Efficient classification, manipulation, and control of network transmissions by associating network flows with rule based functions

US 6,519,636 B2
Filed: 10/28/1998
Issued: 02/11/2003
Est. Priority Date: 10/28/1998
Status: Expired due to Fees

First Claim

Patent Images

1. A server connected through one or more network interfaces to one or more networks, each of the networks connected to one or more clients, the server having one or more memories and one or more central processing units (CPUs) and further comprising:

one or more applications executed by one or more of the CPUs, each application using one or more sockets connected to the networks to communicate over the networks;

one or more rule sets containing one or more rules; and

one or more socket sets of one or more of the connected sockets, each of the socket sets associated with one of the rule sets, the rule set controlling one or more packets sent by the applications on each of the sockets in the associated socket set;

wherein the rule set controls the timing of the sending procedure of the packets to the network or the sending of received packets to the application on any socket in the associated socket set in one or more of the following ways;

limiting a peak rate of delivered packets, limiting size of a burst of packets delivered at the peak rate, and limiting size of sent packets.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A computer connected to one or more networks through appropriate network interfaces is used to classify, manipulate, and/or control communications, e.g., packets sent and/or received over the network by one or more applications executing in the computer. Each application is connected to the network through one or more sockets to enable this communication. The computer also comprises one or more rule sets of one or more rules. A socket set of one or more of the sockets is associated with only one of the rule sets. The rules in the rule set are used to control one or more of the packets communicated by the applications communicating over the socket(s) associated with the respective rule set. Rules can be added to the rule set, deleted from the rule set, or modified in order to classify, manipulate, and/or control the communication of the packets, e.g. to control the rate at which the packets are sent or to provide certain security functions.

Citations

21 Claims

1. A server connected through one or more network interfaces to one or more networks, each of the networks connected to one or more clients, the server having one or more memories and one or more central processing units (CPUs) and further comprising:
- one or more applications executed by one or more of the CPUs, each application using one or more sockets connected to the networks to communicate over the networks;
  
  one or more rule sets containing one or more rules; and
  
  one or more socket sets of one or more of the connected sockets, each of the socket sets associated with one of the rule sets, the rule set controlling one or more packets sent by the applications on each of the sockets in the associated socket set;
  
  wherein the rule set controls the timing of the sending procedure of the packets to the network or the sending of received packets to the application on any socket in the associated socket set in one or more of the following ways;
  
  limiting a peak rate of delivered packets, limiting size of a burst of packets delivered at the peak rate, and limiting size of sent packets.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. A server, as in claim 1, where the association between a rule set and a socket is based on any one or more of the following attributes of the socket:
    - a source address of the server, a destination address of the client, a source port of the server, a destination port of the client, a protocol type, and an application type.
  - 3. A server, as in claim 1, where the rule set controls the security of the packets sent on any of the sockets in the associated socket set in one or more of the following ways:
    - using an encryption key, using the encryption technique, how often to encrypt, packet authentication, how often to authenticate packets, and method of authentication, when to prevent packet sending.
  - 4. A server, as in claim 1, where the rule set controls all the packets sent from any socket in the associated socket set in the same way.
  - 5. A server, as in claim 1, where the association between one or more of the socket sets and the rule set is bidirectional.
  - 6. A server, as in claim 1, where the rule set controls the temporal spacing of successive packets to slow down the transmission.
  - 7. A server, as in claim 6, where one of the applications is one of the following:
    - a video stream, an audio stream, a video and audio stream, and a large data stream.

8. A method, executed by a computer system, the computer system having one or more network connections to one or more networks, the method comprising the steps of:
- verifying that there is information in the form of packets to be communicated between one or more applications executing on the computer system over one or more of the network connections;
  
  verifying that the information can be communicated as determined by one or more rules in a rule set associated with one of the network connections, wherein the rule set is accessible for associating with one or more of the network connections;
  
  communicating the information if the rules in the rule set are satisfied; and
  
  wherein rule set controls the timing of a sending procedure of the packets to the network or the sending of received packets to an application on any socket in an associated socket set in one or more of the following ways;
  
  limiting a peak rate of delivered packets, limiting size of a burst of packets delivered at the peak rate, and limiting size of sent packets.
- View Dependent Claims (9)
- - 9. A method, as in claim 8, where the information is modified to modified information if the rules are not satisfied, the modified information satisfying the rules.

