公开(公告)号：US20210105219A1

公开(公告)日：2021-04-08

申请号：US16591189

申请日：2019-10-02

Applicant: Cisco Technology, Inc.

Inventor： Hung Chau ,  Zhijun Liu

IPC: H04L12/801 ,  H04L12/26 ,  H04L12/24

Abstract: In one embodiment, a network security device configured to monitor a communication session between a first device and a second device generates a first empty acknowledgment packet specifying a first sequence number and sends the first empty acknowledgment packet to the first device. The network security device may thereafter determine that a response from the first device has not been received within a threshold amount of time and generate, at least partly in response, a second empty acknowledgment packet specifying a second sequence number. The network security device may send the second empty acknowledgment packet to the first device and receive, from the first device, a third empty acknowledgment packet specifying a third sequence number. The network security device may then store the third sequence number in association with the communication session between the first device and the second device.

公开(公告)号：US10951536B1

公开(公告)日：2021-03-16

申请号：US16591189

申请日：2019-10-02

Applicant: Cisco Technology, Inc.

Inventor： Hung Chau ,  Zhijun Liu

IPC: H04L12/801 ,  H04L12/26 ,  H04L12/24 ,  H04L29/08

Abstract: In one embodiment, a network security device configured to monitor a communication session between a first device and a second device generates a first empty acknowledgment packet specifying a first sequence number and sends the first empty acknowledgment packet to the first device. The network security device may thereafter determine that a response from the first device has not been received within a threshold amount of time and generate, at least partly in response, a second empty acknowledgment packet specifying a second sequence number. The network security device may send the second empty acknowledgment packet to the first device and receive, from the first device, a third empty acknowledgment packet specifying a third sequence number. The network security device may then store the third sequence number in association with the communication session between the first device and the second device.

公开(公告)号：US20200296075A1

公开(公告)日：2020-09-17

申请号：US16885620

申请日：2020-05-28

Applicant: Cisco Technology, Inc.

Inventor： Andrew E. Ossipov ,  Kent Leung ,  Zhijun Liu

IPC: H04L29/12

Abstract: A method is performed by a master network device among network devices of a cluster. The master network device receives cluster configuration information including a set of Internet Protocol (IP) addresses and a pool of port blocks associated with the IP addresses. Each port block includes multiple ports, and the pool of the port blocks is to be shared across the network devices for port address translation. The master network device divides the port blocks in the pool into multiple buckets. The master network device allocates to each network device in the cluster a corresponding one of the buckets, and reserves each bucket that is not allocated for allocation to a potential new network device. When a new network device joins the cluster, the master network device allocates to the new network device the port blocks from a corresponding one of the reserved buckets.

公开(公告)号：US09860209B2

公开(公告)日：2018-01-02

申请号：US14709777

申请日：2015-05-12

Applicant: Cisco Technology, Inc.

Inventor： Kevin A. Buchanan ,  Andrew E. Ossipov ,  Kent Leung ,  Xun Wang ,  Zhijun Liu ,  Weiwei Kang

IPC: H04L29/00 ,  H04L29/06 ,  H04L12/801

CPC classification number: H04L63/0227 ,  H04L47/10 ,  H04L63/0254

Abstract: A method operable in a security device cluster having a plurality of security devices each configured to receive respective data flows. The method includes receiving a first segment of a flow at a first security device of the plurality of security devices, sending the first segment of the flow toward a destination node without the first security device of the plurality of security devices asserting ownership over the flow, receiving, from the destination node, a second segment of the flow at a second security device of the plurality of security devices, the second segment of the flow being responsive to the first segment, asserting, by the second security device of the plurality of security devices, ownership over the flow, and forwarding, from the first security device, packets of the flow subsequently received by the first security device to the second security device.