Configurable rule-engine for layer-7 and traffic characteristic-based classification

US 6,975,592 B1
Filed: 11/22/2000
Issued: 12/13/2005
Est. Priority Date: 11/22/2000
Status: Expired due to Fees

First Claim

Patent Images

1. A data flow classification system comprising:

a data flow managing mechanism configured to identify, track, and manage said data flow;

a rule set including a plurality of rules for comparing information contained in said data flow with pre-specified values;

a configurable classification rule engine for initially classifying said data flow into one of a plurality of traffic classes based on results of said comparisons between said rules and said pre-specified values, and subsequently reclassifying said data flow into a different one of the plurality of traffic classes based on different results of said comparisons;

a configuration filed for configuring said classification rule engine and for specifying said pre-specified values and information regarding at least one of said data flow, said rule set, and said plurality of traffic classes,wherein said configuration file comprises a format that allows for the modification and reconfiguration of said classification rule engine, said data flow, said rule set, and said plurality of traffic classes.

View all claims

6 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method for data flow classification based on a configurable rule-engine, is presented herein. In accordance with an embodiment of the invention, the system includes a data flow managing mechanism configured to identify, track, and manage the data flows and a rule set, which includes a plurality of rules for comparing information contained within data flow with pre-specified values. The system also includes a configurable classification rule engine for classifying the data flows into one of a plurality of traffic classes based on results of the comparisons. The configurable classification rule engine is configured via a configuration file that specifies and allows for the modification and reconfiguration of the pre-specified values and information regarding the data flows, the rule set, and the traffic classes.

146 Citations

42 Claims

1. A data flow classification system comprising:
- a data flow managing mechanism configured to identify, track, and manage said data flow;
  
  a rule set including a plurality of rules for comparing information contained in said data flow with pre-specified values;
  
  a configurable classification rule engine for initially classifying said data flow into one of a plurality of traffic classes based on results of said comparisons between said rules and said pre-specified values, and subsequently reclassifying said data flow into a different one of the plurality of traffic classes based on different results of said comparisons;
  
  a configuration filed for configuring said classification rule engine and for specifying said pre-specified values and information regarding at least one of said data flow, said rule set, and said plurality of traffic classes,wherein said configuration file comprises a format that allows for the modification and reconfiguration of said classification rule engine, said data flow, said rule set, and said plurality of traffic classes.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
- - 2. The system of claim 1, wherein said data flow managing mechanism includes a flow table mechanism configured to perform at least one of capturing said information contained in said data flow, mapping a packet to a data flow, identifying said data flow based on said captured information, registering active data flows, and deleting inactive data flows.
  - 3. The system of claim 2, wherein said plurality of rules comprise a data structure including,event indicia for indicating the invocation of one of said rules, condition indicia for representing a comparison or condition between said one of said rules and said pre-specified values, andaction indicia for indicating the execution of an action based on results of said comparison.
  - 4. The system of claim 3, wherein said action indicia includes information for at least one of designating said data flow as one of said traffic classes and chaining to another of said rules.
  - 5. The system of claim 4, wherein said classification engine classifies said data flow into one of said traffic classes in accordance with a dynamic classification scheme.
  - 6. The system of claim 5, wherein said data flow managing mechanism identifies said data flow as a particular type of traffic.
  - 7. The system of claim 6, further comprising a traffic monitoring mechanism configured to monitor attributes of said data flow and to provide update information to said data flow managing mechanism.
  - 8. The system of claim 7, wherein said traffic monitoring mechanism comprises a plurality of traffic monitors, each of said traffic monitors being capable of monitoring and measuring at least one predetermined attribute of said data flow.
  - 9. The system of claim 8, wherein said traffic monitors comprise a data structure including,identifier indicia for identifying a type of traffic monitor, andvalue indicia for indicating a value measured by said traffic monitor.
  - 10. The system of claim 9, wherein classification engine comprises a data structure including,traffic type indicia indicating the traffic type of said data flow,traffic class indicia representing the different classes of traffic corresponding to the traffic type,transition indicia indicating transitions from one of said traffic classes to another of said traffic classes, andrule indicia containing traffic monitor information, corresponding rule information, said predefined values, and transition class information,wherein said classification engine compares said traffic monitor information to said rule and said predefined values to classify said data flow into a traffic class corresponding to said traffic type.
  - 11. The system of claim 4, wherein said classification engine classifies said data flow into one of said traffic classes in accordance with a Layer-7 classification scheme.
  - 12. The system of claim 11, wherein said classification engine selects a predetermined packet from said data flow containing application information.
  - 13. The system of claim 12, wherein said classification engine comprises a data structure including,information location indicia indicating the location where said application information is contained within said predetermined packet,character indicia defining the number of characters within said location indicia to be compared, andpattern indicia representing a pattern corresponding to a particular traffic class.
  - 14. The system of claim 13, wherein said classification engine compares said pattern indicia to said character indicia to classify said data flow into said traffic class.

