Applying quality of service to application messages in network elements based on roles and status

US 20080025230A1
Filed: 07/27/2006
Published: 01/31/2008
Est. Priority Date: 07/27/2006
Status: Active Grant

First Claim

Patent Images

1. A data processing apparatus, comprising:

a plurality of network interfaces that are coupled to a data network for receiving one or more packets therefrom and sending one or more packets thereto;

one or more processors;

a switching system coupled to the one or more processors and packet forwarding logic, wherein the switching system and packet forwarding logic are configured to receive packets on a first network interface, determine a second network interface on which to send the packets, and to send the packets on the second network interface;

a computer-readable storage medium recorded with one or more message classification rules and a mapping of message classification values to network-level QoS values, wherein each of the message classification rules specifies one or more message attributes and one of the message classification values;

application QoS logic which when executed by the one or more processors is operable to cause;

receiving an application-layer message;

matching one or more attributes of the application-layer message to the message classification rules;

wherein the one or more attributes comprise at least one of information about a sender of the message and a status of a machine that sends the message;

determining a message classification of the application-layer message based on the matching;

selecting one of the network-level QoS values using the mapping and based on the determined message classification;

marking a network-level header of the application-layer message using the selected QoS value.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Network elements provide application-level QoS for application-layer messages processed therein. An application based message is examined upon IP reassembly thereof. Information is accessed about a sender of the message. A credential is assigned to the sender based on the sender information and/or a status validated for a device that sends said message. The message is dynamically prioritized in relation to other network traffic to provide application QoS based on the sender credential and/or the device status. The message priority is changeable on the fly according to the dynamically variable information. Sender information relates to a role or authority level associated therewith and is dynamically variable with respect to time, situation and/or circumstance. Thus, OSI Layer 5, 6, or 7 application message role/status based attributes determine how packets are marked with Layer 2, 3 or 4 QoS values, integrating application-level concepts of order and priority into network-layer QoS mechanisms.

456 Citations

40 Claims

1. A data processing apparatus, comprising:
- a plurality of network interfaces that are coupled to a data network for receiving one or more packets therefrom and sending one or more packets thereto;
  
  one or more processors;
  
  a switching system coupled to the one or more processors and packet forwarding logic, wherein the switching system and packet forwarding logic are configured to receive packets on a first network interface, determine a second network interface on which to send the packets, and to send the packets on the second network interface;
  
  a computer-readable storage medium recorded with one or more message classification rules and a mapping of message classification values to network-level QoS values, wherein each of the message classification rules specifies one or more message attributes and one of the message classification values;
  
  application QoS logic which when executed by the one or more processors is operable to cause;
  
  receiving an application-layer message;
  
  matching one or more attributes of the application-layer message to the message classification rules;
  
  wherein the one or more attributes comprise at least one of information about a sender of the message and a status of a machine that sends the message;
  
  determining a message classification of the application-layer message based on the matching;
  
  selecting one of the network-level QoS values using the mapping and based on the determined message classification;
  
  marking a network-level header of the application-layer message using the selected QoS value.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The apparatus of claim 1, wherein at least one of the determining, selecting and marking dynamically changes to change a priority of the message based on at least one of the information about the message sender and the message sending machine status.
  - 3. The apparatus of claim 1, wherein the message classification rules classify the application-layer message as one of mission critical, transactional data, bulk data transfer, and best effort.
  - 4. The apparatus of claim 1, wherein the network-level QoS values are differentiated services code point (DSCP) values.
  - 5. The apparatus of claim 4, wherein the application QoS logic comprises logic which when executed by the one or more processors is operable to mark an IP header of the application-layer message with one of the DSCP values.
  - 6. The apparatus of claim 1, wherein the network-level QoS values are IP Type of Service (ToS) values.
  - 7. The apparatus of claim 6, wherein the application QoS logic comprises logic which when executed by the one or more processors is operable to mark an IP header of the application-layer message with one of the ToS values.
  - 8. The apparatus of claim 1, wherein the application QoS logic comprises logic which when executed by the one or more processors is operable to forward the marked application-layer message to a next hop, wherein the forwarding is prioritized based on the selected QoS value and a set of priority queues.
  - 9. The apparatus of claim 1, wherein the application QoS logic comprises logic which when executed by the one or more processors is operable to establish a plurality of prioritized virtual connections between the apparatus and a next hop apparatus, and to forward the marked application-layer message to a next hop, wherein the forwarding is prioritized based on writing the application-layer message to one of the virtual connections that is associated with the selected QoS value.
  - 10. The apparatus of claim 1, wherein the application QoS logic comprises logic which when executed by the one or more processors is operable to:
    - forward the marked application-layer message to an endpoint;
      
