Method of and system for analyzing the content of resource requests

US 7,814,204 B1
Filed: 04/01/2002
Issued: 10/12/2010
Est. Priority Date: 02/11/2002
Status: Active Grant

First Claim

Patent Images

1. A processor device-implemented method of determining an indicator of a desired sub-class of service for resource requests, the method comprising performing the following steps in, by or for one or more processor devices:

receiving the resource requests having one resource request corresponding to an OSI layer 4 and another resource request corresponding to an OSI layer 5 or higher, wherein the resource requests are embodied as or spawned by a packet, and which are accompanied by or associated with an indicator of a desired class of service for the request derived from one or more non-content, header fields of the packet;

when the indicator of the desired class of service for the request indicates the desired class of service is at a layer in an applicable reference model corresponding to the OSI layer 4, refraining from performing content analysis processing of the resource request;

when the indicator of the desired class of service for the request indicates the desired class of service is at a layer in an applicable reference model corresponding to the OSI layer 5 or higher, performing content analysis processing of the resource request comprising the following sub-steps;

deriving a key from either or both the indicator of the desired class of service and content of the resource request, the content comprising at least a portion of the packet, or a segment encapsulating the packet, at a layer in an applicable reference model corresponding to the OSI layer 5 or higher;

using the key to access a database comprising entries associating match portions of key values with indicators of a desired sub-class of service, wherein each of a plurality of the entries indicates both type of match and action to be taken upon the type of match occurring, the type of match selected from the group consisting of an exact match, and at least one wildcard match, and the action to be taken upon the type of match occurring selected from the group consisting of stop searching and continue searching; and

when one or more matching database entries are located, deriving the indicator of the desired sub-class of service for the resource request from one or more of the matching entries,wherein, the resource request comprises an https header, and the key from the resource request having an https header is derived solely from the indicator of the desired class of service, and the content analysis processing of the resource request further comprises extracting a SSL identifier string from the https header for allocating a resource to the resource request.

View all claims

8 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and methods are described for analyzing the content of resource requests. A tokenizer parses the resource request and derives a key therefrom. A database associates values of the key with categories of service. An association engine uses the key to obtain one or more matching entries from the database, and derive therefrom the desired category of service for the resource request. A cookie engine derives cookie information from a cookie located in the resource request. A session engine derives session information from a session identifier located in a handshake message associated with the resource request. The desired category of service, the cookie information, and the session information are each useful for allocating a resource to the resource request.

116 Citations

View as Search Results

78 Claims

1. A processor device-implemented method of determining an indicator of a desired sub-class of service for resource requests, the method comprising performing the following steps in, by or for one or more processor devices:
- receiving the resource requests having one resource request corresponding to an OSI layer 4 and another resource request corresponding to an OSI layer 5 or higher, wherein the resource requests are embodied as or spawned by a packet, and which are accompanied by or associated with an indicator of a desired class of service for the request derived from one or more non-content, header fields of the packet;
  
  when the indicator of the desired class of service for the request indicates the desired class of service is at a layer in an applicable reference model corresponding to the OSI layer 4, refraining from performing content analysis processing of the resource request;
  
  when the indicator of the desired class of service for the request indicates the desired class of service is at a layer in an applicable reference model corresponding to the OSI layer 5 or higher, performing content analysis processing of the resource request comprising the following sub-steps;
  
  deriving a key from either or both the indicator of the desired class of service and content of the resource request, the content comprising at least a portion of the packet, or a segment encapsulating the packet, at a layer in an applicable reference model corresponding to the OSI layer 5 or higher;
  
  using the key to access a database comprising entries associating match portions of key values with indicators of a desired sub-class of service, wherein each of a plurality of the entries indicates both type of match and action to be taken upon the type of match occurring, the type of match selected from the group consisting of an exact match, and at least one wildcard match, and the action to be taken upon the type of match occurring selected from the group consisting of stop searching and continue searching; and
  
