Source-Based Steering Data Communications Packets For Transparent, Bump-In-The-Wire Processing Among Multiple Service Applications

US 20100290475A1
Filed: 05/18/2009
Published: 11/18/2010
Est. Priority Date: 05/18/2009
Status: Active Grant

First Claim

Patent Images

1. A method of steering data communications packets for transparent, bump-in-the-wire processing among multiple service applications,the method carried out in link-level data communications switching apparatus, the switching apparatus comprising at least one link-level data communications switch, the switching apparatus comprising a plurality of data communications ports, at least four of the ports coupling the switching apparatus to at least four data communications networks, the networks organized into at least two pairs of networks, at least two additional ports connected to service applications that carry out transparent, bump-in-the-wire data processing of data communications packets traveling among the networks, each service application associated with a unique, link-level identifier;

the switching apparatus further comprising rules governing the steering of data communications among service applications and networks connected to the switching apparatus each rule comprising an association of an ingress port and a switch egress, the rules including at least one rule that further includes at least one network code that identifies a network pair and a direction of travel between the networks in the identified network pair, the rules configured to permit data communications through the switching apparatus only between networks in a pair, excluding data communications across pairs of networks;

the method comprising;

receiving, in the switching apparatus through an ingress port from a source network, data communications packets directed to a destination network, the source network and the destination network being members of a same pair of networks, each packet containing a source network address that identifies the source of the packet in the source network, each packet optionally also containing a destination network address that identifies a destination of the packet in the destination network; and

steering by the switching apparatus each packet among the service applications and through an egress port to the destination network, the steering carried out only in accordance with the rules, using neither the source network address of the packet, the destination network address of the packet, nor the link-level identifier of any service application.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Steering data communications packets among multiple service applications in a link-level data communications switching apparatus that includes a link-level data communications switch and data communications ports coupling the switching apparatus to networks organized into pairs of networks, and ports connected to service applications, the switching apparatus further including rules governing the steering of data communications among service applications and networks, at least one rule that includes a network code that identifies a network pair and a direction of travel between the networks, including receiving data communications packets directed to a destination network, each packet containing a source network address, and steering by the switching apparatus each packet, the steering carried out only in accordance with the rules, using neither the source network address of the packet, the destination network address of the packet, nor the link-level identifier of any service application.

Citations

21 Claims

1. A method of steering data communications packets for transparent, bump-in-the-wire processing among multiple service applications,the method carried out in link-level data communications switching apparatus, the switching apparatus comprising at least one link-level data communications switch, the switching apparatus comprising a plurality of data communications ports, at least four of the ports coupling the switching apparatus to at least four data communications networks, the networks organized into at least two pairs of networks, at least two additional ports connected to service applications that carry out transparent, bump-in-the-wire data processing of data communications packets traveling among the networks, each service application associated with a unique, link-level identifier;
- the switching apparatus further comprising rules governing the steering of data communications among service applications and networks connected to the switching apparatus each rule comprising an association of an ingress port and a switch egress, the rules including at least one rule that further includes at least one network code that identifies a network pair and a direction of travel between the networks in the identified network pair, the rules configured to permit data communications through the switching apparatus only between networks in a pair, excluding data communications across pairs of networks;
  
  the method comprising;
  
  receiving, in the switching apparatus through an ingress port from a source network, data communications packets directed to a destination network, the source network and the destination network being members of a same pair of networks, each packet containing a source network address that identifies the source of the packet in the source network, each packet optionally also containing a destination network address that identifies a destination of the packet in the destination network; and
  
  steering by the switching apparatus each packet among the service applications and through an egress port to the destination network, the steering carried out only in accordance with the rules, using neither the source network address of the packet, the destination network address of the packet, nor the link-level identifier of any service application.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1 wherein:
    - the switching apparatus is configured, for at least some of the service applications, with two ports coupled to each such service application, one port for egress of packets from the switching apparatus to such service applications and another port for ingress of packets from such service applications; and
      
      steering each packet among the service applications further comprises steering each packet from the switching apparatus to such a service application through a separate egress port, each such service application carrying out its data processing related to each packet and then returning each packet to the switching apparatus through a separate ingress port.
  - 3. The method of claim 1 whereinthe switching apparatus is configured, for at least some of the service applications, with only one port coupled to each such service application;
    - andsteering each packet among the service applications further comprises steering each packet from the switching apparatus to such a service application through the one port coupling such a service application to the switching apparatus, each such service application carrying out its data processing related to each packet and then returning each packet to the switching apparatus through the one port.
  - 4. The method of claim 1 wherein each packet further comprises a link-level source identifier that identifies a link-level source for each packet in the source network and receiving data communications packets further comprises recording for each packet the packet'"'"'s link-level source identifier and a network code, the network code specifying for each packet a direction of travel between the two networks in one of the pairs of networks.
  - 5. The method of claim 1 wherein steering each packet among the service applications further comprises, upon receiving a packet through an ingress port from a source network, selecting, in dependence upon the ingress port through which the packet was received, a rule that governs steering the packet to a switch egress.
  - 6. The method of claim 1 wherein:
    - each packet further comprises a link-level source identifier that identifies a link-level source for each packet in the source network;
      
