System, method and program product to route message packets

US 7,447,796 B2
Filed: 12/17/2004
Issued: 11/04/2008
Est. Priority Date: 12/17/2004
Status: Expired due to Fees

First Claim

Patent Images

1. A method for routing a response message packet, said response message packet being a response to a request message packet which traveled along an outbound path from a source computer to a destination computer, said outbound path comprising a first firewall for said source computer and a first router coupled to said first firewall, said method comprising:

in response to said first firewall receiving said request message packet, said first firewall broadcasting to a first plurality of peer devices a first set of session information about said request message packet and an identity of said first firewall, and in response, said first plurality of peer devices recording the first set of session information about said request message packet and that said first firewall was a first hop in said outbound path, wherein said recording the first set of session information includes storing, in a first record of a session table of a second router, an identification (session ID) of a session in which said request message packet travels along said outbound path and in which said response message packet is routed from said destination computer to said source computer and an indication that said first firewall received said request message packet as said first hop, wherein each peer device of said first plurality of peer devices is directly connected to said first firewall and is a device selected from the group consisting of a firewall and a router, and wherein said first plurality of peer devices includes said first router and said second router;

said first firewall forwarding said request message packet to said first router, and in response, said first router broadcasting to a second plurality of peer devices a second set of session information about said request message packet and an identity of said first router, and in response, said second plurality of peer devices recording the second set of session information about said request message packet and that said first router was a second hop in said outbound path, wherein said recording the second set of session information includes storing, in a second record of said session table of said second router, said session ID and an indication that said first router received said request message packet as said second hop, wherein each peer device of said second plurality of peer devices is directly connected to said first router and is a device selected from the group consisting of a firewall and a router, and wherein said second plurality of peer devices includes said first firewall and said second router;

subsequent to said recording the second set of session information, said destination computer generating said response message packet;

subsequent to said generating said response message packet, a first device that was in said outbound path determining that a second device that was in said outbound path is unavailable to receive said response message packet from said first device, wherein said first device is a device selected from the group consisting of a firewall, a router and said destination computer, and wherein said second device is a device selected from the group consisting of a firewall and a router;

subsequent to said first device determining that said second device is unavailable, said second router receiving said response message packet from said first device based on said second device being unavailable and said second router being in a routing table of said first device;

subsequent to said second router receiving said response message packet, said second router determining that said second router is not in said outbound path based on said session table of said second router not including a record of said second router receiving said request message packet as a hop in said outbound path in said session;

subsequent to said second router receiving said response message packet, said second router identifying, in said session table of said second router, a plurality of records including said first record and said second record, wherein said identifying is based on said session ID in each record of said plurality of records matching an identification of said session included in said response message packet;

subsequent to said second router identifying said plurality of records, said second router determining from said plurality of records that a plurality of devices including said first firewall and said first router is in said outbound path and connected to said second router, that said first firewall received said request message packet as said first hop before any other device of said plurality of devices received said request message packet, and that said first router received said request message packet as said second hop before any other device of said plurality of devices other than said first firewall; and

in response to said second router determining that said plurality of devices is in said outbound path and connected to said second router, that said first firewall received said request message packet before any other device of said plurality of devices, and that said first router received said request message packet before any other device of said plurality of devices other than said first firewall, said second router forwarding said response message packet to said first firewall if said first firewall is available to receive said response message packet, said second router forwarding said response message packet to said first router if said first firewall is unavailable to receive said response message packet and said first router is available to receive said response message packet, and said second router sending said response message packet back to said first device with instructions for said first device to update said routing table if said first firewall and said first router are unavailable to receive said response message packet.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system, method and computer program for routing a response packet along a path similar to a request packet'"'"'s outbound path that includes a firewall, a first router, a first device and a second device. The firewall receives the request packet and forwards the request packet to the first router. Upon receipt of the request packet, the firewall and first router broadcast session information to their respective sets of directly connected devices. Based on a determination that the second device is unavailable to receive the response packet, a second router receives the response packet. After determining that the second router was not in the outbound path, the second router forwards the response packet to the firewall if the firewall is available or to the first router if the first firewall is unavailable and the first router is available.

