Coordinated environment for classification and control of network traffic

US 7,742,406 B1
Filed: 12/20/2004
Issued: 06/22/2010
Est. Priority Date: 12/20/2004
Status: Expired due to Fees

First Claim

Patent Images

1. An apparatus for use in a coordinated network traffic classification system, comprisinga memory for buffering received first packets traversing in a first direction and second packets traversing in a second direction corresponding to data flows traversing a network path;

a traffic classification engine operative to classify the data flows in a traffic class from a plurality of traffic classes;

a packet processor operative toassociate the received first packets and second packets buffered in the memory with corresponding data flows;

conditionally add traffic classification information generated by the traffic classification engine to at least one of the first packets in a first data flow;

cause a second data flow, for which at least one of the second packets includes traffic classification information, to bypass operation of one or more matching rules implemented by the traffic classification engine, wherein each of the one or more matching rules corresponds to a traffic class and comprises one or more matching attributes against which corresponding attributes of the data flows are compared; and

conditionally strip traffic classification information added to the second packets by remote second network devices; and

a flow control module operative toforward the first packets including the conditionally added traffic classification information to remote first network devices; and

forward the second packets to destination hosts.

View all claims

12 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods, apparatuses and systems directed to the coordinated classification of network traffic. In one implementation, the present invention enables a coordinated network environment for traffic classification where an upstream network device classifies a data flow and adds traffic class information to at least one packet in the data flow. Downstream network devices in the communications path to the destination host can use the traffic class information in the modified packet, bypassing at least some of the local traffic classification operations and thereby reducing CPU utilization. In one implementation, the last downstream network device strips the traffic classification information from the modified packet before it is forwarded to the destination host. Embodiments of the invention reduce or eliminate redundant network traffic classification operations performed by a plurality of network devices in a communications path.

343 Citations

21 Claims

1. An apparatus for use in a coordinated network traffic classification system, comprisinga memory for buffering received first packets traversing in a first direction and second packets traversing in a second direction corresponding to data flows traversing a network path;
- a traffic classification engine operative to classify the data flows in a traffic class from a plurality of traffic classes;
  
  a packet processor operative toassociate the received first packets and second packets buffered in the memory with corresponding data flows;
  
  conditionally add traffic classification information generated by the traffic classification engine to at least one of the first packets in a first data flow;
  
  cause a second data flow, for which at least one of the second packets includes traffic classification information, to bypass operation of one or more matching rules implemented by the traffic classification engine, wherein each of the one or more matching rules corresponds to a traffic class and comprises one or more matching attributes against which corresponding attributes of the data flows are compared; and
  
  conditionally strip traffic classification information added to the second packets by remote second network devices; and
  
  a flow control module operative toforward the first packets including the conditionally added traffic classification information to remote first network devices; and
  
  forward the second packets to destination hosts.

2. A coordinated network traffic classification system, comprisinga first network device operably connected to a first network, wherein the first network comprises at least one host;
- a second network device operably connected to a second network, wherein the second network comprises at least one host;
  
  a communication path between the first and second network devices;
  
  wherein the first network device is operative to;
  
  classify a data flow between a host on the first network and a host on the second network, wherein the data flow comprises at least one packet;
  
  modify a packet in the data flow by adding traffic class information to the packet in the data flow; and
  
  forward the modified packet including the traffic class information along the communications path to the host on the second network;
  
  wherein the second network device, comprises a network traffic classification engine operative to classify, independently from the first network device, data flows between the first and second networks, and wherein the second network device, is operative to;
  
  receive the modified packet including the traffic class information from the first network device;
  
  use the traffic class information in the modified packet to classify the data flow corresponding to the packet, to bypass operation of one or more matching rules implemented by the network traffic classification engine, wherein each of the one or more matching rules corresponds to a traffic class and comprises one or more matching attributes against which corresponding attributes of the data flows are compared; and
  
  strip the traffic class information from the modified packet.
- View Dependent Claims (3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19)
- - 3. The system of claim 2 wherein the second network device is further operative to forward the packet, stripped of the traffic class information, to the host on the second network.
  - 4. The system of claim 2 wherein the traffic class information added to the modified packet by the first network device is contained in a separate traffic class header.
  - 5. The system of claim 4 wherein the packet modified by the first network device comprises a network layer header and a transport layer header;
    - and wherein the traffic class header is inserted between the network layer and transport layer headers.
  - 6. The system of claim 2 wherein the traffic class information comprises a service identifier;
    - and wherein the network traffic classification engine uses service identifiers as matching attributes to classify data flows.
  - 7. The system of claim 2 wherein the traffic class information comprises a traffic class identifier.
  - 8. The system of claim 2 wherein the traffic class information comprises a value string that maps to a traffic class identifier.
  - 9. The system of claim 8 wherein the first network device is further operative to transmit a mapping message to the second network device, wherein the mapping message specifies the mapping between the value string and the corresponding traffic class identifier.
  - 10. The system of claim 2 wherein the network traffic classification engine uses service identifiers as matching attributes to classify data flows;
    - and wherein the traffic class information comprises a value string that maps to a service identifier.
  - 11. The system of claim 10 wherein the first network device is further operative to transmit a mapping message to the second network device, wherein the mapping message specifies the mapping between the value string and the corresponding service identifier.
  - 12. The system of claim 2 wherein the traffic class information added to the modified packet is encrypted.
  - 13. The system of claim 2 wherein the communication path comprises a packet-switched network.
  - 14. The system of claim 13 wherein the packet-switched network is a wide area network.
  - 15. The system of claim 2 wherein the communication path comprises an access link.
  - 16. The system of claim 2 further comprising a third network device disposed on the communications path between the first and second network device;
    - wherein the third network device, comprises a network traffic classification engine operative to classify, independently from the first and second network device, data flows between the first and second networks, and wherein the third network device, is operative to;
      
