Methods, apparatuses and systems facilitating concurrent classification and control of tunneled and non-tunneled network traffic
First Claim
1. An apparatus facilitating concurrent classification and control of tunneled and non-tunneled data flows across an access link between a first computer network and a second computer network, comprisinga tunnel mechanism including transformation tunnel capabilities operative to establish a communication tunnel with a remote network device having compatible transformation tunnel capabilities;
- a bandwidth management device operably connected to the tunnel mechanism, the bandwidth management device operably connected to the access link to monitor data flows between the first computer network and the second computer network;
wherein the bandwidth management device is operative to;
receive a first data flow from the first computer network;
identify at least one traffic type corresponding to the first data flow;
enforce a first bandwidth utilization control on the first data flow having a first target rate;
transmit the first data flow to the tunnel mechanism;
receive a second data flow from the tunnel mechanism;
identify at least one traffic type corresponding to the second data flow;
associate the first data flow to the second data flow;
enforce a second bandwidth utilization control on the first data flow having a second target rate;
transmit the second data flow to the second computer network; and
adjust the first target rate based on feedback data derived from a difference between the first data flow and the second data flow.
12 Assignments
0 Petitions
Accused Products
Abstract
Methods, apparatuses and systems facilitating the concurrent classification and control of tunneled and non-tunneled data flows in a packet-based computer network environment. As discussed in more detail below, embodiments of the present invention allow for the “intra-tunnel” classification of data flows and, based on the classification, the deterministic and intelligent application of aggregate bandwidth utilization controls on data flows corresponding to a given tunnel. Embodiments of the present invention allow for the allocation of bandwidth on an application-level basis between tunneled and non-tunneled traffic, as well as between applications within a given tunnel. Other embodiments of the present invention can be configured to provide a differentiated security model for non-tunneled and tunneled traffic. In addition, embodiments of the present invention can be further configured to implement a layered security model for tunneled traffic.
232 Citations
22 Claims
-
1. An apparatus facilitating concurrent classification and control of tunneled and non-tunneled data flows across an access link between a first computer network and a second computer network, comprising
a tunnel mechanism including transformation tunnel capabilities operative to establish a communication tunnel with a remote network device having compatible transformation tunnel capabilities; -
a bandwidth management device operably connected to the tunnel mechanism, the bandwidth management device operably connected to the access link to monitor data flows between the first computer network and the second computer network; wherein the bandwidth management device is operative to; receive a first data flow from the first computer network; identify at least one traffic type corresponding to the first data flow; enforce a first bandwidth utilization control on the first data flow having a first target rate; transmit the first data flow to the tunnel mechanism; receive a second data flow from the tunnel mechanism; identify at least one traffic type corresponding to the second data flow; associate the first data flow to the second data flow; enforce a second bandwidth utilization control on the first data flow having a second target rate; transmit the second data flow to the second computer network; and adjust the first target rate based on feedback data derived from a difference between the first data flow and the second data flow. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. An apparatus facilitating concurrent classification and control of tunneled and non-tunneled data flows across an access link between a first computer network and a second computer network, comprising
a tunnel mechanism including transformation tunnel capabilities operative to establish a communication tunnel with a remote network device having compatible transformation tunnel capabilities; -
a bandwidth management device operably connected to the tunnel mechanism, and operably connected to the access link to monitor data flows between a first network and a second network, wherein the bandwidth management device is operative to; compute at least one metric associated with data flows traversing the bandwidth management device; detect data flows associated with a communications tunnel from the first computer network; channel data flows to the tunnel mechanism at a first rate; associate data flows corresponding to the communications tunnel from the first computer network to data flows emanating from the tunnel mechanism; transmit the data flows emanating from the tunnel mechanism to the second computer network; and adjust the first rate based on feedback data derived from a difference between the data flows channeled to the tunnel mechanism and the data flows emanating from the tunnel mechanism. - View Dependent Claims (12, 13, 14, 15, 16, 17)
-
-
18. An apparatus enabling concurrent classification and control of tunneled and non-tunneled data flows across an access link between a first computer network and a second computer network, comprising
a tunnel mechanism including transformation tunnel capabilities operative to establish a communication tunnel with a remote network device having compatible transformation tunnel capabilities; -
a bandwidth management device operably connected to an access link between a first computer network and a second computer network, wherein the bandwidth management device comprises; an inside interface, an outside interface, an inside tunnel interface and an outside tunnel interface, wherein the inside interface provides the communications interface between the bandwidth management device and the first computer network, wherein the outside interface provides the communications interface between the bandwidth management device and the second computer network, and wherein the inside tunnel interface and the outside tunnel interface provide communications interfaces to the tunnel mechanism; a packet processor operative to monitor data flows in relation to at least one metric; a traffic classification database operative to identify traffic types corresponding to data flows; and a bandwidth control mechanism operative to enforce bandwidth utilization controls on data flows associated with corresponding traffic types; wherein the bandwidth management device is operative to; receive a first data flow from the first computer network; transmit the first data flow to the tunnel mechanism at a first rate; receive a second data flow from the tunnel mechanism; associate the first data flow to the second data flow; and adjust the first rate based on feedback data derived from a difference between the first data flow and the second data flow. - View Dependent Claims (19)
-
-
20. A method facilitating concurrent classification and control of tunneled and non-tunneled network traffic, the method comprising:
-
receiving a first data flow from a first computer network; identifying at least one traffic type corresponding to the first data flow; transmitting the first data flow to a tunnel mechanism at a first rate; receiving a second data flow from the tunnel mechanism; identifying at least one traffic type corresponding to the second data flow; associating the first data flow with the second data flow; and adjusting the first rate based on feedback data derived from a difference between the first data flow and the second data flow. - View Dependent Claims (21, 22)
-
Specification