Systems and methods for encoding the core identifier in the session identifier
First Claim
1. A method of identifying a core establishing a secure socket layer (SSL) connection in a multi-core system via an SSL identifier, the method comprising:
- a) receiving, by a packet engine executing on a first core of a multi-core system, a request from a client to establish a secure socket layer (SSL) session with a server via the multi-core system, the first core assigned a core identifier, the multi-core system deployed as an intermediary between the client and the server;
b) determining, by the packet engine executing on the first core, a first session identifier for the SSL session, the first session identifier generated by the server and used by the server and the multi-core system to identify the SSL session established by the multi-core system between the client and the server, the first session identifier communicated from the server to the multi-core system;
c) encoding, by the packet engine, the core identifier in the first session identifier to form a second session identifier, the second session identifier included in communications between the multi-core system and the client;
d) setting, by the packet engine, an indicator of the multi-core system specifying whether the SSL session is resumable;
e) receiving, by the multi-core system, a second request from the client including the second session identifier to access the SSL session;
f) decoding, by the multi-core system, the second session identifier of the second request to obtain the first session identifier; and
g) identifying, by the multi-core system, the SSL session according to the first session identifier decoded from the second session identifier, and determining whether the identified SSL session is resumable based on the indicator of the multi-core system.
8 Assignments
0 Petitions
Accused Products
Abstract
The present invention is directed towards systems and methods for managing SSL session persistence and reuse in a multi-core system. A first core may indicate that an SSL session established by the first core is non-resumable. Responsive to the indication, the core may set an indicator at a location in memory accessible by each core of the multi-core system, the indicator indicating that the SSL session is non-resumable. A second core of the multi-core system may receive a request to reuse the SSL session. The request may include a session identifier of the SSL session. In addition, the session identifier may identify the first core as an establisher of the SSL session. The second core can identify from encoding of the session identifier whether the second core is not the establisher of the SSL session. Responsive to the identification, the second core may determine whether to resume the SSL session.
-
Citations
11 Claims
-
1. A method of identifying a core establishing a secure socket layer (SSL) connection in a multi-core system via an SSL identifier, the method comprising:
-
a) receiving, by a packet engine executing on a first core of a multi-core system, a request from a client to establish a secure socket layer (SSL) session with a server via the multi-core system, the first core assigned a core identifier, the multi-core system deployed as an intermediary between the client and the server; b) determining, by the packet engine executing on the first core, a first session identifier for the SSL session, the first session identifier generated by the server and used by the server and the multi-core system to identify the SSL session established by the multi-core system between the client and the server, the first session identifier communicated from the server to the multi-core system; c) encoding, by the packet engine, the core identifier in the first session identifier to form a second session identifier, the second session identifier included in communications between the multi-core system and the client; d) setting, by the packet engine, an indicator of the multi-core system specifying whether the SSL session is resumable; e) receiving, by the multi-core system, a second request from the client including the second session identifier to access the SSL session; f) decoding, by the multi-core system, the second session identifier of the second request to obtain the first session identifier; and g) identifying, by the multi-core system, the SSL session according to the first session identifier decoded from the second session identifier, and determining whether the identified SSL session is resumable based on the indicator of the multi-core system. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A method of identifying a core establishing a secure socket layer (SSL) connection in a multi-core system via an identifier, the method comprising:
-
a) receiving, by a packet engine executing on a first core of a multi-core system, a request from a client to establish a secure socket layer (SSL) session with a server, the first core assigned a core identifier, the multi-core system deployed as an intermediary between the client and the server; b) determining, by the packet engine executing on the first core, a first session identifier for the SSL session, the first session identifier generated by the server and used by the server and the multi-core system to identify the SSL session established by the multi-core system between the client and the server, the first session identifier communicated from the server to the multi-core system; c) encoding, by the packet engine, the core identifier and a validity identifier in the first session identifier to form a second session identifier, the validity identifier identifying the SSL session as comprising a session for reuse upon establishment of the SSL session, the second session identifier included in communications between the multi-core system and the client; d) setting, by the packet engine, an indicator of the multi-core system specifying whether the session is resumable; e) receiving, by the multi-core system, a second request from the client including the second session identifier to access the SSL session; f) decoding, by the multi-core system, the second session identifier of the second request to obtain the first session identifier; and g) identifying, by the multi-core system, the SSL session according to the first session identifier decoded from the second session identifier, and determining whether the identified SSL session is resumable based on the indicator of the multi-core system.
-
Specification