US20130166637A1 - Apparatus and Method for Domain Name Resolution - Google Patents
Apparatus and Method for Domain Name Resolution Download PDFInfo
- Publication number
- US20130166637A1 US20130166637A1 US13/776,651 US201313776651A US2013166637A1 US 20130166637 A1 US20130166637 A1 US 20130166637A1 US 201313776651 A US201313776651 A US 201313776651A US 2013166637 A1 US2013166637 A1 US 2013166637A1
- Authority
- US
- United States
- Prior art keywords
- address
- server
- network
- request
- translation
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Abandoned
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/09—Mapping addresses
- H04L61/25—Mapping addresses of the same type
- H04L61/2503—Translation of Internet protocol [IP] addresses
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0227—Filtering policies
- H04L63/0236—Filtering by address, protocol, port number or service, e.g. IP-address or URL
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/45—Network directories; Name-to-address mapping
- H04L61/4505—Network directories; Name-to-address mapping using standardised directories; using standardised directory access protocols
- H04L61/4511—Network directories; Name-to-address mapping using standardised directories; using standardised directory access protocols using domain name system [DNS]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/45—Network directories; Name-to-address mapping
- H04L61/4552—Lookup mechanisms between a plurality of directories; Synchronisation of directories, e.g. metadirectories
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/1001—Protocols in which an application is distributed across nodes in the network for accessing one among a plurality of replicated servers
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/1001—Protocols in which an application is distributed across nodes in the network for accessing one among a plurality of replicated servers
- H04L67/1004—Server selection for load balancing
- H04L67/1017—Server selection for load balancing based on a round robin mechanism
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/1001—Protocols in which an application is distributed across nodes in the network for accessing one among a plurality of replicated servers
- H04L67/1004—Server selection for load balancing
- H04L67/1021—Server selection for load balancing based on client or server locations
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/1001—Protocols in which an application is distributed across nodes in the network for accessing one among a plurality of replicated servers
- H04L67/1038—Load balancing arrangements to avoid a single path through a load balancer
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/50—Network services
- H04L67/56—Provisioning of proxy services
- H04L67/563—Data redirection of data network streams
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
An apparatus and method for enhancing the infrastructure of a network such as the Internet is disclosed. Multiple edge servers and edge caches are provided at the edge of the network so as to cover and monitor all points of presence. The edge servers selectively intercept domain name translation requests generated by downstream clients, coupled to the monitored points of presence, to subscribing Web servers and provide translations which either enhance content delivery services or redirect the requesting client to the edge cache to make its content requests. Further, network traffic monitoring is provided in order to detect malicious or otherwise unauthorized data transmissions.
Description
- This application is a continuation under 37 C.F.R. §1.53(b) of U.S. patent application Ser. No. 11/259,160, filed Oct. 26, 2005 (Attorney Docket No. 10736/07033BUS), now U.S. Pat. No. ______, the entire disclosure of which is hereby incorporated by reference, which is a continuation under 37 C.F.R. §1.53(b) of U.S. patent application Ser. No. 09/602,286, filed Jun. 23, 2000 (Attorney Docket No. 10736/5), now U.S. Pat. No. 7,003,555, the entire disclosure of which is hereby incorporated by reference.
- The Internet is growing by leaps and bounds. Everyday, more and more users log on to the Internet for the first time and these, and existing users are finding more and more content being made available to them. Whether it be for shopping, checking stock prices or communicating with friends, the Internet represents a universal medium for communications and commerce.
- Unfortunately, the growing user base along with the growing content provider base is causing ever increasing congestion and strain on the infrastructure, the network hardware and software plus the communications links linking it all together, which makes up the Internet. While the acronym “WWW” is defined as “World Wide Web”, many users of the Internet have come to refer to it as the “World Wide Wait.”
- These problems are not limited to the Internet either. Many companies provide internal networks, known as intranets, which are essentially private Internets for use by their employees. These intranets can become overloaded as well. Especially, when a company's intranet provides connectivity to the Internet. In this situation, the intranet is not only carrying internally generated traffic but also Internet traffic generated by the employees.
- Furthermore, more and more malicious programmers are setting there sights on the Internet. These “hackers” spread virus programs or attempt to hack into Web sites in order to steal valuable information such as credit card numbers. Further, there have been an increasing number of Denial of Service attacks where a hacker infiltrates multiple innocent computers connected to the Internet and uses them, unwittingly, to bombard a particular Web site with an immense volume of traffic. This flood of traffic overwhelms the servers and literally shuts the Web site down.
- Accordingly, there is a need for an enhanced Internet infrastructure to more efficiently deliver content from providers to users and provide additional network security and fault tolerance.
-
FIG. 1 depicts an exemplary network for use with the preferred embodiments. -
FIG. 2 depicts the operations of the Domain Name System of the exemplary network ofFIG. 1 . -
FIG. 3 depicts an exemplary content delivery system for use with the exemplary network ofFIG. 1 . -
FIG. 4 depicts a content delivery system for use with the network ofFIG. 1 according to a first embodiment. -
FIG. 4A depicts a block diagram of the edge server ofFIG. 4 . -
FIG. 5 depicts a content delivery system for use with the network ofFIG. 1 according to a second embodiment. -
FIG. 5A depicts a block diagram of the edge server ofFIG. 5 . -
FIG. 6 depicts a content delivery system for use with the network ofFIG. 1 according to a third embodiment. -
FIG. 6A depicts a block diagram of the edge server ofFIG. 6 . - Referring now to the figures, and in particular,
FIG. 1 , there is shown anexemplary network 100 for use with the presently preferred embodiments. It is preferred that thenetwork 100 be a publicly accessible network, and in particular, the Internet. While, for the purposes of this disclosure, the disclosed embodiments will be described in relation to the Internet, one of ordinary skill in the art will appreciate that the disclosed embodiments are not limited to the Internet and are applicable to other types of public networks as well as private networks, and combinations thereof, and all such networks are contemplated. - As an introduction, a network interconnects one or more computers so that they may communicate with one another, whether they are in the same room or building (such as a Local Area Network or LAN) or across the country from each other (such as a Wide Area Network or WAN). A network is series of points or
nodes 126 interconnected bycommunications paths 128. Networks can interconnect with other networks and can contain sub-networks. Anode 126 is a connection point, either a redistribution point or an end point, for data transmissions generated between the computers which are connected to the network. In general, anode 126 has a programmed or engineered capability to recognize and process or forward transmissions toother nodes 126. Thenodes 126 can be computer workstations, servers, bridges or other devices but typically, thesenodes 126 are routers. - A router is a device or, in some cases, software in a computer, that determines the
next network node 126 to which a piece of data (also referred to as a “packet” in the Internet context) should be forwarded toward its destination. The router is connected to at least two networks or sub-networks and decides which way to send each information packet based on its current understanding of the state of the networks it is connected to. A router is located at any juncture of two networks, sub-networks or gateways, including each Internet point-of-presence (described in more detail below). A router is often included as part of a network switch. A router typically creates or maintains a table of the available routes and their conditions and uses this information along with distance and cost algorithms to determine the best route for a given packet. Typically, a packet may travel through a number of network points, each containing additional routers, before arriving at its destination. - The
communications paths 128 of anetwork 100, such as the Internet, can be coaxial cable, fiber optic cable, telephone cable, leased telephone lines such as T1 lines, satellite links, microwave links or other communications technology as is known in the art. The hardware and software which allows the network to function is known as the “infrastructure.” Anetwork 100 can also be characterized by the type of data it carries (voice, data, or both) or by the network protocol used to facilitate communications over the network's 100 physical infrastructure. - The Internet, in particular, is a publicly accessible
worldwide network 100 which primarily uses the Transport Control Protocol and Internet Protocol (“TCP/IP”) to permit the exchange of information. At a higher level, the Internet supports several applications protocols including the Hypertext Transfer Protocol (“HTTP”) for facilitating the exchange of HTML/World Wide Web (“WWW”) content, File Transfer Protocol (“FTP”) for the exchange of data files, electronic mail exchange protocols, Telnet for remote computer access and Usenet for the collaborative sharing and distribution of information. It will be appreciated that the disclosed embodiments are applicable to many different applications protocols both now and later developed. - Logically, the Internet can be thought of as a Web of
intermediate network nodes 126 andcommunications paths 128 interconnecting thosenetwork nodes 126 which provide multiple data transmission routes from any given point to any other given point on the network 100 (i.e. between any two computers connected to the network). Physically, the Internet can also be thought of as a collection of interconnected sub-networks wherein each sub-network contains a portion of theintermediate network nodes 126 andcommunications paths 128. The division of the Internet into sub-networks is typically geographically based, but can also be based on other factors such as resource limitations and resource demands. For example, a particular city may be serviced by one or more Internet sub-networks provided and maintained by competing Internet Service Providers (“ISP's”) (discussed in more detail below) to support the service and bandwidth demands of the residents. - Contrasting the Internet with an intranet, an intranet is a private network contained within an enterprise, such as a corporation, which uses the TCP/IP and other Internet protocols, such as the World Wide Web, to facilitate communications and enhance the business concern. An intranet may contain its own Domain Name Server (“DNS”) (described in more detail below) and may be connected to the Internet via a gateway, i.e., an intra-network connection, or gateway in combination with a proxy server (described in more detail below) or firewall, as are known in the art.
- Referring back to
FIG. 1 ,clients servers network 100. Herein, the phrase “coupled with” is defined to mean directly connected to or indirectly connected with through one or more intermediate components. Such intermediate components may include both hardware and software based components. Thenetwork 100 facilitates communications and interaction between one or more of theclients servers network 100 also facilitates communications and interaction among one or more of theclients client client servers server server - A
client network 100. Typically, aclient servers network 100. These data interchanges most often involve the client requesting data or content from the other computer and the other computer providing that data or content in response to the request. Alternatively, the other computer coupled with the network can “push” data or content to theclient electronic mail server network 100 to theclient client many clients network 100. - A
server server clients network 100. In response to the request, theserver client server client server client server servers clients many servers network 100. -
Clients network 100 at a point of presence (“POP”) 114, 116. ThePOP client network 100. In apublic network 100, such as the Internet, thePOP public network 100 ends, after which comes the private hardware or private network of theclient POP service provider network 100 on a fee for service basis. APOP ISP POP servers POP - A
typical ISP different clients network 100 at any given time. APOP client network 100 both physically/electrically and logically (as will be discussed below). Theclient POP client ISP POP client client POP client - A
service provider clients clients client network 100.Servers network 100 by POP's 114, 116. These POP's 114, 116 typically provide a dedicated, higher capacity and more reliable connection to facilitate the data transfer and availability needs of theserver client service provider network 100 from wherever theclient other service providers service provider clients network 100. - Note that there may be
other service providers network 100 connectivity to theservice providers upstream service provider downstream service providers network 100. Peering is the term used to describe the arrangement of traffic exchange between Internet service providers (ISPs) 118, 120. Generally, peering is the agreement to interconnect and exchange routing information. More specifically, larger ISP's 118, 120 with their own backbone networks (high speed, high capacity network connections which interconnect sub-networks located in disparate geographic regions) agree to allow traffic from other large ISP's 118, 120 in exchange for traffic on their backbones. They also exchange traffic withsmaller service providers service providers service providers backbone service provider - A network access point (NAP) is one of several major Internet interconnection points that serve to tie all of the
service providers Service providers - For purposes of later discussions, the
network 100 can be further logically described to comprise acore 122 and anedge 124. Thecore 122 of thenetwork 100 includes theservers network 100 infrastructure, as described above, including largerupstream service providers core 122 includes everything within thenetwork 100 up to the POP's 114, 116. The POP's 114, 116 and their associated hardware lie at theedge 124 of thenetwork 100. Theedge 124 of thenetwork 100 is the point whereclients network 100. As defined herein, theedge 124 of thenetwork 100 may include additional hardware and software such as Domain Name Servers, cache servers, proxy servers and reverse proxy servers as will be described in more detail below. Typically, as thenetwork 100 spreads out from thecore 122 to theedge 124, the total available bandwidth of thenetwork 100 is diluted over more and more lower cost and lower bandwidth communications paths. At thecore 122, bandwidth over the higher capacity backbone interconnections tends to be more costly than bandwidth at theedge 124 of thenetwork 100. As with all economies of scale, high bandwidth interconnections are more difficult to implement and therefore rarer and more expensive than low bandwidth connections. It will be appreciated, that even as technology progresses, newer and higher bandwidth technologies will remain more costly than lower bandwidth technologies. - As was discussed above,
clients servers clients servers Servers Web servers - Essential concepts that are part of HTTP include (as its name implies) the idea that files/content can contain references to other files/content whose selection will elicit additional transfer requests. Any
Web server client Web servers Web server destination server client - The Web content which a Web server typically serves is in the form of Web pages which consist primarily of Hypertext Markup Language. Hypertext Markup Language (“HTML”) is the set of “markup” symbols or codes inserted in a file intended for display on a World Wide Web browser. The markup tells the Web browser how to display a Web page's words and images, as well as other content, for the user. The individual markup codes are referred to as elements or tags. Web pages can further include references to other files which are stored separately from the HTML code, such as image or other multimedia files to be displayed in conjunction with the HTML Web content.
- A Web site is a related collection of Web files/pages that includes a beginning HTML file called a home page. A company or an individual tells someone how to get to their Web site by giving that person the address or domain name of their home page (the addressing scheme of the Internet and the TCP/IP protocol is described in more detail below). From the home page, links are typically provided to all the other pages (HTML files) located on their site. For example, the Web site for IBM™ has the home page address of http://www.ibm.com. Alternatively, the home page address may include a specific file name like index.html but, as in IBM's case, when a standard default name is set up, users don't have to enter the file name. IBM's home page address leads to thousands of pages. (But a Web site can also be just a few pages.)
- Since site implies a geographic place, a Web site can be confused with a
Web server server servers server server - As was described above, the
network 100 facilitates communications betweenclients servers network 100 facilitates the transmission of HTTP requests from aclient server client network 100, whether it be aclient server client server network 100 can reliably route communications to it. Additionally,clients servers multiple clients multiple servers particular server same server POP particular client network 100, it is often satisfactory to provide eachPOP POP connected client client POP private network client - As was discussed, the Internet is a collection of interconnected sub-networks whose users communicate with each other. Each communication carries the address of the source and destination sub-networks and the particular machine within the sub-network associated with the user or host computer at each end. This address is called the IP address (Internet Protocol address). In the current implementation of the Internet, the IP address is a 32 bit binary number divided into four 8 bit octets. This 32-bit IP address has two parts: one part identifies the source or destination sub-network (with the network number) and the other part identifies the specific machine or host within the source or destination sub-network (with the host number). An organization can use some of the bits in the machine or host part of the address to identify a specific sub-network within the sub-network. Effectively, the IP address then contains three parts: the sub-network number, an additional sub-network number, and the machine number.
- One problem with IP addresses is that they have very little meaning to ordinary users/human beings. In order to provide an easier to use, more user
friendly network 100, a symbolic addressing scheme operates in parallel with the IP addressing scheme. Under this symbolic addressing scheme, eachclient server server servers network 100. A URL typically includes the domain name of the provider of the identified resource, an indicator of the type of resource and an identifier of the resource itself. For example, for the URL “http://www.ibm.com/index.html”, http identifies this resource as a hypertext transfer protocol compatible resource, www.ibm.com is the domain name (again, the www is arbitrary and typically is added to indicate to a user that theserver server - Domain names make the
network 100 easier for human beings to utilize it, however the network infrastructure ultimately uses IP addresses, and not domain names, to route data to the correct destination. Therefore, a translation system is provided by thenetwork 100 to translate the symbolic human comprehensible domain names into IP addresses which can then be used to route the communications. The Domain Name System (“DNS”) is the way that Internet domain names are located and translated into IP addresses. The DNS is a distributed translation system of address translators whose primary function is to translate domain names into IP addresses and vice versa. Due to the ever expanding number ofpotential clients servers service provider 118, 120 (and likely provided by thatservice provider 118, 120), handles requests to translate the domain names serviced by thatservice provider - DNS translations (also known as “lookups” or “resolutions”) can be forward or reverse. Forward DNS translation uses an Internet domain name to find an IP address. Reverse DNS translation uses an Internet IP address to find a domain name. When a user enters the address or URL for a Web site or other resource into their browser program, the address is transmitted to a nearby router which does a forward DNS translation in a routing table to locate the IP address. Forward DNS translations are the more common translation since most users think in terms of domain names rather than IP addresses. However, occasionally a user may see a Web page with a URL in which the domain name part is expressed as an IP address (sometimes called a dot address) and wants to be able to see its domain name, to for example, attempt to figure the identity of who is providing the particular resource. To accomplish this, the user would perform a reverse DNS translation.
