US20110320589A1 - Method and device for processing data in a network - Google Patents

Method and device for processing data in a network Download PDF

Info

Publication number
US20110320589A1
US20110320589A1 US13/141,880 US200913141880A US2011320589A1 US 20110320589 A1 US20110320589 A1 US 20110320589A1 US 200913141880 A US200913141880 A US 200913141880A US 2011320589 A1 US2011320589 A1 US 2011320589A1
Authority
US
United States
Prior art keywords
message
network component
network
service
gateway
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Abandoned
Application number
US13/141,880
Inventor
Erkki Juhani Hietala
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Nokia Solutions and Networks Oy
Original Assignee
Nokia Siemens Networks Oy
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Nokia Siemens Networks Oy filed Critical Nokia Siemens Networks Oy
Publication of US20110320589A1 publication Critical patent/US20110320589A1/en
Assigned to NOKIA SIEMENS NETWORKS OY reassignment NOKIA SIEMENS NETWORKS OY ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: HIETALA, ERKKI JUHANI
Assigned to NOKIA SOLUTIONS AND NETWORKS OY reassignment NOKIA SOLUTIONS AND NETWORKS OY CHANGE OF NAME (SEE DOCUMENT FOR DETAILS). Assignors: NOKIA SIEMENS NETWORKS OY
Abandoned legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0227Filtering policies
    • H04L63/0245Filtering by information in the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0281Proxies
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/02Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/50Network services
    • H04L67/56Provisioning of proxy services

Definitions

  • the invention relates to a method and to a device for processing data in a network.
  • Deep Packet Inspection is a form of computer network packet filtering that examines the data and/or header part of a packet as it passes an inspection point, searching for protocol non-compliance, viruses, spam, intrusions or predefined criteria to decide if the packet can pass or if it needs to be routed to a different destination, or for the purpose of collecting statistical information.
  • Deep Packet Inspection and filtering
  • a user surfing through the Internet may experience unavailability of a particular service, site or network component, e.g. server, wherein the user is not aware of any reason as why the service requested is not available or denied.
  • a reason may be a broken server or a server that has been moved to a different site or link.
  • the problem to be solved is to overcome the disadvantage stated before and in particular to provide an efficient approach to let a user experience a reason for a denial of a request.
  • a method for processing data in a network comprising the step:
  • a user via a second network component (client device) requesting a service from the first network component or from the network in general is informed about the reason as why the service is changed, in particular that the service is no longer reachable from this first network component.
  • the client device (second network component) can be informed about the change of the service, in particular it may obtain an information as how to access the service required from a different location.
  • the client device (second network component) and thus the user may be able to access the requested service from the network component that actually provides such service.
  • the gateway may in particular forward information that can be used to access the correct network component.
  • the service requested may comprise any kind of service that can be provided by the network, in particular by a component or resource of a network, in particular of the Internet.
  • Such service may be, e.g., an information, a site, a page, a program, a link (URL) or any other kind of content information.
  • protocols of the first network component as well as of the second network component do not have to be amended or changed and the second network component (e.g., the client) may still become aware of a relocation of a service or content accessible, e.g., via a different server.
  • This different server may be accessible by information provided by the gateway to the second network component (e.g., to the client).
  • the gateway performs deep packet inspection to determine whether or not modification of a communication, in particular redirection, is required.
  • the gateway may analyze IP packets by some sort of TCP flow tracking to determine whether or not an IP packet arriving at the gateway (from, e.g., a client) tries to access a service that matches a “denied rule”.
  • a “denied rule” may be locally available at the gateway or it may be accessible to the gateway to find out whether a particular access service matches a denied criteria.
  • the gateway could start dropping IP packets that fall under such “denied rule” or it may initiate redirection or it may initiate a reset of a TCP connection between the first network component and the second network component.
  • the gateway performs layer-4 processing, in particular without using TCP level processing.
  • the packets are inspected on layer-4 and also the TCP level payload can be read to obtain the payload data on HTTP level (e.g., HTTP methods and headers).
  • HTTP level e.g., HTTP methods and headers
  • the suggested layer-4 processing can be conducted, e.g., by a kernel of the gateway, which leads to a much faster overall performance handling messages at the gateway.
  • the gateway modifies the communication if a request from the second network component to the first network component is directed to a denied service.
  • Redirection may in particular be required in case a prepaid user runs out of memory and the access needs to be redirected to a self-service portal that allows the user to use a credit card. Redirection may also become necessary if access is not allowed to a specific URL (service) and the operator wants to inform the client as why the service is not allowed (wrong time or wrong profile). In addition, redirection may be necessary if the service is denied temporarily, e.g., for maintenance needs. In addition, the service may have been moved to another server, which can be indicated to the client. Furthermore, a welcome page needed for the first service usage action can be provided by redirection means.
  • redirection means can be provided by redirection means.
  • the gateway initiates redirection and/or the gateway starts dropping data directed towards the first network component.
  • the change of the service is indicated by conveying redirection information to access the service via a third network component.
  • Said redirection information may be a change of an address (e.g., URL) that can be utilized by a client (e.g., the second network component) to access the required data or information via a different network component (another server than the server previously addressed).
  • an address e.g., URL
  • the first network component is a first server
  • the second network component is a client
  • the third network component is a second server.
  • the first, second and third network components can be any kind of components distributed throughout the network.
  • Any of the network components may be a user's device or client or a server, e.g., operated by a service provider.
  • said communication from the first network component comprises a “Not found” message or an “OK message”, optionally comprising the redirection information to access the service via said third network component.
  • the solution provided comprises the step:
  • Such access may be processed via said gateway.
  • the client device may get access to the information required via said third network component (e.g., additional server).
  • the network comprises the Internet or is associated with the Internet.
  • said service comprises at least one of the following:
  • the solution provided comprises the following step prior to step (a1):
  • Such a message to be conveyed to the first network component may be a HEAD-message indicating that the first network component (server) must not return a message body in a response message. Only the HTTP headers are provided in such response and further conveyed to the second network component (the client), comprising e.g., a content-type, a content-size, a date.
  • the first network component may just return a “method not allowed” or a “200 OK” message.
  • the response from the first network component can be modified by the gateway, e.g., by providing a service or a service-relevant information.
  • the gateway receives a message without a message body from the first network component in return to the HEAD-message.
  • the solution provided comprises the following step prior to step (a1):
  • the gateway receives a “200 OK” message in return to the GET, PUT- or POST-message in particular indicating the change of the service within a message body.
  • a device comprising a and/or being associated with a processor unit and/or a hard-wired circuit and/or a logic device that is arranged such that the method as described herein is executable thereon.
  • the device is a or is associated with a communication device, in particular a network component, a gateway, a server or a client device.
  • FIG. 1 shows an exemplary message sequence chart between a client, a gateway, a Server1 and a Server2, wherein a reason of a service change or a change of service, in particular a redirection information, is conveyed to the client device;
  • FIG. 2 shows an alternative message sequence chart between a client, a gateway, a Server1 and a Server2, wherein a reason of a service change or a change of service, in particular a redirection information, is conveyed to the client device;
  • FIG. 3 shows a message sequence chart based on FIG. 1 in more detail.
  • the approach provided herein in particular enables an HTTP redirection transparently processed in an IP gateway that is analyzing the IP traffic, e.g., on layer-4 (L4).
  • L4 layer-4
  • TCP sessions are terminated in a gateway node so that a user space (on layer-7 (L7)) application in the gateway is able to process the HTTP requests and inspect the payload data.
  • L7 on layer-7
  • the gateway will make the connection towards the destination server and it will send the original request to such destination server.
  • the gateway sends the response to the client using the existing connection.
  • the gateway may immediately after having received the HTTP request from the client send the redirection response back to the client.
  • the network gateway being able to route IP packets in kernel level (L4) up to 1 GBits/s may only process about 100 MBit/s in user space (L7).
  • TCP stream processing in application space requires IP packet reassembly, handling of the TCP window, sequence number processing, retransmissions, etc., which results in a lot of processing capacity all done by said gateway.
  • Such kernel mode DPI gateway may advantageously investigate IP packets having some sort of TCP flow tracking (e.g., state full inspection).
  • the purpose of this kind of flow tracking may comprise denying service access that matches a so-called ‘deny’ rule.
  • the DPI gateway located in the path between the client and the server may inspect, route and forward the IP packets. If the HTTP request arriving at the gateway does have the service access to a denied service, the gateway will start dropping the IP packets or it will send the TCP reset to the client and to the server for terminating the TCP session.
  • the approach described herein allows making a redirection in the kernel space (L4 of the gateway) without using TCP level processing.
  • the DPI gateway does not have to break the TCP connection between the server and client.
  • the connection may have to be established, e.g., via TCP handshake.
  • the gateway performs DPI and is thus able to provide redirection as described herein. If TCP retransmission is required, the server will be able to handle it—the DPI gateway may only rewrite the data as described herein.
  • the format of the headers may be as follows:
  • a response code 301 may be applicable for most web browsers. Accordingly, the following redirection response from the server may work in a similar manner:
  • the IP gateway may modify an HTTP URL received via an IP packet to point to a nonexistent URL.
  • the destination server may return an HTTP response “404 Not found”.
  • IP gateway modifies it into a “302 Moved” message.
  • IP gateway modifies HTTP response headers to carry a ‘Location’ header comprising the redirection URL.
  • the TCP CRC is recalculated and the IP packet is sent to the HTTP client.
  • the client is able to send a HTTP GET request to another server utilizing the redirection URL conveyed by the IP gateway.
  • FIG. 1 shows an exemplary message sequence chart between a client, a gateway, a Server1 and a Server2.
  • the messages exchanged can be describes as follows:
  • a client may be configured to use a HTTP proxy, i.e. the client is connected via the gateway and further via said HTTP proxy to the Server2 (e.g., “www.server2.com”):
  • the client may not use such HTTP proxy, but have a direct connection to the destination (e.g., to Server2) via said gateway:
  • Both such formats may be adapted by changing the method line path accordingly.
  • the location header may be the same for both, the direct mode and the proxy mode server redirection response (location according to the example: http://www.server2.com/deny.
  • FIG. 3 shows a message sequence chart based on FIG. 1 in more detail.
  • TCP message flags SYN, SYN ACK, ACK, FIN, FIN ACK are shown indicating synchronization (SYN), acknowledgement (ACK) and an end of a connection (FIN).
  • a first connection is established between the client and the Server1 and a second connection is established between the client and the Server2 after the redirection response 101 has been provided to the client.
  • the redirection can be provided, e.g., by the kernel of the gateway without using any TCP level processing. This enables redirection without the gateway having to break up the TCP connection between the Server1 and the client.
  • the connection needs to be established, i.e. via TCP handshake, comprising SYN, SYN ACK and ACK messages.
  • the DPI gateway When the client sends a packet containing the HTTP request in TCP payload, which does match the deny/redirect rule, the DPI gateway is able to do the redirection as described. If the TCP retransmission is required due to such matching entry regarding said deny/redirect rule, the Server1 may handle it and the DPI gateway may just rewrite the data to be forwarded. Redirection status codes as indicated, e.g., 301 or 302 , may both work for most web clients.
  • the approach provided herein enables HTTP redirection transparently in the IP gateway that is analyzing the IP traffic by modifying the accessed HTTP method “HEAD” instead of methods “GET”, “PUT” or “POST” so that the destination server may return a HTTP response “200 OK” or any other valid HTTP response.
  • Such response is modified into a “302 Moved” message.
  • the IP gateway also modifies the HTTP response headers to carry a ‘Location’ header having the redirection URL. After such changes, the TCP CRC is recalculated and the IP packet is sent to the HTTP client.
  • the client is able to send an HTTP GET request to another server utilizing the redirection URL conveyed by the IP gateway.
  • FIG. 2 shows a different embodiment visualized by a message sequence chart comprising a client, a gateway, a Server1 and a Server2.
  • the messages exchanged can be describes as follows:
  • a client may be configured to use a HTTP proxy or it may utilize a direct connection.
  • TCP level packet retransmission is handled by the client and by the server, wherein the gateway does not have to modify any TCP sequence and/or acknowledge numbers.
  • the gateway does not have to buffer IP packets which have not yet been acknowledged either by the client or by the server.
  • the “404 Not found” response provided by the Server1 may not comprise any payload data to be sent to the client.
  • the space in the IP packet that could otherwise be used for payload data could be utilized by conveying a redirection URL, in particular with additional data.
  • HTTP servers and/or clients may send other HTTP headers ‘Server’ and ‘Content-Type’ which can be replaced to contain a redirection header with additional data. If IP packet retransmission occurs, the gateway needs only to rewrite the IP packet as it has done previously. The TCP/IP session information and/or termination are handled by the original client and by the server. The IP gateway may in particular only forward the TCP/IP signaling packets.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Information Transfer Between Computers (AREA)

