Establishing network connections between transparent network devices

US 8,180,902 B1
Filed: 09/30/2009
Issued: 05/15/2012
Est. Priority Date: 03/05/2009
Status: Active Grant

First Claim

Patent Images

1. A method of initiating a connection between transparent network devices, the method comprising:

intercepting a first message from a client device and addressed to a server device, wherein the first message includes a first sequence number and is adapted to initiate a first connection between the client device and the server device;

creating a first modified version of the first message adapted to initiate a second connection with a transparent network device in addition to the first connection with the server;

sending the first modified version of the first message towards the server device;

intercepting a second message from the server device and addressed to the client device, wherein the second message is adapted to continue the initiation of the first connection between the client device and the server device;

determining if the second message was previously intercepted by the transparent network device; and

in response to the determination that the second message was previously intercepted by the transparent network device, sending a second modified version of the first message towards the server, wherein the second modified version of the first message is adapted to continue the initiation of the second connection with the transparent network device;

wherein the second modified version of the first message includes a source address, a destination address, and a sequence number equal to a source address, a destination address, and a sequence number included in the first modified version of the first message.

View all claims

20 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Transparent network devices intercept messages from non-transparent network devices that establish a connection. Transparent network devices modify these messages to establish an inner connection with each other. The transparent network devices mimic at least some of the outer connection messages to establish their inner connection. The mimicked messages and any optional reset messages are intercepted by the transparent network devices to prevent them from reaching the outer connections. Transparent network devices modify network traffic, using error detection data, fragmentation data, or timestamps, so that inner connection network traffic inadvertently received by outer connection devices is rejected or ignored by the outer connection network devices. Transparent network devices may use different sequence windows for inner and outer connection network traffic. To prevent overlapping sequence windows, transparent network devices monitor the locations of the inner and outer connection sequence windows and may rapidly advance the inner connection sequence window as needed.

53 Citations

View as Search Results

28 Claims

1. A method of initiating a connection between transparent network devices, the method comprising:
- intercepting a first message from a client device and addressed to a server device, wherein the first message includes a first sequence number and is adapted to initiate a first connection between the client device and the server device;
  
  creating a first modified version of the first message adapted to initiate a second connection with a transparent network device in addition to the first connection with the server;
  
  sending the first modified version of the first message towards the server device;
  
  intercepting a second message from the server device and addressed to the client device, wherein the second message is adapted to continue the initiation of the first connection between the client device and the server device;
  
  determining if the second message was previously intercepted by the transparent network device; and
  
  in response to the determination that the second message was previously intercepted by the transparent network device, sending a second modified version of the first message towards the server, wherein the second modified version of the first message is adapted to continue the initiation of the second connection with the transparent network device;
  
  wherein the second modified version of the first message includes a source address, a destination address, and a sequence number equal to a source address, a destination address, and a sequence number included in the first modified version of the first message.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, comprising:
    - receiving a first modified version of the second message in response to sending the second modified version of the first message, wherein the first modified version of the second message is adapted to continue the initiation of the second connection with the transparent network device; and
      
      sending an acknowledgement message towards the server, wherein the acknowledgement message is adapted to indicate the establishment of a portion of the first connection with the client and the establishment of the second connection with the transparent network device.
  - 3. The method of claim 2, wherein the first modified version of the second message includes a source address, a destination address, and a sequence number equal to a source address, a destination address, and a sequence number included in the second message.
  - 4. The method of claim 3, wherein determining if the second message was previously intercepted by the transparent network device comprises determining if the second message includes a transparent device parameter previously added to the second message by the transparent device.
  - 5. The method of claim 1, wherein the second modified version of the first message includes a source address, a destination address, and a sequence number equal to a source address, a destination address, and a sequence number included in the first message.
  - 6. The method of claim 1, wherein the first and second modified versions of the first message each include a client parameter equal to a client parameter included in the first message.
  - 7. The method of claim 1, wherein the first message includes a first source network port different than a second source network port included in the second modified version of the first message.

8. A method of initiating a connection between transparent network devices, the method comprising:
- intercepting a first message from a client device and addressed to a server device, wherein the first message is adapted to initiate a first connection between the client device and the server device;
  
  creating a first modified version of the first message adapted to initiate a second connection with a second transparent network device in addition to the first connection with the server;
  
  sending the first modified version of the first message towards the server device;
  
  intercepting a second message from the server device and addressed to the client device, wherein the second message is adapted to continue the initiation of the first connection between the client device and the server device;
  
  determining if the second message was previously intercepted by the second transparent network device;
  
  in response to the determination that the second message was previously intercepted by the second transparent network device, sending a third message adapted to reset at least a first portion of the first connection; and
  
  sending a second modified version of the first message towards the server, wherein the second modified version of the first message is adapted to continue the initiation of the second connection with the transparent network device.
- View Dependent Claims (9, 10, 11, 12, 13)
- - 9. The method of claim 8, comprising:
    - receiving a first modified version of the second message in response to sending the second modified version of the first message, wherein the first modified version of the second message is adapted to continue the initiation of the second connection with the transparent network device; and
      
      sending an acknowledgement message towards the server, wherein the acknowledgement message is adapted to indicate the establishment of a portion of the first connection between the first transparent network device and the client and the establishment of the second connection with second transparent network device.
  - 10. The method of claim 9, wherein the second modified version of the first message includes a first sequence number different than a second sequence number included in the first modified version of the first message.
  - 11. The method of claim 8, wherein the second modified version of the first message includes a source address and a destination address equal to a source address and a destination address included in the first modified version of the first message.
  - 12. The method of claim 8, wherein the first portion of the first connection reset by the third message does not include a second portion of the first connection between the transparent network device and the server.
  - 13. The method of claim 8, wherein the first portion of the first connection reset by the second message does not include a second portion of the first connection between the transparent network device and the server.

