Classification and management of network traffic based on attributes orthogonal to explicit packet attributes

US 7,545,748 B1
Filed: 09/10/2004
Issued: 06/09/2009
Est. Priority Date: 09/10/2004
Status: Active Grant

First Claim

Patent Images

1. A method facilitating management of network traffic, comprisingdetecting, at a network device, data flows in network traffic traversing a communications path, wherein the data flows each comprise at least one packet transmitted between respective source and destination nodes;

maintaining, at the network device, one or more metrics in association with each of the data flows, wherein the one or more metrics is orthogonal to the explicitly presented attributes of the packets in the data flows;

matching the data flow to a plurality of traffic classes, wherein at least one of the traffic classes is defined, at least in part, by one or more metric values, wherein matching the data flow, for the at least one of the traffic classes, comprises comparing the one or more metrics associated with the data flow to corresponding ones of the one or metric values of the at least one of the traffic classes; and

having found a matching traffic class in the plurality of traffic classes, associating the data flow with the matching traffic class;

wherein at least one of the one or more metrics is a behavioral metric corresponding to the source or destination nodes relative to a behavioral attribute the behavioral attribute being an instance of any of the following;

a total number of current connections a total number of current connections for which a node is client, a total number of current connections for which a node is a server, a total number of current TCP connections, a total number of UDP connections, a server new flow rate, a client new flow rate, a server TCP new flow rate, a server UDP new flow rate, a client TCP new flow rate, a client UDP new flow rate, a rate of failed flows.

View all claims

12 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Classification of network traffic based on conditions orthogonal to explicit attributes of packets in network traffic. In one implementation, classification of network traffic based on the behavior of one or more nodes associated with the network traffic. In one implementation, a mechanism is provided that allows for the creation of matching rule predicates that match to certain node behaviors of interest and cause the application of appropriate policies to the network traffic. In one implementation, the node behavior matching functionality can be combined to seamlessly operate in connection with other Layer 7 traffic classification mechanisms that operate on explicitly-presented attributes of the packets.

137 Citations

19 Claims

1. A method facilitating management of network traffic, comprisingdetecting, at a network device, data flows in network traffic traversing a communications path, wherein the data flows each comprise at least one packet transmitted between respective source and destination nodes;
- maintaining, at the network device, one or more metrics in association with each of the data flows, wherein the one or more metrics is orthogonal to the explicitly presented attributes of the packets in the data flows;
  
  matching the data flow to a plurality of traffic classes, wherein at least one of the traffic classes is defined, at least in part, by one or more metric values, wherein matching the data flow, for the at least one of the traffic classes, comprises comparing the one or more metrics associated with the data flow to corresponding ones of the one or metric values of the at least one of the traffic classes; and
  
  having found a matching traffic class in the plurality of traffic classes, associating the data flow with the matching traffic class;
  
  wherein at least one of the one or more metrics is a behavioral metric corresponding to the source or destination nodes relative to a behavioral attribute the behavioral attribute being an instance of any of the following;
  
  a total number of current connections a total number of current connections for which a node is client, a total number of current connections for which a node is a server, a total number of current TCP connections, a total number of UDP connections, a server new flow rate, a client new flow rate, a server TCP new flow rate, a server UDP new flow rate, a client TCP new flow rate, a client UDP new flow rate, a rate of failed flows.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1 wherein one of the one or more metrics is the computational load of a network device in the communications path.
  - 3. The method of claim 1 wherein one of the one or more metrics is a CPU utilization corresponding to a network device in the communications path.
  - 4. The method of claim 1 wherein one of the one or more metrics characterizes an attribute of the communications path.
  - 5. The method of claim 4 wherein the attribute of the communications path is the round trip time.
  - 6. The method of claim 4 wherein the attribute of the communications path is a packet exchange time.
  - 7. The method of claim 1 wherein one of the one or more metrics is server delay.
  - 8. The method of claim 1 further comprisingcontrolling the data flows based on the corresponding traffic classes identified in the matching step.

