Looking for:
Windows 10 pro download free softlayer serverless
code that, upon being triggered, are executed in an iso- term serverless as well as the first 10 unique fitting results. Log in to the IBM Cloud via VPN. Choose from several VPN access points, each associated with a data center or network Point of Presence. Migrate VMware workloads to the IBM Cloud while using existing tools, technologies and skills from your on-premises environment. The integration and automation.❿
Windows 10 pro download free softlayer serverless.AWS Lambda | AWS Compute Blog
Because of the chosen network topology, all data destined for VPN appliance traverses appliance , so the appliance can apply any necessary algorithms to this data. Hate ads? In some embodiments, a centralized service may provide management for server farm In one embodiment, the control operating system executes in a virtual machine that is authorized to interact with at least one guest operating system This increase in buffer capacity in may be referenced as window or buffer virtualization. This mechanism alone can result in cutting the overhead in half; moreover, by increasing the numbers of packets above two, additional overhead reduction is realized.
❿
Windows 10 pro download free softlayer serverless.Increased Default Limits
For example, one network stack may be for receiving and transmitting network packets on a first network, and another network stack for receiving and transmitting network packets on a second network. Additionally, a heterogeneous server farm 38 may include one or more servers operating according to a type of operating system, while one or more other servers execute one or more types of hypervisors rather than operating systems. The appliance then resends the packets from itself to the receiver, using a different congestion avoidance algorithm. In one embodiment, the encryption engine uses a tunneling protocol to provide a virtual private network between a client an and a server an.❿
Windows 10 pro download free softlayer serverless
AWS has made moves to open up its offering to hybrid cloud users — introducing Snowball, a piece of hardware that can transfer data in and out of the cloud, for instance. It also introduced hybrid and cross-cloud management for its EC2 cloud less than a fortnight ago , making its Run Command tool work for on-premise server workloads as well as for EC2 instances.
In order to address this very common use case, we are now opening up Run Command to servers running outside of EC2. Can’t choose between public and private cloud? You don’t have to with IaaS. Enjoy a cloud-like experience with on-premises infrastructure. How organisations drive employee empowerment and business results with leading digital technology.
What you can achieve with a leading approach to digital work. Apple issues patch for macOS security bypass vulnerability. IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more. News Home Cloud. For example, in the case of an in-bound packet that is, a packet received from a client , the source network address of the packet is changed to that of an output port of appliance , and the destination network address is changed to that of the intended server.
In the case of an outbound packet that is, one received from a server , the source network address is changed from that of the server to that of an output port of appliance and the destination address is changed from that of appliance to that of the requesting client The sequence numbers and acknowledgment numbers of the packet are also translated to sequence numbers and acknowledgement expected by the client on the appliance’s transport layer connection to the client In some embodiments, the packet checksum of the transport layer protocol is recalculated to account for these translations.
In another embodiment, the appliance provides switching or load-balancing functionality for communications between the client and server In some embodiments, the appliance distributes traffic and directs client requests to a server based on layer 4 payload or application-layer request data. In one embodiment, although the network layer or layer 2 of the network packet identifies a destination server , the appliance determines the server to distribute the network packet by application information and data carried as payload of the transport layer packet.
In one embodiment, a health monitoring program of the appliance monitors the health of servers to determine the server for which to distribute a client’s request. In some embodiments, if the appliance detects a server is not available or has a load over a predetermined threshold, the appliance can direct or distribute client requests to another server In some embodiments, the appliance intercepts a DNS request transmitted by the client In one embodiment, the appliance responds to a DNS request from a client with an IP address of or hosted by the appliance In this embodiment, the client transmits network communication for the domain name to the appliance In another embodiment, the appliance responds to a client’s DNS request with an IP address of or hosted by a second appliance ‘.
In some embodiments, the appliance responds to a client’s DNS request with an IP address of a server determined by the appliance In yet another embodiment, the appliance provides application firewall functionality for communications between the client and server In one embodiment, a policy engine ‘ provides rules for detecting and blocking illegitimate requests.
In some embodiments, the application firewall protects against denial of service DoS attacks. In other embodiments, the appliance inspects the content of intercepted requests to identify and block application-based attacks. In an embodiment, the application firewall of the appliance provides HTML form field protection in the form of inspecting or analyzing the network communication for one or more of the following: 1 required fields are returned, 2 no added field allowed, 3 read-only and hidden field enforcement, 4 drop-down list and radio button field conformance, and 5 form-field max- length enforcement.
In some embodiments, the application firewall of the appliance ensures cookies are not modified. In other embodiments, the appliance protects against forceful browsing by enforcing legal URLs.
