Triggering flow analysis at intermediary devices

US 7,706,278 B2
Filed: 01/24/2007
Issued: 04/27/2010
Est. Priority Date: 01/24/2007
Status: Active Grant

First Claim

Patent Images

1. An apparatus, comprising:

processing circuitry; and

a memory coupled to the processing circuitry comprising instructions executable by the processing circuitry, the processing circuitry operable when executing the instructions to;

decrement lifetime values of incoming packets before performing a forwarding function;

filter the packets according to whether they are expired or not by analyzing the decremented lifetime values;

examine only the filtered packets having the exceeded lifetime for a monitoring request, wherein the processing circuitry does not conduct the monitoring request examination for the non-expired packets;

if the monitoring request is located in an expired one the packets according to the examination, extract a call flow identifier from the monitoring request;

compare the extracted call flow identifier to received call flows to identify any call flows corresponding to the extracted call flow identifier; and

conduct an ongoing monitoring of any identified call flows, said ongoing call flow monitoring performed according to any monitoring parameters included in the monitoring request and, said ongoing call flow monitoring including at least one selected from the group including counting packets in the call flow and measuring inter-arrival jitter of the call flow packets.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In one embodiment, a router examines an incoming packet for a flow monitoring request. The router may examine every packet for the flow monitoring request, or preferably may only examine packets including a lifetime value indicating that the packet should be dropped and not forwarded or may only examine packets having a predetermined message format. When the flow monitoring request is included, the router performs detailed flow analysis or other monitoring according to the flow monitoring request.

167 Citations

21 Claims

1. An apparatus, comprising:
- processing circuitry; and
  
  a memory coupled to the processing circuitry comprising instructions executable by the processing circuitry, the processing circuitry operable when executing the instructions to;
  
  decrement lifetime values of incoming packets before performing a forwarding function;
  
  filter the packets according to whether they are expired or not by analyzing the decremented lifetime values;
  
  examine only the filtered packets having the exceeded lifetime for a monitoring request, wherein the processing circuitry does not conduct the monitoring request examination for the non-expired packets;
  
  if the monitoring request is located in an expired one the packets according to the examination, extract a call flow identifier from the monitoring request;
  
  compare the extracted call flow identifier to received call flows to identify any call flows corresponding to the extracted call flow identifier; and
  
  conduct an ongoing monitoring of any identified call flows, said ongoing call flow monitoring performed according to any monitoring parameters included in the monitoring request and, said ongoing call flow monitoring including at least one selected from the group including counting packets in the call flow and measuring inter-arrival jitter of the call flow packets.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The apparatus of claim 1, wherein the examined packets correspond to a traceroute initiated by an endpoint for the call flow.
  - 3. The apparatus of claim 1, wherein the monitoring request is located in a payload of an address request message.
  - 4. The apparatus of claim 1, wherein the processing circuitry is further operable to insert the call flow identifier into locally generated monitoring results.
  - 5. The apparatus of claim 1, wherein the processing circuitry is further operable to send an error message usable by an endpoint to discover the presence of a router located on a call path.

6. An apparatus, comprising:
- processing circuitry; and
  
  a memory coupled to the processing circuitry comprising instructions executable by the processing circuitry, the processing circuitry operable when executing the instructions to;
  
  perform an initial inspection of incoming packets to identify those ones of the incoming packets that are expired;
  
  perform a subsequent inspection only on the expired packets to locate any triggers included therein for initiating data streams analysis;
  
  analyze received data streams to identify any data streams corresponding to the triggers from the expired packets; and
  
  if any data streams are identified, initiate an analysis of the identified data streams according to the corresponding triggers from the expired packets;
  
  wherein the triggers are included in payloads of Simple Traversal of User Datagram Protocol (UDP) Through Network Address Translators (NATs) (STUN) requests.
- View Dependent Claims (7, 8, 9, 18, 19)
- - 7. The apparatus of claim 6, wherein only those ones of the packets that have exceeded lifetimes and that are to be dropped without forwarding receive the subsequent inspection.
  - 8. The apparatus of claim 6 wherein the processing circuitry is configured to, if the corresponding trigger from the expired packet includes a Universal Resource Location (URL), store results of the data stream analysis in a non-default location.
  - 9. The apparatus of claim 6, wherein the data streams associated with the analysis are selected to correspond with identifiers included in the triggers.
  - 18. The apparatus of claim 6, wherein the data stream analysis includes at least one selected from the group including counting packets in the data streams and measuring inter-arrival jitter of the data stream packets.
  - 19. The apparatus of claim 18, wherein the data stream analysis is continuous for a duration specified in the identified packets.

