SYSTEM AND METHOD OF TRAFFIC INSPECTION AND CLASSIFICATION FOR PURPOSES OF IMPLEMENTING SESSION ND CONTENT CONTROL
First Claim
1. A method, comprising using, at a network device, sets of packet classification rules having associated matching criteria for OSI Layer 2-Layer 4 (L2-L4) packet information to select traffic flows made up of various packets received at the network device for processing at OSI Layer 7 (L7) at the network device, and carrying classification information computed as a result of classifications based on the L2-L4 packet information with those of the traffic flows so selected so that the classification information is available during the traffic flow processing at L7.
11 Assignments
0 Petitions
Accused Products
Abstract
Packets received at a network appliance are classified according to packet classification rules based on flow state information maintained by the network appliance and evaluated for each packet as it is received at the appliance on the basis of OSI Level 2-Level 4 (L2-L4) information retrieved from the packet. The received packets are acted upon according to outcomes of the classification; and the flow state information is updated according to actions taken on the received packets. The updated flow state information is then made available to modules performing additional processing of one or more of the packets at OSI Layer 7 (L7).
244 Citations
55 Claims
- 1. A method, comprising using, at a network device, sets of packet classification rules having associated matching criteria for OSI Layer 2-Layer 4 (L2-L4) packet information to select traffic flows made up of various packets received at the network device for processing at OSI Layer 7 (L7) at the network device, and carrying classification information computed as a result of classifications based on the L2-L4 packet information with those of the traffic flows so selected so that the classification information is available during the traffic flow processing at L7.
- 7. A network device, comprising one or more network traffic processing modules configured to classify packets received at the network device by evaluating OSI Layer 2-Layer 4 (L2-L4) information retrieved from said packets against sets of packet classification rules having associated matching criteria, at least some of the matching criteria being stored in per-packet classification rule databases separate from the network traffic processing modules.
- 12. A method, comprising classifying packets received at a network device by evaluating OSI Layer 2-Layer 4 (L2-L4) information retrieved from said packets against sets of packet classification rules having associated matching criteria, the classifying being performed by one or more traffic processing modules according to matching criteria for the packet classification rules retrieved from per-packet classification rule databases separate from the network traffic processing modules.
-
23. A method, comprising using, at a first network device, sets of packet classification rules having associated matching criteria for OSI Layer 2-Layer 4 (L2-L4) packet information and traffic flow state information stored at the network device to classify packets associated with traffic flows received at the first network device, and as a result of classifications based on the L2-L4 packet information and the traffic flow state information, forwarding one or more of the packets to a second network device identified as handling a subject one of the traffic flows associated with those of the packets so forwarded, without further processing the packets so forwarded at the first network device at higher OSI layers.
-
24. A method, comprising using, at a first network device, sets of packet classification rules having associated matching criteria for OSI Layer 2-Layer 4 (L2-L4) packet information and traffic flow state information stored at the network device to classify packets associated with traffic flows received at the first network device, and as a result of classifications based on the L2-L4 packet information and the traffic flow state information, bypassing one or more of the packets to a client even though the packets so bypassed are associated with a subject one of the traffic flows identified as being handled by a second network device, without further processing the packets so bypassed at the first network device at higher OSI layers.
- 25. A method, comprising creating, at a network device, listeners for network traffic received at the network device using less than complete traffic flow configuration information, and classifying packets as being intended for handling by said listeners or not according to matching criteria for OSI Layer 2-Layer 4 (L2-L4) information from the packets.
-
28. A method, comprising classifying a packet received at a first network device according to sets of packet classification rules having associated matching criteria for OSI Layer 2-Layer 4 (L2-L4) information from the packet, and taking action on the packet in accordance with a matching one of the packet classification rules, wherein during the classifying evaluation of the packet against the packet classification rules is delayed for a period of time and then reinitiated again as if the packet had just been received at the first network device so as to provide time for a peer network device to notify the first network device that the peer network device is handling a traffic flow with which the packet is associated.
-
29. A computer-implemented method, comprising:
-
classifying packets received at a network appliance according to packet classification rules based on flow state information maintained by the network appliance and evaluated for each packet as it is received at the appliance on the basis of OSI Level 2-Level 4 (L2-L4) information retrieved from the packet;
acting on each of the received packets according to outcomes of the classification; and
updating the flow state information according to actions taken on the received packets based on the L2-L4 information and making updated flow state information which reflects said actions taken on the packets available to modules performing additional processing of one or more of said packets at OSI Layer 7 (L7). - View Dependent Claims (30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42)
-
- 43. A computer-implemented method, comprising classifying network traffic on a most specific match basis for OSI Layer-2 to Layer-4 (L2-L4) information obtained from packets, said L2-L4 information being evaluated for service listeners configured for a network appliance at which the traffic is received, and using results of classifications so obtained when processing the network traffic at OSI Layer-7.
-
51. A method, comprising classifying packets received at a network device according to sets of packet classification rules having associated matching criteria for OSI Layer 2-Layer 4 (L2-L4) information obtained from the packets and taking action on the packets in accordance with matching ones of the packet classification rules, unless for a given interface of the network device on which one or more of the packets is received, the network device is configured to reject inbound packets, in which case for inbound ones of the packets received on the given network interface, dropping said inbound packets.
-
52. A method, comprising classifying packets received at a network device according to sets of packet classification rules having associated matching criteria for OSI Layer 2-Layer 4 (L2-L4) information obtained from the packets and taking action on the packets in accordance with matching ones of the packet classification rules, unless for a given interface of the network device on which one or more of the packets is received, the network device is configured to (i) not reject inbound packets and (ii) not allow interception of packets, in which case for those of the packets received on the given network interface, bypassing said one or more packets.
-
53. A method, comprising:
- at a network device configured to classify packets on the basis of OSI Layer 2-Layer 4 (L2-L4) information obtained from the packets and according to sets of packet classification rules having associated matching criteria, intercepting one or more of the packets for processing at OSI Layer 7 (L7) at the network device, provided for a given interface of the network device on which the one or more of the packets are received, the network device is configured to (i) not reject inbound packets and (ii) allow interception of packets.
-
54. A method, comprising classifying, at a network device, packets associated with traffic flows received at the network device according to (i) sets of packet classification rules having associated matching criteria for packet state information, and (ii) traffic flow state information stored at the network device;
- and taking action on the packets in accordance with matching ones of the packet classification rules and according to state information associated with the traffic flows to which the packets acted upon belong, wherein the packet state information includes some or all of OSI Layer 2-Layer 4 (L2-L4) information obtained from the packets, heuristics and/or statistical measures that can later aid in higher layer processing of the packets at the network device.
- View Dependent Claims (55)
Specification