In still yet other embodiments, the application firewall appliance protects any confidential information contained in the network communication. The appliance may inspect or analyze any network communication in accordance with the rules or polices of the policy engine to identify any confidential information in any field of the network packet.
In some embodiments, the application firewall identifies in the network communication one or more occurrences of a credit card number, password, social security number, name, patient code, contact information, and age.
The encoded portion of the network communication may include these occurrences or the confidential information. Based on these occurrences, in one embodiment, the application firewall may take a policy action on the network communication, such as prevent transmission of the network communication. In another embodiment, the application firewall may rewrite, remove or otherwise mask such identified occurrence or confidential information.
Although generally referred to as a network optimization or first appliance and a second appliance , the first appliance and second appliance may be the same type and form of appliance. In one embodiment, the second appliance may perform the same functionality, or portion thereof, as the first appliance , and vice-versa. For example, the first appliance and second appliance may both provide acceleration techniques. In one embodiment, the first appliance may perform LAN acceleration while the second appliance performs WAN acceleration, or vice-versa.
In another example, the first appliance may also be a transport control protocol terminating device as with the second appliance IH, a block diagram depicts other embodiments of a network environment for deploying the appliance In one embodiment, as depicted on the top of FIG. IH, the appliance may be deployed as a single appliance or single proxy on the network For example, the appliance may be designed, constructed or adapted to perform WAN optimization techniques discussed herein without a second cooperating appliance ‘.
In another embodiment, as depicted on the bottom of FIG. IH, a single appliance may be deployed with one or more second appliances II, a block diagram depicts further embodiments of a network environment for deploying the appliance and the appliance In some embodiments, as depicted in the first row of FIG. IL, a first appliance resides on a network ‘ on which a client resides and a second appliance ‘ resides on a network “‘ on which a server resides.
In one of these embodiments, the first appliance and the second appliance ‘ are separated by a third network, such as a Wide Area Network. In other embodiments, as depicted in the second row of FIG. II, a first appliance resides on a network ‘ on which a client resides and a second appliance ‘ resides on a network ‘” on which a server resides. In one of these embodiments, the first appliance and the second appliance ‘ are separated by a third network “, such as a Wide Area Network.
In still other embodiments, as depicted in the third row of FIG. II, a first appliance and a first appliance reside on a first network ‘ on which a client resides; a second appliance ‘ and a second appliance ‘ reside on a second network ‘”. In one of these embodiments, the first network ‘ and the second network “‘ are separated by a third network “. In further embodiments, the first appliance and the first appliance are symmetrical devices that are deployed as a pair.
In one of these embodiments, the appliance on a network ‘” resides between the appliance ‘ and a machine in the network “. In some embodiments, a server includes an application delivery system for delivering a resource – such as a computing environment, an application, a data file, or other resource – to one or more clients In brief overview, a client is in communication with a server via network and appliance For example, the client may reside in a remote office of a company, e.
The client has a client agent , and a computing environment The computing environment may execute or operate an application that accesses, processes or uses a data file. In one embodiment, a resource comprises a program, an application, a document, a file, a plurality of applications, a plurality of files, an executable program file, a desktop environment, a computing environment, or other resource made available to a user of the local machine The resource may be delivered to the local machine via a plurality of access methods including, but not limited to, conventional installation directly on the local machine , delivery to the local machine via a method for application streaming, delivery to the local machine of output data generated by an execution of the resource on a third machine ‘ and communicated to the local machine via a presentation layer protocol, delivery to the local machine of output data generated by an execution of the resource via a virtual machine executing on a remote machine , execution from a removable storage device connected to the local machine , such as a USB device, or via a virtual machine executing on the local machine and generating output data.
In some embodiments, the local machine transmits output data generated by the execution of the resource to another client machine ‘. In one embodiment, the appliance accelerates the delivery of the resource by the application delivery system In another example, the embodiments described herein may be used to accelerate delivery of a virtual machine image, which may be the resource or which may be executed to provide access to the resource In another embodiment, the appliance accelerates transport layer traffic between a client and a server In still another embodiment, the appliance controls, manages, or adjusts the transport layer protocol to accelerate delivery of the computing environment.
In some embodiments, the application delivery management system provides application delivery techniques to deliver a computing environment to a desktop of a user, remote or otherwise, based on a plurality of execution methods and based on any authentication and authorization policies applied via a policy engine With these techniques, a remote user may obtain a computing environment and access to server stored applications and data files from any network connected device In one embodiment, the application delivery system may reside or execute on a server In another embodiment, the application delivery system may reside or execute on a plurality of servers an.
