Minimize recycle SYN issues for split TCP hot flows to improve system reliability and performance
원문보기
IPC분류정보
국가/구분
United States(US) Patent
등록
국제특허분류(IPC7판)
G06F-015/173
H04L-012/801
H04L-012/851
출원번호
US-0461675
(2012-05-01)
등록번호
US-9525632
(2016-12-20)
발명자
/ 주소
Cai, Hao
Szabo, Paul Imre
Thornewell, Peter M.
Michels, Timothy Scott
출원인 / 주소
F5 Networks, Inc.
대리인 / 주소
Branch, John W.
인용정보
피인용 횟수 :
0인용 특허 :
76
초록▼
Embodiments are directed towards employing a packet traffic management device that has a split data flow segment (“DFS”) and control segment (“CS”) to determine if a connection flow update provided by the DFS to the CS is valid. The CS may be utilized to establish connection flows at the DFS based o
Embodiments are directed towards employing a packet traffic management device that has a split data flow segment (“DFS”) and control segment (“CS”) to determine if a connection flow update provided by the DFS to the CS is valid. The CS may be utilized to establish connection flows at the DFS based on connection flow requests. The CS may generate a connection flow identifier (“CFID”) for a connection flow request. The CS may cache the CFID at the CS. The CS may establish a connection flow at the DFS based at least on the connection flow request and the CFID. After a connection flow is established, a DFS may provide a connection flow update and a corresponding CFID to the CS. The CS may determine that the connection flow update is valid if the corresponding CFID matches the CFID cached at the CS.
대표청구항▼
1. A method for managing communication over a network, comprising the actions of: providing a connection flow request to a traffic management device (“TMD”) that is operative to manage communication between at least one client device and at least one server device, wherein the TMD includes a control
1. A method for managing communication over a network, comprising the actions of: providing a connection flow request to a traffic management device (“TMD”) that is operative to manage communication between at least one client device and at least one server device, wherein the TMD includes a control segment (“CS”) that handles at least one flow of control communication and two or more data flow segments (“DFS”) that separately maintain an incoming direction and an outgoing direction for a flow of data communication;employing the TMD to generate an identifier that corresponds to a connection flow based on the connection flow request, wherein the identifier is separate from a connection flow signature of the connection flow, and wherein the CS caches the identifier and provides the identifier to the two or more DFSs;employing the CS to establish the connection flow between a client device and a server device that is based at least on the identifier and the connection flow request, wherein the two or more DFSs store the identifier separately from the CS;employing the two or more DFSs to provide an update to the connection flow and the separately stored identifier to the CS;comparing the identifier provided by the two or more DFSs to the CS to the identifier cached at the CS, wherein a match indicates the update is valid and a difference indicates the update is invalid; anddetermining when the update is valid based on the comparison of the identifier provided by the two or more DFSs to the CS and the identifier cached at the CS, wherein a validated update is employed by the CS for further handling the control communication for the connection flow. 2. The method of claim 1, further comprising the action of employing instructions provided by the CS to perform packet translations with the two or more DFSs, wherein the instructions are based at least in part on a load balancing action performed by the CS. 3. The method of claim 1, further comprising the action of employing the two or more DFSs to split the connection flow into a first connection flow from the server device to the client device for maintaining by a first DFS and a second connection flow from the client device to the server device for maintaining by a second DFS, wherein the first connection flow and the second connection flow are both associated with the identifier that corresponds to the connection flow. 4. The method of claim 1, wherein generating the identifier further comprises performing at least one of a hash of a sequence number for the connection flow and an exclusive OR byte operation on the sequence number for the connection flow. 5. The method of claim 1, wherein the connection flow request is based on at least a SYN request from the client device. 6. The method of claim 1, further comprising the action of enabling the two or more DFSs to terminate the connection flow at the two or more DFSs by providing a connection flow delete update to the CS. 7. The method of claim 1, further comprising the actions of: in response to a new connection flow request, generating another identifier for the new connection flow request and caching the other identifier at the CS;employing the CS to enable the two or more DFSs to establish a new connection flow between the client device and the server device that is based at least on the other identifier and the new connection flow request, wherein the two or more DFSs stores the other identifier separately from the CS;receiving an update for the new connection flow and its corresponding identifier; anddetermining if the update for the new connection flow is valid based on a comparison of its corresponding identifier and the other identifier stored by the two or more DFSs. 8. The method of claim 1, further comprising the actions of: in response to a new connection flow request, generating another identifier for the new connection flow request;identifying the new connection flow request as a Transmission Control Protocol (“TCP”) SYN flood when the other identifier is different than the identifier and the new connection flow request has a same connection flow signature as the connection flow, wherein the new connection flow request identified as the TCP SYN flood is discarded; andidentifying the new connection flow request as a TCP retransmitted SYN when the other identifier matches the identifier and the new connection flow request has a same connection flow signature as the connection flow, wherein the new connection flow request identified as the retransmitted TCP SYN is discarded. 