Remote smart filtering communication management system

US 5,541,911 A
Filed: 10/12/1994
Issued: 07/30/1996
Est. Priority Date: 10/12/1994
Status: Expired due to Term

First Claim

Patent Images

1. An apparatus for controlling network traffic from a central device across a communication link to a remote network connected to the communication link by a remote interface, comprising:

central traffic management resources in the central device, coupled to the communication link which monitor contents of data packets received across the communication link to learn characteristics of the remote network, produce traffic management messages in response to the learned characteristics, and forward the traffic management messages to the remote interface where traffic on the communication link is controlled in response to the traffic management messages.

View all claims

7 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Network traffic from a central device across a communication link to a remote device is controlled based upon central traffic management resources in the central device. The central traffic management resources are coupled to a communication link and monitor data packets received across the communication link to learn characteristics of the remote network. Based on the learned characteristics, traffic management messages are generated in the central traffic management resources. These messages are forwarded to an interface device on the remote network, where traffic on the communication link is controlled in response to the traffic management messages. Thus, the remote interface is configured automatically by central traffic management resources running in the central device without human intervention at the remote network. The traffic management messages manage traffic across a communication link of two types. First, traffic management messages identify types of packets to be forwarded from the remote interface across the communication link. Second, traffic management messages identify types of packets to be composed by the remote interface for communication to users of the remote network. Thus, packages originating on the remote network are filtered so that only necessary packets are forwarded to the central site. Similarly, packets which normally originate from the central site are "spoofed" at the remote site in response to management messages generated at the central site. The central traffic management resources execute a transport protocol for the traffic management messages which are independent of a network address for the remote interface.

Citations

31 Claims

1. An apparatus for controlling network traffic from a central device across a communication link to a remote network connected to the communication link by a remote interface, comprising:
- central traffic management resources in the central device, coupled to the communication link which monitor contents of data packets received across the communication link to learn characteristics of the remote network, produce traffic management messages in response to the learned characteristics, and forward the traffic management messages to the remote interface where traffic on the communication link is controlled in response to the traffic management messages.
- View Dependent Claims (2, 3, 4)
- - 2. The apparatus of claim 1, wherein the traffic management messages identify types of packets to be forwarded from the remote interface across the communication link.
  - 3. The apparatus of claim 1, wherein the traffic management messages identify types of packets to be composed by the remote interface for communication to users of the remote network.
  - 4. The apparatus of claim 1, wherein the central traffic management resources execute a transport protocol for the traffic management messages independent of a network address for the remote interface.

5. A system for controlling traffic across a communication link between a remote network and a central device, comprising:
- a remote network interface, connected to the remote network, including data forwarding resources which, according to forwarding rules, forward data packets originated by users of the remote network across the communication link to the central device in response to characteristics of the data packets;
  
  central link management resources in the central device which monitor contents of the forwarded data packets received across the communication link from the remote network interface to learn characteristics of network protocols executed by users of the remote network, and in response to the learned characteristics, generate link management messages, and forward the link management messages to the remote interface; and
  
  remote link management resources in the remote interface responsive to the link management messages received from the central link management resources to tailor the forwarding rules to the learned characteristics of the users of the remote network to reduce unnecessary traffic on the communication link.
- View Dependent Claims (6, 7, 8, 9, 10, 11)
- - 6. The system of claim 5, wherein the central link management resources also generate remote network management messages based on a protocol executed by other users of the central device, and forward the remote network management messages to the remote interface;
    - and further includingremote network management resources in the remote interface which produce network management packets in response to the remote network management messages, and communicate the network management packets to the users of the remote network as needed according to the protocol.
  - 7. The system of claim 6, wherein the central link management resources monitor characteristics of data packets received from other users of the central device to learn about changes which need to be made to the network management packets produced in the remote network management resources, generate network management messages indicating the changes, and forward the network management messages to the remote interface;
    - and further includingresources in the remote network interface which change the network management packets in response to the network management messages indicating the changes.
  - 8. The system of claim 5, wherein the remote interface has a network address, and further including a transport mechanism which provides for communication of the link management messages to the remote interface, wherein the transport mechanism is independent of the network address of the remote interface.
  - 9. The system of claim 6, wherein the remote interface has a network address, and further including a transport mechanism which provides for communication of the link management messages and the remote network management messages to the remote interface, wherein the transport mechanism is independent of the network address of the remote interface.
  - 10. The system of claim 5, wherein the forwarding rules include a filter based upon source addresses in the data packets.
  - 11. The system of claim 5, wherein the central device includes resources which forward data packets having destination addresses equal to addresses of users of the remote network across the communication link to the remote interface, which forwards the packets to the users of the network.