In some embodiments, the application delivery system may execute in a server farm In one embodiment, the server executing the application delivery system may also store or provide the application and data file.
In another embodiment, a first set of one or more servers may execute the application delivery system , and a different server n may store or provide the application and data file.
In some embodiments, each of the application delivery system , the application, and data file may reside or be located on different servers.
In yet another embodiment, any portion of the application delivery system may reside, execute or be stored on or distributed to the appliance , or a plurality of appliances. The client may include a resource such as a computing environment for executing an application that uses or processes a data file. The client via networks , ‘ and appliance may request an application and data file from the server In one embodiment, the appliance may forward a request from the client to the server For example, the client may not have the application and data file stored or accessible locally.
For example, in one embodiment, the server may transmit the application as an application stream to operate in an environment provided by a resource on client In one embodiment, the application delivery system may deliver one or more resources to clients or users via a remote-display protocol or otherwise via remote -based or server-based computing.
In another embodiment, the application delivery system may deliver one or more resources to clients or users via steaming of the resources.
In one embodiment, the application delivery system includes a policy engine for controlling and managing the access to, selection of application execution methods and the delivery of applications. In some embodiments, the policy engine determines the one or more applications a user or client may access. In another embodiment, the policy engine determines how the application should be delivered to the user or client , e.
In some embodiments, the application delivery system provides a plurality of delivery techniques from which to select a method of application execution, such as a server-based computing, streaming or delivering the application locally to the client for local execution.
In one embodiment, a client requests execution of an application program and the application delivery system comprising a server selects a method of executing the application program. In some embodiments, the server receives credentials from the client In another embodiment, the server receives a request for an enumeration of available applications from the client In one embodiment, in response to the request or receipt of credentials, the application delivery system enumerates a plurality of application programs available to the client The application delivery system receives a request to execute an enumerated application.
The application delivery system selects one of a predetermined number of methods for executing the enumerated application, for example, responsive to a policy of a policy engine. The application delivery system may select a method of execution of the application enabling the client to receive application-output data generated by execution of the application program on a server The application delivery system may select a method of execution of the application enabling the client or local machine to execute the application program locally after retrieving a plurality of application files comprising the application.
In yet another embodiment, the application delivery system may select a method of execution of the application to stream the application via the network to the client In some embodiments, the application may be a server-based or a remote-based application executed on behalf of the client on a server In one embodiment the server may display output to the client using any thin-client or remote-display protocol, such as the Independent Computing Architecture ICA protocol manufactured by Citrix Systems, Inc.
In other embodiments, the application comprises any type of software related to VoIP communications, such as a soft IP telephone. In some embodiments, the server or a server farm 38 may be running one or more applications, such as an application providing a thin-client computing or remote display presentation application. In one embodiment, the application is an independent computing architecture ICA client, developed by Citrix Systems, Inc. Also, the server may run an application, which for example, may be an application server providing email services such as Microsoft Exchange manufactured by the Microsoft Corporation of Redmond, Washington, a web or Internet server, or a desktop sharing server, or a collaboration server.
The architecture of the appliance in FIG. The appliance may include any type and form of computing device , such as any element or portion described in conjunction with FIGs. IF and IG above. The appliance also has a network optimization engine for optimizing, accelerating or otherwise improving the performance, operation, or quality of any network traffic or communications traversing the appliance The appliance includes or is under the control of an operating system.
As such, the appliance can be running any operating system such as any of the versions of the MICROSOFT Windows operating systems, the different releases of the Unix and Linux operating systems, any version of the MAC OS for Macintosh computers, any embedded operating system, any network operating system, any real-time operating system, any open source operating system, any proprietary operating system, any operating systems for mobile computing devices or network devices, or any other operating system capable of running on the appliance and performing the operations described herein.
The operating system of appliance allocates, manages, or otherwise segregates the available system memory into what is referred to as kernel or system space, and user or application space. The kernel space is typically reserved for running the kernel, including any device drivers, kernel extensions or other kernel related software. As known to those skilled in the art, the kernel is the core of the operating system, and provides access, control, and management of resources and hardware -related elements of the appliance In accordance with an embodiment of the appliance , the kernel space also includes a number of network services or processes working in conjunction with the network optimization engine , or any portion thereof.
Additionally, the embodiment of the kernel will depend on the embodiment of the operating system installed, configured, or otherwise used by the device In contrast to kernel space, user space is the memory area or portion of the operating system used by user mode applications or programs otherwise running in user mode. A user mode application may not access kernel space directly and uses service calls in order to access kernel services.
The appliance has one or more network ports for transmitting and receiving data over a network The type and form of network port depends on the type and form of network and type of medium for connecting to the network.
