Method and apparatus for preserving data in a system implementing Diffserv and IPsec protocol
First Claim
1. An apparatus comprising:
- means for receiving a plurality of packets having an associated plurality of sequence numbers, wherein each one of the packets in the plurality of packets has a quality of service level associated therewith, and wherein there are at least two types of service levels;
a first look-back window of a first size for packets associated with a first service level;
a second look-back window of a second size for packets associated with a second service level,wherein the first look-back window is different than the second look-back window and the first size is different than the second size and the first service level is different than the second service level;
means for comparing, for each received packet, a received sequence number of each received packet against a set of previously received sequence numbers, wherein the set of sequence numbers includes only sequence numbers of packets previously received within a look-back window associated with a quality of service level type corresponding to the quality of service level type of the received packet and wherein a number of previously received sequence numbers for each set differs for at least two quality of service levels because the first size is different than the second size; and
means for discarding the received packet in the event of a match between the received sequence number and any of the sequence numbers in the set of sequence numbers in the look-back window of the same quality of service level type.
10 Assignments
0 Petitions
Accused Products
Abstract
An improved method is described for providing Differentiated Services (Diffserv) traffic to a node in a network that implements a security method that discards duplicate packets received at the node. The method includes the step of identifying at least two service levels to be provided to received traffic and assigning separate sequential sequence numbers and different anti-replay bitmasks to each of the service levels. The anti-replay bitmask indicates the sequence numbers of packets that have been previously received at the node that should be compared against a received packet to determine whether a duplicate packet has been received. Such an arrangement reduces the possibility that traffic having lower priority is dropped as a security measure.
-
Citations
13 Claims
-
1. An apparatus comprising:
-
means for receiving a plurality of packets having an associated plurality of sequence numbers, wherein each one of the packets in the plurality of packets has a quality of service level associated therewith, and wherein there are at least two types of service levels; a first look-back window of a first size for packets associated with a first service level; a second look-back window of a second size for packets associated with a second service level, wherein the first look-back window is different than the second look-back window and the first size is different than the second size and the first service level is different than the second service level; means for comparing, for each received packet, a received sequence number of each received packet against a set of previously received sequence numbers, wherein the set of sequence numbers includes only sequence numbers of packets previously received within a look-back window associated with a quality of service level type corresponding to the quality of service level type of the received packet and wherein a number of previously received sequence numbers for each set differs for at least two quality of service levels because the first size is different than the second size; and means for discarding the received packet in the event of a match between the received sequence number and any of the sequence numbers in the set of sequence numbers in the look-back window of the same quality of service level type.
-
-
2. A method for determining whether to discard a received packet at a node, the method including the steps of:
-
establishing a first look-back window of a first size for packets associated with a first service level; establishing a second look-back window of a second size for packets associated with a second service level, where the first look-back window is different than the second look-back window and the first size is different than the second size and the first service level is different than the second service level; comparing a sequence number associated with a first received packet against sequence numbers associated with a selected number of previously received packets in the first look-back window, the selected number determined by the first size, wherein the first received packet has a quality of service level associated therewith, the wherein the selected number of previously received packets are of the same quality of service level as the first received packet; comparing a sequence number associated with a second received packet against sequence numbers associated with a selected number of previously received packets in the second look-back window, the selected number determined by the second size, wherein the second received packet has a quality of service level associated therewith that differs from the first received packet, and wherein the selected number of previously received packets are of the same quality of service level as the second received packet, whereby the selected number of previously received packets examined in the step of comparing differs for at least two quality of service levels; discarding the first received packet in the event of a match between any one of the sequence numbers associated with the previously received packets in the first look-back window and the sequence number associated with the first received packet; and discarding the second received packet in the event of a match between any one of the sequence numbers associated with the previously received packets in the second look-back window and the sequence number associated with the second received packet, whereby the number of sequence numbers compared with the sequence number of the first received packet differs from the number of sequence numbers compares with the sequence number of the second packet. - View Dependent Claims (3, 4, 5, 6, 7, 8)
-
-
9. An apparatus for discarding redundant packets received at a receiving node, comprising:
-
a sequence number buffer, for storing sequence numbers associated with packets received at the receiving node, wherein a packet is assigned a sequence number responsive to a quality of service level of the packet and a sequence number of a prior packet having the quality of service level of the packet; a first look-back window of a first size for packets associated with a first service level; a second look-back window of a second size for packets associated with a second service level, wherein the first look-back window is different than the second look-back window and the first size is different than the second size and the first service level is different than the second service level; an anti-replay bitmask table including a first entry associated with the first look-back window and a second entry associated with the second look-back window, each entry associated with a different quality of service level and storing the bitmask of sequence numbers of previously received packets to be compared in determining whether to discard a received packet, wherein a number of sequence numbers of previously received packets that are compared differs for at least two quality of service levels because the first size is different than the second size. - View Dependent Claims (10, 11, 12, 13)
-
Specification