Systems and methods for routing network packets between multi-core intermediaries

US 10,333,846 B2
Filed: 02/19/2016
Issued: 06/25/2019
Est. Priority Date: 02/19/2016
Status: Active Grant

First Claim

Patent Images

1. A method of routing network packets between multi-core intermediaries, comprising:

receiving, by a processor of a plurality of processors of a client-side intermediary device deployed between a client device and a plurality of server-side intermediary devices, a packet from the client device, each of the plurality of processors of the client-side intermediary device identified by a core identifier of a corresponding plurality of core identifiers, the packet including a first source port address corresponding to the client device;

calculating, by the processor of the client-side intermediary device, a first set of source port addresses of the client-side intermediary device based on a hash function applied to inputs of a first key and the core identifier;

identifying, by the processor of the client-side intermediary device, from the plurality of server-side intermediary devices, a server-side intermediary device based on data received with the packet from the client device or control information received from the target server-side intermediary device, the target server-side intermediary device comprising a plurality of processors;

selecting, by the processor of the client-side intermediary device, a target core identifier corresponding to a target processor of the plurality of processors of the selected server-side intermediary device based on the data received with the packet from the client device or the control information received from the target server-side intermediary device;

calculating, by the processor of the client-side intermediary device, a second set of source port addresses of the client-side intermediary device based on the hash function applied to inputs of a second key and the target core identifier;

identifying, by the processor of the client-side intermediary device, a second source port address common to both the first set of source port addresses and the second set of source port addresses, the second source port address corresponding to the target processor of the plurality of processors of the target server-side intermediary device for routing the packet; and

replacing, by the processor of the client-side intermediary device, the first source port address in the packet with the second source port address.

View all claims

8 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present disclosure is directed towards systems and methods routing network packets between multi-core intermediaries. A processor of a plurality of processors on a client-side intermediary device may receive a packet from a client device. The processor may be identified by a core identifier. The processor may calculate a first set of source port addresses based on a first key and the core identifier. The processor may identify a target server-side intermediary device and a target processor based on data received with the packet or metadata received from the target server-side intermediary device. The processor may calculate a second set of port addresses based on a second key and the target core identifier. The processor may identify a port address common to both the first set and second set of port addresses. The processor may replace the original source port address in the packet with the identified port address.

Citations

20 Claims

1. A method of routing network packets between multi-core intermediaries, comprising:
- receiving, by a processor of a plurality of processors of a client-side intermediary device deployed between a client device and a plurality of server-side intermediary devices, a packet from the client device, each of the plurality of processors of the client-side intermediary device identified by a core identifier of a corresponding plurality of core identifiers, the packet including a first source port address corresponding to the client device;
  
  calculating, by the processor of the client-side intermediary device, a first set of source port addresses of the client-side intermediary device based on a hash function applied to inputs of a first key and the core identifier;
  
  identifying, by the processor of the client-side intermediary device, from the plurality of server-side intermediary devices, a server-side intermediary device based on data received with the packet from the client device or control information received from the target server-side intermediary device, the target server-side intermediary device comprising a plurality of processors;
  
  selecting, by the processor of the client-side intermediary device, a target core identifier corresponding to a target processor of the plurality of processors of the selected server-side intermediary device based on the data received with the packet from the client device or the control information received from the target server-side intermediary device;
  
  calculating, by the processor of the client-side intermediary device, a second set of source port addresses of the client-side intermediary device based on the hash function applied to inputs of a second key and the target core identifier;
  
  identifying, by the processor of the client-side intermediary device, a second source port address common to both the first set of source port addresses and the second set of source port addresses, the second source port address corresponding to the target processor of the plurality of processors of the target server-side intermediary device for routing the packet; and
  
  replacing, by the processor of the client-side intermediary device, the first source port address in the packet with the second source port address.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, wherein selecting the target server-side intermediary device further comprises determining that a datatype of the data received with the packet from the client device is an opaque datatype, the data previously passed from the server-side intermediary to the client device;
    - wherein selecting the target core identifier further comprises decoding the data, responsive to determining that the datatype is the opaque datatype, to identify a server-side intermediary device identifier and the target core identifier; and
      
      further comprising;
      
      searching, by the processor of the client-side intermediary device, responsive to decoding the data, a key database to find the second key based on the target server-side intermediary device identifier and the target core identifier.
  - 3. The method of claim 1, further comprising:
    - transmitting, by the processor of the client-side intermediary device, to each of the plurality of server-side intermediary devices, a key request;
      