- The DNS translation servers provided on the Internet form a hierarchy through which any domain name can be “resolved” into an IP address. If a particular DNS translation server does not “know” the corresponding IP address of a given domain name, it “knows” other DNS translation servers it can “ask” to get that translation. This hierarchy includes “top-level” DNS translation servers which “know” which resources (
clients servers client server - Referring now to
FIG. 2 , there is shown a diagram illustrating the basic operation of theDomain Name System 200. Depicted in the figure areclients Client 1”, “Client 2” and “Client 3.”Clients service provider 120, labeled “POP1A” and “POP1B.”Client 3 is coupled with a POP (not shown) provided byservice provider 118, labeled “POP2.” In addition,service providers other clients Service provider 120 is shown further coupled withservice provider 118, aserver 108, labeled “Server 1”, preferably a Web server and more preferably an entire Web site which may comprise multiple sub-servers (not shown) as discussed above, and a top-levelDNS translation server 202, labeled “DNS Top”, all via thenetwork 100 which is preferably the Internet. Furthermore,service provider 120 further includes aDNS translation server 204, labeled “DNS A” and routing andinterconnection hardware 206, as described above, to electrically and logically couple the POP's 114 with thenetwork 100. Optionally, theservice provider 120 may also include acache server 208 or proxy server (not shown) to enhance content delivery as described below. - In order for a
client particular server 108, theclient server 108 so that it can properly address its request. Referring toClient 1 102, an exemplary DNS translation transaction where theclient Client 1 enters a URL or domain name of theServer 1 108 and specific resource contained withinServer 1, such as a sub-server, into their browser program in order to make a request for content. The browser program typically handles negotiating the DNS translation transaction and typically has been pre-programmed (“bound”) with the IP address of a particular DNS translation server to go to first in order to translate a given domain name. Typically, this bound DNS translation server will beDNS A 204 provided by theservice provider 120. Alternatively, where theclient service provider 120 can automatically route translation requests received by its POP's 114 to its DNS translation server,DNS A 202. The process by which a domain name is translated is often referred to as the “slow start” DNS translation protocol. This is in contrast to what is known as the “slow start HTTP” protocol which will be discussed below in more detail in relation to content delivery. -
Client 1 102 then sends its translation request, labeled as “A1”, to itsPOP 114, POP1A. The request, A1, is addressed with a return address ofClient 1 and with the IP address of the boundDNS A 204 therefore the service provider's 120routing equipment 206 automatically routes the request toDNS A 204, labeled as “B.” AssumingDNS A 204 does not know how to translate the given domain name in the request or the translation in its routing table has expired, it must go up the DNS hierarchy to complete the translation.DNS A 204 will then forward a request, labeled “C”, upstream to the top-levelDNS translation server 202 associated with the top-level domain in the domain address, i.e. com, gov, edu etc.DNS A 204 has been pre-programmed with the IP addresses of the various hierarchical servers that it may need to talk to in order to complete a translation.DNS A 204 addresses request C with the IP address of the top-level DNS server 202 and also includes its own return address. DNA then transmits the request over thenetwork 100 which routes the request to the toplevel DNS server 202. The top-level DNS server 202 will then translate and return the IP address corresponding toServer 1 108 back toDNS A 204 via thenetwork 100, labeled “D.” - As was discussed above, a particular domain name may be associated with multiple IP addresses of
multiple sub-servers multiple sub-servers Client 1 102,DNS A 204 must further translate the domain address into thespecific sub-server 108. In order to accomplish this,Server 1 108 provides its ownDNS translation server 210 which knows about the various sub-servers and other resources contained withinServer 1 108.DNS A 204, now knowing the IP address ofServer 1 108, e.g. the Web site generally, can create a request, labeled “E”, to translate the domain name/URL provided byClient 1 102 into the exact sub-server/resource onServer 1 108.DNS B 210 returns the translation, labeled “F”, toDNS A 204 which then returns it toClient 1 102 via the service provider'srouting equipment 206, labeled “G”, which routes the response throughPOP1A 114 to theClient 1, labeled “H1.”Client 1 102 now has the IP address it needs to formulate its content requests toServer 1 108. -
FIG. 2 , further depicts an exemplary DNS translation transaction wherein theclient client 2 104 may comprise its own network of computer systems. Further more,client 2 104 may provide its own DNS translation server (not shown) to handle internal routing of data as well as the routing of data over thenetwork 100 generally for the computer systems coupled with this private network. In this case, the internal DNS translation server will either be programmed to send its unknown translations to DNS A (labeled as “A2”, “B”, “C”, “D”, “E”, “F”, “G”, “H2”) or may be programmed to use the DNS hierarchy itself, i.e. communicate directly with theupstream DNS Top 202 and DNS B 210 (labeled as “A2”, “B2”, “C2”, “D2”, “E2”, “F2”, “G2”, “H2”). In these cases, the internal DNS translation server simply adds another layer to the DNS hierarchy as a whole, but the system continues to function similarly as described above. - In addition,
FIG. 2 , further depicts an exemplary DNS translation transaction wherein theclient POP 114 that is not associated with its boundDNS translation server 204. For example,Client 3 106 is depicted as being coupled with POP2 provided byservice provider 118. In the exemplary situation,Client 3 106 is bound withDNS A 204 provided byservice provider 120. This situation can occur in the wireless environment, where aparticular wireless client POP service provider 120 who generally provides connectivity services for theclient client 3 106 will perform its translation requests as described above, and will address these requests to its bound DNS Server, in thiscase DNS A 204. Theservice provider 118 will see the address of theDNS A 204 inclient 3's 106 translation requests and appropriately route the translation request over thenetwork 100 toservice provider 120 and ultimately on toDNS A 204.DNS A 204 will appropriately handle the request and return it via thenetwork 100 accordingly (labeled as “A3”, “B”, “C”, “D”, “E”, “F”, “G”, “H3”). - It will be appreciated that in each of the examples given above, if a particular DNS translation server already “knows” the requested translation, the DNS translation server does not have to go up the hierarchy and can immediately return the translation to the requester, either the
client - It should be noted, that because a given
server destination server network 100 congestion. It will further be appreciated that the operations and structure of the existing DNS system are known to those of ordinary skill in the art. - As mentioned above, once the DNS translation is complete, the
client server 108. Typically, the requests for content will be in the form of HTTP requests for Web content as described above. In order to alleviateserver 108 overload, the HTTP protocol provides a “slow start” mechanism. As was described above, a Web page consists of HTML code plus images, multimedia or other separately stored content. Typically, the amount of HTML code contained within a Web page is very small compared to the amount of image and/or multimedia data. When a client requests a Web page from theserver 108, theserver 108 must serve the HTML code and the associated image/multimedia data to theclient client server 108 from wasting processing and bandwidth resources unnecessarily by sending unwanted data, the HTTP slow start protocol forces theclient client server 108, theinitial server 108 is not burdened with serving the unwanted or unnecessary content. - In addition, it important to note that
clients client server 108 from which it is requesting content is located in Paris, France. Alternatively,client server 108 but, due to the topology of thenetwork 100, there may bemultiple nodes 126 and interconnectingcommunications paths 128 between theclient server 108 necessitating a lengthy route for any data transmitted between the two. Either scenario can significantly impact the response time of aserver 108 to a given request from aclient network 100 may be servicing millions ofclients servers 108 at any given time, the response time may be further impacted by reduced bandwidth and capacity caused by network congestion at theserver 108 or at one or moreintermediate network nodes 126. -
Servers 108 andservice providers network 100 interconnections. Further,servers 108 may attempt to alleviate slow request response times by providing multiple sub-servers which can handle the volume of requests received with minimal latency. These sub-servers can be provided behind a reverse proxy server which, as described above, is “tightly coupled” with the Web site and can route content requests directed to a single IP address, to any of the multiple sub-servers. This reduces the number of individual translations that have to be made available to the DNS translation system and kept up to date for all of the sub-servers. The reverse proxy server can also attempt to balance the load across multiple sub-servers by allocating incoming requests using, for example, a round-robin routine. Reverse proxy servers can further include a cache server as described below to further enhance the Server's 108 ability to handle a high volume of requests or the serving of large volumes of data in response to any given request. It will be appreciated that reverse proxy servers and load balancing techniques are generally known to those of ordinary skill in the art. -
Clients service providers 118, 120 (and, as described above, servers 108) may attempt to alleviate this problem by including a cache orcache server 208. Acache server 208 is a server computer (or alternatively implemented in software directly on theclient client client cache server 208 saves/caches Web pages and other content thatclients cache server 208 itself without the need to contact the source of the content. Acache server 208 reduces the latency of fulfilling requests and also reduces the load on the content source. Further, acache server 208 at theedge 124 of the Internet reduces the consumption of bandwidth at thecore 122 of the Internet where it is more expensive. Thecache server 208 may be a part of a proxy server or may be provided by aservice provider -
Cache servers 208 invisibly intercept requests for content and attempt to provide the requested content from the cache (also known as a “hit”). Note that acache server 208 is not necessarily invisible, especially when coupled with a proxy server. In this case, theclient Cache servers 208, as referred to in this disclosure then, may include these visible cache servers as well as invisible cache servers which transparently intercept and attempt to service content requests. Where the requested content is not in the cache (also known as a “miss”), the cache forwards the request onto the content source. When the source responds to the request by sending the content to theclient cache server 208 saves a copy of the content in its cache for later requests. In the case where a cache server is part of a proxy server, the cache/proxy server makes the request to the source on behalf of theclient client - Caches operate on two principles, temporal locality and spatial locality. Temporal locality is a theory of cache operation which holds that data recently requested will most likely be requested again. This theory dictates that a cache should store only the most recent data that has been requested and older data can be eliminated from the cache. Spatial Locality is a theory of cache operation which holds that data located near requested data (e.g. logically or sequentially) will be likely to be requested next. This theory dictates that a cache should fetch and store data in and around the requested data in addition to the requested data. In practice, this means that when a HTML Web page is requested, the cache should go ahead and request the separately stored content, i.e. begin the slow start process because more likely than not, the
client - While
cache servers 208 alleviate some of the problems with net congestion and request response times, they do not provide a total solution. In particular, they do not provide a viable solution for dynamic content (content which continually changes, such as news, as opposed to static or fixed content). This type of content cannot be cached otherwise the requestingclient cache servers 208 often cannot support the bandwidth and processing requirements of streaming media, such as video or audio, and must defer these content requests to theserver 108 which are the source of the content.Cache servers 208, in general, further lack the capability to service a large volume of requests from a large volume ofclients general cache servers 208, such as those provided by aservice provider server 108 load, request response times andnetwork 100 bandwidth. Moreover, as will be discussed below, by simply passing on requests which miss in the cache to theserver 108 to handle, theserver 108 is further subjected to increased security risks from theuntrusted network 100 traffic which may comprise, for example, a denial of service attack or an attempt by a hacker to gain unauthorized access. - Referring now to
FIG. 3 , there is depicted an enhancedcontent delivery system 300 which provides optimized caching of content from theserver 108 to theclient system 300 is typically provided as a pay-for service by a content delivery service to whichparticular servers 108 subscribe to in order to enhance requests made byclients FIG. 3 depicts the identical DNS system ofFIG. 2 but addscache servers DNS translation server 306, labeled “DNS C” affiliated with the content delivery service. - The depicted
system 300 implements one known method of “Content Delivery.” Content delivery is the service of copying the pages of a Web site to geographically dispersedcache servers closest cache server client service providers cache servers closest cache server client server 108 that is “content-delivery enabled,” the content delivery network re-directs thatclient server 108, but to acache server cache server client server 108. Any new content is also cached locally. Other than faster loading times, the process is generally transparent to the user, except that the URL ultimately served back to theclient -
FIG. 3 further details a known method of re-directing the requests generated by theclient nearby cache server client particular server 108, it will obtain the IP address of theserver 108, as described above, using the normal DNS translation system. Once the server's 108 IP address is obtained, theclient server 108 will serve the HTML code file to theclient client client client - The exemplary content delivery service partners with the subscribing
Web server 108 and modifies the URL's of the separately stored content within the HTML code file for the particular Web page. The modified URL's include data which will direct their translation requests to a specificDNS translation server 306, DNS C provided by the content delivery service. DNS C is an intelligent translation server which attempts to figure out where theclient cache server client downstream DNS server 204, DNS A which it assumes is located near theclient network 100 topology and assignment of IP addresses,DNS C 306 can determine the geographicallyoptimal cache server client - An exemplary transaction is further depicted by
FIG. 3 . In this exemplary transaction,Client 3 106 wishes to request content fromServer 1 108.Client 3 106 will establish the IP address of the source of the desired content using the standard DNS translation system described above, labeled “A1”, “B”, “C”, “D”, “E”, “F”, “G”, “H1.” OnceClient 3 106 has the IP address ofServer 1 108, it will generate a request for the initial HTML code file of the desired Web page andServer 1 108 will respond with the data.Client 3 106 will then request a particular separately stored file associated with the Web page by reading the URL from the HTML code file and translating the domain name contained therein. As noted above, this URL comprises the domain name of the content delivery service as well as an identifier which identifies the content being requested (since the content delivery service typically handles many different servers 108).Client 3 106 will generate another translation request toDNS A 204, labeled “I1” and “J.”DNS A 204 will attempt to translate the given domain name but will fail because the content delivery service has set all of its translations to have a TTL=0. Therefore,DNS A 204 will be required to contactDNS C 306 which is provided by the content delivery service, labeled “K” and “L.” Note thatDNS A 204 may be required to contactDNS top 202 in order to locate the IP address ofDNS C 306.DNS C 306 receives the translation request and knows the IP address ofDNS A 204, which was given as the return address for the translation. Using the IP address ofDNS A 204,DNS C 306 figures out whichcache server Client 3 106, in this case,Cache C2 304. An appropriate IP address is then returned to byDNS C 306 toDNS A 204 and subsequently returned toClient 3 106.Client 3 106 then formulates its request for the separately stored data but, unwittingly, uses the IP address of thecache server C2 304.Cache server C2 304 receives the request and serves the desired content as described above. -
FIG. 3 further illustrates a second exemplary transaction sequence which discloses a flaw in the depicted content delivery method. In this example,Client 1 102 wishes to request content fromServer 1 108.Client 1 102 is a wireless or mobile client which is coupled with service provide 118 at POP2 but is bound toDNS A 204 provided byservice provider 120. In this example, all of the translation and request transactions occur as in the above example forClient 3 106. The translation request to identify the IP address of the separately stored content will be handled byDNS A 204 which will then hand it off toDNS C 306 as described above. However,DNS C 306 will then attempt to identify a geographicallyproximate cache server DNS A 204 which is not located nearClient 1 102 in this example. ThereforeDNS C 306 will return atranslation directing Client 1 102 tocache server C2 304 when in fact, the optimal cache server would have beencache server C1 302. With more and more wireless and mobile user utilizing the Internet, mis-optimized re-direction of content delivery will happen more frequently. Furthermore, there may be cases where theClient POP client client cache server client - Referring now to
FIG. 4 , there is depicted a first embodiment of an enhanced DNS system to facilitate the operation of content delivery services by eliminating the dependency on the geographic location of the downstream DNS server. In addition to what is shown inFIG. 3 , the embodiment shown inFIG. 4 further adds anedge server 402 coupled with therouting equipment 206 and POP's 114 of anaffiliated service provider 120 and preferably located within the affiliated server provider's 120 facilities. In one alternative embodiment, theedge server 402 is integrated with a router. In another alternative embodiment, the edge server is integrated with a generally accessible DNS translation server such asDNS A1 204. Theedge server 402 is capable of monitoring the network traffic stream passing between the POP's 114 and thenetwork 100, including the service provider's 120 hardware, such as thecache 208 and theDNS translation server 204, DNS A. Theedge server 402 is further capable of selectively intercepting that traffic and preventing it from reaching its intended destination, modifying the intercepted traffic and reinserting the modified traffic back into the general network traffic stream. It is preferred that the facilities and capabilities of theedge server 402 be provided to content delivery services and orWeb servers 108 on a fee for services basis as will be described below. Further, it is preferred that anedge server 402 be provided at everymajor service provider network 100. - Referring to
FIG. 4A , theedge server 402 includes arequest interceptor 404, arequest modifier 406, and arequest forwarder 408. Theedge server 402 preferably includes one or more processors, a memory coupled with the processors and one or more network interfaces or other interfaces, also coupled with the processors and operative to couple or integrate theedge server 402 with the routing equipment of theservice provider 120. Optionally, theedge server 402 may include secondary storage including a second memory such as a cache memory, hard disk or other storage medium. Further, the processors of theedge server 402 may be dedicated processors to perform the various specific functions described below. Theedge server 402 preferably further includes software and/or firmware provided in a read only memory or in a secondary storage which can be loaded into memory for execution or, alternatively, executed from the secondary storage by the processors, to implement the various functions as detailed below. To further improve performance, such software functionality may also be provided by application specific integrated circuits (“ASICS”). For example, anedge server 402 can comprise a Compaq TaskSmart™ Server manufactured by Compaq Corporation, located in Austin, Tex. The TaskSmart™ Server can include an Intel IXA1000 Packet Processor manufactured by Intel Corporation, located in Santa Clara, Calif. to perform the traffic monitoring and port specific traffic interception functions as well as the security applications as detailed below. The TaskSmart™ Server can further include a PAX.port 1100™ classification adapter manufactured by Solidum Corporation, located in Scotts Valley, Calif., which can receive intercepted DNS translation requests from the packet processor and, utilizing a look up table (preferably stored in a memory providing high speed access), determine whether or not the request is associated with a subscribingserver 108, as described below. The classification adapter can attempt to resolve the DNS request or hand it off to a general processor such as an Intel Pentium III™ or other general purpose processor for further operations as detailed below. Anexemplary edge server 402 may have six 9.1 GB hot pluggable hard drives preferably in a RAID or other redundant configuration, two redundant hot pluggable power supplies, five 10/100 Ethernet ports and 1 GB of main memory and capable of handling in excess of 1250 requests per second. - The