Furthermore, any software of, provisioned for or used by the network port and network stack may run in either kernel space or user space. In one embodiment, the network stack is used to communicate with a first network, such as network , and also with a second network ‘. In another embodiment, the appliance has two or more network stacks, such as first network stack A and a second network stack N.
The first network stack A may be used in conjunction with a first port A to communicate on a first network The second network stack N may be used in conjunction with a second port N to communicate on a second network ‘. In one embodiment, the network stack s has one or more buffers for queuing one or more network packets for transmission by the appliance The network stack includes any type and form of software, or hardware, or any combinations thereof, for providing connectivity to and communications with a network.
In one embodiment, the network stack includes a software implementation for a network protocol suite. The network stack may have one or more network layers, such as any networks layers of the Open Systems Interconnection OSI communications model as those skilled in the art recognize and appreciate.
As such, the network stack may have any type and form of protocols for any of the following layers of the OSI model: 1 physical link layer, 2 data link layer, 3 network layer, 4 transport layer, 5 session layer, 6 presentation layer, and 7 application layer. In some embodiments, the network stack has any type and form of a wireless protocol, such as IEEE In other embodiments, any type and form of user datagram protocol UDP , such as UDP over IP, may be used by the network stack , such as for voice communications or real-time data communications.
Furthermore, the network stack may include one or more network drivers supporting the one or more layers, such as a TCP driver or a network layer driver.
The network drivers may be included as part of the operating system of the computing device or as part of any network interface cards or other network access components of the computing device In some embodiments, any of the network drivers of the network stack may be customized, modified or adapted to provide a custom or modified portion of the network stack in support of any of the techniques described herein.
In one embodiment, the appliance provides for or maintains a transport layer connection between a client and server using a single network stack In some embodiments, the appliance effectively terminates the transport layer connection by changing, managing or controlling the behavior of the transport control protocol connection between the client and the server. In these embodiments, the appliance may use a single network stack In other embodiments, the appliance terminates a first transport layer connection, such as a TCP connection of a client , and establishes a second transport layer connection to a server for use by or on behalf of the client , e.
The first and second transport layer connections may be established via a single network stack In other embodiments, the appliance may use multiple network stacks, for example A and N.
In these embodiments, the first transport layer connection may be established or terminated at one network stack A, and the second transport layer connection may be established or terminated on the second network stack N. For example, one network stack may be for receiving and transmitting network packets on a first network, and another network stack for receiving and transmitting network packets on a second network.
The network optimization engine , or any portion thereof, may include software, hardware or any combination of software and hardware. Furthermore, any software of, provisioned for or used by the network optimization engine may run in either kernel space or user space. For example, in one embodiment, the network optimization engine may run in kernel space.
In another embodiment, the network optimization engine may run in user space. In yet another embodiment, a first portion of the network optimization engine runs in kernel space while a second portion of the network optimization engine runs in user space.
The network packet engine , also generally referred to as a packet processing engine or packet engine, is responsible for controlling and managing the processing of packets received and transmitted by appliance via network ports and network stack s The network packet engine may operate at any layer of the network stack In one embodiment, the network packet engine operates at layer 2 or layer 3 of the network stack In another embodiment, the packet engine operates at layer 4 of the network stack In other embodiments, the packet engine operates at any session or application layer above layer 4.
For example, in one embodiment, the packet engine intercepts or otherwise receives network packets above the transport layer protocol layer, such as the payload of a TCP packet in a TCP embodiment.
The packet engine may include a buffer for queuing one or more network packets during processing, such as for receipt of a network packet or transmission of a network packet. Additionally, the packet engine is in communication with one or more network stacks to send and receive network packets via network ports The packet engine may include a packet processing timer.
In one embodiment, the packet processing timer provides one or more time intervals to trigger the processing of incoming, i. In some embodiments, the packet engine processes network packets responsive to the timer. The packet processing timer provides any type and form of signal to the packet engine to notify, trigger, or communicate a time related event, interval or occurrence.
In many embodiments, the packet processing timer operates in the order of milliseconds, such as for example ms, 50ms, 25ms, 10ms, 5ms or lms. In some embodiments, any of the logic, functions, or operations of the encryption engine , cache manager , policy engine and multi-protocol compression logic may be performed at the granularity of time intervals provided via the packet processing timer, for example, at a time interval of less than or equal to 10ms.
In another embodiment, the expiry or invalidation time of a cached object can be set to the same order of granularity as the time interval of the packet processing timer, such as at every 10 ms. The cache manager may include software, hardware or any combination of software and hardware to store data, information and objects to a cache in memory or storage, provide cache access, and control and manage the cache.