  when one or more matching database entries are located, deriving the indicator of the desired sub-class of service for the resource request from one or more of the matching entries,wherein, the resource request comprises an https header, and the key from the resource request having an https header is derived solely from the indicator of the desired class of service, and the content analysis processing of the resource request further comprises extracting a SSL identifier string from the https header for allocating a resource to the resource request.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 33, 34, 35, 36, 37, 38, 39)
- - 2. The method of claim 1 wherein one or more of the matching entries represent exact matches.
  - 3. The method of claim 1 wherein one or more of the matching entries represent wildcard matches.
  - 4. The method of claim 3 wherein one or more of the wildcard matches represent prefix matches.
  - 5. The method of claim 3 wherein one or more of the wildcard matches represent suffix matches.
  - 6. The method of claim 3 wherein one or more of the wildcard matches represent one or more combinations of prefix and suffix matches.
  - 7. The method of claim 1 further comprising applying a policy to select one of a plurality of matching entries, and deriving the indicator of the desired sub-class of service from the selected entry.
  - 8. The method of claim 1 further comprising iteratively locating matching entries using sub-keys derived from content of the resource request.
  - 9. The method of claim 8 wherein the sub-keys are successively derived from content of the resource request.
  - 10. The method of claim 1 wherein the database is embodied as one or more prefix tables each associating values of prefix sub-keys with indicators of desired sub-classes of service.
  - 11. The method of claim 1 wherein the database is embodied as one or more suffix tables each associating values of suffix sub-keys with indicators of desired sub-classes of service.
  - 12. The method of claim 1 wherein the key is embodied as one or more uniformly sized codes.
  - 13. The method of claim 1 further comprising providing a default indicator of a desired sub-class of service if no key or only a partial key is available.
  - 14. The method of claim 1 wherein the key comprises a domain name derived from the resource request.
  - 15. The method of claim 14 wherein the domain name is derived from a host attribute specified in the resource request.
  - 16. The method of claim 14 wherein the key further comprises a URL path derived from the resource request.
  - 17. The method of claim 1 wherein the key further comprises a domain name and a URL path.
  - 18. The method of claim 1 wherein either or both the indicator of the desired class of service and the desired sub-class of service are used for allocating a resource to the resource request based on application of a suitable load balancing or persistence policy.
  - 19. The method of claim 1 wherein the key comprises the indicator of the desired class of service combined with one or more header tags.
  - 20. The method of claim 19 wherein the one or more header tags are http header tags.
  - 21. The method of claim 20 wherein the one or more http header tags comprise either or both a domain name and a URL pathname.
  - 33. The method as in any one of claims 1, 22, and 24 wherein the resource request is embodied as a data grouping.
  - 34. The method of claim 33 wherein the data grouping is an http header.
  - 35. The method of claim 33 wherein the data grouping is an https header.
  - 36. The method as in any one of claims 1, 22, and 24 operation using a key derived from one or more non-content, header fields of the packet, the one wherein the indicator of the desired class of service is derived by performing a table lookup or more non-content, header fields of the packet comprising destination IP address, destination port, and protocol.
  - 37. The method as in any one of claims 1, 22, and 24, wherein the one or more processor devices comprise one or more hardware processor devices, one or more processors executing software, or any combination of the foregoing.
  - 38. The method of claim 37 wherein the one or more hardware processor devices comprise one or more finite state machines.
  - 39. The method of claim 38 wherein the one or more finite state machines are implemented as one or more application specific integrated circuits (ASICs).

22. A processor device-implemented method of determining an indicator of a desired sub-class of service for, and one or more content identifiers from, resource requests, the method comprising performing the following steps in or by one or more processor devices:
- receiving the resource requests having one resource request corresponding to an OSI layer 4 and another resource request corresponding to an OSI layer 5 or higher, wherein the resource requests are embodied as or spawned by a packet, and which are accompanied by or associated with an indicator of a desired class of service for the request derived from one or more non-content, header fields of the packet;
  
  when the indicator of the desired class of service for the request indicates the desired class of service is at a layer in an applicable reference model corresponding to the OSI layer 4, refraining from performing content analysis processing of the resource request;
  