31 Citations

View as Search Results

12 Claims

1. A method for routing a response message packet, said response message packet being a response to a request message packet which traveled along an outbound path from a source computer to a destination computer, said outbound path comprising a first firewall for said source computer and a first router coupled to said first firewall, said method comprising:
- in response to said first firewall receiving said request message packet, said first firewall broadcasting to a first plurality of peer devices a first set of session information about said request message packet and an identity of said first firewall, and in response, said first plurality of peer devices recording the first set of session information about said request message packet and that said first firewall was a first hop in said outbound path, wherein said recording the first set of session information includes storing, in a first record of a session table of a second router, an identification (session ID) of a session in which said request message packet travels along said outbound path and in which said response message packet is routed from said destination computer to said source computer and an indication that said first firewall received said request message packet as said first hop, wherein each peer device of said first plurality of peer devices is directly connected to said first firewall and is a device selected from the group consisting of a firewall and a router, and wherein said first plurality of peer devices includes said first router and said second router;
  
  said first firewall forwarding said request message packet to said first router, and in response, said first router broadcasting to a second plurality of peer devices a second set of session information about said request message packet and an identity of said first router, and in response, said second plurality of peer devices recording the second set of session information about said request message packet and that said first router was a second hop in said outbound path, wherein said recording the second set of session information includes storing, in a second record of said session table of said second router, said session ID and an indication that said first router received said request message packet as said second hop, wherein each peer device of said second plurality of peer devices is directly connected to said first router and is a device selected from the group consisting of a firewall and a router, and wherein said second plurality of peer devices includes said first firewall and said second router;
  
  subsequent to said recording the second set of session information, said destination computer generating said response message packet;
  
  subsequent to said generating said response message packet, a first device that was in said outbound path determining that a second device that was in said outbound path is unavailable to receive said response message packet from said first device, wherein said first device is a device selected from the group consisting of a firewall, a router and said destination computer, and wherein said second device is a device selected from the group consisting of a firewall and a router;
  
  subsequent to said first device determining that said second device is unavailable, said second router receiving said response message packet from said first device based on said second device being unavailable and said second router being in a routing table of said first device;
  
  subsequent to said second router receiving said response message packet, said second router determining that said second router is not in said outbound path based on said session table of said second router not including a record of said second router receiving said request message packet as a hop in said outbound path in said session;
  
  subsequent to said second router receiving said response message packet, said second router identifying, in said session table of said second router, a plurality of records including said first record and said second record, wherein said identifying is based on said session ID in each record of said plurality of records matching an identification of said session included in said response message packet;
  
  subsequent to said second router identifying said plurality of records, said second router determining from said plurality of records that a plurality of devices including said first firewall and said first router is in said outbound path and connected to said second router, that said first firewall received said request message packet as said first hop before any other device of said plurality of devices received said request message packet, and that said first router received said request message packet as said second hop before any other device of said plurality of devices other than said first firewall; and
  
  in response to said second router determining that said plurality of devices is in said outbound path and connected to said second router, that said first firewall received said request message packet before any other device of said plurality of devices, and that said first router received said request message packet before any other device of said plurality of devices other than said first firewall, said second router forwarding said response message packet to said first firewall if said first firewall is available to receive said response message packet, said second router forwarding said response message packet to said first router if said first firewall is unavailable to receive said response message packet and said first router is available to receive said response message packet, and said second router sending said response message packet back to said first device with instructions for said first device to update said routing table if said first firewall and said first router are unavailable to receive said response message packet.
- View Dependent Claims (2, 3, 4, 5, 11)
- - 2. A method as set forth in claim 1 wherein in response to said first router receiving said request message packet, said first router recording, in a record of a session table of said first router, said session ID, a sequence number of said request message packet, an identifier of said source computer, an identifier of said destination computer, and that said first firewall was a previous hop in said outbound path.
  - 3. A method as set forth in claim 2 wherein said response message packet is forwarded to said first router by said second router, and wherein in response to said first router receiving said response message packet, said first router checking said record of said session table of said first router to learn that said first firewall was the previous hop in said outbound path, and then forwarding said response message packet to said first firewall.
  - 4. A method as set forth in claim 1 further comprising:
    - prior to said first device determining that said second device is unavailable, said second device periodically sending a signal to said first device indicating that said second device is active and available to receive said response message packet from said first device; and
      