9. A method facilitating management of network traffic, comprisingdetecting data flows in network traffic traversing a communications path, wherein the data flows each comprise at least one packet transmitted between respective source and destination nodes;
- recording, based on the detected data flows, behavioral metrics for the source and destination nodes relative to a behavioral attribute, the behavioral attribute being an instance of any of the following;
  
  a total number of current connections, a total number of current connections for which a node is client, a total number of current connections for which a node is a server, a total number of current TCP connections, a total number of UDP connections, a server flow rate, a client flow rate, a server TCP flow rate, a server UDP flow rate, a client TCP flow rate, a client UDP flow rate, a rate of failed flows;
  
  matching the data flow to a plurality of traffic classes, wherein at least one of the traffic classes is defined, at least in part, by the behavioral attribute, wherein matching the data flow, for the at least one of the traffic classes, comprises comparing the behavioral metrics associated with the data flow to corresponding ones of the behavioral attribute of the at least one of the traffic classes; and
  
  having found a matching traffic class in the plurality of traffic classes, associating the data flow with the matching traffic class.
- View Dependent Claims (10, 11, 12, 13)
- - 10. The method of claim 9 further comprisingparsing explicit attributes of at least one packet associated with the data flows into a flow specification, and wherein the matching step comprisesmatching the flow specification to the plurality of traffic classes.
  - 11. The method of claim 10 wherein the flow specification contains at least one instance of any one of the following:
    - a protocol family designation, a direction of packet flow designation, a protocol type designation, a pair of hosts, a pair of ports, a service identifier, a differential network service identifier, a network interface identifier, an MPLS tag, a VLAN identifier, the location of an end-point, a network address, a subnet, a MAC address, and a pointer to an application-specific attribute.
  - 12. The method of claim 10 wherein at least one of the traffic classes is defined by one or more matching attributes, wherein said flow specification contains, and the one or more matching attributes, include, at least one instance of any one of the following:
    - a protocol family designation, a direction of packet flow designation, a protocol type designation, a pair of hosts, a pair of ports, a service identifier, a network interface identifier, a differential network service identifier, an MPLS tag, a VLAN identifier, the location of an end-point, a network address, a subnet, a MAC address, and a pointer to an application-specific attribute.
  - 13. The method of claim 9 further comprisingcontrolling the data flows based on the corresponding traffic classes identified in the matching step.

14. A method facilitating management of network traffic, comprisingdetecting data flows in network traffic traversing a communications path, wherein the data flows each comprise at least one packet transmitted between respective source and destination nodes;
- monitoring, based on the detected data flows, a number of transport layer connections associated with the source and destination nodes corresponding to the data flows;
  
  matching the data flows to a plurality of traffic classes, wherein at least one traffic class is defined at least in part by one or more explicitly presented packet attributes and a number of transport layer connections associated with the source or destination node;
  
  having found respective matching traffic classes in the plurality of traffic classes, associating the data flows with the respective matching traffic classes.
- View Dependent Claims (15, 16)
- - 15. The method of claim 14 further comprisingparsing explicit attributes of at least one packet associated with the data flows into respective flow specifications, and wherein the matching step comprisesmatching the flow specifications to the plurality of traffic classes.
  - 16. The method of claim 14 further comprisingcontrolling the data flows based on the corresponding traffic classes identified in the matching step.

17. A method facilitating management of network traffic, comprisingdetecting, at a network device, data flows in network traffic traversing a communications path, wherein the data flows each comprise at least one packet transmitted between respective inside and outside nodes relative to the network device;
- monitoring, based on the detected data flows, a number of transport layer connections associated with the inside and outside nodes corresponding to the data flows;
  
  matching the data flows to a plurality of traffic classes, wherein at least one traffic class is defined at least in part by one or more explicitly presented packet attributes and a number of transport layer connections associated with the inside or outside node;
  
  having found respective matching traffic classes in the plurality of traffic classes, associating the data flows with the respective matching traffic classes.
- View Dependent Claims (18, 19)
- - 18. The method of claim 17 further comprisingcontrolling the data flows based on the corresponding traffic classes identified in the matching step.
  - 19. The method of claim 17 further comprisingparsing explicit attributes of at least one packet associated with the data flows into respective flow specifications, and wherein the matching step comprisesmatching the flow specifications to the plurality of traffic classes.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
CA, Inc. (d/b/a CA Technologies) (Broadcom, Inc.)
Original Assignee
Packeteer Incorporated (Gen Digital Inc.)
Inventors
Riddle, Guy
Primary Examiner(s)
Tran; Phuc H

Application Number

US10/938,435
Time in Patent Office

1,733 Days
Field of Search

370229-235
US Class Current

370/235
CPC Class Codes

H04L 41/0213   Standardised network manage...

H04L 43/08   Monitoring or testing based...

H04L 47/10   Flow control; Congestion co...

H04L 47/193   at the transport layer, e.g...

H04L 47/2425   for supporting services spe...

H04L 47/2441   relying on flow classificat...

H04L 47/283   in response to processing d...

Classification and management of network traffic based on attributes orthogonal to explicit packet attributes

First Claim

12 Assignments

0 Petitions

Accused Products

Abstract

137 Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

Classification and management of network traffic based on attributes orthogonal to explicit packet attributes

First Claim

12 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

137 Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links