SYSTEMS AND METHODS FOR CLIENT IP ADDRESS INSERTION VIA TCP OPTIONS

US 20110185073A1
Filed: 11/24/2010
Published: 07/28/2011
Est. Priority Date: 11/25/2009
Status: Active Grant

First Claim

Patent Images

1. A method for maintaining identification of a client'"'"'s internet protocol (IP) address and overlay network data via an intermediary device between a plurality of clients and servers, the method comprising:

(a) receiving, by an intermediary device between one or more clients and one or more servers, an acknowledgement packet to a request by a client to establish a transport layer connection with a server, the acknowledgement packet having a transport layer option field identified by an option number, the transport layer option field comprising overlay network data identifying IP addresses of hosts traversed between the client and the intermediary device;

(b) identifying, by the intermediary device, that an IP address of the client is to be inserted into network traffic forwarded to the server;

(c) obtaining, by the intermediary device, the overlay network data from the transport layer option field of the acknowledgement packet corresponding to the option number;

(d) inserting, by the intermediary device, IP addresses of the hosts from the overlay network data and the IP address of the client into an application layer protocol header of a second request of the client to access the server via the transport layer connection.

View all claims

8 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present disclosure presents systems and methods for maintaining identification of network devices sending or traversing a network packet en route to an intermediary device deployed between a source and a destination network device. An intermediary may receive an acknowledgement packet comprising an option field identified by an option number for a transport layer connection established via intermediary. The acknowledgement packet may comprise overlay network data that identifies IP addresses of the originating network device and host network devices intercepting and forwarding the network packet to the intermediary. The intermediary device may determine the option number for the option field from which to obtain the overlay network data identifying IP addresses. The intermediary device may receive a second request of the client to access the server via the transport layer connection and insert IP addresses from the overlay network data into an application layer protocol header of the second request forwarded to the server.

Citations

20 Claims

1. A method for maintaining identification of a client'"'"'s internet protocol (IP) address and overlay network data via an intermediary device between a plurality of clients and servers, the method comprising:
- (a) receiving, by an intermediary device between one or more clients and one or more servers, an acknowledgement packet to a request by a client to establish a transport layer connection with a server, the acknowledgement packet having a transport layer option field identified by an option number, the transport layer option field comprising overlay network data identifying IP addresses of hosts traversed between the client and the intermediary device;
  
  (b) identifying, by the intermediary device, that an IP address of the client is to be inserted into network traffic forwarded to the server;
  
  (c) obtaining, by the intermediary device, the overlay network data from the transport layer option field of the acknowledgement packet corresponding to the option number;
  
  (d) inserting, by the intermediary device, IP addresses of the hosts from the overlay network data and the IP address of the client into an application layer protocol header of a second request of the client to access the server via the transport layer connection.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, wherein step (a) further comprises receiving the acknowledgement packet with the transport layer option field on a final acknowledgement of a three-way Transport Control Protocol (TCP) handshake.
  - 3. The method of claim 1, wherein step (a) further comprises receiving the acknowledgement packet having the transport layer option field comprising the overlay network data identifying IP addresses of hosts traversed between the client and the intermediary device that may have modified an original source IP address or destination IP address of the request from the client.
  - 4. The method of claim 1, wherein step (a) further receiving, by the intermediary device, packets with the transport layer option field until at least one byte of data has been acknowledged.
  - 5. The method of claim 1, wherein step (c) further comprises determining, by the intermediary device, the option number from which to obtain the overlay network data based on a configuration setting of the intermediary device.
  - 6. The method of claim 1, wherein step (d) further comprises setting the transport layer option field to a no operation value and forwarding the request comprising the set transport layer option field to the server.
  - 7. The method of claim 1, wherein step (d) further comprises inserting a comma separated list of IP addresses from the overlay network layer data into the application protocol layer header of the second request.
  - 8. The method of claim 7, further comprising inserting the client'"'"'s source IP address after the comma separated list of IP addresses into a header of the second request.
  - 9. The method of claim 1, wherein step (d) further comprises inserting IP addresses of hosts from the overlay network layer data into an X-Forwarded-For HypterText transfer protocol header of the second request.
  - 10. The method of claim 1, further comprising maintaining by the intermediary device the overlay network data to use in insertion of requests during a lifetime of the transport layer connection.

