Method and apparatus for preserving data in a system implementing Diffserv and IPsec protocol

US 7,746,781 B1
Filed: 06/30/2003
Issued: 06/29/2010
Est. Priority Date: 06/30/2003
Status: Active Grant

First Claim

Patent Images

1. An apparatus comprising:

means for receiving a plurality of packets having an associated plurality of sequence numbers, wherein each one of the packets in the plurality of packets has a quality of service level associated therewith, and wherein there are at least two types of service levels;

a first look-back window of a first size for packets associated with a first service level;

a second look-back window of a second size for packets associated with a second service level,wherein the first look-back window is different than the second look-back window and the first size is different than the second size and the first service level is different than the second service level;

means for comparing, for each received packet, a received sequence number of each received packet against a set of previously received sequence numbers, wherein the set of sequence numbers includes only sequence numbers of packets previously received within a look-back window associated with a quality of service level type corresponding to the quality of service level type of the received packet and wherein a number of previously received sequence numbers for each set differs for at least two quality of service levels because the first size is different than the second size; and

means for discarding the received packet in the event of a match between the received sequence number and any of the sequence numbers in the set of sequence numbers in the look-back window of the same quality of service level type.

View all claims

10 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An improved method is described for providing Differentiated Services (Diffserv) traffic to a node in a network that implements a security method that discards duplicate packets received at the node. The method includes the step of identifying at least two service levels to be provided to received traffic and assigning separate sequential sequence numbers and different anti-replay bitmasks to each of the service levels. The anti-replay bitmask indicates the sequence numbers of packets that have been previously received at the node that should be compared against a received packet to determine whether a duplicate packet has been received. Such an arrangement reduces the possibility that traffic having lower priority is dropped as a security measure.

114 Citations

13 Claims

1. An apparatus comprising:
- means for receiving a plurality of packets having an associated plurality of sequence numbers, wherein each one of the packets in the plurality of packets has a quality of service level associated therewith, and wherein there are at least two types of service levels;
  
  a first look-back window of a first size for packets associated with a first service level;
  
  a second look-back window of a second size for packets associated with a second service level,wherein the first look-back window is different than the second look-back window and the first size is different than the second size and the first service level is different than the second service level;
  
  means for comparing, for each received packet, a received sequence number of each received packet against a set of previously received sequence numbers, wherein the set of sequence numbers includes only sequence numbers of packets previously received within a look-back window associated with a quality of service level type corresponding to the quality of service level type of the received packet and wherein a number of previously received sequence numbers for each set differs for at least two quality of service levels because the first size is different than the second size; and
  
  means for discarding the received packet in the event of a match between the received sequence number and any of the sequence numbers in the set of sequence numbers in the look-back window of the same quality of service level type.

2. A method for determining whether to discard a received packet at a node, the method including the steps of:
- establishing a first look-back window of a first size for packets associated with a first service level;
  
  establishing a second look-back window of a second size for packets associated with a second service level, where the first look-back window is different than the second look-back window and the first size is different than the second size and the first service level is different than the second service level;
  
  comparing a sequence number associated with a first received packet against sequence numbers associated with a selected number of previously received packets in the first look-back window, the selected number determined by the first size, wherein the first received packet has a quality of service level associated therewith, the wherein the selected number of previously received packets are of the same quality of service level as the first received packet;
  
  comparing a sequence number associated with a second received packet against sequence numbers associated with a selected number of previously received packets in the second look-back window, the selected number determined by the second size, wherein the second received packet has a quality of service level associated therewith that differs from the first received packet, and wherein the selected number of previously received packets are of the same quality of service level as the second received packet, whereby the selected number of previously received packets examined in the step of comparing differs for at least two quality of service levels;
  
  discarding the first received packet in the event of a match between any one of the sequence numbers associated with the previously received packets in the first look-back window and the sequence number associated with the first received packet; and
  
  discarding the second received packet in the event of a match between any one of the sequence numbers associated with the previously received packets in the second look-back window and the sequence number associated with the second received packet,whereby the number of sequence numbers compared with the sequence number of the first received packet differs from the number of sequence numbers compares with the sequence number of the second packet.
- View Dependent Claims (3, 4, 5, 6, 7, 8)
- - 3. The method according to claim 2, further comprising forwarding the received packet for processing in the event that there is no match between any one of the sequence numbers associated with the selected number of previously received packets having the same quality of service as the received packet and the sequence number of the received packet.
  - 4. The method according to claim 2 further comprising forwarding the received packet for processing in the event that the received packet is received a predetermined time after the selected number of previously received packets.
  - 5. The method of claim 2, wherein the quality of service level is determined in response to a differentiated services codepoint (DSCP) associated with the packet.
  - 6. The method according to claim 3, wherein at least one of the quality of service levels corresponds to a Best Efforts (BE) per hop behavior.
  - 7. The method according to claim 3, wherein at least one of the quality of service levels corresponds to an Expedited Forwarding (EP) per hop behavior.
  - 8. The method according to claim 3, wherein at least one of the quality of service levels corresponds to an Assured Forwarding (AF) per hop behavior.

9. An apparatus for discarding redundant packets received at a receiving node, comprising:
- a sequence number buffer, for storing sequence numbers associated with packets received at the receiving node, wherein a packet is assigned a sequence number responsive to a quality of service level of the packet and a sequence number of a prior packet having the quality of service level of the packet;
  
  a first look-back window of a first size for packets associated with a first service level;
  
  a second look-back window of a second size for packets associated with a second service level,wherein the first look-back window is different than the second look-back window and the first size is different than the second size and the first service level is different than the second service level;
  
  an anti-replay bitmask table including a first entry associated with the first look-back window and a second entry associated with the second look-back window, each entry associated with a different quality of service level and storing the bitmask of sequence numbers of previously received packets to be compared in determining whether to discard a received packet, wherein a number of sequence numbers of previously received packets that are compared differs for at least two quality of service levels because the first size is different than the second size.
- View Dependent Claims (10, 11, 12, 13)
- - 10. The apparatus of claim 9, wherein one of the entries of the anti-replay bitmask table is associated with an Expedited Forwarding (EF) service level.
  - 11. The apparatus of claim 9, wherein one of the entries of the anti-replay bitmask table is associated with an Assured Forwarding (AF) service level.
  - 12. The apparatus of claim 9, wherein one of the entries of the anti-replay bitmask table is associated with a Best Effort (BE) service level.
  - 13. The apparatus of claim 9, wherein the apparatus operates according to an Internet Protocol Security (IPsec) protocol.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
RPX Clearinghouse LLC (RPX Corporation)
Original Assignee
Nortel Networks Limited (Nortel Networks Corporation)
Inventors
Xiang, Jing
Primary Examiner(s)
Ngo, Ricky
Assistant Examiner(s)
PATEL, CHANDRAHAS B

Application Number

US10/611,392
Time in Patent Office

2,556 Days
Field of Search

370/392, 370/389, 370/235, 370/230
US Class Current

370/235
CPC Class Codes

H04L 1/08 by repeating transmission, ...

H04L 47/2408 for supporting different se...

Method and apparatus for preserving data in a system implementing Diffserv and IPsec protocol

First Claim

10 Assignments

0 Petitions

Accused Products

Abstract

114 Citations

13 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus for preserving data in a system implementing Diffserv and IPsec protocol

First Claim

10 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

114 Citations

13 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links