Accelerating data communication using tunnels

US 9,774,570 B2
Filed: 07/28/2015
Issued: 09/26/2017
Est. Priority Date: 10/18/2008
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method comprising:

establishing, between a first wide are network (WAN) acceleration device operable at an edge of a first subnet of an enterprise network and a second WAN acceleration device operable at an edge of a second subnet of the enterprise network, a private tunnel, wherein the private tunnel is used by the first and second WAN acceleration devices to convey application layer data for a particular connection-oriented application layer protocol of a plurality of connection-oriented application layer protocols known to behave poorly within a WAN environment and that are capable of being accelerated by the first and second WAN acceleration devices;

receiving, by a flow classification module executing on the first WAN acceleration device at an Internet Protocol (IP) layer of a protocol stack of the first WAN acceleration device, packets from the second WAN acceleration device via the private tunnel;

passing, by the flow classification module, the packets to a transport layer of the protocol stack via a WAN socket executing on the first WAN acceleration device at the transport layer, wherein the WAN socket represents an interface between the first and second WAN acceleration devices for connection-oriented application layer protocol traffic;

based on the particular application layer protocol with which the packets are associated, passing, by the WAN socket, the packets to an application handler of a plurality of application handlers executing on the first WAN acceleration device at an application layer of the protocol stack, each of the plurality of application handlers implementing one or more application acceleration techniques for an associated application layer protocol of the plurality of connection-oriented application layer protocols; and

securely accelerating the connection-oriented application layer protocol traffic, by the application handler, by performing the one or more application acceleration techniques, classifying data streams into different stages including tagging a data stream as being at a stage in which associated data is unlikely repeatable, repeatable but not stable or stable and applying one or more security functions.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods and systems are provided for increasing application performance and accelerating data communications in a WAN environment. According to one embodiment, packets are received at a flow classification module operating at the Internet Protocol (IP) layer of a first wide area network (WAN) acceleration device via a private tunnel, which is operable to convey application layer data for connection-oriented applications between WAN acceleration devices. The packets are passed to a WAN socket operating at the transport layer. Based on the application protocol, the packets are passed to an application handler of multiple application handlers operating at the application layer each of which implements one or more application acceleration techniques for a particular application layer protocol known to behave poorly within a WAN environment. The existing connection-oriented flow is securely accelerated by performing one or more application acceleration techniques and applying one or more security functions.

Citations

12 Claims

1. A computer-implemented method comprising:
- establishing, between a first wide are network (WAN) acceleration device operable at an edge of a first subnet of an enterprise network and a second WAN acceleration device operable at an edge of a second subnet of the enterprise network, a private tunnel, wherein the private tunnel is used by the first and second WAN acceleration devices to convey application layer data for a particular connection-oriented application layer protocol of a plurality of connection-oriented application layer protocols known to behave poorly within a WAN environment and that are capable of being accelerated by the first and second WAN acceleration devices;
  
  receiving, by a flow classification module executing on the first WAN acceleration device at an Internet Protocol (IP) layer of a protocol stack of the first WAN acceleration device, packets from the second WAN acceleration device via the private tunnel;
  
  passing, by the flow classification module, the packets to a transport layer of the protocol stack via a WAN socket executing on the first WAN acceleration device at the transport layer, wherein the WAN socket represents an interface between the first and second WAN acceleration devices for connection-oriented application layer protocol traffic;
  
  based on the particular application layer protocol with which the packets are associated, passing, by the WAN socket, the packets to an application handler of a plurality of application handlers executing on the first WAN acceleration device at an application layer of the protocol stack, each of the plurality of application handlers implementing one or more application acceleration techniques for an associated application layer protocol of the plurality of connection-oriented application layer protocols; and
  