      subsequently receiving, by the processor of the client-side intermediary device, from each of the plurality of server-side intermediary devices, a response including the control information including a server-side intermediary device identifier, a server-side intermediary device core identifiers and a key of the respective server-side intermediary device;
      
      determining, by the processor of the client-side intermediary device, that one of the plurality of server-side intermediary device core identifier matches the target core identifier; and
      
      identifying, by the processor of the client-side intermediary device, the second key corresponding to the one of the plurality of server-side intermediary devices matching the target core identifier.
  - 4. The method of claim 1, wherein receiving the packet from the client device further comprises intercepting the packet from the client device, the packet including a destination port and a destination Internet Protocol (IP) address each corresponding to a server, the data including a server-side intermediary device identifier and the target core identifier and further comprising:
    - identifying, by the processor of the client-side intermediary device, the server based on the destination port and the destination IP address;
      
      identifying, by the processor of the client-side intermediary device, a subset of the plurality of server-side intermediary devices in communication with the server, each of the subset of the plurality of server-side intermediary devices having a plurality of processors;
      
      selecting, by the processor of the client-side intermediary device, from the subset of the plurality of server-side intermediary devices, the target server-side intermediary device based on the target server-side intermediary device identifier;
      
      accessing, by the processor of the client-side intermediary device, a key database for a subset of keys corresponding to each of the plurality of processors of the subset of the plurality of server-side intermediary device; and
      
      selecting, by the processor of the client-side intermediary device, the second key from the subset of keys based on the target core identifier.
  - 5. The method of claim 1, wherein the packet is received by the client-side intermediary device via a first network, and further comprising:
    - identifying, by the processor of the client-side intermediary device, an Internet Protocol (IP) address of the client-side intermediary device and an IP address of the target server-side intermediary device on a second network connected to the client-side intermediary device and each of the target server-side intermediary devices;
      
      wherein receiving the packet further comprises receiving the packet including a source IP address of the client device and a destination IP address of the client-side intermediary device on the first network; and
      
      wherein replacing the first source port address of the packet with the second source port address further comprises replacing, in the packet, the source IP address of the client device with the IP address of the client-side intermediary device on the second network and the destination IP address of the client-side intermediary device on the first network with the IP address of the target server-side intermediary device on the second network.
  - 6. The method of claim 1, wherein calculating the first set of source port addresses further comprises changing the first set of port addresses using a first indirection table, the first indirection table mapping a third port address to a fourth port address;
    - andwherein calculating the second set of source port addresses further comprises changing the second set of port addresses using a second indirection table, the second indirection table different from the first indirection table, the second indirection table mapping a fifth port address to a sixth port address.
  - 7. The method of claim 1, wherein identifying the second source port address further comprises:
    - identifying a plurality of source port addresses common to both the first set of port addresses and the second set of port addresses; and
      
      selecting the second source port address from the identified plurality of source port addresses.
  - 8. The method of claim 1, wherein calculating the first set of source port addresses further comprises:
    - calculating a first set of hash values based on the hash function applied to inputs of the first key, a source Internet Protocol (IP) address of the client-side intermediary device, a destination IP address of the target server-side intermediary device, a destination port address of the target server-side intermediary device, and the core identifier; and
      
      identifying the first set of source port addresses based on the first set of hash values.
  - 9. The method of claim 1, wherein calculating the second set of source port addresses further comprises:
    - calculating a second set of hash values based on the hash function applied to inputs of the second key, the source IP address of the client-side intermediary device, the destination IP address of the target server-side intermediary device, the destination port address of the target server-side intermediary device, and the target core identifier; and
      
      identifying the second set of source port addresses based on the second set of hash values.
  - 10. The method of claim 1, further comprising:
    - forwarding, by the processor of the client-side intermediary device, the packet to the target server-side intermediary device.

11. A system for routing network packets between multi-core intermediaries, comprising:
- a processor of a plurality of processors of a client-side intermediary device deployed between a client device and a plurality of server-side intermediary devices, each of the plurality of processors of the client-side intermediary device comprising hardware coupled to memory and identified by a core identifier of a corresponding plurality of core identifiers, that receives a packet from the client device, the packet including a first source port address corresponding to the client device;
  
  a hash calculator of the processor that calculates a first set of source port addresses of the client-side intermediary device based on a hash function applied to inputs of a first key and the core identifier;
  
  a core selector of the processor that;
  
  identifies, from the plurality of server-side intermediary devices, a server-side intermediary device based on data received with the packet from the client device or control information received from the target server-side intermediary device, the target server-side intermediary device comprising a plurality of processors; and
  
  selects a target core identifier corresponding to a target processor of the plurality of processors of the selected server-side intermediary device based on the data received with the packet from the client device or the control information received from the target server-side intermediary device;
  
