Systems and methods for bridging a WAN accelerator with a security gateway
First Claim
1. A method of an intermediary for interfacing a network optimization engine accelerating network communications at a first network layer of a network stack with a security gateway applying policies at a second network layer above the first network layer, the method comprising the steps of:
- (a) receiving, by a network optimization engine operating at a first network layer of a network stack of an intermediary device, a network packet from a source, the network packet comprising a media access control address identifying a destination for the network packet;
(b) determining, by the network optimization engine, whether a source media access control address of the network packet identifies that an adapter type of the source is one of a physical network interface card or a local stack, the source media access control address identifying a first network interface card;
(c) modifying, by the network optimization engine in response to the determination, the destination media access control address of the network packet to identify a network interface of the intermediary device;
(d) receiving, by a security gateway operating at a second network layer of the network stack of the intermediary device, the network packet communicated by the network optimization engine, the second network layer comprising a layer of the network stack of the intermediary device above the first network layer;
(e) applying, by the security gateway, one or more policies to the network packet;
(f) receiving, by the network optimization engine, the network packet communicated by the security gateway via the network stack of the intermediary device;
(g) modifying, by the network optimization engine, the destination media access control address of the network packet to identify the media access control address of the destination; and
(h) transmitting, by the intermediary device, the network packet to the destination via a second network interface card of the intermediary device.
8 Assignments
0 Petitions
Accused Products
Abstract
The solution described herein provides systems and methods for the interoperability of network processing programs that process network packets at different levels of the network stack. This solution bridges the communications of a network packet between a first network processing program operating at a first level of a network stack in an intermediary and a second network processing program operating at a second level of the network stack of the intermediary. The first network processing program may modify an incoming network packet so that the packet may traverse the network stack to an upper level of the stack to the second network processing program. After processing the network packet at the upper layers of the stack or by the second network processing program, the first network processing program modifies the network pack in order to transmit the packet to the intended destination while traversing the intermediary.
-
Citations
22 Claims
-
1. A method of an intermediary for interfacing a network optimization engine accelerating network communications at a first network layer of a network stack with a security gateway applying policies at a second network layer above the first network layer, the method comprising the steps of:
-
(a) receiving, by a network optimization engine operating at a first network layer of a network stack of an intermediary device, a network packet from a source, the network packet comprising a media access control address identifying a destination for the network packet; (b) determining, by the network optimization engine, whether a source media access control address of the network packet identifies that an adapter type of the source is one of a physical network interface card or a local stack, the source media access control address identifying a first network interface card; (c) modifying, by the network optimization engine in response to the determination, the destination media access control address of the network packet to identify a network interface of the intermediary device; (d) receiving, by a security gateway operating at a second network layer of the network stack of the intermediary device, the network packet communicated by the network optimization engine, the second network layer comprising a layer of the network stack of the intermediary device above the first network layer; (e) applying, by the security gateway, one or more policies to the network packet; (f) receiving, by the network optimization engine, the network packet communicated by the security gateway via the network stack of the intermediary device; (g) modifying, by the network optimization engine, the destination media access control address of the network packet to identify the media access control address of the destination; and (h) transmitting, by the intermediary device, the network packet to the destination via a second network interface card of the intermediary device. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. An intermediary device for accelerating and applying security policies between a source and a destination, the intermediary device comprising
an interface between a network optimization engine that accelerates network communications at a first network layer of a network stack with a security gateway applying policies at a second network layer above the first network layer, the intermediary device comprising: -
a first network interface card on an intermediary device receiving a network packet from a source, the network packet comprising a media access control address of the destination; a network optimization engine of the intermediary device operating at a first network layer of a network stack of the intermediary device obtaining the network packet received by the first network interface card, determining that a source media control access address of the network packet identifies whether an adapter type of the source is one of a physical network interface card or a local stack, the source media access control address identifying a first network interface card, modifying a destination media access control address of the network packet to identify a network interface of the intermediary device, and communicating the network packet via the network stack of the intermediary device; a security gateway of the intermediary device operating at a second network layer of the network stack of the intermediary device above the first network layer receiving the network packet communicated via the network stack, the security gateway applying one or more policies to the network packet and communicating the network packet via the network stack of the intermediary device; wherein the network optimization engine receives the network packet communicated by the security gateway, in response to the determination modifies the destination media access control address of the network packet to identify the media access control address of the destination, and transmits the network packet to the destination via a second network interface card of the intermediary device. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
-
Specification