  when the indicator of the desired class of service for the request indicates the desired class of service is at a layer in an applicable reference model corresponding to the OSI layer 5 or higher, performing content analysis processing of the resource request comprising the following sub-steps;
  
  deriving the indicator of the desired sub-class of service by matching first content of the resource request with one or more entries of a database associating match portions of content with indicators of a desired sub-class of service, wherein each of a plurality of the entries indicates both type of match and action to be taken upon the type of match occurring, the type of match selected from the group consisting of an exact match, and at least one wildcard match, and the action to be taken upon the type of match occurring selected from the group consisting of stop searching and continue searching, the first content comprising at least a portion of the packet, or a segment encapsulating the packet, at a layer in an applicable reference model corresponding to the OSI layer 5 or higher; and
  
  deriving, in parallel with previous deriving step, the one or more content identifiers from an analysis of second content of the resource request that is distinct from the first content at least in part, the one or more content identifiers, the second content comprising at least a portion of the packet, or a segment encapsulating the packet, at a layer in an applicable reference model corresponding to the OSI layer 5 or higher,wherein either or both the indicator of the desired sub-class of service, and the one or more content identifiers, are useful for allocating a resource, comprising a connection to a server or class of server, to the resource request,wherein the first content is selected from the group consisting of domain name information and URL path information, and the second content is selected from the group consisting of cookie information and SSL session information.
- View Dependent Claims (23, 40, 41)
- - 23. The method of claim 22 wherein the one or more content identifiers are used for allocating a resource to the resource request based on application of a persistence policy.
  - 40. The method according to claim 22 or 24 wherein, when the second content is cookie information, an identifier of a server for allocation to the request is derived by processing the cookie information in accordance with a cookie processing mode determined responsive to the indicator of the desired category of service.
  - 41. The method of claim 40 wherein the cookie processing mode is selected from the group consisting of self-identification cookie mode, directive hash mode, and cookie learning mode.

24. A processor device-implemented method of allocating resources to resource requests comprising performing the following steps in or by one or more processor devices:
- receiving the resource requests having one resource request corresponding to an OSI layer 4 and another resource request corresponding to an OSI layer 5 or higher, wherein the resource requests are embodied as or spawned by a packet, and which are accompanied by or associated with an indicator of a desired class of service for the request derived from one or more non-content, header fields of the packet;
  
  when the indicator of the desired class of service for the request indicates the desired class of service is at a layer in an applicable reference model corresponding to the OSI layer 4, refraining from performing content analysis processing of the resource request;
  
  when the indicator of the desired class of service for the request indicates the desired class of service is at a layer in an applicable reference model corresponding to the OSI layer 5 or higher, performing content analysis processing of the resource request comprising the following sub-steps;
  
  when the request comprises an http header, deriving an indicator of a desired sub-class of service by matching first content of the resource request with one or more entries of a database associating match portions of content with indicators of a desired sub-class of service, each of a plurality of the entries indicating both type of match and action to be taken upon the type of match occurring, the type of match selected from the group consisting of an exact match, and at least one wildcard match, and the action to be taken upon the type of match occurring selected from the group consisting of stop searching and continue searching, the first content comprising at least a portion of the packet, or a segment encapsulating the packet, at a layer in an applicable reference model corresponding to the OSI layer 5 or higher;
  
  when the request comprises an http or https header, deriving one or more content identifiers from an analysis of second content of the resource request that is distinct from the first content, the second content comprising at least a portion of the packet, or a segment encapsulating the packet, at a layer in an applicable reference model corresponding to the OSI layer 5 or higher; and
  