The data, objects or content processed and stored by the cache manager may include data in any format, such as a markup language, or any type of data communicated via any protocol. In some embodiments, the cache manager duplicates original data stored elsewhere or data previously computed, generated or transmitted, in which the original data may require longer access time to fetch, compute or otherwise obtain relative to reading a cache memory or storage element.
Once the data is stored in the cache, future use can be made by accessing the cached copy rather than refetching or recomputing the original data, thereby reducing the access time. In some embodiments, the cache may comprise a data object in memory of the appliance In another embodiment, the cache may comprise any type and form of storage element of the appliance , such as a portion of a hard disk.
In some embodiments, the processing unit of the device may provide cache memory for use by the cache manager In yet further embodiments, the cache manager may use any portion and combination of memory, storage, or the processing unit for caching data, objects, and other content.
Furthermore, the cache manager includes any logic, functions, rules, or operations to perform any caching techniques of the appliance In some embodiments, the cache manager may operate as an application, library, program, service, process, thread or task.
The policy engine ‘ includes any logic, function or operations for providing and applying one or more policies or rules to the function, operation or configuration of any portion of the appliance The policy engine ‘ may include, for example, an intelligent statistical engine or other programmable application s. In one embodiment, the policy engine provides a configuration mechanism to allow a user to identify, specify, define or configure a policy for the network optimization engine , or any portion thereof.
For example, the policy engine may provide policies for what data to cache, when to cache the data, for whom to cache the data, when to expire an object in cache or refresh the cache. In other embodiments, the policy engine may include any logic, rules, functions or operations to determine and provide access, control and management of objects, data or content being cached by the appliance in addition to access, control and management of security, network traffic, network access, compression or any other function or operation performed by the appliance In some embodiments, the policy engine ‘ provides and applies one or more policies based on any one or more of the following: a user, identification of the client, identification of the server, the type of connection, the time of the connection, the type of network, or the contents of the network traffic.
In one embodiment, the policy engine ‘ provides and applies a policy based on any field or header at any protocol layer of a network packet.
In another embodiment, the policy engine ‘ provides and applies a policy based on any payload of a network packet. For example, in one embodiment, the policy engine. In another example, the policy engine ‘ applies a policy based on any information identified by a client, server or user certificate.
In yet another embodiment, the policy engine ‘ applies a policy based on any attributes or characteristics obtained about a client , such as via any type and form of endpoint detection see for example the collection agent of the client agent discussed below.
In one embodiment, the policy engine ‘ works in conjunction or cooperation with the policy engine of the application delivery system In some embodiments, the policy engine ‘ is a distributed portion of the policy engine of the application delivery system In another embodiment, the policy engine of the application delivery system is deployed on or executed on the appliance In some embodiments, the policy engines , ‘ both operate on the appliance In yet another embodiment, the policy engine ‘, or a portion thereof, of the appliance operates on a server The compression engine includes any logic, business rules, function or operations for compressing one or more protocols of a network packet, such as any of the protocols used by the network stack of the appliance The compression engine may also be referred to as a multi-protocol compression engine in that it may be designed, constructed or capable of compressing a plurality of protocols.
In one embodiment, the compression engine applies context insensitive compression, which is compression applied to data without knowledge of the type of data. In another embodiment, the compression engine applies context-sensitive compression. In this embodiment, the compression engine utilizes knowledge of the data type to select a specific compression algorithm from a suite of suitable algorithms. In some embodiments, knowledge of the specific protocol is used to perform context-sensitive compression.
In one embodiment, the appliance or compression engine can use port numbers e. Some protocols use only a single type of data, requiring only a single compression algorithm that can be selected when the connection is established. Other protocols contain different types of data at different times. In one embodiment, the compression engine uses a delta-type compression algorithm.
In another embodiment, the compression engine uses first site compression as well as searching for repeated patterns among data stored in cache, memory or disk. In some embodiments, the compression engine uses a lossless compression algorithm.
In other embodiments, the compression engine uses a lossy compression algorithm. In some cases, knowledge of the data type and, sometimes, permission from the user are required to use a lossy compression algorithm.
Compression is not limited to the protocol payload. The control fields of the protocol itself may be compressed. In some embodiments, the compression engine uses a different algorithm than that used for the payload. In some embodiments, the compression engine compresses at one or more layers of the network stack In one embodiment, the compression engine compresses at a transport layer protocol. In another embodiment, the compression engine compresses at an application layer protocol.