Abstract

A method and a device for processing data in a network are provided. The method includes using a gateway for modifying a communication from a first network component to a second network component by indicating a reason for a service change and/or by indicating a change of the service. Furthermore, a communication system is suggested containing this device.

Description

  • The invention relates to a method and to a device for processing data in a network.
  • Deep Packet Inspection (DPI) is a form of computer network packet filtering that examines the data and/or header part of a packet as it passes an inspection point, searching for protocol non-compliance, viruses, spam, intrusions or predefined criteria to decide if the packet can pass or if it needs to be routed to a different destination, or for the purpose of collecting statistical information. Deep Packet Inspection (and filtering) enables advanced security functions as well as internet data mining, eavesdropping, and censorship.
  • A user surfing through the Internet may experience unavailability of a particular service, site or network component, e.g. server, wherein the user is not aware of any reason as why the service requested is not available or denied. A reason may be a broken server or a server that has been moved to a different site or link.
  • The problem to be solved is to overcome the disadvantage stated before and in particular to provide an efficient approach to let a user experience a reason for a denial of a request.
  • This problem is solved according to the features of the independent claims. Further embodiments result from the depending claims.
  • In order to overcome this problem, a method for processing data in a network is provided comprising the step:
      • (a1) a gateway modifies a communication from a first network component to a second network component by indicating a reason for a service change and/or by indicating a change of the service.
  • Hence, a user via a second network component (client device) requesting a service from the first network component or from the network in general is informed about the reason as why the service is changed, in particular that the service is no longer reachable from this first network component. In addition, the client device (second network component) can be informed about the change of the service, in particular it may obtain an information as how to access the service required from a different location.
  • Eventually, the client device (second network component) and thus the user may be able to access the requested service from the network component that actually provides such service. The gateway may in particular forward information that can be used to access the correct network component.
  • The service requested may comprise any kind of service that can be provided by the network, in particular by a component or resource of a network, in particular of the Internet. Such service may be, e.g., an information, a site, a page, a program, a link (URL) or any other kind of content information.
  • Advantageously, protocols of the first network component as well as of the second network component do not have to be amended or changed and the second network component (e.g., the client) may still become aware of a relocation of a service or content accessible, e.g., via a different server. This different server may be accessible by information provided by the gateway to the second network component (e.g., to the client).
  • According to an embodiment, the gateway performs deep packet inspection to determine whether or not modification of a communication, in particular redirection, is required.
  • Hence, the gateway may analyze IP packets by some sort of TCP flow tracking to determine whether or not an IP packet arriving at the gateway (from, e.g., a client) tries to access a service that matches a “denied rule”. Such “denied rule” may be locally available at the gateway or it may be accessible to the gateway to find out whether a particular access service matches a denied criteria. In such case, the gateway could start dropping IP packets that fall under such “denied rule” or it may initiate redirection or it may initiate a reset of a TCP connection between the first network component and the second network component.
  • According to another embodiment, the gateway performs layer-4 processing, in particular without using TCP level processing. In particular, the packets are inspected on layer-4 and also the TCP level payload can be read to obtain the payload data on HTTP level (e.g., HTTP methods and headers).
  • Hence, no resource demanding layer-7 processing is required at the gateway. The suggested layer-4 processing can be conducted, e.g., by a kernel of the gateway, which leads to a much faster overall performance handling messages at the gateway.
  • According to just another embodiment, the gateway modifies the communication if a request from the second network component to the first network component is directed to a denied service.
  • Redirection may in particular be required in case a prepaid user runs out of memory and the access needs to be redirected to a self-service portal that allows the user to use a credit card. Redirection may also become necessary if access is not allowed to a specific URL (service) and the operator wants to inform the client as why the service is not allowed (wrong time or wrong profile). In addition, redirection may be necessary if the service is denied temporarily, e.g., for maintenance needs. In addition, the service may have been moved to another server, which can be indicated to the client. Furthermore, a welcome page needed for the first service usage action can be provided by redirection means.
  • It is also an embodiment that the gateway initiates redirection and/or the gateway starts dropping data directed towards the first network component.
  • In an embodiment, the change of the service is indicated by conveying redirection information to access the service via a third network component.
  • Said redirection information may be a change of an address (e.g., URL) that can be utilized by a client (e.g., the second network component) to access the required data or information via a different network component (another server than the server previously addressed).
  • In another embodiment, the first network component is a first server, the second network component is a client and the third network component is a second server.
  • Other than that, the first, second and third network components can be any kind of components distributed throughout the network. Any of the network components may be a user's device or client or a server, e.g., operated by a service provider.
  • In a further embodiment, said communication from the first network component comprises a “Not found” message or an “OK message”, optionally comprising the redirection information to access the service via said third network component.
  • In a next embodiment, the solution provided comprises the step:
      • (a2) the second network component accesses the third network component utilizing said redirection information.
  • Such access may be processed via said gateway. Hence, the client device may get access to the information required via said third network component (e.g., additional server).
  • It is also an embodiment that the network comprises the Internet or is associated with the Internet.
  • Pursuant to another embodiment, said service comprises at least one of the following:
      • a service provided by the network being addressable in the network;
      • a site or a page of the network;
      • a content of the network;
      • an URL.
  • According to an embodiment, the solution provided comprises the following step prior to step (a1):
      • (a0) the gateway receives a request for the service from the second network component and changes this request into a message to be conveyed to the first network component, pursuant to which the first network component provides a response without a message body.
  • Such a message to be conveyed to the first network component may be a HEAD-message indicating that the first network component (server) must not return a message body in a response message. Only the HTTP headers are provided in such response and further conveyed to the second network component (the client), comprising e.g., a content-type, a content-size, a date.
  • For example, the first network component may just return a “method not allowed” or a “200 OK” message.
  • The response from the first network component can be modified by the gateway, e.g., by providing a service or a service-relevant information.
  • According to another embodiment, the gateway receives a message without a message body from the first network component in return to the HEAD-message.
  • In yet another embodiment, the solution provided comprises the following step prior to step (a1):
      • (a0) the gateway receives a request for the service from the second network component and changes this request into a GET-message, a PUT-message or a POST-message to be conveyed to the first network component.
  • According to a next embodiment, the gateway receives a “200 OK” message in return to the GET, PUT- or POST-message in particular indicating the change of the service within a message body.
  • The problem stated above is also solved by a device comprising a and/or being associated with a processor unit and/or a hard-wired circuit and/or a logic device that is arranged such that the method as described herein is executable thereon.
  • According to an embodiment, the device is a or is associated with a communication device, in particular a network component, a gateway, a server or a client device.
  • The problem stated supra is further solved by a communication system comprising the device as described herein.
  • Embodiments of the invention are shown and illustrated in the following figures:
  • FIG. 1 shows an exemplary message sequence chart between a client, a gateway, a Server1 and a Server2, wherein a reason of a service change or a change of service, in particular a redirection information, is conveyed to the client device;
  • FIG. 2 shows an alternative message sequence chart between a client, a gateway, a Server1 and a Server2, wherein a reason of a service change or a change of service, in particular a redirection information, is conveyed to the client device;
  • FIG. 3 shows a message sequence chart based on FIG. 1 in more detail.
    •
  • The approach provided herein in particular enables an HTTP redirection transparently processed in an IP gateway that is analyzing the IP traffic, e.g., on layer-4 (L4).
  • For example, in case of a proxy mode deep packet inspection (DPI), TCP sessions are terminated in a gateway node so that a user space (on layer-7 (L7)) application in the gateway is able to process the HTTP requests and inspect the payload data. If the HTTP request is allowed to its final destination, the gateway will make the connection towards the destination server and it will send the original request to such destination server. If a response arrives from the server, the gateway sends the response to the client using the existing connection. In this kind of communication, if the access needs to be redirected, the gateway does not need to connect to the destination server at all. Instead, the gateway may immediately after having received the HTTP request from the client send the redirection response back to the client. However, such kind of direct processing bears the disadvantage of the proxy mode gateway requiring a lot of processing capacity, because the TCP session terminates at the gateway and it is processed by the gateway's user space application on L7 (i.e. L7 is required at such gateway). Hence, a TCP handshake is being processed between the client and gateway and also between the gateway and the server. So each connection from the client is processed locally in the gateway user space, which results in heavy operation (compared to mere L4 level processing).
  • For example, the network gateway being able to route IP packets in kernel level (L4) up to 1 GBits/s may only process about 100 MBit/s in user space (L7). TCP stream processing in application space requires IP packet reassembly, handling of the TCP window, sequence number processing, retransmissions, etc., which results in a lot of processing capacity all done by said gateway.
