System for sharing network state to enhance network throughput
First Claim
Patent Images
1. A method for enhancing network throughput between an internal network and an external network to which a server is connected, comprising the steps of:
- connecting two or more firewalls to the internal network;
determining whether a common TCP control block exists for a TCP connection between one of said firewalls and the server, and creating one if one does not exist;
sending a TCP connection request to the server from one of said firewalls; and
updating said common TCP control block based on the response from the server to said TCP connection request;
wherein said steps further comprise establishing a connection between said firewall and said server, and updating said common TCP control block with connection state data during said connection;
wherein said steps further comprise shutting down said connection, and updating said common TCP control block based on the type of shutdown performed;
wherein said common TCP control block is shared with one or more of said other firewalls.
3 Assignments
0 Petitions
Accused Products
Abstract
Two or more computers acting as firewalls share network state data to enhance throughput performance. A firewall creates a separate common TCP control block (CCB) for each group of TCP connections through the firewall having common endpoints. The CCB is a shared data structure comprising a single microstate shared across the group of TCP connections. Each such individual TCP connection has a TCP control block, which instead of a microstate, contains a pointer to the appropriate CCB. Preferably, each firewall receives CCBs from its peers and stores them. Each firewall preferably adjusts data traffic passing through it based on the CCBs stored within it. By adjusting traffic to reduce or eliminate congestion, throughput is enhanced.
133 Citations
12 Claims
-
1. A method for enhancing network throughput between an internal network and an external network to which a server is connected, comprising the steps of:
-
connecting two or more firewalls to the internal network; determining whether a common TCP control block exists for a TCP connection between one of said firewalls and the server, and creating one if one does not exist; sending a TCP connection request to the server from one of said firewalls; and updating said common TCP control block based on the response from the server to said TCP connection request; wherein said steps further comprise establishing a connection between said firewall and said server, and updating said common TCP control block with connection state data during said connection; wherein said steps further comprise shutting down said connection, and updating said common TCP control block based on the type of shutdown performed; wherein said common TCP control block is shared with one or more of said other firewalls. - View Dependent Claims (2)
-
-
3. A method for enhancing network throughput between an internal network and an external network to which a server is connected, comprising the steps of:
-
connecting two or more firewalls to the internal network; receiving a TCP connection request from the server to one of said firewalls; determining whether a common TCP control block exists for a TCP connection between said receiving firewall and said server, and creating one if one does not exist; and updating said common TCP control block based on the TCP connection request from the server; wherein said steps further comprise transmitting an acknowledgement and a request for connection to the server, and updating said common TCP control block with the resulting connection state data; wherein said steps further comprise establishing a connection between said firewall and the server and updating said common TCP control block during said connection with connection state data; wherein said steps further comprise shutting down said connection, and updating said common TCP control block based on the type of shutdown performed; wherein said common TCP control block is shared with one or more of said other firewalls. - View Dependent Claims (4)
-
-
5. A computer program product embodied on a computer readable medium for enhancing network throughput between an internal network and an external network to which a server is connected, comprising:
-
computer code for connecting two or more firewalls to the internal network; computer code for determining whether a common TCP control block exists for a TCP connection between one of said firewalls and the server, and creating one if one does not exist; computer code for sending a TCP connection request to the server from one of said firewalls; and computer code for updating said common TCP control block based on the response from the server to said TCP connection request; wherein a connection is established between said firewall and said server, and said common TCP control block is updated with connection state data during said connection; wherein said connection is shut down, and said common TCP control block is updated based on the type of shutdown performed; wherein said common TCP control block is shared with one or more of said other firewalls. - View Dependent Claims (6)
-
-
7. A computer program product embodied on a computer readable medium for enhancing network throughput between an internal network and an external network to which a server is connected, comprising:
-
computer code for connecting two or more firewalls to the internal network; computer code for receiving a TCP connection request from the server to one of said firewalls; computer code for determining whether a common TCP control block exists for a TCP connection between said receiving firewall and said server, and creating one if one does not exist; and computer code for updating said common TCP control block based on the TCP connection request from the server; wherein an acknowledgement and a request for connection is sent to the server, and said common TCP control block is updated with the resulting connection state data; wherein a connection is established between said firewall and the server, and said common TCP control block is updated during said connection with connection state data; wherein said connection is shut down, and said common TCP control block is updated based on the type of shutdown performed; wherein said common TCP control block is shared with one or more of said other firewalls. - View Dependent Claims (8)
-
-
9. An apparatus for enhancing network throughput between an internal network and an external network to which a server is connected, comprising:
-
logic for connecting two or more firewalls to the internal network; logic for determining whether a common TCP control block exists for a TCP connection between one of said firewalls and the server, and creating one if one does not exist; logic for sending a TCP connection request to the server from one of said firewalls; and logic for updating said common TCP control block based on the response from the server to said TCP connection request; wherein a connection is established between said firewall and said server, and said common TCP control block is updated with connection state data during said connection; wherein said connection is shut down, and said common TCP control block is updated based on the type of shutdown performed; wherein said common TCP control block is shared with one or more of said other firewalls. - View Dependent Claims (10)
-
-
11. An apparatus for enhancing network throughput between an internal network and an external network to which a server is connected, comprising:
-
logic for connecting two or more firewalls to the internal network; logic for receiving a TCP connection request from the server to one of said firewalls; logic for determining whether a common TCP control block exists for a TCP connection between said receiving firewall and said server, and creating one if one does not exist; and logic for updating said common TCP control block based on the TCP connection request from the server; wherein an acknowledgement and a request for connection is sent to the server, and said common TCP control block is updated with the resulting connection state data; wherein a connection is established between said firewall and the server, and said common TCP control block is updated during said connection with connection state data; wherein said connection is shut down, and said common TCP control block is updated based on the type of shutdown performed; wherein said common TCP control block is shared with one or more of said other firewalls. - View Dependent Claims (12)
-
Specification
-
- Resources
Litigation Campaign Assessment
Thank you for your request. You will receive a custom alert email when the Litigation Campaign Assessment is available.
×
-
Current AssigneeMcAfee, Inc. (McAfee, LLC)
-
Original AssigneeNetworks Associates Technology, Inc. (McAfee, LLC)
-
InventorsSchwab, Stephen, Knobbe, Roger, Purtell, Andrew
-
Primary Examiner(s)Caldwell, Andrew
-
Assistant Examiner(s)CALLAHAN, PAUL E
-
Application NumberUS09/597,973Time in Patent Office1,925 DaysField of Search713200-201, 713/152, 709224-229, 709/236, 370229-235, 370352-356, 370/252, 370/253, 370/254, 370/255, 370/256US Class Current726/12CPC Class CodesH04L 63/0218 Distributed architectures, ...
