System and method for reducing CPU load in processing PPP packets on a SSL-VPN tunneling device
원문보기
IPC분류정보
국가/구분
United States(US) Patent
등록
국제특허분류(IPC7판)
H04L-012/26
H04L-029/08
출원번호
US-0234797
(2011-09-16)
등록번호
US-8804504
(2014-08-12)
발명자
/ 주소
Chen, Jonathan
출원인 / 주소
F5 Networks, Inc.
대리인 / 주소
LeClairRyan, a Professional Corporation
인용정보
피인용 횟수 :
21인용 특허 :
135
초록▼
A system and method for reducing processing load on an encapsulated data packet transmitted over a virtual private network. The method includes handling an initial encapsulated data packet to be transmitted over an established VPN tunnel connection to a receiving device, the initial encapsulated dat
A system and method for reducing processing load on an encapsulated data packet transmitted over a virtual private network. The method includes handling an initial encapsulated data packet to be transmitted over an established VPN tunnel connection to a receiving device, the initial encapsulated data packet having a Layer 2 (L2) protocol header, an IP data packet and at least one framing element; removing the at least one framing element; removing the L2 protocol header; appending an alternate L2 encapsulated protocol header to the IP data packet to generate a modified encapsulated data packet, wherein the alternate header contains information of the IP data packet; and sending the modified encapsulated data packet to the receiving device, wherein the alternate encapsulated protocol header allows the receiving device to handle the IP data packet using less computational resources in comparison to receiving the initial encapsulated data packet.
대표청구항▼
1. A method of reducing processing required to transmit a data packet over a virtual private network, the method comprising: receiving, at a network transmitting device, an initial encapsulated data packet to be transmitted over an established Virtual Private Network (VPN) tunnel connection to a rec
1. A method of reducing processing required to transmit a data packet over a virtual private network, the method comprising: receiving, at a network transmitting device, an initial encapsulated data packet to be transmitted over an established Virtual Private Network (VPN) tunnel connection to a receiving device;removing, at the network transmitting device, from the initial encapsulated data packet, a Layer 2 (L2) protocol header and at least one framing element selected from a front end delimiter or a back end delimiter;appending, at the network transmitting device, an alternate encapsulated protocol header to an Internet Protocol (IP) data packet of the initial encapsulated data packet to generate a modified encapsulated data packet, wherein the alternate encapsulated protocol header contains processing information for the IP data packet, the processing information comprising at least a payload length of the IP data packet; andsending, with the network transmitting device, the modified encapsulated data packet to the receiving device over the VPN tunnel connection, wherein the alternate encapsulated protocol header is configured to allow the receiving device to handle the IP data packet in the modified encapsulated data packet using less computational resources in comparison to handling the initial encapsulated data packet. 2. The method of claim 1, wherein the encapsulated protocol header further comprises one or more components selected from a type component, a length component, or a value component. 3. The method of claim 2, wherein the one or more components comprise a Length-Type-Value (LTV) element and the LTV element is in a binary format. 4. The method of claim 2, wherein the type component indicates a type of field of a message represented by the IP data packet, the length component indicates a size of a value field of the IP data packet, and the value component indicates a set of bytes that contain data identifying a type of information included in the IP data packet. 5. The method of claim 1, wherein the at least one framing element is further selected from a checksum frame. 6. The method of claim 1, wherein the L2 protocol is a Point-to-Point (PPP) protocol. 7. A non-transitory machine readable medium having stored thereon instructions for reducing processing required to transmit a data packet over a virtual private network, the medium comprising machine executable code which when executed by at least one machine, causes the machine to: receive an initial encapsulated data packet to be transmitted over an established Virtual Private Network (VPN) tunnel connection to a receiving device;remove from the initial encapsulated data packet, a Layer 2 (L2) protocol header and at least one framing element selected from a front end delimiter or a back end delimiter;append an alternate encapsulated protocol header to an Internet Protocol (IP) data packet of the initial encapsulated data packet to generate a modified encapsulated data packet, wherein the alternate encapsulated protocol header contains processing information for the IP data packet, the processing information comprising at least a payload length of the IP data packet; andsend the modified encapsulated data packet to the receiving device over the VPN tunnel connection, wherein the alternate encapsulated protocol header is configured to allow the receiving device to handle the IP data packet in the modified encapsulated data packet using less computational resources in comparison to handling the initial encapsulated data packet. 