14. A method of initiating a connection between transparent network devices, the method comprising:
- intercepting a first message from a client device and addressed to a server device, wherein the first message is adapted to initiate a first connection between the client device and the server device;
  
  creating a first modified version of the first message adapted to initiate a second connection with a second transparent network device in addition to the first connection with the server;
  
  sending the first modified version of the first message towards the server device;
  
  intercepting a second message from the server device and addressed to the client device, wherein the second message is adapted to reset at least a first portion of the first connection between the client device and the server device;
  
  determining if the second message was created by the second transparent network device; and
  
  in response to the determination that the second message was created by the second transparent network device, sending a second modified version of the first message towards the server, wherein the second modified version of the first message is adapted to continue the initiation of the second connection with the transparent network device.
- View Dependent Claims (15, 16, 17)
- - 15. The method of claim 14, comprising:
    - receiving a third message in response to sending the second modified version of the first message, wherein the third message is adapted to continue the initiation of the second connection with the transparent network device; and
      
      sending an acknowledgement message towards the server, wherein the acknowledgement message is adapted to indicate the establishment of a portion of the first connection between the first transparent network device and the client and the establishment of the second connection with second transparent network device.
  - 16. The method of claim 15, wherein the second modified version of the first message includes a source address and a destination address equal to a source address and a destination address included in the first modified version of the first message.
  - 17. The method of claim 16, wherein a first sequence number included in the first modified version of the first message is different than a second sequence number included in the second modified version of the first message.

18. A method of initiating a connection between transparent network devices, the method comprising:
- intercepting a first message from a client device and addressed to a server device, wherein the first message includes a first connection parameter adapted to initiate a first network connection between the client device and the server device;
  
  creating a first modified version of the first message including the first connection parameter and a second connection parameter adapted to initiate a second network connection with a transparent network device, wherein the second connection parameter is included in a transparency-unrelated portion of the first modified version of the first message;
  
  sending the first modified version of the first message towards the server device;
  
  intercepting a second message from the server device and addressed to the client device, wherein the second message is adapted to continue the initiation of the first network connection between the client device and the server device;
  
  determining if the second message was previously intercepted by the transparent network device; and
  
  in response to the determination that the second message was previously intercepted by the transparent network device, continuing the initiation of the second network connection.
- View Dependent Claims (19, 20, 21, 22, 23, 24, 25, 26, 27, 28)
- - 19. The method of claim 18, wherein determining if the second message was previously intercepted by the transparent network device comprises:
    - searching a transparency-unrelated portion of the second message for an indicator added to the second message by the transparent network device.
  - 20. The method of claim 18, comprising:
    - sending the second message towards the client device.
  - 21. The method of claim 18, comprising:
    - in response to the determination that the second message was previously intercepted by the transparent network device, sending a modified second message towards the client device.
  - 22. The method of claim 18, wherein the transparency-unrelated portion of the first modified message includes a protocol extension field.
  - 23. The method of claim 22, wherein the protocol extension field includes a TCP options field.
  - 24. The method of claim 18, wherein the transparency-unrelated portion of the first modified message includes a sequence number.
  - 25. The method of claim 18, wherein continuing the initiation of the second network connection comprises:
    - creating a third message adapted to continue the initiation of the second network connection with the transparent network device, wherein the third message includes a third connection parameter, wherein the third connection parameter is included in a transparency-unrelated portion of the third message; and
      
      sending the third message towards the server device.
  - 26. The method of claim 25, wherein the third message is a second modified version of the first message including the first connection parameter.
  - 27. The method of claim 26, comprising:
    - sending a fourth message adapted to reset at least a first portion of the first network connection.
  - 28. The method of claim 25, wherein the third message is an acknowledgement message.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Riverbed Technology, LLC (Riverbed Technology Incorporated)
Original Assignee
Riverbed Technology Incorporated
Inventors
Day, Mark Stuart, Gupta, Nitin, Landrum, Alfred, Miller, Brian, Lam, Blanco Zee Leung
Primary Examiner(s)
Maung, Zarni

Application Number

US12/571,430
Time in Patent Office

958 Days
Field of Search

709/203, 709225-229, 709/231, 709/238, 709/250
US Class Current

709/227
CPC Class Codes

H04L 41/00   Arrangements for maintenanc...

H04L 63/0254   Stateful filtering

H04L 63/029   Firewall traversal, e.g. tu...

H04L 63/164   at the network layer

H04L 67/141   Setup of application sessio...

H04L 67/2876   Pairs of inter-processing e...

H04L 67/565   Conversion or adaptation of...

H04L 67/5651   Reducing the amount or size...

H04L 69/04   Protocols for data compress...

H04L 69/14   Multichannel or multilink p...

H04L 69/163   In-band adaptation of TCP d...

H04W 80/06   Transport layer protocols, ...

Establishing network connections between transparent network devices

First Claim

20 Assignments

0 Petitions

Accused Products

Abstract

53 Citations

28 Claims

Specification

Solutions

Use Cases

Quick Links

Establishing network connections between transparent network devices

First Claim

20 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

53 Citations

28 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links