Identifying flows based on behavior characteristics and applying user-defined actions
DCFirst Claim
1. A machine-implemented method for the identification and handling of a single application flow, the flow comprising a plurality of information packets, and the method comprising:
- creating a flow block as the first packet of a flow is processed by a router;
said flow block being adapted to store payload-content agnostic behavioral statistics about said flow;
updating said flow block with the flow'"'"'s payload-content agnostic behavioral statistics as packets belonging to said flow are processed by said router;
said flow being incapable of being identified by header information alone;
heuristically determining whether at least one user-specified policy is satisfied by said payload-content agnostic behavioral statistics stored in said flow block; and
upon determination that at least one user-specified policy is satisfied by said payload-content agnostic behavioral statistics, applying, to at least one packet belonging to said flow, at least one user-specified action that is mapped to the at least one user-specified policy that is satisfied by said payload-content agnostic behavioral statistics;
wherein said payload-content agnostic behavioral statistics for said flow are calculated by said router;
wherein said payload-content agnostic behavioral statistics reflect the empirical behavior of said flow;
wherein at least one of said payload-content agnostic behavioral statistics is chosen from the group consisting of;
total byte count accumulated for the flow, flow life duration, average rate of flow, average packet size, average packet rate, average inter-packet gap, instantaneous flow rate, and moving average flow rate.
3 Assignments
Litigations
2 Petitions
Accused Products
Abstract
A mechanism is disclosed for identifying, classifying, and controlling flows in a network. In one implementation, a separate set of behavioral statistics is maintained for each flow. These behavioral statistics are updated as packets belonging to a flow are processed. Whenever a packet belonging to a flow is processed, a set of policies that the flow'"'"'s behavioral statistics satisfy is determined. For each policy that the flow'"'"'s behavioral statistics satisfy, actions that are associated with that policy are applied relative to the packet. The actions may be designed to cause a router to handle, in a user-specified manner, packets that are likely to represent a particular kind of traffic. Thus, different flows, such as VOIP, gaming, streaming, and P2P flows, which are associated with different behavioral statistics, may be handled in ways applicable for the specific application traffic type.
38 Citations
3 Claims
-
1. A machine-implemented method for the identification and handling of a single application flow, the flow comprising a plurality of information packets, and the method comprising:
-
creating a flow block as the first packet of a flow is processed by a router; said flow block being adapted to store payload-content agnostic behavioral statistics about said flow; updating said flow block with the flow'"'"'s payload-content agnostic behavioral statistics as packets belonging to said flow are processed by said router; said flow being incapable of being identified by header information alone; heuristically determining whether at least one user-specified policy is satisfied by said payload-content agnostic behavioral statistics stored in said flow block; and upon determination that at least one user-specified policy is satisfied by said payload-content agnostic behavioral statistics, applying, to at least one packet belonging to said flow, at least one user-specified action that is mapped to the at least one user-specified policy that is satisfied by said payload-content agnostic behavioral statistics; wherein said payload-content agnostic behavioral statistics for said flow are calculated by said router; wherein said payload-content agnostic behavioral statistics reflect the empirical behavior of said flow; wherein at least one of said payload-content agnostic behavioral statistics is chosen from the group consisting of;
total byte count accumulated for the flow, flow life duration, average rate of flow, average packet size, average packet rate, average inter-packet gap, instantaneous flow rate, and moving average flow rate. - View Dependent Claims (2)
-
-
3. A machine-implemented method for the identification and handling of a single application flow, the flow comprising a plurality of information packets, and the method comprising:
-
creating a flow block as the first packet of a flow is processed by a router; said flow block being adapted to store solely payload-content agnostic behavioral statistics about said flow; updating said flow block with the flow'"'"'s payload-content agnostic behavioral statistics as packets belonging to said flow are processed by said router; said flow being incapable of being identified by header information alone; heuristically determining whether at least one user-specified policy is satisfied by said payload-content agnostic behavioral statistics stored in said flow block; and upon determination that at least one user-specified policy is satisfied by said payload-content agnostic behavioral statistics, applying, to at least one packet belonging to said flow, at least one user-specified action that is mapped to the at least one user-specified policy that is satisfied by said payload-content agnostic behavioral statistics; wherein said payload-content agnostic behavioral statistics for said flow are calculated by said router; wherein said payload-content agnostic behavioral statistics reflect the empirical behavior of said flow; wherein said payload-content agnostic behavioral statistics are chosen from the group consisting of;
total byte count accumulated for the flow, flow life duration, average rate of flow, average packet size, average packet rate, average inter-packet gap, instantaneous flow rate, and moving average flow rate.
-
Specification