ACCELERATING DATA COMMUNICATION USING TUNNELS

US 20110069715A1
Filed: 11/30/2010
Published: 03/24/2011
Est. Priority Date: 10/18/2008
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method comprising:

receiving, by a flow classification module executing on a first wide area network (WAN) acceleration device at an Internet Protocol (IP) layer of a protocol stack of the first WAN acceleration device, packets from a second WAN acceleration device via a shared connection-oriented tunnel established between the first WAN acceleration device and the second WAN acceleration device, the shared connection-oriented tunnel operable to convey application layer data for connection-oriented applications between the first WAN acceleration device and the second WAN acceleration device;

after classifying, by the flow classification module, the packets as being associated with an existing connection-oriented flow, passing the packets to a WAN socket executing on the first WAN acceleration device at a transport layer of the protocol stack;

based on an application protocol with which the packets are associated, passing, by the WAN socket, the packets to an application handler of a plurality of application handlers executing on the first WAN acceleration device at an application layer of the protocol stack, each of the plurality of application handlers implementing one or more application acceleration techniques for a particular poorly behaved WAN protocol; and

securely accelerating the existing connection-oriented flow, by the application handler, by performing the one or more application acceleration techniques and applying one or more security functions.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods and systems are provided for increasing application performance and accelerating data communications in a WAN environment. According to one embodiment, packets are received at a flow classification module operating at the Internet Protocol (IP) layer of a first wide area network (WAN) acceleration device via a shared connection-oriented tunnel, which is operable to convey application layer data for connection-oriented applications between WAN acceleration devices. Packets that are classified as being associated with an existing connection-oriented flow are passed to a WAN socket operating at the transport layer. Based on the application protocol, the packets are passed to an application handler of multiple application handlers operating at the application layer each of which implements one or more application acceleration techniques for a particular poorly behaved WAN protocol. The existing connection-oriented flow is securely accelerated by performing one or more application acceleration techniques and applying one or more security functions.

49 Citations

View as Search Results

13 Claims

1. A computer-implemented method comprising:
- receiving, by a flow classification module executing on a first wide area network (WAN) acceleration device at an Internet Protocol (IP) layer of a protocol stack of the first WAN acceleration device, packets from a second WAN acceleration device via a shared connection-oriented tunnel established between the first WAN acceleration device and the second WAN acceleration device, the shared connection-oriented tunnel operable to convey application layer data for connection-oriented applications between the first WAN acceleration device and the second WAN acceleration device;
  
  after classifying, by the flow classification module, the packets as being associated with an existing connection-oriented flow, passing the packets to a WAN socket executing on the first WAN acceleration device at a transport layer of the protocol stack;
  
  based on an application protocol with which the packets are associated, passing, by the WAN socket, the packets to an application handler of a plurality of application handlers executing on the first WAN acceleration device at an application layer of the protocol stack, each of the plurality of application handlers implementing one or more application acceleration techniques for a particular poorly behaved WAN protocol; and
  
  securely accelerating the existing connection-oriented flow, by the application handler, by performing the one or more application acceleration techniques and applying one or more security functions.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, wherein the one or more application acceleration techniques include one or more of (i) transaction prediction, (ii) pre-population and (iii) classification of data streams into different stages to facilitate one or more of data reduction, data compression and quality of service.
  - 3. The method of claim 2, wherein the classification of data streams into different stages includes the application handler classifying and tagging a data stream as being at a stage in which associated data is unlikely repeatable, repeatable but not stable or stable.
  - 4. The method of claim 3, further comprising applying a hierarchical data reference reduction algorithm and a variable length data reference reduction algorithm to data tagged as stable.
  - 5. The method of claim 3, further comprising applying a memory based data reference reduction algorithm to data tagged as repeatable but not stable.
  - 6. The method of claim 3, further comprising foregoing application of data reference reduction algorithms to data tagged as unlikely repeatable.
  - 7. The method of claim 1, further comprising performing transport acceleration techniques used to improve performance of Transport Control Protocol (TCP) across high latency or high loss links including one or more of TCP connection pooling, TCP window scaling, selective acknowledgement (SACK), round-trip measurement and HighSpeed TCP.

8. A program storage device readable by one or more processors of a network device, tangibly embodying a program of instructions executable by the one or more processors to perform method steps for securely accelerating wide area network (WAN) traffic, said method steps comprising:
- receiving, by a flow classification module of the network device operable at an Internet Protocol (IP) layer of a protocol stack of a the network device, packets from a peer WAN acceleration device via a shared connection-oriented tunnel established between the network device and the peer WAN acceleration device, the shared connection-oriented tunnel operable to convey application layer data for connection-oriented applications between the network device and the peer WAN acceleration device;
  
  after classifying, by the flow classification module, the packets as being associated with an existing connection-oriented flow, passing the packets to a WAN socket of the network device operable at a transport layer of the protocol stack;
  
  based on an application protocol with which the packets are associated, passing, by the WAN socket, the packets to an application handler of a plurality of application handlers operable at an application layer of the protocol stack, each of the plurality of application handlers implementing one or more application acceleration techniques for a particular poorly behaved WAN protocol; and
  
  accelerating the existing connection-oriented flow, by the application handler, by performing the one or more application acceleration techniques.
- View Dependent Claims (9, 10, 11, 12, 13)
- - 9. The program storage device of claim 8, wherein the one or more application acceleration techniques include one or more of (i) transaction prediction, (ii) pre-population and (iii) classification of data streams into different stages to facilitate one or more of data reduction, data compression and quality of service.
  - 10. The program storage device of claim 9, wherein the classification of data streams into different stages includes the application handler classifying and tagging a data stream as being at a stage in which associated data is unlikely repeatable, repeatable but not stable or stable.
  - 11. The program storage device of claim 10, further comprising applying a hierarchical data reference reduction algorithm and a variable length data reference reduction algorithm to data tagged as stable.
  - 12. The program storage device of claim 10, further comprising applying a memory based data reference reduction algorithm to data tagged as repeatable but not stable.
  - 13. The program storage device of claim 10, further comprising foregoing application of data reference reduction algorithms to data tagged as unlikely repeatable.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Fortinet Inc.
Original Assignee
Fortinet Inc.
Inventors
Luo, Wenping, Huang, Tao, Pan, Yixin, Li, Hongwei

Granted Patent

US 8,503,332 B2
Time in Patent Office

Days
Field of Search
US Class Current

370/401
CPC Class Codes

H04L 12/4633   Interconnection of networks...

H04L 41/00   Arrangements for maintenanc...

H04L 47/193   at the transport layer, e.g...

H04L 63/029   Firewall traversal, e.g. tu...

H04L 63/168   above the transport layer

ACCELERATING DATA COMMUNICATION USING TUNNELS

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

49 Citations

13 Claims

Specification

Solutions

Use Cases

Quick Links

ACCELERATING DATA COMMUNICATION USING TUNNELS

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

49 Citations

13 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links