15. A method of classifying a data flow, comprising:
- identifying, tracking, and managing said data flow by a data flow managing mechanism;
  
  comparing information contained in said data flow with a plurality of rules containing pre-specified values, said plurality of rules included in a rule set; and
  
  initially classifying, by a configurable classification rule engine, said data flow into one of a plurality of traffic classes based on results of said comparisons between said rules and said pre-specified values, and subsequently reclassifying said data flow into a different one of the plurality of traffic classes based on different results of said comparisons;
  
  wherein said classification rule engine is configured by a configuration file, said configuration file specifying said pre-specified values and information regarding at least one of said data flow, said rule set, and said plurality of traffic classes, andwherein said configuration file comprises a format that allows for the modification and reconfiguration of said classification rule engine, said data flow, said rule set, and said plurality of traffic classes.
- View Dependent Claims (16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28)
- - 16. The method of claim 15, wherein said data flow managing mechanism includes a flow table mechanism configured to perform at least one of capturing said information contained in said data flow, mapping a packet to a data flow, identifying said data flow based on said captured information, registering active data flow, and deleting inactive data flows.
  - 17. The method of claim 16, wherein said plurality of rules comprise a data structure including,event indicia for indicating the invocation of one of said rules, condition indicia for representing a comparison or condition between said one of said rules and said pre-specified values, andaction indicia for indicating the execution of an action based on results of said comparison.
  - 18. The method of claim 17, wherein said action indicia includes information for at least one of designating said data flow as one of said traffic classes and chaining to another of said rules.
  - 19. The method of claim 18, wherein said classification engine classifies said data flow into one of said traffic classes in accordance with a dynamic classification scheme.
  - 20. The method of claim 19, wherein said data flow managing mechanism identifies said data flow as a particular type of traffic.
  - 21. The method of claim 20, further comprising a traffic monitoring mechanism configured to monitor attributes of said data flow and to provide update information to said data flow managing mechanism.
  - 22. The method of claim 21, wherein said traffic monitoring mechanism comprises a plurality of traffic monitors, each of said traffic monitors being capable of monitoring and measuring at least one predetermined attribute to said data flow.
  - 23. The method of claim 22, wherein said traffic monitors comprise a data structure including,identifier indicia for identifying a type of traffic monitor, and value indicia for indicating a value measured by said traffic monitor.
  - 24. The method of claim 23, wherein classification engine comprises a data structure including,traffic type indicia indicating the traffic type of said data flow,traffic class indicia representing the different classes of traffic corresponding to the traffic type,transition indicia indicating transitions from one of said traffic classes to another of said traffic classes, andrule indicia containing traffic monitor information, corresponding rule information, said predefined values, and transition class information,wherein said classification engine compares said traffic monitor information to said rule and said predefined values to classify said data flow into a traffic class corresponding to said traffic type.
  - 25. The method of claim 18, wherein said classification engine classifies said data flow into one of said traffic classes in accordance with a Layer-7 classification scheme.
  - 26. The method of claim 25, wherein said classification engine selects a predetermined packet from said data flow containing application information.
  - 27. The method of claim 26, wherein said classification engine comprises a data structure including,information location indicia indicating the location where said application information is contained within said predetermined packet,character indicia defining the number of characters within said location indicia to be compared, andpattern indicia representing a pattern corresponding to a particular traffic class.
  - 28. The method of claim 27, wherein said classification engine compares said pattern indicia to said character indicia to classify said data flow into said traffic class.