  allocating a resource to the resource request, comprising a connection or class of connections, responsive to one or more of the indicator of the desired class of service, the indicator of the desired sub-class of service, and the one or more content identifiers,wherein the first content is selected from the group consisting of domain name information and URL path information, and the second content is selected from the group consisting of cookie information and SSL session information.
- View Dependent Claims (25, 26, 27, 28, 29, 30, 31, 32)
- - 25. The method of claim 24 wherein the resource is allocated to the resource request through application of a load balancing policy.
  - 26. The method of claim 25 wherein the load balancing policy is determined responsive to the indicator of the desired sub-class of service for the resource request.
  - 27. The method of claim 24 wherein the resource is allocated to the resource request through application of a persistence policy.
  - 28. The method of claim 27 wherein the resource that is allocated is identified by the one or more content identifiers.
  - 29. The method of claim 27 wherein the resource that is allocated is associated with a connection that is identified by the one or more content identifiers.
  - 30. The method of claim 27 wherein the resource that is allocated is located responsive to the indicator of the desired sub-class of service and the one or more content identifiers.
  - 31. The method of claim 30 wherein the resource that is allocated is located through an access to a hierarchical arrangement of data structures.
  - 32. The method as in any one of claim 24 wherein the resource is a server.

42. A system for determining an indicator of a desired sub-class of service for resource requests comprising:
- one or more processor devices that receive the resource requests having one resource request corresponding to an OSI layer 4 and another resource request corresponding to an OSI layer 5 or higher, wherein the resource requests are embodied as or spawned by a packet, and which is accompanied by or associated with an indicator of a desired class of service for the request derived from one or more non-content, header fields of the packet, and, when the indicator of the desired class of service indicates the desired class of service is at a layer in an applicable reference model corresponding to the OSI layer 4, have a tokenizer and an association engine refrain from performing content analysis processing of the resource request, and, when the indicator of the desired class of service indicates the desired class of service is at a layer in an applicable reference model corresponding to the OSI layer 5 or higher, have the tokenizer and the association engine perform content analysis processing of the resource request;
  
  wherein the tokenizer, when performing content analysis processing of the resource request, is configured to parse content of the resource request, the content comprising at least a portion of the packet, or a segment encapsulating the packet, at a layer in an applicable reference model corresponding to the OSI layer 5 or higher;
  
  a database configured to associate sub-classes of service with values of a key; and
  
  the association engine, when performing content analysis processing of the resource request, is configured to;
  
  assemble a key from either or both the indicator of the desired class of service and one or more of the tokens,access the database using the key, obtains one or more entries therefrom that match the key, andderive the indicator of the desired sub-class of service from the one or more matching entries, wherein each of a plurality of the entries indicates both type of match and action to be taken upon the type of match occurring, the type of match selected from the group consisting of an exact match, and at least one wildcard match, and the action to be taken upon the type of match occurring selected from the group consisting of stop searching and continue searching, and outputs the indicator of the desired sub-class of service,wherein, the resource request comprises an https header, and the key from the resource request having the https header is derived solely from the indicator of the desired class of service, and the system further comprises a session engine configured to extract a SSL identifier string from the https header for allocating a resource to the resource request when performing content analysis processing of the resource request.
- View Dependent Claims (43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 67, 68, 69, 71, 72, 73, 74)
- - 43. The system of claim 42 wherein the association engine is configured to obtain one or more database entries that represent exact matches with the key.
  - 44. The system of claim 42 wherein the association engine is configured to obtain one or more database entries that represent wildcard matches with the key.
  - 45. The system of claim 44 wherein the association engine is configured to obtain one or more database entries that represent wildcard prefix matches with the key.
  - 46. The system of claim 44 wherein the association engine is configured to obtain one or more database entries that represent wildcard suffix matches with the key.
  - 47. The system of claim 44 wherein the association engine is configured to select one of a plurality of matching database entries through application of a policy, and derive the indicator of the desired sub-class of service from the selected entry.
  - 48. The system of claim 42 wherein the association engine is configured to access the database and locate matching entries iteratively using sub-keys derived from tokens parsed from the resource request.
  - 49. The system of claim 42 wherein the database is embodied as one or more prefix tables for associating prefix sub-keys with identifiers of sub-classes of service, and one or more suffix tables for associating suffix sub-keys with identifiers of sub-classes of service.
  - 50. The system of claim 42 wherein the tokenizer is configured to parse the resource request into tokens, and translate the tokens into uniformly sized codes.
  - 51. The system of claim 50 wherein the tokenizer is configured to translate only those tokens that have matching entries in a database associating selected tokens with the codes.
  - 52. The system of claim 51 wherein the selected tokens are determined from a configuration table identifying logical groupings of resources.
  - 53. The system of claim 42 wherein the key comprises one or more header tags.
  - 54. The system of claim 53 wherein the one or more header tags comprise one or more http header tags.
  - 55. The system of claim 54 wherein the one or more http header tags comprise either or both a domain name and a URL pathname.
  - 67. The system as in any one of claims 42, 56, 60, and 66, wherein the resource request is embodied as a data grouping.
  - 68. The system of claim 67 wherein the data grouping is an http header.
  - 69. The system of claim 67 wherein the data grouping is an https header.
  - 71. The system as in any one of claims 42, 56, 60 and 66, wherein the one or more processor devices comprise one or more hardware processor devices, one or more processors executing software, or any combination of the foregoing.
  - 72. The system of claim 71 wherein the one or more hardware processor devices comprise one or more finite state machines.
  - 73. The system of claim 72 wherein the one or more finite state machines are implemented as one or more application specific integrated circuits (ASICs).
  - 74. The system as in any one of claims 42, 56, 60 and 66 wherein the indicator of the desired class of service is derived by performing a table lookup operation using a key derived from one or more non-content, header fields of the packet, the one or more non-content, header fields of the packet comprising destination IP address, destination port, and protocol.

