Routing of communications to one or more processors performing one or more services according to a load balancing function

US 10,218,782 B2
Filed: 07/11/2017
Issued: 02/26/2019
Est. Priority Date: 12/10/2003
Status: Expired due to Term

First Claim

Patent Images

1. A method for reconfiguring policy enforcement appliances in a computer network, the method comprising:

configuring a topology of a cluster of appliances in the computer network, wherein a management console server assigns the cluster of appliances to enforce one or more policy rules;

providing the policy rules from the management console server to a first appliance of the cluster, wherein the first appliance is assigned responsibility for replicating the policy rules within the cluster and sends the policy rules to at least a second appliance in the cluster;

detecting that one of the appliances in the cluster has failed;

modifying the topology of remaining appliances in the cluster in response to detecting the failed appliance, wherein the cluster of remaining appliances continues to enforce the policy rules in accordance with the modified topology;

receiving a first communication related to an Internet Protocol (IP) Address;

identifying that the first communication includes a virtual private network protocol (VPN) frame;

sending the first communication to a first platform service based on the identification of the VPN frame;

receiving a reply relating to the first communication from the first platform service;

receiving a second communication relating to the IP address;

identifying that the second communication includes a secure socket layer (SSL) HELO message;

sending the second communication to a second platform service based on identifying that the second communication includes the SSL HELO message; and

receiving a reply relating to the second communication from the second platform service.

View all claims

5 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present disclosure identifies topologies of a computer network where one network appliance may be configured as a master network appliance and where that master network appliance may communicate over a network communication interface with one or more slave network appliances. Computer networks of the present disclosure may include a switch and a firewall where the switch may be coupled to several network appliances via different network communication interfaces.

Citations

16 Claims

1. A method for reconfiguring policy enforcement appliances in a computer network, the method comprising:
- configuring a topology of a cluster of appliances in the computer network, wherein a management console server assigns the cluster of appliances to enforce one or more policy rules;
  
  providing the policy rules from the management console server to a first appliance of the cluster, wherein the first appliance is assigned responsibility for replicating the policy rules within the cluster and sends the policy rules to at least a second appliance in the cluster;
  
  detecting that one of the appliances in the cluster has failed;
  
  modifying the topology of remaining appliances in the cluster in response to detecting the failed appliance, wherein the cluster of remaining appliances continues to enforce the policy rules in accordance with the modified topology;
  
  receiving a first communication related to an Internet Protocol (IP) Address;
  
  identifying that the first communication includes a virtual private network protocol (VPN) frame;
  
  sending the first communication to a first platform service based on the identification of the VPN frame;
  
  receiving a reply relating to the first communication from the first platform service;
  
  receiving a second communication relating to the IP address;
  
  identifying that the second communication includes a secure socket layer (SSL) HELO message;
  
  sending the second communication to a second platform service based on identifying that the second communication includes the SSL HELO message; and
  
  receiving a reply relating to the second communication from the second platform service.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, wherein the VPN frame is embedded in payload data of the first communication.
  - 3. The method of claim 1, wherein the first appliance is designated a master of the cluster, and wherein the first appliance provides a changed policy rule to other appliances in the cluster.
  - 4. The method of claim 3, further comprising receiving via the management console server information regarding the changed policy rule, wherein the management console server provides the changed policy rule to the master appliance.
  - 5. The method of claim 1, wherein the policy rules include at least one of a rule regarding access to an Intranet, a load balancing rule, and a rule regarding routing communications.
  - 6. The method of claim 5, wherein the policy rules include the load balancing rule, and wherein the load balancing rule is also associated with at least one of a round robin algorithm or a weighted least connection algorithm.
  - 7. The method of claim 1, wherein providing the policy rules comprises providing a unified configuration from the management console server to the first appliance, the unified configuration including the policy rules and configuration information regarding the cluster, wherein the unified configuration is replicated to other appliances in the cluster.
  - 8. The method of claim 1, further comprising maintaining user credentials at the management console server.