  • The approach provided herein allows for a gateway to operate, e.g., in a kernel mode DPI on layer-4 (L4). Such kernel mode DPI gateway may advantageously investigate IP packets having some sort of TCP flow tracking (e.g., state full inspection). The purpose of this kind of flow tracking may comprise denying service access that matches a so-called ‘deny’ rule. Hence, if the client connects to the HTTP service the TCP session is established between the client and the server (TCP handshake between the client and server). The DPI gateway located in the path between the client and the server may inspect, route and forward the IP packets. If the HTTP request arriving at the gateway does have the service access to a denied service, the gateway will start dropping the IP packets or it will send the TCP reset to the client and to the server for terminating the TCP session.
  • Hence, the approach described herein allows making a redirection in the kernel space (L4 of the gateway) without using TCP level processing. By providing redirection as described herein, the DPI gateway does not have to break the TCP connection between the server and client.
  • It is however noted, that prior to the client being able to send the request to the server via the gateway providing DPI services, the connection may have to be established, e.g., via TCP handshake. Hence, when the client sends the packet containing an HTTP request in a TCP payload which does match the deny/redirect rule, the gateway performs DPI and is thus able to provide redirection as described herein. If TCP retransmission is required, the server will be able to handle it—the DPI gateway may only rewrite the data as described herein.
  • An example could be summarized as follows:
  • In case redirection is done, the format of the headers may be as follows:
      • The client sends:
        • GET/someurl HTTP/1.1
        • Host: www.server1.com
        • Accept: */*
        • Connection: keep-alive
      • The server responds with:
        • HTTP/1.1 302 Moved
        • Location: http://www.server2.com/deny
        • Content-length: 0
        • Connection: close
      • Based on the server's response, the client can launch a new request:
        • GET/deny HTTP/1.1
        • Host: www.server2.com
        • Accept: */*
        • Connection: keep-alive
  • Also, a response code 301 may be applicable for most web browsers. Accordingly, the following redirection response from the server may work in a similar manner:
      • HTTP/1.1 301 Moved
      • Location: http://www.server2.com/deny
      • Content-length: 0
      • Connection: close
  • Hence, the IP gateway may modify an HTTP URL received via an IP packet to point to a nonexistent URL. The destination server may return an HTTP response “404 Not found”.
  • Such response is received at the IP gateway, which modifies it into a “302 Moved” message. In addition, the IP gateway modifies HTTP response headers to carry a ‘Location’ header comprising the redirection URL. After such changes, the TCP CRC is recalculated and the IP packet is sent to the HTTP client.
  • Hence, the client is able to send a HTTP GET request to another server utilizing the redirection URL conveyed by the IP gateway.
  • FIG. 1 shows an exemplary message sequence chart between a client, a gateway, a Server1 and a Server2.
  • The messages exchanged can be describes as follows:
    • (1) A connection between the client and the Server1 is established via the gateway. After a TCP three way handshake, the client sends a HTTP request comprising in particular GET/someurl HTTP/1.1
      • Host: www.server1.com
      • Accept: */*
      • Connection: keep-alive
    •  to the gateway. The gateway analyzes the incoming HTTP request, e.g., utilizing DPI to find out whether or not it matches the deny/redirect rule. In the affirmative, the gateway performs DPI and is thus able to provide redirection. If TCP retransmission is required, the server will be able to handle it—the DPI gateway just needs to rewrite the data. The gateway changes the destination URL, e.g., such that an TCP packet sequence number is not changed and forwards a message
      • GET/xxxxxxx HTTP/1.1
      • Host: www.server1.com
      • Accept: */*
      • Connection: keep-alive
    •  to the Server1.
    • (2) Because the destination URL “/xxxxxxx” does not exist, the Server1 responds with a HTTP response
      • HTTP/1.1 404 Not found.
      • Content-length: 250
      • Connection: keep-alive
    •  The response code from the Server1 may also comprise or be “302”. Some HTTP services provide a missing service notification by redirecting the access to an own service from where the status can be retrieved.
    •  The gateway modifies this response into
      • HTTP/1.1 302 Moved
      • Location: http://www.server2.com/deny
      • Content-length: 0
      • Connection: close
    •  and replaces the HTTP headers to comprise a location information of a redirect URL “ . . . /deny”. For example, a information “http://www.server2.com/deny” could be provided to indicate that the content can be found via a redirection information “http://www.server2.com”.
    •  Such modified data packet is forwarded from the gateway to the client.
    • (3) The client closes the existing TCP connection to the Server1 and establishes a new connection to the Server2. Furthermore, the client uses the redirect URL “ . . . /deny” via a GET request
      • GET “ . . . /deny” HTTP/1.1.
      • Host: www.server2.com
      • Accept: */*
      • Connection: keep-alive
    •  The gateway forwards this request directly to the Server2.
    • (4) The Server2 responds with a message HTTP/1.1 200 OK
      • Content-length: 500
      • Connection: keep-alive
      • <html><p>Your service is denied . . . </html>
    •  and conveys the data requested to the client via the gateway. Said gateway just forwards the data to the client.
  • It is noted that the “ . . . /deny” expression can have different meaning. For example, a client may be configured to use a HTTP proxy, i.e. the client is connected via the gateway and further via said HTTP proxy to the Server2 (e.g., “www.server2.com”):
      • GET http://www.server2.com/deny HTTP/1.1.
      • Host: www.server2.com
      • Accept: */*
      • Connection: keep-alive
  • As an alternative, the client may not use such HTTP proxy, but have a direct connection to the destination (e.g., to Server2) via said gateway:
      • GET/deny HTTP/1.1.
      • Host: www.server2.com
      • Accept: */*
      • Connection: keep-alive
  • Both such formats may be adapted by changing the method line path accordingly. The location header may be the same for both, the direct mode and the proxy mode server redirection response (location according to the example: http://www.server2.com/deny.
  • FIG. 3 shows a message sequence chart based on FIG. 1 in more detail. Hence, TCP message flags SYN, SYN ACK, ACK, FIN, FIN ACK are shown indicating synchronization (SYN), acknowledgement (ACK) and an end of a connection (FIN).
  • A first connection is established between the client and the Server1 and a second connection is established between the client and the Server2 after the redirection response 101 has been provided to the client.
  • Hence, the redirection can be provided, e.g., by the kernel of the gateway without using any TCP level processing. This enables redirection without the gateway having to break up the TCP connection between the Server1 and the client.
  • It is noted that before the client is able to send a request to the Server1 via said DPI gateway, the connection needs to be established, i.e. via TCP handshake, comprising SYN, SYN ACK and ACK messages.
  • When the client sends a packet containing the HTTP request in TCP payload, which does match the deny/redirect rule, the DPI gateway is able to do the redirection as described. If the TCP retransmission is required due to such matching entry regarding said deny/redirect rule, the Server1 may handle it and the DPI gateway may just rewrite the data to be forwarded. Redirection status codes as indicated, e.g., 301 or 302, may both work for most web clients.
    • ALTERNATIVE EMBODIMENT
  • As an alternative, the approach provided herein enables HTTP redirection transparently in the IP gateway that is analyzing the IP traffic by modifying the accessed HTTP method “HEAD” instead of methods “GET”, “PUT” or “POST” so that the destination server may return a HTTP response “200 OK” or any other valid HTTP response.
  • Such response, received by the IP gateway, is modified into a “302 Moved” message. In addition, the IP gateway also modifies the HTTP response headers to carry a ‘Location’ header having the redirection URL. After such changes, the TCP CRC is recalculated and the IP packet is sent to the HTTP client.
  • Hence, the client is able to send an HTTP GET request to another server utilizing the redirection URL conveyed by the IP gateway.
  • FIG. 2 shows a different embodiment visualized by a message sequence chart comprising a client, a gateway, a Server1 and a Server2.
  • The messages exchanged can be describes as follows:
    • (1) A connection between the client and the Server1 is established via the gateway. After a TCP three way handshake, the client sends a HTTP request
      • GET/someurl HTTP/1.1
      • Host: www.server1.com
      • Accept: */*
      • Connection: keep-alive
    •  to the gateway. The gateway analyzes the incoming HTTP request and the gateway knows that the service accessed would be denied and that redirection is needed. The gateway changes the HTTP method to a “HEAD” message such that a TCP packet sequence number is not changed and forwards a message
      • HEAD/someurl HTTP/1.1
      • Host: www.server1.com
      • Accept: */*
      • Connection: keep-alive
    •  to the Server1.
    • (2) The HEAD message is similar to the GET message except that the server's response does not provide a message-body.
    •  The server responds with HTTP response
      • HTTP/1.1 200 OK
      • Content-length: 0
      • Content-type: text/html
      • Server: Apache/1.3
      • Last-Modified: Sat, 29 Oct. 2007 19:43:31 GMT
      • Connection: keep-alive
    •  The gateway modifies this response into
      • HTTP/1.1 302 Moved
      • Location: http://www.server2.com/deny
      • Content-length: 0
      • Connection: close
    •  and replaces the HTTP headers to comprise a location information of a redirect URL “ . . . /deny”. Such modified data packet is forwarded from the gateway to the client.
    • (3) The client closes the existing TCP connection to the Server1 and establishes a new connection to the Server2. Furthermore, the client uses the redirect URL “ . . . /deny” via a GET request
      • GET “ . . . /deny” HTTP/1.1
      • Host: www.server2.com
      • Accept: */*
      • Connection: keep-alive
    •  The gateway forwards this request directly to the Server2.
    • (4) The Server2 responds with a message
      • HTTP/1.1 200 OK
      • Content-length: 500
      • Connection: keep-alive
      • <html><p>Your service is denied . . . </html>
    • and conveys the data requested to the client via the gateway. Said gateway just forwards the data to the client.
  • It is noted that the “ . . . /deny” expression can have different meaning as explained with regard to the example above. Hence, a client may be configured to use a HTTP proxy or it may utilize a direct connection.
    • Further Advantages:
  • Hence, pursuant to the approach provided herein, TCP level packet retransmission is handled by the client and by the server, wherein the gateway does not have to modify any TCP sequence and/or acknowledge numbers. In particular, the gateway does not have to buffer IP packets which have not yet been acknowledged either by the client or by the server.
  • Usually the “404 Not found” response provided by the Server1 may not comprise any payload data to be sent to the client. However, the space in the IP packet that could otherwise be used for payload data could be utilized by conveying a redirection URL, in particular with additional data.
  • Also, HTTP servers and/or clients may send other HTTP headers ‘Server’ and ‘Content-Type’ which can be replaced to contain a redirection header with additional data. If IP packet retransmission occurs, the gateway needs only to rewrite the IP packet as it has done previously. The TCP/IP session information and/or termination are handled by the original client and by the server. The IP gateway may in particular only forward the TCP/IP signaling packets.
  • This is of advantage as this approach does not require the IP gateway to terminate all HTTP sessions transparently within its own TCP/IP stack or a partial implementation thereof.