      receive the modified packet from the first network device;
      
      use the traffic class information in the modified packet to classify the data flow corresponding to the packet, to bypass operation of one or more matching rules implemented by the network traffic classification engine, wherein each of the one or more matching rules corresponds to a traffic class and comprises one or more matching attributes against which corresponding attributes of the data flows are compared; and
      
      forward the modified packet to the host on the second network.
  - 17. The system of claim 2 wherein the first network device is operative to add traffic class information to a first-encountered packet in the data flow.
  - 18. The system of claim 17 wherein the second network device, after detection of the traffic class information in the modified packet, bypasses operation of one or more matching rules implemented by the network traffic classification engine for all packets in the data flow subsequent to the modified packet.
  - 19. The system of claim 17 wherein the first network device is operative to add traffic class information to at least one packet in the data flow subsequent to the first-encountered packet, when traffic class information additional to the traffic class information added to the first-encountered packet is obtained.

20. A method for use in a coordinated network traffic classification system, comprisingbuffering in a memory received first packets traversing in a first direction and second packets traversing in a second direction corresponding to data flows traversing a network path;
- invoking a traffic classification engine operative to classify the data flows in a traffic class from a plurality of traffic classes;
  
  associating the received first packets and second packets buffered in the memory with corresponding data flows;
  
  conditionally adding traffic classification information generated by the traffic classification engine to at least one of the first packets in a first data flow;
  
  causing a second data flow, for which at least one of the second packets includes traffic classification information, to bypass operation of one or more matching rules implemented by the traffic classification engine, wherein each of the one or more matching rules corresponds to a traffic class and comprises one or more matching attributes against which corresponding attributes of the data flows are compared; and
  
  conditionally stripping traffic classification information added to the second packets by remote second network devices;
  
  forward the first packets including the conditionally added traffic classification information to remote first network devices; and
  
  forwarding the second packets to destination hosts.

21. A network device, comprising:
- one or more network interfaces;
  
  a memory;
  
  a processor; and
  
  computer-executable program code stored in the memory and executable by the processor, the computer-executable program code comprising;
  
  a packet processor module comprising computer-executable instructions configured, when executed, to cause the processor to process a packet received at the network device, the packet being sent from a source network device to a destination network device along a communication path on which the network device is disposed, comprising;
  
  determine whether traffic classification information is contained in the packet;
  
  if the traffic classification information is not contained in the packet, then;
  
  cause a traffic classification engine module to generate the traffic classification information for the packet;
  
  add the traffic classification information to the packet; and
  
  cause a flow controller module to forward the packet together with the traffic classification information to a next network device along the communication path; and
  
  if the traffic classification information is contained in the packet, thendetermine whether the next network device along the communication path is the destination network device; and
  
  if the next network device is not the destination network device, then;
  
  provide the traffic classification information to the traffic classification engine module;
  
  cause the traffic classification engine module to bypass operation of one or more matching rules corresponding to a traffic class specified in the traffic classification information; and
  
  cause the flow controller module to forward the packet together with the traffic classification information to the next network device along the communication path; and
  
  if the next network device is the destination network device, then;
  
  remove the traffic classification information from the packet; and
  
  cause the flow controller module to forward the packet without the traffic classification information to the destination network device;
  
  the traffic classification engine module comprising computer-executable instructions configured, when executed, to cause the processor to;
  
  determine the traffic class and generate the traffic classification information for the packet based on a data flow to which the packet belongs; and
  
  operate the one or more matching rules corresponding to the traffic class of the packet; and
  
  the flow controller module comprising computer-executable instructions configured, when executed, to cause the processor to forward the packet along the communication path.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
CA, Inc. (d/b/a CA Technologies) (Broadcom, Inc.)
Original Assignee
Packeteer Incorporated (Gen Digital Inc.)
Inventors
Muppala, Suresh
Primary Examiner(s)
Sheikh; Ayaz R
Assistant Examiner(s)
Weidner; Timothy J

Application Number

US11/019,502
Time in Patent Office

2,010 Days
Field of Search

None
US Class Current

370/230
CPC Class Codes

H04L 41/5022   by giving priorities, e.g. ...

H04L 43/0876   Network utilisation, e.g. v...

H04L 47/10   Flow control; Congestion co...

H04L 47/2441   relying on flow classificat...

Coordinated environment for classification and control of network traffic

First Claim

12 Assignments

0 Petitions

Accused Products

Abstract

343 Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

Coordinated environment for classification and control of network traffic

First Claim

12 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

343 Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links