Method for automatically classifying traffic in a packet communications network
First Claim
1. A method for automatically classifying traffic in a packet communications network, said network having any number of flows, including zero, comprising the steps of:
- parsing a packet into a first flow specification, wherein said first flow specification contains at least one instance of any one of the following;
a protocol family designation, a direction of packet flow designation, a protocol type designation, a pair of hosts, a pair of ports, in HTTP protocol packets, a pointer to a MIME type;
thereupon, matching the first flow specification of the parsing step to a plurality of classes represented by a plurality nodes of a classification tree type, each said classification tree type node having a traffic specification;
thereupon, if a matching classification tree type node was not found in the matching step, associating said first flow specification with one or more newly-created classification tree type nodes;
thereupon, incorporating said newly-created classification tree type nodes into said plurality of classification tree type nodes.
14 Assignments
0 Petitions
Accused Products
Abstract
In a packet communication environment, a method is provided for automatically classifying packet flows for use in allocating bandwidth resources by a rule of assignment of a service level. The method comprises applying individual instances of traffic classification paradigms to packet network flows based on selectable information obtained from a plurality of layers of a multi-layered communication protocol in order to define a characteristic class, then mapping the flow to the defined traffic class. It is useful to note that the automatic classification is sufficiently robust to classify a complete enumeration of the possible traffic.
-
Citations
15 Claims
-
1. A method for automatically classifying traffic in a packet communications network, said network having any number of flows, including zero, comprising the steps of:
-
parsing a packet into a first flow specification, wherein said first flow specification contains at least one instance of any one of the following;
a protocol family designation, a direction of packet flow designation, a protocol type designation, a pair of hosts, a pair of ports, in HTTP protocol packets, a pointer to a MIME type;
thereupon,matching the first flow specification of the parsing step to a plurality of classes represented by a plurality nodes of a classification tree type, each said classification tree type node having a traffic specification;
thereupon,if a matching classification tree type node was not found in the matching step, associating said first flow specification with one or more newly-created classification tree type nodes;
thereupon,incorporating said newly-created classification tree type nodes into said plurality of classification tree type nodes. - View Dependent Claims (2, 3, 4, 5, 6, 7)
for at least a second flow having a second flow specification, recognizing said second flow specification and said first flow specification to comprise together a service aggregate;
thereupon,associating said first flow specification and said second flow specification with a newly-created classification tree node, said newly-created classification tree type node having a first traffic specification corresponding to said first flow specification and a second traffic specification corresponding to said second flow specification.
-
-
3. The method of claim 1 further comprising the steps of:
applying policies from said newly-created classification tree type nodes to instances of detected traffic.
-
4. The method of claim 1 further comprising the steps of:
for a subclassification under a specified criterion, if a matching classification tree type node was found in the matching step, said matching classification tree type node having at least one child classification tree type node, applying the matching, associating, and incorporating steps to a particular child classification tree type node of said matching classification tree type node as a part of classification.
-
5. The method of claim 1 wherein the parsing step further comprises the steps of:
-
examining data contained within a plurality of component packets belonging to said first flow for any number of a plurality of indicators of any of the following;
a protocol;
a service;
thereupon, matching said plurality of indicators to said classes represented by a plurality of said classification tree type nodes.
-
-
6. The method of claim 1 further including measuring traffic load and invoking said classification upon achievement of a minimum usage threshold.
-
7. The method according to claim 1 wherein said matching step is applied to hierarchically-recognized classes.
-
8. A system for automatically classifying traffic in a packet telecommunications network, said network having any number of flows, including zero, comprising:
-
a plurality of network links upon which said traffic is carried;
a network routing means; and
,a processor means operative to;
parse a packet into a first flow specification, wherein said first flow specification contains at least one instance of any one of the following;
a protocol family designation, a direction of packet flow designation, a protocol type designation, a pair of hosts, a pair of ports, in HTTP protocol packets, a pointer to a MIME type;
thereupon,match the first flow specification of the parsing step to a plurality of classes represented by a plurality of said classification tree type nodes, each said classification tree type node having a traffic specification and a mask, according to the mask;
thereupon,if a matching classification tree type node was not found in the matching step, associating said first flow specification with one or more newly-created classification tree type nodes;
thereupon, incorporating said newly-created classification tree type nodes into said plurality of said classification tree type nodes.- View Dependent Claims (9, 10)
-
-
11. A method for classifying traffic in a packet telecommunications network, said network having any number of flows, including zero, comprising the steps of:
-
parsing a packet into a first flow specification, wherein said first flow specification contains at least one instance of any one of the following;
a protocol family designation, a direction of packet flow designation, a protocol type designation, a pair of hosts, a pair of ports, in HTTP protocol packets, a pointer to a MIME type;
thereupon,matching the first flow specification of the parsing step to a plurality of classes represented by a plurality of classification tree type nodes, each said classification tree type node having a traffic specification;
thereupon,if a matching classification tree type node was not found in the matching step, associating said first flow specification with at least one more newly-created node;
thereupon,displaying to a network administrator a representation of traffic according to said traffic specification for use in manual intervention. - View Dependent Claims (12, 13, 14, 15)
-
Specification