8. The machine readable medium of claim 7, wherein the encapsulated protocol header further comprises one or more components selected from a type component, a length component, or a value component. 9. The machine readable medium of claim 8, wherein the one or more components comprise a Length-Type-Value (LTV) element and the LTV element is in a binary format. 10. The machine readable medium of claim 8, wherein the type component indicates a type of field of a message represented by the IP data packet, the length component indicates a size of a value field of the IP data packet, and the value component indicates a set of bytes that contain data identifying a type of information included in the IP data packet. 11. The machine readable medium of claim 7, wherein the at least one framing element is further selected from a checksum frame. 12. The machine readable medium of claim 7, wherein the L2 protocol is a Point-to-Point (PPP) protocol. 13. A network device comprising: a memory storing an application module having one or more programming instructions; anda processor configured execute the application module, which when executed by the processor, causes the processor to:receive an initial encapsulated data packet to be transmitted over an established Virtual Private Network (VPN) tunnel connection to a receiving device;remove from the initial encapsulated data packet, a Layer 2 (L2) protocol header and at least one framing element selected from a front end delimiter or a back end delimiter;append an alternate encapsulated protocol header to an Internet Protocol (IP) data packet of the initial encapsulated data packet to generate a modified encapsulated data packet, wherein the alternate encapsulated protocol header contains processing information for the IP data packet, the processing information comprising at least a payload length of the IP data packet; andsend the modified encapsulated data packet to the receiving device over the VPN tunnel connection, wherein the alternate encapsulated protocol header is configured to allow the receiving device to handle the IP data packet in the modified encapsulated data packet using less computational resources in comparison to handling the initial encapsulated data packet. 14. The network device of claim 13, wherein the encapsulated protocol header further comprises one or more components selected from a type component, a length component, or a value component. 15. The network device of claim 14, wherein the one or more components comprise a Length-Type-Value (LTV) element and the LTV element is in a binary format. 16. The network device of claim 14, wherein the type component indicates a type of field of a message represented by the IP data packet, the length component indicates a size of a value field of the IP data packet, and the value component indicates a set of bytes that contain data identifying a type of information included in the IP data packet. 17. The network device of claim 13, wherein the at least one framing element is further selected from a checksum frame. 18. The network device of claim 13, wherein the L2 protocol is a Point-to-Point (PPP) protocol.
연구과제 타임라인
LOADING...
LOADING...
LOADING...
LOADING...
LOADING...
이 특허에 인용된 특허 (135)
Morita, Yoichiro; Nakae, Masayuki, Access control system, access control method, and access control program.
Susai, Michel K.; Sinha, Rajiv; Shetty, Anil, Apparatus, method and computer program product for efficiently pooling connections between clients and servers.
Sohn Sung Won,KRX ; Doh Yoon Mi,KRX ; Kim Jong Oh,KRX, Asynchronous transfer mode (ATM) layer function processing apparatus with an enlarged structure.
Sathaye Shirish S. (North Chelmsford MA) Hannigan Brendan (West Newton MA) Hawe William R. (Pepperell MA), Automatic assignment of addresses in a computer communications network.
Yang Henry S. (Andover MA) Sathaye Shirish S. (North Chelmsford MA) Ben-Nun Michael (Jerusalem ILX) De-Leon Moshe (Jerusalem ILX) Ben-Michael Simoni (Givaat Zeev ILX), Buffer descriptor prefetch in network and I/O design.
Fitzgerald Albion J. (Ridgewood NJ) Fitzgerald Joseph J. (New Paltz NY), Distributed computer network including hierarchical resource information structure and related method of distributing re.