56. A system for deriving an indicator of a desired sub-class of service for, and one or more content identifiers from, resource requests comprising:
- one or more processor devices configured to receive the resource requests having one resource request corresponding to OSI layer 4 and another resource request corresponding to OSI layer 5 or higher, wherein the resource requests are embodied as or spawned by a packet, and which are accompanied by or associated with an indicator of a desired class of service for the request derived from one or more non-content, header fields of the packet, and, when the indicator of the desired class of service indicates the desired class of service is at a layer in an applicable reference model corresponding to the OSI layer 4, have an association engine and one or more extraction engines refrain from performing content analysis processing of the resource request, and, when the indicator of the desired class of service indicates the desired class of service is at a layer in an applicable reference model corresponding to the OSI layer 5 or higher, have the association engine and the one or more extraction engines perform content analysis processing of the resource request;
  
  wherein the association engine, when performing content analysis processing of the resource request, configured to determine the indicator of the desired sub-class of service for the resource request, by matching content of a first portion of the resource request with one or more entries of a database associating match values of content with indicators of a desired sub-class of service, the content of the first portion comprising at least a portion of the packet, or a segment encapsulating the packet, at a layer in an applicable reference model corresponding to the OSI layer 5 or higher, wherein each of a plurality of the entries in the database indicates both type of match and action to be taken upon the type of match occurring, the type of match selected from the group consisting of an exact match, and at least one wildcard match, and the action to be taken upon the type of match occurring selected from the group consisting of stop searching and continue searching;
  
  the one or more extraction engines, when performing content analysis processing of the resource request, configured to extract information from a second portion of the resource request distinct from the first portion at least in part, the second portion of the resource request comprising at least a portion of the packet, or a segment encapsulating the packet, at a layer in an applicable reference model corresponding to the OSI layer 5 or higher, and configured to derive the one or more content identifiers from the extracted information; and
  
  wherein the one or both the indicators of the desired sub-class of service and the one or more content identifiers are for allocating a resource, comprising a connection or class of connections, to the resource request, andwherein the second portion of the resource request is selected from the group consisting of cookie information and SSL session information.
- View Dependent Claims (57, 58, 59, 75, 76)
- - 57. The system of claim 56 wherein the association engine and the one or more extraction engines are configured to operate in parallel.
  - 58. The system of claim 56 wherein the one or more content identifiers are useful for allocating a resource to the resource request based on application of a persistence policy.
  - 59. The system of claim 56 wherein the indicator of the desired sub-class of service is use for allocating a resource to the resource request based on application of a load balancing policy.
  - 75. The system according to claim 56, 60 or 66 wherein, when the second portion of the resource request is cookie information, an identifier of a server for allocation to the request is derived by processing the cookie information in accordance with a cookie processing mode determined responsive to the indicator of the desired category of service.
  - 76. The system of claim 75 wherein the cookie processing mode is selected from the group consisting of self-identification cookie mode, directive hash mode, and cookie learning mode.

