Transparent provisioning of services over a network
First Claim
1. A method of transparently provisioning first and second services to a network, the first service being provided by a first application service provider to the network via a first application and the second service being provided by a second application service provider to the network via a second application, the network carrying a plurality of packets each being transmitted by a source to at least one intended destination intended by the source, each packet of the plurality of packets comprising routing data operative to cause the forwarding of the packet via the network towards the at least one intended destination, the method comprising:
- interfacing between the first application and an interface to the network;
interfacing between the second application and the interface to the network;
intercepting, via the interface, each packet of the plurality of packets prior to a forwarding thereof toward the at least one intended destination;
evaluating each intercepted packet based on a first specification of a first subset of the plurality of packets with respect to which the first application is to perform the first service and a second specification of a second subset of the plurality of packets with respect to which the second application is to perform the second service, wherein at least the first specification specifies the first subset based on criteria other than only the routing data contained in the intercepted packet; and
acting on the intercepted packet, based on the evaluating, to facilitate the performance of at least one of the first service, the second service or a combination thereof with respect to the intercepted packet when the intercepted packet is included in at least one of the specified first subset, second subset, or combination thereof; and
receiving a result of the performance of at least one of the first service, the second service or a combination thereof from the first application, the second application, or a combination thereof, respectively,wherein the acting comprises at least one of providing at least a copy of at least a portion of the intercepted packet to at least one of the first and second applications, deleting the intercepted packet, modifying the intercepted packet, substituting a modified intercepted packet for the intercepted packet, substituting a new packet for the intercepted packet, allowing the intercepted packet to continue to the at least one intended destination, or combinations thereof.
12 Assignments
0 Petitions
Accused Products
Abstract
An apparatus and method for enhancing the infrastructure of a network such as the Internet is disclosed. A packet interceptor/processor apparatus is coupled with the network so as to be able to intercept and process packets flowing over the network. Further, the apparatus provides external connectivity to other devices that wish to intercept packets as well. The apparatus applies one or more rules to the intercepted packets which execute one or more functions on a dynamically specified portion of the packet and take one or more actions with the packets. The apparatus is capable of analyzing any portion of the packet including the header and payload. Actions include releasing the packet unmodified, deleting the packet, modifying the packet, logging/storing information about the packet or forwarding the packet to an external device for subsequent processing. Further, the rules may be dynamically modified by the external devices.
-
Citations
20 Claims
-
1. A method of transparently provisioning first and second services to a network, the first service being provided by a first application service provider to the network via a first application and the second service being provided by a second application service provider to the network via a second application, the network carrying a plurality of packets each being transmitted by a source to at least one intended destination intended by the source, each packet of the plurality of packets comprising routing data operative to cause the forwarding of the packet via the network towards the at least one intended destination, the method comprising:
-
interfacing between the first application and an interface to the network; interfacing between the second application and the interface to the network; intercepting, via the interface, each packet of the plurality of packets prior to a forwarding thereof toward the at least one intended destination; evaluating each intercepted packet based on a first specification of a first subset of the plurality of packets with respect to which the first application is to perform the first service and a second specification of a second subset of the plurality of packets with respect to which the second application is to perform the second service, wherein at least the first specification specifies the first subset based on criteria other than only the routing data contained in the intercepted packet; and acting on the intercepted packet, based on the evaluating, to facilitate the performance of at least one of the first service, the second service or a combination thereof with respect to the intercepted packet when the intercepted packet is included in at least one of the specified first subset, second subset, or combination thereof; and receiving a result of the performance of at least one of the first service, the second service or a combination thereof from the first application, the second application, or a combination thereof, respectively, wherein the acting comprises at least one of providing at least a copy of at least a portion of the intercepted packet to at least one of the first and second applications, deleting the intercepted packet, modifying the intercepted packet, substituting a modified intercepted packet for the intercepted packet, substituting a new packet for the intercepted packet, allowing the intercepted packet to continue to the at least one intended destination, or combinations thereof. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A system for transparently provisioning first and second services to a network, the first service being provided by a first application service provider to the network via a first application and the second service being provided by a second application service provider to the network via a second application, the network carrying a plurality of packets each being transmitted by a source to at least one intended destination intended by the source, each packet of the plurality of packets comprising routing data operative to cause the forwarding of the packet via the network towards the at least one intended destination, the system comprising:
-
