System and method for managing network communications

摘要

A system and method is directed to managing network communications and improving network security. In a communication protocol, an improved method of generating a value that encodes information received in an incoming message, and a corresponding way of validating an incoming message with an encoded value, improves network security. A technique for directing a network device to delay communications includes sending an instruction designating an initial window size of zero to the device. Another technique uses a TCP fast retransmit protocol. The techniques can be used to provide layer four switching, change to layer seven switching when desired, and then change back to layer four switching to improve security in a layer four switching device. Levels of trust can also be used to selectively perform aspects of the invention.

主权项

1. A method for managing a communication between at least one client and an array of at least one server on a network, comprising:
employing layer four switching to receive from a client device a synchronization (SYN) packet requesting an initiation of a communication connection, the initiation being used in performing a first protocol handshake with a first client device that is the client device; when it is determined that a resource threshold is exceeded, then changing to use layer seven processing to perform actions, including:
sending a synchronization-acknowledgement (SYN-ACK) to the client device, the SYN-ACK including a server initial sequence number (SISN) that has embedded within it a maximum segment size (MSS) index to an MSS value in an MSS table, wherein each bit location of the MSS index in the SISN is determined by a periodically changing MSS mapping value, and wherein remaining bits in the SISN are based on a seed value that corresponds to the MSS mapping value;determining that an ACK received from the client device is valid when a hash value that is based on the seed value matches an ACK hash value that is extracted from the SISN in the ACK based on the MSS mapping value;in response to receiving a valid ACK from the client device, performing at level seven processing a connection initiation with the at least one server that is used in performing a second protocol handshake with a target server that is the at least one server, to initiate establishing connections with the client device and the at least one server; and when the establishment of the connection is initiated at layer seven, transitioning from layer seven processing to layer four processing to communicate data packets used for at least a connection initiate handshake protocol and a connection terminate handshake protocol, or other data packets used for more than just establishing connections between the client device and the at least one server using the established connections, wherein layer four and seven are layers within the Open Systems Interconnection (OSI) protocol stack.