      in response to said second device periodically sending said signal, said first device periodically receiving said signal from said second device,wherein said determining that said second device is unavailable includes said first device detecting a lack of said receiving said signal in a predetermined period of time.
  - 5. A method as set forth in claim 1 wherein after said first router receives said request message packet from said first firewall and before said response message packet is generated,said first router forwarding said request message packet to a third router in said outbound path, and in response, said third router broadcasting to a third plurality of peer devices a third set of session information about said request message packet and an identity of said third router, and in response, said third plurality of peer devices recording the third set of session information about said request message packet and that said third router was a third hop in said outbound path, wherein each peer device of said third plurality of peer devices is directly connected to said third router and is a device selected from the group consisting of a firewall and a router.
  - 11. A method as set forth in claim 1 further comprising in response to a device of said plurality of devices receiving said request message packet in said outbound path, said device of said plurality of devices broadcasting to said second router an identification of said device of said plurality of devices and a date/time stamp indicating a date and a time of said broadcasting to said second router by said device of said plurality of devices,wherein said device of said plurality of devices is different from said first firewall,wherein said recording the first set of session information further includes storing, in said first record of said session table of said second router, a date/time stamp indicating a date and a time of said broadcasting to said first plurality of peer devices by said first firewall, andwherein said determining from said plurality of records that said first firewall received said request message packet as said first hop before any other device of said plurality of devices received said request message packet includes determining that said date/time stamp indicating said date and said time of said broadcasting to said first plurality of peer devices by said first firewall is less than said date/time stamp indicating said date and said time of said broadcasting to said second router by said device of said plurality of devices.

6. A system for routing a response message packet, said response message packet being a response to a request message packet which traveled along an outbound path from a source computer to a destination computer, said outbound path comprising a first firewall for said source computer and a first router coupled to said first firewall, said system comprising:
- said first firewall including means, responsive to said first firewall receiving said request message packet, for broadcasting to a first plurality of peer devices a first set of session information about said request message packet and an identity of said first firewall, and in response, said first plurality of peer devices including means for recording the first set of session information about said request message packet and that said first firewall was a first hop in said outbound path, wherein said means for recording the first set of session information includes means for storing, in a first record of a session table of a second router, an identification (session ID) of a session in which said request message packet travels along said outbound path and in which said response message packet is routed from said destination computer to said source computer and an indication that said first firewall received said request message packet as said first hop, wherein each peer device of said first plurality of peer devices is directly connected to said first firewall and is a device selected from the group consisting of a firewall and a router, and wherein said first plurality of peer devices includes said first router and said second router;
  
  said first firewall including means for forwarding said request message packet to said first router, and in response, said first router including means for broadcasting to a second plurality of peer devices a second set of session information about said request message packet and an identity of said first router, and in response, said second plurality of peer devices including means for recording the second set of session information about said request message packet and that said first router was a second hop in said outbound path, wherein said means for recording the second set of session information includes means for storing, in a second record of said session table of said second router, said session ID and an indication that said first router received said request message packet as said second hop, wherein each peer device of said second plurality of peer devices is directly connected to said first router and is a device selected from the group consisting of a firewall and a router, and wherein said second plurality of peer devices includes said first firewall and said second router;
  
  said destination computer including means for generating said response message packet subsequent to said recording the second set of session information;
  
  a first device that was in said outbound path including means for determining that a second device that was in said outbound path is unavailable to receive said response message packet from said first device, wherein said first device is a device selected from the group consisting of a firewall, a router and said destination computer, and wherein said second device is a device selected from the group consisting of a firewall and a router, and wherein said determining that said second device is unavailable is performed subsequent to said generating said response message packet;
  
  said second router including means for receiving said response message packet from said first device subsequent to said determining that said second device is unavailable, wherein said receiving said response message packet is based on said second device being unavailable and said second router being in a routing table of said first device;
  
  said second router including means for determining that said second router is not in said outbound path subsequent to said second router receiving said response message packet, wherein said determining that said second router is not in said outbound path is based on said session table of said second router not including a record of said second router receiving said request message packet as a hop in said outbound path in said session;
  
  said second router including means for identifying, in said session table of said second router and subsequent to said second router receiving said response message packet, a plurality of records including said first record and said second record, wherein said identifying said plurality of records is based on said session ID in each record of said plurality of records matching an identification of said session included in said response message packet;
  
