Systems and methods for preserving transport layer protocol options

US 7,581,005 B2
Filed: 01/26/2007
Issued: 08/25/2009
Est. Priority Date: 01/20/2005
Status: Active Grant

First Claim

Patent Images

1. A method for maintaining by a transport control protocol terminating appliance a header option of a transport control protocol connection request communicated between a client and a server via the transport control protocol terminating appliance and a second appliance, and identifying by the second appliance via the header option a type of network connection of a port of the second appliance, the method comprising the steps of:

(a) receiving, by a first appliance, a first request from a client to establish a transport control protocol connection to a server, the first request identifying a transport control protocol header option, the first appliance terminating a first transport protocol control connection with the client;

(b) identifying, by the first appliance, a transport control protocol header option of the first request;

(c) transmitting, by the first appliance in response to the first request, a second request to establish the transport control connection to the server, the first appliance providing in the second request the identified transport control protocol header option of the first request;

(d) identifying, by a second appliance, the transport control header option of the second request received on a port of the second appliance; and

(e) determining, by the second appliance, a type of network connection of the port in response to identifying the transport control header option.

View all claims

8 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The solution of the present invention provides systems and methods for preserving transport layer header options traversing network devices that terminate transport layer connections. The solution described herein provides a bi-directional intelligent proxying system by which a proxy client exchanges transport layer option information with a proxy server via an application layer protocol. The proxy server, which may be in the form of an appliance, re-injects the transport layer options received from the client into the appropriate network packets communicated on the intended network. Likewise, the proxying appliance can inform the proxy client of transport layer options received from the network, such as via a server. With this solution, devices that transmit control information, exchange communications or other functionality via transport layer options may continue to operate in conjunction with transport layer terminating devices.

Citations

51 Claims

1. A method for maintaining by a transport control protocol terminating appliance a header option of a transport control protocol connection request communicated between a client and a server via the transport control protocol terminating appliance and a second appliance, and identifying by the second appliance via the header option a type of network connection of a port of the second appliance, the method comprising the steps of:
- (a) receiving, by a first appliance, a first request from a client to establish a transport control protocol connection to a server, the first request identifying a transport control protocol header option, the first appliance terminating a first transport protocol control connection with the client;
  
  (b) identifying, by the first appliance, a transport control protocol header option of the first request;
  
  (c) transmitting, by the first appliance in response to the first request, a second request to establish the transport control connection to the server, the first appliance providing in the second request the identified transport control protocol header option of the first request;
  
  (d) identifying, by a second appliance, the transport control header option of the second request received on a port of the second appliance; and
  
  (e) determining, by the second appliance, a type of network connection of the port in response to identifying the transport control header option.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
- - 2. The method of claim 1, wherein step (e) comprises determining, by the second appliance, the port is connected to a Wide Area Network (WAN).
  - 3. The method of claim 1, wherein step (e) comprises determining, by the second appliance, the port is connected to one of a client or a third appliance providing one or more Wide Area Network (WAN) optimization techniques.
  - 4. The method of claim 1, comprising processing, by the second appliance, network packets communicated via the port based on the identified type of network connection.
  - 5. The method of claim 4, comprising applying, by the second appliance, a Wide Area Network (WAN) optimization operation on the network packets.
  - 6. The method of claim 1, comprising identifying, by the second appliance, via the transport control protocol option that the client is configured to perform one of compression or data flow acceleration.
  - 7. The method of claim 1, comprising transmitting, by the second appliance, the second request to the server.
  - 8. The method of claim 7, comprising establishing, by the server, a second transport control protocol connection in response to receiving the second request.
  - 9. The method of claim 1, wherein step (a) comprising transmitting, by the client, the first request via an application layer protocol.
  - 10. The method of claim 1, comprising intercepting, by a network capture mechanism of the client, the transport control protocol connection request of an application, the transport control connection request having the transport protocol control header option.
  - 11. The method of claim 10, comprising transmitting, by the network capture mechanism, a request to an agent of the client to establish the transport control protocol connection with the server.
  - 12. The method of claim 11, comprising transmitting, by the agent, the first request to the appliance.
  - 13. The method of claim 1, comprising intercepting, by a network filter, on the client a network packet comprising a transport control protocol connection request of the application, and inserting the transport control protocol header option into the network packet.
  - 14. The method of claim 1, comprising transmitting, by the second appliance, to the first appliance a second transport control protocol header option in response to establishing the second transport control protocol connection.
  - 15. The method of claim 14, comprising extracting, by the first appliance, the second transport control protocol header option and transmitting the second transport control protocol header option to the client in response to the client'"'"'s request to establish the transport control protocol connection with the server.
  - 16. The method of claim 1, wherein the first appliance comprises one of the following:
    - an application firewall, a Secure Socket Layer Virtual Private Network device, a network acceleration device or application acceleration device.
  - 17. The method of claim 1, wherein the second appliance comprises one of a Wide Area Network optimization controller or a Wide Area Network acceleration device.

