Systems and methods for listening policies for virtual servers of appliance

US 8,654,659 B2
Filed: 12/23/2009
Issued: 02/18/2014
Est. Priority Date: 12/23/2009
Status: Active Grant

First Claim

Patent Images

1. A method of using a listening policy for a virtual server on an intermediary device, the method comprising:

(a) establishing for a first virtual server executing on an intermediary device deployed between a plurality of clients and one or more servers, a first listen policy, the first listen policy comprising an expression for evaluating packets received by the intermediary device to determine whether the packets may access the first virtual server;

(b) listening, by a packet engine of the intermediary device for a plurality of packets to be received at a network interface card of the intermediary device at a first internet protocol (IP) address and a first port specified for the first virtual server;

(c) evaluating, by a policy engine of the intermediary device, the expression of the first listen policy of the first virtual server and a second listen policy of a second virtual server to a first packet of the plurality of packets received by the packet engine at the first IP address and the first port; and

(d) determining, by the intermediary device responsive to the first packet matching both the first listen policy and the second listen policy, whether to provide the first packet received by the packet engine to the first virtual server or the second virtual server based on a result of the evaluation.

View all claims

7 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present invention is directed towards a method for using a listening policy for a virtual server on an intermediary device. An intermediary device establishes for a first virtual server a first listening policy with an expression for evaluating packets received by the intermediary device to determine whether the packet may access the first virtual server. The intermediary device listens for packets at a first internet protocol (IP) address and a first port specified for the first virtual server. Then, the intermediary device evaluates the expression of the first listening policy to a first packet received at the first IP address and first port and determines whether to provide the first packet to the first virtual server based on a result of the evaluation.

22 Citations

View as Search Results

18 Claims

1. A method of using a listening policy for a virtual server on an intermediary device, the method comprising:
- (a) establishing for a first virtual server executing on an intermediary device deployed between a plurality of clients and one or more servers, a first listen policy, the first listen policy comprising an expression for evaluating packets received by the intermediary device to determine whether the packets may access the first virtual server;
  
  (b) listening, by a packet engine of the intermediary device for a plurality of packets to be received at a network interface card of the intermediary device at a first internet protocol (IP) address and a first port specified for the first virtual server;
  
  (c) evaluating, by a policy engine of the intermediary device, the expression of the first listen policy of the first virtual server and a second listen policy of a second virtual server to a first packet of the plurality of packets received by the packet engine at the first IP address and the first port; and
  
  (d) determining, by the intermediary device responsive to the first packet matching both the first listen policy and the second listen policy, whether to provide the first packet received by the packet engine to the first virtual server or the second virtual server based on a result of the evaluation.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, wherein step (a) further comprises establishing for the first virtual server the listen policy comprising the expression to compare a virtual local area network (VLAN) identifier of the first packet to a predetermined value.
  - 3. The method of claim 1, wherein step (c) further comprises evaluating a VLAN identifier of the first packet and wherein step (d) further comprises determining to provide the first packet to the first virtual server if the VLAN identifier of the first packet matches a predetermined value.
  - 4. The method of claim 1, wherein step (a) further comprises establishing the listen policy comprising the expression to compare an interface identifier of the first packet to a predetermined value.
  - 5. The method of claim 1, wherein step (c) further comprises evaluating a interface identifier of the first packet and wherein step (d) further comprises determining to provide the first packet to the first virtual server if the interface identifier of the first packet matches a predetermined value.
  - 6. The method of claim 1, wherein step (b) further comprises listening, by the intermediary device for packets for a service type specified for the first virtual server.
  - 7. The method of claim 1, wherein step (a) further comprises establishing the first listening priority for the first virtual server and establishing the second listening policy and a second listening priority for a second virtual server executing on the intermediary device.
  - 8. The method of claim 7, wherein step (b) further comprises listening by the intermediary device on the first IP address and the first port specified for both the first virtual server and the second virtual server.
  - 9. The method of claim 7, wherein step (d) further comprises determining to forward the first packet to the second virtual server instead of the first virtual server based on a comparison of the second listening priority to the first listening priority.

10. A system of using a listening policy for a virtual server on an intermediary device, the system comprising:
- a first virtual server executing on an intermediary device deployed between a plurality of clients and one or more servers, the first virtual server configured to have a first listen policy, the first listen policy comprising an expression for evaluating packets received by the intermediary device to determine whether the packets may access the first virtual server;
  
  a packet engine of the intermediary device listening for a plurality of packets to be received at a network interface card of the intermediary device at a first internet protocol (IP) address and a first port specified for the first virtual server;
  
  a policy engine of the intermediary device evaluating the expression of the first listen policy of the first virtual server and a second listen policy of a second virtual server to a first packet of the plurality of packets received by the packet engine at the first IP address and the first port; and
  
  wherein the intermediary device determines responsive to the first packet matching both the first listen policy and the second listen policy, whether to provide the first packet received by the packet engine to the first virtual server or the second virtual server based on a result of the evaluation.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
- - 11. The system of claim 10, wherein the listen policy comprises the expression to compare a virtual local area network (VLAN) identifier of the first packet to a predetermined value.
  - 12. The system of claim 11, wherein the packet engine evaluates the VLAN identifier of the first packet and determines to provide the first packet to the first virtual server if the VLAN identifier of the first packet matches the predetermined value.
  - 13. The system of claim 10, wherein the listen policy comprises the expression to compare an interface identifier of the first packet to a predetermined value.
  - 14. The system of claim 13, wherein the packet engine evaluates the interface identifier of the first packet and determines to provide the first packet to the first virtual server if an interface identifier of the first packet matches the predetermined value.
  - 15. The system of claim 10, wherein the packet engine listens for packets for a service type specified for the first virtual server.
  - 16. The system of claim 10, wherein the intermediary device establishes the first listening priority for the first virtual server and establishes a second listening policy and the second listening priority for a second virtual server.
  - 17. The system of claim 16, wherein the packet engine listens on the first IP address and the first port specified for both the first virtual server and the second virtual server.
  - 18. The system of claim 16, wherein the intermediary device determines to forward the first packet to the second virtual server instead of the first virtual server based on a comparison of the second listening priority to the first listening priority.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Citrix Systems, Inc. (Cloud Software Group)
Original Assignee
Citrix Systems, Inc. (Cloud Software Group)
Inventors
Gandhewar, Dinesh, Suganthi, Josephine
Primary Examiner(s)
RIYAMI, ABDULLAH A

Application Number

US12/645,889
Publication Number

US 20110149755A1
Time in Patent Office

1,518 Days
Field of Search

370/252, 370/230, 370/235, 370/468, 370/351, 370/392, 370/395.21, 370/400, 370/401, 370/389, 709/223, 709/224, 709/227, 709/203, 709/215, 709/229, 709/222, 709/225, 709/214, 709/238, 709/249, 709/219, 709/226, 709/245, 709/217, 711/162, 711/147
US Class Current

370/252
CPC Class Codes

H04L 43/0823   Errors, e.g. transmission e...

H04L 45/74   Address processing for routing

H04L 63/0227   Filtering policies mail mes...

Systems and methods for listening policies for virtual servers of appliance

First Claim

7 Assignments

0 Petitions

Accused Products

Abstract

22 Citations

18 Claims

Specification

Use Cases

Quick Links

Others

Systems and methods for listening policies for virtual servers of appliance

First Claim

7 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

22 Citations

18 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others