Claims (77)

1-18. (canceled)
19. A method for processing data in a network, which comprises the step of:
modifying, via a gateway, a communication from a first network component to a second network component by indicating at least one of a reason for a service change or by indicating a change of a service.
20. The method according to claim 19, which further comprises performing, via the gateway, a deep packet inspection to determine if a modification of the communication is required.
21. The method according to claim 20, which further comprises performing, via the gateway, layer-4 processing.
22. The method according to claim 19, which further comprises using the gateway to modify the communication if a request from the second network component to the first network component is directed to a denied service.
23. The method according to claim 20, which further comprises performing at least one of:
initiating a redirection via the gateway; or
using the gateway to start dropping the data directed towards the first network component.
24. The method according to claim 19, which further comprises indicating the change of the service by conveying redirection information to access the service via a third network component.
25. The method according to claim 24, wherein the first network component is a first server, the second network component is a client and the third network component is a second server.
26. The method according to claim 25, wherein the communication from the first network component comprises a “Not found” message or an “OK message”, and the redirection information to access the service via the third network component.
27. The method according to claim 19, wherein the second network component accesses a third network component utilizing redirection information.
28. The method according to claim 19, wherein the network comprises an Internet or is associated with the Internet.
29. The method according to claim 19, wherein the service comprises at least one of the following:
a service provided by the network being addressable in the network;
a site or a page of the network;
a content of the network; and
an URL.
30. The method according to claim 19, wherein prior to performing the modifying step, receiving, via the gateway, a request for the service from the second network component and changing the request into a message to be conveyed to the first network component, pursuant to which the first network component provides a response without a message body.
31. The method according to claim 30, wherein the gateway receives a message without the message body from the first network component in return to a HEAD-message.
32. The method according to claim 19, wherein prior to performing the modifying step, receiving, via the gateway, a request for the service from the second network component and changing the request into a GET-message, a PUT-message or a POST-message to be conveyed to the first network component.
33. The method according to claim 32, wherein the gateway receives a “200 OK” message in return to the GET-message, the PUT-message or the POST-message from the first network component indicating the change of the service within a message body.
34. The method according to claim 19, which further comprises performing, via the gateway, a deep packet inspection to determine if a redirection of the communication is required.
35. The method according to claim 20, which further comprises performing, via the gateway, layer-4 processing without using TCP level processing.
36. The method according to claim 22, which further comprises indicating the change of the service by conveying redirection information to access the service via a third network component.
37. The method according to claim 24, wherein the communication from the first network component comprises a “Not found” message or an “OK message”, and the redirection information to access the service via the third network component.
38. The method according to claim 22, wherein the second network component accesses a third network component utilizing redirection information.
39. The method according to claim 24, wherein the second network component accesses the third network component utilizing the redirection information.
40. The method according to claim 25, wherein the second network component accesses the third network component utilizing the redirection information.
41. The method according to claim 26, wherein the second network component accesses the third network component utilizing the redirection information.
42. The method according to claim 22, wherein the network comprises an Internet or is associated with the Internet.
43. The method according to claim 24, wherein the network comprises an Internet or is associated with the Internet.
44. The method according to claim 25, wherein the network comprises an Internet or is associated with the Internet.
45. The method according to claim 26, wherein the network comprises an Internet or is associated with the Internet.
46. The method according to claim 27, wherein the network comprises an Internet or is associated with the Internet.
47. The method according to claim 22, wherein the service comprises at least one of the following:
a service provided by the network being addressable in the network;
a site or a page of the network;
a content of the network; and
an URL.
48. The method according to claim 24, wherein the service comprises at least one of the following:
a service provided by the network being addressable in the network;
a site or a page of the network;
a content of the network; and
an URL.
49. The method according to claim 25, wherein the service comprises at least one of the following:
a service provided by the network being addressable in the network;
a site or a page of the network;
a content of the network; and
an URL.
50. The method according to claim 26, wherein the service comprises at least one of the following:
a service provided by the network being addressable in the network;
a site or a page of the network;
a content of the network; and
an URL.
51. The method according to claim 27, wherein the service comprises at least one of the following:
a service provided by the network being addressable in the network;
a site or a page of the network;
a content of the network; and
an URL.
52. The method according to claim 28, wherein the service comprises at least one of the following:
a service provided by the network being addressable in the network;
a site or a page of the network;
a content of the network; and
an URL.
53. The method according to claim 22, wherein prior to performing the modifying step, receiving, via the gateway, a request for the service from the second network component and changing the request into a message to be conveyed to the first network component, pursuant to which the first network component provides a response without a message body.
54. The method according to claim 24, wherein prior to performing the modifying step, receiving, via the gateway, a request for the service from the second network component and changing the request into a message to be conveyed to the first network component, pursuant to which the first network component provides a response without a message body.
55. The method according to claim 25, wherein prior to performing the modifying step, receiving, via the gateway, a request for the service from the second network component and changing the request into a message to be conveyed to the first network component, pursuant to which the first network component provides a response without a message body.
56. The method according to claim 26, wherein prior to performing the modifying step, receiving, via the gateway, a request for the service from the second network component and changing the request into a message to be conveyed to the first network component, pursuant to which the first network component provides a response without a message body.
57. The method according to claim 27, wherein prior to performing the modifying step, receiving, via the gateway, a request for the service from the second network component and changing the request into a message to be conveyed to the first network component, pursuant to which the first network component provides a response without a message body.
58. The method according to claim 28, wherein prior to performing the modifying step, receiving, via the gateway, a request for the service from the second network component and changing the request into a message to be conveyed to the first network component, pursuant to which the first network component provides a response without a message body.
59. The method according to claim 29, wherein prior to performing the modifying step, receiving, via the gateway, a request for the service from the second network component and changing the request into a message to be conveyed to the first network component, pursuant to which the first network component provides a response without a message body.
60. The method according to claim 53, wherein the gateway receives a message without the message body from the first network component in return to a HEAD-message.
61. The method according to claim 54, wherein the gateway receives a message without the message body from the first network component in return to a HEAD-message.
62. The method according to claim 55, wherein the gateway receives a message without the message body from the first network component in return to a HEAD-message.
63. The method according to claim 56, wherein the gateway receives a message without the message body from the first network component in return to a HEAD-message.
64. The method according to claim 57, wherein the gateway receives a message without the message body from the first network component in return to a HEAD-message.
65. The method according to claim 58, wherein the gateway receives a message without the message body from the first network component in return to a HEAD-message.
66. The method according to claim 59, wherein the gateway receives a message without the message body from the first network component in return to a HEAD-message.
67. The method according to claim 22, wherein prior to performing the modifying step, receiving, via the gateway, a request for the service from the second network component and changing the request into a GET-message, a PUT-message or a POST-message to be conveyed to the first network component.
68. The method according to claim 24, wherein prior to performing the modifying step, receiving, via the gateway, a request for the service from the second network component and changing the request into a GET-message, a PUT-message or a POST-message to be conveyed to the first network component.
69. The method according to claim 25, wherein prior to performing the modifying step, receiving, via the gateway, a request for the service from the second network component and changing the request into a GET-message, a PUT-message or a POST-message to be conveyed to the first network component.
70. The method according to claim 26, wherein prior to performing the modifying step, receiving, via the gateway, a request for the service from the second network component and changing the request into a GET-message, a PUT-message or a POST-message to be conveyed to the first network component.
71. The method according to claim 27, wherein prior to performing the modifying step, receiving, via the gateway, a request for the service from the second network component and changing the request into a GET-message, a PUT-message or a POST-message to be conveyed to the first network component.
72. The method according to claim 28, wherein prior to performing the modifying step, receiving, via the gateway, a request for the service from the second network component and changing the request into a GET-message, a PUT-message or a POST-message to be conveyed to the first network component.
73. The method according to claim 29, wherein prior to performing the modifying step, receiving, via the gateway, a request for the service from the second network component and changing the request into a GET-message, a PUT-message or a POST-message to be conveyed to the first network component.
74. The method according to claim 67, wherein the gateway receives a “200 OK” message in return to the GET-message, the PUT-message or the POST-message from the first network component indicating the change of the service within a message body.
75. The method according to claim 68, wherein the gateway receives a “200 OK” message in return to the GET-message, the PUT-message or the POST-message from the first network component indicating the change of the service within a message body.
76. The method according to claim 69, wherein the gateway receives a “200 OK” message in return to the GET-message, the PUT-message or the POST-message from the first network component indicating the change of the service within a message body.
77. The method according to claim 70, wherein the gateway receives a “200 OK” message in return to the GET-message, the PUT-message or the POST-message from the first network component indicating the change of the service within a message body.
78. The method according to claim 71, wherein the gateway receives a “200 OK” message in return to the GET-message, the PUT-message or the POST-message from the first network component indicating the change of the service within a message body.
79. The method according to claim 72, wherein the gateway receives a “200 OK” message in return to the GET-message, the PUT-message or the POST-message from the first network component indicating the change of the service within a message body.
80. The method according to claim 73, wherein the gateway receives a “200 OK” message in return to the GET-message, the PUT-message or the POST-message from the first network component indicating the change of the service within a message body.
81. The method according to claim 36, wherein the first network component is a first server, the second network component is a client and the third network component is a second server.
82. The method according to claim 81, wherein the communication from the first network component comprises a “Not found” message or an “OK message”, and the redirection information to access the service via the third network component.
83. The method according to claim 82, wherein the second network component accesses the third network component utilizing the redirection information.
84. The method according to claim 83, wherein the network comprises an Internet or is associated with the Internet.
85. The method according to claim 84, wherein the service comprises at least one of the following:
a service provided by the network being addressable in the network;
a site or a page of the network;
a content of the network; and
an URL.
86. The method according to claim 85, wherein prior to performing the modifying step, receiving, via the gateway, a request for the service from the second network component and changing the request into a message to be conveyed to the first network component, pursuant to which the first network component provides a response without a message body.
87. A device, comprising:
at least one apparatus selected from the group consisting of a processor unit, a device associated with a processor unit, a hard-wired circuit, and a logic device, said at least one apparatus programmed to:
modify, via a gateway, a communication from a first network component to a second network component by indicating at least one of a reason for a service change or by indicating a change of a service.
88. The device according to claim 87, wherein said apparatus is a network component.
89. The device according to claim 87, wherein said apparatus is selected from the group consisting of said gateway and a server of a client device.
90. The device according to claim 87, wherein the device associated with a network component.
91. A communication system, comprising:
at least one apparatus selected from the group consisting of a processor unit, a device associated with a processor unit, a hard-wired circuit, and a logic device, said at least one apparatus programmed to:
modify, via a gateway, a communication from a first network component to a second network component by indicating at least one of a reason for a service change or by indicating a change of a service.
92. The communication system according to claim 91, wherein said apparatus is a network component.
93. The communication system according to claim 91, wherein said apparatus is selected from the group consisting of said gateway and a server of a client device.
94. The communication system according to claim 91, wherein said apparatus is associated with a network component.
US13/141,880 2008-12-23 2009-12-23 Method and device for processing data in a network Abandoned US20110320589A1 (en)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
EP08106030A EP2202935B1 (en) 2008-12-23 2008-12-23 Method and device for processing data in a network
EP08106030.3 2008-12-23
PCT/EP2009/067829 WO2010072800A1 (en) 2008-12-23 2009-12-23 Method and device for processing data in a network

Publications (1)

Publication Number Publication Date
US20110320589A1 true US20110320589A1 (en) 2011-12-29