9. The method of claim 1, wherein a subset of information within an invalidated update is employed to update a previously established connection while maintaining a status of the connection flow. 10. A traffic management device (“TMD”) for managing communication over a network, comprising; a network interface device for communicating over a network;a memory device for storing instructions; anda processor device for executing instructions to enable actions, including: processing a connection flow request that is operative to manage communication between at least one client device and at least one server device, wherein the TMD includes a control segment (“CS”) that handles at least one flow of control communication and two or more data flow segments (“DFS”) that separately maintain an incoming direction and an outgoing direction for a flow of data communication;generating an identifier that corresponds to a connection flow based on the connection flow request, wherein the identifier is separate from a connection flow signature of the connection flow, and wherein the CS caches the identifier and provides the identifier to the two or more DFSs;employing the CS to establish the connection flow between a client device and a server device that is based at least on the identifier and the connection flow request, wherein the two or more DFSs store the identifier separately from the CS;employing the two or more DFSs to provide an update to the connection flow and the separately stored identifier to the CS;comparing the identifier provided by the two or more DFSs to the CS to the identifier cached at the CS, wherein a match indicates the update is valid and a difference indicates the update is invalid; anddetermining when the update is valid based on the comparison of the identifier provided by the two or more DFSs to the CS and the identifier cached at the CS, wherein a validated update is employed by the CS for further handling the control communication for the connection flow. 11. The TMD of claim 10, further comprising the action of employing instructions provided by the CS to perform packet translations with the two or more DFSs, wherein the instructions are based at least in part on a load balancing action performed by the CS. 12. The TMD of claim 10, further comprising the action of employing the two or more DFSs to split the connection flow into a first connection flow from the server device to the client device and a second connection flow from the client device to the server device, wherein the first connection flow and the second connection flow are both associated with the identifier that corresponds to the connection flow. 13. The TMD of claim 10, wherein generating the identifier further comprises performing at least one of a hash of a sequence number for the connection flow and an exclusive OR byte operation on the sequence number for the connection flow. 14. The TMD of claim 10, wherein the connection flow request is based on at least a SYN request from the client device. 15. The TMD of claim 10, further comprising the action of enabling the two or more DFSs to terminate the connection flow at the two or more DFSs by providing a connection flow delete update to the CS. 16. The TMD of claim 10, further comprising the actions of: in response to a new connection flow request, generating another identifier for the new connection flow request and caching the other identifier at the CS;employing the CS to enable the two or more DFS to establish a new connection flow between the client device and the server device that is based at least on the other identifier and the new connection flow request, wherein the two or more DFSs store the other identifier separately from the CS;receiving an update for the new connection flow and its corresponding identifier; anddetermining when the update for the new connection flow is valid based on a comparison of its corresponding identifier and the other identifier stored by the two or more DFSs. 17. The TMD of claim 10, further comprising the actions of: in response to a new connection flow request, generating another identifier for the new connection flow request;identifying the new connection flow request as a Transmission Control Protocol (“TCP”) SYN flood if the other identifier is different than the identifier and the new connection flow request has a same connection flow signature as the connection flow, wherein the new connection flow request identified as the TCP SYN flood is discarded; andidentifying the new connection flow request as a TCP retransmitted SYN when the other identifier matches the identifier and the new connection flow request has a same connection flow signature as the connection flow, wherein the new connection flow request identified as the retransmitted TCP SYN is discarded. 18. A system for managing communication over a network, comprising: a client device;a server device; anda traffic management device (“TMD”), including: a network interface device for communicating over a network;a memory device for storing instructions; anda processor device for executing instructions to enable actions, including: processing a connection flow request that is operative to manage communication between at least one client device and at least one server device, wherein the TMD includes a control segment (“CS”) that handles at least one flow of control communication and two or more data flow segments (“DFS”) that separately maintain an incoming direction and an outgoing direction for a flow of data communication;generating an identifier that corresponds to a connection flow based on the connection flow request, wherein the identifier is separate from a connection flow signature of the connection flow, and wherein the CS caches the identifier and provides the identifier to the two or more DFSs;employing the CS to establish the connection flow between a client device and a server device that is based at least on the identifier and the connection flow request, wherein the two or more DFSs store the identifier separately from the CS;employing the two or more DFSs to provide an update to the connection flow and the separately stored identifier to the CS;comparing the identifier provided by the two or more DFSs to the CS to the identifier cached at the CS, wherein a match indicates the update is valid and a difference indicates the update is invalid; anddetermining when the update is valid based on the comparison of the identifier provided by the two or more DFSs to the CS and the identifier cached at the CS, wherein a validated update is employed by the CS for further handling the control communication for the connection flow. 19. The system of claim 18, further comprising the action of employing