  securely accelerating the connection-oriented application layer protocol traffic, by the application handler, by performing the one or more application acceleration techniques, classifying data streams into different stages including tagging a data stream as being at a stage in which associated data is unlikely repeatable, repeatable but not stable or stable and applying one or more security functions.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1, wherein the one or more application acceleration techniques include one or more of (i) transaction prediction, (ii) pre-population and (iii) classification of data streams into different stages to facilitate one or more of data reduction, data compression and quality of service.
  - 3. The method of claim 1, further comprising applying a hierarchical data reference reduction algorithm and a variable length data reference reduction algorithm to data tagged as stable.
  - 4. The method of claim 1, further comprising applying a memory based data reference reduction algorithm to data tagged as repeatable but not stable.
  - 5. The method of claim 1, further comprising foregoing application of data reference reduction algorithms to data tagged as unlikely repeatable.
  - 6. The method of claim 1, further comprising performing transport acceleration techniques used to improve performance of Transport Control Protocol (TCP) across high latency or high loss links including one or more of TCP connection pooling, TCP window scaling, selective acknowledgement (SACK), round-trip measurement and HighSpeed TCP.

7. A computer-implemented method comprising:
- a step for establishing, between a first wide are network (WAN) acceleration device operable at an edge of a first subnet of an enterprise network and a second WAN acceleration device operable at an edge of a second subnet of the enterprise network, a private tunnel, wherein the private tunnel is used by the first and second WAN acceleration devices to convey application layer data for a particular connection-oriented application layer protocol of a plurality of connection-oriented application layer protocols known to behave poorly within a WAN environment and that are capable of being accelerated by the first and second WAN acceleration devices;
  
  a step for receiving, by a flow classification module executing on the first WAN acceleration device at an Internet Protocol (IP) layer of a protocol stack of the first WAN acceleration device, packets from the second WAN acceleration device via the private tunnel;
  
  a step for passing, by the flow classification module, the packets to a transport layer of the protocol stack via a WAN socket executing on the first WAN acceleration device at the transport layer, wherein the WAN socket represents an interface between the first and second WAN acceleration devices for connection-oriented application layer protocol traffic;
  
  a step for passing, by the WAN socket, the packets to an application handler of a plurality of application handlers executing on the first WAN acceleration device at an application layer of the protocol stack based on the particular application layer protocol with which the packets are associated, wherein each of the plurality of application handlers implement one or more application acceleration techniques for an associated application layer protocol of the plurality of connection-oriented application layer protocols; and
  
  a step for securely accelerating the connection-oriented application layer protocol traffic, by the application handler, by performing the one or more application acceleration techniques, classifying data streams into different stages including tagging a data stream as being at a stage in which associated data is unlikely repeatable, repeatable but not stable or stable and applying one or more security functions.
- View Dependent Claims (8, 9, 10, 11, 12)
- - 8. The method of claim 7, wherein the one or more application acceleration techniques include one or more of (i) transaction prediction, (ii) pre-population and (iii) classification of data streams into different stages to facilitate one or more of data reduction, data compression and quality of service.
  - 9. The method of claim 7, further comprising a step for applying a hierarchical data reference reduction algorithm and a variable length data reference reduction algorithm to data tagged as stable.
  - 10. The method of claim 7, further comprising a step for applying a memory based data reference reduction algorithm to data tagged as repeatable but not stable.
  - 11. The method of claim 7, further comprising a step for foregoing application of data reference reduction algorithms to data tagged as unlikely repeatable.
  - 12. The method of claim 7, further comprising a step for performing transport acceleration techniques used to improve performance of Transport Control Protocol (TCP) across high latency or high loss links including one or more of TCP connection pooling, TCP window scaling, selective acknowledgement (SACK), round-trip measurement and HighSpeed TCP.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Fortinet Inc.
Original Assignee
Fortinet Inc.
Inventors
Luo, Wenping, Li, Hongwei, Pan, Yixin, Huang, Tao
Primary Examiner(s)
Sefcheck, Gregory

Application Number

US14/810,820
Publication Number

US 20150334088A1
Time in Patent Office

791 Days
Field of Search

None
US Class Current
CPC Class Codes

H04L 12/4633   Interconnection of networks...

H04L 41/00   Arrangements for maintenanc...

H04L 47/193   at the transport layer, e.g...

H04L 63/029   Firewall traversal, e.g. tu...

H04L 63/168   above the transport layer

Accelerating data communication using tunnels

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

Citations

12 Claims

Specification

Solutions

Use Cases

Quick Links

Accelerating data communication using tunnels

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

12 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links