12. A system for controlling traffic across a communication link between a remote network and a central device, comprising:
- a remote network interface, connected to the remote network, including data forwarding resources which, according to forwarding rules, forward data packets originated by users of the remote network across the communication link to the central device in response to characteristics of the data packets;
  
  central link management resources in the central device which monitor characteristics of the forwarded data packets received across the communication link from the remote network interface to learn characteristics of users of the remote network, and in response to the learned characteristics, generate link management messages, and forward the link management messages to the remote interface; and
  
  remote link management resources in the remote interface responsive to the link management messages received from the central link management resources to tailor the forwarding rules to the learned characteristics of the users of the remote network to reduce unnecessary traffic on the communication link;
  
  wherein the forwarding rules include a table of source addresses, and the forwarding resources do not forward broadcast data packets having source addresses in the table to the central device.
- View Dependent Claims (13, 14)
- - 13. The system of claim 12, wherein the remote link management resources update the table of source addresses in response to the link management messages received from the central link management resources.
  - 14. The system of claim 13, wherein the central device includes multiprotocol router resources, and users of the remote network access the multiprotocol router resources through the remote interface.

15. A system for controlling traffic across a communication link between a remote network and a central device, comprising:
- a remote network interface, connected to the remote network, including data forwarding resources which, according to forwarding rules, forward data packets originated by users of the remote network across the communication link to the central device in response to characteristics of the data packets;
  
  central link management resources in the central device which monitor characteristics of the forwarded data packets received across the communication link from the remote network interface to learn characteristics of users of the remote network, and in response to the learned characteristics generate link management messages, and forward the link management messages to the remote interface; and
  
  remote link management resources in the remote interface responsive to the link management messages received from the central link management resources to tailor the forwarding rules to the learned characteristics of the users of the remote network to reduce unnecessary traffic on the communication link;
  
  wherein the central device includes multiprotocol router resources, the remote interface has a network address, and users of the remote network access the multiprotocol router resources by sending packets through the remote interface where the forwarding resources forward such packets to the central device.

16. A system for controlling traffic across a communication link between a remote network and a central device, comprising:
- a remote network interface, connected to the remote network, including data forwarding resources which, according to forwarding rules, forward data packets originated by users of the remote network across the communication link to the central device in response to characteristics of the data packets;
  
  central link management resources in the central device which monitor characteristics of the forwarded data packets received across the communication link from the remote network interface to learn characteristics of users of the remote network, and in response to the learned characteristics, generate link management messages, and forward the link management messages to the remote interface, and also generate remote network management messages based on a protocol executed by other users of the central device, and forward the remote network management messages to the remote interface;
  
  remote link management resources in the remote interface responsive to the link management messages received from the central link management resources to tailor the forwarding rules to the learned characteristics of the users of the remote network to reduce unnecessary traffic on the communication link; and
  
  remote network management resources in the remote interface which produce network management packets in response to the remote network management messages, and communicate the network management packets to the users of the remote network as needed according to the protocol;
  
  wherein the remote network management resources include a table of network management packets to be communicated to users of the remote network according to the protocol, and resources to update the table in response to the network management messages.
- View Dependent Claims (17)
- - 17. The system of claim 16, wherein the central link management resources monitor characteristics of data packets received from other users of the central device to learn about changes which need to be made to the network management packets produced in the remote network management resources, generate network management messages indicating the changes, and forward the network management messages to the remote interface;
    - and further includingresources in the remote network interface which change the remote network management packets in response to the network management messages indicating the changes.

18. A system for controlling traffic across a communication link between a remote network and a central device, comprising:
- a remote network interface, connected to the remote network, including data forwarding resources which according to forwarding rules, forward data packets originated by users of the remote network across the communication link to the central device in response to characteristics of the data packets;
  
  central link management resources in the central device which generate remote network management messages based on a protocol executed by other users of the central device, and forward the remote network management messages to the remote interface;
  
  remote network management resources in the remote interface which produce network management packets in response to the remote network management messages, and communicate the network management packets to the users of the remote network as needed according to the protocol; and
  
  wherein the central device includes multiprotocol router resources, the remote interface has a network address, and users of the remote network access the multiprotocol router resources by sending packets through the remote interface where the forwarding resources forward such packets to the central device.
- View Dependent Claims (19, 20)
- - 19. The system of claim 18, wherein the central link management resources monitor characteristics of data packets received from other users of the central device to learn about changes which need to be made to the network management packets produced in the remote network management resources, generate network management messages indicating the changes, and forward the network management messages to the remote interface;
    - and further includingresources in the remote network interface which change the network management packets in response to the network management messages indicating the changes.
  - 20. The system of claim 18, further including a transport mechanism which provides for communication of the remote network management messages to the remote interface, wherein the transport mechanism is independent of the network address of the remote interface.