request interceptor 404 listens to the network traffic passing between the POP's 114 of the affiliatedservice provider 120 and thenetwork 100 and selectively intercepts DNS translation requests generated by any of theclients affiliated service provider 120. Such interception is preferably accomplished by identifying the destination “port” of any given data packet generated by aclient routing equipment 206 of theservice provider 120 is programmed to forward all DNS translation requests to theedge server 402. Therequest interceptor 404 can then choose which DNS translation requests to intercept as described below. This alternative routing scheme may implemented through a traffic routing protocol such as a Domain Name System Translation Protocol (“DNSTP”). This protocol is implemented in similar fashion to the Web Cache Control Protocol (“WCCP”) which is used to redirect HTTP requests to proxy cache servers based on the specified port in the packet. - DNS translation requests are identified by the port number 53. The
request interceptor 404 monitors for all data traffic with the specified port number for a DNS translation request. It then is capable of intercepting DNS translation requests generated byclients request interceptor 404 is aware of which content delivery services subscribe to theedge server 402 service and is operative to selectively intercept DNS translation requests associated with the subscribing content delivery service, i.e. contain translations intended to be translated by the DNS translator of the content delivery service orserver 108. Therequest interceptor 404 may provide a table or database stored in memory or other storage device where it can look up the service subscribers to determine whether the particular DNS translation request should be intercepted. It is preferred that therequest interceptor 404 make this determination at “wire speed”, i.e. at a speed fast enough so as not to impact the bandwidth and throughput of the network traffic it is monitoring. - When a DNS translation request is generated by a
client request interceptor 404 of theedge server 402. The interception will occur before it reaches the bound/destination DNS translation server bound to or specified by theclient request interceptor 404 will then pass the intercepted DNS translation request to therequest modifier 406. - The
request modifier 406 modifies the DNS translation request to include additional information or indicia related to theclient server 108 can make a more optimized decision on which of the geographically dispersedcache servers client POP 114 or the characteristics of the downstream network infrastructure, such as whether theclient POP 114 via a modem connection or a broadband connection or whether theclient edge server 402 can provide to enhance the DNS translation request and this may depend on the capabilities of the subscribing content delivery services, and all such additional indicia are contemplated. It is preferable that the subscribing content service providers are familiar with the indicia data types, content and possible encoding schemes which theedge server 402 can provide so as to establish a protocol by which the data is transferred to the subscribing content delivery service. Such information is then recognized and used by the content delivery service to enhance their redirection. For example, by knowing the geographic location of thePOP 114 as provided by theedge server 402, the content delivery service does not need to rely on the IP address of the bound DNS server from which it receives the translation request (described in more detail below) and therefore will make a more accurate determination of whichcache server POP 114 to theclient edge server 402, the content delivery service can redirect content requests by theclient cache server POP 114 toclient client cache server client client POP 114 via a modem/standard telephone line connection, the content delivery service can direct thatclient speed cache server bandwidth cache servers - Once the DNS translation request has been modified, the
request modifier 406 passes the DNS translation request to therequest forwarder 408. The request forwarder places the modified DNS translation request back into the general stream of network traffic where it can be routed to its originally intended destination, i.e. the bound or specifiedDNS translation server DNS translation server DNS translation server 306, DNS C associated with the content delivery service. As described above, the intelligentDNS translation server 306 of the content delivery service will see the modified request and utilize the information/indicia included by theedge server 402 to make a more optimal translation andcache server -
FIG. 4 depicts an exemplary content delivery transaction betweenClient 1 102 andServer 1 108. For the purposes of this example transaction,Client 1 102 is bound toDNS translation server 204, labeled “DNS A1.”Client 1 102 initiates the HTTP slow start protocol as described above by making its initial request for an HTML Web page fromServer 1 108. This initiation may require making several DNS translations as described above, labeled as “A”, “B1”, “C1”, “D1”, “E1”, “F1”, “G1”, “H.” Once the HTML Web page has been received byClient 1 102, it will begin to request the separately stored content associated with the Web page. As was discussed above, whereServer 1 108 has been “content enabled” and subscribes to the content delivery service, the URL's of the separately stored content will comprise the domain name of the content delivery service. As well, as discussed above, these domain names will require complete DNS translation all the way back to theDNS translation server 306, DNS C of the content delivery service because the content delivery service ensures that all of its translations have TTL=0 and therefore cannot be stored in any given downstream DNS translation server. Therefore,Client 1 102 will initiate a DNS translation for the URL of the separately stored content, labeled “I.” This DNS translation request will go through thePOP 114 and to therouting equipment 206 of theservice provider 120. Theedge server 402 will see this DNS translation request and identify the domain name of the content service provider as a subscriber to its service. Therequest interceptor 404 will then intercept the DNS translation request, labeled as “J.” Therequest interceptor 404 will pass the intercepted DNS translation request to therequest modifier 406 which will append a geographic indication representing the physical geographic location of theedge server 402 or alternatively, other downstream network characteristics. Given that theedge server 402 is located geographically proximate to the POP's 114, this information will more accurately represent the location ofClient 1 102. Alternatively, while theedge server 402 may not be geographically proximate to the POP's 114, it may be network proximate to the POP's 114, i.e. there may be a minimal of network infrastructure between the POP's 114 and theedge server 402. In some instances, while one device on a network may sit physically right next to another device on the network, the network topology may dictate that data flowing between those devices flow over a circuitous route to get from one device to the other. In this case, while the devices are physically close to one another, they are not logically close to one another. Theedge server 402 is preferably familiar, not only with its geographic location within the context of thenetwork 100 as a whole, but also its logical location. Using this information, theedge server 402 can further include information as to this logical location so as to enable, not only a geographically optimal redirection ofClient 1's 102 requests but also a network topology based optimized redirection. - The
request modifier 406 will then pass the modified DNS translation request to therequest forwarder 408 which will place the request back into the general traffic stream, and in this case, on its way to the original intended recipient,Client 1's 102 boundDNS translation server 204, DNS A1, labeled as “K1.”DNS A1 204 will then translate the modified DNS translation request as described above and return the translation toClient 1 102, labeled as “L1”, “M1”, “N1”, “O.”DNS C 306, using the additional data provided by theedge server 402, will supply a DNStranslation redirecting Client 1's 102 requests toCache C2 304 which is the optimal cache server. -
FIG. 4 further depicts a second exemplary content delivery transaction betweenClient 1 102 andServer 1 108. For the purposes of this second example transaction,Client 1 102 is a wireless or mobile wired device connecting to aPOP 114 provided byservice provider 120 but is bound toDNS translation server 410, labeled “DNS A2” provided byservice provider 118. Note that in the previous exemplary transaction above,Client 1 102 was bound toDNS A1 204, e.g.,Client 1 102 was a stationary computer or private network subscribing to thenetwork 100 connection services ofservice provider 120 and using the POP's 114 provided by theservice provider 120 and that service provider's 120DNS translation server 204, DNS A1. In the current example,Client 1 102 is a subscriber to thenetwork 100 connections services ofservice provider 118 but is currently roaming, i.e. geographically located in an area not serviced by aPOP 116 provided byservice provider 118. ThereforeClient 1 102 must use aPOP 114 provided by aservice provider 120, which for example, has an agreement to allow such connections from service provider's 118 customers. However, because DNS translation servers are bound to theClient 102, i.e. the address of the preferred DNS translation server is programmed into theClient 102,Client 102 will still use its programmed or bound DNS translation server, typically the DNS translation server provided by itsservice provider 118, in thiscase DNS A2 410. - As above,
Client 1 102 initiates the HTTP slow start protocol as described above by making its initial request for an HTML Web page fromServer 1 108. This initiation may require making several DNS translations as described above but usingDNS A2 410 instead ofDNS A1 204, labeled as transactions “A”, “B2”, “C2”, “D2”, “E2”, “F2”, “G2”, “H.” Once the HTML Web page has been received byClient 1 102, it will begin to request the separately stored content associated with the Web page. As was discussed above, whereServer 1 108 has been “content enabled” and subscribes to the content delivery service, the URL's of the separately stored content will comprise the domain name of the content delivery service. As well, as discussed above, these domain names will require complete DNS translation all the way back to theDNS translation server 306, DNS C of the content delivery service because the content delivery service ensures that all of its translations have TTL=0 and therefore cannot be stored in any given downstream DNS translation server. Therefore,Client 1 102 will initiate a DNS translation for the URL of the separately stored content, labeled “I.” This DNS translation request will go through thePOP 114 and to therouting equipment 206 of theservice provider 120. Theedge server 402 will see this DNS translation request and identify the domain name of the content service provider as a subscriber to its service. Therequest interceptor 404 will then intercept the DNS translation request, labeled as “J.” Therequest interceptor 404 will pass the intercepted DNS translation request to therequest modifier 406 which will append a geographic indication representing the physical geographic location of theedge server 402. Given that theedge server 402 is located geographically proximate to the POP's 114, this information will more accurately represent the location ofClient 1 102. Alternatively, while theedge server 402 may not be geographically proximate to the POP's 114, it may be network proximate to the POP's 114, i.e. there may be a minimal of network infrastructure between the POP's 114 and theedge server 402. In some instances, while one device on a network may sit physically right next to another device on the network, the network topology may dictate that data flowing between those devices flow over a circuitous route to get from one device to the other. In this case, while the devices are physically close to one another, they are not logically close to one another. Theedge server 402 is preferably familiar, not only with its geographic location within the context of thenetwork 100 as a whole, but also its logical location. Using this information, theedge server 402 can further include information as to this logical location so as to enable, not only a geographically optimal redirection ofClient 1's 102 requests but also a network optimized redirection. - The
request modifier 406 will then pass the modified DNS translation request to therequest forwarder 408 which will place the request back into the general traffic stream, and in this case, on its way to the original intended recipient,Client 1's 102 boundDNS translation server 410, DNS A2, labeled as “K2.”DNS A2 410 will then translate the modified DNS translation request as described above and return the translation toClient 1 102, labeled as “L2”, “M2”, “N2”, “O.” In this case, without the additional data provided by theedge server 402,DNS C 306 would have made its redirection determination based on the IP address ofDNS A2 410, as described above. This would have resulted inClient 1 102 being redirected toCache C1 302 instead of the optimal cache for its location. However,DNS C 306, using the additional data provided by theedge server 402 is able to supply a DNStranslation redirecting Client 1's 102 requests toCache C2 304 which is the optimal cache server. - Referring to
FIG. 5 , there is depicted a second embodiment of an enhanced DNS system to facilitate content delivery which is not dependent upon the geographic location of the downstream DNS server and is capable of enhancing the HTTP slow start protocol. -
FIG. 5 showsClients service provider 120. As described above,service provider 120 includesrouting equipment 206,Cache 208 andDNS translation server 204 to facilitate coupling the POP's 114 with thenetwork 100. In addition,service provider 120 further includes anedge server 502 and anedge cache 508. In one alternative embodiment, theedge server 502 is integrated with a router. In another alternative embodiment, theedge server 502 is integrated with a generally accessible DNS translation server such asDNS A 204. In still another alternative embodiment, theedge server 502 can be integrated with theedge cache 504 or each can be provided as separate devices or theedge server 502 can utilize an existingcache server 208 provided by theservice provider 120. For clarity, a number of the components ofFIG. 4 have been omitted fromFIG. 5 . - Referring to
FIG. 5A , theedge server 502 further includes arequest interceptor 504 and an edgeDNS translation server 506. It is preferred that the facilities and capabilities of theedge server 502 be provided toWeb servers 108 on a subscription or fee for services basis as will be described below. It is further preferred that anedge server 502 andedge cache 508 be provided at everyservice provider major network 100 intersection so as to provide coverage of everyPOP edge 124 of thenetwork 100. Theedge server 402 preferably includes one or more processors, a memory coupled with the processors and one or more network interfaces or other interfaces, also coupled with the processors and operative to couple or integrate theedge server 502 with the routing equipment of theservice provider 120. Optionally, theedge server 502 may include secondary storage including a second memory such as a cache memory, hard disk or other storage medium. Further, the processors of theedge server 502 may be dedicated processors to perform the various specific functions described below. Theedge server 502 preferably further includes software and/or firmware provided in a read only memory or in a secondary storage which can be loaded into memory for execution or, alternatively, executed from the secondary storage by the processors, to implement the various functions as detailed below. To further improve performance, such software functionality may also be provided by application specific integrated circuits (“ASICS”). For example, anedge server 502 can comprise a Compaq TaskSmart™ Server manufactured by Compaq Corporation, located in Austin, Tex. The TaskSmart™ Server can include anIntel 1×A1000 Packet Processor manufactured by Intel Corporation, located in Santa Clara, Calif. to perform the traffic monitoring and port specific traffic interception functions as well as the security applications as detailed below. The TaskSmart™ Server can further include a PAX.port 1100™ classification adapter manufactured by Solidum Corporation, located in Scotts Valley, Calif., which can receive intercepted DNS translation requests from the packet processor and, utilizing a look up table (preferably stored in a memory providing high speed access), determine whether or not the request is associated with a subscribingserver 108, as described below. The classification adapter can attempt to resolve the DNS request or hand it off to a general processor such as an Intel Pentium III™ or other general purpose processor for further operations as detailed below. Anexemplary edge server 502 may have six 9.1 GB hot pluggable hard drives preferably in a RAID or other redundant configuration, two redundant hot pluggable power supplies, five 10/100 Ethernet ports and 1 GB of main memory and capable of handling in excess of 1250 requests per second. - As described above, the
request interceptor 504 operates to selectively intercept DNS translation requests associated with its subscribingWeb server 108 generated byclients request interceptor 504 by the service provider's 120routing equipment 206 as described above. In this embodiment, however, because therequest interceptor 504 is monitoring for DNS translation requests associated with theserver 108 and not some separate content delivery service, therequest interceptor 504 will selectively intercept all DNS translation requests, including the initial request to retrieve the HTML Web page file and begin the HTTP slow start protocol. Again, therequest interceptor 504 preferably includes a database or table stored in a memory or other storage medium which indicates the domain names or other identification information of subscribingservers 108. - The selectively intercepted DNS translation requests are passed by the
request interceptor 504 to an internal edgeDNS translation server 506. The internal edgeDNS translation server 506 then translates the given domain name into the IP address of theedge cache 508 and returns this translation to theclient client edge cache 508. As opposed to a proxy server, where theclient edge cache 508 operates as a normal cache server as described above, attempting to satisfy content requests from its cache storage. However, when the requested content is not available in the cache storage (a cache miss), the request is proxied to theserver 108 by theedge cache 508 and/oredge server 502, i.e. theedge cache 508 and/oredge server 502 make the request on behalf of theclient client server 108 upon a cache miss. - Cache misses are handled as described above, the
edge server 502 or alternatively theedge cache 508 makes its own request for the uncached content from theserver 108. Alternatively, other algorithms can be used to reduce or eliminate cache misses including mirroring the content of theserver 108 coupled with periodic updates either initiated by theedge server 502 oredge cache 508 or periodically pushed to theedge cache 508 by theserver 108. In another alternative embodiment, theserver 108 can update cached content when it determines that such content has changed or can provide time durations or other form of expiration notification after which theedge cache 508 purges the content. Where the content expires or is otherwise purged from theedge cache 508, the next request for that content will miss and cause a reload of the content from theserver 108. One of ordinary skill in the art will recognize that there are many caching algorithms which may be used to maintain cache coherency. It is further preferable that theedge cache 508 maintain a replacement policy of replacing the oldest data in the cache when the cache is full. Again, one of ordinary skill in the art will recognize that there are many different cache replacement algorithms that may be used. - In this way, the
edge server 502 andedge cache 508 act similarly to a forward or reverse proxy server for all of its subscribingservers 108. Generally, a reverse proxy server is a proxy server that hides multiple source servers behind a single address. A reverse proxy server allows a content provider to serve their content from multiple host computers without requiring users to know the addresses of each of those computers. When a user makes a request to a content provider, they use the address of the reverse proxy server. The reverse proxy server intercepts the requests for content from the source and redirects those requests to the appropriate host computer within the content provider. The redirection can be based on a which machine contains the requested content or can be used to balance the request load across multiple mirrored servers. A forward proxy server sits between a workstation user and the Internet so that the enterprise can ensure security, administrative control and caching services. A forward proxy server can be associated with a gateway server which separates the enterprise network from an outside network such as the Internet. The forward proxy server can also be associated with a firewall server which protects the enterprise network from outside intrusion. Forward proxy servers accept requests from their users for Internet content and then request that content from the source on behalf of the user. The forward proxy server modifies the identity of the requestor (typically by altering the internet protocol address of the requestor) to be that of the forward proxy server. A user workstation typically must be configured to use a proxy server. A forward proxy server can also be a cache server (see above). - A major distinction between the
edge server 502 and a proxy server is that there is no one address of theedge server 502. Theedge server 502 effectively needs no address because it intercepts the necessary network traffic. Therefore,clients edge server 502 and can operate as they normally do, making content requests ofservers 108. However, when they request content from a subscribingserver 108, that content will be transparently provided instead by theedge server 502 andedge cache 508. - Effectively, the
edge server 502 andedge cache 508 isolate the sub-network comprising theservice provider 120, the POP's 114 and theclients server 108, i.e. theclients server 108. Should theclient edge cache 508 and not theclient server 108. Furthermore, theedge server 502 andedge cache 508 can ensure that the request is valid and legitimate before communicating with theserver 108. This “trusted” relationship between theedge server 502/edge cache 508 and the subscribing servers acts as additional security for theservers 108. Thoseservers 108 can be programmed to ignore content requests fromclients edge server 502/edge cache 508. Furthermore, theedge server 502 alleviates the load on the server's 108 internalDNS translation server 210 because all DNS translations will be handled by the internaledge DNS translator 506. - The effect of the
edge server 502 andedge cache 508 is faster DNS translations and better response times to requests. Theedge cache 508 can serve the initial HTML Web page file to the requestingclient server 108 in order to speed up the HTTP slow start protocol. Furthermore, it is preferred that theedge caches 508 located through out theedge 124 of thenetwork 100 be capable of communicating and sharing cached data. In this way, theedge caches 508 can further reduce the demands placed on the subscribingservers 108. - Notice, however, that because the
