Network router having integrated flow accounting and packet interception

US 7,254,114 B1
Filed: 08/26/2002
Issued: 08/07/2007
Est. Priority Date: 08/26/2002
Status: Active Grant

First Claim

Patent Images

1. A network device comprising:

a set of one or more interface cards to collect packets from a network;

a set of one or more accounting modules to generate flow statistics for the packets; and

a control unit to generate a first and second duplicate streams of the packets received by the interface cards,wherein the control unit distributes the packets of the first duplicate stream to the accounting modules for calculation of flow statistics, andwherein, simultaneous with the calculation of the flow statistics, the control unit intercepts at least a subset of the packets of the second duplicate stream for selected packet flows and forwards the intercepted packets to a packet analyzer,wherein the control unit applies an intercept filter to the second duplicate stream to select the subset of the network packets, andwherein the intercept filter defines a set of traffic flows, and wherein the control unit applies the intercept filter to identify network packets associated with the set of traffic flows.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A network router integrates routing functionality with accounting functionality for generation of flow statistics, and provides packet intercept functionality to provide a comprehensive traffic analysis environment. The router includes a set of interface cards to receive packets from a network, and a control unit to generate a first and second duplicate stream of the packets. The control unit provides the packets of the first stream to accounting modules for calculation of flow statistics, and applies an intercept filter to intercept at least a subset of the packets of the second stream for selected packet flows.

144 Citations

35 Claims

1. A network device comprising:
- a set of one or more interface cards to collect packets from a network;
  
  a set of one or more accounting modules to generate flow statistics for the packets; and
  
  a control unit to generate a first and second duplicate streams of the packets received by the interface cards,wherein the control unit distributes the packets of the first duplicate stream to the accounting modules for calculation of flow statistics, andwherein, simultaneous with the calculation of the flow statistics, the control unit intercepts at least a subset of the packets of the second duplicate stream for selected packet flows and forwards the intercepted packets to a packet analyzer,wherein the control unit applies an intercept filter to the second duplicate stream to select the subset of the network packets, andwherein the intercept filter defines a set of traffic flows, and wherein the control unit applies the intercept filter to identify network packets associated with the set of traffic flows.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The network device of claim 1, wherein the control unit forwards the flow statistics to an accounting server.
  - 3. The network device of claim 1, further comprising an encryption service card to receive the flow statistics and the intercepted packets from the control unit, and to produce encrypted packet streams carrying the flow statistics and the intercepted packets.
  - 4. The network device of claim 1, further comprising a tunnel service card to relay the flow statistics and intercepted packets through network tunnels.
  - 5. The network device of claim 4, wherein the control unit forwards the intercepted packets to the tunnel service card to form an aggregated stream of packets for output to a packet analyzer via one of the interface cards.
  - 6. The network device of claim 1, wherein the accounting modules comprise a set of accounting service cards to generate the flow statistics for the network packets, and wherein the control unit distributes the first duplicate stream of the network packets to the set of accounting service cards.
  - 7. The network device of claim 6, wherein the control unit identifies packet flows within the first duplicate stream and distributes packets for a common packet flow to a common accounting service card.
  - 8. The network device of claim 1, further comprising a chassis having a plurality of slots to receive and couple the network interface cards and the accounting service cards to the control unit.
  - 9. The network device of claim 1, wherein the control unit comprises a routing engine to maintain routing information representing a topology of the network, wherein the control unit receives the packets from the interface cards, and forwards the packets to output ports of the network interface cards in accordance with the routing information.
  - 10. The network device of claim 9, wherein the routing engine generates forwarding information in accordance with the routing information, and wherein the control unit comprises a forwarding engine to forward the packets received from the interface cards in accordance with the forwarding information.
  - 11. The network device of claim 1, wherein the packets conform to at least one of the Internet Protocol, the Transmission Control Protocol, Frame Relay, and the Asynchronous Transfer Mode communication protocol.

12. A network device comprising:
- a set of one or more interface cards to collect packets from a network;
  
  a set of one or more accounting modules to generate flow statistics for the packets; and
  
  a control unit to generate a first and second duplicate streams of the packets received by the interface cards,wherein the control unit distributes the packets of the first duplicate stream to the accounting modules for calculation of flow statistics,wherein, simultaneous with the calculation of the flow statistics, the control unit applies an intercept filter to the second stream of packets to intercept at least a subset of the packets of the second duplicate stream for selected packet flows,wherein the control unit updates the intercept filter based on the flow statistics generated by the accounting modules, andwherein the control unit forwards the intercepted packets to a packet analyzer.