18. A method for maintaining by a client a header option of a transport control protocol connection request communicated from a client to a server via a transport control protocol terminating appliance, the method comprising the steps of:
- (a) intercepting, by a network packet capture mechanism on a client, a first network packet of an application requesting to establish a transport control protocol connection to a server, the first network packet comprising a first transport control protocol header option;
  
  (b) communicating, by the network packet capture mechanism, the first transport control protocol header option to a secure access proxy on the client;
  
  (c) transmitting, by the secure access proxy, to an appliance a request to connect to the server, the request identifying the first transport control protocol header option, the appliance terminating a first transport protocol control connection with the client; and
  
  (d) storing, by the secure access proxy, a second transport control protocol header option received from the appliance in establishing a second transport control protocol connection with the server; and
  
  (e) providing, by the network packet capture mechanism, to the application a second network packet comprising a response to the application'"'"'s request to establish the transport control protocol connection to a server, the second network packet comprising the second transport control protocol header option.
- View Dependent Claims (19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36)
- - 19. The method of claim 18, comprising intercepting, by a network filter, the first network packet of the application, and adding the first transport control protocol header option to the network packet.
  - 20. The method of claim 18, comprising transmitting, by the client, the first transport control protocol header option to identify that the client is connecting to the server via a Wide Area Network (WAN) connection.
  - 21. The method of claim 18, comprising transmitting, by the client, the first transport control protocol header option to announce presence of the client to a Wide Area Network (WAN) appliance.
  - 22. The method of claim 18, comprising transmitting, by the client, the first transport control protocol header option to identify to a Wide Area Network (WAN) appliance that the client is configured to provide compression or data flow acceleration.
  - 23. The method of claim 18, wherein step (c) comprises transmitting, by the secure access proxy, the request to connect to the server via an application layer protocol.
  - 24. The method of claim 18, wherein step (b) comprises communicating, by the network packet capture mechanism, to the secure access gateway via a user datagram protocol.
  - 25. The method of claim 18, comprising listening, by the secure access gateway, on a local user datagram protocol port for communications from the network packet capture mechanism.
  - 26. The method of claim 18, comprising storing, by the network packet capture mechanism, the first transport control protocol header option in a storage element.
  - 27. The method of claim 18, comprising operating, by the network packet capture mechanism, in a kernel portion of an operating system of the client.
  - 28. The method of claim 18, comprising operating, by the secure access proxy, in a user space portion of an operating system of the client.
  - 29. The method of claim 18, comprising providing by, one of the network packet capture mechanism, the secure access proxy or a network filter, one of a Wide Area Network compression or Wide Area Network data flow acceleration.
  - 30. The method of claim 18, comprising transmitting, by the appliance, a second request to establish the transport control protocol connection with the server using the first transport control protocol header option, the second request traversing a second appliance.
  - 31. The method of claim 30, comprising identifying, by a second appliance, via the first transport control protocol header option that a port of the second appliance used by the client is connected to a Wide Area Network (WAN).
  - 32. The method of claim 31, comprising identifying, by the second appliance, via the first transport control protocol header option that the client includes a capability of one of compression or data flow acceleration.
  - 33. The method of claim 31, comprising transmitting, by the second appliance, to the appliance the second transport control protocol header option in response to establishing the second transport control protocol connection to the server.
  - 34. The method of claim 33, comprising extracting, by the appliance, the second transport control protocol header option, and transmitting the second transport control protocol header option to the client in response to the client'"'"'s request to establish a transport control protocol connection with the server.
  - 35. The method of claim 31, wherein the second appliance comprises one of a Wide Area Network optimization controller or a Wide Area Network acceleration device.
  - 36. The method of claim 18, wherein the appliance comprises one of the following:
    - an application firewall, a Secure Socket Layer Virtual Private Network device, a network acceleration device or application acceleration device.

