RESILIENT TCP SPLICING FOR PROXY SERVICES

US 20140359052A1
Filed: 05/28/2013
Published: 12/04/2014
Est. Priority Date: 05/28/2013
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

receiving, by an ingress of a transparent proxy device and from a first end device, a first request that includes a first initial sequence number and options, to establish a layer four connection with a second end device;

learning, by the ingress of the transparent proxy device, the first initial sequence number of the first request;

receiving, by an egress of the transparent proxy device and from the ingress, the first request;

learning, by the egress of the transparent proxy device, the first initial sequence number of the first request;

receiving, by the egress of the transparent proxy device and from the second end device, a first acknowledgement for the first request and options, wherein the first acknowledgement includes a second initial sequence number;

learning, by the egress of the transparent proxy device, the second initial sequence number;

transmitting, by the ingress to an application proxy of the transparent proxy device, a second request, which includes the first initial sequence number and options negotiated between the first end device and the second end device, to establish a layer four connection between the ingress and the application proxy;

establishing a layer four connection between the ingress and the first end device based on a second acknowledgement from the first end device;

establishing the layer four connection, between the ingress and the application proxy, in response to receiving the second acknowledgement;

establishing a layer four connection between the application proxy and the egress; and

establishing the layer four connection between the egress and the second end device based on the second acknowledgement.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A transparent proxy device includes an ingress, an egress, and an application proxy. The ingress and the egress operate up to a layer four communication layer. The transparent proxy device is configured to establish spliced connections in relation to end devices. The spliced connections include layer four connections between the ingress and the application proxy and the application proxy and the egress. The transparent proxy device is configured to maintain an end-to-end connection in relation to the end devices even when the application proxy fails.

102 Citations

View as Search Results

20 Claims

1. A method comprising:
- receiving, by an ingress of a transparent proxy device and from a first end device, a first request that includes a first initial sequence number and options, to establish a layer four connection with a second end device;
  
  learning, by the ingress of the transparent proxy device, the first initial sequence number of the first request;
  
  receiving, by an egress of the transparent proxy device and from the ingress, the first request;
  
  learning, by the egress of the transparent proxy device, the first initial sequence number of the first request;
  
  receiving, by the egress of the transparent proxy device and from the second end device, a first acknowledgement for the first request and options, wherein the first acknowledgement includes a second initial sequence number;
  
  learning, by the egress of the transparent proxy device, the second initial sequence number;
  
  transmitting, by the ingress to an application proxy of the transparent proxy device, a second request, which includes the first initial sequence number and options negotiated between the first end device and the second end device, to establish a layer four connection between the ingress and the application proxy;
  
  establishing a layer four connection between the ingress and the first end device based on a second acknowledgement from the first end device;
  
  establishing the layer four connection, between the ingress and the application proxy, in response to receiving the second acknowledgement;
  
  establishing a layer four connection between the application proxy and the egress; and
  
  establishing the layer four connection between the egress and the second end device based on the second acknowledgement.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, wherein the layer four connection between the ingress and the first end device is a Transport Control Protocol (TCP) connection, and wherein an end-to-end connection between the first end device and the second end device is a TCP spliced connection via the transparent proxy device.
  - 3. The method of claim 2, further comprising:
    - detecting that the application proxy is not available;
      
      receiving a packet, by the ingress; and
      
      transmitting the packet directly to the egress, without traversing the application proxy, in response to the detecting.
  - 4. The method of claim 3, further comprising:
    - storing, by each of the ingress and the egress, traffic flow information pertaining to one or more traffic flows between the first end device and the second end device via the transparent proxy device; and
      
      deleting, by each of the ingress and the egress, the traffic flow information in response to the detecting.
  - 5. The method of claim 1, further comprising:
    - receiving, by a first intermediary device situated between the first end device and the transparent proxy device, a packet from the first end device that is to be routed to the second end device;
      
      detecting that the transparent proxy device is not available;
      
      transmitting the packet, by the first intermediary device to a second intermediary device, wherein the second intermediary device is situated between the second end device and the transparent proxy device; and
      
      receiving the packet by the second end device.
  - 6. The method of claim 1, wherein an end-to-end connection between the first end device and the second end device is a Transport Control Protocol (TCP) spliced connection via the transparent proxy device, and the method further comprises at least one of:
    - transmitting, by the transparent proxy device, data packets received from the first end device, via the TCP spliced connection, to the second end device;
      
      ortransmitting, by the transparent proxy device, data packets received from the second end device, via the TCP spliced connection, to the first end device.
  - 7. The method of claim 1, wherein each of the layer four connections is established based on a three-way handshake exchange of messages.
  - 8. The method of claim 1, wherein the establishing the layer four connection between the application proxy and the egress is in response to establishing the layer four connection between the ingress and the application proxy, and wherein the layer four connection between the application proxy and the egress is initiated by the application proxy.