21. An apparatus that connects a first network and a second network, comprising:
- a communication link;
  
  a first processor, having a first interface coupled to the first network through which frames of data are transmitted and received to and from the first network and a second interface coupled to the communication link through which frames of data are transmitted and received to and from the communication link, the first processor providing network services to frames of data received through the first and second interfaces from users of the first and second networks and transmitting frames of data through the first interface to users of the first network and through the second interface across the communication link to users of the second network; and
  
  a second processor, coupled to the second network and to the communication link, the second processor forwarding frames of data from users of the second network, which request the network services, or broadcast frames, across the communication link to the second interface of the first processor, and forwarding frames of data received across the communication link from the first processor to the second network;
  
  a link manager in the first processor which monitor packets received across the communication link to learn characteristics of users of the second network, produce traffic management messages in response to the learned characteristics, and forward the traffic management messages to the second processor; and
  
  a link manager agent in the second processor which filters broadcast frames in response to the traffic management messages.
- View Dependent Claims (22, 23, 24, 25)
- - 22. The apparatus of claim 21, including:
    - resources in the first processor which generate traffic management messages based on a protocol executed by users of the first network;
      
      resources in the second processor which produce network management packets in response to the traffic management messages, and communicate the network management packets to the users of the second network as needed according to the protocol.
  - 23. The apparatus of claim 22, wherein the resources in the first processor monitor characteristics of data packets received from users of the first network to learn about changes which need to be made to the network management packets produced by the resources in the second processor, generate traffic management messages indicating the changes, and forward the traffic management messages to the second processor;
    - and further includingresources in the second processor which change the network management packets in response to the traffic management messages indicating the changes.
  - 24. The apparatus of claim 21, further including a transport mechanism which provides for communication of the traffic management messages to the second processor, wherein the transport mechanism is independent of the network address of the second processor.
  - 25. The apparatus of claim 21, wherein the first processor includes multiprotocol router resources, and users of the second network access the multiprotocol router resources by sending packets through the second processor which forwards such packets to the first processor.

26. A method for managing traffic between a first node and second node connected by a communication link;
- comprising;
  
  monitoring with processing resources in the first node contents of packets in traffic transmitted to and received from the network through the second node across the communication link;
  
  developing with processing resources in the first node, a traffic management policy in the first node in response to the contents of the packets; and
  
  delegating to the second node across the communication link, resources to execute the traffic management policy.
- View Dependent Claims (27, 28, 29, 30)
- - 27. The method of claim 26, wherein the step of monitoring includes determining whether a packet received across the communication link in the first node is a broadcast packet, and what source originated the packet, and the step of delegating includes sending a source address of a source which originates broadcast packets not needed at the first node, so that the second node can filter broadcast packets having said source address.
  - 28. The method of claim 26, wherein the step of monitoring includes determining whether a packet transmitted to the second node across the communication link is a periodic packet and whether the second node has received the periodic packet before, and step of delegating includes sending an indication of contents of the periodic packet if it has been sent to the second node before, so that the second node can spoof said periodic packet.
  - 29. The method of claim 26, wherein the step of delegating includes providing a transport mechanism by which the first node and the second node communicate across the communication link, wherein the transport mechanism is independent of any configured network address.
  - 30. The method of claim 26, including providing multiprotocol routing resources in the first node.

31. A method for managing traffic between a first node and second node connected by a communication link;
- comprising;
  
  providing multiprotocol routing resources in the first node;
  
  monitoring with processing resources in the first node characteristics of traffic transmitted to and received from the second node across the communication link, the characteristics including (1) whether a packet received across the communication link in the first node is a broadcast packet, and what source originated the packet, and (2) whether a packet transmitted to the second node across the communication link is a periodic packet and whether the second node has received the periodic packet before;
  
  developing with processing resources in the first node, traffic management messages in response to the characteristics, wherein the traffic management messages include a source address of a source which originates broadcast packets not needed at the first node, so that the second node can filter broadcast packets from having the delegated source address, and the traffic management messages include an indication of contents of a periodic packet if it has not been sent to the second node before, so that the second node can spoof the periodic packet;
  
  providing a transport mechanism by which the first node and the second node communicate traffic management messages across the communication link independent of any configured network address; and
  
  sending the traffic management messages to the second node across the communication link using the transport mechanism, so that processing resources in the second node can control the traffic in response to the traffic management messages.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Palo Alto Networks Incorporated
Original Assignee
3Com Corporation (HP Inc.)
Inventors
Lin, Ta-Sheng, Yum, Kiho, Nilakantan, Chandrasekharan
Primary Examiner(s)
MARCELO, MELVIN C

Application Number

US08/321,748
Time in Patent Office

657 Days
Field of Search

370/17, 370/60, 370/60.1, 370/85.13, 370/85.14, 370/94.1, 370/94.2, 370/13
US Class Current

370/422
CPC Class Codes

H04L 41/0213 Standardised network manage...

H04L 41/0604 using filtering, e.g. reduc...

Remote smart filtering communication management system

First Claim

7 Assignments

0 Petitions

Accused Products

Abstract

Citations

31 Claims

Specification

Solutions

Use Cases

Quick Links

Remote smart filtering communication management system

First Claim

7 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

31 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links