In some embodiments, the compression engine compresses at a layer protocol. In other embodiments, the compression engine compresses at a layer protocol. In yet another embodiment, the compression engine compresses a transport layer protocol and an application layer protocol. In some embodiments, the compression engine compresses a layer protocol and a layer protocol. In some embodiments, the compression engine uses memory-based compression, cache-based compression or disk-based compression or any combination thereof.
As such, the compression engine may be referred to as a multi-layer compression engine. In one embodiment, the compression engine uses a history of data stored in memory, such as RAM. In another embodiment, the compression engine uses a history of data stored in a cache, such as L2 cache of the processor. In other embodiments, the compression engine uses a history of data stored to a disk or storage location.
In some embodiments, the compression engine uses a hierarchy of cache-based, memory-based and disk-based data history. The compression engine may first use the cache-based data to determine one or more data matches for compression, and then may check the memory-based data to determine one or more data matches for compression. In one embodiment, the multi-protocol compression engine provides compression of any high-performance protocol, such as any protocol designed for appliance to appliance communications.
As such, the multi-protocol compression engine accelerates performance for users accessing applications via desktop clients, e. In some embodiments, the multi-protocol compression engine by integrating with packet processing engine accessing the network stack is able to compress any of the protocols carried by a transport layer protocol, such as any application layer protocol.
The synchronization packet identifies a type or speed of the network traffic. The appliance then configures itself to operate the identified port on which the tagged synchronization packet arrived so that the speed on that port is set to be the speed associated with the network connected to that port. The other port is then set to the speed associated with the network connected to that port. For ease of discussion herein, reference to “fast” side will be made with respect to connection with a wide area network WAN , e.
Likewise, reference to “slow” side will be made with respect to connection with a local area network LAN and operating at a network speed the LAN. However, it is noted that “fast” and “slow” sides in a network can change on a per-connection basis and are relative terms to the speed of the network connections or to the type of network topology. Such configurations are useful in complex network topologies, where a network is “fast” or “slow” only when compared to adjacent networks and not in any absolute sense.
For example, an auto-discovery mechanism in operation in accordance with FIG. IA functions as follows: appliance and ‘ are placed in line with the connection linking client and server The appliances and ‘ are at the ends of a low-speed link, e.
In one example embodiment, appliances and ‘ each include two ports—one to connect with the “lower” speed link and the other to connect with a “higher” speed link, e. Any packet arriving at one port is copied to the other port. Thus, appliance and ‘ are each configured to function as a bridge between the two networks When an end node, such as the client , opens a new TCP connection with another end node, such as the server , the client sends a TCP packet with a synchronization SYN header bit set, or a SYN packet, to the server In the present example, client opens a transport layer connection to server When the SYN packet passes through appliance , the appliance inserts, attaches or otherwise provides a characteristic TCP header option to the packet, which announces its presence.
If the packet passes through a second appliance, in this example appliance ‘ the second appliance notes the header option on the SYN packet. When appliance receives this packet, both appliances , ‘ are now aware of each other and the connection can be appropriately accelerated.
In one embodiment, the appliance optionally removes the ACK tag from the packet before copying the packet to the other port. If the SYN packet was not tagged, the appliance copied the packet to the other port. The appliance , ‘ may add, insert, modify, attach or otherwise provide any information or data in the TCP option header to provide any information, data or characteristics about the network connection, network traffic flow, or the configuration or operation of the appliance In this manner, not only does an appliance announce its presence to another appliance ‘ or tag a higher or lower speed connection, the appliance provides additional information and data via the TCP option headers about the appliance or the connection.
The TCP option header information may be useful to or used by an appliance in controlling, managing, optimizing, acceleration or improving the network traffic flow traversing the appliance , or to otherwise configure itself or operation of a network port. The flow controller includes any logic, business rules, function or operations for optimizing, accelerating or otherwise improving the performance, operation or quality of service of transport layer communications of network packets or the delivery of packets at the transport layer.
A flow controller, also sometimes referred to as a flow control module, regulates, manages and controls data transfer rates. In some embodiments, the flow controller is deployed at or connected at a bandwidth bottleneck in the network In one embodiment, the flow controller effectively regulates, manages and controls bandwidth usage or utilization.
In other embodiments, the flow control modules may also be deployed at points on the network of latency transitions low latency to high latency and on links with media losses such as wireless or satellite links. In some embodiments, a flow controller may include a receiver-side flow control module for controlling the rate of receipt of network transmissions and a sender-side flow control module for the controlling the rate of transmissions of network packets.
In other embodiments, a first flow controller includes a receiver-side flow control module and a second flow controller ‘ includes a sender- side flow control module. In some embodiments, a first flow controller is deployed on a first appliance and a second flow controller ‘ is deployed on a second appliance ‘.
