Processing of data packets within a network element cluster
First Claim
1. A gateway node of a network element cluster, said gateway node havingfirst means for processing data packets and establishing secure tunnel connections in accordance with a protocol suite for securing packet data communications,second means for storing hash values, which are currently allocated to said gateway node and different from hash values allocated to other gateway nodes in the cluster so as to enable load distribution,third means for filtering at least a plurality of data packets based on packet-specific first hash values, a first packet-specific hash value being calculated using a first hash function and first header field(s) of a data packet, said third means being arranged to accept only data packets having one of the hash values currently allocated to said node and to ignore other data packets,fourth means for filtering a plurality of second data packets, which are data packets of a secure tunnel according to a protocol suite for securing packet data communications, based on second packet-specific hash values, a second packet-specific hash value being calculated using a second hash function and at least second header field(s) of a second data packet, said fourth means being arranged to accept only second data packets having one of the hash values being currently allocated to said node and to ignore other data packets,fifth means for generating value(s) for the second header field(s), arranged to generate such value(s) that a hash value calculated using said value(s) and the second hash function is a hash value currently allocated to said node, andmeans for providing the second header field(s) of a second data packet outbound from the node with said generated value(s).
9 Assignments
0 Petitions
Accused Products
Abstract
In a network element cluster having a plurality of nodes, distribution decisions are determined on the basis of certain field(s) of data packets according to predetermined criteria, and data packets are distributed to nodes of the network element cluster according to the distribution decisions. Data packets are processed by said nodes of the network element cluster, and the processing involves selecting at least partly arbitrary value(s) for at least one of the field(s) of at least one data packet. Such value(s) are selected for at least one of said certain field(s) of a third data packet, such that distribution decisions determined according to the predetermined criteria result in the same node in the cluster processing inbound and outbound packets of the same session ID.
-
Citations
12 Claims
-
1. A gateway node of a network element cluster, said gateway node having
first means for processing data packets and establishing secure tunnel connections in accordance with a protocol suite for securing packet data communications, second means for storing hash values, which are currently allocated to said gateway node and different from hash values allocated to other gateway nodes in the cluster so as to enable load distribution, third means for filtering at least a plurality of data packets based on packet-specific first hash values, a first packet-specific hash value being calculated using a first hash function and first header field(s) of a data packet, said third means being arranged to accept only data packets having one of the hash values currently allocated to said node and to ignore other data packets, fourth means for filtering a plurality of second data packets, which are data packets of a secure tunnel according to a protocol suite for securing packet data communications, based on second packet-specific hash values, a second packet-specific hash value being calculated using a second hash function and at least second header field(s) of a second data packet, said fourth means being arranged to accept only second data packets having one of the hash values being currently allocated to said node and to ignore other data packets, fifth means for generating value(s) for the second header field(s), arranged to generate such value(s) that a hash value calculated using said value(s) and the second hash function is a hash value currently allocated to said node, and means for providing the second header field(s) of a second data packet outbound from the node with said generated value(s).
-
4. A network element cluster for processing data packets, said network element cluster comprising a plurality of gateway nodes, said network element cluster having means for allocating a range of hash values to the gateway nodes, so that each gateway node has node-specific hash values different from the hash values of other gateway nodes, and at least one of said gateway nodes comprises
tunnel means for processing data packets and establishing secure tunnels connections in accordance with a protocol suite for securing packet data communications, storing means for storing hash values, which are currently allocated to said gateway node and different from the hash values allocated to other gateway nodes in the cluster so as to enable load distribution, and first means for filtering at least a plurality of data packets based on packet-specific first hash values, a first packet-specific hash value being calculated using a first hash function and first header field(s) of a data packet, said first means being arranged to accept only data packets having one of the hash values currently allocated to said gateway node and to ignore other data packets, second means for filtering a plurality of second data packets, which are data packets of a secure tunnel according to a protocol suite for securing packet data communications, based on second packet-specific hash values, a second packet-specific hash value being calculated using a second hash functions and second header field(s) of a second data packet, said second means being arranged to accept only second data packets having one of the hash values being currently allocated to said gateway node and to ignore other data packets, and third means for generating value(s) for the second header field(s), arranged to generate such value(s) that a hash value calculated using said value(s) and the second hash function is a hash value currently allocated to said gateway node, and means for providing the second header field(s) of a second data packet outbound from the gateway node with said generated value(s).
-
8. A method of processing data packets in a gateway node of a network element cluster, comprising
processing data packets and establishing secure tunnel connections in accordance with a protocol suite for securing packet data communications, storing hash values, which are currently allocated to a gateway node and different from hash values allocated to other gateway nodes in the cluster so as to enable load distribution, filtering at least a plurality of data packets based on packet-specific first hash values, a first packet-specific hash value being calculated using a first hash function and first header field(s) of a data packet, and accepting only data packets having one of the hash values currently allocated to said gateway node and ignoring other data packets, filtering a plurality of second data packets, which are data packets of a secure tunnel according to a protocol suite for securing packet data communications, based on second packet-specific hash values, a second packet-specific hash value being calculated using a second hash functions and at least second header field(s) of a second data packet, and accepting only second data packets having one of said hash values being currently allocated to said gateway node and ignoring other data packets, and generating value(s) for the second header field(s), arranged to generate such value(s) that a hash value calculated using said value(s) and the second hash function is a hash value currently allocated to said gateway node and providing the second header field(s) of a second data packet outbound from the gateway node with said generated value(s).