11. A system for maintaining identification of a client'"'"'s internet protocol (IP) address and overlay network data via an intermediary device between a client and a server, the system comprising:
- an intermediary device between one or more clients and one or more servers receiving an acknowledgement packet to a request by a client to establish a transport layer connection with a server, the acknowledgement packet having a transport layer option field identified by an option number, the transport layer option field comprising overlay network data identifying IP addresses of hosts traversed between the client and the intermediary device.a packet engine of the intermediary device identifying that an IP address of the client is to be inserted into network traffic forwarded to the server and obtaining the overlay network data from the transport layer option field of the acknowledgement packet corresponding to the option number;
  
  wherein the packet engine inserts IP addresses of the hosts from the overlay network data and the IP address of the client into an application layer protocol header of a second request of the client to access the server via the transport layer connection.
- View Dependent Claims (12, 13, 14, 15, 16, 18, 19)
- - 12. The system of claim 11, wherein the intermediary device receives the acknowledgement packet with the transport layer option field on a final acknowledgement of a three-way Transport Control Protocol (TCP) handshake.
  - 13. The system of claim 11, wherein the intermediary device receives the acknowledgement packet having the transport layer option field comprising the overlay network data identifying IP addresses of hosts traversed between the client and the intermediary device that may have modified an original source IP address or destination IP address of the request from the client.
  - 14. The system of claim 11, wherein the packet engine comprises a configuration setting for the option number of the transport layer option field for obtaining the first overlay network data.
  - 15. The system of claim 11, wherein the packet engine sets the transport layer option field to a no operation value and forwarding the request comprising the set transport layer option field to the server.
  - 16. The system of claim 11, wherein the packet engine inserts a comma separated list of IP addresses from the overlay network layer data into the application protocol layer header of the second request.
  - 18. The system of claim 11, wherein the packet engine inserts IP addresses of hosts from the overlay network layer data into an X-Forwarded-For HypterText transfer protocol header of the second request.
  - 19. The system of claim 11, wherein the intermediary device maintains the overlay network data to use in insertion of requests during a lifetime of the transport layer connection.

17. The system of claim 17, wherein the packet engine inserts the client'"'"'s source IP address after the comma separated list of IP addresses.

20. A method for maintaining identification of a client'"'"'s internet protocol (IP) address and overlay network data via an intermediary device between a plurality of clients and servers, the method comprising:
- (a) receiving, by an intermediary device between one or more clients and one or more servers, an acknowledgement packet to a request by a client to establish a transport layer connection with a server, the acknowledgement packet having a transport layer option field identified by an option number, the transport layer option field comprising overlay network data identifying IP addresses of hosts traversed between the client and the intermediary device;
  
  (b) identifying, by the intermediary device, that an IP address of the client is to be inserted into network traffic forwarded to the server;
  
  (c) determining, by the intermediary device via a configuration setting, the option number for the transport layer option field from which to obtain overlay network data;
  
  (d) obtaining, by the intermediary device, the overlay network data from the transport layer option field of the acknowledgement packet as identified by the configuration setting;
  
  (e) storing, by the intermediary device, the overlay network data in association with the transport layer connection of the client to the server;
  
  (f) receiving, by the intermediary device, a second request of the client to access the server via the transport layer connection; and
  
  (g) inserting, by the intermediary device, IP addresses of the hosts from the stored overlay network data and the IP address of the client into an application layer protocol header of the second request to be forwarded to the server.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Citrix Systems, Inc. (Cloud Software Group)
Original Assignee
Citrix Systems, Inc. (Cloud Software Group)
Inventors
Jagadeeswaran, Ashok Kumar, Annamalaisami, Saravanakumar

Granted Patent

US 9,088,611 B2
Time in Patent Office

Days
Field of Search
US Class Current

709/228
CPC Class Codes

G06F 15/16   Combinations of two or more...

H04L 47/10   Flow control; Congestion co...

H04L 61/4511   using domain name system [DNS]

H04L 67/561   Adding application-function...

H04L 69/08   Protocols for interworking;...

H04L 69/16   Implementation or adaptatio...

H04L 69/161   Implementation details of T...

H04L 69/163   In-band adaptation of TCP d...

SYSTEMS AND METHODS FOR CLIENT IP ADDRESS INSERTION VIA TCP OPTIONS

First Claim

8 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

SYSTEMS AND METHODS FOR CLIENT IP ADDRESS INSERTION VIA TCP OPTIONS

First Claim

8 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links