9. A proxy device comprising:
- an ingress including a first transmitter and a first receiver, wherein the ingress operates up to a layer four communication layer;
  
  an egress including a second transmitter and a second receiver, wherein the egress operates up to a layer four communication layer;
  
  an application proxy, wherein the application proxy operates at an application communication layer;
  
  a memory, wherein the memory stores instructions; and
  
  a processor, wherein the processor executes the instructions to;
  
  establish a first, layer four connection between a first end device and the ingress;
  
  establish a second, layer four connection between the ingress and the application proxy;
  
  establish a third, layer four connection between the application proxy and the egress; and
  
  establish a fourth, layer four connection between the egress and a second end device.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
- - 10. The proxy device of claim 9, wherein each of the layer four connections is established based on a three-way handshake exchange of messages according to a Transport Control Protocol (TCP), and wherein the proxy device is a transparent proxy device.
  - 11. The proxy device of claim 9, wherein the ingress is configured to:
    - transform sequence numbers of packets received from the first end device, via the first, layer four connection, to different sequence numbers; and
      
      transmit the packets having the different sequence numbers, via the second, layer four connection, to the application proxy.
  - 12. The proxy device of claim 9, wherein the egress is configured to:
    - transform sequence numbers of packets received from the second end device, via the fourth, layer four connection, to different sequence numbers; and
      
      transmit the packets having the different sequence numbers, via the third, layer four connection, to the application proxy.
  - 13. The proxy device of claim 9, wherein the ingress is configured to:
    - receive a first data packet, via the first, layer four connection, from the first end device;
      
      transmit the first data packet, via the second, layer four connection, to the application proxy;
      
      detect that the application proxy is not available;
      
      receive a second data packet; and
      
      transmit the second data packet directly to the egress, without traversing the application proxy, in response to a detection that the application proxy is not available.
  - 14. The proxy device of claim 9, wherein the egress is configured to:
    - receive a first data packet, via the fourth, layer four connection, from the second end device;
      
      transmit the first data packet, via the third, layer four connection, to the application proxy;
      
      detect that the application proxy is not available;
      
      receive a second data packet; and
      
      transmit the second data packet directly to the ingress, without traversing the application proxy, in response to a detection that the application proxy is not available.
  - 15. The proxy device of claim 14, wherein the egress is further configured to:
    - store traffic flow information pertaining to one or more traffic flows between the first end device and the second end device via the proxy device; and
      
      delete the traffic flow information in response to the detection, wherein the traffic flow information includes traffic flow information pertaining to the first data packet.
  - 16. The proxy device of claim 9, wherein an end-to-end connection between the first end device and the second end device is a Transport Control Protocol (TCP) spliced connection via the proxy device, and the proxy device is configured to:
    - transmit data packets, via the TCP spliced connection, from the first end device to the second end device and from the second end device to the first end device, wherein the TCP spliced connection includes the second, layer four connection and the third, layer four connection.

17. A method comprising:
- establishing, by an ingress of a transparent proxy device, a first, layer four connection between a first end device and the ingress;
  
  establishing, by the ingress, a second, layer four connection between the ingress and an application proxy of the transparent proxy device;
  
  establishing, by the application proxy, a third, layer four connection between the application proxy and an egress of the transparent proxy device;
  
  establishing, by the egress, a fourth, layer four connection between the egress and a second end device, wherein an end-to-end connection between the first end device and the second end device includes a spliced connection via the transparent proxy device, and wherein each of the layer four connections is established based on a three-way handshake exchange of messages.
- View Dependent Claims (18, 19, 20)
- - 18. The method of claim 17, further comprising:
    - detecting that the application proxy is not available;
      
      receiving a packet, by the ingress; and
      
      transmitting the packet directly to the egress, without traversing the application proxy, in response to the detecting.
  - 19. The method of claim 18, further comprising:
    - storing, by each of the ingress and the egress, traffic flow information pertaining to one or more traffic flows between the first end device and the second end device via the transparent proxy device; and
      
      deleting, by each of the ingress and the egress, the traffic flow information in response to the detecting.
  - 20. The method of claim 17, wherein the establishing the third, layer four connection between the application proxy and the egress is in response to establishing the second, layer four connection between the ingress and the application proxy, and wherein the third, layer four connection between the application proxy and the egress is initiated by the application proxy.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Verizon Patent and Licensing Incorporated (Verizon Communications Inc.)
Original Assignee
Verizon Patent and Licensing Incorporated (Verizon Communications Inc.)
Inventors
Joachimpillai, Damascene, Chung, Jae Won, Richardson, Mark

Granted Patent

US 9,319,476 B2
Time in Patent Office

Days
Field of Search
US Class Current

709/217
CPC Class Codes

H04L 41/0293   for accessing web services ...

H04L 67/56   Provisioning of proxy servi...

H04L 69/08   Protocols for interworking;...

H04L 69/16   Implementation or adaptatio...

RESILIENT TCP SPLICING FOR PROXY SERVICES

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

102 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

RESILIENT TCP SPLICING FOR PROXY SERVICES

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

102 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links