      receive a second application-layer message from the endpoint;
      
      determine that the second application-layer message is associated with the marked application-layer message;
      
      mark the second application-layer message with the same selected QoS value that was used to mark the marked application-layer message; and
      
      forward the second application-layer message to a next hop, wherein the forwarding is prioritized based on writing the application-layer message to one of the virtual connections that is associated with the selected QoS value.

11. A data processing apparatus, comprising:
- a plurality of network interfaces that are coupled to a data network for receiving one or more packets therefrom and sending one or more packets thereto;
  
  one or more processors;
  
  a switching system coupled to the one or more processors and packet forwarding logic, wherein the switching system and packet forwarding logic are configured to receive packets on a first network interface, determine a second network interface on which to send the packets, and to send the packets on the second network interface;
  
  a computer-readable storage medium recorded with one or more message classification rules and a mapping of message classification values to network-level QoS values, wherein each of the message classification rules specifies one or more message attributes and one of the message classification values;
  
  means for receiving an application-layer message;
  
  means for matching one or more attributes of the application-layer message to the message classification rules;
  
  wherein the one or more attributes comprise at least one of information about a sender of the message and a status of a machine that sends the message;
  
  means for determining a message classification of the application-layer message based on the matching;
  
  means for selecting one of the network-level QoS values using the mapping and based on the determined message classification;
  
  means for marking a network-level header of the application-layer message using the selected QoS value.

12. A computer-readable storage medium recorded with one or more message classification rules and a mapping of message classification values to network-level QoS values, wherein each of the message classification rules specifies one or more message attributes and one of the message classification values, and recorded with application QoS logic which when executed by one or more processors is operable to cause:
- receiving an application-layer message at a network infrastructure element comprising a plurality of network interfaces that are coupled to a data network for receiving one or more packets therefrom and sending one or more packets thereto, the one or more processors, and a switching system coupled to the one or more processors and packet forwarding logic, wherein the switching system and packet forwarding logic are configured to receive packets on a first network interface, determine a second network interface on which to send the packets, and to send the packets on the second network interface;
  
  matching one or more attributes of the application-layer message to the message classification rules;
  
  wherein the one or more attributes comprise at least one of information about a sender of the message and a status of a machine that sends the message;
  
  determining a message classification of the application-layer message based on the matching;
  
  selecting one of the network-level QoS values using the mapping and based on the determined message classification;
  
  marking a network-level header of the application-layer message using the selected QoS value.

13. A method, comprising:
- creating and storing one or more message classification rules and a mapping of message classification values to network-level QoS values, wherein each of the message classification rules specifies one or more message attributes and one of the message classification values;
  
  receiving an application-layer message at a network infrastructure element comprising a plurality of network interfaces that are coupled to a data network for receiving one or more packets therefrom and sending one or more packets thereto, the one or more processors, and a switching system coupled to the one or more processors and packet forwarding logic, wherein the switching system and packet forwarding logic are configured to receive packets on a first network interface, determine a second network interface on which to send the packets, and to send the packets on the second network interface;
  
  matching one or more attributes of the application-layer message to the message classification rules;
  
  wherein the one or more attributes comprise at least one of information about a sender of the message and a status of a machine that sends the message;
  
  determining a message classification of the application-layer message based on the matching;
  
  selecting one of the network-level QoS values using the mapping and based on the determined message classification;
  
  marking a network-level header of the application-layer message using the selected QoS value.