29. A machine-readable medium encoded with a plurality of processor-executable instruction sequences for classifying a data flow, said instruction sequences comprising:
- identifying, tracking, and managing said data flow by a data flow managing mechanism;
  
  comparing information contained in said data flow with a plurality of rules containing pre-specified values, said plurality of rules include in a rule set; and
  
  initially classifying, by a configurable classification rule engine, said data flow into one of a plurality of traffic classes based on results of said comparisons between said rules and said pre-specified values, and subsequently reclassifying said data flow into a different one of the plurality of traffic class based on different results of said comparisons;
  
  wherein said classification rule engine is configured by a configuration file, said configuration file specifying said pre-specified values and information regarding at least one of said data flow, said rule set, and said plurality of traffic classes, andwherein said configuration file comprises a format that allows for the modification and reconfiguration of said classification rule engine, said data flow, said rule set, and said plurality of traffic classes.
- View Dependent Claims (30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42)
- - 30. The machine-readable medium of claim 29, wherein said data flow managing mechanism includes a flow table mechanism configured to perform at least one of capturing said information contained in said data flow, mapping a packet to a data flow, identifying said data flow based on said captured information, registering active data flows, and deleting inactive data flows.
  - 31. The machine-readable medium of claim 30, wherein said plurality of rules comprise a data structure including,event indicia for indicating the invocation of one of said rules, condition indicia for representing a comparison or condition between saidone of said rules and said pre-specified values, andaction indicia for indicating the execution of an action based on results of said comparison.
  - 32. The machine-readable medium of claim 31, wherein said action indicia includes information for at least one of designating said data flow as one of said traffic classes and chaining to another of said rules.
  - 33. The machine-readable medium of claim 32, wherein said classification engine classifies said data flow into one of said traffic classes in accordance with a dynamic classification scheme.
  - 34. The machine-readable medium of claim 33, wherein said data flow managing mechanism identifies said data flow as a particular type of traffic.
  - 35. The machine-readable medium of claim 34, further comprising a traffic monitoring mechanism configured to monitor attributes of said data flow and to provide update information to said data flow managing mechanism.
  - 36. The machine-readable medium of claim 35, wherein said traffic monitoring mechanism comprises a plurality of traffic monitors, each of said traffic monitors being capable of monitoring and measuring at least one predetermined attribute of said data flow.
  - 37. The machine-readable medium of claim 36, wherein said traffic monitors comprise a data structure including,identifier indicia for identifying a type of traffic monitor, and value indicia for indicating a value measured by said traffic monitor.
  - 38. The machine-readable medium of claim 37, wherein classification engine comprises a data structure including,traffic type indicia indicating the traffic type of said data flow, traffic class indicia representing the different classes of traffic corresponding to the traffic type,transition indicia indicating transitions from one of said traffic classes to another of said traffic classes, andrule indicia containing traffic monitor information, corresponding rule information, said predefined values, and transition class information,wherein said classification engine compares said traffic monitor information to said rule and said predefined values to classify said data flow into a traffic class corresponding to said traffic type.
  - 39. The machine-readable medium of claim 32, wherein said classification engine classifies said data flow into one of said traffic classes in accordance with a Layer-7 classification scheme.
  - 40. The machine-readable medium of claim 39, wherein said classification engine selects a predetermined packet from said data flow containing application information.
  - 41. The machine-readable medium of claim 40, wherein said classification engine comprises a data structure including,information location which indicating the location where said application information is contained within said predetermined packet,character indicia defining the number of characters within said location indicia to be compared, andpattern indicia representing a pattern corresponding to a particular traffic class.
  - 42. The machine-readable medium of claim 41, wherein said classification engine compares said pattern indicia to said character indicia to classify said data flow into said traffic class.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
RPX Clearinghouse LLC (RPX Corporation)
Original Assignee
Nortel Networks Limited (Nortel Networks Corporation)
Inventors
Cao, Carl F., Wang, Dabin, Liu, Yajun, Bennett, Don W., Nandy, Biswajit B., Seddigh, Nabil N.
Primary Examiner(s)
Pham, Chi
Assistant Examiner(s)
HOANG, THAI D

Application Number

US09/717,292
Time in Patent Office

1,847 Days
Field of Search

370229-240, 370/395.21, 3703954-39543
US Class Current

370/230
CPC Class Codes

H04L 47/10   Flow control; Congestion co...

H04L 47/2441   relying on flow classificat...

H04L 47/2458   Modification of priorities ...

Configurable rule-engine for layer-7 and traffic characteristic-based classification

First Claim

6 Assignments

0 Petitions

Accused Products

Abstract

146 Citations

42 Claims

Specification

Solutions

Use Cases

Quick Links

Configurable rule-engine for layer-7 and traffic characteristic-based classification

First Claim

6 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

146 Citations

42 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links