METHOD AND APPARATUS FOR CONTROLLING THE FLOW OF DATA ACROSS A NETWORK INTERFACE
6 Assignments
0 Petitions
Accused Products
Abstract
The present invention performs “flow control” based on the remaining encryption capacity of an encrypted outbound network interface link of a network routing device, such as a router or switch. As the encrypted link begins to run low on encryption key material, this invention begins to discard datagrams queued for transit across that link, in order to signal distant host computers that they should slow down the rate at which they are sending datagrams. The invention, which is particularly useful in cryptographically protected networks that run the TCP/IP protocol stack, allows fine-grained flow control of individual traffic classes because it can determine, for example, how various classes of data traffic (e.g., voice, video, TCP) should be ordered and transmitted through a network. Thus, the invention can be used to implement sophisticated flow control rules so as to give preferential treatment to certain people, departments or computers.
103 Citations
120 Claims
-
1-97. -97. (canceled)
-
98. A method, comprising:
-
receiving a data stream that includes a plurality of data packets; receiving a report that includes an encryption capacity indicator associated with a network interface; determining a traffic class for a data packet in the data stream; and selectively undertaking at least one of assigning the data packet to a transmission queue, and dropping the packet based at least in part on both the received encryption capacity indicator and the identified traffic class.
-
-
107. A device, comprising:
-
an inbound network interface link configured to receive a data stream that includes a plurality of data packets; at least two outbound network interface links, wherein each of the outbound network interface links is configured to transmit at least one of the received data packets to a network routing device; and a routing processor configured to identify a traffic class for a data packet in the data stream, receive an encryption capacity indicator for each of the outbound network interface links, and select one of the outbound network interface links to transmit the data packet based at least in part on both the received encryption capacity indicators and the identified traffic class. - View Dependent Claims (108, 109, 110, 111, 112, 113)
-
-
114. A system, comprising:
-
a network routing device configured to receive a data packet; a cryptographic subsystem; and an outbound network interface link that is coupled to the network routing device and protected by the cryptographic subsystem, wherein the network routing device determines whether the data packet will be transmitted across the outbound network interface link based on an encryption capacity indicator received from the cryptographic subsystem, and wherein the encryption capacity indicator includes a quantitative measure representative of a capacity of the cryptographic subsystem to encrypt subsequent data packets. - View Dependent Claims (115, 116, 117, 118, 119, 120)
-
Specification