COOPERATIVE PROXY AUTO-DISCOVERY AND CONNECTION INTERCEPTION
First Claim
1. A connection deflector for use a network supporting transactions, a transaction being one or more messages wherein the transaction is initiated by a client and a transaction response is provided by a server, and the network further supporting proxies that are interposable in a network path between at least one client and at least one server, the connection deflector comprising:
- a network address translation table; and
an intercept module that monitors packets at least for a connection setup packet from a client to a server and, when a connection setup packet is encountered, adds entries to the network address translation table to cause client-server flow to be directed towards a proxy.
3 Assignments
0 Petitions
Accused Products
Abstract
In a network supporting transactions between clients and servers and proxies that are interposable in a network path between at least one client and at least one server, wherein a pair of proxies can modify a packet stream between a client and a server such that packet data from the client to the server is transformed at a client-side proxy of the proxy pair and untransformed at a server-side proxy of proxy pair and such that packet data from the server to the client is transformed at the server-side proxy and untransformed at the client-side proxy, a method and apparatus for a discovering proxy to transparently discover its position in a proxy pair by using proxy signals to indicate to other proxies that could pair with the discovering proxy. A discovering proxy might determine that it is a client-side proxy by receipt of a packet from client without a proxy signal. A discovering proxy might determine that it is a server-side proxy by receipt of a packet from server without a return proxy signal. Once a proxy pair is discovered, that proxy pair might transform traffic from the server to the client or vice versa, transforming the traffic at one proxy of the proxy pair and untransforming the traffic at the other proxy of the pair.
118 Citations
6 Claims
-
1. A connection deflector for use a network supporting transactions, a transaction being one or more messages wherein the transaction is initiated by a client and a transaction response is provided by a server, and the network further supporting proxies that are interposable in a network path between at least one client and at least one server, the connection deflector comprising:
-
a network address translation table; and an intercept module that monitors packets at least for a connection setup packet from a client to a server and, when a connection setup packet is encountered, adds entries to the network address translation table to cause client-server flow to be directed towards a proxy. - View Dependent Claims (2)
-
-
3. A proxy pair comprising a client-side proxy and a server-side proxy, for use a network supporting transactions, a transaction being one or more messages wherein the transaction is initiated by a client and a transaction response is provided by a server, and the network further supporting proxies that are interposable in a network path between at least one client and at least one server, the proxy pair comprising:
-
a transparent client-side proxy including logic to modify packet source addresses such that packets received from the server and transformed at the transparent client-side proxy are transmitted to the client with source addresses indicating the server as the source instead of the transparent client-side proxy; and a transparent server-side proxy including logic to modify packet source addresses such that packets received from the client and transformed at the transparent server-side proxy are transmitted to the server with source addresses indicating the client as the source instead of the transparent server-side proxy.
-
-
4. In a network supporting transport connections between clients and servers, wherein a client initiates a transport connection to a server and whereby a connection is comprised of network packets between the client and server traversing a network path of one or more hops, a method of probing for proxies on a network path comprising:
-
5 receiving, at a first proxy device, a transport connection setup packet from a client directed at a server; modifying the connection setup packet to signal the presence of the first proxy device in the network path, thus forming a modified first packet; forwarding the modified first packet toward the server; detecting, at the first proxy device, a packet acknowledging the connection setup packet apparently from the server to determine whether said packet contains a return signal, wherein a return signal is a signal from a second proxy device that detects the signal in the modified connection setup packet and indicates that the second proxy device detected the signal as being a proxy probing signal; and storing an association between a server and the second proxy device in a proxy mapping table for determining whether subsequent connections to the server should be intercepted and proxied at the first proxy device.
-
-
5. In a network supporting transport connections between clients and servers, wherein a client initiates a transport connection to a server and whereby a connection is comprised of network packets between the client and server traversing a network path of one or more hops, a method of probing for proxies on a network path comprising:
-
receiving, at a first proxy device, a transport connection setup packet corresponding to a first transport connection from a client directed at a server; inspecting a proxy mapping table to determine whether a second proxy device has been previously discovered as interposed in the network path between the first proxy device and the server; if said second proxy device exists, establishing a second transport connection between the first proxy and the second proxy device; transmitting connection setup information corresponding to the first transport connection comprising the server address, server port, client address, and client port from the first proxy device to the second proxy device as data sent over the second transport connection; using said connection setup information to establish a third transport connection between the second proxy device and the server; upon successful establishment of the third transport connection, transmitting an indication to the first proxy device that the third connection is established; upon receipt of said indication, transmitting an acknowledgement to the connection setup packet from the first network device to the client.
-
-
6. In a network supporting transport connections between clients and servers, wherein a client initiates a transport connection to a server and whereby a connection is comprised of network packets between the client and server traversing a network path of one or more hops, a method of probing for proxies on a network path comprising:
-
receiving, at a first network device with an embedded proxy, a transport connection setup packet corresponding to a first transport connection from a client directed at a server; inspecting a proxy mapping table to determine whether a second device with an embedded proxy has been previously discovered as interposed in the network path between the first network device and the server; and
,if said second network device exists, intercepting the packets comprising the transport connection at the first network device by redirecting said packets to a the embedded proxy in the first network device such that the transport connection is transparently terminated at said proxy.
-
Specification