menditto, Louis F.; O'Rourke, Chris; Tiwari, Pranav Kumar; Tsang, Tzu-Ming, Network address translation using a forwarding agent.
Allen, Jr., James Johnson; Bass, Brian Mitchell; Calvignac, Jean Louis; Gaur, Santosh Prasad; Heddes, Marco C.; Siegel, Michael Steven; Verplanken, Fabrice Jean, Network processor interface for building scalable switching systems.
Cummings Kevin D. (Phoenix AZ) Johnson William A. (Paradise Valley AZ) Laird Daniel L. (Madison WI), Pattern writing method during X-ray mask fabrication.
Wright,Michael; Boucher,Peter; Nault,Gabe; Smith,Merrill; Jacobson,Sterling K; Wood,Jonathan; Mims,Robert, Protection of data accessible by a mobile device.
Allen, Jr., James Johnson; Bass, Brian Mitchell; Davis, Gordon Taylor; Jeffries, Clark Debs; Nair, Jitesh Ramachandran; Sabhikhi, Ravinder Kumar; Siegel, Michael Steven; Yedavalli, Rama Mohan, Retro flow control for arriving traffic in computer networks.
Arora Sanjeev (Berkeley CA) Knight ; Jr. Thomas F. (Belmont MA) Leighton Frank T. (Newton Center MA) Maggs Bruce M. (Princeton NJ) Upfal Eliezer (Palo Alto CA), Switching networks with expansive and/or dispersive logical clusters for message routing.
Labio,Wilburt Juan; Nguyen,Giao Thanh; Liu,Winston Wencheng; Manku,Gurmeet Singh, System and method for optimizing access to information in peer-to-peer computer networks.
Bommareddy, Satish; Kale, Makarand; Chaganty, Srinivas, System and method for routing message traffic using a cluster of routers sharing a single logical IP address distinct from unique IP addresses of the routers.
Chang Albert (Austin TX) Neuman Grover H. (Austin TX) Shaheen-Gouda Amal A. (Austin TX) Smith Todd A. (Austin TX), System and method for using cached data at a local node after re-opening a file at a remote node in a distributed networ.
Pitts William M. (780 Mora Dr. Los Altos CA 94024), System for accessing distributed data cache channel at each network node to pass requests and data.
O'Toole, Jr.,James W., System using idle connection metric indicating a value based on connection characteristic for performing connection drop sequence.
Rao, Goutham P.; Rodriguez, Robert; Brueggemann, Eric, Systems and methods for communicating a lossy protocol via a lossless protocol using false acknowledgements.
Short, Joel E.; Delley, Frederic; Logan, Mark F.; Pagan, Florence C. I., Systems and methods for redirecting users having transparent computer access to a network using a gateway device having redirection capability.
Cappiello,Scott; Du,Yi; Le,Dyung V.; Li,Benjamin Z.; Li,Wenfeng; Polana,Ramprasad; Vinton,Patrick, Technique for handling server session requests in a system having a plurality of servers.
Brown Charles Allan ; Burns John Martin ; Nagaraj Holavanahally Seshachar ; O'Neill James Joseph ; Ullah Muhammad Inayet ; Volpe Leo ; Wendt Herman Russell, Vacuum baking process.
Brendel Juergen ; Kring Charles J. ; Liu Zaide ; Marino Christopher C., World-wide-web server with delayed resource-binding for resource-based load balancing on a distributed resource multi-n.
Stanfill, Craig W.; Shapiro, Richard; Weiss, Adam; Roberts, Andrew F.; Wholey, III, Joseph Skeffington; Gould, Joel; Kukolich, Stephen A., Executing graph-based program specifications.
Rovniaguin, Dmitry; Dan, Ephraim; Talmor, Ron, Methods for identifying network traffic characteristics to correlate and manage one or more subsequent flows and devices thereof.
Thornewell, Peter M.; Zheng, Songbo; Moshiri, Nojan; Kushi, David; Cano, Charles, Methods for preserving flow state during virtual machine migration and devices thereof.
Thirasuttakorn, Nat; Haworth, Jason; Burns, Brandon; Smith, Ian Michael, System and method for on the fly protocol conversion in obtaining policy enforcement information.
※ AI-Helper는 부적절한 답변을 할 수 있습니다.