Dobbins Kurt ; Grant Thomas A. ; Ruffen David J. ; Kane Laura ; Len Theodore ; Andlauer Philip ; Bahi David H. ; Yohe Kevin ; Fee Brendan ; Oliver Chris ; Cullerot David L. ; Skubisz Michael, Distributed connection-oriented services for switched communications networks.
Shi Shaw-Ben ; Ault Michael Bradford ; Plassmann Ernst Robert ; Rich Bruce Arland ; Rosiles Mickella Ann ; Shrader Theodore Jack London, Distributed file system web server user authentication with cookies.
Couland Ghislaine,FRX ; Hunt Guerney Douglass Holloway ; Levy-Abegnoli Eric Michel,FRX ; Jean-Marie Mauduit Daniel Georges,FRX, Distributed scalable device for selecting a server from a server cluster and a switched path to the selected server.
Albert, Mark; Howes, Richard A.; Jordan, James A.; Kersey, Edward A.; LeBlanc, William M.; Menditto, Louis F.; O'Rourke, Chris; Tiwari, Pranav Kumar; Tsang, Tzu-Ming, Handling packet fragments in a distributed network service environment.
Tokuyo, Masanaga; Nakagawa, Itaru; Chikuma, Satoru; Fujino, Nobutsugu; Taniguchi, Tetsuya; Hisanaga, Takanori; Chikada, Michiyasu; Kuwata, Daisuke, IP router device having a TCP termination function and a medium thereof.
Daniel Arthur A. (Rochester MN) Moore Robert E. (Durham NC) Anderson Catherine J. (Raleigh NC) Gelm Thomas J. (Raleigh NC) Kiter Raymond F. (Poughkeepsie NY) Meeham John P. (Raleigh NC) Stevenson Joh, Method and apparatus for communication network alert message construction.
Potter, Kenneth H.; Burns, Barry S., Method and apparatus for controlling packet header buffer wrap around in a forwarding engine of an intermediate network node.
Attanasio Clement R. (Peekskill NY) Smith Stephen E. (Mahopac NY), Method and apparatus for making a cluster of computers appear as a single host on a network.
Walter A. Hubis ; William G. Deitz, Method and system for controlling access share storage devices in a network environment by configuring host-to-volume mapping data structures in the controller memory for granting and denying access .
Colby Steven ; Krawczyk John J. ; Nair Raj Krishnan ; Royce Katherine ; Siegel Kenneth P. ; Stevens Richard C. ; Wasson Scott, Method and system for directing a flow between a client and a server.
Linville John Walter ; Makrucki Brad Alan ; Suffern Edward Stanley ; Warren Jeffrey Robert, Method and system for monitoring and controlling data flow in a network congestion state by changing each calculated pause time by a random amount.
Leighton Frank T. (459 Chestnut Hill Ave. Newtonville MA) Micali Silvio (459 Chestnut Hill Ave. Brookline MA 02146), Method for enabling users of a cryptosystem to generate and use a private pair key for enciphering communications betwee.
Zhang,Hui; de la Iglesia,Erik; Gomez,Miguel; Liu,Liang; Lowe,Rick K.; Wallace,Mark Aaron; Wang,Wei, Method of and system for allocating resources to resource requests.
Choquier Philippe,FRX ; Peyroux Jean-Francios ; Griffin William J., Method of redirecting a client service session to a second application server without interrupting the session by forwa.
Albert, Mark; Howes, Richard A.; Jordan, James A.; Kersey, Edward A.; LeBlanc, William M.; McGuire, Jacob Mark; Menditto, Louis F.; O'Rourke, Chris; Tiwari, Pranav Kumar; Tsang, Tzu-Ming, Network address translation using a forwarding agent.
Allen, Jr., James Johnson; Bass, Brian Mitchell; Calvignac, Jean Louis; Gaur, Santosh Prasad; Heddes, Marco C.; Siegel, Michael Steven; Verplanken, Fabrice Jean, Network processor interface for building scalable switching systems.
