Highly scalable architecture for application network appliances

US 9,100,371 B2
Filed: 04/10/2013
Issued: 08/04/2015
Est. Priority Date: 08/28/2007
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

at a client host machine, sending a data packet from an application server of the client host machine to an agent of the client host machine, wherein the data packet comprises a header with a destination address, a destination port number and a payload;

at the client host machine, encrypting the payload of the data packet with an encryption header while maintaining the destination address information of the data packet unencrypted and maintaining the destination port number information of the data packet unencrypted; and

at the client host machine, performing a Layer 4 analysis on the data packet.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A highly scalable application network appliance is described herein. According to one embodiment, a network element includes a switch fabric, a first service module coupled to the switch fabric, and a second service module coupled to the first service module over the switch fabric. In response to packets of a network transaction received from a client over a first network to access a server of a data center having multiple servers over a second network, the first service module is configured to perform a first portion of OSI (open system interconnection) compatible layers of network processes on the packets while the second service module is configured to perform a second portion of the OSI compatible layers of network processes on the packets. The first portion includes at least one OSI compatible layer that is not included in the second portion. Other methods and apparatuses are also described.

Citations

21 Claims

1. A method comprising:
- at a client host machine, sending a data packet from an application server of the client host machine to an agent of the client host machine, wherein the data packet comprises a header with a destination address, a destination port number and a payload;
  
  at the client host machine, encrypting the payload of the data packet with an encryption header while maintaining the destination address information of the data packet unencrypted and maintaining the destination port number information of the data packet unencrypted; and
  
  at the client host machine, performing a Layer 4 analysis on the data packet.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, wherein encrypting the payload comprises encrypting the payload using a secure socket layer (SSL) encryption technique.
  - 3. The method of claim 2, wherein encrypting the payload using an SSL encryption technique comprises encrypting the payload with an SSL encryption header.
  - 4. The method of claim 1, wherein encrypting the payload comprises encrypting the payload using a datagram transport layer security (DTLS) encryption technique.
  - 5. The method of claim 1, further comprising transmitting the encrypted data packet using a Transparent Secure Transport method.
  - 6. The method of claim 1, wherein the destination address comprises an Internet Protocol (IP) address.
  - 7. The method of claim 1, wherein the destination port number comprises a Transport Control Protocol (TCP) port number.

8. An apparatus comprising:
- a network interface unit configured to enable communications over a network; and
  
  a processor configured to execute instructions associated with an application server and an agent server, so that the application server sends a data packet to the agent server, and the agent server encrypts a payload of the data packet with an encryption header such that a destination address of the data packet remains unencrypted and destination port number information of the data packet remains unencrypted, and the agent server performs Layer 4 analysis on the data packet.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The apparatus of claim 8, wherein the processor is configured to execute instructions for the agent server to encrypt the payload of the data packet using a secure socket layer (SSL) encryption technique.
  - 10. The apparatus of claim 8, wherein the processor is configured to execute instructions for the agent server to encrypt the payload of the data packet using a datagram transport layer security (DTLS) encryption technique.
  - 11. The apparatus of claim 9, wherein the processor is configured to execute instructions for the agent server to encrypt the payload of the data packet with an SSL encryption header.
  - 12. The apparatus of claim 8, wherein the processor is configured to execute instructions for the agent server to transmit the encrypted data packet using a Transparent Secure Transport system.
  - 13. The apparatus of claim 8, wherein the destination address comprises an Internet Protocol (IP) address.
  - 14. The apparatus of claim 8, wherein the destination port number comprises a Transport Control Protocol (TCP) port number.

15. One or more computer readable storage media encoded with software comprising computer executable instructions and when the software is executed operable to:
- send a data packet from an application server of the client host machine to an agent of the client host machine, wherein the data packet comprises a header with a destination address, a destination port number and a payload;
  
  encrypt the payload of the data packet with an encryption header while maintaining the destination address information of the data packet unencrypted and maintaining the destination port number information of the data packet unencrypted; and
  
  perform a Layer 4 analysis on the data packet.
- View Dependent Claims (16, 17, 18, 19, 20, 21)
- - 16. The computer readable storage media of claim 15, wherein the instructions operable to encrypt comprise instructions operable to encrypt the payload using a secure socket layer (SSL) encryption technique.
  - 17. The computer readable storage media of claim 16, wherein the instructions operable to encrypt the payload using the SSL encryption technique comprises encrypting the payload with an SSL encryption header.
  - 18. The computer readable storage media of claim 15, wherein the instructions operable to encrypt comprise instructions operable to encrypt the payload using a datagram transport layer security (DTLS) encryption technique.
  - 19. The computer readable storage media of claim 15, further comprising instructions operable to transmit the encrypted data packet using a Transparent Secure Transport method.
  - 20. The computer readable storage media of claim 15, wherein the destination address comprises an Internet Protocol (IP) address.
  - 21. The computer readable storage media of claim 15, wherein the destination port number comprises a Transport Control Protocol (TCP) port number.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Original Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Inventors
Bagepalli, Nagaraj, Gandhi, Prashant, Patra, Abhijit, Prabhu, Kirti, Thakar, Anant
Primary Examiner(s)
Jacobs, Lashonda

Application Number

US13/859,833
Publication Number

US 20130318341A1
Time in Patent Office

846 Days
Field of Search

709/223, 709/224, 709/203, 709/217, 709/219, 370/352, 370/389, 370/401, 713/153, 713/201
US Class Current

1/1
CPC Class Codes

H04L 47/20   Traffic policing

H04L 63/02   for separating internal fro...

H04L 63/0428   wherein the data content is...

H04L 63/166   at the transport layer

H04L 63/205   involving negotiation or de...

H04L 69/16   Implementation or adaptatio...

H04L 69/161   Implementation details of T...

H04L 69/321   Interlayer communication pr...

H04L 9/3242   involving keyed hash functi...

Y10T 70/5827   Axially movable clutch

Highly scalable architecture for application network appliances

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

Highly scalable architecture for application network appliances

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links