Facilitating secure network traffic by an application delivery controller
First Claim
Patent Images
1. A method for facilitating a secure network by a network device that comprises a processor and a memory for storing executable instructions, wherein the processor executes the instructions to perform the method, comprising:
- receiving, by the network device, a data packet with information from a client indicating that the client is a trusted source;
determining, by the network device, network capabilities of a server, the network capabilities including at least network parameters that the server is capable to serve;
correlating, by the network device, the network capabilities of the server with the information present in the data packet, the correlating including;
computing, by the network device, the information present in the data packet to obtain one or more network parameter values associated with the client; and
looking up, by the network device, the one or more network parameter values in an index table to select, from a plurality of combinations of network parameters that the server is capable of serving, a combination of network parameters that the server is capable to serve and that corresponds to the one or more network parameter values, the index table storing a plurality of network parameter values corresponding to the plurality of combinations of network parameters that the server is capable to serve; and
applying, by the network device, a tunneling protocol to transfer, by the network device, the combination of network parameters to the server, the applying the tunneling protocol including;
creating, by the network device, a modified data packet and placing the data packet and a transmission control protocol (TCP) options header into the modified data packet, the TCP options header comprising information including at least a sequence number for a protocol connection, wherein the information present in the TCP options header includes the combination of network parameters selected from the index table to match the network parameters that the server is capable to serve; and
forwarding, by the network device, the modified data packet to the server, wherein the server extracts, from the modified data packet, the data packet and the combination of network parameters and processes the data packet based on the combination of network parameters that the server is capable of serving.
1 Assignment
0 Petitions
Accused Products
Abstract
Facilitation of secure network traffic by an application delivery controller is provided herein. In some examples, a method includes: (a) receiving a data packet with information from a client indicating that the client is a trusted source; (b) embedding in the data packet a transmission control protocol (TCP) options header, the TCP options header comprising information including at least a sequence number for a protocol connection; and (c) forwarding the embedded data packet to a server.
-
Citations
20 Claims
-
1. A method for facilitating a secure network by a network device that comprises a processor and a memory for storing executable instructions, wherein the processor executes the instructions to perform the method, comprising:
-
receiving, by the network device, a data packet with information from a client indicating that the client is a trusted source; determining, by the network device, network capabilities of a server, the network capabilities including at least network parameters that the server is capable to serve; correlating, by the network device, the network capabilities of the server with the information present in the data packet, the correlating including; computing, by the network device, the information present in the data packet to obtain one or more network parameter values associated with the client; and looking up, by the network device, the one or more network parameter values in an index table to select, from a plurality of combinations of network parameters that the server is capable of serving, a combination of network parameters that the server is capable to serve and that corresponds to the one or more network parameter values, the index table storing a plurality of network parameter values corresponding to the plurality of combinations of network parameters that the server is capable to serve; and applying, by the network device, a tunneling protocol to transfer, by the network device, the combination of network parameters to the server, the applying the tunneling protocol including; creating, by the network device, a modified data packet and placing the data packet and a transmission control protocol (TCP) options header into the modified data packet, the TCP options header comprising information including at least a sequence number for a protocol connection, wherein the information present in the TCP options header includes the combination of network parameters selected from the index table to match the network parameters that the server is capable to serve; and forwarding, by the network device, the modified data packet to the server, wherein the server extracts, from the modified data packet, the data packet and the combination of network parameters and processes the data packet based on the combination of network parameters that the server is capable of serving. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A method for facilitating secure network by a network device that comprises a processor and a memory for storing executable instructions, wherein the processor executes the instructions to perform the method, comprising:
-