a packet processor coupled between the network and the first and second applications and operative to intercept at least one packet of the plurality of packets prior to a forwarding thereof toward the at least one intended destination, evaluate the at least one intercepted packet based on a first specification of a first subset of the plurality of packets with respect to which the first application is to perform the first service and a second specification of a second subset of the plurality of packets with respect to which the second application is to perform the second service, and act on the intercepted packet to facilitate the performance of at least one of the first service, the second service, or combination thereof with respect to the intercepted packet when the intercepted packet is included in at least one of the specified first subset, second subset, or combination thereof wherein at least the first specification specifies the first subset based on criteria other than only the routing data contained in the intercepted packet, wherein the packet processor is further operative to receive a result of the performance of at least one of the first service, the second service or a combination thereof from the first application, the second application, or a combination thereof, respectively, and wherein the act comprises at least one of provide at least a copy of at least a portion of the intercepted packet to at least one of the first and second applications, delete the intercepted packet, modify the intercepted packet, substitute a modified intercepted packet for the intercepted packet, substitute a new packet for the intercepted packet, allow the intercepted packet to continue to the at least one intended destination, or combinations thereof. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18)
-
-
19. A system for transparently provisioning first and second services to a network, the first service being provided by a first application service provider to the network via a first application and the second service being provided by a second application service provider to the network via a second application, the network carrying a plurality of packets each being transmitted by a source to at least one intended destination intended by the source, each packet of the plurality of packets comprising routing data operative to cause the forwarding of the packet via the network towards the at least one intended destination, the system comprising:
-
means for interfacing between the first application and an interface to the network; means for interfacing between the second application and the interface to the network; means for intercepting, via the interface, each packet of the plurality of packets prior to a forwarding thereof toward the at least one intended destination; means for evaluating each intercepted packet based on a first specification of a first subset of the plurality of packets with respect to which the first application is to perform the first service and a second specification of a second subset of the plurality of packets with respect to which the second application is to perform the second service, wherein at least the first specification specifies the first subset based on criteria other than only the routing data contained in the intercepted packet; means for acting on the intercepted packet, based on the evaluating, to facilitate the performance of at least one of the first service, the second service, or combination thereof with respect to the intercepted packet when the intercepted packet is included in at least one of the specified first subset, second subset, or combination thereof, by providing at least a copy of at least a portion of the intercepted packet to at least one of the first and second applications, deleting the intercepted packet, modifying the intercepted packet, substituting a modified intercepted packet for the intercepted packet, substituting a new packet for the intercepted packet, allowing the intercepted packet to continue to the at least one intended destination, or combinations there; and means for receiving a result of the performance of at least one of the first service, the second service or a combination thereof from the first application, the second application, or a combination thereof, respectively.
-
-
20. A system for transparently provisioning first and second services to a network, the first service being provided by a first application service provider to the network via a first application and the second service being provided by a second application service provider to the network via a second application, the network carrying a plurality of packets each being transmitted by a source to at least one intended destination intended by the source, each packet of the plurality of packets comprising routing data operative to cause the forwarding of the packet via the network towards the at least one intended destination, the system comprising processor, a memory coupled with the processor, a network interface operative to couple the processor with the network, and an application interface operative to couple the processor with the first and second applications, the system further comprising:
-
first logic stored in the memory and executable by the processor cause the processor to intercept at least one packet of the plurality of packets prior to a forwarding thereof toward the at least one intended destination; second logic, coupled with the first logic, stored in the memory and executable by the processor to cause the processor to evaluate the at least one intercepted packet based on a first specification of a first subset of the plurality of packets with respect to which the first application is to perform the first service and a second specification of a second subset of the plurality of packets with respect to which the second application is to perform the second service, wherein at least the first specification specifies the first subset based on criteria other than only the routing data contained in the intercepted packet; third logic, coupled with the second logic, stored in the memory and executable by the processor to cause the processor to act on the intercepted packet to facilitate the performance of at least one of the first service, the second service, or combination thereof with respect to the intercepted packet when the intercepted packet is included in at least one of the specified first subset, second subset, or combination thereof; and fourth logic, coupled with the third logic, stored in the memory and executable by the processor to cause the processor to receive a result of the performance of at least one of the first service, the second service or a combination thereof from the first application, the second application, or a combination thereof, respectively, wherein the act comprises at least one of provide at least a copy of at least a portion of the intercepted packet to at least one of the first and second applications, delete the intercepted packet, modify the intercepted packet, substitute a modified intercepted packet for the intercepted packet, substitute a new packet for the intercepted packet, allow the intercepted packet to continue to the at least one intended destination, or combinations thereof.
-
Specification