As such, in some embodiments, a first appliance controls the flow of data on the receiver side and a second appliance ‘ controls the data flow from the sender side. In yet another embodiment, a single appliance includes flow control for both the receiver- side and sender- side of network communications traversing the appliance In one embodiment, a flow control module is configured to allow bandwidth at the bottleneck to be more fully utilized, and in some embodiments, not overutilized.
In some embodiments, the flow control module transparently buffers or rebuffers data already buffered by, for example, the sender network sessions that pass between nodes having associated flow control modules When a session passes through two or more flow control modules , one or more of the flow control modules controls a rate of the session s.
In one embodiment, the flow control module is configured with predetermined data relating to bottleneck bandwidth. In another embodiment, the flow control module may be configured to detect the bottleneck bandwidth or data associated therewith. Unlike conventional network protocols such as TCP, a receiver-side flow control module controls the data transmission rate. The receiver-side flow control module controls the sender-side flow control module, e.
In one embodiment, the receiver-side flow control module piggybacks these transmission rate limits on acknowledgement ACK packets or signals sent to the sender, e. The receiver-side flow control module does this in response to rate control requests that are sent by the sender side flow control module ‘. The requests from the sender-side flow control module ‘ may be “piggybacked” on data packets sent by the sender The flow controller may implement a plurality of data flow control techniques at the transport layer, including but not limited to 1 pre-acknowledgements, 2 window virtualization, 3 recongestion techniques, 3 local retransmission techniques, 4 wavefront detection and disambiguation, 5 transport control protocol selective acknowledgements, 6 transaction boundary detection techniques and 7 repacketization.
Although a sender may be generally described herein as a client and a receiver as a server , a sender may be any end point such as a server or any computing device on the network Likewise, a receiver may be a client or any other computing device on the network In brief overview of a pre-acknowledgement flow control technique, the flow controller , in some embodiments, handles the acknowledgements and retransmits for a sender, effectively terminating the sender’s connection with the downstream portion of a network connection.
In reference to FIG. IB, one possible deployment of an appliance into a network architecture to implement this feature is depicted. In this example environment, a sending computer or client transmits data on network , for example, via a switch, which determines that the data is destined for VPN appliance Because of the chosen network topology, all data destined for VPN appliance traverses appliance , so the appliance can apply any necessary algorithms to this data. Continuing further with the example, the client transmits a packet, which is received by the appliance When the appliance receives the packet, which is transmitted from the client to a recipient via the VPN appliance the appliance retains a copy of the packet and forwards the packet downstream to the VPN appliance The appliance then generates an acknowledgement packet ACK and sends the ACK packet back to the client or sending endpoint.
This ACK, a pre-acknowledgment, causes the sender to believe that the packet has been delivered successfully, freeing the sender’s resources for subsequent processing. The appliance retains the copy of the packet data in the event that a retransmission of the packet is required, so that the sender does not have to handle retransmissions of the data.
This early generation of acknowledgements may be called “preacking. If a retransmission of the packet is required, the appliance retransmits the packet to the sender. The appliance may determine whether retransmission is required as a sender would in a traditional system, for example, determining that a packet is lost if an acknowledgement has not been received for the packet after a predetermined amount of time.
To this end, the appliance monitors acknowledgements generated by the receiving endpoint, e. If the appliance determines that the packet has been successfully delivered, the appliance is free to discard the saved packet data. The appliance may also inhibit forwarding acknowledgements for packets that have already been received by the sending endpoint. In the embodiment described above, the appliance via the flow controller controls the sender through the delivery of pre-acknowledgements, also referred to as “preacks”, as though the appliance was a receiving endpoint itself.
Since the appliance is not an endpoint and does not actually consume the data, the appliance includes a mechanism for providing overflow control to the sending endpoint. Without overflow control, the appliance could run out of memory because the appliance stores packets that have been preacked to the sending endpoint but not yet acknowledged as received by the receiving endpoint.
Therefore, in a situation in which the sender transmits packets to the appliance faster than the appliance can forward the packets downstream, the memory available in the appliance to store unacknowledged packet data can quickly fill.
A mechanism for overflow control allows the appliance to control transmission of the packets from the sender to avoid this problem.
In one embodiment, the appliance or flow controller includes an inherent “self-clocking” overflow control mechanism. This self-clocking is due to the order in which the appliance may be designed to transmit packets downstream and send ACKs to the sender or In some embodiments, the appliance does not preack the packet until after it transmits the packet downstream.
