Method and apparatus for controlling the flow of data across a network interface
First Claim
1. A method, comprising:
- receiving, via a network device, a data stream that includes a plurality of data packets;
receiving a report that includes an encryption capacity indicator associated with a network interface;
determining a traffic class for a data packet in the data stream; and
selectively undertaking at least one ofselecting an outbound network interface link to transmit the data packet based at least in part on both the received encryption capacity indicator and the identified traffic class, anddropping the packet based at least in part on both the received encryption capacity indicator and the identified traffic class.
6 Assignments
0 Petitions
Accused Products
Abstract
The present invention performs “flow control” based on the remaining encryption capacity of an encrypted outbound network interface link of a network routing device, such as a router or switch. As the encrypted link begins to run low on encryption key material, this invention begins to discard datagrams queued for transit across that link, in order to signal distant host computers that they should slow down the rate at which they are sending datagrams. The invention, which is particularly useful in cryptographically protected networks that run the TCP/IP protocol stack, allows fine-grained flow control of individual traffic classes because it can determine, for example, how various classes of data traffic (e.g., voice, video, TCP) should be ordered and transmitted through a network. Thus, the invention can be used to implement sophisticated flow control rules so as to give preferential treatment to certain people, departments or computers.
-
Citations
23 Claims
-
1. A method, comprising:
-
receiving, via a network device, a data stream that includes a plurality of data packets; receiving a report that includes an encryption capacity indicator associated with a network interface; determining a traffic class for a data packet in the data stream; and selectively undertaking at least one of selecting an outbound network interface link to transmit the data packet based at least in part on both the received encryption capacity indicator and the identified traffic class, and dropping the packet based at least in part on both the received encryption capacity indicator and the identified traffic class. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A device, comprising:
-
an inbound network interface link configured to receive a data stream that includes a plurality of data packets; at least two outbound network interface links, wherein each of the outbound network interface links is configured to transmit at least one of the received data packets to a network routing device; and a routing processor configured to identify a traffic class for a data packet in the data stream, receive an encryption capacity indicator for each of the outbound network interface links, and select one of the outbound network interface links to transmit the data packet based at least in part on both the received encryption capacity indicators and the identified traffic class. - View Dependent Claims (11, 12, 13, 14, 15, 16)
-
-
17. A system, comprising:
-
a network routing device configured to receive a data packet; a cryptographic subsystem; and an outbound network interface link that is coupled to the network routing device and protected by the cryptographic subsystem, wherein the network routing device is further configured to; receive an encryption capacity indicator from the cryptographic subsystem, wherein the encryption capacity indicator includes a quantitative measure representative of a capacity of the cryptographic subsystem to encrypt subsequent data packets; at least selectively undertake one of transmit the data packet across the outbound network interface link based at least in part on both an encryption capacity indicator and an identified traffic class; and drop the packet based at least in part on both the received encryption capacity indicator and the identified traffic class. - View Dependent Claims (18, 19, 20, 21, 22, 23)
-
Specification