Effective policies and policy enforcement using characterization of flow content and content-independent flow information
First Claim
Patent Images
1. A machine-implemented method comprising:
- a) obtaining network packets;
b) grouping the collected network packets into a plurality of flows;
c) for each of the plurality of flows, i) determining a content characteristic by characterizing content of the flow using bit-stream level statistics, and ii) determining at least one of (A) content-independent flow characteristics, (B) port-independent flow characteristics, and (C) application header-independent flow characteristics; and
d) enforcing a policy on at least one of the flows using both (1) the determined content characteristic and the (2) determined at least one of (A) content-independent flow characteristics, (B) port-independent flow characteristics, and (C) application header-independent flow characteristics.
2 Assignments
0 Petitions
Accused Products
Abstract
Flexible network policies might be enforced by (a) obtaining a flow of network packets, (b) determining a content characteristic by characterizing content of the flow using bit-stream level statistics, (c) determining content-independent flow characteristics, port-independent flow characteristics, and/or application header-independent flow characteristics, and (d) enforcing a policy on the flow using both (1) the determined content characteristic and the (2) determined content-independent flow characteristics, port-independent flow characteristics, and/or application header-independent flow characteristics.
-
Citations
22 Claims
-
1. A machine-implemented method comprising:
-
a) obtaining network packets;
b) grouping the collected network packets into a plurality of flows;
c) for each of the plurality of flows, i) determining a content characteristic by characterizing content of the flow using bit-stream level statistics, and ii) determining at least one of (A) content-independent flow characteristics, (B) port-independent flow characteristics, and (C) application header-independent flow characteristics; and
d) enforcing a policy on at least one of the flows using both (1) the determined content characteristic and the (2) determined at least one of (A) content-independent flow characteristics, (B) port-independent flow characteristics, and (C) application header-independent flow characteristics. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
-
14. A machine-implemented method comprising:
-
a) obtaining a flow of network packets;
b) determining a content characteristic by characterizing content of the flow using bit-stream level statistics;
c) determining at least one of (i) content-independent flow characteristics, (ii) port-independent flow characteristics, and (iii) application header-independent flow characteristics; and
d) enforcing a policy on the flow using both (1) the determined content characteristic and the (2) determined at least one of (i) content-independent flow characteristics, (ii) port-independent flow characteristics, and (iii) application header-independent flow characteristics. - View Dependent Claims (15, 16, 17, 18, 19, 20)
-
-
21. Apparatus comprising:
-
a) means for obtaining network packets;
b) means for grouping the collected network packets into a plurality of flows;
c) means, for each of the plurality of flows, for i) determining a content characteristic by characterizing content of the flow using bit-stream level statistics, and ii) determining at least one of (A) content-independent flow characteristics, (B) port-independent flow characteristics, and (C) application header-independent flow characteristics; and
d) means for enforcing a policy on at least one of the flows using both (1) the determined content characteristic and the (2) determined at least one of (A) content-independent flow characteristics, (B) port-independent flow characteristics, and (C) application header-independent flow characteristics.
-
-
22. Apparatus comprising:
-
a) means for obtaining a flow of network packets;
b) means for determining a content characteristic by characterizing content of the flow using bit-stream level statistics;
c) means for determining at least one of (i) content-independent flow characteristics, (ii port-independent flow characteristics, and (iii) application header-independent flow characteristics; and
d) means for enforcing a policy on the flow using both (1) the determined content characteristic and the (2) determined at least one of (i) content-independent flow characteristics, (ii) port-independent flow characteristics, and (iii) application header-independent flow characteristics.
-
Specification