In this way, the sender will receive the ACKs at the rate at which the appliance is able to transmit packets rather than the rate at which the appliance receives packets from the sender This helps to regulate the transmission of packets from a sender Another overflow control mechanism that the appliance may implement is to use the TCP window size parameter, which tells a sender how much buffer the receiver is permitting the sender to fill up. A nonzero window size e.
Accordingly, the appliance may regulate the flow of packets from the sender, for example when the appliance’s buffer is becoming full, by appropriately setting the TCP window size in each preack.
Another technique to reduce this additional overhead is to apply hysteresis. When the appliance delivers data to the slower side, the overflow control mechanism in the appliance can require that a minimum amount of space be available before sending a nonzero window advertisement to the sender. In one embodiment, the appliance waits until there is a minimum of a predetermined number of packets, such as four packets, of space available before sending a nonzero window packet, such as a window size of four packets.
This reduces the overhead by approximately a factor four, since only two ACK packets are sent for each group of four data packets, instead of eight ACK packets for four data packets. This mechanism alone can result in cutting the overhead in half; moreover, by increasing the numbers of packets above two, additional overhead reduction is realized.
But merely delaying the ACK itself may be insufficient to control overflow, and the appliance may also use the advertised window mechanism on the ACKs to control the sender. When doing this, the appliance in one embodiment avoids triggering the timeout mechanism of the sender by delaying the ACK too long. In one embodiment, the flow controller does not preack the last packet of a group of packets.
By not preacking the last packet, or at least one of the packets in the group, the appliance avoids a false acknowledgement for a group of packets. For example, if the appliance were to send a preack for a last packet and the packet were subsequently lost, the sender would have been tricked into thinking that the packet is delivered when it was not.
Thinking that the packet had been delivered, the sender could discard that data. If the appliance also lost the packet, there would be no way to retransmit the packet to the recipient.
By not preacking the last packet of a group of packets, the sender will not discard the packet until it has been delivered. In another embodiment, the flow controller may use a window virtualization technique to control the rate of flow or bandwidth utilization of a network connection. Though it may not immediately be apparent from examining conventional literature such as RFC , there is effectively a send window for transport layer protocols such as TCP.
The send window is similar to the receive window, in that it consumes buffer space though on the sender. The sender’s send window consists of all data sent by the application that has not been acknowledged by the receiver. This data must be retained in memory in case retransmission is required. Since memory is a shared resource, some TCP stack implementations limit the size of this data.
When the send window is full, an attempt by an application program to send more data results in blocking the application program until space is available. Subsequent reception of acknowledgements will free send- window memory and unblock the application program. In some embodiments, this window size is known as the socket buffer size in some TCP implementations.
In one embodiment, the flow control module is configured to provide access to increased window or buffer sizes. This configuration may also be referenced to as window virtualization.
In the embodiment of TCP as the transport layer protocol, the TCP header includes a bit string corresponding to a window scale. In one embodiment, “window” may be referenced in a context of send, receive, or both. One embodiment of window virtualization is to insert a preacking appliance into a TCP session. In reference to any of the environments of FIG.
ID or IE, initiation of a data communication session between a source node, e. For TCP communications, the source node initially transmits a synchronization signal “SYN” through its local area network to first flow control module The first flow control module inserts a configuration identifier into the TCP header options area. The configuration identifier identifies this point in the data path as a flow control module.
The appliances via a flow control module provide window or buffer to allow increasing data buffering capabilities within a session despite having end nodes with small buffer sizes, e.
Moreover, the window scaling corresponds to the lowest common denominator in the data path, often an end node with small buffer size.
This window scale often is a scale of 0 or 1, which corresponds to a buffer size of up to 64 k or k bytes. Note that because the window size is defined as the window field in each packet shifted over by the window scale, the window scale establishes an upper limit for the buffer, but does not guarantee the buffer is actually that large.
Each packet indicates the current available buffer space at the receiver in the window field. In one embodiment of scaling using the window virtualization technique, during connection establishment i. The first flow control module also modifies the scale, e. When the second flow control module receives the SYN signal, it stores the increased scale from the first flow control signal and resets the scale in the SYN signal back to the source node scale value for transmission to the destination node When the second flow controller receives the SYN-ACK signal from the destination node , it stores the scale from the destination node scale, e.
The first flow control node receives and notes the received window scale and revises the windows scale sent back to the source node back down to the original scale, e.
Based on the above window shift conversation during connection establishment, the window field in every subsequent packet, e. The window scale, as described above, expresses buffer sizes of over 64 k and may not be required for window virtualization. Thus, shifts for window scale may be used to express increased buffer capacity in each flow control module This increase in buffer capacity in may be referenced as window or buffer virtualization.
❿