System and method for handling TCP performance in network access with driver initiated application tunnel

US 8,908,545 B1
Filed: 07/08/2010
Issued: 12/09/2014
Est. Priority Date: 07/08/2010
Status: Active Grant

First Claim

Patent Images

1. A method for improving Transmission Control Protocol (TCP) performance in network access, the method comprising:

detecting an encapsulated outgoing data packet;

processing a Point to Point Protocol (PPP) layer in the outgoing data packet to obtain routing information for establishing a connection to a Virtual Private Network (VPN) tunnel and to determine when the PPP layer encapsulates at least TCP and Internet Protocol (IP) layers of the outgoing data packet; and

when the PPP layer encapsulates at least TCP and IP layers of the outgoing data packet;

removing the PPP layer including the encapsulated TCP and IP layers from the outgoing data packet; and

processing the outgoing data packet in accordance with a locally driven application protocol path comprising encapsulating data of the outgoing data packet with a Layer 7 header in place of the removed PPP layer, wherein the application protocol path is configured to act as a TCP proxy connection over the VPN tunnel; and

the method further comprising;

determining when the outgoing data packet does not include a PPP layer and processing the outgoing data packet in accordance with an access configuration path when the outgoing data packet does not include a PPP layer.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method for improving TCP performance in a L2 tunneling environment by snooping TCP/IP packets from the tunnel interface, terminating TCP locally and proxying TCP data in separate TCP connections. In particular, the system and method detects an encapsulated outgoing packet utilizing a Layer 2 tunneling protocol, processes a Point to Point Protocol layer in the outgoing packet to establishing Layer 2 tunneling protocol for a connection. The system and method also removes the Point to Point Protocol layer from the outgoing packet and inspects the outgoing packet for TCP information in the packet. The system and method forwards the outgoing packet to a locally driven application protocol path if TCP information is present, wherein the outgoing packet is encapsulated in association with the application protocol path.

222 Citations

15 Claims

1. A method for improving Transmission Control Protocol (TCP) performance in network access, the method comprising:
- detecting an encapsulated outgoing data packet;
  
  processing a Point to Point Protocol (PPP) layer in the outgoing data packet to obtain routing information for establishing a connection to a Virtual Private Network (VPN) tunnel and to determine when the PPP layer encapsulates at least TCP and Internet Protocol (IP) layers of the outgoing data packet; and
  
  when the PPP layer encapsulates at least TCP and IP layers of the outgoing data packet;
  
  removing the PPP layer including the encapsulated TCP and IP layers from the outgoing data packet; and
  
  processing the outgoing data packet in accordance with a locally driven application protocol path comprising encapsulating data of the outgoing data packet with a Layer 7 header in place of the removed PPP layer, wherein the application protocol path is configured to act as a TCP proxy connection over the VPN tunnel; and
  
  the method further comprising;
  
  determining when the outgoing data packet does not include a PPP layer and processing the outgoing data packet in accordance with an access configuration path when the outgoing data packet does not include a PPP layer.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The method of claim 1, further comprising forwarding the outgoing data packet to a destination in accordance with the application protocol path and applying a network address translation process to the outgoing data packet based on the routing information prior to the packet being forwarded.
  - 3. The method of claim 1, wherein the processing the outgoing data packet in accordance with the access configuration path when the outgoing data packet does not include a PPP layer further comprises encapsulating the data of the outgoing data packet and a second IP layer with a security layer.
  - 4. The method of claim 3, wherein the security layer is based on User Datagram Protocol (UDP) and Datagram Transport Layer Security (DTLS) security protocol or an Internet Protocol Security (IPSec) security protocol.
  - 5. The method of claim 1, wherein the data of the outgoing data packet is further encapsulated by an SSL layer, a second TCP layer, and a second IP layer.

6. A non-transitory machine readable medium having stored thereon instructions for improving Transmission Control Protocol (TCP) performance in network access, the instructions comprising machine executable code which when executed by at least one machine, causes the machine to perform steps comprising:
- detecting an encapsulated outgoing data packet;
  
  processing a Point to Point Protocol (PPP) layer in the outgoing data packet to obtain routing information for establishing a connection to a Virtual Private Network (VPN) tunnel and to determine when the PPP layer encapsulates at least TCP and Internet Protocol (IP) layers of the outgoing data packet; and
  
  when the PPP layer encapsulates at least TCP and IP layers of the outgoing data packet;
  
  removing the PPP layer including the encapsulated TCP and IP layers from the outgoing data packet; and
  