edge server 502 intercepts translation requests, aclient server 108, can still directly communicate with thatserver 108 via thenetwork 100. In this case, theserver 108 can choose to disconnect itself from thenetwork 100 generally (or refuse to accept any inbound content requests from thenetwork 100 that do not originate from anedge server 502/edge cache 508, however such origination may be forged). Theedge server 502 andedge cache 508 can then connect with theserver 108 using private proprietary communications links which are not available toclients - The
edge server 502 andedge cache 508 can also provide load balancing and security services to the subscribing servers. For example, open source load balancing techniques available from eddieware.org can be implemented in theedge server 502. Where aparticular server 108 comprises multiple sub-servers, theedge cache 508 can be programmed to request uncached content from the sub-servers so as to spread the load on each sub-server. - Further, because the
edge server 502 acts as the DNS translator server for its subscribers, it can detect and absorb any security attacks based on the DNS system, such as distributed denial of service attacks, “DDOS.” A Denial of Service Attack (“DOS” or Distributed DOS “DDOS”) is an incident in which a user or organization is deprived of the services of a resource they would normally expect to have. Typically, the loss of service is the inability of a particular network service, such as e-mail, to be available or the temporary loss of all network connectivity and services. In the worst cases, for example, a Web site accessed by millions of people can occasionally be forced to temporarily cease operation. A denial of service attack can also destroy programming and files in a computer system. Although usually intentional and malicious, a denial of service attack can sometimes happen accidentally. A denial of service attack is a type of security breach to a computer system that does not usually result in the theft of information or other security loss. However, these attacks can cost the target person or company a great deal of time and money. - DDOS attacks come in mainly two varieties, one attempts to shut down the DNS system in relation to the target site so that no legitimate user can obtain a valid translation and make a request from the site. Another type of DDOS attack attempts to overload the
server 108 directly with a flood of content requests which exceed the capacity of the server. However, it will be appreciated that, by placingedge servers 502 andedge caches 508 so that all POP's 114, 116 are covered and can be monitored, DDOS attacks can never reach theserver 108 itself and will always be detected close to their origination by anedge server 502 where they can be stopped and isolated. It will be further apparent that where a DDOS attack cripples oneedge server 502 and its associated sub-network, the remainingedge servers 502 atother service providers 118, 120 (and their associated sub-networks) can remain operational and therefore theserver 108 suffers minimal impact as a result of the DDOS attack. In addition, it is preferred that theedge server 502 andedge cache 508 provide bandwidth and processing power far in excess of that needed by the sub-network comprising the POP's 114 andservice provider 120 in order to be able to absorb DDOS attacks and not be crippled by them. - It will further be appreciated, that the
edge server 502 can incorporate the capabilities of theedge server 402 by providing enhanced DNS translations for subscribing content delivery services as well as the enhanced content delivery itself for subscribingservers 108. - In addition, where
client network 100, theedge server 502 can set its returned DNS translations to have a TTL=0 so that the client's 102, 104 internal DNS server must always forward DNS translation requests to subscribingserver 108 upstream where they can be intercepted by theedge server 502. Otherwise, the caching function of the client's 102, 104 internal DNS translation server would prevent proper DNS translations from occurring. Notice that this is not an issue in the first embodiment, because as discussed above, the content delivery service performs the DNS translations and always sets translation TTL=0 to facilitate its operation. - Referring to
FIG. 6 , there is depicted anenhanced network 100 to facilitate content delivery andnetwork 100 security.FIG. 6 depictsclients service provider 118 effectively forming a sub-network of thenetwork 100. Further,clients service provider 120. Further,service providers edge server edge cache routing equipment 206 of theservice providers network 100. In one alternative embodiment, the edge server 602 is integrated with a router. In another alternative embodiment, the edge server 602 is integrated with a generally accessible DNS translation server such asDNS A1 204 orDNS A2 410. In still another alternative embodiment, the edge server 602 is integrated with the edge cache 604, or alternatively they can be implemented as separate devices or the edge server 602 can utilize acache server 208 provided by theservice provider 118, 120 (not showing inFIG. 6 ). It is preferred that the facilities and capabilities of the edge servers 602 be provided toWeb servers 108 on a subscription or fee for services basis as will be described below. It is further preferred that an edge server 602 and edge cache 604 be provided at everyservice provider major network 100 intersection so as to provide coverage of everyPOP edge 124 of thenetwork 100, i.e. to minimize the size of the sub-network downstream from the edge server 602. - Referring to
FIG. 6A , the edge server 602 further includes arequest filter 606, arequest interceptor 608 and a proxy server and/or internalDNS translation server 610. The edge server 602 is capable of operating similarly to theedge server servers server service provider 120. Optionally, the edge server 602 may include secondary storage including a second memory such as a cache memory, hard disk or other storage medium. Further, the processors of the edge server 602 may be dedicated processors to perform the various specific functions described below. The edge server 602 preferably further includes software and/or firmware provided in a read only memory or in a secondary storage which can be loaded into memory for execution or, alternatively, executed from the secondary storage by the processors, to implement the various functions as detailed below. To further improve performance, such software functionality may also be provided by application specific integrated circuits (“ASICS”). For example, an edge server 602 can comprise a Compaq TaskSmart™ Server manufactured by Compaq Corporation, located in Austin, Tex. The TaskSmart™ Server can include an Intel IXA1000 Packet Processor manufactured by Intel Corporation, located in Santa Clara, Calif. to perform the traffic monitoring and port specific traffic interception functions as well as the security applications as detailed below. The TaskSmart™ Server can further include a PAX.port 1100™ classification adapter manufactured by Solidum Corporation, located in Scotts Valley, Calif., which can receive intercepted DNS translation requests from the packet processor and, utilizing a look up table (preferably stored in a memory providing high speed access), determine whether or not the request is associated with a subscribingserver 108, as described below. The classification adapter can attempt to resolve the DNS request or hand it off to a general processor such as an Intel Pentium III™ or other general purpose processor for further operations as detailed below. An exemplary edge server 602 may have six 9.1 GB hot pluggable hard drives preferably in a RAID or other redundant configuration, two redundant hot pluggable power supplies, five 10/100 Ethernet ports and 1 GB of main memory and capable of handling in excess of 1250 requests per second. - For valid content requests from
clients edge server 502 andedge cache 508 in the previous embodiment. Such requests will be redirected and served from the edge cache 604. Again anedge cache 604A at oneservice provider 118 can share cached data from anotheredge cache 604B located at anotherservice provider 120. In this way, a comprehensive content delivery service is created which completely isolates thecore 122 of thenetwork 100 from untrusted andunregulated client edge 124 of thenetwork 100 within the sub-network below, i.e. downstream from the edge server 602 where it can be contained, monitored and serviced more efficiently. In terms of the economics of thenetwork 100 then, the load on the expensive high bandwidth communications resources located at thecore 122 of thenetwork 100 is reduced and maintained at theedge 124 of the network where bandwidth is less expensive. - In addition, the edge server's 602
packet level filter 606 prevents anyclient server client server packet level filter 608 will see the destination IP address in the network traffic and selectively intercept that traffic. - Once traffic is intercepted, the edge server 602 can perform many value added services. As described above, the edge server 602 can perform DNS translations and redirect
clients clients server 108 or a third party such as a virus watch service) as unwanted, harmful, or destructive such as viruses or other unauthorized data being transmitted. For example, if theedge server 602A detects a data packet whose origin address could not have come from the downstream network or POP's 114 to which it is connected, theedge server 602A knows that this data packet must be a forgery and can eradicate it or prevent it from reaching thenetwork 100. For example, where a computer hacker surreptitiously installs a program onclient 1 102 to make a DDOS attack onserver 1 108 but appear as if the attack is coming fromclient 4 612, theedge server 602A will see the packets generated byClient 1 102 and also see that they contain a source address associated with a client, in thiscase client 4 612, which based on the address, could not have come from anyPOP 114 of theservice provider 118 to which theedge server 602A is connected. In this case, theedge server 602A can eliminate that packet and then attempt to identify the actual originating client, in thiscase client 1 102, so that the attack can be stopped and investigated. In addition, because general network traffic is unable to reach the subscribingservers - Furthermore, to enhance security, as described above, the connections between the
edge servers edge caches accessible network 100. In this way, only trusted communications over secure communications links can reach theservers edge servers edge caches edge 124 of thenetwork 100 ensures that the subscribingservers - In operation, the
request filter 606 pre-filters traffic before receipt by therequest interceptor 608. Therequest filter 606 preferably provides subscriber detection, “ingress filtering” capability, and cache hit determination. Therequest filter 606 first determines whether or not the traffic it is monitoring is associated with a subscribing/affiliated server request filter 606 preferably comprises a table or database of subscribers stored in a memory or other storage device. If the traffic is associated with a subscribingserver request filter 606 then performs ingress filtering by determining whether the packet originated downstream from the edge server 602, i.e. from the downstream sub-network, the POP's 114, 116 affiliated with this particular edge server 602 or from upstream which indicates that they did not originate from anaffiliated POP request filter 606 can determine if the request can be satisfied by the edge cache 604. Preferably, therequest filter 606 maintains a table or database in memory or other storage medium of the edge cache 604 contents. If the packet contains a request that can be satisfied from the edge cache 604, therequest filter 606 will hand the packet/request off to the edge cache 604. The edge cache 604 operates similarly to theedge cache 508 of the above embodiment. If the packet comprises a DNS translation request or a content request which cannot be satisfied by the edge cache 604, therequest filter 606 hands the packet/request off to the internal request transmitter/proxy server/DNS translation server 610 to proxy, e.g. transmit, the request to the intended server or provide a DNS translation. Theserver 108 responds with the requested content to the edge server 602 and/or edge cache 604 which then returns the response to the requestingclient request filter 606 be able to perform its functions at “wire speed”, i.e. a speed at which will have minimal impact onnetwork 100 bandwidth and throughput. Therequest filter 606 then further alleviates the processing load on the internal DNS translator/proxy server 610 of the edge server 602. - It will be appreciated that, in any of the above embodiments, additional upstream edge servers and edge caches can be provided at major peering points to provide a layered hierarchy of cache storage tiers which further enhances the response times. In addition, a hierarchy of edge servers and edge caches can be used to handle any overload of one or more downstream edge servers and edge caches or to handle spill over of capacity or even a complete failure of one or more edge servers or edge caches. By forming a hierarchy of edge servers and edge caches, the
network 100 andservice provider - The edge servers and edge caches therefore act similarly to proxy servers. However, where a forward proxy server alters the source address of a given content request (effectively making that request on behalf of a client), an edge server merely adds additional data to the source address which can then be used by upstream content delivery services for more accurate redirection or intercepts and substitutes the address translation transactions to redirect a client to make its requests from a nearby edge cache. Therefore, there is no need to intercept content requests since those requests will have been already directed to the edge cache. While a reverse proxy server is typically tightly bound with a group of servers which belong to a single entity or comprise a single Web site, the edge server performs reverse proxy functions but for any entity or Web site which subscribes to the service. Furthermore, no changes are required to the client or the subscribing servers. Once the subscriber tables are updated within the edge servers, the edge server will then start to perform its functions on the network traffic of the subscribing Web server. The subscribing Web server does not need to alter their Web site in any way and the client does not need to be pre-programmed to communicate with the edge server.
- Further the network of edge servers and edge caches located at every major network intersection so as to cover every POP, thereby minimizing the size of the sub-network downstream from the edge server, forms a security barrier which isolates the core infrastructure and servers of the network/internet from the edge where the clients are located. In addition to isolation, network performance is enhanced by virtually placing the content and services of core content providers at network-logically and physically-geographic proximate locations with respect to the clients. Content is placed as close as possible to the requesters of that content resulting in enhanced response times and enhanced throughput. This results in reduced load, congestion and bandwidth consumption of the expensive high capacity backbone links which form the core of the network. Trivial network traffic is maintained at the edge of the network speeding response times and throughput. In addition, the edge caches are capable of communicating with one another and sharing cached data, thereby greatly enhancing the caching effect and further reducing the load on the core of the network.
- By further making the edge servers more intelligent, such as by adding additional processing capacity, dynamic load balancing services can be provided to the subscribing servers which can respond to changing demands for content. The edge servers and edge caches are further located to minimize the number of downstream clients, thereby forming sub-networks which can isolate and contain network traffic. This allows security services to be provided by isolating security threats to the smallest possible portion of the network generally while leaving the remaining portions of the network fully operational. Further, would be hackers are prevented from being able to directly access a subscribing server an trying to break in and steal valuable data. Therefore, even where a particular server has a security hole, the data stored there will still be protected. In addition, the edge server is aware of it physical/geographic location and its logical location within the network hierarchy allowing it to enhance content redirection services as clients go wireless or otherwise go more mobile in relation to their service providers. Finally, the provision of a decentralized DNS enhancement system, as provided by the presently preferred embodiments, reduces the load on the existing DNS system and on subscribing servers' internal DNS systems as well as provides a distributed defense against DNS based denial of service attacks. Such attacks can be isolated to the smallest portion of the network possible and closest to the attacks source while the remaining portions of the network remain unaffected. Further, by isolating the attack, the source of the attack can be more easily pinpointed and investigated. Traffic can be monitored for unauthorized or malicious program code, i.e. program code previously identified as unwanted, harmful or destructive, such as the placement of zombies or virus programs. Such programs can be detected and eradicated before they can make it to their intended destination.
- In addition, the provision of the decentralized DNS enhancement system, as provided by the presently preferred embodiments, provides an infrastructure which may be used to supplant the existing DNS system and allow the creation of new domain names and a new domain name allocation service. New services such as a keyword based DNS system may also be provided to further increase the ease of use of the
network 100 and which do not rely on any modifications to a users Web browser program; i.e. remain transparent to both the client and the content provider. A user's attempt to request content from a subscribing content provider using a new domain name provided by this new DNS system would be intercepted prior to reaching the existing DNS system and be properly translated so as to direct the user to the content provider. Alternatively, the request may be redirected to an edge server and edge cache which proxy's the request for the user to the content provider. Such a system allows the content provider to remain a part of thenetwork 100, i.e. remain connected to the Internet and maintain their access within the existing DNS system, or they may choose to completely disconnect from thenetwork 100 altogether and utilize proprietary communications links to the network of edge servers and edge caches to provide users/clients with access to their content. - It will be further appreciated by one of ordinary skill in the art that the provision of numerous distributed edge servers and edge caches encircling the core of the
network 100 provides a secure decentralized infrastructure on which service applications can be built. Through the provision of additional application and data processing capabilities within the edge servers, service applications such as user applications (for example, content monitoring/filtering, advertising filtering, privacy management and network personalization), e-commerce applications (such as regional and local electronic store fronts, distributed shopping carts or advertising distribution), distributed processing applications, database access applications (such as distributed enterprise database access), communications applications (such as electronic mail, identity authentication/digital signatures, anti-spam filtering and spam source detection, voice telephony and instant messaging), search engine applications, multimedia distribution applications (such as MP3 or MPEG distribution and content adaptation), push content applications (such as stock quotes, news or other dynamic data distribution), network applications (such as on-demand/dynamic virtual private networks and network/enterprise security), etc. can be implemented. These applications can be implemented with minimal hardware at thenetwork 100core 122 because much of the processing load and bandwidth demands are distributed out at theedge 124 of thenetwork 100. Further, any application where decentralization of the client interface from the back-end processing enhances the application can be applied on a wide scale to the edge server infrastructure to reduce the centralized demands on the service providers. - It is therefore intended that the foregoing detailed description be regarded as illustrative rather than limiting, and that it be understood that it is the following claims, including all equivalents, that are intended to define the spirit and scope of this invention.
Claims (32)
1. An apparatus for facilitating communications between a client and a server over a network, said apparatus comprising:
a request interceptor coupled with said network, said network operative to transmit a plurality of translation requests including a first translation request generated by said client, said first translation request comprising a first address identifying said server, said first translation request being directed, by said client, to a first address translator separate from said request interceptor, said first address translator being coupled with said network and operative to, when said first translation request is received, translate said first address into a first translated address and to return said first translated address to said client via said network thereby facilitating said communications between said client and said server, said request interceptor being operative to selectively intercept said first translation request from among said plurality of translation requests prior to receipt by said first address translator and to translate said first address into a second translated address and return said second translated address to said client via said network, said selective interception being determined based on a criteria other than only that said first translation request is one of said plurality of translation requests.
2. The apparatus of claim 1 , wherein said network comprises the Internet.
3. The apparatus of claim 1 , wherein said client comprises a computer.
4. The apparatus of claim 1 , wherein said client comprises a private network.
5. The apparatus of claim 4 , wherein said private network further comprises a private address translator operative to generate said first translation request.
6. The apparatus of claim 1 , wherein said first address comprises a domain name, and said first translated address and said second translated address comprise internet protocol addresses.
7. The apparatus of claim 1 , wherein said first address comprises a symbolic network address, and said first translated address and said second translated address comprise physical network addresses.
8. The apparatus of claim 7 , wherein said first translated address is different from said second translated address.
9. The apparatus of claim 7 , wherein said first translated address is associated with said first server, and said second translated address is associated with a first cache.