Family

ID=40791689

Family Applications (1)

Application Number Title Priority Date Filing Date
US13/141,880 Abandoned US20110320589A1 (en) 2008-12-23 2009-12-23 Method and device for processing data in a network

Country Status (4)

Country Link
US (1) US20110320589A1 (en)
EP (1) EP2202935B1 (en)
CN (1) CN102326374A (en)
WO (1) WO2010072800A1 (en)

Cited By (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20150067840A1 (en) * 2012-11-01 2015-03-05 Huizhou Tcl Mobile Communication Co., Ltd. Method for packet processing, electronic device and storage medium
US9143386B1 (en) * 2010-09-27 2015-09-22 Sprint Communications Company L.P. Remote keep-alive message management in a wireless communication network
US20170331792A1 (en) * 2011-01-27 2017-11-16 Verint Systems Ltd. System and method for decoding traffic over proxy servers
US9825911B1 (en) * 2015-11-18 2017-11-21 Amazon Technologies, Inc. Security policy check based on communication establishment handshake packet
US11057501B2 (en) * 2018-12-31 2021-07-06 Fortinet, Inc. Increasing throughput density of TCP traffic on a hybrid data network having both wired and wireless connections by modifying TCP layer behavior over the wireless connection while maintaining TCP protocol
US11297167B2 (en) 2009-10-08 2022-04-05 Bright Data Ltd. System providing faster and more efficient data communication
US11303724B2 (en) 2013-08-28 2022-04-12 Bright Data Ltd. System and method for improving internet communication by using intermediate nodes
US11411922B2 (en) 2019-04-02 2022-08-09 Bright Data Ltd. System and method for managing non-direct URL fetching service
US11424946B2 (en) 2017-08-28 2022-08-23 Bright Data Ltd. System and method for improving content fetching by selecting tunnel devices
US11593446B2 (en) 2019-02-25 2023-02-28 Bright Data Ltd. System and method for URL fetching retry mechanism
US11757961B2 (en) 2015-05-14 2023-09-12 Bright Data Ltd. System and method for streaming content from multiple servers
US12260364B2 (en) 2015-04-24 2025-03-25 United Parcel Service Of America, Inc. Location-based pick up and delivery services
US12278880B2 (en) 2023-03-11 2025-04-15 Bright Data Ltd. System and method for improving internet communication by using intermediate nodes

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104980456B (en) * 2014-04-03 2018-09-21 华为技术有限公司 Method, intermediate node, the terminal and server of transmission services
CN119211353B (en) * 2024-11-27 2025-03-18 杭州阿启视科技有限公司 A device redirection gateway side implementation method

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20060112174A1 (en) * 2004-11-23 2006-05-25 L Heureux Israel Rule-based networking device
US20080019371A1 (en) * 2006-07-24 2008-01-24 Bellsouth Intellectual Property Corporation Methods, systems, and computer program products for marking data packets based on content thereof
US20090094374A1 (en) * 2007-10-04 2009-04-09 Hong Kong Applied Science And Technology Research Institute Co., Ltd. Systems and methods providing lists of available streaming content
US7719995B2 (en) * 2005-09-09 2010-05-18 Zeugma Systems Inc. Application driven fast unicast flow replication
US7969976B2 (en) * 2007-12-21 2011-06-28 Nec Corporation Gateway apparatus, packet forwarding method, and program
US8339959B1 (en) * 2008-05-20 2012-12-25 Juniper Networks, Inc. Streamlined packet forwarding using dynamic filters for routing and security in a shared forwarding plane

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
ATE211595T1 (en) * 1998-07-21 2002-01-15 Oliver Kaufmann METHOD AND DEVICE FOR PROVIDING A THIRD INTERNET DATA CHANNEL
CA2514039A1 (en) * 2005-07-28 2007-01-28 Third Brigade Inc. Tcp normalization engine
US20080306815A1 (en) * 2007-06-06 2008-12-11 Nebuad, Inc. Method and system for inserting targeted data in available spaces of a webpage

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20060112174A1 (en) * 2004-11-23 2006-05-25 L Heureux Israel Rule-based networking device
US7719995B2 (en) * 2005-09-09 2010-05-18 Zeugma Systems Inc. Application driven fast unicast flow replication
US20080019371A1 (en) * 2006-07-24 2008-01-24 Bellsouth Intellectual Property Corporation Methods, systems, and computer program products for marking data packets based on content thereof
US20090094374A1 (en) * 2007-10-04 2009-04-09 Hong Kong Applied Science And Technology Research Institute Co., Ltd. Systems and methods providing lists of available streaming content
US7969976B2 (en) * 2007-12-21 2011-06-28 Nec Corporation Gateway apparatus, packet forwarding method, and program
US8339959B1 (en) * 2008-05-20 2012-12-25 Juniper Networks, Inc. Streamlined packet forwarding using dynamic filters for routing and security in a shared forwarding plane