-
9. A method of processing data packets in a network element cluster comprised of a plurality of gateway nodes, said method comprising:
-
allocating a range of hash values to the gateway nodes of a network element cluster, so that each gaeway node has node-specific hash values different from hash values of other ones of said plurality of gateway nodes, processing data packets and establishing secure tunnel connections in accordance with a protocol suite for securing packet data communications, storing hash values, which are currently allocated to said gateway node and different from the hash values allocated to other ones of said plurality of gateway nodes in said network element cluster so as to enable load distribution, and filtering at least a plurality of data packets based on packet-specific first hash values, a first packet-specific hash value being calculated using a first hash function and first header field(s) of a data packet, and accepting only data packets having one of the hash values currently allocated to said gateway node and ignoring other data packets, filtering a plurality of second data packets, which are data packets of secure tunnel according to a protocol suite for securing packet data communications, based on second packet-specific hash values, a second packet-specific hash value being calculated using a second hash function and second header field(s) of a second data packet, and accepting only second data packets having one of the hash values being currently allocated to said gateway node ignoring other data packets, generating value(s) for the second header field(s), arranged to generate such value(s) that a hash value calculated using said value(s) and the second hash function is a hash value currently allocated to said gateway node, and providing the second header field(s) of a second data packet outbound from the gateway node with said generated value(s).
-
-
10. A computer readable storage medium having encoded thereon computer executable program code which, when executed on a gateway node in a network, causes said gateway node to
process data packets and establish secure tunnel connections in accordance with a protocol suite for securing packet data communications, store hash values, which are currently allocated to a gateway node and different from hash values allocated to other gateway nodes in a cluster of nodes so as to enable load distribution, filter at least a plurality of data packets based on packet-specific first hash values, a first packet-specific hash value being calculated using a first hash function and first header field(s) of a data packet, and accepting only data packets having one of the hash values currently allocated to said gateway node and ignoring other data packets, filter a plurality of second data packets, which are data packets of secure tunnel according to a protocol suite for securing packet data communications, based on second packet-specific hash values, a second packet-specific hash value being calculated using a second hash function and at least second header field(s) of a second data packet, and accepting only second data packets having one of the hash values being currently allocated to said gateway node and ignoring other data packets, generate value(s) for the second header field(s), arranged to generate such value(s) that a hash value calculated using said value(s) and the second hash function is a hash value currently allocated to said gateway node, and provide the second header fields(s) of a second data packet outbound from the gateway node with said generated value(s).
-
11. A computer readable storage medium having encoded thereon computer executable program code which, when executed on a gateway node in a network, causes said gateway node to
allocate a range of hash values to a gateway node, so that each node has node-specific hash values different from hash values allocated to other gateway nodes in said cluster so as to enable load distribution, process data packets and establish secure tunnel connections in accordance with a protocol suite for securing packet data communications, store hash values, which are currently allocated to said node, and filter at least a plurality of data packets based on packet-specific first hash values, a first packet-specific hash value being calculated using a first hash function and first header field(s) of a data packet, and accepting only data packets having one of the hash values currently allocated to said gateway node and ignoring other data packets, filter a plurality of second data packets, which are data packets of secure tunnel according to a protocol suite for securing packet data communications, based on second packet-specific hash values, a second packet-specific hash value being calculated using a second hash function and second header field(s) of a second data packet, and accepting only second data packets having one of the hash values being currently allocated to said gateway node and ignoring other data packets, generate value(s) for the second header field(s), arranged to generate such value(s) that a hash value calculated using said value(s) and the second hash function is a hash value currently allocated to said gateway node.
-
12. A gateway node of a network element cluster, wherein:
-
said gateway node is configured to process data packets and establish secure tunnel connection in accordance with a protocol suite for securing packet data communications; said gateway node is configured to store hash values, which are currently allocated to said gateway node and different from hash values allocated to other gateway nodes in the cluster so as to enable load distribution; said gateway node is configured to filter at least a plurality of data packets based on packet-specific first hash values, a first packet-specific hash value being calculated using a first hash function and first header field(s) of a data packet, and to accept only data packets having one of the hash values currently allocated to said node and to ignore other data packets; said gateway node is configured to filter a plurality of second data packets, which are data packets of a secure tunnel according to a protocol suite for securing packet data communications, based on second packet-specific hash values, a second packet-specific hash value being calculated using a second hash function and at least second header field(s) of a second data packet, and to accept only second data packets having one of the hash values being currently allocated to said node and to ignore other data packets; said gateway node is configured to generate value(s) for the second header field(s), arranged to generate such value(s) that a hash value calculated using said value(s) and the second hash function is a hash value currently allocated to said node, and said gateway node is configured to provide the second header field(s) of a second data packet outbound from the node with said generated value(s).
-
Specification