10. The apparatus of claim 1 , wherein said first address is characterized by being human comprehensible, and said first translated address and said second translated address are characterized by being computer readable.
11. The apparatus of claim 1 , wherein said second translated address identifies a cache affiliated with said server and proximate to said client.
12. The apparatus of claim 11 , wherein said apparatus further comprises said cache, said cache being coupled with said request interceptor.
13. The apparatus of claim 11 , wherein said proximity comprises geographic proximity.
14. The apparatus of claim 11 , wherein said network further comprises a topology, said proximity comprising logical proximity based on said topology.
15. The apparatus of claim 1 , wherein said request interceptor is coupled with a network router.
16. The apparatus of claim 1 , wherein said request interceptor is coupled with a second address translator, said second address translator operative to receive said selectively intercepted first translation request from said request interceptor and translate said first address into said second translated address.
17. The apparatus of claim 1 , further comprising a traffic monitor coupled with said network, wherein said network is further operative to transmit data between said client and said server, said traffic monitor operative to monitor said transmitted data.
18. The apparatus of claim 17 , wherein said traffic monitor is further operative to detect malicious program code within said transmitted data.
19. The apparatus of claim 17 , wherein said traffic monitor is further operative to detect unauthorized data within said transmitted data.
20. The apparatus of claim 17 , wherein said traffic monitor is further operative to detect forged communications within said transmitted data.
21. A method of facilitating communications over a network, said network comprising a server and at least one sub-network coupled with said server, said at least one sub-network coupled with a first translator and a client, said method comprising:
monitoring said at least one sub-network for a first translation request of a plurality of translation requests, said first translation request generated by said client and directed by said client to said first translator, said first translation request comprising a first address intended to be translated into a first translated address by said first translator;
intercepting, selectively by a device separate from said first translator, said first translation request from among said plurality of translation requests prior to receipt by said first translator and translation of said first address thereby, based on a criteria other than only that said first translation request is one of said plurality of translation requests;
translating, by said device, said first address of said intercepted first translation request into a second translated address; and
returning said second translated address to said client.
22. The method of claim 21 , wherein said first address is a domain name, said first translated address is a first internet protocol address and said second translated address is a second internet protocol address different from said first internet protocol address.
23. The method of claim 21 , wherein said second translated address is associated with a cache affiliated with said server.
24. The method of claim 23 , wherein said translating further comprises determining said second translated address to be an address associated with a proximately optimal cache affiliated with said server relative to said client.
25. The method of claim 24 , wherein said cache is geographically optimal.
26. The method of claim 24 , wherein said cache is proximately optimal based on a topology of said network.
27. The method of claim 21 , wherein said translating comprises translating, by a second translator coupled with said device, said first address of said intercepted first translation request into a second translated address.
28. An apparatus for facilitating communications between a client and a first server and a second server over a network, said apparatus comprising:
a request interceptor coupled with said network, said network operative to transmit a plurality of translation requests including a first translation request and a second translation request generated by said client, said first translation request comprising a first address identifying said first server and said second translation request comprising a second address identifying said second server, said first translation request and said second translation request being directed by said client to a first address translator separate from said request interceptor, said first address translator being coupled with said network and operative to, when said first translation request and said second translation request are received, translate said first address into a first translated address and translate said second address into a second translated address and to return said first translated address and said second translated address to said client via said network thereby facilitating said communications between said client and said first server and said second server, said request interceptor being operative to selectively intercept said first translation request from among said plurality of translation requests prior to receipt by said first address translator and to translate said first address into a third translated address and return said third translated address to said client via said network, said selective interception being determined based on a criteria other than only that said first translation request is one of said plurality of translation requests
29. The apparatus of claim 28 , wherein said request interceptor is coupled with a second address translator, said second address translator operative to receive said selectively intercepted first translation request from said request interceptor and translate said first address into said third translated address.
30. The apparatus of claim 28 , wherein said request interceptor is further operative to selectively intercept said second translation request from among said plurality of translation requests prior to receipt by said first address translator, said selective interception being determined based on said criteria other than only that said second translation request is one of said plurality of translation requests, and wherein the apparatus further comprises a request modifier coupled with said request interceptor and operative to modify said second address to a modified address and a request forwarder coupled with said request modifier and operative to forward said modified second translation request to said first address translator.
31. A method of facilitating communications over a network, said network comprising a first server and a second server and at least one sub-network coupled with said first server and said second server, said at least one sub-network coupled with a translator and a client, said method comprising:
monitoring said at least one sub-network for a first translation request and a second translation request of a plurality of translation requests, said first translation request and said second translation request generated by said client and directed by said client to said translator, said first translation request comprising a first address intended to be translated into a first translated address by said translator and said second translation request comprising a second address intended to be translated into a second translated address by said translator;
intercepting, selectively by a device separate from said translator, said first translation request from among said plurality of translation requests prior to receipt by said translator based on a criteria other than only that said first translation request is one of said plurality of translation requests;
translating said first address of said intercepted first translation request into a third translated address; and
returning said third translated address to said client.
32. The method of claim 31 , further comprising:
intercepting, selectively by said device, said second translation request from among said plurality of translation requests prior to receipt by said translator based on said criteria other than only that said second translation request is one of said plurality of translation requests;
modifying said second address of said intercepted second translation request into a modified address; and
forwarding said modified second translation request to said translator.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US13/776,651 US20130166637A1 (en) | 2000-06-23 | 2013-02-25 | Apparatus and Method for Domain Name Resolution |
Applications Claiming Priority (3)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US09/602,286 US7003555B1 (en) | 2000-06-23 | 2000-06-23 | Apparatus and method for domain name resolution |
US11/259,160 US8694610B2 (en) | 2000-06-23 | 2005-10-26 | Apparatus and method for domain name resolution |
US13/776,651 US20130166637A1 (en) | 2000-06-23 | 2013-02-25 | Apparatus and Method for Domain Name Resolution |
Related Parent Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US11/259,160 Continuation US8694610B2 (en) | 2000-06-23 | 2005-10-26 | Apparatus and method for domain name resolution |
Publications (1)
Publication Number | Publication Date |
---|---|
US20130166637A1 true US20130166637A1 (en) | 2013-06-27 |
Family
ID=35810802
Family Applications (4)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US09/602,286 Expired - Lifetime US7003555B1 (en) | 2000-06-23 | 2000-06-23 | Apparatus and method for domain name resolution |
US11/259,160 Expired - Lifetime US8694610B2 (en) | 2000-06-23 | 2005-10-26 | Apparatus and method for domain name resolution |
US13/776,651 Abandoned US20130166637A1 (en) | 2000-06-23 | 2013-02-25 | Apparatus and Method for Domain Name Resolution |
US13/778,043 Abandoned US20130179969A1 (en) | 2000-06-23 | 2013-02-26 | Apparatus and Method for Domain Name Resolution |
Family Applications Before (2)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US09/602,286 Expired - Lifetime US7003555B1 (en) | 2000-06-23 | 2000-06-23 | Apparatus and method for domain name resolution |
US11/259,160 Expired - Lifetime US8694610B2 (en) | 2000-06-23 | 2005-10-26 | Apparatus and method for domain name resolution |
Family Applications After (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US13/778,043 Abandoned US20130179969A1 (en) | 2000-06-23 | 2013-02-26 | Apparatus and Method for Domain Name Resolution |
Country Status (1)
Country | Link |
---|---|
US (4) | US7003555B1 (en) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20160315915A1 (en) * | 2013-12-05 | 2016-10-27 | Bundesdruckerei Gmbh | Method for accessing a data memory of a cloud computer system using a modified domain name system (dns) |
US20230254384A1 (en) * | 2022-02-09 | 2023-08-10 | Coretech LT, UAB | Graceful shutdown of supernodes in an internet proxy system |
Families Citing this family (277)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5826014A (en) * | 1996-02-06 | 1998-10-20 | Network Engineering Software | Firewall system for protecting network elements connected to a public network |
US5898830A (en) * | 1996-10-17 | 1999-04-27 | Network Engineering Software | Firewall providing enhanced network security and user transparency |
US7363361B2 (en) * | 2000-08-18 | 2008-04-22 | Akamai Technologies, Inc. | Secure content delivery system |
US6694336B1 (en) * | 2000-01-25 | 2004-02-17 | Fusionone, Inc. | Data transfer and synchronization system |
US8620286B2 (en) * | 2004-02-27 | 2013-12-31 | Synchronoss Technologies, Inc. | Method and system for promoting and transferring licensed content and applications |
US6671757B1 (en) * | 2000-01-26 | 2003-12-30 | Fusionone, Inc. | Data transfer and synchronization system |
US7505762B2 (en) * | 2004-02-27 | 2009-03-17 | Fusionone, Inc. | Wireless telephone data backup system |
US8156074B1 (en) | 2000-01-26 | 2012-04-10 | Synchronoss Technologies, Inc. | Data transfer and synchronization system |
US7508753B2 (en) * | 2000-01-31 | 2009-03-24 | At&T Intellectual Property, Ii, L.P. | Packet redirection and message stream management |
US6996616B1 (en) * | 2000-04-17 | 2006-02-07 | Akamai Technologies, Inc. | HTML delivery from edge-of-network servers in a content delivery network (CDN) |
US7003555B1 (en) * | 2000-06-23 | 2006-02-21 | Cloudshield Technologies, Inc. | Apparatus and method for domain name resolution |
US9444785B2 (en) | 2000-06-23 | 2016-09-13 | Cloudshield Technologies, Inc. | Transparent provisioning of network access to an application |
AU2000261576A1 (en) * | 2000-07-11 | 2002-01-21 | Nokia Corporation | Method for providing a dns server address list from a server to a client |
US7574499B1 (en) * | 2000-07-19 | 2009-08-11 | Akamai Technologies, Inc. | Global traffic management system using IP anycast routing and dynamic load-balancing |
US7895334B1 (en) | 2000-07-19 | 2011-02-22 | Fusionone, Inc. | Remote access communication architecture apparatus and method |
US8073954B1 (en) | 2000-07-19 | 2011-12-06 | Synchronoss Technologies, Inc. | Method and apparatus for a secure remote access system |
US7571217B1 (en) | 2000-08-16 | 2009-08-04 | Parallel Networks, Llc | Method and system for uniform resource locator transformation |
US7774502B2 (en) | 2000-10-25 | 2010-08-10 | Vikas Sanathana Murthy | Determining an international destination address |
US7403970B1 (en) * | 2000-10-25 | 2008-07-22 | Verisign, Inc. | Method and apparatus for assigning a virtual address to and text-messaging to multiple text-capable destination entities |
US7818435B1 (en) * | 2000-12-14 | 2010-10-19 | Fusionone, Inc. | Reverse proxy mechanism for retrieving electronic content associated with a local network |
US7499888B1 (en) | 2001-03-16 | 2009-03-03 | Fusionone, Inc. | Transaction authentication system and method |
US8615566B1 (en) | 2001-03-23 | 2013-12-24 | Synchronoss Technologies, Inc. | Apparatus and method for operational support of remote network systems |
EP1410217A4 (en) * | 2001-04-02 | 2006-09-20 | Akamai Tech Inc | Scalable, high performance and highly available distributed storage system for internet content |
US9406032B2 (en) | 2001-08-21 | 2016-08-02 | Bookit Oy Ajanvarauspalvelu | Financial fraud prevention method and system |
US9406062B2 (en) | 2001-08-21 | 2016-08-02 | Bookit Oy Ajanvarauspalvelu | Authentication method and system |
US8737959B2 (en) | 2001-08-21 | 2014-05-27 | Bookit Oy Ajanvarauspalvelu | Managing recurring payments from mobile terminals |
US10469591B2 (en) | 2001-08-21 | 2019-11-05 | Bookit Oy | Method and system for mediating and provisioning services |
US9807614B2 (en) | 2001-08-21 | 2017-10-31 | Bookit Oy Ajanvarauspalvelu | Using successive levels of authentication in online commerce |
US9288315B2 (en) | 2001-08-21 | 2016-03-15 | Bookit Oy Ajanvarauspalvelu | Method and system for mediating and provisioning services |
US11004114B2 (en) | 2001-08-21 | 2021-05-11 | Bookit Oy | Components, system, platform and methodologies for mediating and provisioning services and product delivery and orchestrating, mediating and authenticating transactions and interactions |
US8666380B2 (en) | 2001-08-21 | 2014-03-04 | Bookit Oy Ajanvarauspalvelu | Communication method and system |
US9171307B2 (en) | 2002-08-21 | 2015-10-27 | Bookit Oy Ajanvarauspalvelu | Using successive levels of authentication in online commerce |
US9937531B2 (en) | 2009-03-10 | 2018-04-10 | Bookit Oy Ajanvarauspalvelu | Method and system for delivery of goods |
US9578022B2 (en) | 2001-08-21 | 2017-02-21 | Bookit Oy Ajanvarauspalvelu | Multi-factor authentication techniques |
US8737955B2 (en) | 2001-08-21 | 2014-05-27 | Bookit Oy Ajanvarauspalvelu | Managing recurring payments from mobile terminals |
FI118586B (en) | 2006-05-02 | 2007-12-31 | Bookit Oy Ajanvarauspalvelu | Procedure and system for combining text and audio messages in a communication dialogue |
FI20011680A (en) | 2001-08-21 | 2003-02-22 | Bookit Oy | Appointment method and system |
US8737958B2 (en) | 2001-08-21 | 2014-05-27 | Bookit Oy Ajanvarauspalvelu | Managing recurring payments from mobile terminals |
FI117663B (en) | 2005-12-02 | 2006-12-29 | Bookit Oy Ajanvarauspalvelu | Message sending method for telecommunication network, involves converting reply address information to correspond to dialogue so that message transmission and reception are implemented in different parts of telecommunication system |
US10902491B2 (en) | 2001-08-21 | 2021-01-26 | Bookit Oy | Product/service reservation and delivery facilitation with semantic analysis enabled dialog assistance |
US10929784B2 (en) | 2001-08-21 | 2021-02-23 | Bookit Oy | Booking method and system |
FI119168B (en) | 2006-04-21 | 2008-08-15 | Jukka Tapio Aula | SMS delivery method and system for queries and invitations |
FI124899B (en) | 2008-07-04 | 2015-03-13 | Bookit Oy Ajanvarauspalvelu | Method and system for sending messages |
