Classification and management of network traffic based on attributes orthogonal to explicit packet attributes
First Claim
1. A method facilitating management of network traffic, comprisingdetecting, at a network device, data flows in network traffic traversing a communications path, wherein the data flows each comprise at least one packet transmitted between respective source and destination nodes;
- maintaining, at the network device, one or more metrics in association with each of the data flows, wherein the one or more metrics is orthogonal to the explicitly presented attributes of the packets in the data flows;
matching the data flow to a plurality of traffic classes, wherein at least one of the traffic classes is defined, at least in part, by one or more metric values, wherein matching the data flow, for the at least one of the traffic classes, comprises comparing the one or more metrics associated with the data flow to corresponding ones of the one or metric values of the at least one of the traffic classes; and
having found a matching traffic class in the plurality of traffic classes, associating the data flow with the matching traffic class;
wherein at least one of the one or more metrics is a behavioral metric corresponding to the source or destination nodes relative to a behavioral attribute the behavioral attribute being an instance of any of the following;
a total number of current connections a total number of current connections for which a node is client, a total number of current connections for which a node is a server, a total number of current TCP connections, a total number of UDP connections, a server new flow rate, a client new flow rate, a server TCP new flow rate, a server UDP new flow rate, a client TCP new flow rate, a client UDP new flow rate, a rate of failed flows.
12 Assignments
0 Petitions
Accused Products
Abstract
Classification of network traffic based on conditions orthogonal to explicit attributes of packets in network traffic. In one implementation, classification of network traffic based on the behavior of one or more nodes associated with the network traffic. In one implementation, a mechanism is provided that allows for the creation of matching rule predicates that match to certain node behaviors of interest and cause the application of appropriate policies to the network traffic. In one implementation, the node behavior matching functionality can be combined to seamlessly operate in connection with other Layer 7 traffic classification mechanisms that operate on explicitly-presented attributes of the packets.
137 Citations
19 Claims
-
1. A method facilitating management of network traffic, comprising
detecting, at a network device, data flows in network traffic traversing a communications path, wherein the data flows each comprise at least one packet transmitted between respective source and destination nodes; -
maintaining, at the network device, one or more metrics in association with each of the data flows, wherein the one or more metrics is orthogonal to the explicitly presented attributes of the packets in the data flows; matching the data flow to a plurality of traffic classes, wherein at least one of the traffic classes is defined, at least in part, by one or more metric values, wherein matching the data flow, for the at least one of the traffic classes, comprises comparing the one or more metrics associated with the data flow to corresponding ones of the one or metric values of the at least one of the traffic classes; and having found a matching traffic class in the plurality of traffic classes, associating the data flow with the matching traffic class; wherein at least one of the one or more metrics is a behavioral metric corresponding to the source or destination nodes relative to a behavioral attribute the behavioral attribute being an instance of any of the following;
a total number of current connections a total number of current connections for which a node is client, a total number of current connections for which a node is a server, a total number of current TCP connections, a total number of UDP connections, a server new flow rate, a client new flow rate, a server TCP new flow rate, a server UDP new flow rate, a client TCP new flow rate, a client UDP new flow rate, a rate of failed flows.- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A method facilitating management of network traffic, comprising
detecting data flows in network traffic traversing a communications path, wherein the data flows each comprise at least one packet transmitted between respective source and destination nodes; -
recording, based on the detected data flows, behavioral metrics for the source and destination nodes relative to a behavioral attribute, the behavioral attribute being an instance of any of the following;
a total number of current connections, a total number of current connections for which a node is client, a total number of current connections for which a node is a server, a total number of current TCP connections, a total number of UDP connections, a server flow rate, a client flow rate, a server TCP flow rate, a server UDP flow rate, a client TCP flow rate, a client UDP flow rate, a rate of failed flows;matching the data flow to a plurality of traffic classes, wherein at least one of the traffic classes is defined, at least in part, by the behavioral attribute, wherein matching the data flow, for the at least one of the traffic classes, comprises comparing the behavioral metrics associated with the data flow to corresponding ones of the behavioral attribute of the at least one of the traffic classes; and having found a matching traffic class in the plurality of traffic classes, associating the data flow with the matching traffic class. - View Dependent Claims (10, 11, 12, 13)
-
-
14. A method facilitating management of network traffic, comprising
detecting data flows in network traffic traversing a communications path, wherein the data flows each comprise at least one packet transmitted between respective source and destination nodes; -
monitoring, based on the detected data flows, a number of transport layer connections associated with the source and destination nodes corresponding to the data flows; matching the data flows to a plurality of traffic classes, wherein at least one traffic class is defined at least in part by one or more explicitly presented packet attributes and a number of transport layer connections associated with the source or destination node; having found respective matching traffic classes in the plurality of traffic classes, associating the data flows with the respective matching traffic classes. - View Dependent Claims (15, 16)
-
-
17. A method facilitating management of network traffic, comprising
detecting, at a network device, data flows in network traffic traversing a communications path, wherein the data flows each comprise at least one packet transmitted between respective inside and outside nodes relative to the network device; -
monitoring, based on the detected data flows, a number of transport layer connections associated with the inside and outside nodes corresponding to the data flows; matching the data flows to a plurality of traffic classes, wherein at least one traffic class is defined at least in part by one or more explicitly presented packet attributes and a number of transport layer connections associated with the inside or outside node; having found respective matching traffic classes in the plurality of traffic classes, associating the data flows with the respective matching traffic classes. - View Dependent Claims (18, 19)
-
Specification