Resilient TCP splicing for proxy services
First Claim
Patent Images
1. A method comprising:
- receiving, by an ingress of a transparent proxy device and from a first end device, a first request that includes a first initial sequence number and options, to establish a layer four connection with a second end device, wherein the ingress operates at a layer lower than an application layer of the transparent proxy device;
learning, by the ingress of the transparent proxy device, the first initial sequence number of the first request;
transmitting, by the ingress of the transparent proxy device, the first request, to an egress of the transparent proxy device, wherein the first request bypasses an application proxy of the transparent proxy device and wherein the application proxy operates at the application layer of the transparent proxy device;
receiving, by an egress of the transparent proxy device and from the ingress, the first request, wherein the egress operates at the layer lower than the application layer of the transparent proxy device;
learning, by the egress of the transparent proxy device, the first initial sequence number of the first request;
receiving, by the egress of the transparent proxy device and from the second end device, a first acknowledgement for the first request and options, wherein the first acknowledgement includes a second initial sequence number;
learning, by the egress of the transparent proxy device, the second initial sequence number;
transmitting, by the egress of the transparent proxy device, the first acknowledgement, to the ingress of the transparent proxy device, wherein the first acknowledgement bypasses the application proxy of the transparent proxy device;
learning, by the ingress of the transparent proxy device, the second initial sequence number;
transmitting, by the ingress to the application proxy of the transparent proxy device, a second request, which includes the first initial sequence number and options negotiated between the first end device and the second end device, to establish a layer four connection between the ingress and the application proxy, in response to receiving the first acknowledgement;
establishing a layer four connection between the ingress and the first end device based on a second acknowledgement from the first end device;
establishing the layer four connection, between the ingress and the application proxy, in response to receiving the second acknowledgement;
establishing a layer four connection between the application proxy and the egress; and
establishing the layer four connection between the egress and the second end device based on the second acknowledgement.
1 Assignment
0 Petitions
Accused Products
Abstract
A transparent proxy device includes an ingress, an egress, and an application proxy. The ingress and the egress operate up to a layer four communication layer. The transparent proxy device is configured to establish spliced connections in relation to end devices. The spliced connections include layer four connections between the ingress and the application proxy and the application proxy and the egress. The transparent proxy device is configured to maintain an end-to-end connection in relation to the end devices even when the application proxy fails.
-
Citations
20 Claims
-
1. A method comprising:
-
receiving, by an ingress of a transparent proxy device and from a first end device, a first request that includes a first initial sequence number and options, to establish a layer four connection with a second end device, wherein the ingress operates at a layer lower than an application layer of the transparent proxy device; learning, by the ingress of the transparent proxy device, the first initial sequence number of the first request; transmitting, by the ingress of the transparent proxy device, the first request, to an egress of the transparent proxy device, wherein the first request bypasses an application proxy of the transparent proxy device and wherein the application proxy operates at the application layer of the transparent proxy device; receiving, by an egress of the transparent proxy device and from the ingress, the first request, wherein the egress operates at the layer lower than the application layer of the transparent proxy device; learning, by the egress of the transparent proxy device, the first initial sequence number of the first request; receiving, by the egress of the transparent proxy device and from the second end device, a first acknowledgement for the first request and options, wherein the first acknowledgement includes a second initial sequence number; learning, by the egress of the transparent proxy device, the second initial sequence number; transmitting, by the egress of the transparent proxy device, the first acknowledgement, to the ingress of the transparent proxy device, wherein the first acknowledgement bypasses the application proxy of the transparent proxy device; learning, by the ingress of the transparent proxy device, the second initial sequence number; transmitting, by the ingress to the application proxy of the transparent proxy device, a second request, which includes the first initial sequence number and options negotiated between the first end device and the second end device, to establish a layer four connection between the ingress and the application proxy, in response to receiving the first acknowledgement; establishing a layer four connection between the ingress and the first end device based on a second acknowledgement from the first end device; establishing the layer four connection, between the ingress and the application proxy, in response to receiving the second acknowledgement; establishing a layer four connection between the application proxy and the egress; and establishing the layer four connection between the egress and the second end device based on the second acknowledgement. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A proxy device comprising:
-
an ingress layer including a first transmitter and a first receiver, wherein the ingress layer operates up to a layer four communication layer; an egress layer including a second transmitter and a second receiver, wherein the egress layer operates up to a layer four communication layer; an application proxy, wherein the application proxy operates at an application communication layer; a memory, wherein the memory stores instructions; and a processor, wherein the processor executes the instructions to; receive, via the first receiver of the ingress layer and from a first end device, a first request that includes a first initial sequence number and options, to establish a layer four connection with a second end device; learn, by the ingress layer, the first initial sequence number of the first request; transmit, via the first transmitter of the ingress layer, the first request, to the egress layer, wherein the first request bypasses the application proxy; receive, via the second receiver of the egress layer and from the ingress layer, the first request; learn, by the egress layer, the first initial sequence number of the first request; receive, via the second receiver of the egress layer and from the second end device, a first acknowledgement for the first request and options, wherein the first acknowledgement includes a second initial sequence number; learn, by the egress layer, the second initial sequence number; transmit, via the second transmitter of the egress layer, the first acknowledgement, to the ingress layer, wherein the first acknowledgement bypasses the application proxy; learn, by the ingress layer, the second initial sequence number; transmit, via the first transmitter of the ingress layer to the application proxy, a second request, which includes the first initial sequence number and options negotiated between the first end device and the second end device, to establish a layer four connection between the ingress layer and the application proxy, in response to receiving the first acknowledgement; establish a first, layer four connection between the ingress layer and the first end device based on a second acknowledgement from the first end device; establish a second, layer four connection, between the ingress layer and the application proxy, in response to receiving the second acknowledgement; establish a third, layer four connection between the application proxy and the egress layer; and establish a fourth, layer four connection between the egress layer and the second end device based on the second acknowledgement. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
-
-
17. A non-transitory computer-readable storage medium that stores instructions, executable by a processor of a computational device that includes an ingress layer that operates up to a layer four communication layer, an egress layer that operates up to a layer four communication layer, and an application proxy that operates at an application communication layer, which when executed cause the computational device to:
-
receive, by the ingress layer and from a first end device, a first request that includes a first initial sequence number and options, to establish a layer four connection with a second end device; learn, by the ingress layer, the first initial sequence number of the first request; transmit, by the ingress layer, the first request, to the egress layer, wherein the first request bypasses the application proxy; receive, by the egress layer and from the ingress layer, the first request; learn, by the egress layer, the first initial sequence number of the first request; receive, by the egress layer and from the second end device, a first acknowledgement for the first request and options, wherein the first acknowledgement includes a second initial sequence number; learn, by the egress layer, the second initial sequence number; transmit, by the egress layer, the first acknowledgement, to the ingress layer, wherein the first acknowledgement bypasses the application proxy; learn, by the ingress layer, the second initial sequence number; transmit, by the ingress layer to the application proxy, a second request, which includes the first initial sequence number and options negotiated between the first end device and the second end device, to establish a layer four connection between the ingress layer and the application proxy, in response to receiving the first acknowledgement; establish a first, layer four connection between the ingress layer and the first end device based on a second acknowledgement from the first end device; establish a second, layer four connection, between the ingress layer and the application proxy, in response to receiving the second acknowledgement; establish a third, layer four connection between the application proxy and the egress layer; and establish a fourth, layer four connection between the egress layer and the second end device based on the second acknowledgement. - View Dependent Claims (18, 19, 20)
-
Specification