      the switching apparatus further comprises orientation records that associate, for each packet received from a source network, the packet'"'"'s link-level source identifier and a network code, the network code specifying for each packet a direction of travel between the two networks in one of the pairs of networks;
      
      steering each packet among the service applications further comprises, for each packet received through an ingress port from a service application;
      
      identifying, from the orientation records in dependence upon the packet'"'"'s link-level source identifier, the packet'"'"'s network code; and
      
      selecting, in dependence upon the packet'"'"'s network code and the ingress port through which the packet was received from the service application, a rule that governs steering the packet to a next switch egress.
  - 7. The method of claim 1 wherein:
    - the rules further comprise additional packet attributes, the additional packet attributes defining a plurality of paths through the service applications for a direction of travel between networks in a pair; and
      
      steering each packet among the service applications further comprises steering each packet along one of the plurality of paths through the service applications defined by the additional packet attributes.

8. Apparatus for steering data communications packets for transparent, bump-in-the-wire processing among multiple service applications, the apparatus comprising:
- a link-level data communications switching apparatus, the switching apparatus comprising at least one link-level data communications switch, the switching apparatus comprising a plurality of data communications ports, at least four of the ports coupling the switching apparatus to at least four data communications networks, the networks organized into at least two pairs of networks, at least two additional ports connected to service applications that carry out transparent, bump-in-the-wire data processing of data communications packets traveling among the networks, each service application associated with a unique, link-level identifier;
  
  the switching apparatus further comprising rules governing the steering of data communications among service applications and networks connected to the switching apparatus each rule comprising an association of an ingress port and a switch egress, the rules including at least one rule that further includes at least one network code that identifies a network pair and a direction of travel between the networks in the identified network pair, the rules configured to permit data communications through the switching apparatus only between networks in a pair, excluding data communications across pairs of networks;
  
  the apparatus configured to carry out the steps of;
  
  receiving, in the switching apparatus through an ingress port from a source network, data communications packets directed to a destination network, the source network and the destination network being members of a same pair of networks, each packet containing a source network address that identifies the source of the packet in the source network, each packet optionally also containing a destination network address that identifies a destination of the packet in the destination network; and
  
  steering by the switching apparatus each packet among the service applications and through an egress port to the destination network, the steering carried out only in accordance with the rules, using neither the source network address of the packet, the destination network address of the packet, nor the link-level identifier of any service application.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The apparatus of claim 8 wherein:
    - the switching apparatus is configured, for at least some of the service applications, with two ports coupled to each such service application, one port for egress of packets from the switching apparatus to such service applications and another port for ingress of packets from such service applications; and
      
      steering each packet among the service applications further comprises steering each packet from the switching apparatus to such a service application through a separate egress port, each such service application carrying out its data processing related to each packet and then returning each packet to the switching apparatus through a separate ingress port.
  - 10. The apparatus of claim 8 whereinthe switching apparatus is configured, for at least some of the service applications, with only one port coupled to each such service application;
    - andsteering each packet among the service applications further comprises steering each packet from the switching apparatus to such a service application through the one port coupling such a service application to the switching apparatus, each such service application carrying out its data processing related to each packet and then returning each packet to the switching apparatus through the one port.
  - 11. The apparatus of claim 8 wherein each packet further comprises a link-level source identifier that identifies a link-level source for each packet in the source network and receiving data communications packets further comprises recording for each packet the packet'"'"'s link-level source identifier and a network code, the network code specifying for each packet a direction of travel between the two networks in one of the pairs of networks.
  - 12. The apparatus of claim 8 wherein steering each packet among the service applications further comprises, upon receiving a packet through an ingress port from a source network, selecting, in dependence upon the ingress port through which the packet was received, a rule that governs steering the packet to a switch egress.
  - 13. The apparatus of claim 8 wherein:
    - each packet further comprises a link-level source identifier that identifies a link-level source for each packet in the source network;
      
      the switching apparatus further comprises orientation records that associate, for each packet received from a source network, the packet'"'"'s link-level source identifier and a network code, the network code specifying for each packet a direction of travel between the two networks in one of the pairs of networks;
      
      steering each packet among the service applications further comprises, for each packet received through an ingress port from a service application;
      
      identifying, from the orientation records in dependence upon the packet'"'"'s link-level source identifier, the packet'"'"'s network code; and
      
      selecting, in dependence upon the packet'"'"'s network code and the ingress port through which the packet was received from the service application, a rule that governs steering the packet to a next switch egress.
  - 14. The apparatus of claim 8 wherein:
    - the rules further comprise additional packet attributes, the additional packet attributes defining a plurality of paths through the service applications for a direction of travel between networks in a pair; and
      
      steering each packet among the service applications further comprises steering each packet along one of the plurality of paths through the service applications defined by the additional packet attributes.