14. A method for providing application level quality of service (QoS) in a network element, comprising:
- examining an application based message upon Internet Protocol (IP) reassembly thereof;
  
  accessing information about a sender of said message;
  
  assigning a credential to said sender based on said sender information;
  
  validating a status of a device that sends said message; and
  
  dynamically prioritizing said message in relation to other network traffic to provide application QoS based on at least one of said sender credential and said device status.
- View Dependent Claims (15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26)
- - 15. The method as recited in claim 14 wherein at least one of said determining, selecting and marking dynamically changes to change a priority of the message based on at least one of the information about the message sender and the message sending machine status.
  - 16. The method as recited in claim 14 wherein said information about said message sender comprises information relating to at least one of a role, an authority level and a rank associated therewith, wherein said information is dynamically variable with respect to at least one of time, situation and circumstance.
  - 17. The method as recited in claim 14 further comprising:
    - parsing content of said message; and
      
      validating a context of said message, wherein said prioritizing is further based on at least one of said content and said context of said message.
  - 18. The method as recited in claim 14 wherein said dynamically prioritizing comprises assigning differentiated services code points (DSCP) values to packets associated with said message.
  - 19. The method as recited in claim 14 wherein said method is performed with an Application Oriented Networking (AON) component of said network element wherein said network element comprises at least one of a packet router and a packet switch in a packet based network.
  - 20. The method as recited in claim 19 wherein said examining comprises:
    - assembling incoming packets that are associated with said message;
      
      extracting application level information from said message wherein an IP address of a message source is read from said message; and
      
      determining a user entity to which said IP address is assigned.
  - 21. The method as recited in claim 20 wherein said accessing user information comprises at least one of:
    - discerning said user information from said application message;
      
      performing a Dynamic Host Configuration Protocol (DHCP) based lookup; and
      
      performing at least one of a Lightweight Data Access Protocol (LDAP) database lookup and a lookup with at least one of a Remote Dial-In User Server/Access, Authentication and Authorization (RADIUS/AAA) server and a DIAMETER/TACACS+ server.
  - 22. The method as recited in claim 21 wherein said DHCP lookup reveals at least one of an identifier associated with said message generating device and a duration of an IP lease associated with said message.
  - 23. The method as recited in claim 22 wherein the LDAP lookup comprises a query related to said status of said device.
  - 24. The method as recited in claim 23, further comprising:
    - caching said determined information; and
      
      refreshing said cached information upon receipt of a subsequent incoming message from said IP address associated with said message.
  - 25. The method as recited in claim 14, wherein said status of said device relates to at least one of a threat prevention update record and a security patch posture relating to said message sending device.
  - 26. The method as recited in claim 25 wherein, upon said status comprising a deficiency in one or more of said threat prevention update record and said security patch posture, said dynamically prioritizing comprises lowering a priority of said message.

27. A computer based system, comprising:
- a plurality of network interfaces that are coupled to a data network for receiving packet based message packets therefrom and sending packet based message packets thereto;
  
  one or more processors;
  
  a switching system coupled to the one or more processors and packet forwarding logic, wherein the switching system and packet forwarding logic are configured to receive packets on a first network interface, determine a second network interface on which to send the packets, and to send the packets on the second network interface;
  
  a computer-readable storage medium recorded with one or more message classification rules and a mapping of message classification values to network-level QoS values, wherein each of the message classification rules specifies one or more message attributes and one of the message classification values;
  
  application QoS logic which when executed by the one or more processors is operable to cause;
  
  examining an application based message upon Internet Protocol (IP) reassembly thereof,accessing information about a sender of said message;
  
  assigning a credential to said sender based on said sender information;
  
