APPLICATION SESSION CONTROL USING PACKET INSPECTION
First Claim
1. A computer-readable storage medium storing computer-executable instructions that when executed by a computer cause the computer to perform an operation, the operation comprising:
- inspecting, in a network device, a packet transmitted as part of a data stream, where the data stream comprises a sequence of packets transmitted from a source to a destination, where the data stream is associated with a session and an identity, and where the session is associated with an application;
storing a set of data associated with the data stream, where the set of data is acquired as a function of inspecting the packet, the set of data comprising data identifying the session and data identifying the identity; and
controlling the network device to selectively perform an action upon determining that an attribute associated with the session matches a condition associated with a policy, the action being defined for the identity and the session.
1 Assignment
0 Petitions
Accused Products
Abstract
Network devices, computer-readable media, and other embodiments associated with packet inspection are described. Packet inspection may be performed on data packets associated with a session, where a session can include multiple data channels and associated control channels that have been bound together. A session may be associated with an identity. Various policies may be associated with that identity. As packet inspection occurs, it can be determined whether policies are being violated on a per identity basis. If a policy is being violated, then an action may be selectively performed. The action performed may affect a single channel in the session or may affect the whole session. Different identities may have different policies. Example actions include dropping a session, throttling a session, monitoring a session, controlling the number of channels associated with a session, dropping a channel, throttling a channel, monitoring a channel, and other actions.
104 Citations
20 Claims
-
1. A computer-readable storage medium storing computer-executable instructions that when executed by a computer cause the computer to perform an operation, the operation comprising:
-
inspecting, in a network device, a packet transmitted as part of a data stream, where the data stream comprises a sequence of packets transmitted from a source to a destination, where the data stream is associated with a session and an identity, and where the session is associated with an application; storing a set of data associated with the data stream, where the set of data is acquired as a function of inspecting the packet, the set of data comprising data identifying the session and data identifying the identity; and controlling the network device to selectively perform an action upon determining that an attribute associated with the session matches a condition associated with a policy, the action being defined for the identity and the session. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. A network device, comprising:
-
a packet inspection logic to inspect a packet from a data stream for session data identifying a session associated with the data stream and to inspect the packet for application data identifying an application associated with the data stream, where the data stream comprises a sequence of packets transmitted from a source to a destination; a data store to store the session data, the application data, and device data identifying a tracked identity; and a session control logic to provide a control signal causing an action to be performed upon determining that an attribute associated with the session matches a condition associated with a policy, the action being defined for the identity and the session. - View Dependent Claims (14, 15, 16, 17, 18, 19)
-
-
20. A computer-implemented method, comprising:
-
inspecting, in a network device, a packet transmitted as part of a data stream, where the data stream comprises a sequence of packets transmitted from a source to a destination, where the data stream is associated with a session and an identity, and where the session is associated with an application; storing a set of data associated with the data stream, where the set of data is acquired as a function of inspecting the packet, the set of data comprising data identifying the session and data identifying the identity; and controlling the network device to selectively perform an action upon determining that an attribute associated with the session matches a condition associated with a policy, the action being defined for the identity and the session.
-
Specification