Cited By (142)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US12003566B2 (en) 2009-10-08 2024-06-04 Bright Data Ltd. System providing faster and more efficient data communication
US11457058B2 (en) 2009-10-08 2022-09-27 Bright Data Ltd. System providing faster and more efficient data communication
US11811848B2 (en) 2009-10-08 2023-11-07 Bright Data Ltd. System providing faster and more efficient data communication
US11811850B2 (en) 2009-10-08 2023-11-07 Bright Data Ltd. System providing faster and more efficient data communication
US12200038B2 (en) 2009-10-08 2025-01-14 Bright Data Ltd. System providing faster and more efficient data communication
US11700295B2 (en) 2009-10-08 2023-07-11 Bright Data Ltd. System providing faster and more efficient data communication
US12177285B2 (en) 2009-10-08 2024-12-24 Bright Data Ltd. System providing faster and more efficient data communication
US11297167B2 (en) 2009-10-08 2022-04-05 Bright Data Ltd. System providing faster and more efficient data communication
US12107911B2 (en) 2009-10-08 2024-10-01 Bright Data Ltd. System providing faster and more efficient data communication
US11303734B2 (en) 2009-10-08 2022-04-12 Bright Data Ltd. System providing faster and more efficient data communication
US12101372B2 (en) 2009-10-08 2024-09-24 Bright Data Ltd. System providing faster and more efficient data communication
US12095843B2 (en) 2009-10-08 2024-09-17 Bright Data Ltd. System providing faster and more efficient data communication
US12095840B2 (en) 2009-10-08 2024-09-17 Bright Data Ltd. System providing faster and more efficient data communication
US12095841B2 (en) 2009-10-08 2024-09-17 Bright Data Ltd. System providing faster and more efficient data communication
US12081612B2 (en) 2009-10-08 2024-09-03 Bright Data Ltd. System providing faster and more efficient data communication
US11811849B2 (en) 2009-10-08 2023-11-07 Bright Data Ltd. System providing faster and more efficient data communication
US12021914B2 (en) 2009-10-08 2024-06-25 Bright Data Ltd. System providing faster and more efficient data communication
US12003568B2 (en) 2009-10-08 2024-06-04 Bright Data Ltd. System providing faster and more efficient data communication
US12021916B2 (en) 2009-10-08 2024-06-25 Bright Data Ltd. System providing faster and more efficient data communication
US12003567B2 (en) 2009-10-08 2024-06-04 Bright Data Ltd. System providing faster and more efficient data communication
US11838119B2 (en) 2009-10-08 2023-12-05 Bright Data Ltd. System providing faster and more efficient data communication
US11770435B2 (en) 2009-10-08 2023-09-26 Bright Data Ltd. System providing faster and more efficient data communication
US11412025B2 (en) 2009-10-08 2022-08-09 Bright Data Ltd. System providing faster and more efficient data communication
US11539779B2 (en) 2009-10-08 2022-12-27 Bright Data Ltd. System providing faster and more efficient data communication
US12003569B2 (en) 2009-10-08 2024-06-04 Bright Data Ltd. System providing faster and more efficient data communication
US11962636B2 (en) 2009-10-08 2024-04-16 Bright Data Ltd. System providing faster and more efficient data communication
US11956299B2 (en) 2009-10-08 2024-04-09 Bright Data Ltd. System providing faster and more efficient data communication
US11949729B2 (en) 2009-10-08 2024-04-02 Bright Data Ltd. System providing faster and more efficient data communication
US11916993B2 (en) 2009-10-08 2024-02-27 Bright Data Ltd. System providing faster and more efficient data communication
US11902351B2 (en) 2009-10-08 2024-02-13 Bright Data Ltd. System providing faster and more efficient data communication
US11611607B2 (en) 2009-10-08 2023-03-21 Bright Data Ltd. System providing faster and more efficient data communication
US11616826B2 (en) 2009-10-08 2023-03-28 Bright Data Ltd. System providing faster and more efficient data communication
US11888921B2 (en) 2009-10-08 2024-01-30 Bright Data Ltd. System providing faster and more efficient data communication
US11659017B2 (en) 2009-10-08 2023-05-23 Bright Data Ltd. System providing faster and more efficient data communication
US11659018B2 (en) 2009-10-08 2023-05-23 Bright Data Ltd. System providing faster and more efficient data communication
US11888922B2 (en) 2009-10-08 2024-01-30 Bright Data Ltd. System providing faster and more efficient data communication
US11671476B2 (en) 2009-10-08 2023-06-06 Bright Data Ltd. System providing faster and more efficient data communication
US11876853B2 (en) 2009-10-08 2024-01-16 Bright Data Ltd. System providing faster and more efficient data communication
US9143386B1 (en) * 2010-09-27 2015-09-22 Sprint Communications Company L.P. Remote keep-alive message management in a wireless communication network
US10862869B2 (en) * 2011-01-27 2020-12-08 Verint Systems Ltd. System and method for decoding traffic over proxy servers
US20170331792A1 (en) * 2011-01-27 2017-11-16 Verint Systems Ltd. System and method for decoding traffic over proxy servers
US20150067840A1 (en) * 2012-11-01 2015-03-05 Huizhou Tcl Mobile Communication Co., Ltd. Method for packet processing, electronic device and storage medium
US9313225B2 (en) * 2012-11-01 2016-04-12 Huizhou Tcl Mobile Communication Co., Ltd. Method for packet processing, electronic device and storage medium
US12069150B2 (en) 2013-08-28 2024-08-20 Bright Data Ltd. System and method for improving internet communication by using intermediate nodes
US11310341B2 (en) 2013-08-28 2022-04-19 Bright Data Ltd. System and method for improving internet communication by using intermediate nodes
US12010196B2 (en) 2013-08-28 2024-06-11 Bright Data Ltd. System and method for improving internet communication by using intermediate nodes
US11758018B2 (en) 2013-08-28 2023-09-12 Bright Data Ltd. System and method for improving internet communication by using intermediate nodes
US12021946B2 (en) 2013-08-28 2024-06-25 Bright Data Ltd. System and method for improving internet communication by using intermediate nodes
US12231519B2 (en) 2013-08-28 2025-02-18 Bright Data Ltd. System and method for improving internet communication by using intermediate nodes
US11729297B2 (en) 2013-08-28 2023-08-15 Bright Data Ltd. System and method for improving internet communication by using intermediate nodes
US12021944B2 (en) 2013-08-28 2024-06-25 Bright Data Ltd. System and method for improving internet communication by using intermediate nodes
US11799985B2 (en) 2013-08-28 2023-10-24 Bright Data Ltd. System and method for improving internet communication by using intermediate nodes
US12003605B2 (en) 2013-08-28 2024-06-04 Bright Data Ltd. System and method for improving internet communication by using intermediate nodes
US12200084B2 (en) 2013-08-28 2025-01-14 Bright Data Ltd. System and method for improving internet communication by using intermediate nodes
US11689639B2 (en) 2013-08-28 2023-06-27 Bright Data Ltd. System and method for improving Internet communication by using intermediate nodes
US11838386B2 (en) 2013-08-28 2023-12-05 Bright Data Ltd. System and method for improving internet communication by using intermediate nodes
US11677856B2 (en) 2013-08-28 2023-06-13 Bright Data Ltd. System and method for improving internet communication by using intermediate nodes
US11838388B2 (en) 2013-08-28 2023-12-05 Bright Data Ltd. System and method for improving internet communication by using intermediate nodes
US12200083B2 (en) 2013-08-28 2025-01-14 Bright Data Ltd. System and method for improving internet communication by using intermediate nodes
US11870874B2 (en) 2013-08-28 2024-01-09 Bright Data Ltd. System and method for improving internet communication by using intermediate nodes
US12166843B2 (en) 2013-08-28 2024-12-10 Bright Data Ltd. System and method for improving internet communication by using intermediate nodes
US12143460B2 (en) 2013-08-28 2024-11-12 Bright Data Ltd. System and method for improving internet communication by using intermediate nodes
US12143461B2 (en) 2013-08-28 2024-11-12 Bright Data Ltd. System and method for improving internet communication by using intermediate nodes
US11632439B2 (en) 2013-08-28 2023-04-18 Bright Data Ltd. System and method for improving internet communication by using intermediate nodes
US12143462B2 (en) 2013-08-28 2024-11-12 Bright Data Ltd. System and method for improving internet communication by using intermediate nodes
US11303724B2 (en) 2013-08-28 2022-04-12 Bright Data Ltd. System and method for improving internet communication by using intermediate nodes
US11595497B2 (en) 2013-08-28 2023-02-28 Bright Data Ltd. System and method for improving internet communication by using intermediate nodes
US11902400B2 (en) 2013-08-28 2024-02-13 Bright Data Ltd. System and method for improving internet communication by using intermediate nodes
US12021945B2 (en) 2013-08-28 2024-06-25 Bright Data Ltd. System and method for improving internet communication by using intermediate nodes
US11316950B2 (en) 2013-08-28 2022-04-26 Bright Data Ltd. System and method for improving internet communication by using intermediate nodes
US11336746B2 (en) 2013-08-28 2022-05-17 Bright Data Ltd. System and method for improving Internet communication by using intermediate nodes
US11595496B2 (en) 2013-08-28 2023-02-28 Bright Data Ltd. System and method for improving internet communication by using intermediate nodes