13. A network device comprising:
- a set of one or more interface cards to collect packets from a network;
  
  a set of one or more accounting modules to generate flow statistics for the packets;
  
  a control unit to generate a first and second duplicate streams of the packets received by the interface cards, wherein the control unit distributes the packets of the first duplicate stream to the accounting modules for calculation of flow statistics, and wherein, simultaneous with the calculation of the flow statistics, the control unit intercepts at least a subset of the packets of the second duplicate stream for selected jacket flows and forwards the intercepted packets to a packet analyzer; and
  
  a tunnel service card to relay the flow statistics and intercepted packets through network tunnels, wherein the control unit forwards the intercepted packets to the tunnel service card to form an aggregated stream of packets for output to the packet analyzer via one of the interface cards,wherein the control unit applies filter-based forwarding to direct the aggregated stream of intercepted packets to one of the interface cards.

14. A network device comprising:
- a set of one or more interface cards to collect packets from a network;
  
  a set of one or more accounting service, cards to generate flow statistics for the packets,a control unit to generate a first and second duplicate streams of the packets received by the interface cards,wherein the control unit identifies packet flows within the first duplicate stream and distributes packets for a common packet flow to a common accounting service card by implementing a hash function on header information within each packet to calculate a hash value, and distribute each of the packets to one of the accounting service cards for calculation of flow statistics based on the calculated hash values,wherein, simultaneous with the calculation of the flow statistics, the control unit intercepts at least a subset of the packets of the second duplicate stream for selected packet flows and forwards the intercepted packets to a packet analyzer.
- View Dependent Claims (15, 16)
- - 15. The network device of claim 14, wherein the header information comprises at least one of a source network address, a destination network address, a protocol, a source port number, a destination port number, and an ingress port number for the interface card from which the packet was received.
  - 16. The network device of claim 14, wherein the control unit selects the header information to distribute packet fragments associated with a common one of the network packets to a common one of the accounting service cards.

17. A network device comprisinga set of one or more interface cards to collect packets from a network;
- a set of one or more accounting modules to generate flow statistics for the packets; and
  
  a control unit to generate a first and second duplicate streams of the packets received by the interface cards, wherein the control unit distributes the packets of the first duplicate stream to the accounting modules, and wherein, simultaneous with the calculation of the flow statistics, the control unit intercepts at least a subset of the packets of the second duplicate stream for selected packet flows and forwards the intercepted packets to a packet analyzer,wherein the control unit comprises a routing engine to maintain routing information representing a topology of the network,wherein the routing engine generates forwarding information in accordance with the routine information, and wherein the control unit comprises a forwarding engine to forward the packets received from the interface cards in accordance with the forwarding information, andwherein the routing engine updates the forwarding information based on the flow statistics generated by the accounting modules.

18. A method comprising:
- receiving packets from a network via an interface card of a network device;
  
  generating, with the network device, first and second duplicate streams of the packets received from the interface cards;
  
  applying a hash function to header information of each of the packets of the first duplicate data stream to calculate a hash value for each of the packets;
  
  distributing the packets of the first duplicate stream to accounting service cards of the network device for calculation of flow statistics based on the calculated hash values; and
  
  simultaneous with the calculation of the flow statistics, intercepting, with the network device, at least a subset of the packets of the second duplicate stream for selected packet flows.
- View Dependent Claims (19, 20, 21, 22, 23, 25, 26, 27, 28, 29)
- - 19. The method of claim 18, further comprising:
    - forwarding the flow statistics from the network device to an accounting server; and
      
      forwarding the intercepted packets from the network device to a packet analyzer.
  - 20. The method of claim 18, further comprising forwarding the flow statistics to an encryption service card to produce an encrypted packet stream carrying the flow statistics.
  - 21. The method of claim 18, further comprising forwarding the intercepted packets to an encryption service card to produce an encrypted packet stream carrying the intercepted packets.
  - 22. The method of claim 18, further comprising forwarding the flow statistics and intercepted packets to a tunnel service card to relay the flow statistics and intercepted packets through network tunnels.
  - 23. The method of claim 18, further comprising forwarding the intercepted packets to the tunnel service card to form an aggregated stream of packets for output to a packet analyzer via one of the interface cards.
  - 25. The method of claim 18, wherein distributing the packets of the first stream to accounting modules comprises:
    - determining a packet flow for each of the packets of the first stream; and
      
      distributing the packets to the accounting modules such that packets for the same packet flow are distributed to the same accounting module.
  - 26. The method of claim 18, wherein the header information comprises at least one of a source network address, a destination network address, a protocol, a source port number, a destination port number, and an ingress port number from which the packet was received.
  - 27. The method of claim 18, further comprising selecting the header information to include data for the hash function to distribute packet fragments of the same network packet to a common accounting service card.
  - 28. The method of claim 18, further comprising:
    - maintaining routing information representing a topology of the network;
      
      receiving a return stream of packets from the accounting modules, wherein the return stream of packets comprises the packets received from the network interface cards; and
      
      routing the packets of the return stream in accordance with the routing information.
  - 29. The method of claim 18, wherein routing the packets comprises:
    - generating forwarding information in accordance with the routing information, andforwarding the packets received from the interface cards in accordance with the forwarding information.

