Preventing data corruption with transparent network connections

US 8,181,060 B1
Filed: 09/30/2009
Issued: 05/15/2012
Est. Priority Date: 03/05/2009
Status: Active Grant

First Claim

Patent Images

1. A method of preventing data corruption, the method comprising:

establishing an inner connection with a first transparent network device;

creating an inner connection message including inner connection data to be sent to the first transparent network device via the inner connection;

modifying the inner connection message such that the inner connection data will not be accepted by a client and/or a server; and

sending the modified inner connection message including the inner connection data to the first transparent network device via the inner connection;

wherein modifying the inner connection message comprises setting a time stamp value included the inner connection message to a value less than a time stamp value associated with the outer connection.

View all claims

20 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Transparent network devices intercept messages from non-transparent network devices that establish a connection. Transparent network devices modify these messages to establish an inner connection with each other. The transparent network devices mimic at least some of the outer connection messages to establish their inner connection. The mimicked messages and any optional reset messages are intercepted by the transparent network devices to prevent them from reaching the outer connections. Transparent network devices modify network traffic, using error detection data, fragmentation data, or timestamps, so that inner connection network traffic inadvertently received by outer connection devices is rejected or ignored by the outer connection network devices. Transparent network devices may use different sequence windows for inner and outer connection network traffic. To prevent overlapping sequence windows, transparent network devices monitor the locations of the inner and outer connection sequence windows and may rapidly advance the inner connection sequence window as needed.

43 Citations

View as Search Results

17 Claims

1. A method of preventing data corruption, the method comprising:
- establishing an inner connection with a first transparent network device;
  
  creating an inner connection message including inner connection data to be sent to the first transparent network device via the inner connection;
  
  modifying the inner connection message such that the inner connection data will not be accepted by a client and/or a server; and
  
  sending the modified inner connection message including the inner connection data to the first transparent network device via the inner connection;
  
  wherein modifying the inner connection message comprises setting a time stamp value included the inner connection message to a value less than a time stamp value associated with the outer connection.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, wherein modifying the inner connection message comprises:
    - determining an error detection value based on the inner connection data and a communications protocol; and
      
      modifying the error detection value to indicate that the inner connection data is invalid according to the communications protocol.
  - 3. The method of claim 2, wherein modifying the error detection value comprising performing a reversible operation on the error detection value.
  - 4. The method of claim 3, wherein the reversible operation includes a Boolean operation.
  - 5. The method of claim 3, wherein the reversible operation includes an arithmetic operation.
  - 6. The method of claim 1, wherein modifying the inner connection message comprises setting a fragmentation indicator in the inner connection message.
  - 7. The method of claim 1, wherein the inner connection uses network addresses associated with a client and a server communicating via an outer connection.

8. A method of preventing data corruption, the method comprising:
- establishing an inner connection with a first transparent network device;
  
  intercepting a first message addressed to a destination address associated with an outer connection and the inner connection;
  
  identifying a first time stamp value included in the first message;
  
  determining if the first message is associated with the outer connection; and
  
  in response to the determination that the first message is associated with the outer connection;
  
  determining a modified time stamp value from the first time stamp value; and
  
  sending a modified version of the first message including the modified time stamp value towards the destination address;
  
  wherein the modified time stamp value is greater than a second time stamp value included in a second message associated with the inner connection and intended to be received by the first transparent network device.
- View Dependent Claims (9, 10, 11, 12)
- - 9. The method of claim 8, wherein the modified time stamp value is greater than the first time stamp value.
  - 10. The method of claim 8, wherein the first message is received after passing through the first transparent network device.
  - 11. The method of claim 8, wherein determining if the first message is associated with the outer connection comprises:
    - determining if the first message includes an indicator added by the first transparent network device.
  - 12. The method of claim 11, wherein the indicator includes a TCP option parameter.

13. A method of preventing data corruption, the method comprising:
- establishing an inner connection with a first transparent network device, wherein the inner connection is associated with a first flow control window;
  
  intercepting a first message associated with an outer connection between a client and a server;
  
  identifying a second flow control window associated with the outer connection from the first message;
  
  determining if the first flow control window is near the second flow control window; and
  
  in response to the determination that the first flow control window is near the second flow control window, moving the first flow control window away from the second flow control window.
- View Dependent Claims (14, 15, 16, 17)
- - 14. The method of claim 13, wherein moving the first flow control window comprises:
    - modifying a starting sequence value of the first flow control window by an offset value to move the first flow control window away from the second flow control window by the offset value.
  - 15. The method of claim 14, wherein the offset value is less than or equal to a maximum sequence value associated with the first flow control window.
  - 16. The method of claim 13, wherein modifying the starting sequence value of the first flow control window comprises:
    - sending a second message to the transparent network device, wherein the second message includes a sequence value equal to a sum of the starting sequence value and the offset value.
  - 17. The method of claim 16, comprising:
    - receiving a third message from the transparent device acknowledging the sequence value as the modified starting sequence value; and
      
      in response to the third message;
      
      further modifying the modified starting sequence value by the offset value; and
      
      sending a fourth message including a second sequence value equal to a sum of the modified starting sequence value and the offset value.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Riverbed Technology, LLC (Riverbed Technology Incorporated)
Original Assignee
Riverbed Technology Incorporated
Inventors
Day, Mark Stuart, Miller, Brian, Gupta, Nitin, Landrum, Alfred, Lam, Blanco Zee Leung
Primary Examiner(s)
Baderman, Scott
Assistant Examiner(s)
BRYAN, JASON B

Application Number

US12/571,433
Time in Patent Office

958 Days
Field of Search

None
US Class Current

714/4.1
CPC Class Codes

H04L 41/00   Arrangements for maintenanc...

H04L 63/0254   Stateful filtering

H04L 63/029   Firewall traversal, e.g. tu...

H04L 63/164   at the network layer

H04L 67/141   Setup of application sessio...

H04L 67/2876   Pairs of inter-processing e...

H04L 67/565   Conversion or adaptation of...

H04L 67/5651   Reducing the amount or size...

H04L 69/163   In-band adaptation of TCP d...

Preventing data corruption with transparent network connections

First Claim

20 Assignments

0 Petitions

Accused Products

Abstract

43 Citations

17 Claims

Specification

Solutions

Use Cases

Quick Links

Preventing data corruption with transparent network connections

First Claim

20 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

43 Citations

17 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links