Systems and methods for routing network packets between multi-core intermediaries
First Claim
1. A method of routing network packets between multi-core intermediaries, comprising:
- receiving, by a processor of a plurality of processors of a client-side intermediary device deployed between a client device and a plurality of server-side intermediary devices, a packet from the client device, each of the plurality of processors of the client-side intermediary device identified by a core identifier of a corresponding plurality of core identifiers, the packet including a first source port address corresponding to the client device;
calculating, by the processor of the client-side intermediary device, a first set of source port addresses of the client-side intermediary device based on a hash function applied to inputs of a first key and the core identifier;
identifying, by the processor of the client-side intermediary device, from the plurality of server-side intermediary devices, a server-side intermediary device based on data received with the packet from the client device or control information received from the target server-side intermediary device, the target server-side intermediary device comprising a plurality of processors;
selecting, by the processor of the client-side intermediary device, a target core identifier corresponding to a target processor of the plurality of processors of the selected server-side intermediary device based on the data received with the packet from the client device or the control information received from the target server-side intermediary device;
calculating, by the processor of the client-side intermediary device, a second set of source port addresses of the client-side intermediary device based on the hash function applied to inputs of a second key and the target core identifier;
identifying, by the processor of the client-side intermediary device, a second source port address common to both the first set of source port addresses and the second set of source port addresses, the second source port address corresponding to the target processor of the plurality of processors of the target server-side intermediary device for routing the packet; and
replacing, by the processor of the client-side intermediary device, the first source port address in the packet with the second source port address.
8 Assignments
0 Petitions
Accused Products
Abstract
The present disclosure is directed towards systems and methods routing network packets between multi-core intermediaries. A processor of a plurality of processors on a client-side intermediary device may receive a packet from a client device. The processor may be identified by a core identifier. The processor may calculate a first set of source port addresses based on a first key and the core identifier. The processor may identify a target server-side intermediary device and a target processor based on data received with the packet or metadata received from the target server-side intermediary device. The processor may calculate a second set of port addresses based on a second key and the target core identifier. The processor may identify a port address common to both the first set and second set of port addresses. The processor may replace the original source port address in the packet with the identified port address.
-
Citations
20 Claims
-
1. A method of routing network packets between multi-core intermediaries, comprising:
-
receiving, by a processor of a plurality of processors of a client-side intermediary device deployed between a client device and a plurality of server-side intermediary devices, a packet from the client device, each of the plurality of processors of the client-side intermediary device identified by a core identifier of a corresponding plurality of core identifiers, the packet including a first source port address corresponding to the client device; calculating, by the processor of the client-side intermediary device, a first set of source port addresses of the client-side intermediary device based on a hash function applied to inputs of a first key and the core identifier; identifying, by the processor of the client-side intermediary device, from the plurality of server-side intermediary devices, a server-side intermediary device based on data received with the packet from the client device or control information received from the target server-side intermediary device, the target server-side intermediary device comprising a plurality of processors; selecting, by the processor of the client-side intermediary device, a target core identifier corresponding to a target processor of the plurality of processors of the selected server-side intermediary device based on the data received with the packet from the client device or the control information received from the target server-side intermediary device; calculating, by the processor of the client-side intermediary device, a second set of source port addresses of the client-side intermediary device based on the hash function applied to inputs of a second key and the target core identifier; identifying, by the processor of the client-side intermediary device, a second source port address common to both the first set of source port addresses and the second set of source port addresses, the second source port address corresponding to the target processor of the plurality of processors of the target server-side intermediary device for routing the packet; and replacing, by the processor of the client-side intermediary device, the first source port address in the packet with the second source port address. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A system for routing network packets between multi-core intermediaries, comprising:
-
a processor of a plurality of processors of a client-side intermediary device deployed between a client device and a plurality of server-side intermediary devices, each of the plurality of processors of the client-side intermediary device comprising hardware coupled to memory and identified by a core identifier of a corresponding plurality of core identifiers, that receives a packet from the client device, the packet including a first source port address corresponding to the client device; a hash calculator of the processor that calculates a first set of source port addresses of the client-side intermediary device based on a hash function applied to inputs of a first key and the core identifier; a core selector of the processor that; identifies, from the plurality of server-side intermediary devices, a server-side intermediary device based on data received with the packet from the client device or control information received from the target server-side intermediary device, the target server-side intermediary device comprising a plurality of processors; and selects a target core identifier corresponding to a target processor of the plurality of processors of the selected server-side intermediary device based on the data received with the packet from the client device or the control information received from the target server-side intermediary device; wherein the hash calculator; calculates a second set of source port addresses of the client-side intermediary device based on the hash function applied to inputs of a second key and the target core identifier; and identifies a second source port address common to both the first set of source port addresses and the second set of source port addresses, the second source port address corresponding to the target processor of the plurality of processors of the target server-side intermediary device for routing the packet; and a packet modifier of the processor that replaces the first source port address in the packet with the second source port address. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
identifies a subset of the plurality of server-side intermediary devices in communication with the server, each of the subset of the plurality of server-side intermediary devices having a plurality of processors; and selects, from the subset of the plurality of server-side intermediary devices, the target server-side intermediary device based on the target server-side intermediary device identifier; and further comprising; a key retriever of the processor that; accesses a key database for a subset of keys corresponding to each of the subset of the plurality of server-side intermediary device; and selects the second key from the subset of keys based on the target core identifier.
-
-
15. The system of claim 11, wherein the packet is received by the client-side intermediary device via a first network;
- and
wherein core identifier identifies an Internet Protocol (IP) address of the client-side intermediary device and an IP address of the target server-side intermediary device on a second network connected to the client-side intermediary device and each of the target server-side intermediary devices; wherein the processor receives the packet including a source IP address of the client device and a destination IP address of the client-side intermediary device on the first network; and wherein the packet modifier replaces, in the packet, the source IP address of the client device with the IP address of the client-side intermediary device on the second network and the destination IP address of the client-side intermediary device on the first network with the IP address of the target server-side intermediary device on the second network.
- and
-
16. The system of claim 11, wherein the hash calculator:
-
changes the first set of source port addresses using a first indirection table, the first indirection table mapping a third source port address to a fourth source port address; and changes the second set of source port addresses using a second indirection table, the second indirection table different from the first indirection table, the second indirection table mapping a fifth source port address to a sixth source port address.
-
-
17. The system of claim 11, wherein the hash calculator:
-
identifies a plurality of source port addresses common to both the first set of port addresses and the second set of port addresses; and selects the second source port address from the identified plurality of source port addresses.
-
-
18. The system of claim 11, wherein the hash calculator:
-
calculates a first set of hash values based on the hash function applied to inputs of the first key, a source Internet Protocol (IP) address of the client-side intermediary device, a destination IP address of the target server-side intermediary device, a destination port address of the target server-side intermediary device, and the core identifier; and identifies the first set of source port addresses based on the first set of hash values.
-
-
19. The system of claim 11, wherein the hash calculator:
-
calculates a second set of hash values based on the hash function applied to inputs of the second key, the source IP address of the client-side intermediary device, the destination IP address of the target server-side intermediary device, the destination port address of the target server-side intermediary device, and the target core identifier; and identifies the second set of source port addresses based on the second set of hash values.
-
-
20. The system of claim 11, wherein the processor forwards the packet to the target server-side intermediary device.
Specification