SYSTEMS AND METHODS FOR TRANSPARENT LAYER 2 REDIRECTION TO ANY SERVICE
First Claim
1. A method of providing by an intermediary device access to a service deployed in parallel to the intermediary device, the method comprising:
- (a) receiving, by an intermediary device deployed between a plurality of clients and one or more servers, a request from a client to access a server via a first transport layer connection;
(b) determining, by the intermediary device responsive to a policy, that the request is to be processed by a service provided by a second device, the second device deployed in parallel to the intermediary device;
(c) forwarding, by the intermediary device, the request via a second transport layer connection to the second device for processing by the service, the request modified by the intermediary device to change a Media Access Control (MAC) address of a destination of the request to a MAC address of the second device;
(d) receiving, by the intermediary device, a response to processing the request from the service of the second device;
(e) identifying, by the intermediary device, that the response is from the second device via one or more properties of a transport layer connection carrying the response; and
(f) continue processing, by the intermediary device, the request responsive to receiving the response from the second device.
7 Assignments
0 Petitions
Accused Products
Abstract
The present solution is directed to providing, transparently and seamlessly to any client or server, layer 2 redirection of client requests to any services of a device deployed in parallel to an intermediary device An intermediary device deployed between the client and the server may intercept a client request and check if the request is to be processed by a service provided by one of the devices deployed in parallel with the intermediary device. The service may be any type and form of service or feature for processing, checking or modifying the request, including a firewall, a cache server, a encryption/decryption engine, a security device, an authentication device, an authorization device or any other type and form of service or device described herein. The intermediary device may select the machine to process the request and use layer 2 redirection to the machine. The intermediary device may change a Media Access Control (MAC) address of a destination of the request to a MAC address of the selected machine. Once the selected machine processes the request, the intermediary device may receive from this machine a response to processing the request. The intermediary device may then continue processing the request of the client responsive to the response from the machine or in response to identifying that the response to the request is from that particular selected machine. The forwarding to and processing by the parallel deployed machine may be performed seamlessly and transparently to the server and/or client.
125 Citations
21 Claims
-
1. A method of providing by an intermediary device access to a service deployed in parallel to the intermediary device, the method comprising:
-
(a) receiving, by an intermediary device deployed between a plurality of clients and one or more servers, a request from a client to access a server via a first transport layer connection; (b) determining, by the intermediary device responsive to a policy, that the request is to be processed by a service provided by a second device, the second device deployed in parallel to the intermediary device; (c) forwarding, by the intermediary device, the request via a second transport layer connection to the second device for processing by the service, the request modified by the intermediary device to change a Media Access Control (MAC) address of a destination of the request to a MAC address of the second device; (d) receiving, by the intermediary device, a response to processing the request from the service of the second device; (e) identifying, by the intermediary device, that the response is from the second device via one or more properties of a transport layer connection carrying the response; and (f) continue processing, by the intermediary device, the request responsive to receiving the response from the second device. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A system of providing by access to a service deployed in parallel to an intermediary device, the system comprising:
-
an intermediary device, deployed between a plurality of clients and one or more servers, receiving a request from a client to access a server via a first transport layer connection; a virtual server of the intermediary device determining, responsive to a policy, that the request is to be processed by a service provided by a second device, the second device deployed in parallel to the intermediary device; wherein the intermediary device; forwards the request via a second transport layer connection to the second device for processing by the service, the request modified by the intermediary device to change a Media Access Control (MAC) address of a destination of the request to a MAC address of the second device; receives a response to processing the request from the service of the second device; and identifies that the response is from the second device via one or more properties of a transport layer connection carrying the response; wherein the virtual server continues processing the request responsive to the intermediary device receiving the response from the second device. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20, 21)
-
Specification