instructions provided by the CS to perform packet translations with the two or more DFSs, wherein the instructions are based at least in part on a load balancing action performed by the CS. 20. The system of claim 18, further comprising the action of employing the two or more DFSs to split the connection flow into a first connection flow from the server device to the client device and a second connection flow from the client device to the server device, wherein the first connection flow and the second connection flow are both associated with the identifier that corresponds to the connection flow. 21. The system of claim 18, wherein generating the identifier further comprises performing at least one of a hash of a sequence number for the connection flow and an exclusive OR byte operation on the sequence number for the connection flow. 22. The system of claim 18, further comprising the action of enabling the two or more DFSs to terminate the connection flow at the two or more DFSs by providing a connection flow delete update to the CS. 23. The system of claim 18, further comprising the actions of: in response to a new connection flow request, generating another identifier for the new connection flow request and caching the other identifier at the CS;employing the CS to enable the two or more DFSs to establish a new connection flow between the client device and the server device that is based at least on the other identifier and the new connection flow request, wherein the two or more DFSs stores the other identifier separately from the CS;receiving an update for the new connection flow and its corresponding identifier; anddetermining when the update for the new connection flow is valid based on a comparison of its corresponding identifier and the other identifier stored by the two or more DFSs. 24. The system of claim 18, further comprising the actions of: in response to a new connection flow request, generating another identifier for the new connection flow request;identifying the new connection flow request as a Transmission Control Protocol (“TCP”) SYN flood when the other identifier is different than the identifier and the new connection flow request has a same connection flow signature as the connection flow, wherein the new connection flow request identified as the TCP SYN flood is discarded; andidentifying the new connection flow request as a TCP retransmitted SYN when the other identifier matches the identifier and the new connection flow request has a same connection flow signature as the connection flow, wherein the new connection flow request identified as the retransmitted TCP SYN is discarded. 25. A processor readable non-transitive storage media that includes instructions for managing communication over a network, wherein the execution of the instructions by a network device enables actions, comprising: providing a connection flow request to a traffic management device (“TMD”) that is operative to manage communication between at least one client device and at least one server device, wherein the TMD includes a control segment (“CS”) that handles at least one flow of control communication and two or more data flow segments (“DFS”) that maintain at least one flow of data communication;employing the TMD to generate an identifier that corresponds to a connection flow based on the connection flow request, wherein the identifier is separate from a connection flow signature of the connection flow, and wherein the CS caches the identifier and provides the identifier to the two or more DFSs;employing the CS to establish the connection flow between a client device and a server device that is based at least on the identifier and the connection flow request, wherein the two or more DFSs store the identifier separately from the CS;employing the two or more DFSs to provide an update to the connection flow and the separately stored identifier to the CS;comparing the identifier provided by the two or more DFSs to the CS to the identifier cached at the CS, wherein a match indicates the update is valid and a difference indicates the update is invalid; anddetermining when the update is valid based on the comparison of the identifier provided by the two or more DFSs to the CS and the identifier cached at the CS, wherein a validated update is employed by the CS for further handling the control communication for the connection flow. 26. The media of claim 25, further comprising the action of employing the two or more DFS to split the connection flow into a first connection flow from the server device to the client device and a second connection flow from the client device to the server device, wherein the first connection flow and the second connection flow are both associated with the identifier that corresponds to the connection flow. 27. The media of claim 25, further comprising the actions of: in response to a new connection flow request, generating another identifier for the new connection flow request and caching the other identifier at the CS;employing the CS to enable the two or more DFSs to establish a new connection flow between the client device and the server device that is based at least on the other identifier and the new connection flow request, wherein the two or more DFSs store the other identifier separately from the CS;receiving an update for the new connection flow and its corresponding identifier; anddetermining when the update for the new connection flow is valid based on a comparison of its corresponding identifier and the other identifier stored by the two or more DFSs. 28. The media of claim 25, further comprising the actions of: in response to a new connection flow request, generating another identifier for the new connection flow request;identifying the new connection flow request as a Transmission Control Protocol (“TCP”) SYN flood if the other identifier is different than the identifier and the new connection flow request has a same connection flow signature as the connection flow, wherein the new connection flow request identified as the TCP SYN flood is discarded; andidentifying the new connection flow request as a TCP retransmitted SYN when the other identifier matches the identifier and the new connection flow request has a same connection flow signature as the connection flow, wherein the new connection flow request identified as the retransmitted TCP SYN is discarded.
연구과제 타임라인
LOADING...
LOADING...
LOADING...
LOADING...
LOADING...
이 특허에 인용된 특허 (76)
Hawkinson Christopher D., Apparatus and method for providing a binary range tree search.
