Using a server's capability profile to establish a connection

US 8,224,976 B2
Filed: 12/24/2008
Issued: 07/17/2012
Est. Priority Date: 12/24/2008
Status: Expired due to Fees

First Claim

Patent Images

1. A network device connected between a client and a server, the network device comprising:

a memory to store a plurality of records, one of the records including information associated with a capability of the server; and

a processor, connected to the memory, to;

determine, based on communication between the server and the client and during a first mode of operation of the network device, the information regarding the capability of the server,receive a synchronization (SYN) message, from the client, intended for the server,determine, based on receiving the SYN message, whether the network device comprises the first mode of operation or a second mode of operation,forward, when the network device comprises the first mode of operation, the SYN message to the server,when the network device comprises the second mode of operation, the processor being to;

access the memory to obtain the information associated with the capability of the server based on receiving the SYN message,generate a SYN+acknowledgment (ACK) (SYN+ACK) message that includes the obtained information associated with the capability of the server,send the SYN+ACK message to the client,receive an ACK message from the client,determine whether the ACK message includes expected information that is based on the SYN+ACK message, andestablish a connection between the client and the server when the ACK message includes the expected information.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A network device connects between a client and a server. The network device is configured to store information regarding a capability of the server; receive a first message, from the client, intended for the server; obtain the stored information regarding the capability of the server; generate a second message that includes the information regarding the capability of the server; send the second message to the client; receive a third message from the client; and establish, based on the third message, a connection between the client and the server.

12 Citations

View as Search Results

21 Claims

1. A network device connected between a client and a server, the network device comprising:
- a memory to store a plurality of records, one of the records including information associated with a capability of the server; and
  
  a processor, connected to the memory, to;
  
  determine, based on communication between the server and the client and during a first mode of operation of the network device, the information regarding the capability of the server,receive a synchronization (SYN) message, from the client, intended for the server,determine, based on receiving the SYN message, whether the network device comprises the first mode of operation or a second mode of operation,forward, when the network device comprises the first mode of operation, the SYN message to the server,when the network device comprises the second mode of operation, the processor being to;
  
  access the memory to obtain the information associated with the capability of the server based on receiving the SYN message,generate a SYN+acknowledgment (ACK) (SYN+ACK) message that includes the obtained information associated with the capability of the server,send the SYN+ACK message to the client,receive an ACK message from the client,determine whether the ACK message includes expected information that is based on the SYN+ACK message, andestablish a connection between the client and the server when the ACK message includes the expected information.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The network device of claim 1, where the information, stored in the memory, associated with the capability of the server includes a value associated with at least one of a maximum segment size, a window scale size, a selective acknowledgment, or a window size.
  - 3. The network device of claim 1, where, when determining the information associated with the capability of the server, the processor is to:
    - monitor the communication between the server and a client, andstore the information associated with the capability of the server in the memory.
  - 4. The network device of claim 1, where the network device is a firewall connected between the client and the server.
  - 5. The network device of claim 1, when establishing the connection between the client and the server, the processor is to:
    - send a fourth message to the server,receive a fifth message from the server, andsend a sixth message to the server and to the client to establish the connection.
  - 6. The network device of claim 5, where the fourth message is a SYN message, the fifth message is a SYN+ACK message, and the sixth message is an ACK message.
  - 7. The network device of claim 1, where the network device is connected to a plurality of servers, each of the records, in the memory, storing information associated with a capability of one of the plurality of servers.
  - 8. The network device of claim 1, where, when the network device comprises the second mode of operation, the processor is further to:
    - identify a sequence number that is included in the SYN message,generate a signature from information associated with at least one of the client or the server,store the signature as an initial sequence number in the SYN+ACK message, andwhen determining whether the ACK message includes the expected information, the processor being to;
      
      determine, based on the identified sequence number and the generated signature, whether the ACK message includes a particular sequence number and a particular acknowledgement number.
  - 9. The network device of claim 1, where the SYN+ACK message includes a first sequence number, andwhen determining whether the ACK message includes the expected information, the processor being to:
    - determine whether the ACK message includes a second sequence number that is immediately subsequent to the first sequence number.
  - 10. The network device of claim 1, when the network device comprises the second mode of operation, the processor is further to:
    - calculate a signature based on the SYN message, the calculated signature being included in the SYN+ACK message, andwhen determining whether the ACK message includes the expected information, the processor being to;
      
      determine whether the ACK message includes an acknowledgement number that is based on the calculated signature.