US11924307B2 (en) 2013-08-28 2024-03-05 Bright Data Ltd. System and method for improving internet communication by using intermediate nodes
US11924306B2 (en) 2013-08-28 2024-03-05 Bright Data Ltd. System and method for improving internet communication by using intermediate nodes
US11949755B2 (en) 2013-08-28 2024-04-02 Bright Data Ltd. System and method for improving internet communication by using intermediate nodes
US11336745B2 (en) 2013-08-28 2022-05-17 Bright Data Ltd. System and method for improving internet communication by using intermediate nodes
US11949756B2 (en) 2013-08-28 2024-04-02 Bright Data Ltd. System and method for improving internet communication by using intermediate nodes
US11588920B2 (en) 2013-08-28 2023-02-21 Bright Data Ltd. System and method for improving internet communication by using intermediate nodes
US12088684B2 (en) 2013-08-28 2024-09-10 Bright Data Ltd. System and method for improving internet communication by using intermediate nodes
US11412066B2 (en) 2013-08-28 2022-08-09 Bright Data Ltd. System and method for improving internet communication by using intermediate nodes
US11575771B2 (en) 2013-08-28 2023-02-07 Bright Data Ltd. System and method for improving internet communication by using intermediate nodes
US11349953B2 (en) 2013-08-28 2022-05-31 Bright Data Ltd. System and method for improving internet communication by using intermediate nodes
US11388257B2 (en) 2013-08-28 2022-07-12 Bright Data Ltd. System and method for improving internet communication by using intermediate nodes
US11979475B2 (en) 2013-08-28 2024-05-07 Bright Data Ltd. System and method for improving internet communication by using intermediate nodes
US11985212B2 (en) 2013-08-28 2024-05-14 Bright Data Ltd. System and method for improving internet communication by using intermediate nodes
US11985210B2 (en) 2013-08-28 2024-05-14 Bright Data Ltd. System and method for improving internet communication by using intermediate nodes
US11451640B2 (en) 2013-08-28 2022-09-20 Bright Data Ltd. System and method for improving internet communication by using intermediate nodes
US12069148B2 (en) 2013-08-28 2024-08-20 Bright Data Ltd. System and method for improving internet communication by using intermediate nodes
US12260364B2 (en) 2015-04-24 2025-03-25 United Parcel Service Of America, Inc. Location-based pick up and delivery services
US12003562B2 (en) 2015-05-14 2024-06-04 Bright Data Ltd. System and method for streaming content from multiple servers
US12088651B2 (en) 2015-05-14 2024-09-10 Bright Data Ltd. System and method for streaming content from multiple servers
US11770429B2 (en) 2015-05-14 2023-09-26 Bright Data Ltd. System and method for streaming content from multiple servers
US11757961B2 (en) 2015-05-14 2023-09-12 Bright Data Ltd. System and method for streaming content from multiple servers
US9825911B1 (en) * 2015-11-18 2017-11-21 Amazon Technologies, Inc. Security policy check based on communication establishment handshake packet
US11902044B2 (en) 2017-08-28 2024-02-13 Bright Data Ltd. System and method for improving content fetching by selecting tunnel devices
US12218777B2 (en) 2017-08-28 2025-02-04 Bright Data Ltd. Selecting a proxy device based on communication property
US12261712B2 (en) 2017-08-28 2025-03-25 Bright Data Ltd. Managing and selecting proxy devices by multiple servers
US11757674B2 (en) 2017-08-28 2023-09-12 Bright Data Ltd. System and method for improving content fetching by selecting tunnel devices
US11424946B2 (en) 2017-08-28 2022-08-23 Bright Data Ltd. System and method for improving content fetching by selecting tunnel devices
US12034559B2 (en) 2017-08-28 2024-07-09 Bright Data Ltd. System and method for selecting and using a proxy device
US12040910B2 (en) 2017-08-28 2024-07-16 Bright Data Ltd. Content fetching by mobile device selected based on battery changing level
US12047191B2 (en) 2017-08-28 2024-07-23 Bright Data Ltd. System and method for improving content fetching by selecting tunnel devices
US12250089B2 (en) 2017-08-28 2025-03-11 Bright Data Ltd. System and method for improving content fetching by selecting tunnel devices
US12057958B2 (en) 2017-08-28 2024-08-06 Bright Data Ltd. System and method for improving content fetching by using an appliance as a proxy device
US12250090B2 (en) 2017-08-28 2025-03-11 Bright Data Ltd. System and method for improving content fetching by selecting tunnel devices
US11558215B2 (en) * 2017-08-28 2023-01-17 Bright Data Ltd. System and method for content fetching using a selected intermediary device and multiple servers
US11979250B2 (en) 2017-08-28 2024-05-07 Bright Data Ltd. System and method for improving content fetching by selecting tunnel devices
US11979249B2 (en) 2017-08-28 2024-05-07 Bright Data Ltd. System and method for improving content fetching by selecting tunnel devices
US11962430B2 (en) 2017-08-28 2024-04-16 Bright Data Ltd. System and method for improving content fetching by selecting tunnel devices
US11956094B2 (en) 2017-08-28 2024-04-09 Bright Data Ltd. System and method for improving content fetching by selecting tunnel devices
US12231253B2 (en) 2017-08-28 2025-02-18 Bright Data Ltd. Software development kit (SDK) for selecting and implementing client devices as proxies
US11909547B2 (en) 2017-08-28 2024-02-20 Bright Data Ltd. System and method for improving content fetching by selecting tunnel devices
US11764987B2 (en) 2017-08-28 2023-09-19 Bright Data Ltd. System and method for monitoring proxy devices and selecting therefrom
US11729012B2 (en) 2017-08-28 2023-08-15 Bright Data Ltd. System and method for improving content fetching by selecting tunnel devices
US11888638B2 (en) 2017-08-28 2024-01-30 Bright Data Ltd. System and method for improving content fetching by selecting tunnel devices
US12137008B2 (en) 2017-08-28 2024-11-05 Bright Data Ltd. System and method for improving content fetching by selecting tunnel devices
US11888639B2 (en) 2017-08-28 2024-01-30 Bright Data Ltd. System and method for improving content fetching by selecting tunnel devices
US12218776B2 (en) 2017-08-28 2025-02-04 Bright Data Ltd. Content fetching by client device selected based on hardware feature
US11729013B2 (en) 2017-08-28 2023-08-15 Bright Data Ltd. System and method for improving content fetching by selecting tunnel devices
US11711233B2 (en) * 2017-08-28 2023-07-25 Bright Data Ltd. System and method for improving content fetching by selecting tunnel devices
US12149374B2 (en) 2017-08-28 2024-11-19 Bright Data Ltd. System and method for improving content fetching by selecting tunnel devices
US11876612B2 (en) 2017-08-28 2024-01-16 Bright Data Ltd. System and method for improving content fetching by selecting tunnel devices
US11863339B2 (en) 2017-08-28 2024-01-02 Bright Data Ltd. System and method for monitoring status of intermediate devices
US12184437B2 (en) 2017-08-28 2024-12-31 Bright Data Ltd. System and method for improving content fetching by selecting tunnel devices
US12192026B2 (en) 2017-08-28 2025-01-07 Bright Data Ltd. System and method for improving content fetching by selecting tunnel devices
US11057501B2 (en) * 2018-12-31 2021-07-06 Fortinet, Inc. Increasing throughput density of TCP traffic on a hybrid data network having both wired and wireless connections by modifying TCP layer behavior over the wireless connection while maintaining TCP protocol
US11593446B2 (en) 2019-02-25 2023-02-28 Bright Data Ltd. System and method for URL fetching retry mechanism
US12147490B2 (en) 2019-02-25 2024-11-19 Bright Data Ltd. System and method for URL fetching retry mechanism
US11675866B2 (en) 2019-02-25 2023-06-13 Bright Data Ltd. System and method for URL fetching retry mechanism
US12056202B2 (en) 2019-02-25 2024-08-06 Bright Data Ltd. System and method for URL fetching retry mechanism
US11657110B2 (en) 2019-02-25 2023-05-23 Bright Data Ltd. System and method for URL fetching retry mechanism
US12229210B2 (en) 2019-02-25 2025-02-18 Bright Data Ltd. System and method for URL fetching retry mechanism
US12069029B2 (en) 2019-04-02 2024-08-20 Bright Data Ltd. System and method for managing non-direct URL fetching service
US11902253B2 (en) 2019-04-02 2024-02-13 Bright Data Ltd. System and method for managing non-direct URL fetching service
US11411922B2 (en) 2019-04-02 2022-08-09 Bright Data Ltd. System and method for managing non-direct URL fetching service
US11418490B2 (en) 2019-04-02 2022-08-16 Bright Data Ltd. System and method for managing non-direct URL fetching service
US12010101B2 (en) 2019-04-02 2024-06-11 Bright Data Ltd. System and method for managing non-direct URL fetching service
US12277187B2 (en) 2022-01-10 2025-04-15 Bright Data Ltd. System and method for URL fetching retry mechanism
US12277188B2 (en) 2022-01-10 2025-04-15 Bright Data Ltd. System and method for URL fetching retry mechanism
US12278878B2 (en) 2022-04-10 2025-04-15 Bright Data Ltd. System and method for improving internet communication by using intermediate nodes
US12277189B2 (en) 2023-01-23 2025-04-15 Bright Data Ltd. System and method for URL fetching retry mechanism
US12278880B2 (en) 2023-03-11 2025-04-15 Bright Data Ltd. System and method for improving internet communication by using intermediate nodes

