Transmission Control of Protocol State Exchange for Dynamic Stateful Service Insertion

US 20170048356A1
Filed: 08/12/2015
Published: 02/16/2017
Est. Priority Date: 08/12/2015
Status: Active Grant

First Claim

Patent Images

1. A system for a Transmission Control Protocol (TCP) state handoff of a data traffic flow, the system comprising:

a state machine unit operable to;

determine a TCP state at predetermined times, wherein the TCP state includes data concerning a session between a client and a server;

a transaction processing unit operable to;

store the TCP state for the predetermined times to a database;

receive a request to apply a predetermined policy to the session;

based on the request, send a session request associated with the session between the client and the server to an access control unit; and

the access control unit operable to;

process the session request based on the TCP state and according to the predetermined policy.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Provided are methods and systems for a Transmission Control Protocol (TCP) state handoff of a data traffic flow. A method for a TCP state handoff of a data traffic flow comprises determining a TCP state at predetermined times by a state machine unit. The TCP state includes data concerning a session between a client and a server. The TCP state for the predetermined times is stored to a database. A request to apply a predetermined policy to the session is received by a transaction processing unit and, based on the request, a session request associated with the session between the client and the server is sent to an access control unit. The session request is processed by the access control unit based on the TCP state and according to the predetermined policy.

32 Citations

View as Search Results

20 Claims

1. A system for a Transmission Control Protocol (TCP) state handoff of a data traffic flow, the system comprising:
- a state machine unit operable to;
  
  determine a TCP state at predetermined times, wherein the TCP state includes data concerning a session between a client and a server;
  
  a transaction processing unit operable to;
  
  store the TCP state for the predetermined times to a database;
  
  receive a request to apply a predetermined policy to the session;
  
  based on the request, send a session request associated with the session between the client and the server to an access control unit; and
  
  the access control unit operable to;
  
  process the session request based on the TCP state and according to the predetermined policy.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The system of claim 1, wherein the processing of the session request includes establishing a further session between the client and the server, the further session being established based on the TCP state retrieved by the access control unit.
  - 3. The system of claim 1, wherein the storing of the TCP state includes storing the TCP state to the state machine unit.
  - 4. The system of claim 1, wherein the processing includes sending a reset request to the client, the reset request prompting the client to resend the session request.
  - 5. The system of claim 1, wherein the storing of the TCP state includes:
    - initializing a further state machine unit; and
      
      storing the TCP state to the further state machine unit.
  - 6. The system of claim 1, wherein the storing of the TCP state includes:
    - encoding the TCP state into a signal; and
      
      sending the signal to the access control unit.
  - 7. The system of claim 1, wherein the session request is sent to the access control unit using a magic packet, the magic packet including the TCP state and an instruction to process the session according to the predetermined policy.
  - 8. The system of claim 1, wherein the data concerning the session include at least one or more of the following:
    - a source port destination, a current sequence number, a window, a timestamp, and a timer.
  - 9. The system of claim 1, wherein the transaction processing unit is further operable to delay the sending of the session request until the state machine unit determines the TCP state.

10. A method for a TCP state handoff of a data traffic flow, the method comprising:
- determining, by a state machine unit, a TCP state at predetermined times, wherein the TCP state includes data concerning a session between a client and a server;
  
  storing, to a database, the TCP state for the predetermined times;
  
  receiving, by a transaction processing unit, a request to apply a predetermined policy to the session;
  
  based on the request, sending, by the transaction processing unit, a session request associated with the session between the client and the server to an access control unit; and
  
  processing, by the access control unit, the session request based on the TCP state and according to the predetermined policy.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18, 19)
- - 11. The method of claim 10, wherein the processing of the session request includes establishing a further session between the client and the server, the further session being established based on the TCP state retrieved by the access control unit.
  - 12. The method of claim 10, wherein the storing of the TCP state includes storing the TCP state to the state machine unit.
  - 13. The method of claim 10, wherein the processing includes sending a reset request to the client, the reset request prompting the client to resend the session request.
  - 14. The method of claim 10, wherein the storing of the TCP state further includes:
    - initializing a further state machine unit; and
      
      storing the TCP state to the further state machine unit.
  - 15. The method of claim 10, wherein the storing of the TCP state includes:
    - encoding the TCP state into a signal; and
      
      sending the signal to the access control unit.
  - 16. The method of claim 10, wherein the session request is sent to the access control unit using a magic packet, the magic packet including the TCP state and an instruction to process the session according to the predetermined policy.
  - 17. The method of claim 10, wherein the data concerning the session include at least one or more of the following:
    - a source port destination, a current sequence number, a window, a timestamp, and a timer.
  - 18. The method of claim 10, wherein the predetermined policy includes one or more of the following:
    - a security policy and a forwarding policy.
  - 19. The method of claim 10, further comprising delaying, by the transaction processing unit, sending the session request until the state machine unit determines the TCP state.

20. A system for a TCP state handoff of a data traffic flow, the system comprising:
- a state machine unit operable to;
  
  determine a TCP state at predetermined times, wherein the TCP state includes data concerning a session between a client and a server;
  
  a transaction processing unit operable to;
  
  store the TCP state for the predetermined times to a database;
  
  receive a request to apply a predetermined policy to the session;
  
  based on the request, send a session request associated with the session between the client and the server to an access control unit, wherein the session request is sent to the access control unit using a magic packet, the magic packet including the TCP state and an instruction to process the session according to the predetermined policy; and
  
  the access control unit operable to;
  
  process the session request based on the TCP state and according to the predetermined policy, wherein the processing of the session request includes establishing a further session between the client and the server, the further session being established based on the TCP state retrieved by the access control unit.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
A10 Networks Incorporated
Original Assignee
A10 Networks Incorporated
Inventors
Thompson, Micheal, Grimm, Martin, Groves, Vernon Richard, Jalan, Rajkumar

Granted Patent

US 10,581,976 B2
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

H04L 63/10   for controlling access to d...

H04L 67/141   Setup of application sessio...

H04L 69/163   In-band adaptation of TCP d...

Transmission Control of Protocol State Exchange for Dynamic Stateful Service Insertion

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

32 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Transmission Control of Protocol State Exchange for Dynamic Stateful Service Insertion

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

32 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links