10. An apparatus, comprising:
- processing circuitry; and
  
  a memory coupled to the processing circuitry comprising instructions executable by the processing circuitry, the processing circuitry operable when executing the instructions to;
  
  perform an initial inspection of incoming packets to identify those ones of the incoming packets that are expired;
  
  perform a subsequent inspection only on the expired packets to locate any triggers included in payloads of Simple Traversal of User Datagram Protocol (UDP) Through Network Address Translators (NATs) (STUN) requests, the triggers for initiating data stream analysis;
  
  analyze received data streams to identify any data streams corresponding to the triggers from the expired packets; and
  
  if any data streams are identified, initiate an analysis of the identified data streams according to the corresponding trigger from the expired packet;
  
  wherein the data streams associated with the analysis are selected to correspond with an identifier included in the expired packets; and
  
  wherein the initiated analysis is different than any default packet flow analysis performed on the data streams before the initiated analysis begins.
- View Dependent Claims (20)
- - 20. The apparatus of claim 10, wherein the data stream analysis includes at least one selected from the group including counting packets in the data streams and measuring inter-arrival jitter of the data stream packets.

11. An apparatus, comprising:
- means for generating a plurality of trace packets formatted to elicit a plurality of on-path intermediary devices to drop the packets and report an error before the packets reach a destination address included in the packets;
  
  means for inserting Simple Traversal of User Datagram Protocol (UDP) Through Network Address Translators (NATs) (STUN) requests into the trace packets; and
  
  means for inserting a monitoring request into payloads of the STUN requests, the monitoring request formatted to trigger the on-path intermediary devices to initiate call flow monitoring, the monitoring request including an identifier to be used by the on-path intermediary devices to select amongst received call flows and perform the monitoring on only the selected flow or flows.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 21)
- - 12. The apparatus of claim 11, wherein the packets include a request for a remote endpoint to send back a STUN response.
  - 13. The apparatus of claim 11, further comprising means for formatting the monitoring request to specify an inter-arrival jitter analysis.
  - 14. The apparatus of claim 11, wherein the packets comprise a portion of a traceroute.
  - 15. The apparatus of claim 14, wherein the traceroute is a Real Time Protocol (RTP) traceroute.
  - 16. The apparatus of claim 11, wherein each of the packets are formatted to achieve a different amount of network hops prior to being dropped.
  - 17. The apparatus of claim 11, wherein each of the packets are formatted to initiate monitoring on a different respective one of the on-path intermediary devices that drops the packet.
  - 21. The apparatus of claim 11, wherein the call flow monitoring to be initiated by the on-path intermediary devices includes at least one selected from the group including counting packets in data streams and measuring inter-arrival jitter of the data stream packets.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Original Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Inventors
Biskner, Robert J., Mostafa, Mohamed S., Wing, Daniel G., Kumar, Rajesh
Primary Examiner(s)
Rao; Seema S
Assistant Examiner(s)
Wu; Jianye

Application Number

US11/626,819
Publication Number

US 20080175162A1
Time in Patent Office

1,189 Days
Field of Search

370/389, 370/241, 370/242, 370/252
US Class Current

370/236
CPC Class Codes

H04L 43/026   using flow identification

H04L 43/0829   Packet loss

H04L 43/16   Threshold monitoring

H04L 47/10   Flow control; Congestion co...

H04L 47/286   Time to live

H04L 47/32   by discarding or delaying d...

Y02D 30/50   in wire-line communication ...

Triggering flow analysis at intermediary devices

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

167 Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

Triggering flow analysis at intermediary devices

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

167 Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links