  validating a status of a device that sends said message; and
  
  dynamically prioritizing said message in relation to other network traffic to provide application QoS based on at least one of said sender credential and said device status.
- View Dependent Claims (28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38)
- - 28. The system as recited in claim 27 wherein at least one of said information about said message sender and said message sending machine status is dynamically variable over time and wherein one or more of said assigning and said validating is dynamically changeable, wherein said dynamically prioritizing changes a priority of said message on the fly according to said dynamically variable information.
  - 29. The system as recited in claim 27 wherein said information about said message sender comprises information relating to at least one of a role, an authority level and a rank associated therewith, wherein said information is dynamically variable with respect to at least one of time, situation and circumstance.
  - 30. The system as recited in claim 27 wherein said application QoS logic, when executed by the one or more processors, is operable to further cause:
    - parsing content of said message; and
      
      validating a context of said message, wherein said prioritizing is further based on at least one of said content and said context of said message.
  - 31. The system as recited in claim 27 wherein said dynamically prioritizing comprises assigning differentiated services code points (DSCP) values to packets associated with said message.
  - 32. The system as recited in claim 31, further comprising an Application Oriented Networking (AON) component of an element of said network wherein said network element comprises at least one of a packet router and a packet switch in a packet based network and wherein said examining.
  - 33. The system as recited in claim 32 wherein said examining comprises:
    - assembling incoming packets that are associated with said message;
      
      extracting application level information therefrom wherein an IP address of a message source is read therefrom; and
      
      determining a user entity to which said IP address is assigned.
  - 34. The system as recited in claim 33 wherein said accessing user information comprises at least one of:
    - discerning said user information from said application message;
      
      performing a Dynamic Host Configuration Protocol (DHCP) based lookup; and
      
      performing at least one of a Lightweight Data Access Protocol (LDAP) database lookup and a lookup with at least one of a Remote Dial-In User Server/Access, Authentication and Authorization (RADIUS/AAA) server and a DIAMETER/TACACS+ server.
  - 35. The system as recited in claim 34 wherein said DHCP lookup reveals at least one of an identifier associated with said message generating device and a duration of an IP lease associated therewith.
  - 36. The system as recited in claim 35, further comprising:
    - caching said determined information; and
      
      refreshing said cached information upon receipt of a subsequent incoming message from said IP address associated with said message.
  - 37. The system as recited in claim 35 wherein the wherein the LDAP lookup comprises a query related to said status of said device.
  - 38. The system as recited in claim 27, wherein said status of said device relates to at least one of a threat prevention update record and a security patch posture relating to said message sending device and wherein, upon said status comprising a deficiency in one or more of said antiviral update record and said security patch posture, said dynamically prioritizing comprises lowering a priority of said message.

39. A computer-readable storage medium recorded with one or more message classification rules and a mapping of message classification values to network-level QoS values, wherein each of the message classification rules specifies one or more message attributes and one of the message classification values, and recorded with application QoS logic which when executed by one or more processors is operable to cause:
- examining an application based message upon Internet Protocol (IP) reassembly thereof;
  
  accessing information about a sender of said message;
  
  assigning a credential to said sender based on said sender information;
  
  validating a status of a device that sends said message; and
  
  dynamically prioritizing said message in relation to other network traffic to provide application QoS based on at least one of said sender credential and said device status.

40. A networking apparatus, comprising:
- means for examining an application based message upon Internet Protocol (IP) reassembly thereof;
  
  means for accessing information about a sender of said message;
  
  means for assigning a credential to said sender based on said sender information;
  
  means for validating a status of a device that sends said message; and
  
  means for dynamically prioritizing said message in relation to other network traffic to provide application QoS based on at least one of said sender credential and said device status.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Original Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Inventors
Patel, Alpesh, Joshi, Praveen

Granted Patent

US 7,797,406 B2
Time in Patent Office

Days
Field of Search
US Class Current

370/252
CPC Class Codes

H04L 41/5022 by giving priorities, e.g. ...

Applying quality of service to application messages in network elements based on roles and status

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

456 Citations

40 Claims

Specification

Solutions

Use Cases

Quick Links

Applying quality of service to application messages in network elements based on roles and status

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

456 Citations

40 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links