SYSTEMS AND METHODS FOR CLIENT IP ADDRESS INSERTION VIA TCP OPTIONS
First Claim
1. A method for maintaining identification of a client'"'"'s internet protocol (IP) address and overlay network data via an intermediary device between a plurality of clients and servers, the method comprising:
- (a) receiving, by an intermediary device between one or more clients and one or more servers, an acknowledgement packet to a request by a client to establish a transport layer connection with a server, the acknowledgement packet having a transport layer option field identified by an option number, the transport layer option field comprising overlay network data identifying IP addresses of hosts traversed between the client and the intermediary device;
(b) identifying, by the intermediary device, that an IP address of the client is to be inserted into network traffic forwarded to the server;
(c) obtaining, by the intermediary device, the overlay network data from the transport layer option field of the acknowledgement packet corresponding to the option number;
(d) inserting, by the intermediary device, IP addresses of the hosts from the overlay network data and the IP address of the client into an application layer protocol header of a second request of the client to access the server via the transport layer connection.
8 Assignments
0 Petitions
Accused Products
Abstract
The present disclosure presents systems and methods for maintaining identification of network devices sending or traversing a network packet en route to an intermediary device deployed between a source and a destination network device. An intermediary may receive an acknowledgement packet comprising an option field identified by an option number for a transport layer connection established via intermediary. The acknowledgement packet may comprise overlay network data that identifies IP addresses of the originating network device and host network devices intercepting and forwarding the network packet to the intermediary. The intermediary device may determine the option number for the option field from which to obtain the overlay network data identifying IP addresses. The intermediary device may receive a second request of the client to access the server via the transport layer connection and insert IP addresses from the overlay network data into an application layer protocol header of the second request forwarded to the server.
-
Citations
20 Claims
-
1. A method for maintaining identification of a client'"'"'s internet protocol (IP) address and overlay network data via an intermediary device between a plurality of clients and servers, the method comprising:
-
(a) receiving, by an intermediary device between one or more clients and one or more servers, an acknowledgement packet to a request by a client to establish a transport layer connection with a server, the acknowledgement packet having a transport layer option field identified by an option number, the transport layer option field comprising overlay network data identifying IP addresses of hosts traversed between the client and the intermediary device; (b) identifying, by the intermediary device, that an IP address of the client is to be inserted into network traffic forwarded to the server; (c) obtaining, by the intermediary device, the overlay network data from the transport layer option field of the acknowledgement packet corresponding to the option number; (d) inserting, by the intermediary device, IP addresses of the hosts from the overlay network data and the IP address of the client into an application layer protocol header of a second request of the client to access the server via the transport layer connection. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A system for maintaining identification of a client'"'"'s internet protocol (IP) address and overlay network data via an intermediary device between a client and a server, the system comprising:
-
an intermediary device between one or more clients and one or more servers receiving an acknowledgement packet to a request by a client to establish a transport layer connection with a server, the acknowledgement packet having a transport layer option field identified by an option number, the transport layer option field comprising overlay network data identifying IP addresses of hosts traversed between the client and the intermediary device. a packet engine of the intermediary device identifying that an IP address of the client is to be inserted into network traffic forwarded to the server and obtaining the overlay network data from the transport layer option field of the acknowledgement packet corresponding to the option number; wherein the packet engine inserts IP addresses of the hosts from the overlay network data and the IP address of the client into an application layer protocol header of a second request of the client to access the server via the transport layer connection. - View Dependent Claims (12, 13, 14, 15, 16, 18, 19)
-
-
17. The system of claim 17, wherein the packet engine inserts the client'"'"'s source IP address after the comma separated list of IP addresses.
-
20. A method for maintaining identification of a client'"'"'s internet protocol (IP) address and overlay network data via an intermediary device between a plurality of clients and servers, the method comprising:
-
(a) receiving, by an intermediary device between one or more clients and one or more servers, an acknowledgement packet to a request by a client to establish a transport layer connection with a server, the acknowledgement packet having a transport layer option field identified by an option number, the transport layer option field comprising overlay network data identifying IP addresses of hosts traversed between the client and the intermediary device; (b) identifying, by the intermediary device, that an IP address of the client is to be inserted into network traffic forwarded to the server; (c) determining, by the intermediary device via a configuration setting, the option number for the transport layer option field from which to obtain overlay network data; (d) obtaining, by the intermediary device, the overlay network data from the transport layer option field of the acknowledgement packet as identified by the configuration setting; (e) storing, by the intermediary device, the overlay network data in association with the transport layer connection of the client to the server; (f) receiving, by the intermediary device, a second request of the client to access the server via the transport layer connection; and (g) inserting, by the intermediary device, IP addresses of the hosts from the stored overlay network data and the IP address of the client into an application layer protocol header of the second request to be forwarded to the server.
-
Specification