Cummings Kevin D. (Phoenix AZ) Johnson William A. (Paradise Valley AZ) Laird Daniel L. (Madison WI), Pattern writing method during X-ray mask fabrication.
Wright,Michael; Boucher,Peter; Nault,Gabe; Smith,Merrill; Jacobson,Sterling K; Wood,Jonathan; Mims,Robert, Protection of data accessible by a mobile device.
Allen, Jr., James Johnson; Bass, Brian Mitchell; Davis, Gordon Taylor; Jeffries, Clark Debs; Nair, Jitesh Ramachandran; Sabhikhi, Ravinder Kumar; Siegel, Michael Steven; Yedavalli, Rama Mohan, Retro flow control for arriving traffic in computer networks.
Arora Sanjeev (Berkeley CA) Knight ; Jr. Thomas F. (Belmont MA) Leighton Frank T. (Newton Center MA) Maggs Bruce M. (Princeton NJ) Upfal Eliezer (Palo Alto CA), Switching networks with expansive and/or dispersive logical clusters for message routing.
Liu, Fu-Hua; Cheng, Shih-An; Chang, Chen-Huei; Lee, Chih-Ping, System and method for determining a connectionless communication path for communicating audio data through an address and port translation device.
Labio,Wilburt Juan; Nguyen,Giao Thanh; Liu,Winston Wencheng; Manku,Gurmeet Singh, System and method for optimizing access to information in peer-to-peer computer networks.
Bommareddy, Satish; Kale, Makarand; Chaganty, Srinivas, System and method for routing message traffic using a cluster of routers sharing a single logical IP address distinct from unique IP addresses of the routers.
Chang Albert (Austin TX) Neuman Grover H. (Austin TX) Shaheen-Gouda Amal A. (Austin TX) Smith Todd A. (Austin TX), System and method for using cached data at a local node after re-opening a file at a remote node in a distributed networ.
Pitts William M. (780 Mora Dr. Los Altos CA 94024), System for accessing distributed data cache channel at each network node to pass requests and data.
O'Toole, Jr.,James W., System using idle connection metric indicating a value based on connection characteristic for performing connection drop sequence.
Short, Joel E.; Delley, Frederic; Logan, Mark F.; Pagan, Florence C. I., Systems and methods for redirecting users having transparent computer access to a network using a gateway device having redirection capability.
Cappiello,Scott; Du,Yi; Le,Dyung V.; Li,Benjamin Z.; Li,Wenfeng; Polana,Ramprasad; Vinton,Patrick, Technique for handling server session requests in a system having a plurality of servers.
Brown Charles Allan ; Burns John Martin ; Nagaraj Holavanahally Seshachar ; O'Neill James Joseph ; Ullah Muhammad Inayet ; Volpe Leo ; Wendt Herman Russell, Vacuum baking process.
Brendel Juergen ; Kring Charles J. ; Liu Zaide ; Marino Christopher C., World-wide-web server with delayed resource-binding for resource-based load balancing on a distributed resource multi-n.
Nakata, Megumi; Fujiwara, Takeshi, Communication device, management device, processing method, and computer-readable recording medium having processing program stored therein.
Rovniaguin, Dmitry; Dan, Ephraim; Talmor, Ron, Methods for identifying network traffic characteristics to correlate and manage one or more subsequent flows and devices thereof.
Rovniaguin, Dmitry; Dan, Ephraim; Talmor, Ron, Methods for identifying network traffic characteristics to correlate and manage one or more subsequent flows and devices thereof.
Thornewell, Peter M.; Zheng, Songbo; Moshiri, Nojan; Kushi, David; Cano, Charles, Methods for preserving flow state during virtual machine migration and devices thereof.
Thirasuttakorn, Nat; Haworth, Jason; Burns, Brandon; Smith, Ian Michael, System and method for on the fly protocol conversion in obtaining policy enforcement information.
※ AI-Helper는 부적절한 답변을 할 수 있습니다.