10. A computer connected through a connection on one or more network interfaces to one or more networks, the computer comprising:
- means for verifying that there is information in the form of packets to be communicated between one or more applications executing on the computer system over one or more of the network connections;
  
  means for verifying that the information can be communicated as determined by one or more rules in a rule set associated with one of the network connections, wherein the rule set is accessible for associating with one or more of the network connections;
  
  means for communicating the information if the rules in the rule set are satisfied; and
  
  wherein the rule set controls timing of a sending procedure of the packets to the network or the sending of received packets to an application on any socket in an associated socket set in one or more of the following ways;
  
  limiting a peak rate of delivered packets, limiting size of a burst of packets delivered at the peak rate, and limiting size of sent packets.

11. A server connected through one or more network interfaces to one or more networks, each of the networks connected to one or more clients, the server having one or more memories and one or more central processing units (CPUs) and further comprising:
- one or more applications executed by one or more of the CPUs, each application using one or more sockets to communicate over the network;
  
  one or more rule sets of one or more rules, one or more of the rules containing one or more client constraints; and
  
  one or more socket sets of one or more of the connected sockets, each of the socket sets associated with only one of the rule sets, the rule set controlling one or more packets sent by each of the sockets in the associated socket set.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 12. A server, as in claim 11, where the client constraints include any one or more of the following:
    - a client with limited access bandwidth to the network, a client with limited bandwidth to the server, one or more other network sessions involving the client, a client with limited computational power, and a client with limited memory.
  - 13. A server, as in claim 11, where the client constraints are communicated to the server from a client constraint determinator that executes on the client to determine the client constraints.
  - 14. A server, as in claim 11, where the client constraints are communicated to the server from an agent computer that has a concurrent second session with the client.
  - 15. A server, as in claim 11, where the client constraints are assumed or extrapolated based on previous observations, or communication with clients with similar constraints, or clients located close to each other.
  - 16. A server, as in claim 11, where the client constraints are determined using human input.
  - 17. A server, as in claim 11, where client constraint is a client bandwidth constraint and the rule set controls the packets to be sent slower because the client has concurrent audio and/or video sessions.
  - 18. A server, as in claim 17, where the rule set controls using any one or more of the following shaping mechanisms:
    - limiting the average rate of sent packets, limiting the peak rate of packets, limiting the size of the burst of packets that are sent out at the peak rate, and limiting the size of the packets sent.
  - 19. A server, as in claim 11, where the client constraints are thin client constraints.
  - 20. A server, as in claim 19, where the thin client constraints are imposed by any one or more of the following thin clients, that are tier-zero devices:
    - a set-top box, a hand held device, a Palm Pilot, a Web appliance, and a Web-based application device.

21. A server connected through one or more network interfaces to one or more networks, each of the networks connected to one or more clients, the server having one or more memories and one or more central processing units (CPUs) and further comprising:
- one or more applications executed by one or more of the CPUs, each application using one or more sockets connected to the networks to communicate over the networks;
  
  one or more rule sets containing one or more rules, wherein the rule sets are data structures for associating with one or more sockets;
  
  one or more socket sets of one or more of the connected sockets, each of the socket sets associated with one of the rule sets, the rule set controlling one or more packets sent by the applications on each of the sockets in the associated socket set; and
  
  wherein the rule set controls the timing of the sending procedure of the packets to the network or the sending of received packets to the application on any socket in the associated socket set in one or more of the following ways;
  
  limiting a peak rate of delivered packets, limiting size of a burst of packets delivered at the peak rate, and limiting size of sent packets.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Engel, Robert, Mehra, Ashish, Barzilai, Tsipora P., Kandlur, Dilip Dinkar
Primary Examiner(s)
Barot, Bharat

Application Number

US09/181,376
Publication Number

US 20030005144A1
Time in Patent Office

1,567 Days
Field of Search

709/200-203, 709/217-219, 709/223-225, 709/230-233, 709/236-239, 709/249-250, 713/200-201, 707/10, 707/101-104, 370/224-232, 370/252, 370/473
US Class Current

709/223
CPC Class Codes

H04L 47/10   Flow control; Congestion co...

H04L 47/20   Traffic policing

H04L 47/21   using leaky-bucket

H04L 47/22   Traffic shaping

H04L 47/2416   Real-time traffic

H04L 47/2441   relying on flow classificat...

H04L 63/02   for separating internal fro...

H04L 63/0227   Filtering policies mail mes...

H04L 63/0263   Rule management

H04L 69/22   Parsing or analysis of headers

Efficient classification, manipulation, and control of network transmissions by associating network flows with rule based functions

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

Efficient classification, manipulation, and control of network transmissions by associating network flows with rule based functions

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links