15. A computer program product for steering data communications packets for transparent, bump-in-the-wire processing among multiple service applications in link-level data communications switching apparatus, the computer program product disposed upon a recordable medium for machine-readable information,the switching apparatus comprising at least one link-level data communications switch, the switching apparatus comprising a plurality of data communications ports, at least four of the ports coupling the switching apparatus to at least four data communications networks, the networks organized into at least two pairs of networks, at least two additional ports connected to service applications that carry out transparent, bump-in-the-wire data processing of data communications packets traveling among the networks, each service application associated with a unique, link-level identifier;
- the switching apparatus further comprising rules governing the steering of data communications among service applications and networks connected to the switching apparatus each rule comprising an association of an ingress port and a switch egress, the rules including at least one rule that further includes at least one network code that identifies a network pair and a direction of travel between the networks in the identified network pair, the rules configured to permit data communications through the switching apparatus only between networks in a pair, excluding data communications across pairs of networks;
  
  the computer program product comprising computer program instructions which, when executed by a data communications processor, cause the switch to carry out the steps of;
  
  receiving, in the switching apparatus through an ingress port from a source network, data communications packets directed to a destination network, the source network and the destination network being members of a same pair of networks, each packet containing a source network address that identifies the source of the packet in the source network, each packet optionally also containing a destination network address that identifies a destination of the packet in the destination network; and
  
  steering by the switching apparatus each packet among the service applications and through an egress port to the destination network, the steering carried out only in accordance with the rules, using neither the source network address of the packet, the destination network address of the packet, nor the link-level identifier of any service application.
- View Dependent Claims (16, 17, 18, 19, 20, 21)
- - 16. The computer program product of claim 15 wherein:
    - the switching apparatus is configured, for at least some of the service applications, with two ports coupled to each such service application, one port for egress of packets from the switching apparatus to such service applications and another port for ingress of packets from such service applications; and
      
      steering each packet among the service applications further comprises steering each packet from the switching apparatus to such a service application through a separate egress port, each such service application carrying out its data processing related to each packet and then returning each packet to the switching apparatus through a separate ingress port.
  - 17. The computer program product of claim 15 wherein:
    - the switching apparatus is configured, for at least some of the service applications, with only one port coupled to each such service application; and
      
      steering each packet among the service applications further comprises steering each packet from the switching apparatus to such a service application through the one port coupling such a service application to the switching apparatus, each such service application carrying out its data processing related to each packet and then returning each packet to the switching apparatus through the one port.
  - 18. The computer program product of claim 15 wherein each packet further comprises a link-level source identifier that identifies a link-level source for each packet in the source network and receiving data communications packets further comprises recording for each packet the packet'"'"'s link-level source identifier and a network code, the network code specifying for each packet a direction of travel between the two networks in one of the pairs of networks.
  - 19. The computer program product of claim 15 wherein steering each packet among the service applications further comprises, upon receiving a packet through an ingress port from a source network, selecting, in dependence upon the ingress port through which the packet was received, a rule that governs steering the packet to a switch egress.
  - 20. The computer program product of claim 15 wherein:
    - each packet further comprises a link-level source identifier that identifies a link-level source for each packet in the source network;
      
      the switching apparatus further comprises orientation records that associate, for each packet received from a source network, the packet'"'"'s link-level source identifier and a network code, the network code specifying for each packet a direction of travel between the two networks in one of the pairs of networks;
      
      steering each packet among the service applications further comprises, for each packet received through an ingress port from a service application;
      
      identifying, from the orientation records in dependence upon the packet'"'"'s link-level source identifier, the packet'"'"'s network code; and
      
      selecting, in dependence upon the packet'"'"'s network code and the ingress port through which the packet was received from the service application, a rule that governs steering the packet to a next switch egress.
  - 21. The computer program product of claim 15 wherein:
    - the rules further comprise additional packet attributes, the additional packet attributes defining a plurality of paths through the service applications for a direction of travel between networks in a pair; and
      
      steering each packet among the service applications further comprises steering each packet along one of the plurality of paths through the service applications defined by the additional packet attributes.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Belanger, Matthew T., Shippy, Gary R.

Granted Patent

US 8,018,875 B2
Time in Patent Office

Days
Field of Search
US Class Current

370/401
CPC Class Codes

H04L 49/355 Application aware switches,...

Source-Based Steering Data Communications Packets For Transparent, Bump-In-The-Wire Processing Among Multiple Service Applications

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

Source-Based Steering Data Communications Packets For Transparent, Bump-In-The-Wire Processing Among Multiple Service Applications

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links