60. A system for allocating resources to resource requests comprising:
- one or more processor devices that receive the resource requests having one resource request corresponding to an OSI layer 4 and another resource request corresponding to an OSI layer 5 or higher, wherein the resource requests are embodied as or spawned by a packet, and which are accompanied by or associated with an indicator of a desired class of service for the request derived from one or more non-content, header fields of the packet, and, when the indicator of the desired class of service indicates the desired class of service is at a layer in an applicable reference model corresponding to the OSI layer 4, have an association engine and one or more extraction engines configured to refrain from performing content analysis processing of the resource request, and, when the indicator of the desired class of service indicates the desired class of service is at a layer in an applicable reference model corresponding to the OSI layer 5 or higher, have either or both the association engine and one or more extraction engines perform content analysis processing of the resource request;
  
  wherein the association engine, when performing content analysis processing of the resource request, and the resource request comprises an http header, is configured to determine the indicator of the desired sub-class of service for the resource request by matching content of a first portion of the resource request with one or more entries of a database that associate content portions with indicators of a desired sub-class of service, the content of the first portion comprising at least a portion of the packet, or a segment encapsulating the packet, at a layer in an applicable reference model corresponding to the OSI layer 5 or higher, wherein each of a plurality of the entries in the database indicates both type of match and action to be taken upon the type of match occurring, the type of match selected from the group consisting of an exact match, a prefix match, a suffix match, and a combination prefix and suffix match, and the action to be taken upon the type of match occurring selected from the group consisting of stop searching, continue searching, continue searching left-to-right, and continue searching right-to-left; and
  
  wherein the one or more extraction engines, when performing content analysis processing of the resource request, and the resource request comprises either an http or https header, configured to extract information from a second portion of the resource request distinct from the first at least in part, the second portion of the resource request comprising at least a portion of the packet, or a segment encapsulating the packet, at a layer in an applicable reference model corresponding to the OSI layer 5 or higher, and derives therefrom the one or more content identifiers;
  
  a register including one or more programmable control bits configured to allow the association engine, and any of the one or more extraction engines, to be disabled or bypassed; and
  
  a policy engine configured to allocate a resource, comprising a connection or a class of connections, to the resource request responsive to one or more of the indicators of the desired class of service, the indicators of the desired sub-class of service and one or more content identifiers,wherein the second portion of the resource request is selected from the group consisting of cookie information and SSL session information.
- View Dependent Claims (61, 62, 63, 64, 65, 70)
- - 61. The system of claim 60 wherein the one or more content identifiers comprise cookie information.
  - 62. The system of claim 60 wherein the one or more content identifiers comprise session information.
  - 63. The system of claim 60 wherein the one or more content identifiers are used for allocating a resource to the resource request based on application of a persistence policy.
  - 64. The system of claim 60 wherein the indicator of the desired category of service is used for allocating a resource to the resource request based on application of a load balancing policy.
  - 65. The system of claim 60 wherein the desired sub-class of service is used in combination with the one or more content identifiers for allocating a resource to the resource request based on application of a persistence policy.
  - 70. The system as in any one of claims 60 and 66 wherein the resource is a server.