receiving, at the network device, a data packet with information from a client indicating that the client is a trusted source; determining, by the network device, network capabilities of a server, the network capabilities including at least network parameters that the server is capable to serve; correlating, by the network device, the network capabilities of the server with the information present in the data packet, the correlating including; computing, by the network device, the information present in the data packet to obtain one or more network parameter values associated with the client; and looking up, by the network device, the one or more network parameter values in an index table to select, from a plurality of combinations of network parameters that the server is capable of serving, a combination of network parameters that the server is capable to serve and that corresponds to the one or more network parameter values, the index table storing the plurality of network parameter values corresponding to a plurality of combinations of network parameters that the server is capable to serve; and applying, by the network device, a tunneling protocol to transfer, by the network device, the combination of network parameters to the server, the applying the tunneling protocol including; creating, by the network device, a modified data packet and placing, into the modified data packet, the data packet and an Internet protocol (IP) header of the modified data packet with an encoded value from the index table, the encoded value from the index table representing the combination of network parameters selected from the index table to match the network parameters that the server is capable to serve; and forwarding, by the network device, the data packet with the modified IP header to the server, wherein the server extracts, from the data packet with the modified IP header, the combination of network parameters and processes the data packet based on the combination of network parameters that the server is capable of serving. - View Dependent Claims (12)
-
-
13. A method for facilitating a secure network by a network device that comprises a processor and a memory for storing executable instructions, wherein the processor executes the instructions to perform the method, comprising:
-
receiving, by the network device, a data packet with information from a client indicating that the client is a trusted source; determining, by the network device, network capabilities of a server, the network capabilities including at least network parameters that the server is capable to serve; correlating, by the network device, the network capabilities of the server with the information present in the data packet, the correlating including; computing, by the network device, the information present in the data packet to obtain one or more network parameter values associated with the client; and looking up, by the network device, the one or more network parameter values in an index table to select, from a plurality of combinations of network parameters that the server is capable of serving, a combination of network parameters that the server is capable to serve and that corresponds to the one or more network parameter values, the index table storing the plurality of network parameter values corresponding to a plurality of combinations of network parameters that the server is capable to serve; receiving, by the network device, data packets of a data flow from the client, the data flow being associated with transfer parameters; communicating, by the network device, in a first channel established between the network device and the server, the transfer parameters associated with the data flow and connection parameters associated with a SYN packet received from the client, the connection parameters comprising the combination of network parameters that the server is capable to serve for data transfer over the secure network, wherein the transfer parameters and the connection parameters are communicated by the network device to the server using a tunneling protocol by; creating, by the network device, a modified data packet and placing the data packet, the transfer parameters, and the connection parameters into a TCP options header or an IP header of the modified data packet, and forwarding, by the network device, the modified data packet to the server, wherein the server extracts, from the modified data packet, the data packet and the connection parameters and processes the data packet based on the combination of network parameters that the server is capable to serve; and forwarding, by the network device, in a second channel established between the network device and the server, the data packets of the data flow from the client. - View Dependent Claims (14)
-
-
15. An application delivery controller, comprising:
-
a processor; and a memory for storing executable instructions, the processor being configured to execute the instructions to; receive a data packet with information from a client indicating that the client is a trusted source; determine network capabilities of a server, the network capabilities including at least network parameters that the server is capable to serve; correlate the network capabilities of the server with the information present in the data packet, the correlating including; computing the information present in the data packet to obtain one or more network parameter values associated with the client; and looking up the one or more network parameter values in an index table to select, from a plurality of combinations of network parameters that the server is capable of serving, a combination of network parameters that the server is capable to serve and that corresponds to the one or more network parameter values, the index table storing the plurality of network parameter values corresponding to a plurality of combinations of network parameters that the server is capable to serve; apply a tunneling protocol to transfer the combination of network parameters to the server, the applying the tunneling protocol including either; (1) creating a first modified data packet and placing the data packet and a transmission control protocol (TCP) options header into the first modified data packet, the TCP options header comprising parameters for a protocol connection, the parameters including the combination of network parameters selected from the index table to match the network parameters that the server is capable to serve, or (2) creating a second modified data packet and placing, into the second modified data packet, the data packet and an Internet protocol (IP) header of the modified data packet with an encoded value from an index table, the encoded value representing the combination of network parameters selected from the index table to match the network parameters that the server is capable to serve; and forward the first modified data packet or the second modified data packet to the server, wherein the server extracts, from the first modified data packet or the second modified data packet, the data packet and the combination of network parameters and processes the data packet based on the combination of network parameters vu is capable of serving. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification