TRANSPARENT MIDDLEBOX WITH GRACEFUL CONNECTION ENTRY AND EXIT

US 20140040457A1
Filed: 08/07/2012
Published: 02/06/2014
Est. Priority Date: 07/31/2012
Status: Active Grant

First Claim

Patent Images

1. A middlebox, comprising:

a network monitoring module configured to monitor network state information in a network connection between a client device and a server device;

a processor configured to determine that the connection between the client device and the server device is idle;

a connection table configured to create a first connection entry at the middlebox for the client device and a second connection entry at the middlebox for the server device, where the first and second connection entries are initialized using state information gathered by the network monitoring module; and

a network control module configured to activate redirection of the network connection between the client device and the server device to the middlebox, such that the middlebox mediates the connection between the client device and the server device.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Middlebox systems that can enter a connection include a monitoring module to monitor information in a connection between a client and a server, a processor to determine that the connection is idle, a table configured to create a first entry for the client and a second entry for the server, where the entries are initialized using information gathered by the monitoring module, and a control module to redirect the connection between the client and server to the middlebox. Middlebox systems that can exit a connection include a processor to determine a mismatch between sequence numbers in a first connection to a client device and in a second connection to a server device. A network control module delays acknowledgment signals from the middlebox on a connection to decrease the degree of mismatch and establishes a direct connection between the client device and the server device when mismatch is zero.

Citations

21 Claims

1. A middlebox, comprising:
- a network monitoring module configured to monitor network state information in a network connection between a client device and a server device;
  
  a processor configured to determine that the connection between the client device and the server device is idle;
  
  a connection table configured to create a first connection entry at the middlebox for the client device and a second connection entry at the middlebox for the server device, where the first and second connection entries are initialized using state information gathered by the network monitoring module; and
  
  a network control module configured to activate redirection of the network connection between the client device and the server device to the middlebox, such that the middlebox mediates the connection between the client device and the server device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The middlebox of claim 1, wherein the network monitoring module is further configured to receive network information at the middlebox from a hardware tap to monitor network state information.
  - 3. The middlebox of claim 1, wherein the network monitoring module is configured to receive network information at the middlebox from a separate network monitoring device to monitor network state information.
  - 4. The middlebox of claim 1, wherein the middlebox is in-band with the network connection between the client device and the server device.
  - 5. The middlebox of claim 4, wherein the network control module is further configured to change rules at the middlebox from routing to redirection to activate redirection.
  - 6. The middlebox of claim 1, wherein the middlebox is out-of-band with the network connection between the client device and the server device.
  - 7. The middlebox of claim 6, wherein the network control module is further configured to direct a router device to redirect the network connection between the client device and the server device through the middlebox to activate redirection.
  - 8. The middlebox of claim 1, wherein the processor is further configured to determine that no information has been sent between the client device and the server device for at least a predetermined period of time to determining that the connection is idle.
  - 9. The middlebox of claim 1, wherein the processor is further configured to determine whether the network connection between the client device and the server device would benefit from the middlebox'"'"'s intercession based on monitored packet loss and round-trip times and to trigger the idle determination, the connection entry creation, and the redirection activation based on said determination.
  - 10. The middlebox of claim 1, wherein the state information includes one or more of an IP address, port numbers, transport control protocol (TCP) sequence numbers, TCP options, and a congestion window.

11. A middlebox, comprising:
- a processor configured to determine a degree of mismatch between a sequence number in a first connection between the middlebox and a client device and a sequence number in a second connection between the middlebox and a server device; and
  
  a network control module configured to delay acknowledgment signals from the middlebox on a connection to decrease the degree of mismatch between sequence numbers and to establish a direct connection between the client device and the server device without mediation by the middlebox upon a determination that the degree of mismatch between sequence numbers is zero.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19)
- - 12. The middlebox of claim 11, wherein the respective sequence numbers for the connection between the middlebox and the client device and for the connection between the middlebox and the server device are initialized to a same initial sequence number.
  - 13. The middlebox of claim 11, wherein the network control module is configured to delay acknowledgment signals in the first connection between the middlebox and the client device.
  - 14. The middlebox of claim 11, wherein the network control module is configured to delaying acknowledgment signals in the second connection between the middlebox and the server device.
  - 15. The middlebox of claim 11, wherein the middlebox is in-band with the network connection between the client device and the server device.
  - 16. The middlebox of claim 15, wherein the network control module is configured to switch rules at the middlebox from redirection to routing to establish a direct connection between the client device and the server device.
  - 17. The middlebox of claim 11, wherein the middlebox is out-of-band with the network connection between the client device and the server device.
  - 18. The middlebox of claim 17, wherein the network control module is configured to direct an external router to redirect the network connections between the client device and the middlebox and between the server device and the middlebox to exclude the middlebox to establish a direct connection between the client device and the server device.
  - 19. The middlebox of claim 11, wherein the processor is further configured to determine whether the network connection between the client device and the server device does not benefit from the middlebox'"'"'s intercession based on monitored packet loss and round-trip times and to trigger the determination of a degree of mismatch, the delay of signals, and the establishment of a connection based on said determination.

20. A computer readable storage medium comprising a computer readable program for removing a middlebox from an existing network connection, wherein the computer readable program when executed on a computer causes the computer to perform the steps of:
- monitoring network state information in a network connection between a client device and a server device;
  
  determining that the connection between the client device and the server device is idle;
  
  creating a first connection entry at the middlebox for the client device and a second connection entry at the middlebox for the server device, where the first and second connection entries are initialized using state information gathered by said monitoring; and
  
  activating redirection of the network connection between the client device and the server device such that the middlebox mediates the connection between the client device and the server device.

21. A computer readable storage medium comprising a computer readable program for removing a middlebox from an existing network connection, wherein the computer readable program when executed on a computer causes the computer to perform the steps of:
- determining a degree of mismatch between a sequence number in a first connection between the middlebox and a client device and a sequence number in a second connection between the middlebox and a server device;
  
  delaying acknowledgment signals from the middlebox on a connection to decrease the degree of mismatch between sequence numbers;
  
  determining that the degree of mismatch between sequence numbers is zero; and
  
  establishing a direct connection between the client device and the server device without mediation by the middlebox.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
AGRAWAL, DAKSHI, NAHUM, ERICH M., LE, THAI V., PAPPAS, VASILEIOS

Granted Patent

US 9,231,881 B2
Time in Patent Office

Days
Field of Search
US Class Current

709/224
CPC Class Codes

H04L 41/12   Discovery or management of ...

H04L 41/34   Signalling channels for net...

H04L 41/344   Out-of-band transfers

H04L 43/0841   Round trip packet loss

H04L 47/193   at the transport layer, e.g...

H04L 47/32   by discarding or delaying d...

H04L 47/40   using split connections

H04L 67/56   Provisioning of proxy servi...

H04L 67/562   Brokering proxy services

H04L 67/563   Data redirection of data ne...

H04L 69/16   Implementation or adaptatio...

TRANSPARENT MIDDLEBOX WITH GRACEFUL CONNECTION ENTRY AND EXIT

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

TRANSPARENT MIDDLEBOX WITH GRACEFUL CONNECTION ENTRY AND EXIT

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links