FI118585B (en) | 2006-05-02 | 2007-12-31 | Bookit Oy Ajanvarauspalvelu | Procedure and system for combining text and audio messages in a communication dialogue |
US9418361B2 (en) | 2001-08-21 | 2016-08-16 | Bookit Oy Ajanvarauspalvelu | Managing recurring payments from mobile terminals |
US8737954B2 (en) | 2001-08-21 | 2014-05-27 | Bookit Oy Ajanvarauspalvelu | Managing recurring payments from mobile terminals |
US20080279222A1 (en) * | 2001-10-18 | 2008-11-13 | Level 3 Communications Llc | Distribution of traffic across a computer network |
US6651100B2 (en) * | 2002-03-12 | 2003-11-18 | Lexmark International, Inc. | Automatic negotiation of an internet protocol address for a network connected device |
US8484282B2 (en) * | 2002-03-21 | 2013-07-09 | International Business Machines Corporation | High-speed content transformation engine |
JP4221646B2 (en) * | 2002-06-26 | 2009-02-12 | 日本電気株式会社 | Shared cache server |
US8046832B2 (en) * | 2002-06-26 | 2011-10-25 | Microsoft Corporation | Spam detector with challenges |
US8028091B1 (en) | 2002-06-28 | 2011-09-27 | At&T Intellectual Property I. L.P. | System and method for reducing DNS lookup traffic in a computer data network |
US20040215823A1 (en) * | 2002-06-28 | 2004-10-28 | Kleinfelter Kevin P. | System and method for reducing DNS lookup traffic in a computer data network |
US7185067B1 (en) * | 2002-08-27 | 2007-02-27 | Cisco Technology, Inc. | Load balancing network access requests |
JP2004151933A (en) * | 2002-10-30 | 2004-05-27 | Hitachi Electronics Service Co Ltd | Method for safely making contract for network service |
AU2002343794A1 (en) * | 2002-11-14 | 2004-06-03 | Allied Telesis K.K. | Data relay, method for determining transmission destination of acquired request, and program for realizing the method by computer |
US7743158B2 (en) * | 2002-12-04 | 2010-06-22 | Ntt Docomo, Inc. | Access network dynamic firewall |
US7299261B1 (en) | 2003-02-20 | 2007-11-20 | Mailfrontier, Inc. A Wholly Owned Subsidiary Of Sonicwall, Inc. | Message classification using a summary |
US8266215B2 (en) | 2003-02-20 | 2012-09-11 | Sonicwall, Inc. | Using distinguishing properties to classify messages |
US7219148B2 (en) | 2003-03-03 | 2007-05-15 | Microsoft Corporation | Feedback loop for spam prevention |
US7543053B2 (en) * | 2003-03-03 | 2009-06-02 | Microsoft Corporation | Intelligent quarantining for spam prevention |
US7305375B2 (en) * | 2003-04-23 | 2007-12-04 | Hewlett-Packard Development Company, L.P. | Method and system for distributed remote resources |
US7483947B2 (en) | 2003-05-02 | 2009-01-27 | Microsoft Corporation | Message rendering for identification of content features |
US7454510B2 (en) * | 2003-05-29 | 2008-11-18 | Microsoft Corporation | Controlled relay of media streams across network perimeters |
US7272853B2 (en) * | 2003-06-04 | 2007-09-18 | Microsoft Corporation | Origination/destination features and lists for spam prevention |
US7313633B2 (en) * | 2003-06-04 | 2007-12-25 | Intel Corporation | Methods and apparatus for updating address resolution data |
US7519668B2 (en) * | 2003-06-20 | 2009-04-14 | Microsoft Corporation | Obfuscation of spam filter |
US7711779B2 (en) * | 2003-06-20 | 2010-05-04 | Microsoft Corporation | Prevention of outgoing spam |
US8533270B2 (en) | 2003-06-23 | 2013-09-10 | Microsoft Corporation | Advanced spam detection techniques |
US8645471B2 (en) * | 2003-07-21 | 2014-02-04 | Synchronoss Technologies, Inc. | Device message management system |
US20050114469A1 (en) * | 2003-09-16 | 2005-05-26 | Manabu Nakamura | Information processing apparatus with a network service function and method of providing network services |
GB0325691D0 (en) * | 2003-11-04 | 2003-12-10 | Dotworlds Ltd | Resolution of network names |
US7634509B2 (en) * | 2003-11-07 | 2009-12-15 | Fusionone, Inc. | Personal information space management system and method |
US8214438B2 (en) * | 2004-03-01 | 2012-07-03 | Microsoft Corporation | (More) advanced spam detection features |
US20050204005A1 (en) * | 2004-03-12 | 2005-09-15 | Purcell Sean E. | Selective treatment of messages based on junk rating |
US20050204006A1 (en) * | 2004-03-12 | 2005-09-15 | Purcell Sean E. | Message junk rating interface |
US7680954B2 (en) * | 2004-03-16 | 2010-03-16 | Thomson Licensing | Proxy DNS for web browser request redirection in public hotspot accesses |
US7512672B2 (en) * | 2004-03-19 | 2009-03-31 | Gigaset Communications Gmbh | Method and system for domain name resolution in a communications system |
US9542076B1 (en) | 2004-05-12 | 2017-01-10 | Synchronoss Technologies, Inc. | System for and method of updating a personal profile |
JP2008500750A (en) * | 2004-05-12 | 2008-01-10 | フュージョンワン インコーポレイテッド | Advanced contact identification system |
US20080082421A1 (en) * | 2004-05-12 | 2008-04-03 | Richard Onyon | Monetization of an advanced contact identification system |
US20050271050A1 (en) * | 2004-06-04 | 2005-12-08 | Utstarcom, Inc. | Domain-influenced prefix assignment method and apparatus |
US7664819B2 (en) | 2004-06-29 | 2010-02-16 | Microsoft Corporation | Incremental anti-spam lookup and update service |
US7904517B2 (en) * | 2004-08-09 | 2011-03-08 | Microsoft Corporation | Challenge response systems |
US7660865B2 (en) | 2004-08-12 | 2010-02-09 | Microsoft Corporation | Spam filtering with probabilistic secure hashes |
US7808925B2 (en) * | 2004-09-10 | 2010-10-05 | Digital Envoy, Inc. | Methods and systems for determining reverse DNS entries |
US7287015B2 (en) * | 2004-09-30 | 2007-10-23 | International Business Machines Corporation | Methods and apparatus for transmitting signals through network elements for classification |
US8145908B1 (en) * | 2004-10-29 | 2012-03-27 | Akamai Technologies, Inc. | Web content defacement protection system |
US7545272B2 (en) | 2005-02-08 | 2009-06-09 | Therasense, Inc. | RF tag on test strips, test strip vials and boxes |
US20060218289A1 (en) * | 2005-03-27 | 2006-09-28 | Elias Assad | Systems and methods of registering and utilizing domain names |
US20070053335A1 (en) * | 2005-05-19 | 2007-03-08 | Richard Onyon | Mobile device address book builder |
US7454408B2 (en) * | 2005-06-10 | 2008-11-18 | Microsoft Corporation | System and method for optimized distributed file transfer |
US7930353B2 (en) * | 2005-07-29 | 2011-04-19 | Microsoft Corporation | Trees of classifiers for detecting email spam |
EP1764973A1 (en) * | 2005-09-16 | 2007-03-21 | Advanced Digital Broadcast S.A. | Method for referencing remote element of content, method for providing content with remote elements and system for distributing content |
US8135741B2 (en) * | 2005-09-20 | 2012-03-13 | Microsoft Corporation | Modifying service provider context information to facilitate locating interceptor context information |
US8065370B2 (en) | 2005-11-03 | 2011-11-22 | Microsoft Corporation | Proofs to filter spam |
US20070162600A1 (en) * | 2005-11-18 | 2007-07-12 | Aol Llc | Promoting interoperability of presence-based systems through the use of ubiquitous online identities |
US20070157316A1 (en) * | 2005-12-30 | 2007-07-05 | Intel Corporation | Managing rogue IP traffic in a global enterprise |
US7526553B1 (en) * | 2006-09-12 | 2009-04-28 | Emc Corporation | Configuring a cache in a computer system employing object addressable storage |
US8018847B2 (en) * | 2006-11-15 | 2011-09-13 | Starent Networks Llc | System and method for redirecting requests |
US8224905B2 (en) | 2006-12-06 | 2012-07-17 | Microsoft Corporation | Spam filtration utilizing sender activity data |
US11496598B2 (en) * | 2006-12-11 | 2022-11-08 | International Business Machines Corporation | Caching data at network processing nodes based on device location |
WO2008094508A2 (en) * | 2007-01-26 | 2008-08-07 | Fusionone, Inc. | System for and method of backing up content for use on a mobile device |
US7694019B2 (en) * | 2007-03-09 | 2010-04-06 | International Business Machines Corporation | System and method for accessing multiple addresses per domain name using networked repository |
US7689671B2 (en) * | 2007-03-09 | 2010-03-30 | International Business Machines Corporation | System and method for multiple IP addresses during domain name resolution |
CN100502367C (en) * | 2007-04-04 | 2009-06-17 | 华为技术有限公司 | Method and device for saving domain name system record |
US8644215B2 (en) * | 2007-06-14 | 2014-02-04 | Intel Corporation | Generic wireless services discovery |
US8094651B2 (en) * | 2007-06-14 | 2012-01-10 | Intel Corporation | Emergency call services for wireless network roaming |
US7991910B2 (en) | 2008-11-17 | 2011-08-02 | Amazon Technologies, Inc. | Updating routing information based on client location |
US8028090B2 (en) * | 2008-11-17 | 2011-09-27 | Amazon Technologies, Inc. | Request routing utilizing client location information |
US8031595B2 (en) * | 2007-08-21 | 2011-10-04 | International Business Machines Corporation | Future location determination using social networks |
WO2009032712A2 (en) | 2007-08-29 | 2009-03-12 | Nirvanix, Inc. | Method and system for moving requested files from one storage location to another |
US9363231B2 (en) * | 2007-09-13 | 2016-06-07 | Caterpillar Inc. | System and method for monitoring network communications originating in monitored jurisdictions |
US8181111B1 (en) | 2007-12-31 | 2012-05-15 | Synchronoss Technologies, Inc. | System and method for providing social context to digital activity |
US8972177B2 (en) | 2008-02-26 | 2015-03-03 | Microsoft Technology Licensing, Llc | System for logging life experiences using geographic cues |
US8015144B2 (en) | 2008-02-26 | 2011-09-06 | Microsoft Corporation | Learning transportation modes from raw GPS data |
US7991879B2 (en) | 2008-03-03 | 2011-08-02 | Microsoft Corporation | Internet location coordinate enhanced domain name system |
US8966121B2 (en) * | 2008-03-03 | 2015-02-24 | Microsoft Corporation | Client-side management of domain name information |
US7930427B2 (en) * | 2008-03-03 | 2011-04-19 | Microsoft Corporation | Client-side load balancing |
US8458298B2 (en) * | 2008-03-03 | 2013-06-04 | Microsoft Corporation | Failover in an internet location coordinate enhanced domain name system |
US8166189B1 (en) * | 2008-03-25 | 2012-04-24 | Sprint Communications Company L.P. | Click stream insertions |
US7962597B2 (en) | 2008-03-31 | 2011-06-14 | Amazon Technologies, Inc. | Request routing based on class |
US8533293B1 (en) | 2008-03-31 | 2013-09-10 | Amazon Technologies, Inc. | Client side cache management |
US8321568B2 (en) | 2008-03-31 | 2012-11-27 | Amazon Technologies, Inc. | Content management |
US8447831B1 (en) | 2008-03-31 | 2013-05-21 | Amazon Technologies, Inc. | Incentive driven content delivery |
US7970820B1 (en) | 2008-03-31 | 2011-06-28 | Amazon Technologies, Inc. | Locality based content distribution |
US8601090B1 (en) | 2008-03-31 | 2013-12-03 | Amazon Technologies, Inc. | Network resource identification |
US8156243B2 (en) * | 2008-03-31 | 2012-04-10 | Amazon Technologies, Inc. | Request routing |
US8606996B2 (en) | 2008-03-31 | 2013-12-10 | Amazon Technologies, Inc. | Cache optimization |
US7925782B2 (en) | 2008-06-30 | 2011-04-12 | Amazon Technologies, Inc. | Request routing using network computing components |
US9912740B2 (en) | 2008-06-30 | 2018-03-06 | Amazon Technologies, Inc. | Latency measurement in resource requests |
US9407681B1 (en) | 2010-09-28 | 2016-08-02 | Amazon Technologies, Inc. | Latency measurement in resource requests |
US7764692B1 (en) * | 2008-08-05 | 2010-07-27 | Cisco Technology, Inc. | Bypass of routing protocol filtering in a multi-subnet network |
WO2010017308A1 (en) * | 2008-08-06 | 2010-02-11 | Movik Networks | Content caching in the radio access network (ran) |
US20100121914A1 (en) * | 2008-11-11 | 2010-05-13 | Sk Telecom Co., Ltd. | Contents delivery system and method based on content delivery network provider and replication server thereof |
US8073940B1 (en) | 2008-11-17 | 2011-12-06 | Amazon Technologies, Inc. | Managing content delivery network service providers |
US8732309B1 (en) | 2008-11-17 | 2014-05-20 | Amazon Technologies, Inc. | Request routing utilizing cost information |
US8521880B1 (en) | 2008-11-17 | 2013-08-27 | Amazon Technologies, Inc. | Managing content delivery network service providers |
US8122098B1 (en) | 2008-11-17 | 2012-02-21 | Amazon Technologies, Inc. | Managing content delivery network service providers by a content broker |
US8060616B1 (en) | 2008-11-17 | 2011-11-15 | Amazon Technologies, Inc. | Managing CDN registration by a storage provider |
US8065417B1 (en) | 2008-11-17 | 2011-11-22 | Amazon Technologies, Inc. | Service provider registration by a content broker |
US8359402B2 (en) * | 2008-11-19 | 2013-01-22 | Seachange International, Inc. | Intercept device for providing content |
US9063226B2 (en) * | 2009-01-14 | 2015-06-23 | Microsoft Technology Licensing, Llc | Detecting spatial outliers in a location entity dataset |
US9501775B2 (en) | 2009-03-10 | 2016-11-22 | Bookit Oy Ajanvarauspalvelu | Managing recurring payments from mobile terminals |
US8521851B1 (en) | 2009-03-27 | 2013-08-27 | Amazon Technologies, Inc. | DNS query processing using resource identifiers specifying an application broker |
US8688837B1 (en) | 2009-03-27 | 2014-04-01 | Amazon Technologies, Inc. | Dynamically translating resource identifiers for request routing using popularity information |
US8756341B1 (en) | 2009-03-27 | 2014-06-17 | Amazon Technologies, Inc. | Request routing utilizing popularity information |
US8412823B1 (en) | 2009-03-27 | 2013-04-02 | Amazon Technologies, Inc. | Managing tracking information entries in resource cache components |
US8676989B2 (en) | 2009-04-23 | 2014-03-18 | Opendns, Inc. | Robust domain name resolution |
US8806057B2 (en) * | 2009-05-19 | 2014-08-12 | Neutral Space, Inc. | Internet-based value-added services system and method |
US8060579B2 (en) * | 2009-06-12 | 2011-11-15 | Yahoo! Inc. | User location dependent DNS lookup |
US8782236B1 (en) | 2009-06-16 | 2014-07-15 | Amazon Technologies, Inc. | Managing resources using resource expiration data |
US8458604B2 (en) * | 2009-07-06 | 2013-06-04 | Fairwinds Partners Llc | Methods and apparatus for determining website validity |
US8397073B1 (en) | 2009-09-04 | 2013-03-12 | Amazon Technologies, Inc. | Managing secure content in a content delivery network |
US8422365B2 (en) * | 2009-09-21 | 2013-04-16 | Cisco Technology, Inc. | Energy efficient scaling of network appliance service performance |
US9009177B2 (en) | 2009-09-25 | 2015-04-14 | Microsoft Corporation | Recommending points of interests in a region |
US8433771B1 (en) | 2009-10-02 | 2013-04-30 | Amazon Technologies, Inc. | Distribution network with forward resource propagation |
US8219645B2 (en) * | 2009-10-02 | 2012-07-10 | Limelight Networks, Inc. | Content delivery network cache grouping |
EP2488957B1 (en) | 2009-10-13 | 2019-12-04 | Citrix Systems, Inc. | A method for providing access to an internet resource, corresponding system and computer program product |
CN102656579A (en) | 2009-11-04 | 2012-09-05 | 塞德克西斯公司 | Internet infrastructure survey |
US8255006B1 (en) | 2009-11-10 | 2012-08-28 | Fusionone, Inc. | Event dependent notification system and method |
US8397298B2 (en) * | 2009-12-08 | 2013-03-12 | At&T Intellectual Property I, L.P. | Method and system for content distribution network security |
US8549118B2 (en) * | 2009-12-10 | 2013-10-01 | At&T Intellectual Property I, L.P. | Updating a domain name server with information corresponding to dynamically assigned internet protocol addresses |
US20110153807A1 (en) * | 2009-12-21 | 2011-06-23 | Lorenzo Vicisano | Systems and Methods for Preemptive DNS Resolution |
US9495338B1 (en) | 2010-01-28 | 2016-11-15 | Amazon Technologies, Inc. | Content distribution network |
US8612134B2 (en) * | 2010-02-23 | 2013-12-17 | Microsoft Corporation | Mining correlation between locations using location history |
US9261376B2 (en) * | 2010-02-24 | 2016-02-16 | Microsoft Technology Licensing, Llc | Route computation based on route-oriented vehicle trajectories |
US10288433B2 (en) | 2010-02-25 | 2019-05-14 | Microsoft Technology Licensing, Llc | Map-matching for low-sampling-rate GPS trajectories |
US8719198B2 (en) | 2010-05-04 | 2014-05-06 | Microsoft Corporation | Collaborative location and activity recommendations |
US20110280247A1 (en) * | 2010-05-17 | 2011-11-17 | Google Inc. | System and method for reducing latency via multiple network connections |
US9593957B2 (en) | 2010-06-04 | 2017-03-14 | Microsoft Technology Licensing, Llc | Searching similar trajectories by locations |
US8910259B2 (en) | 2010-08-14 | 2014-12-09 | The Nielsen Company (Us), Llc | Systems, methods, and apparatus to monitor mobile internet activity |
US8886773B2 (en) * | 2010-08-14 | 2014-11-11 | The Nielsen Company (Us), Llc | Systems, methods, and apparatus to monitor mobile internet activity |
US8756272B1 (en) | 2010-08-26 | 2014-06-17 | Amazon Technologies, Inc. | Processing encoded content |
US9003518B2 (en) * | 2010-09-01 | 2015-04-07 | Raytheon Bbn Technologies Corp. | Systems and methods for detecting covert DNS tunnels |
US8745128B2 (en) | 2010-09-01 | 2014-06-03 | Edgecast Networks, Inc. | Optimized content distribution based on metrics derived from the end user |