Also Published As

Publication number Publication date
EP2202935A1 (en) 2010-06-30
EP2202935B1 (en) 2012-06-20
WO2010072800A1 (en) 2010-07-01
CN102326374A (en) 2012-01-18

Similar Documents

Publication Publication Date Title
EP2202935B1 (en) Method and device for processing data in a network
US6532493B1 (en) Methods and apparatus for redirecting network cache traffic
US7734791B2 (en) Asynchronous hypertext messaging
US7826487B1 (en) Coalescing acknowledgement responses to improve network communications
EP2892189B1 (en) System and method for diverting established communication sessions
US7161947B1 (en) Methods and apparatus for intercepting control and data connections
JP3225924B2 (en) Communication quality control device
US7373500B2 (en) Secure network processing
US6473406B1 (en) Method and apparatus for transparently proxying a connection
US6470027B1 (en) System and method for providing message redirection in networked environments
EP1469653A2 (en) Object aware transport-layer network processing engine
US20030172264A1 (en) Method and system for providing security in performance enhanced network
EP1892887A1 (en) Communication method between communication devices and communication apparatus
CN101741846B (en) File downloading method, file downloading device and file downloading system
JP2008541239A (en) Method and apparatus for increasing HTTP performance of long latency links
EP3155788B1 (en) Proxy node for transferring packets between a server and a client using port sharding
US7886043B1 (en) Hybrid method and apparatus for URL filtering
WO2008036086A1 (en) Handoff and optimization of a network protocol stack
JP5219903B2 (en) URL filtering apparatus and URL filtering method
KR101281160B1 (en) Intrusion Prevention System using extract of HTTP request information and Method URL cutoff using the same
US20060195589A1 (en) Method and system for avoiding an unintentional time-out for communications in a client-proxy-server environment
WO2006111605A2 (en) Method and apparatus for load balancing a sip flow in a communication network
US7526797B2 (en) System and method for processing callback requests included in web-based procedure calls through a firewall
GB2327829A (en) Communications system with data-specific replacement protocols
JP2001358771A (en) Device for controlling communication quality

Legal Events

Date Code Title Description
AS Assignment

Owner name: NOKIA SIEMENS NETWORKS OY, FINLAND

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:HIETALA, ERKKI JUHANI;REEL/FRAME:030274/0759

Effective date: 20110906

AS Assignment

Owner name: NOKIA SOLUTIONS AND NETWORKS OY, FINLAND

Free format text: CHANGE OF NAME;ASSIGNOR:NOKIA SIEMENS NETWORKS OY;REEL/FRAME:034294/0603

Effective date: 20130819

STCB Information on status: application discontinuation

Free format text: ABANDONED -- FAILURE TO RESPOND TO AN OFFICE ACTION

OSZAR »