Systems and methods for bridging a WAN accelerator with a security gateway

US 9,210,081 B2
Filed: 10/24/2014
Issued: 12/08/2015
Est. Priority Date: 09/07/2007
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

(a) receiving, at a first network layer of a device, a network packet from a source, the network packet comprising a destination media access control address identifying a destination for the network packet and a source media access control address identifying an adapter type;

(b) determining, by the device, that the adapter type of the source is a physical network interface card instead of a local network interface of the device;

(c) modifying, by the device in response to the determination, the destination media access control address of the network packet to identify the local network interface of the device;

(d) applying, at the second network layer of the device, a policy to the network packet received from the first network layer;

(e) modifying, at the first network layer of the device, the destination media access control address of the network packet, received from the second network layer, to identify the media access control address of the destination; and

(f) transmitting, by the device, the network packet to the destination.

View all claims

7 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The solution described herein provides systems and methods for the interoperability of network processing programs that process network packets at different levels of the network stack. This solution bridges the communications of a network packet between a first network processing program operating at a first level of a network stack in an intermediary and a second network processing program operating at a second level of the network stack of the intermediary. The first network processing program may modify an incoming network packet so that the packet may traverse the network stack to an upper level of the stack to the second network processing program. After processing the network packet at the upper layers of the stack or by the second network processing program, the first network processing program modifies the network pack in order to transmit the packet to the intended destination while traversing the intermediary.

116 Citations

20 Claims

1. A method comprising:
- (a) receiving, at a first network layer of a device, a network packet from a source, the network packet comprising a destination media access control address identifying a destination for the network packet and a source media access control address identifying an adapter type;
  
  (b) determining, by the device, that the adapter type of the source is a physical network interface card instead of a local network interface of the device;
  
  (c) modifying, by the device in response to the determination, the destination media access control address of the network packet to identify the local network interface of the device;
  
  (d) applying, at the second network layer of the device, a policy to the network packet received from the first network layer;
  
  (e) modifying, at the first network layer of the device, the destination media access control address of the network packet, received from the second network layer, to identify the media access control address of the destination; and
  
  (f) transmitting, by the device, the network packet to the destination.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, wherein (a) further comprises receiving, by the device, the network packet via a first network interface card of the device.
  - 3. The method of claim 1, wherein the device is intermediary to the source and the destination.
  - 4. The method of claim 1, wherein the device comprises the source.
  - 5. The method of claim 1, wherein the first network layer comprises one of a layer 2 or a data link layer of a network stack.
  - 6. The method of claim 1, wherein the second network layer comprises a network layer above one of a layer 2 or a data link layer of a network stack.
  - 7. The method of claim 1, wherein (c) further comprises modifying the source media access control address of the network packet to replace the media access control address of the source from the received network packet with a media access control address of the device.
  - 8. The method of claim 1, wherein (e) further comprises modifying the source media access control address of the network packet to replace a media access control address of the device with the media access control address of the source from the received network packet.
  - 9. The method of claim 1, wherein (e) further comprises determining, by the device that the adapter type identified by the network packet is the local network interface of the device instead of the physical network interface card of the source.
  - 10. The method of claim 1, wherein (f) further comprises transmitting, by the device, the network packet via a second network interface card of the device.

11. A system comprising:
- a device configured to receive a network packet from a source, the network packet comprising a destination media access control address identifying a destination for the network packet and a source media access control address identifying an adapter type;
  
  a network optimization engine of the device configured to perform network acceleration techniques on network packets at the first network layer;
  
  a security gateway of the device configured to perform security functions on network packets at a second network layer different than the first network layer;
  
  wherein the network optimization engine is configured to determine that the adapter type of the source is a physical network interface card instead of a local network interface of the device and responsive to the determination, modify the destination media access control address of the network packet to identify the local network interface of the device;
  
  wherein the security gateway is configured to apply at the second network layerpolicy to the network packet received from the network optimization engine;
  
  wherein the network optimization engine is configured to modify at the first network layer, the destination media access control address of the network packet, received from the second network layer, to identify the media access control address of the destination; and
  
  wherein the device is configured to transmit the network packet to the destination.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 12. The system of claim 11, wherein device is further configured to receive the network packet via a first network interface card of the device.
  - 13. The system of claim 11, wherein the device is intermediary to the source and the destination.
  - 14. The system of claim 11, wherein the device comprises the source.
  - 15. The system of claim 11, wherein the first network layer comprises one of a layer 2 or a data link layer of a network stack.
  - 16. The system of claim 11, wherein the second network layer comprises a network layer above one of a layer 2 or a data link layer of a network stack.
  - 17. The system of claim 11, wherein the network optimization engine is further configured to modify the source media access control address of the network packet to replace the media access control address of the source from the received network packet with a media access control address of the device.
  - 18. The system of claim 11, wherein the network optimization engine is further configured to the source media access control address of the network packet to replace a media access control address of the device with the media access control address of the source from the received network packet.
  - 19. The system of claim 11, wherein the network optimization engine is further configured to determine that the adapter type identified by the network packet is the local network interface of the device instead of the physical network interface card of the source.
  - 20. The system of claim 11, wherein the device is further configured to transmit the network packet via a second network interface card of the device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Citrix Systems, Inc. (Cloud Software Group)
Original Assignee
Citrix Systems, Inc. (Cloud Software Group)
Inventors
Chadda, Sanjay, Samuels, Allen R., Decasper, Dan S., Dittia, Zubin, Ankam, Shiva
Primary Examiner(s)
Sam, Phirin
Assistant Examiner(s)
HAMPTON, TARELL A

Application Number

US14/522,907
Publication Number

US 20150139236A1
Time in Patent Office

410 Days
Field of Search

None
US Class Current

1/1
CPC Class Codes

H04L 45/74   Address processing for routing

H04L 63/0227   Filtering policies mail mes...

H04L 63/0236   Filtering by address, proto...

H04L 63/10   for controlling access to d...

H04L 67/561   Adding application-function...

H04L 67/568   Storing data temporarily at...

Systems and methods for bridging a WAN accelerator with a security gateway

First Claim

7 Assignments

0 Petitions

Accused Products

Abstract

116 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Systems and methods for bridging a WAN accelerator with a security gateway

First Claim

7 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

116 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links