US8639748B2 (en) | 2010-09-01 | 2014-01-28 | Edgecast Networks, Inc. | Optimized content distribution based on metrics derived from the end user |
US8533361B1 (en) * | 2010-09-16 | 2013-09-10 | Google Inc. | Content selectable trusted DNS resolvers |
US10097398B1 (en) | 2010-09-28 | 2018-10-09 | Amazon Technologies, Inc. | Point of presence management in request routing |
US8938526B1 (en) | 2010-09-28 | 2015-01-20 | Amazon Technologies, Inc. | Request routing management based on network components |
US8930513B1 (en) | 2010-09-28 | 2015-01-06 | Amazon Technologies, Inc. | Latency measurement in resource requests |
US8468247B1 (en) | 2010-09-28 | 2013-06-18 | Amazon Technologies, Inc. | Point of presence management in request routing |
US9712484B1 (en) | 2010-09-28 | 2017-07-18 | Amazon Technologies, Inc. | Managing request routing information utilizing client identifiers |
US8924528B1 (en) | 2010-09-28 | 2014-12-30 | Amazon Technologies, Inc. | Latency measurement in resource requests |
US10958501B1 (en) | 2010-09-28 | 2021-03-23 | Amazon Technologies, Inc. | Request routing information based on client IP groupings |
US8577992B1 (en) | 2010-09-28 | 2013-11-05 | Amazon Technologies, Inc. | Request routing management based on network components |
US8819283B2 (en) | 2010-09-28 | 2014-08-26 | Amazon Technologies, Inc. | Request routing in a networked environment |
US9003035B1 (en) | 2010-09-28 | 2015-04-07 | Amazon Technologies, Inc. | Point of presence management in request routing |
US8943428B2 (en) | 2010-11-01 | 2015-01-27 | Synchronoss Technologies, Inc. | System for and method of field mapping |
US8452874B2 (en) | 2010-11-22 | 2013-05-28 | Amazon Technologies, Inc. | Request routing processing |
US9391949B1 (en) | 2010-12-03 | 2016-07-12 | Amazon Technologies, Inc. | Request routing processing |
US8626950B1 (en) | 2010-12-03 | 2014-01-07 | Amazon Technologies, Inc. | Request routing processing |
US8825813B2 (en) | 2010-12-28 | 2014-09-02 | Microsoft Corporation | Distributed network coordinate system based on network performance |
US20120259943A1 (en) * | 2011-04-11 | 2012-10-11 | General Electric Company | Software service infrastructure and method including a federated model |
US10467042B1 (en) | 2011-04-27 | 2019-11-05 | Amazon Technologies, Inc. | Optimized deployment based upon customer locality |
US8594617B2 (en) | 2011-06-30 | 2013-11-26 | The Nielsen Company (Us), Llc | Systems, methods, and apparatus to monitor mobile internet activity |
US8738766B1 (en) | 2011-11-01 | 2014-05-27 | Edgecast Networks, Inc. | End-to-end monitoring and optimization of a content delivery network using anycast routing |
US8745177B1 (en) | 2011-11-01 | 2014-06-03 | Edgecast Networks, Inc. | End-to-end monitoring and optimization of a content delivery network using anycast routing |
US20130132544A1 (en) * | 2011-11-23 | 2013-05-23 | Telefonaktiebolaget L M Ericsson (Publ) | Precise geolocation for content caching in evolved packet core networks |
US9754226B2 (en) | 2011-12-13 | 2017-09-05 | Microsoft Technology Licensing, Llc | Urban computing of route-oriented vehicles |
US20130166188A1 (en) | 2011-12-21 | 2013-06-27 | Microsoft Corporation | Determine Spatiotemporal Causal Interactions In Data |
US8904009B1 (en) | 2012-02-10 | 2014-12-02 | Amazon Technologies, Inc. | Dynamic content delivery |
US10021179B1 (en) | 2012-02-21 | 2018-07-10 | Amazon Technologies, Inc. | Local resource delivery network |
US9172674B1 (en) | 2012-03-21 | 2015-10-27 | Amazon Technologies, Inc. | Managing request routing information utilizing performance information |
US10623408B1 (en) | 2012-04-02 | 2020-04-14 | Amazon Technologies, Inc. | Context sensitive object management |
US9154551B1 (en) | 2012-06-11 | 2015-10-06 | Amazon Technologies, Inc. | Processing DNS queries to identify pre-processing information |
US8856924B2 (en) | 2012-08-07 | 2014-10-07 | Cloudflare, Inc. | Mitigating a denial-of-service attack in a cloud-based proxy service |
US9525659B1 (en) | 2012-09-04 | 2016-12-20 | Amazon Technologies, Inc. | Request routing utilizing point of presence load information |
US9135048B2 (en) | 2012-09-20 | 2015-09-15 | Amazon Technologies, Inc. | Automated profiling of resource usage |
US9323577B2 (en) | 2012-09-20 | 2016-04-26 | Amazon Technologies, Inc. | Automated profiling of resource usage |
US9407530B2 (en) * | 2012-09-21 | 2016-08-02 | Interdigital Patent Holdings, Inc. | Systems and methods for providing DNS server selection using ANDSF in multi-interface hosts |
CN102904774B (en) * | 2012-09-28 | 2016-05-25 | 用友网络科技股份有限公司 | Terminal, server and server performance test methods |
US10679259B2 (en) | 2012-11-27 | 2020-06-09 | Synqy Corporation | Method and system for dynamic online digital brand assets |
US10666620B1 (en) | 2012-11-30 | 2020-05-26 | United Services Automobile Association (Usaa) | Private network request forwarding |
US9930011B1 (en) | 2012-11-30 | 2018-03-27 | United Services Automobile Association (Usaa) | Private network request forwarding |
US10205698B1 (en) | 2012-12-19 | 2019-02-12 | Amazon Technologies, Inc. | Source-dependent address resolution |
US9100432B2 (en) * | 2012-12-21 | 2015-08-04 | Verizon Patent And Licensing Inc. | Cloud-based distributed denial of service mitigation |
JP6088853B2 (en) * | 2013-02-27 | 2017-03-01 | 株式会社東芝 | COMMUNICATION DEVICE, COMMUNICATION METHOD, AND COMMUNICATION PROGRAM |
US9301173B2 (en) | 2013-03-15 | 2016-03-29 | The Nielsen Company (Us), Llc | Methods and apparatus to credit internet usage |
US10356579B2 (en) | 2013-03-15 | 2019-07-16 | The Nielsen Company (Us), Llc | Methods and apparatus to credit usage of mobile devices |
US9294391B1 (en) | 2013-06-04 | 2016-03-22 | Amazon Technologies, Inc. | Managing network computing components utilizing request routing |
US10320628B2 (en) | 2013-06-19 | 2019-06-11 | Citrix Systems, Inc. | Confidence scoring of device reputation based on characteristic network behavior |
US8775564B1 (en) | 2013-12-31 | 2014-07-08 | Limelight Networks, Inc. | Time based CDN traffic allocation |
US20150207776A1 (en) * | 2014-01-21 | 2015-07-23 | Telecommunication Systems, Inc. | Intelligent ip resolver |
US9887914B2 (en) * | 2014-02-04 | 2018-02-06 | Fastly, Inc. | Communication path selection for content delivery |
US9762688B2 (en) | 2014-10-31 | 2017-09-12 | The Nielsen Company (Us), Llc | Methods and apparatus to improve usage crediting in mobile devices |
US10097448B1 (en) | 2014-12-18 | 2018-10-09 | Amazon Technologies, Inc. | Routing mode and point-of-presence selection service |
US10091096B1 (en) | 2014-12-18 | 2018-10-02 | Amazon Technologies, Inc. | Routing mode and point-of-presence selection service |
US10033627B1 (en) | 2014-12-18 | 2018-07-24 | Amazon Technologies, Inc. | Routing mode and point-of-presence selection service |
US11423420B2 (en) | 2015-02-06 | 2022-08-23 | The Nielsen Company (Us), Llc | Methods and apparatus to credit media presentations for online media distributions |
US11290878B2 (en) | 2015-03-04 | 2022-03-29 | Smartcom Labs Oy | Components, system, platform and methodologies for mediating and provisioning services and product delivery and orchestrating, mediating and authenticating transactions and interactions |
US10225326B1 (en) | 2015-03-23 | 2019-03-05 | Amazon Technologies, Inc. | Point of presence based data uploading |
US9819567B1 (en) | 2015-03-30 | 2017-11-14 | Amazon Technologies, Inc. | Traffic surge management for points of presence |
US9887932B1 (en) | 2015-03-30 | 2018-02-06 | Amazon Technologies, Inc. | Traffic surge management for points of presence |
US9887931B1 (en) | 2015-03-30 | 2018-02-06 | Amazon Technologies, Inc. | Traffic surge management for points of presence |
US9832141B1 (en) | 2015-05-13 | 2017-11-28 | Amazon Technologies, Inc. | Routing based request correlation |
US10616179B1 (en) | 2015-06-25 | 2020-04-07 | Amazon Technologies, Inc. | Selective routing of domain name system (DNS) requests |
US10097566B1 (en) | 2015-07-31 | 2018-10-09 | Amazon Technologies, Inc. | Identifying targets of network attacks |
EP3348038B1 (en) * | 2015-09-10 | 2021-09-08 | Vimmi Communications Ltd. | Content delivery network |
US9794281B1 (en) | 2015-09-24 | 2017-10-17 | Amazon Technologies, Inc. | Identifying sources of network attacks |
US9742795B1 (en) | 2015-09-24 | 2017-08-22 | Amazon Technologies, Inc. | Mitigating network attacks |
US9774619B1 (en) | 2015-09-24 | 2017-09-26 | Amazon Technologies, Inc. | Mitigating network attacks |
EP3338428B1 (en) * | 2015-09-28 | 2020-04-15 | ARRIS Enterprises LLC | Domain name system response spoofing at customer premise equipment device |
US10178065B2 (en) * | 2015-10-01 | 2019-01-08 | Fastly Inc. | Enhanced domain name translation in content delivery networks |
US10270878B1 (en) | 2015-11-10 | 2019-04-23 | Amazon Technologies, Inc. | Routing for origin-facing points of presence |
US10257307B1 (en) | 2015-12-11 | 2019-04-09 | Amazon Technologies, Inc. | Reserved cache space in content delivery networks |
US10049051B1 (en) | 2015-12-11 | 2018-08-14 | Amazon Technologies, Inc. | Reserved cache space in content delivery networks |
US10348639B2 (en) | 2015-12-18 | 2019-07-09 | Amazon Technologies, Inc. | Use of virtual endpoints to improve data transmission rates |
US10075551B1 (en) | 2016-06-06 | 2018-09-11 | Amazon Technologies, Inc. | Request management for hierarchical cache |
US10110694B1 (en) | 2016-06-29 | 2018-10-23 | Amazon Technologies, Inc. | Adaptive transfer rate for retrieving content from a server |
US9992086B1 (en) | 2016-08-23 | 2018-06-05 | Amazon Technologies, Inc. | External health checking of virtual private cloud network environments |
US10033691B1 (en) | 2016-08-24 | 2018-07-24 | Amazon Technologies, Inc. | Adaptive resolution of domain name requests in virtual private cloud network environments |
US10505961B2 (en) | 2016-10-05 | 2019-12-10 | Amazon Technologies, Inc. | Digitally signed network address |
CN106550047B (en) * | 2016-11-25 | 2019-04-19 | 上海爱数信息技术股份有限公司 | Document fast access system and method based on content distribution mechanism |
US10831549B1 (en) | 2016-12-27 | 2020-11-10 | Amazon Technologies, Inc. | Multi-region request-driven code execution system |
US10372499B1 (en) | 2016-12-27 | 2019-08-06 | Amazon Technologies, Inc. | Efficient region selection system for executing request-driven code |
US10938884B1 (en) | 2017-01-30 | 2021-03-02 | Amazon Technologies, Inc. | Origin server cloaking using virtual private cloud network environments |
US10503613B1 (en) | 2017-04-21 | 2019-12-10 | Amazon Technologies, Inc. | Efficient serving of resources during server unavailability |
US20190191004A1 (en) * | 2017-05-23 | 2019-06-20 | Hitachi ,Ltd. | System and method to reduce network traffic and load of host servers |
US11075987B1 (en) | 2017-06-12 | 2021-07-27 | Amazon Technologies, Inc. | Load estimating content delivery network |
US10447648B2 (en) | 2017-06-19 | 2019-10-15 | Amazon Technologies, Inc. | Assignment of a POP to a DNS resolver based on volume of communications over a link between client devices and the POP |
US10742593B1 (en) | 2017-09-25 | 2020-08-11 | Amazon Technologies, Inc. | Hybrid content request routing system |
US11190492B2 (en) * | 2017-12-01 | 2021-11-30 | Twingate, Inc. | Local interception of traffic to a remote forward proxy |
CN108401024B (en) * | 2018-02-22 | 2020-11-03 | 武汉大学 | Context scaling caching method based on user center access behavior |
US10592578B1 (en) | 2018-03-07 | 2020-03-17 | Amazon Technologies, Inc. | Predictive content push-enabled content delivery network |
US10650023B2 (en) * | 2018-07-24 | 2020-05-12 | Booz Allen Hamilton, Inc. | Process for establishing trust between multiple autonomous systems for the purposes of command and control |
EP3876576B1 (en) * | 2018-11-01 | 2023-11-22 | Nippon Telegraph And Telephone Corporation | Communication range control device, method, and program |
US10862852B1 (en) | 2018-11-16 | 2020-12-08 | Amazon Technologies, Inc. | Resolution of domain name requests in heterogeneous network environments |
US11025747B1 (en) | 2018-12-12 | 2021-06-01 | Amazon Technologies, Inc. | Content request pattern-based routing system |
US11470535B1 (en) | 2019-04-25 | 2022-10-11 | Edjx, Inc. | Systems and methods for locating server nodes in close proximity to edge devices using georouting |
US10986173B1 (en) | 2019-04-25 | 2021-04-20 | Edjx, Inc. | Systems and methods for locating server nodes for edge devices using latency-based georouting |
US11190508B2 (en) * | 2019-06-27 | 2021-11-30 | Vmware, Inc. | Location-aware service request handling |
KR102232761B1 (en) * | 2019-08-21 | 2021-03-26 | 주식회사 이노지에스코리아 | Method and system for detecting client causing network problem using client route control system |
US11089083B1 (en) | 2019-11-04 | 2021-08-10 | Edjx, Inc. | Systems and methods for locating microserver nodes in proximity to edge devices using georouting |
US11916995B1 (en) | 2019-11-04 | 2024-02-27 | Edjx, Inc. | Systems and methods for locating microserver nodes in proximity to edge devices using georouting |
US11196704B2 (en) * | 2019-12-31 | 2021-12-07 | Level 3 Communications, Llc | Content delivery system using embedded requestor information |
US11356404B2 (en) * | 2020-03-04 | 2022-06-07 | Qualcomm Incorporated | Domain name system (DNS) override for edge computing |
Citations (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5805820A (en) * | 1996-07-15 | 1998-09-08 | At&T Corp. | Method and apparatus for restricting access to private information in domain name systems by redirecting query requests |
US6108703A (en) * | 1998-07-14 | 2000-08-22 | Massachusetts Institute Of Technology | Global hosting system |
US20010049741A1 (en) * | 1999-06-18 | 2001-12-06 | Bryan D. Skene | Method and system for balancing load distribution on a wide area network |
US20020010798A1 (en) * | 2000-04-20 | 2002-01-24 | Israel Ben-Shaul | Differentiated content and application delivery via internet |
US20020073233A1 (en) * | 2000-05-22 | 2002-06-13 | William Gross | Systems and methods of accessing network resources |
US7003555B1 (en) * | 2000-06-23 | 2006-02-21 | Cloudshield Technologies, Inc. | Apparatus and method for domain name resolution |
US7418504B2 (en) * | 1998-10-30 | 2008-08-26 | Virnetx, Inc. | Agile network protocol for secure communications using secure domain names |
US7565450B2 (en) * | 2000-03-16 | 2009-07-21 | Adara Networks Inc. | System and method for using a mapping between client addresses and addresses of caches to support content delivery |
Family Cites Families (106)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US4692918A (en) | 1984-12-17 | 1987-09-08 | At&T Bell Laboratories | Reliable local data network arrangement |
US5179556A (en) | 1991-08-02 | 1993-01-12 | Washington University | Bandwidth management and congestion control scheme for multicast ATM networks |
US5195181A (en) | 1992-01-10 | 1993-03-16 | Digital Equipment Corporation | Message processing system having separate message receiving and transmitting processors with message processing being distributed between the separate processors |
KR970009698B1 (en) * | 1994-07-07 | 1997-06-17 | 엘지산전 주식회사 | Method of setting communication parameter of plc |
US5619621A (en) | 1994-07-15 | 1997-04-08 | Storage Technology Corporation | Diagnostic expert system for hierarchically decomposed knowledge domains |
US5566170A (en) | 1994-12-29 | 1996-10-15 | Storage Technology Corporation | Method and apparatus for accelerated packet forwarding |
US5867704A (en) | 1995-02-24 | 1999-02-02 | Matsushita Electric Industrial Co., Ltd. | Multiprocessor system shaving processor based idle state detection and method of executing tasks in such a multiprocessor system |
US5719556A (en) * | 1995-05-22 | 1998-02-17 | Albin; Robert | Liquid level sensor utilizing AC and resistance |
US6029175A (en) | 1995-10-26 | 2000-02-22 | Teknowledge Corporation | Automatic retrieval of changed files by a network software agent |
US5918013A (en) | 1996-06-03 | 1999-06-29 | Webtv Networks, Inc. | Method of transcoding documents in a network environment using a proxy server |
SE9603753L (en) | 1996-10-14 | 1998-04-06 | Mirror Image Internet Ab | Procedure and apparatus for information transmission on the Internet |
US5784582A (en) | 1996-10-28 | 1998-07-21 | 3Com Corporation | Data processing system having memory controller for supplying current request and next request for access to the shared memory pipeline |
US6625166B2 (en) | 1996-11-15 | 2003-09-23 | Canon Kabushiki Kaisha | Communication system for communicating a plurality of time-division multiplexed data, and control method therefor |
US6046980A (en) | 1996-12-09 | 2000-04-04 | Packeteer, Inc. | System for managing flow bandwidth utilization at network, transport and application layers in store and forward network |
US6014660A (en) | 1996-12-09 | 2000-01-11 | Sun Microsystems, Inc. | Method and apparatus for client-sensitive name resolution using DNS |
US6832256B1 (en) | 1996-12-27 | 2004-12-14 | Intel Corporation | Firewalls that filter based upon protocol commands |
US6052718A (en) | 1997-01-07 | 2000-04-18 | Sightpath, Inc | Replica routing |
