ESTABLISHING A SPLIT-TERMINATED COMMUNICATION CONNECTION THROUGH A STATEFUL FIREWALL, WITH NETWORK TRANSPARENCY
First Claim
1. A method of establishing a network transparent communication connection between a client and a server through a stateful firewall and a pair of network intermediaries configured to optimize communications between the client and the server, the method comprising:
- receiving from the client a first request to initiate a connection with the server, wherein the first request comprises a source address and a first source port of the client;
storing the first request in a temporary storage device;
transmitting a probe toward the server, said probe comprising a second request to initiate a connection with the server; and
after receipt of a response to said probe, transmitting a third request to initiate a connection;
wherein the second request comprises;
the source address and a second source port different from the first source port; and
a first tag; and
wherein the third request comprises;
the source address and the first source port; and
a second tag different from the first tag.
21 Assignments
0 Petitions
Accused Products
Abstract
A method and apparatus are provided for establishing a split-terminated client-server communication connection through a stateful firewall, with network transparency. In an environment in which a pair of network intermediaries is employed to optimize client-server communications, a first intermediary intercepts a client request for a new connection. The first intermediary probes the network for a counterpart near the server, and opens an optimized communication session with a second intermediary that responds affirmatively. Some or all client-server communications that transit the intermediaries'"'"' session are accelerated or otherwise optimized. The first intermediary'"'"'s probe uses the client'"'"'s source address, but a different port number, while the optimized intermediary session is opened using the client'"'"'s source address and source port. Therefore, a network monitoring tool can monitor the end-to-end connection, and the stateful firewall will not reject the optimized session.
-
Citations
21 Claims
-
1. A method of establishing a network transparent communication connection between a client and a server through a stateful firewall and a pair of network intermediaries configured to optimize communications between the client and the server, the method comprising:
-
receiving from the client a first request to initiate a connection with the server, wherein the first request comprises a source address and a first source port of the client; storing the first request in a temporary storage device; transmitting a probe toward the server, said probe comprising a second request to initiate a connection with the server; and after receipt of a response to said probe, transmitting a third request to initiate a connection; wherein the second request comprises; the source address and a second source port different from the first source port; and a first tag; and wherein the third request comprises; the source address and the first source port; and a second tag different from the first tag. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A computer-readable medium storing instructions that, when executed by a computer, cause the computer to perform a method of establishing a network transparent communication connection between a client and a server through a stateful firewall and a pair of network intermediaries configured to optimize communications between the client and the server, the method comprising:
-
receiving from the client a first request to initiate a connection with the server, wherein the first request comprises a source address and a first source port of the client; storing the first request in a temporary storage device; transmitting a probe toward the server, said probe comprising a second request to initiate a connection with the server; and after receipt of a response to said probe, transmitting a third request to initiate a connection; wherein the second request comprises; the source address and a second source port different from the first source port; and a first tag; and wherein the third request comprises; the source address and the first source port; and a second tag different from the first tag.
-
-
11. In a network comprising:
-
a client; a server; a first network intermediary and a second network intermediary operating between the client and the server; and a firewall operating between the first network intermediary and the second network intermediary; a method of establishing a network-transparent connection between the client and the server, the method comprising; receiving from a client, at the first network intermediary, a first request for a communication connection with the server, wherein; a source address of the first request comprises a source address of the client; and a source port of the first request comprises a source port of the client; temporarily storing the first request; transmitting from the first network intermediary toward the server a test request for a communication connection to determine whether the second network intermediary is active, wherein; a source address of the test request comprises the source address of the client; and a source port of the test request comprises a source port different from the source port of the client; and if the second network intermediary is determined to be active, transmitting from the first network intermediary a request for an optimized connection, wherein; a source address of the request for an optimized connection comprises the source address of the client; and a source port of the request for an optimized connection comprises the source port of the client. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18)
-
-
19. A network intermediary apparatus for facilitating establishment of a network-transparent communication connection between a client and the server, through a stateful firewall, comprising:
-
a client communication apparatus adapted to receive from the client a request for the client-server connection; a connection management apparatus adapted to; determine whether another network intermediary apparatus exists in logical proximity to the server; and if the other network intermediary apparatus exists, establish an optimized communication session with the other network intermediary apparatus; and an optimization apparatus configured to optimize at least a portion of client-server communications that transit the optimized communication session. - View Dependent Claims (20, 21)
-
Specification