37. A system for maintaining by a transport control protocol terminating appliance a header option of a transport control protocol connection request communicated between a client and a server via the transport control protocol terminating appliance and a second appliance, and the second appliance identifying via the header option a type of network connection of a port of the second appliance, the system comprising:
- a client transmitting a first request to establish a transport control protocol connection to a server, the first request identifying a transport control protocol header option;
  
  a first appliance receiving the first request from the client, the first appliance terminating a first transport protocol control connection with the client, the first appliance identifying the transport control protocol header option of the first request, and transmitting in response to the first request, to the server, a second request to establish the transport control connection using the identified transport control protocol header option, anda second appliance identifying the transport control header option of the second request received on a port of the second appliance, and determining a type of network connection of the port in response to identifying the transport control header option.
- View Dependent Claims (38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51)
- - 38. The system of claim 37, wherein the second appliance determines the port is connected to a Wide Area Network (WAN).
  - 39. The system of claim 37, wherein the second appliance determines the port is connected to one of a client or a third appliance providing one or more Wide Area Network (WAN) optimization techniques.
  - 40. The system of claim 37, wherein the second appliance processes network packets communicated via the port based on the identified type of network connection.
  - 41. The system of claim 40, wherein the second appliance performs a Wide Area Network (WAN) optimization operation on the network packets.
  - 42. The system of claim 37, wherein the second appliance determines via the transport control protocol option that the client includes a capability of one of compression or data flow acceleration.
  - 43. The system of claim 37, wherein the client transmits the first request via an application layer protocol.
  - 44. The system of claim 37, wherein a network capture mechanism of the client intercepts the transport control protocol connection request of an application, the transport control connection request having the transport protocol control header option.
  - 45. The system of claim 44, wherein the network capture mechanism transmits a request to an agent of the client to establish the transport control protocol connection with the server.
  - 46. The system of claim 37, wherein the agent transmits the first request to the appliance.
  - 47. The system of claim 37, wherein a network filter intercepts on the client a network packet comprising a transport control protocol connection request of the application, and inserts the transport control protocol header option into the network packet.
  - 48. The system of claim 37, wherein the second appliance transmits to the first appliance a second transport control protocol header option in establishing the second transport control protocol connection.
  - 49. The system of claim 48, wherein the first appliance extracts the second transport control protocol header option and transmits the second transport control protocol header option to the client in response to the client'"'"'s request to establish a transport control protocol connection with the server.
  - 50. The system of claim 37, wherein the first appliance comprises one of the following:
    - an application firewall, a Secure Socket Layer Virtual Private Network device, a network acceleration device or application acceleration device.
  - 51. The system of claim 37, wherein the second appliance comprises one of a Wide Area Network optimization or a Wide Area Network acceleration device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Citrix Systems, Inc. (Cloud Software Group)
Original Assignee
Citrix Systems, Inc. (Cloud Software Group)
Inventors
Montemayor, Karl, Rodriquez, Robert, Samuels, Allen, Dittia, Zubin
Primary Examiner(s)
Gilles; Jude J Jean

Application Number

US11/627,707
Publication Number

US 20070239886A1
Time in Patent Office

942 Days
Field of Search

709/225, 709/238, 709/232, 709/203, 709/224
US Class Current

709/225
CPC Class Codes

H04L 41/12   Discovery or management of ...

H04L 63/02   for separating internal fro...

H04L 63/029   Firewall traversal, e.g. tu...

H04L 67/2876   Pairs of inter-processing e...

H04L 67/56   Provisioning of proxy servi...

H04L 69/16   Implementation or adaptatio...

H04L 69/161   Implementation details of T...

H04L 69/163   In-band adaptation of TCP d...

H04L 69/169   Special adaptations of TCP,...

Systems and methods for preserving transport layer protocol options

First Claim

8 Assignments

0 Petitions

Accused Products

Abstract

Citations

51 Claims

Specification

Solutions

Use Cases

Quick Links

Systems and methods for preserving transport layer protocol options

First Claim

8 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

51 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links