66. A system for allocating resources to resource requests comprising:
- one or more processor devices configured to receive the resource requests having one resource request corresponding to an OSI layer 4 and another resource request corresponding to an OSI layer 5 or higher, wherein the resource requests are embodied as or spawned by a packet, and which are accompanied by or associated with an indicator of a desired class of service for the request derived from one or more non-content, header fields of the packet, and, when the indicator of the desired class of service indicates the desired class of service is at a layer in an applicable reference model corresponding to the OSI layer 4, have a means for determining and a means for extracting configured to refrain from performing content analysis processing of the resource request, and, when the indicator of the desired class of service indicates the desired class of service is at a layer in an applicable reference model corresponding to the OSI layer 5 or higher, have the means for determining and the means for extracting perform content analysis processing of the resource request;
  
  the means for determining, when performing content analysis processing of the resource request, configured to determine the indicator of the desired sub-class of service for the resource request by matching content of a first portion of the resource request with one or more entries of a database associating match portions of content with indicators of a desired sub-class of service, first content comprising at least a portion of the packet, or a segment encapsulating the packet, at a layer in an applicable reference model corresponding to the OSI layer 5 or higher, wherein each of a plurality of entries in the database indicates both type of match and action to be taken upon the type of match occurring, the type of match selected from the group consisting of an exact match, and at least one wildcard match, and the action to be taken upon the type of match occurring selected from the group consisting of stop searching and continue searching;
  
  the means for extracting, when performing content analysis processing of the resource request, configured to extract information from a second portion of the resource request distinct from the first at least in part, the second portion of the resource request comprising at least a portion of the packet, or a segment encapsulating the packet, at a layer in an applicable reference model corresponding to the OSI layer 5 or higher, and configured to derive therefrom one or more content identifiers, wherein the one or more content identifiers for application of one or more persistence policies;
  
  means for allowing any of the determining means and the extracting means to be disabled or bypassed; and
  
  means for allocating a resource, comprising a connection or class of connections, to the resource request responsive to one or more of the indicator of the desired class of service, the indicator of the desired sub-class of service and the one or more content identifiers,wherein the second portion of the resource request is selected from the group consisting of cookie information and SSL session information.

77. A system for deriving an indicator of a desired sub-class of service for, and one or more content identifiers from, resource requests comprising:
- one or more processor devices that receive the resource requests having one resource request corresponding to an OSI layer 4 and another resource request corresponding to an OSI layer 5 or higher, wherein the resource requests are embodied as or spawned by a packet, and which are accompanied by or associated with an indicator of a desired class of service for the request derived from one or more non-content, header fields of the packet, and, when the indicator of the desired class of service indicates the desired class of service is at a layer in an applicable reference model corresponding to the OSI layer 4, have an association engine and one or more extraction engines refrain from performing content analysis processing of the resource request, and, when the indicator of the desired class of service indicates the desired class of service is at a layer in an applicable reference model corresponding to the OSI layer 5 or higher, have the association engine and one or more extraction engines perform content analysis processing of the resource request;
  
  wherein the association engine, when performing content analysis processing of the resource request, configured to determine the indicator of the desired sub-class of service for the resource request, by matching content of a first portion of the resource request with one or more entries of a database associating match values of content with indicators of a desired sub-class of service, the content of the first portion comprising at least a portion of the packet, or a segment encapsulating the packet, at a layer in an applicable reference model corresponding to the OSI layer 5 or higher, wherein each of a plurality of the entries in the database indicates both type of match and action to be taken upon the type of match occurring, the type of match selected from the group consisting of an exact match, and at least one wildcard match, and the action to be taken upon the type of match occurring selected from the group consisting of stop searching and continue searching;
  
  the one or more extraction engines, when performing content analysis processing of the resource request, configured to extract information from a second portion of the resource request distinct from the first portion at least in part, the second portion of the resource request comprising at least a portion of the packet, or a segment encapsulating the packet, at a layer in an applicable reference model corresponding to the OSI layer 5 or higher, and configured to derive the one or more content identifiers from the extracted information; and
  
  wherein the one or both the indicators of the desired sub-class of service and the one or more content identifiers are for allocating a resource, comprising a connection or class of connections, to the resource request,wherein the one or more extraction engines comprise a cookie engine and a session engine, and the system further comprises a control logic configured to;
  
  disable or bypass the session engine in response to receiving resources requests having an http header, anddisable or bypass the association engine and the cookie engine in response to receiving resource requests having an https header.

