Facilitating a secure 3 party network session by a network device
First Claim
1. A method for facilitating a three party transmission control protocol (TCP) connection by a network device that comprises a processor and a memory for storing executable instructions, wherein the processor executes the instructions to perform the method, comprising:
- collecting, by the network device, application server information from an application server;
receiving, at the network device, a SYN packet from a client device over a network, the SYN packet comprising identifying information for the client device and a request to establish a TCP session with the application server;
based on the SYN packet received from the client device, determining, by the network device, that the client device is a trusted source for the network;
checking server load of the application server to determine if the SYN packet is to be accepted, wherein the checking the server load of the application server includes determining whether the application server is to;
decline to process the SYN packet oraccept the SYN packet and continue processing the SYN packet depending on the server load;
generating, by the network device, based on the application server information of the application server, information to authenticate the client device to the application server directly as the trusted source for the network;
transmitting, by the network device, a SYN/ACK packet to the client device, the SYN/ACK packet comprising the information to authenticate the client device to the application server directly as the trusted source for the network, wherein the network device comprises a translation layer to embed, into a header of the SYN/ACK packet, processing information needed for data packets from the client device to match with processing information needed for the application server to process the data packets from the client device; and
receiving information at the network device from the application server, the information relating to the TCP session established between the application server and the client device based on;
an acknowledgement (ACK) packet received at the application server from the client device, wherein the ACK packet includes the information to authenticate the client device to the application server as the trusted source for the network received by the client device in the SYN/ACK packet; and
retrieval, by the application server, of the application server information from the information to authenticate the client device received by the application server in the ACK packet from the client device.
1 Assignment
0 Petitions
Accused Products
Abstract
Facilitation of secure network traffic over an application session by an application delivery controller is provided herein. In some examples, a network device receives a TCP SYN packet from a client device, to establish a TCP connection. The network device transmits a SYN/ACK packet to the client device, including a SYN cookie with identifying information to authenticate the client device to the application as a trusted source for the network. The client device then returns an ACK packet directly to the application server to establish the TCP connection.
492 Citations
19 Claims
-
1. A method for facilitating a three party transmission control protocol (TCP) connection by a network device that comprises a processor and a memory for storing executable instructions, wherein the processor executes the instructions to perform the method, comprising:
-
collecting, by the network device, application server information from an application server; receiving, at the network device, a SYN packet from a client device over a network, the SYN packet comprising identifying information for the client device and a request to establish a TCP session with the application server; based on the SYN packet received from the client device, determining, by the network device, that the client device is a trusted source for the network; checking server load of the application server to determine if the SYN packet is to be accepted, wherein the checking the server load of the application server includes determining whether the application server is to; decline to process the SYN packet or accept the SYN packet and continue processing the SYN packet depending on the server load; generating, by the network device, based on the application server information of the application server, information to authenticate the client device to the application server directly as the trusted source for the network; transmitting, by the network device, a SYN/ACK packet to the client device, the SYN/ACK packet comprising the information to authenticate the client device to the application server directly as the trusted source for the network, wherein the network device comprises a translation layer to embed, into a header of the SYN/ACK packet, processing information needed for data packets from the client device to match with processing information needed for the application server to process the data packets from the client device; and receiving information at the network device from the application server, the information relating to the TCP session established between the application server and the client device based on; an acknowledgement (ACK) packet received at the application server from the client device, wherein the ACK packet includes the information to authenticate the client device to the application server as the trusted source for the network received by the client device in the SYN/ACK packet; and retrieval, by the application server, of the application server information from the information to authenticate the client device received by the application server in the ACK packet from the client device. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A network gateway system, comprising:
-
a plurality of processors; a memory communicatively coupled to the plurality of processors, the memory storing instructions executable by at least one of the plurality of processors to perform a method comprising; collecting, by a network device, application server information from an application server; receiving, at the network device, a SYN packet from a client device over a network, the SYN packet comprising identifying information for the client device and a request to establish a transmission control protocol (TCP) session with the application server; based on the SYN packet received from the client device, determining, by the network device, that the client device is a trusted source for the network; checking server load of the application server to determine if the SYN packet is to be accepted, wherein the checking the server load of the application server includes determining whether the application server is to; decline to process the SYN packet or accept the SYN packet and continue processing the SYN packet depending on the server load; generating, by the network device, based on the application server information of the application server, information to authenticate the client device to the application server directly as the trusted source for the network; transmitting, by the network device, a SYN/ACK packet to the client device, the SYN/ACK packet comprising the information to authenticate the client device to the application server directly as the trusted source for the network, wherein the network device comprises a translation layer to embed, into a header of the SYN/ACK packet, processing information needed for data packets from the client device to match with processing information needed for the application server to process the data packets from the client device; and receiving information at the network device from the application server, the information relating to the TCP session established between the application server and the client device based on; an acknowledgement (ACK) packet received at the application server from the client device, wherein the ACK packet includes the information to authenticate the client device to the application server as the trusted source for the network received by the client device in the SYN/ACK packet; and retrieval, by the application server, of the application server information from the information to authenticate the client device received by the application server in the ACK packet from the client device. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19)
-
Specification