9. A non-transitory computer-readable storage medium having embodied thereon a program for performing a method for reconfiguring policy enforcement appliances in a computer network, the method comprising:
- configuring a topology of a cluster of appliances in the computer network, wherein a management console server assigns the cluster of appliances to enforce one or more policy rules;
  
  providing the policy rules from the management console server to a first appliance of the cluster, wherein the first appliance is assigned responsibility for replicating the policy rules within the cluster and sends the policy rules to at least a second appliance in the cluster;
  
  detecting that one of the appliances in the cluster has failed;
  
  modifying the topology of remaining appliances in the cluster in response to detecting the failed appliance, wherein the cluster of remaining appliances continues to enforce the policy rules in accordance with the modified topology;
  
  receiving a first communication relating to an Internet Protocol (IP) Address;
  
  identifying that the first communication includes a virtual private network protocol (VPN) frame;
  
  sending the first communication to a first platform service based on the identification of the VPN frame;
  
  receiving a reply relating to the first communication from the first platform service;
  
  receiving a second communication relating to the IP address;
  
  identifying that the second communication includes a secure socket layer (SSL) HELO message;
  
  sending the second communication to a second platform service based on the identifying that the second communication includes the SSL Helo message; and
  
  receiving a reply relating to the second communication from the second platform service.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
- - 10. The non-transitory computer-readable storage medium of claim 9, wherein the VPN frame is embedded in payload data of the first communication.
  - 11. The non-transitory computer-readable storage medium of claim 9, wherein the first appliance is designated a master of the cluster, and wherein the first appliance provides a changed policy rule to other appliances in the cluster.
  - 12. The non-transitory computer-readable storage medium of claim 11, wherein the program further comprises instructions executable to receive via the management console server information regarding the changed policy rule, wherein the management console server provides the changed policy rule to the master appliance.
  - 13. The non-transitory computer-readable storage medium of claim 9, wherein the policy rules include at least one of a rule regarding access to an Intranet, a load balancing rule, and a rule regarding routing communications.
  - 14. The non-transitory computer-readable storage medium of claim 13, wherein the policy rules include the load balancing rule, and wherein the load balancing rule is also associated with at least one of a round robin algorithm or a weighted least connection algorithm.
  - 15. The non-transitory computer-readable storage medium of claim 9, wherein providing the policy rules comprises providing a unified configuration from the management console server to the first appliance, the unified configuration including the policy rules and configuration information regarding the cluster, wherein the unified configuration is replicated to other appliances in the cluster.
  - 16. The non-transitory computer-readable storage medium of claim 9, further comprising maintaining user credentials at the management console server.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
SonicWALL US Holdings, Inc. (SonicWall Holdings Ltd.)
Original Assignee
SonicWALL, Inc. (SonicWall Holdings Ltd.)
Inventors
Hopen, Chris A., Tomlinson, Gary B., Brooke, John, Brown, Derek W., Burdge, Jonathan, Erickson, Rodger D.
Primary Examiner(s)
Joo, Joshua

Application Number

US15/646,526
Publication Number

US 20170318081A1
Time in Patent Office

595 Days
Field of Search

None
US Class Current
CPC Class Codes

G06F 11/2007   using redundant communicati...

H04L 41/0806   for initial configuration o...

H04L 41/12   Discovery or management of ...

H04L 45/121   by minimising delays

H04L 47/125   by balancing the load, e.g....

H04L 67/1001   for accessing one among a p...

H04L 67/1008   based on parameters of serv...

H04L 67/101   based on network conditions

H04L 67/1017   based on a round robin mech...

H04L 67/1029   using data related to the s...

H04L 67/1034   Reaction to server failures...

H04L 67/1038   Load balancing arrangements...

Routing of communications to one or more processors performing one or more services according to a load balancing function

First Claim

5 Assignments

0 Petitions

Accused Products

Abstract

Citations

16 Claims

Specification

Solutions

Use Cases

Quick Links

Routing of communications to one or more processors performing one or more services according to a load balancing function

First Claim

5 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

16 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links