SYSTEM AND METHOD FOR INSPECTING DOMAIN NAME SYSTEM FLOWS IN A NETWORK ENVIRONMENT

US 20150195245A1
Filed: 03/18/2015
Published: 07/09/2015
Est. Priority Date: 11/18/2009
Status: Active Grant

First Claim

Patent Images

1. A method, comprising:

maintaining a correlation between a domain name and a plurality of Internet protocol (IP) addresses included in a domain name system (“

DNS”

) response to a DNS request in connection with DNS exchange between a subscriber and a DNS server, wherein each of the IP addresses corresponds to one of a plurality of web servers associated with the domain name;

receiving from the subscriber a packet associated with a flow;

identifying an IP address within the packet as being one of the plurality of IP addresses included in the DNS response; and

executing a policy decision for the subsequent flow without inspecting the contents of the subsequent flow at layer 7 based on the domain name correlated to the identified IP address, wherein the policy decision comprises charging a different rate for a particular flow.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method is provided in one example and includes maintaining a correlation between a domain name and a plurality of Internet protocol (IP) addresses included in a domain name system (“DNS”) response to a DNS request in connection with DNS exchange between a subscriber and a DNS server, wherein each of the IP addresses corresponds to one of a plurality of web servers associated with the domain name; receiving from the subscriber a packet associated with a flow; identifying an IP address within the packet as being one of the plurality of IP addresses included in the DNS response; and executing a policy decision for the subsequent flow without inspecting the contents of the subsequent flow at layer 7 based on an identity of the subscriber and the domain name correlated to the identified IP address, wherein the policy decision comprises charging a different rate for a particular flow.

Citations

20 Claims

1. A method, comprising:
- maintaining a correlation between a domain name and a plurality of Internet protocol (IP) addresses included in a domain name system (“
  
  DNS”
  
  ) response to a DNS request in connection with DNS exchange between a subscriber and a DNS server, wherein each of the IP addresses corresponds to one of a plurality of web servers associated with the domain name;
  
  receiving from the subscriber a packet associated with a flow;
  
  identifying an IP address within the packet as being one of the plurality of IP addresses included in the DNS response; and
  
  executing a policy decision for the subsequent flow without inspecting the contents of the subsequent flow at layer 7 based on the domain name correlated to the identified IP address, wherein the policy decision comprises charging a different rate for a particular flow.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, wherein the correlation is stored in a table that includes a time to live (TTL) parameter associated with the IP address.
  - 3. The method of claim 1, wherein the IP address within the packet is mapped to the domain name in order to apply the policy decision to the subsequent flow.
  - 4. The method of claim 1, wherein the policy decision is based on an identity of the subscriber.
  - 5. The method of claim 1, wherein the policy decision is based on the IP address associated with a particular server.
  - 6. The method of claim 1, wherein the policy decision includes at least one of executing billing, rate limiting, and controlling access associated with the subscriber.
  - 7. The method of claim 1, wherein the policy decision includes applying a quality of service to the subsequent flow based on a policy associated with the subscriber.

8. One or more non-transitory tangible media that includes code for execution and when executed by a processor operable to perform operations comprising:
- maintaining a correlation between a domain name and a plurality of Internet protocol (IP) addresses included in a domain name system (“
  
  DNS”
  
  ) response to a DNS request in connection with DNS exchange between a subscriber and a DNS server, wherein each of the IP addresses corresponds to one of a plurality of web servers associated with the domain name;
  
  receiving from the subscriber a packet associated with a flow;
  
  identifying an IP address within the packet as being one of the plurality of IP addresses included in the DNS response; and
  
  executing a policy decision for the subsequent flow without inspecting the contents of the subsequent flow at layer 7 based on the domain name correlated to the identified IP address, wherein the policy decision comprises charging a different rate for a particular flow.
- View Dependent Claims (9, 10, 11, 12, 13)
- - 9. The media of claim 8, wherein the correlation is stored in a table that includes a time to live (TTL) parameter associated with the IP address.
  - 10. The media of claim 8, wherein the IP address within the packet is mapped to the domain name in order to apply the policy decision to the subsequent flow.
  - 11. The method of claim 8, wherein the policy decision is based on an identity of the subscriber.
  - 12. The media of claim 8, wherein the policy decision is based on the IP address associated with a particular server.
  - 13. The media of claim 8, wherein the policy decision includes at least one of executing billing associated with the subscriber, and applying a quality of service to the subsequent flow.

14. An apparatus, comprising:
- a memory element configured to store data,a processor operable to execute instructions associated with the data, andan awareness module configured to;
  
  maintain a correlation between a domain name and a plurality of Internet protocol (IP) addresses included in a domain name system (“
  
  DNS”
  
  ) response to a DNS request in connection with DNS exchange between a subscriber and a DNS server, wherein each of the IP addresses corresponds to one of a plurality of web servers associated with the domain name;
  
  receive from the subscriber a packet associated with a flow;
  
  identify an IP address within the packet as being one of the plurality of IP addresses included in the DNS response; and
  
  execute a policy decision for the subsequent flow without inspecting the contents of the subsequent flow at layer 7 based on the domain name correlated to the identified IP address, wherein the policy decision comprises charging a different rate for a particular flow.
- View Dependent Claims (15, 16, 17, 18, 19, 20)
- - 15. The apparatus of claim 14, wherein the correlation is stored in a table that includes a time to live (TTL) parameter associated with the IP address.
  - 16. The apparatus of claim 14, further comprising:
    - a policy control enforcement function (PCEF) module configured to block traffic associated with the subscriber based on the correlation.
  - 17. The apparatus of claim 14, wherein the IP address within the packet is mapped to the domain name in order to apply the policy decision to the subsequent flow.
  - 18. The apparatus of claim 14, further comprising:
    - a quality of service module configured to apply a quality of service to the subsequent flow based on a policy associated with the subscriber.
  - 19. The apparatus of claim 14, further comprising:
    - one or more traffic processors configured to store one or more entries associated with a plurality of IP addresses and respective domain names.
  - 20. The apparatus of claim 14, further comprising:
    - a policy and charging rules function configured to store one or more policies that affect routing decisions associated with a plurality of subscribers.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Original Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Inventors
Batz, Robert, Mackie, Robert

Granted Patent

US 9,210,122 B2
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

H04L 12/14   Charging , metering or bill...

H04L 12/1407   Policy-and-charging control...

H04L 12/1485   Tariff-related aspects

H04L 2101/668   Internet protocol [IP] addr...

H04L 41/0896   Bandwidth or capacity manag...

H04L 45/306   Route determination based o...

H04L 47/10   Flow control; Congestion co...

H04L 61/2503   Translation of Internet pro...

H04L 61/302   Administrative registration...

H04L 61/3025   Domain name generation or a...

H04L 61/4511   using domain name system [DNS]

H04L 61/5076   Update or notification mech...

H04L 61/58   Caching of addresses or names

H04L 63/0263   Rule management

H04L 63/0892   by using authentication-aut...

H04L 67/1036   Load balancing of requests ...

H04L 67/63   Routing a service request d...

SYSTEM AND METHOD FOR INSPECTING DOMAIN NAME SYSTEM FLOWS IN A NETWORK ENVIRONMENT

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

SYSTEM AND METHOD FOR INSPECTING DOMAIN NAME SYSTEM FLOWS IN A NETWORK ENVIRONMENT

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links