Technique for improving load balancing of traffic in a data network using source-side related information

US 7,328,237 B1
Filed: 07/25/2002
Issued: 02/05/2008
Est. Priority Date: 07/25/2002
Status: Active Grant

First Claim

Patent Images

1. A method of processing incoming packets from a plurality of clients for distribution among a plurality of servers in a data network, the method comprising:

generating a modified destination IP address of a first packet using a virtual IP address received in response to a DNS look-up request, by execution of an IP address modification application at a first client, wherein the modified destination IP address includes embedded source-side information derived using encrypted keys in conjunction with the IP address modification application;

configuring the first client to access one or more specific DNS servers based on rights and privileges of the first client;

receiving a first packet from the first client;

the first packet including a destination Internet Protocol (IP) address field in a header portion of the packet, the destination IP address field having a subfield for embedding source-side information including one or more of user-specific data, user preference data, requested content, first client priority information, and first client privilege information;

analyzing the destination IP address field of the first packet to identify source-side information embedded therein;

selecting, using said identified source-side information, an appropriate server from the plurality of servers; and

forwarding the first packet to the appropriate server.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

According to various aspects of the present invention, a technique is described for improving load balancing of traffic in a data network using source-side related information embedded into the destination IP address field of packets received at a load balancing device. One aspect of the present invention relates to assigning more than one virtual IP address to a server cluster in order to enable different clients to select a virtual cluster address which corresponds to each clients'"'"' respective rights and/or profiles, and to use the selected virtual cluster address to access a desired site or service. Another aspect of the present invention relates to a mechanism which allows for load balancing operations to be implemented using source-side information which is embedded into the destination IP address of a packet header. In this way, load balancing decisions may be quickly performed at initial or early stages of a connection flow.

Citations

36 Claims

1. A method of processing incoming packets from a plurality of clients for distribution among a plurality of servers in a data network, the method comprising:
- generating a modified destination IP address of a first packet using a virtual IP address received in response to a DNS look-up request, by execution of an IP address modification application at a first client, wherein the modified destination IP address includes embedded source-side information derived using encrypted keys in conjunction with the IP address modification application;
  
  configuring the first client to access one or more specific DNS servers based on rights and privileges of the first client;
  
  receiving a first packet from the first client;
  
  the first packet including a destination Internet Protocol (IP) address field in a header portion of the packet, the destination IP address field having a subfield for embedding source-side information including one or more of user-specific data, user preference data, requested content, first client priority information, and first client privilege information;
  
  analyzing the destination IP address field of the first packet to identify source-side information embedded therein;
  
  selecting, using said identified source-side information, an appropriate server from the plurality of servers; and
  
  forwarding the first packet to the appropriate server.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19)
- - 2. The method of claim 1 wherein the first packet corresponds to a TCP SYN packet.
  - 3. The method of claim 2 further comprising forwarding the TCP SYN packet to a selected server of the plurality of servers.
  - 4. The method of claim 3 wherein the TCP SYN packet is forwarded to a selected server of the plurality of servers without first establishing a TCP connection with the first client.
  - 5. The method of claim 1 wherein the source-side information includes information relating to an identity of the first client.
  - 6. The method of claim 1 wherein the source-side information includes information relating to user specific information.
  - 7. The method of claim 1 wherein the source-side information includes information relating to user preference information.
  - 8. The method of claim 1 wherein the source-side information includes information relating to requested content.
  - 9. The method of claim 1 wherein the source-side information includes session information relating to the first client.
  - 10. The method of claim 1 wherein the source-side information includes Quality of Service (QoS) information relating to the first client.
  - 11. The method of claim 1 wherein the source-side information includes priority information relating to the first client.
  - 12. The method of claim 1 wherein the source-side information includes privilege information relating to the first client.
  - 13. The method of claim 1 further comprising performing Quality of Service (QoS) processing on the first packet using said source-side information.
  - 14. The method of claim 1 wherein the first packet is associated with a first flow;
    - wherein the destination address field of the first packet includes flow information;
      
      wherein said flow information includes source IP address information, destination IP address information, source TCP port information, and destination TCP port information;
      
      determining, using said flow information, whether any server of the plurality of servers has been associated with the first flow; and
      
      forwarding the first packet to an associated server in response to determining that at least one server of the plurality of servers has been associated with the first flow.
  - 15. The method of claim 1 wherein the destination address field of the first packet includes embedded information relating to at least one aspect of the first client.
  - 16. The method of claim 1 wherein the destination address field of the first packet includes:
    - a cluster address portion which includes subnet and host address information; and
      
      source-side information relating to at least one aspect of the first client.
  - 17. A computer program product, including a machine-readable medium storing program instructions embodied therein, for implementing the method of claim 1.
  - 18. A method as recited in claim 1 further comprising:
    - determining that the least significant bits of the destination IP address are not modified.
  - 19. A method as recited in claim 1 wherein the embedded source-side information has a length L in the least significant bits of the modified destination IP address.