24. A method comprising:
- receiving packets from a network via an interface card of a network device;
  
  generating, with the network device, first and second duplicate streams of the packets received from the interface cards;
  
  distributing the packets of the first duplicate stream to accounting modules of the network device for calculation of flow statistics;
  
  simultaneous with the calculation of the flow statistics, intercepting, with the network device, at least a subset of the packets of the second duplicate stream for selected packet flows;
  
  forwarding the intercepted packets to a tunnel service card to form an aggregated stream of packets; and
  
  applying filter-based forwarding to direct the aggregated stream of intercepted packets to one of the interface cards for output to a packet analyzer.

30. A method comprising:
- generating forwarding information in accordance with routing information representing a topology of a network,receiving packets from the network via one or more interface cards of a network device;
  
  generating, with the network device, first and second duplicate streams of the packets received from the interface cards;
  
  distributing the packets of the first duplicate stream to accounting modules of the network device for calculation of flow statistics;
  
  simultaneous with the calculation of the flow statistics, intercepting, with the network device, at least a subset of the packets of the second duplicate stream for selected packet flows;
  
  forwarding the intercepted packets to a tunnel service card to form an aggregated stream of packets for output via one of the interface cards;
  
  forwarding the packets in accordance with the forwarding information; and
  
  updating the forwarding information based on the generated flow statistics.

31. A method comprising:
- receiving packets from a network via an interface card of a network device;
  
  generating, with the network device, first and second duplicate streams of the packets received from the interface cards;
  
  distributing the packets of the first duplicate stream to accounting modules of the network device for calculation of flow statistics; and
  
  simultaneous with the calculation of the flow statistics, intercepting, with the network device, at least a subset of the packets of the second duplicate stream for selected packet flows by applying an intercept filter to the second stream of packets to identify packets associated with a set of traffic flows.
- View Dependent Claims (32)
- - 32. The method of claim 31, further comprising updating the intercept filter based on the flow statistics generated by the accounting modules.

33. A method comprising:
- receiving packets from a network via an interface card of a network device;
  
  generating first and second duplicate streams of the packets received from the interface cards;
  
  distributing the packets of the first stream to accounting modules for calculation of flow statistics;
  
  applying a filter to packets of the second stream to intercept at least a subset of the packets of the second stream for selected packet flows;
  
  receiving a return stream of packets from the accounting modules, wherein the return stream of packets comprises the packets received from the network interface cards merged with packets carrying the flow statistics;
  
  routing the packets of the return packet stream in accordance with forwarded information generated from routing information representing a topology of the network;
  
  updating the forwarding information based on the generated flow statistics;
  
  forwarding the packets carrying the flow statistics to an accounting server; and
  
  forwarding the intercepted packets to a packet analyzer.
- View Dependent Claims (34, 35)
- - 34. The method of claim 33, wherein forwarding the packets carrying the flow statistics comprises forwarding the packets to an encryption service card to produce an encrypted packet stream carrying the flow statistics.
  - 35. The method of claim 33, wherein forwarding the intercepted packets comprises forwarding the intercepted packets to an encryption service card to produce an encrypted packet stream carrying the intercepted packets.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Juniper Networks Incorporated
Original Assignee
Juniper Networks Incorporated
Inventors
Joe, Truman, Kalra, Sanjay, Woo, Hsien-Chung, Turner, Stephen W, Cartee, Wendy R
Primary Examiner(s)
Nguyen; Chau
Assistant Examiner(s)
SMITH, MARCUS

Application Number

US10/228,114
Time in Patent Office

1,807 Days
Field of Search

370/230, 370/232, 370/235, 370/236, 370/241, 370/245, 370/250, 370/252, 370/401, 370/244, 709/223, 709/224, 726/23
US Class Current

370/244
CPC Class Codes

H04L 41/142   using statistical or mathem...

H04L 43/026   using flow identification

H04L 43/18   Protocol analysers

H04L 45/60   Router architectures

Network router having integrated flow accounting and packet interception

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

144 Citations

35 Claims

Specification

Solutions

Use Cases

Quick Links

Network router having integrated flow accounting and packet interception

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

144 Citations

35 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links