11. A method, comprising:
- determining, during a first mode of operation, information associated with a capability of a server;
  
  intercepting, from a client and over a network, a synchronization (SYN) message intended for the server;
  
  determining, based on intercepting the SYN message, whether the SYN message was intercepted during a second mode of operation;
  
  forwarding, when the SYN message was intercepted during the first mode of operation, the SYN message to the server;
  
  identifying, when the SYN message was intercepted during the second mode of operation, the information associated with the capability of the server;
  
  generating a SYN+acknowledgment (ACK) (SYN+ACK) message that includes the information associated with the capability of the server;
  
  transmitting the SYN+ACK message to the client;
  
  receiving an ACK message from the client over the network; and
  
  determining whether to establish a connection between the client and the server based on the ACK message, the determining including;
  
  determining whether the ACK message includes expected information that is based on the SYN+ACK message.
- View Dependent Claims (12, 13, 14, 15, 16, 17)
- - 12. The method of claim 11, further comprising:
    - storing the information associated with the capability of the server, the storing the information associated with the capability of the server including storing a value associated with at least one of a maximum segment size, a window scale size, a selective acknowledgment, or a window size.
  - 13. The method of claim 11, further comprising:
    - monitoring communication from the server, the communication including the information associated with the capability of the server.
  - 14. The method of claim 11, where the method is performed by a firewall connected between the client and the server.
  - 15. The method of claim 11, further comprising:
    - transmitting, based on determining that the connection should be established between the client and the server, a second SYN message to the server;
      
      receiving, based on transmitting the second SYN message, a second SYN+ACK message from the server; and
      
      transmitting a second ACK message to the server to establish the connection between the client and the server.
  - 16. The method of claim 11, where generating the SYN+ACK message includes:
    - generating a signature from information associated with the client and the server; and
      
      storing the signature as an initial sequence number in the SYN+ACK message.
  - 17. The method of claim 11, further comprising:
    - monitoring information provided by the server during a three-way handshake; and
      
      storing the information as the information associated with the capability of the server.

18. A system comprising:
- a network device, implemented at least partially in hardware and connected between a client and a server, the network device to;
  
  monitor, during a first mode of operation, information provided by the server during a three-way handshake,store the information as information associated with a capability of the server,receive, from the client, a request to establish a connection with the server,determine, based on receiving the request, whether the network device comprises the first mode of operation or a second mode of operation,forward, when the network device comprises the first mode of operation, the request to the server,perform, on behalf of the server and when the network device comprises the second mode of operation, a three-way handshake with the client, so that the information associated with the capability of the server being provided to the client during the three-way handshake,when performing the three-way handshake with the client, the network device being to;
  
  receive a synchronization (SYN) message from the client,send a synchronization (SYN)+acknowledgment (ACK) (SYN+ACK) message to the client in response to the received SYN message,receive an ACK message from the client, anddetermine whether the three-way handshake with the client is successful, based on whether the received ACK message includes information that is based on the SYN+ACK message;
  
  perform a three-way handshake with the server when the three-way handshake with the client is successful; and
  
  establish the connection between the client and the server when the three-way handshake with the server is successful.
- View Dependent Claims (19, 20, 21)
- - 19. The system of claim 18, where the SYN+ACK message includes the information associated with the capability of the server.
  - 20. The system of claim 18, where the information associated with the capability of the server includes a value associated with at least one of a maximum segment size, a window scale size, a selective acknowledgment, or a window size, andwhen determining whether the network device comprises the first mode of operation or the second mode of operation, the network device being to:
    - determine whether a quantity of connection requests is less than a threshold value, the network device comprising the first mode of operation when the quantity of connection requests is less than the threshold value.
  - 21. The system of claim 18, where the network device is a firewall connected between the client and the server.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Juniper Networks Incorporated
Original Assignee
Juniper Networks Incorporated
Inventors
Jiang, Dongyi, Tumuluru, Laxminarayana, Pi, Jianwen
Primary Examiner(s)
Truong, Lan-Dai T

Application Number

US12/343,694
Publication Number

US 20100161741A1
Time in Patent Office

1,301 Days
Field of Search

709/228, 709/220, 709/222, 709/223, 709/224, 709/226
US Class Current

709/228
CPC Class Codes

H04L 63/02   for separating internal fro...

H04L 67/01   Protocols

H04L 67/14   Session management for real...

H04L 67/303   Terminal profiles

H04L 67/568   Storing data temporarily at...

H04L 69/16   Implementation or adaptatio...

Using a server's capability profile to establish a connection

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

12 Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

Using a server's capability profile to establish a connection

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

12 Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links