US5938737A (en) | 1997-02-14 | 1999-08-17 | Stanford Telecommunications, Inc. | Internet upstream request compression |
US7020700B1 (en) | 1997-02-28 | 2006-03-28 | International Business Machines Corporation | Client side socks server for an internet client |
US6408336B1 (en) | 1997-03-10 | 2002-06-18 | David S. Schneider | Distributed administration of access to information |
US6105027A (en) | 1997-03-10 | 2000-08-15 | Internet Dynamics, Inc. | Techniques for eliminating redundant access checking by access filters |
US6178505B1 (en) | 1997-03-10 | 2001-01-23 | Internet Dynamics, Inc. | Secure delivery of information in a network |
US6470389B1 (en) | 1997-03-14 | 2002-10-22 | Lucent Technologies Inc. | Hosting a network service on a cluster of servers using a single-address image |
US5996011A (en) | 1997-03-25 | 1999-11-30 | Unified Research Laboratories, Inc. | System and method for filtering data received by a computer system |
US6167438A (en) | 1997-05-22 | 2000-12-26 | Trustees Of Boston University | Method and system for distributed caching, prefetching and replication |
US6098108A (en) * | 1997-07-02 | 2000-08-01 | Sitara Networks, Inc. | Distributed directory for enhanced network communication |
SE510048C3 (en) | 1997-07-24 | 1999-05-03 | Mirror Image Internet Ab | Internet caching system |
US6006264A (en) * | 1997-08-01 | 1999-12-21 | Arrowpoint Communications, Inc. | Method and system for directing a flow between a client and a server |
WO1999009725A1 (en) | 1997-08-21 | 1999-02-25 | At & T Corp. | Packet redirection and message stream management |
US6285679B1 (en) | 1997-08-22 | 2001-09-04 | Avici Systems, Inc. | Methods and apparatus for event-driven routing |
FI105311B (en) * | 1997-09-04 | 2000-07-14 | Ericsson Telefon Ab L M | Procedure and arrangements for finding information |
US6226642B1 (en) | 1997-09-11 | 2001-05-01 | International Business Machines Corporation | Content modification of internet web pages for a television class display |
US6223209B1 (en) * | 1997-09-30 | 2001-04-24 | Ncr Corporation | Distributed world wide web servers |
US6247059B1 (en) | 1997-09-30 | 2001-06-12 | Compaq Computer Company | Transaction state broadcast method using a two-stage multicast in a multiple processor cluster |
US6070191A (en) * | 1997-10-17 | 2000-05-30 | Lucent Technologies Inc. | Data distribution techniques for load-balanced fault-tolerant web access |
US5953503A (en) | 1997-10-29 | 1999-09-14 | Digital Equipment Corporation | Compression protocol with multiple preset dictionaries |
US6256739B1 (en) | 1997-10-30 | 2001-07-03 | Juno Online Services, Inc. | Method and apparatus to determine user identity and limit access to a communications network |
US6119165A (en) | 1997-11-17 | 2000-09-12 | Trend Micro, Inc. | Controlled distribution of application programs in a computer network |
US6016512A (en) * | 1997-11-20 | 2000-01-18 | Telcordia Technologies, Inc. | Enhanced domain name service using a most frequently used domain names table and a validity code table |
US6412000B1 (en) | 1997-11-25 | 2002-06-25 | Packeteer, Inc. | Method for automatically classifying traffic in a packet communications network |
US5991713A (en) | 1997-11-26 | 1999-11-23 | International Business Machines Corp. | Efficient method for compressing, storing, searching and transmitting natural language text |
US6084878A (en) | 1997-12-18 | 2000-07-04 | Advanced Micro Devices, Inc. | External rules checker interface |
US6064676A (en) | 1998-01-14 | 2000-05-16 | Skystream Corporation | Remultipelxer cache architecture and memory organization for storing video program bearing transport packets and descriptors |
US6822955B1 (en) * | 1998-01-22 | 2004-11-23 | Nortel Networks Limited | Proxy server for TCP/IP network address portability |
US6185598B1 (en) * | 1998-02-10 | 2001-02-06 | Digital Island, Inc. | Optimized network resource location |
US6560227B1 (en) | 1998-02-23 | 2003-05-06 | International Business Machines Corporation | LAN frame copy decision for LAN switches |
US6526426B1 (en) | 1998-02-23 | 2003-02-25 | David Lakritz | Translation management system |
US6353614B1 (en) * | 1998-03-05 | 2002-03-05 | 3Com Corporation | Method and protocol for distributed network address translation |
US6065055A (en) | 1998-04-20 | 2000-05-16 | Hughes; Patrick Alan | Inappropriate site management software |
US6578073B1 (en) | 1998-05-13 | 2003-06-10 | Hewlett-Packard Development Company, L.P. | Accelerated content delivery over a network using reduced size objects |
AU4083699A (en) | 1998-05-19 | 1999-12-06 | Sun Microsystems, Inc. | Method and apparatus for effective traffic localization through domain name system |
US6397259B1 (en) | 1998-05-29 | 2002-05-28 | Palm, Inc. | Method, system and apparatus for packet minimized communications |
US6157955A (en) | 1998-06-15 | 2000-12-05 | Intel Corporation | Packet processing system including a policy engine having a classification unit |
EP1086426B1 (en) | 1998-06-19 | 2006-11-15 | Sun Microsystems, Inc. | Scalable proxy servers with plug in filters |
US6256671B1 (en) * | 1998-06-24 | 2001-07-03 | Nortel Networks Limited | Method and apparatus for providing network access control using a domain name system |
US6330561B1 (en) | 1998-06-26 | 2001-12-11 | At&T Corp. | Method and apparatus for improving end to end performance of a data network |
US7246150B1 (en) * | 1998-09-01 | 2007-07-17 | Bigfix, Inc. | Advice provided for offering highly targeted advice without compromising individual privacy |
WO2000014938A2 (en) * | 1998-09-09 | 2000-03-16 | Sun Microsystems, Inc. | Method and apparatus for transparently processing dns traffic |
US6393026B1 (en) | 1998-09-17 | 2002-05-21 | Nortel Networks Limited | Data packet processing system and method for a router |
US6728885B1 (en) | 1998-10-09 | 2004-04-27 | Networks Associates Technology, Inc. | System and method for network access control using adaptive proxies |
US6826694B1 (en) | 1998-10-22 | 2004-11-30 | At&T Corp. | High resolution access control |
US6546423B1 (en) | 1998-10-22 | 2003-04-08 | At&T Corp. | System and method for network load balancing |
CA2287258C (en) | 1998-10-22 | 2004-08-10 | At&T Corp. | System and method for demand-driven loading of rules in a firewall |
ATE300830T1 (en) * | 1998-10-30 | 2005-08-15 | Eicon Technology Corp | DIGITAL NETWORK MODEM WITH AN INTEGRATED DHCP SERVER |
US6502135B1 (en) | 1998-10-30 | 2002-12-31 | Science Applications International Corporation | Agile network protocol for secure communications with assured system availability |
US6304913B1 (en) | 1998-11-09 | 2001-10-16 | Telefonaktiebolaget L M Ericsson (Publ) | Internet system and method for selecting a closest server from a plurality of alternative servers |
US6324585B1 (en) * | 1998-11-19 | 2001-11-27 | Cisco Technology, Inc. | Method and apparatus for domain name service request resolution |
CA2287689C (en) | 1998-12-03 | 2003-09-30 | P. Krishnan | Adaptive re-ordering of data packet filter rules |
US6389462B1 (en) | 1998-12-16 | 2002-05-14 | Lucent Technologies Inc. | Method and apparatus for transparently directing requests for web objects to proxy caches |
US6611875B1 (en) | 1998-12-31 | 2003-08-26 | Pmc-Sierra, Inc. | Control system for high speed rule processors |
US6654787B1 (en) | 1998-12-31 | 2003-11-25 | Brightmail, Incorporated | Method and apparatus for filtering e-mail |
US6425003B1 (en) * | 1999-01-22 | 2002-07-23 | Cisco Technology, Inc. | Method and apparatus for DNS resolution |
US6389468B1 (en) | 1999-03-01 | 2002-05-14 | Sun Microsystems, Inc. | Method and apparatus for distributing network traffic processing on a multiprocessor computer |
US6182148B1 (en) * | 1999-03-18 | 2001-01-30 | Walid, Inc. | Method and system for internationalizing domain names |
US6701432B1 (en) | 1999-04-01 | 2004-03-02 | Netscreen Technologies, Inc. | Firewall including local bus |
US6480508B1 (en) * | 1999-05-12 | 2002-11-12 | Westell, Inc. | Router-based domain name system proxy agent using address translation |
US6768992B1 (en) | 1999-05-17 | 2004-07-27 | Lynne G. Jolitz | Term addressable memory of an accelerator system and method |
US6587466B1 (en) | 1999-05-27 | 2003-07-01 | International Business Machines Corporation | Search tree for policy based packet classification in communication networks |
US7146505B1 (en) | 1999-06-01 | 2006-12-05 | America Online, Inc. | Secure data exchange between date processing systems |
US6691231B1 (en) | 1999-06-07 | 2004-02-10 | Entrust Technologies Limited | Method and apparatus for providing access isolation of requested security related information from a security related information source |
WO2001008066A1 (en) | 1999-07-26 | 2001-02-01 | Iprivacy Llc | Electronic purchase of goods over a communication network including physical delivery while securing private and personal information |
US6598034B1 (en) | 1999-09-21 | 2003-07-22 | Infineon Technologies North America Corp. | Rule based IP data processing |
US6850529B1 (en) | 1999-10-06 | 2005-02-01 | Cisco Technology, Inc. | Layer 2 funnel in fan out network device |
US7574494B1 (en) * | 1999-10-15 | 2009-08-11 | Thomson Licensing | User interface for a bi-directional communication system |
US7007080B2 (en) * | 1999-12-23 | 2006-02-28 | Solution Inc Limited | System for reconfiguring and registering a new IP address for a computer to access a different network without user intervention |
US6662213B1 (en) | 2000-01-10 | 2003-12-09 | Sun Microsystems, Inc. | System and method for ensuring delivery of a single communication between nodes |
US6757291B1 (en) | 2000-02-10 | 2004-06-29 | Simpletech, Inc. | System for bypassing a server to achieve higher throughput between data network and data storage system |
US6973084B1 (en) | 2000-02-23 | 2005-12-06 | Cypress Semiconductor Corp. | Hybrid data transport scheme over optical networks |
US6854063B1 (en) | 2000-03-03 | 2005-02-08 | Cisco Technology, Inc. | Method and apparatus for optimizing firewall processing |
US7020719B1 (en) * | 2000-03-24 | 2006-03-28 | Netli, Inc. | System and method for high-performance delivery of Internet messages by selecting first and second specialized intermediate nodes to optimize a measure of communications performance between the source and the destination |
WO2001080024A2 (en) * | 2000-04-17 | 2001-10-25 | Circadence Corporation | Gateway buffer prioritization |
US6697806B1 (en) * | 2000-04-24 | 2004-02-24 | Sprint Communications Company, L.P. | Access network authorization |
US7346649B1 (en) * | 2000-05-31 | 2008-03-18 | Wong Alexander Y | Method and apparatus for network content distribution using a personal server approach |
US6950947B1 (en) | 2000-06-20 | 2005-09-27 | Networks Associates Technology, Inc. | System for sharing network state to enhance network throughput |
US6829654B1 (en) | 2000-06-23 | 2004-12-07 | Cloudshield Technologies, Inc. | Apparatus and method for virtual edge placement of web sites |
US7114008B2 (en) | 2000-06-23 | 2006-09-26 | Cloudshield Technologies, Inc. | Edge adapter architecture apparatus and method |
US7032031B2 (en) | 2000-06-23 | 2006-04-18 | Cloudshield Technologies, Inc. | Edge adapter apparatus and method |
US20020024153A1 (en) * | 2000-07-14 | 2002-02-28 | Matsushita Electric Industrial Co., Ltd. | Light-emitting device and optical intergrated device |
US6847989B1 (en) | 2000-08-29 | 2005-01-25 | International Business Machines Corporation | Method and system for creating mail rules from existing mail |
US7028092B2 (en) | 2000-12-11 | 2006-04-11 | Acme Packet, Inc. | System and method for assisting in controlling real-time transport protocol flow through multiple networks via media flow routing |
DE10109796A1 (en) * | 2001-03-01 | 2002-09-05 | Bosch Gmbh Robert | Circuit and method for specifying a start signal for a controller |
US6691124B2 (en) | 2001-04-04 | 2004-02-10 | Cypress Semiconductor Corp. | Compact data structures for pipelined message forwarding lookups |
US20030187992A1 (en) | 2001-05-07 | 2003-10-02 | Steenfeldt Rico Werni | Service triggering framework |
US7444418B2 (en) | 2001-05-11 | 2008-10-28 | Bytemobile, Inc. | Transcoding multimedia information within a network communication system |
US7210022B2 (en) | 2001-05-15 | 2007-04-24 | Cloudshield Technologies, Inc. | Apparatus and method for interconnecting a processor to co-processors using a shared memory as the communication interface |
US7082502B2 (en) | 2001-05-15 | 2006-07-25 | Cloudshield Technologies, Inc. | Apparatus and method for interfacing with a high speed bi-directional network using a shared memory to store packet data |
-
2000
- 2000-06-23 US US09/602,286 patent/US7003555B1/en not_active Expired - Lifetime
-
2005
- 2005-10-26 US US11/259,160 patent/US8694610B2/en not_active Expired - Lifetime
-
2013
- 2013-02-25 US US13/776,651 patent/US20130166637A1/en not_active Abandoned
- 2013-02-26 US US13/778,043 patent/US20130179969A1/en not_active Abandoned
Patent Citations (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5805820A (en) * | 1996-07-15 | 1998-09-08 | At&T Corp. | Method and apparatus for restricting access to private information in domain name systems by redirecting query requests |
US6108703A (en) * | 1998-07-14 | 2000-08-22 | Massachusetts Institute Of Technology | Global hosting system |
US7418504B2 (en) * | 1998-10-30 | 2008-08-26 | Virnetx, Inc. | Agile network protocol for secure communications using secure domain names |
US20010049741A1 (en) * | 1999-06-18 | 2001-12-06 | Bryan D. Skene | Method and system for balancing load distribution on a wide area network |
US7565450B2 (en) * | 2000-03-16 | 2009-07-21 | Adara Networks Inc. | System and method for using a mapping between client addresses and addresses of caches to support content delivery |
US20020010798A1 (en) * | 2000-04-20 | 2002-01-24 | Israel Ben-Shaul | Differentiated content and application delivery via internet |
US20020073233A1 (en) * | 2000-05-22 | 2002-06-13 | William Gross | Systems and methods of accessing network resources |
US7003555B1 (en) * | 2000-06-23 | 2006-02-21 | Cloudshield Technologies, Inc. | Apparatus and method for domain name resolution |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20160315915A1 (en) * | 2013-12-05 | 2016-10-27 | Bundesdruckerei Gmbh | Method for accessing a data memory of a cloud computer system using a modified domain name system (dns) |
US10050944B2 (en) * | 2013-12-05 | 2018-08-14 | Bundesdruckerei Gmbh | Process to access a data storage device of a cloud computer system with the help of a modified Domain Name System (DNS) |
US20230254384A1 (en) * | 2022-02-09 | 2023-08-10 | Coretech LT, UAB | Graceful shutdown of supernodes in an internet proxy system |
US11936753B2 (en) * | 2022-02-09 | 2024-03-19 | Oxylabs, Uab | Graceful shutdown of supernodes in an internet proxy system |
Also Published As
Publication number | Publication date |
---|---|
US20060075139A1 (en) | 2006-04-06 |
US8694610B2 (en) | 2014-04-08 |
US7003555B1 (en) | 2006-02-21 |
US20130179969A1 (en) | 2013-07-11 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US7003555B1 (en) | Apparatus and method for domain name resolution | |
US7437482B2 (en) | Method and apparatus for facilitating client server communications over a network | |
US7114008B2 (en) | Edge adapter architecture apparatus and method | |
US7624142B2 (en) | System and method for processing packets according to user specified rules governed by a syntax | |
US9634943B2 (en) | Transparent provisioning of services over a network | |
US7020783B2 (en) | Method and system for overcoming denial of service attacks | |
US6243760B1 (en) | Information dissemination system with central and distributed caches | |
US6532493B1 (en) | Methods and apparatus for redirecting network cache traffic | |
JP4690480B2 (en) | How to provide firewall service | |
US7454489B2 (en) | System and method for accessing clusters of servers from the internet network | |
US7072979B1 (en) | Wide area load balancing of web traffic | |
US20040010601A1 (en) | Method and system for protecting web sites from public internet threats | |
US20100125668A1 (en) | Methods, Systems, and Computer Program Products for Enhancing Internet Security for Network Subscribers | |
Yan et al. | The road to DNS privacy | |
US6981056B1 (en) | Wide area load balancing of web traffic | |
EP3065372B1 (en) | Detection and mitigation of network component distress | |
US7979508B1 (en) | System and method for improving gateway transparency | |
Rahman et al. | CoRE Working Group A. Castellani Internet-Draft University of Padova Intended status: Informational S. Loreto Expires: January 12, 2012 Ericsson |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
STCB | Information on status: application discontinuation |
Free format text: ABANDONED -- FAILURE TO RESPOND TO AN OFFICE ACTION |
|
AS | Assignment |
Owner name: LOOKINGGLASS CYBER SOLUTIONS, INC., MARYLAND Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:CLOUDSHIELD TECHNOLOGIES, LLC;REEL/FRAME:047205/0192 Effective date: 20150226 |
|
AS | Assignment |
Owner name: LOOKINGGLASS CYBER SOLUTIONS, INC., VIRGINIA Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:CLOUDSHIELD TECHNOLOGIES, LLC;REEL/FRAME:062847/0569 Effective date: 20230301 |