Sathaye Shirish S. (North Chelmsford MA) Hannigan Brendan (West Newton MA) Hawe William R. (Pepperell MA), Automatic assignment of addresses in a computer communications network.
Yang Henry S. (Andover MA) Sathaye Shirish S. (North Chelmsford MA) Ben-Nun Michael (Jerusalem ILX) De-Leon Moshe (Jerusalem ILX) Ben-Michael Simoni (Givaat Zeev ILX), Buffer descriptor prefetch in network and I/O design.
Fitzgerald Albion J. (Ridgewood NJ) Fitzgerald Joseph J. (New Paltz NY), Distributed computer network including hierarchical resource information structure and related method of distributing re.
Shi Shaw-Ben ; Ault Michael Bradford ; Plassmann Ernst Robert ; Rich Bruce Arland ; Rosiles Mickella Ann ; Shrader Theodore Jack London, Distributed file system web server user authentication with cookies.
Couland Ghislaine,FRX ; Hunt Guerney Douglass Holloway ; Levy-Abegnoli Eric Michel,FRX ; Jean-Marie Mauduit Daniel Georges,FRX, Distributed scalable device for selecting a server from a server cluster and a switched path to the selected server.
Albert, Mark; Howes, Richard A.; Jordan, James A.; Kersey, Edward A.; LeBlanc, William M.; Menditto, Louis F.; O'Rourke, Chris; Tiwari, Pranav Kumar; Tsang, Tzu-Ming, Handling packet fragments in a distributed network service environment.
Daniel Arthur A. (Rochester MN) Moore Robert E. (Durham NC) Anderson Catherine J. (Raleigh NC) Gelm Thomas J. (Raleigh NC) Kiter Raymond F. (Poughkeepsie NY) Meeham John P. (Raleigh NC) Stevenson Joh, Method and apparatus for communication network alert message construction.
Attanasio Clement R. (Peekskill NY) Smith Stephen E. (Mahopac NY), Method and apparatus for making a cluster of computers appear as a single host on a network.
Colby Steven ; Krawczyk John J. ; Nair Raj Krishnan ; Royce Katherine ; Siegel Kenneth P. ; Stevens Richard C. ; Wasson Scott, Method and system for directing a flow between a client and a server.
Leighton Frank T. (459 Chestnut Hill Ave. Newtonville MA) Micali Silvio (459 Chestnut Hill Ave. Brookline MA 02146), Method for enabling users of a cryptosystem to generate and use a private pair key for enciphering communications betwee.
Choquier Philippe,FRX ; Peyroux Jean-Francios ; Griffin William J., Method of redirecting a client service session to a second application server without interrupting the session by forwa.
Albert, Mark; Howes, Richard A.; Jordan, James A.; Kersey, Edward A.; LeBlanc, William M.; McGuire, Jacob Mark; Menditto, Louis F.; O'Rourke, Chris; Tiwari, Pranav Kumar; Tsang, Tzu-Ming, Network address translation using a forwarding agent.
Allen, Jr., James Johnson; Bass, Brian Mitchell; Calvignac, Jean Louis; Gaur, Santosh Prasad; Heddes, Marco C.; Siegel, Michael Steven; Verplanken, Fabrice Jean, Network processor interface for building scalable switching systems.
Cummings Kevin D. (Phoenix AZ) Johnson William A. (Paradise Valley AZ) Laird Daniel L. (Madison WI), Pattern writing method during X-ray mask fabrication.
Arora Sanjeev (Berkeley CA) Knight ; Jr. Thomas F. (Belmont MA) Leighton Frank T. (Newton Center MA) Maggs Bruce M. (Princeton NJ) Upfal Eliezer (Palo Alto CA), Switching networks with expansive and/or dispersive logical clusters for message routing.
Bommareddy, Satish; Kale, Makarand; Chaganty, Srinivas, System and method for routing message traffic using a cluster of routers sharing a single logical IP address distinct from unique IP addresses of the routers.
Pitts William M. (780 Mora Dr. Los Altos CA 94024), System for accessing distributed data cache channel at each network node to pass requests and data.
Short, Joel E.; Delley, Frederic; Logan, Mark F.; Pagan, Florence C. I., Systems and methods for redirecting users having transparent computer access to a network using a gateway device having redirection capability.
Brown Charles Allan ; Burns John Martin ; Nagaraj Holavanahally Seshachar ; O'Neill James Joseph ; Ullah Muhammad Inayet ; Volpe Leo ; Wendt Herman Russell, Vacuum baking process.
Brendel Juergen ; Kring Charles J. ; Liu Zaide ; Marino Christopher C., World-wide-web server with delayed resource-binding for resource-based load balancing on a distributed resource multi-n.
※ AI-Helper는 부적절한 답변을 할 수 있습니다.