A network quality measurement method includes obtaining feature parameter of a to-be-measured data packet set, where the to-be-measured data packet set is in a packet flow and is based on an encrypted transmission protocol, the to-be-measured data packet set includes at least two to-be-measured data packets, and the feature parameter are parameter read from headers of the to-be-measured data packets based on the encrypted transmission protocol, determining a data transmission mode of the to-be-measured data packet set based on the feature parameter of the to-be-measured data packet set, determining, based on the data transmission mode, a measurement index of network quality measurement, and performing, based on the measurement index, the network quality measurement on the to-be-measured data packets corresponding to the feature parameter.

Obtaining, in association with origination of outbound network traffic to be sent by a system, user account information of a user account on behalf of which the outbound network traffic is generated, and performing filtering of the outbound network traffic based on the obtained user account information of the user account on behalf of which the outbound network traffic is generated, where the filtering is further based on one or more rules, and the filtering includes determining whether to block or allow sending of the outbound network traffic from the system.

This invention provides apparatuses, methods, and systems for classification of a web client's network bandwidth by a web server in real time over the Internet. The web server, based upon the round trip time (RTT) taken to establish the TCP connection with the web client, classifies the network bandwidth. The RTT for establishment of the TCP connection using a 3-way handshake is stored on the web server on most modern Operating Systems and can be fetched on demand by the web server for a given connection. A web application on the web server could then use this bandwidth classification to serve varied content to the web client, such as a light or heavy web page depending on the level of the bandwidth.

Methods, systems, and computer-readable media for providing reliable switching between different transport protocols (e.g., TCP and UDP) are presented herein. In some embodiments, a computing platform may stop transmission over a transport protocol. Subsequently, the computing platform may synchronize buffers between a client and a host. For example, the buffer may include acknowledgments for undelivered reliable packets between the client and the host. Next, the computing platform may resume transmission over a different transport protocol. In some embodiments, when establishing an initial connection between a client and a host, connections may be attempted in parallel over multiple transport protocols. After a connection over a first transport protocol is established, if a connection is later established over a second transport protocol, the connection may be transitioned to the second transport protocol. Also, ticketing semantics may be preserved in the switch between the different transport protocols.

Systems and methods for improved received network traffic distribution in a multi-core computing device are presented. A hardware classification engine of the computing device receives a data packet comprising a portion of a received network traffic data flow. Packet information from the data packet is identified. Based in part on the packet information, the classification engine determines whether a core of a multi-core processor subsystem is assigned to the data flow of which the packet is a part. In embodiments, this determination may be made based on one or more criteria, such as a work load of the core(s) of the processor subsystem, a priority level of the data flow, etc. Responsive to the determination that a core is not assigned to the data flow, a core of the multi-core processor is assigned to the data flow and the data packet is sent to the first core for processing.

The objective of the invention is to enable sharing, between layers in a network in which the layers are used to perform communications, resource information and information required for using paths. A network control system includes: a lower layer information storage unit, a lower layer control information conversion unit, an upper layer information storage unit, an upper layer control information conversion unit, an integrated layer information storage unit and a layer integration unit. The layer integration unit integrates, as virtual links, the information of flows, which are representative of communications among terminals in the lower layer, with the network information of the upper layer, thereby constituting the network information of the integrated layer. Further, the layer integration unit performs reciprocal exchanges of network information among the integrated layer information storage unit, the lower layer information storage unit and the upper layer information storage unit, said reciprocal exchanges including a process of giving, as the attribute information of the ports of the upper layer, label information required for using the virtual link provided by the lower layer.

Methods, systems, and computer-readable media for providing reliable switching between different transport protocols (e.g., TCP and UDP) are presented herein. In some embodiments, a computing platform may stop transmission over a transport protocol. Subsequently, the computing platform may synchronize buffers between a client and a host. For example, the buffer may include acknowledgments for undelivered reliable packets between the client and the host. Next, the computing platform may resume transmission over a different transport protocol. In some embodiments, when establishing an initial connection between a client and a host, connections may be attempted in parallel over multiple transport protocols. After a connection over a first transport protocol is established, if a connection is later established over a second transport protocol, the connection may be transitioned to the second transport protocol. Also, ticketing semantics may be preserved in the switch between the different transport protocols.

A method for balancing load among firewall security devices (FSDs) is provided. According to one embodiment, a switching device performs adaptive load balancing among cluster units of an HA cluster of firewall security devices. A load balancing (LB) function implemented by the switching device is configured based on information received from a network administrator. A LB table is maintained that forms associations between hash values output by the LB function and corresponding ports of the switching device to which the cluster units are coupled. Network traffic received by the switching device is directed to appropriate cluster units based on the LB function and the LB table. A traffic load on each of the cluster units is monitored. Responsive to a deviation from a predefined ideal traffic distribution, an attempt is made to improve performance of the HA cluster by dynamically adjusting the LB balancing table to address the deviation.

A switch receiving Ethernet packets is disclosed, including TCP packets and/or non-TCP packets. The Ethernet packets are forwarded to at least two ports by forwarding each TCP Present application relates to a switch receiving Ethernet packets, including TCP packets and/or non-TCP packets, and forwarding the Ethernet packets to at least two ports by forwarding each of the TCP packets to any one of the at least two ports and forwarding each stream of non-TCP packets to one corresponding port of the at least two ports.

Systems are presented for processing packets in a network switch. One network device includes a processor, an Ethernet switch, a PCIe switch, and a packet processor. The processor is for executing a controller program, and the Ethernet switch is for switching packets among a ports. Further, the PCIe switch is coupled to the processor and the Ethernet switch, and the packet processor, coupled to the Ethernet switch and the PCIe switch, is operable to modify an application header of an incoming packet and send the incoming packet to one of the ports. The controller program is operable to configure the Ethernet switch and the packet processor to define processing of packets. The controller program is operable to send a first configuration rule to the Ethernet switch, the first configuration rule defining that packets of a network flow requiring header modification be forwarded to the packet processor.