  wherein the hash calculator;
  
  calculates a second set of source port addresses of the client-side intermediary device based on the hash function applied to inputs of a second key and the target core identifier; and
  
  identifies a second source port address common to both the first set of source port addresses and the second set of source port addresses, the second source port address corresponding to the target processor of the plurality of processors of the target server-side intermediary device for routing the packet; and
  
  a packet modifier of the processor that replaces the first source port address in the packet with the second source port address.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 12. The system of claim 11, wherein the core selector:
    - determines that a datatype of the data received with the packet from the client device is an opaque datatype, the data previously passed from the server-side intermediary to the client device; and
      
      decodes the data, responsive to determining that the datatype is the opaque datatype, to identify a server-side intermediary device identifier and the target core identifier; and
      
      further comprising;
      
      a key retriever of the processor that searches a key database to find the second key based on the target server-side intermediary device identifier and the target core identifier.
  - 13. The system of claim 11, further comprising a key retriever of the processor that:
    - transmits, to each of the plurality of server-side intermediary devices, a key request;
      
      subsequently receives, from each of the plurality of server-side intermediary devices, a response including the control information including a server-side intermediary device identifier, a server-side intermediary device core identifiers and a key of the respective server-side intermediary device;
      
      determines that one of the plurality of server-side intermediary device identifiers matches the target server-side intermediary device identifier; and
      
      identifies the second key corresponding to the one of the plurality of server-side intermediary device identifiers matching the target server-side intermediary device identifier.
  - 14. The system of claim 11, wherein the processor intercepts the packet from the client device, the packet including a destination port and a destination Internet Protocol (IP) address each corresponding to a server, the data including a server-side intermediary device identifier and the target core identifier;
    - wherein the core selector;
      
      identifies the server based on the destination port and the destination IP address;
15. The system of claim 11, wherein the packet is received by the client-side intermediary device via a first network;
- andwherein core identifier identifies an Internet Protocol (IP) address of the client-side intermediary device and an IP address of the target server-side intermediary device on a second network connected to the client-side intermediary device and each of the target server-side intermediary devices;
  
  wherein the processor receives the packet including a source IP address of the client device and a destination IP address of the client-side intermediary device on the first network; and
  
  wherein the packet modifier replaces, in the packet, the source IP address of the client device with the IP address of the client-side intermediary device on the second network and the destination IP address of the client-side intermediary device on the first network with the IP address of the target server-side intermediary device on the second network.
16. The system of claim 11, wherein the hash calculator:
- changes the first set of source port addresses using a first indirection table, the first indirection table mapping a third source port address to a fourth source port address; and
  
  changes the second set of source port addresses using a second indirection table, the second indirection table different from the first indirection table, the second indirection table mapping a fifth source port address to a sixth source port address.
17. The system of claim 11, wherein the hash calculator:
- identifies a plurality of source port addresses common to both the first set of port addresses and the second set of port addresses; and
  
  selects the second source port address from the identified plurality of source port addresses.
18. The system of claim 11, wherein the hash calculator:
- calculates a first set of hash values based on the hash function applied to inputs of the first key, a source Internet Protocol (IP) address of the client-side intermediary device, a destination IP address of the target server-side intermediary device, a destination port address of the target server-side intermediary device, and the core identifier; and
  
  identifies the first set of source port addresses based on the first set of hash values.
19. The system of claim 11, wherein the hash calculator:
- calculates a second set of hash values based on the hash function applied to inputs of the second key, the source IP address of the client-side intermediary device, the destination IP address of the target server-side intermediary device, the destination port address of the target server-side intermediary device, and the target core identifier; and
  
  identifies the second set of source port addresses based on the second set of hash values.
20. The system of claim 11, wherein the processor forwards the packet to the target server-side intermediary device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Citrix Systems, Inc. (Cloud Software Group)
Original Assignee
Citrix Systems, Inc. (Cloud Software Group)
Inventors
Singhal, Pravin, Francis, Daisy Caroline, Paralikar, Hrushikesh Shrinivas
Primary Examiner(s)
Keehn, Richard G
Assistant Examiner(s)
Ma, Wing

Application Number

US15/048,469
Publication Number

US 20170244637A1
Time in Patent Office

1,222 Days
Field of Search

709238
US Class Current
CPC Class Codes

H04L 45/7453 using hashing

H04L 61/2514 between local and global IP...

Systems and methods for routing network packets between multi-core intermediaries

First Claim

8 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Systems and methods for routing network packets between multi-core intermediaries

First Claim

8 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links