20. A system of processing incoming packets from a plurality of clients for distribution among a plurality of servers in a data network, the system comprising:
- means for generating a modified destination IP address of a first packet using a virtual IP address received in response to a DNS look-up request, by execution of an IP address modification application at a first client, wherein the modified destination IP address includes embedded source-side information derived using encrypted keys in conjunction with the IP address modification application;
  
  means for configuring the first client to access one or more specific DNS servers based on rights and privileges of the first client;
  
  means for receiving a first packet from the first client;
  
  the first packet, including a destination Internet Protocol (IP) address field in a header portion of the packet the destination IP address field having a sub-field for embedding source-side information including one or more of user-specific data, user preference data, requested content, first client priority information, and first client privilege information;
  
  means for analyzing the destination address field of the first packet to identify source-side information embedded therein;
  
  means for selecting, using said source-side information, an appropriate server from the plurality of servers; and
  
  means for forwarding the first packet to the appropriate server;
  
  wherein the destination address field of the first packet includes;
  
  a cluster address portion which includes subnet and host address information.

21. A system of processing incoming packets from a plurality of clients for distribution among a plurality of servers in a data network, the system comprising:
- at least one processor;
  
  at least one interface configured or designed to provide a communication link to at least one other network device in the data network; and
  
  memory;
  
  the system being configured or designed to generate a modified destination IP address of a first packet using a virtual IP address received in response to a DNS look-up request by execution of an IP address modification application at the first client, wherein the modified destination IP address includes embedded source-side information derived using encrypted keys in conjunction with the IP address modification application; and
  
  configured or designed to enable the first client to access one or more specific DNS servers based on rights and privileges of the first client; and
  
  configured or designed to receive a first packet from the first client;
  
  the first packet including a destination Internet Protocol (IP) address field in a header portion of the packet the destination IP address field having a sub-field for embedding source-side information including one or more of user-specific data, user preference data, requested content, first client priority information, and first client privilege information;
  
  the system being further configured or designed to analyze the destination address field of the first packet to identify source-side information embedded therein;
  
  the system being further configured or designed to select, using said identified source-side information, an appropriate server from the plurality of servers; and
  
  the system being further configured or designed to forward the first packet to the appropriate server.
- View Dependent Claims (22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36)
- - 22. The system of claim 21 wherein the first packet corresponds to a TCP SYN packet.
  - 23. The system of claim 22 being further configured or designed to forward the TCP SYN packet to a selected server of the plurality of servers.
  - 24. The system of claim 23 wherein the TCP SYN packet is forwarded to a selected server of the plurality of servers without first establishing a TCP connection with the first client.
  - 25. The system of claim 21 wherein the source-side information includes information relating to an identity of the first client.
  - 26. The system of claim 21 wherein the source-side information includes information relating to user specific information.
  - 27. The system of claim 21 wherein the source-side information includes information relating to user preference information.
  - 28. The system of claim 21 wherein the source-side information includes information relating to requested content.
  - 29. The system of claim 21 wherein the source-side information includes session information relating to the first client.
  - 30. The system of claim 21 wherein the source-side information includes Quality of Service (QoS) information relating to the first client.
  - 31. The system of claim 21 wherein the source-side information includes priority information relating to the first client.
  - 32. The system of claim 21 wherein the source-side information includes privilege information relating to the first client.
  - 33. The system of claim 21 being further configured or designed to perform Quality of Service (QoS) processing on the first packet using said source-side information.
  - 34. The system of claim 21 wherein the first packet is associated with a first flow;
    - wherein the destination address field of the first packet includes flow information;
      
      wherein said flow information includes source IP address information, destination IP address information, source TCP port information, and destination TCP port information;
      
      the system being further configured or designed to determine, using said flow information, whether any server of the plurality of servers has been associated with the first flow; and
      
      the system being further configured or designed to forward the first packet to an associated server in response to determine that at least one server of the plurality of servers has been associated with the first flow.
  - 35. The system of claim 21 wherein the destination address field of the first packet includes embedded information relating to at least one aspect of the first client.
  - 36. The system of claim 21 wherein the destination address field of the first packet includes:
    - a cluster address portion which includes subnet and host address information; and
      
      source-side information relating to at least one aspect of the first client.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Original Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Inventors
Thubert, Pascal, Levy-Abegnoli, Eric
Primary Examiner(s)
Cardone; Jason
Assistant Examiner(s)
HOSSAIN, TANIM M

Application Number

US10/205,669
Time in Patent Office

2,021 Days
Field of Search

709/224, 709/203, 709/229, 709/238, 709/245, 370/392
US Class Current

709/203
CPC Class Codes

H04L 61/35   involving non-standard use ...

H04L 61/4511   using domain name system [DNS]

H04L 67/1001   for accessing one among a p...

H04L 67/1006   with static server selectio...

H04L 67/1014   based on the content of a r...

H04L 67/306   User profiles

H04L 67/61   taking into account QoS or ...

Technique for improving load balancing of traffic in a data network using source-side related information

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

36 Claims

Specification

Solutions

Use Cases

Quick Links

Technique for improving load balancing of traffic in a data network using source-side related information

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

36 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links