  processing the outgoing data packet in accordance with a locally driven application protocol path comprising encapsulating data of the outgoing data packet with a Layer 7 header in place of the removed PPP layer, wherein the application protocol path is configured to act as a TCP proxy connection over the VPN tunnel; and
  
  the steps further comprising;
  
  determining when the outgoing data packet does not include a PPP layer and processing the outgoing data packet in accordance with an access configuration path when the outgoing data packet does not include a PPP layer.
- View Dependent Claims (7, 8, 9, 10)
- - 7. The machine readable medium of claim 6, further having stored thereon instructions comprising machine executable code which when executed by the at least one machine further causes the machine to perform steps further comprising forwarding the outgoing data packet to a destination in accordance with the application protocol path and applying a network address translation process to the outgoing data packet based on the routing information prior to the packet being forwarded.
  - 8. The machine readable medium of claim 6, wherein the processing the outgoing data packet in accordance with the access configuration path when the outgoing data packet does not include a PPP layer further comprises encapsulating the data of the outgoing data packet and a second IP layer with a security layer.
  - 9. The machine readable medium of claim 8, wherein the security layer is based on User Datagram Protocol (UDP) and Datagram Transport Layer Security (DTLS) security protocol or an Internet Protocol Security (IPSec) security protocol.
  - 10. The machine readable medium of claim 6, wherein the data of the outgoing data packet is further encapsulated by an SSL layer, a second TCP layer, and a second IP layer.

11. A client device comprising:
- a processor coupled to a memory and configured to be capable of executing programmed instructions for improving Transmission Control Protocol (TCP) performance in network access stored in the memory to perform steps comprising;
  
  detecting an encapsulated outgoing data packet;
  
  processing a Point to Point Protocol (PPP) layer in the outgoing data packet to obtain routing information for establishing a connection to a Virtual Private Network (VPN) tunnel and to determine when the PPP layer encapsulates at least TCP and Internet Protocol (IP) layers of the outgoing data packet; and
  
  when the PPP layer encapsulates at least TCP and IP layers of the outgoing data packet;
  
  removing the PPP layer including the encapsulated TCP and IP layers from the outgoing data packet; and
  
  processing the outgoing data packet in accordance with a locally driven application protocol path comprising encapsulating data of the outgoing data packet with a Layer 7 header in place of the removed PPP layer, wherein the application protocol path is configured to act as a TCP proxy connection over the VPN tunnel; and
  
  the steps further comprising;
  
  determining when the outgoing data packet does not include a PPP layer and processing the outgoing data packet in accordance with an access configuration path when the outgoing data packet does not include a PPP layer.
- View Dependent Claims (12, 13, 14, 15)
- - 12. The client device of claim 11, wherein the processor is further configured to be capable of executing programmed instructions stored in the memory to perform steps further comprising forwarding the outgoing data packet to a destination in accordance with the application protocol path and applying a network address translation process to the outgoing data packet based on the routing information prior to the packet being forwarded.
  - 13. The client device of claim 11, wherein the processing the outgoing data packet in accordance with the access configuration path when the outgoing data packet does not include a PPP layer further comprises encapsulating the data of the outgoing data packet and a second IP layer with a security layer.
  - 14. The client device of claim 13, wherein the security layer is based on User Datagram Protocol (UDP) and Datagram Transport Layer Security (DTLS) security protocol or an Internet Protocol Security (IPSec) security protocol.
  - 15. The client device of claim 11, wherein the data of the outgoing data packet is further encapsulated by an SSL layer, a second TCP layer, and a second IP layer.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
F5 Networks, Inc. (F5 Incorporated)
Original Assignee
F5 Networks, Inc. (F5 Incorporated)
Inventors
Chen, Jonathan, Amdahl, Saxon, Shigapov, Andrey
Primary Examiner(s)
Chung, Hoon J
Assistant Examiner(s)
Wang, Yaotang

Application Number

US12/832,880
Time in Patent Office

1,615 Days
Field of Search

370/252, 370/338, 370/389, 709/227
US Class Current

370/252
CPC Class Codes

H04L 12/4633   Interconnection of networks...

H04L 63/00   Network architectures or ne...

H04L 63/0272   Virtual private networks

H04L 63/0281   Proxies

H04L 63/029   Firewall traversal, e.g. tu...

System and method for handling TCP performance in network access with driver initiated application tunnel

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

222 Citations

15 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for handling TCP performance in network access with driver initiated application tunnel

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

222 Citations

15 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links