  said second router including means for determining, subsequent to said second router identifying said plurality of records, from said plurality of records that a plurality of devices including said first firewall and said first router is in said outbound path and connected to said second router, that said first firewall received said request message packet as said first hop before any other device of said plurality of devices received said request message packet, and that said first router received said request message packet as said second hop before any other device of said plurality of devices other than said first firewall; and
  
  in response to said second router determining that said plurality of devices is in said outbound path and connected to said second router, that said first firewall received said request message packet before any other device of said plurality of devices, and that said first router received said request message packet before any other device of said plurality of devices other than said first firewall, said second router including means for forwarding said response message packet to said first firewall if said first firewall is available to receive said response message packet, said second router including means for forwarding said response message packet to said first router if said first firewall is unavailable to receive said response message packet and said first router is available to receive said response message packet, and said second router including means for sending said response message packet back to said first device with instructions for said first device to update said routing table if said first firewall and said first router are unavailable to receive said response message packet.
- View Dependent Claims (7, 8, 9, 10, 12)
- - 7. A system as set forth in claim 6 wherein in response to said first router receiving said request message packet, said first router including means for recording, in a record of a session table of said first router, said session ID, a sequence number of said request message packet, an identifier of said source computer, an identifier of said destination computer, and that said first firewall was a previous hop in said outbound path.
  - 8. A system as set forth in claim 7 wherein said response message packet is forwarded to said first router by said second router, and wherein in response to said first router receiving said response message packet, said first router including means for checking said record of said session table of said first router to learn that said first firewall was the previous hop in said outbound path, and then forwarding said response message packet to said first firewall.
  - 9. A system as set forth in claim 6 further comprising:
    - prior to said first device determining that said second device is unavailable, said second device including means for periodically sending a signal to said first device indicating that said second device is active and available to receive said response message packet from said first device; and
      
      in response to said second device periodically sending said signal, said first device including means for periodically receiving said signal from said second device,wherein said means for determining that said second device is unavailable includes means for detecting a lack of said receiving said signal in a predetermined period of time.
  - 10. A system as set forth in claim 6 wherein after said first router receives said request message packet from said first firewall and before said response message packet is generated,said first router including means for forwarding said request message packet to a third router in said outbound path, and in response, said third router including means for broadcasting to a third plurality of peer devices a third set of session information about said request message packet and an identity of said third router, and in response, said third plurality of peer devices including means for recording the third set of session information about said request message packet and that said third router was a third hop in said outbound path wherein each peer device of said third plurality of peer devices is directly connected to said third router and is a device selected from the group consisting of a firewall and a router.
  - 12. A system as set forth in claim 6 further comprising in response to a device of said plurality of devices receiving said request message packet in said outbound path, said device of said plurality of devices including means for broadcasting to said second router an identification of said device of said plurality of devices and a date/time stamp indicating a date and a time of said broadcasting to said second router by said device of said plurality of devices,wherein said device of said plurality of devices is different from said first firewall,wherein said means for recording the first set of session information further includes means for storing, in said first record of said session table of said second router, a date/time stamp indicating a date and a time of said broadcasting to said first plurality of peer devices by said first firewall, andwherein said means for determining from said plurality of records that said first firewall received said request message packet as said first hop before any other device of said plurality of devices received said request message packet includes means for determining that said date/time stamp indicating said date and said time of said broadcasting to said first plurality of peer devices by said first firewall is less than said date/time stamp indicating said date and said time of said broadcasting to said second router by said device of said plurality of devices.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Trend Micro Inc.
Original Assignee
International Business Machines Corporation
Inventors
Forrester, Jason Davis
Primary Examiner(s)
Najjar, Saleh
Assistant Examiner(s)
Huq, Farzana

Application Number

US11/015,165
Publication Number

US 20060137002A1
Time in Patent Office

1,418 Days
Field of Search

709/223, 709/224, 709/237, 709/238, 709/239, 370/351
US Class Current

709/238
CPC Class Codes

H04L 45/00   Routing or path finding of ...

H04L 63/0218   Distributed architectures, ...

H04L 67/14   Session management for real...

H04L 67/63   Routing a service request d...

System, method and program product to route message packets

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

31 Citations

12 Claims

Specification

Solutions

Use Cases

Quick Links

System, method and program product to route message packets

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

31 Citations

12 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links