78. A system for allocating resources to a resource requests comprising:
- one or more processor devices that receive the resource requests having one resource request corresponding to an OSI layer 4 and another resource request corresponding to an OSI layer 5 or higher, wherein the resource requests are embodied as or spawned by a packet, and which are accompanied by or associated with an indicator of a desired class of service for the request derived from one or more non-content, header fields of the packet, and, when the indicator of the desired class of service indicates the desired class of service is at a layer in an applicable reference model corresponding to the OSI layer 4, have an association engines and one or more extraction engines refrain from performing content analysis processing of the resource request, and, when the indicator of the desired class of service indicates the desired class of service is at a layer in an applicable reference model corresponding to the OSI layer 5 or higher, have either or both the association engine and one or more extraction engines perform content analysis processing of the resource request;
  
  wherein the association engine, when performing content analysis processing of the resource request, and the resource request comprises an http header, configured to determine the indicator of the desired sub-class of service for the resource request by matching content of a first portion of the resource request with one or more entries of a database that associate content portions with indicators of a desired sub-class of service, the content of the first portion comprising at least a portion of the packet, or a segment encapsulating the packet, at a layer in an applicable reference model corresponding to OSI layer five or higher, wherein each of a plurality of the entries in the database indicates both type of match and action to be taken upon the type of match occurring, the type of match selected from the group consisting of an exact match, a prefix match, a suffix match, and a combination prefix and suffix match, and the action to be taken upon the type of match occurring selected from the group consisting of stop searching, continue searching, continue searching left-to-right, and continue searching right-to-left; and
  
  the one or more extraction engines, when performing content analysis processing of the resource request, and the resource request comprises either an http or https header, configured to extract information from a second portion of the resource request distinct from the first at least in part, the second portion of the resource request comprising at least a portion of the packet, or a segment encapsulating the packet, at a layer in an applicable reference model corresponding to the OSI layer 5 or higher, and to derive therefrom the one or more content identifiers;
  
  a register including one or more programmable control bits configured to allow the association engine, and any of the one or more extraction engines, to be disabled or bypassed; and
  
  a policy engine configured to allocate a resource, comprising a connection or class of connections, to the resource request responsive to one or more of the indicator of the desired class of service, the indicator of the desired sub-class of service and the one or more content identifiers,wherein the one or more extraction engines comprise a cookie engine and a session engine, and the control register configured to;
  
  disable or bypass the session engine in response to receiving resources requests having an http header, anddisable or bypass the association engine and the cookie engine in response to receiving resource requests having an https header.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Extreme Networks, Inc.
Original Assignee
Extreme Networks, Inc.
Inventors
TRAN, KIET, Lowe, Ricky K., Liu, Liang, Gomez, Miguel, Wang, Wei
Primary Examiner(s)
Betit, Jacob F

Application Number

US10/115,572
Time in Patent Office

3,116 Days
Field of Search

707/5, 707/7, 707/3, 709/227, 709/218
US Class Current

709/226
CPC Class Codes

G06F 16/9566   URL specific, e.g. using al...

H04L 12/00   Data switching networks int...

H04L 12/6418   Hybrid transport

H04L 12/66   Arrangements for connecting...

H04L 45/7453   using hashing

H04L 47/125   by balancing the load, e.g....

H04L 47/24   Traffic characterised by sp...

H04L 47/2441   relying on flow classificat...

H04L 47/805   QOS or priority aware

H04L 63/0428   wherein the data content is...

H04L 63/166   at the transport layer

H04L 67/02   based on web technology, e....

H04L 67/141   Setup of application sessio...

H04L 67/146   Markers for unambiguous ide...

H04L 69/40   for recovering from a failu...

H04L 9/40   Network security protocols

Method of and system for analyzing the content of resource requests

First Claim

8 Assignments

0 Petitions

Accused Products

Abstract

116 Citations

78 Claims

Specification

Solutions

Use Cases

Quick Links

Method of and system for analyzing the content of resource requests

First Claim

8 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

116 Citations

78 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links