Load balancing with handshake offload
First Claim
Patent Images
1. A computer-implemented method, comprising:
- establishing a network connection between a client computer system and a load balancer;
for a first set of messages of a handshake, with the client computer system, of a cryptographically protected communications protocol received by the load balancer, routing the first set of messages from the load balancer to a handshake server computer system thereby facilitating negotiation of a set of cryptographic keys for a cryptographically protected communications session; and
for a second set of messages outside of the handshake, with the client computer system, of the cryptographically protected communications protocol received by the load balancer, the second set of messages transmitted over the cryptographically protected communications session, routing the second set of messages from the load balancer to another server computer system different from the handshake server computer system.
1 Assignment
0 Petitions
Accused Products
Abstract
Cryptographically protected communications sessions are established using a distributed process. A load balancer proxies handshake messages to a first computer system that negotiates a cryptographically protected communications session with the client. When the client and first computer system complete negotiation of the session, the first computer system provides a set of session keys to a second computer system, through the load balancer or another channel. The second computer system then uses the session keys to communicate with the client over the cryptographically protected communications session.
330 Citations
20 Claims
-
1. A computer-implemented method, comprising:
-
establishing a network connection between a client computer system and a load balancer; for a first set of messages of a handshake, with the client computer system, of a cryptographically protected communications protocol received by the load balancer, routing the first set of messages from the load balancer to a handshake server computer system thereby facilitating negotiation of a set of cryptographic keys for a cryptographically protected communications session; and for a second set of messages outside of the handshake, with the client computer system, of the cryptographically protected communications protocol received by the load balancer, the second set of messages transmitted over the cryptographically protected communications session, routing the second set of messages from the load balancer to another server computer system different from the handshake server computer system. - View Dependent Claims (2, 3, 4)
-
-
5. A system, comprising:
-
one or more processors; and memory storing instructions that, as a result of execution by the one or more processors, cause the system to; receive, at a load balancer, a first message from a client computer system; determine whether the first message is for a handshake; as a result of the first message being for a handshake, route the first message from the load balancer to a first computer system to enable the first computer system to negotiate, with the client computer system, a cryptographically protected communications session; and as a result of a second message being outside of the handshake but over the cryptographically protected communications session, route the second message from the load balancer to a second computer system. - View Dependent Claims (6, 7, 8, 9, 10, 11, 12)
-
-
13. A non-transitory computer-readable storage medium having stored thereon executable instructions that, as a result of execution by one or more processors of a first computer system, cause the first computer system to at least:
-
receive, at a load balancer, messages from a client computer system; proxy, from the load balancer, handshake messages of a protocol for cryptographically protected communications sessions between the client computer system and a second computer system, the handshake messages for a negotiation of a cryptographically protected communications session; and proxy, from the load balancer, non-handshake messages of the protocol for the cryptographically protected communications session to a third computer system. - View Dependent Claims (14, 15, 16, 17, 18, 19, 20)
-
Specification