Traffic synchronization across multiple devices in wide area network topologies

US 8,793,361 B1
Filed: 06/30/2006
Issued: 07/29/2014
Est. Priority Date: 06/30/2006
Status: Active Grant

First Claim

Patent Images

1. In a network device operative to classify data flows and mirror data flows to cooperating network devices, a method facilitating classification of asymmetric data flows, the method comprising:

detecting, at the network device, one or more packets of a data flow originally received at the network device;

receiving, at the network device, one or more mirrored packets of the data flow from one or more cooperating network devices;

classifying the data flow into a network application of a plurality of network applications, at the network device, by applying one or more classification operations to at least one of the one or more originally received packets and at least one of the one or more mirrored packets of the data flow;

mirroring one or more packets of the data flow to the one or more cooperating network devices by transmitting the one or more packets from the network device to the one or more cooperating network devices; and

discontinuing the mirroring of packets of the data flow, at the network device, upon termination of the one or more classification operations;

wherein the detected packets originally received at the network device, the received mirrored packets from the cooperating network devices received at the network device, and the transmitted mirrored packets to the cooperating device network devices from the network device each correspond to the same data flow.

View all claims

12 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An exemplary embodiment provides for a method for use in a network device operative to facilitate classification of data flows in a multipath network topology by intelligently mirroring one or more packets of the data flows to a set of cooperating network devices. The method, in one implementation, can involve tracking asymmetric data flows and synchronizing at least portions of the asymmetric data flows between a plurality of network devices to facilitate classification and other operations in multipath network topologies. In one implementation, the present invention allows a plurality of network devices, each disposed on the boundaries of an autonomous system (such as an ISP network) to communicate enough information about data flows encountered at each of the network devices to enable more accurate data flow classification. Since mirrored traffic may affect available bandwidth for regular network traffic, certain implementations of the invention include optimization directed to reducing the amount of mirrored traffic between network devices.

Citations

15 Claims

1. In a network device operative to classify data flows and mirror data flows to cooperating network devices, a method facilitating classification of asymmetric data flows, the method comprising:
- detecting, at the network device, one or more packets of a data flow originally received at the network device;
  
  receiving, at the network device, one or more mirrored packets of the data flow from one or more cooperating network devices;
  
  classifying the data flow into a network application of a plurality of network applications, at the network device, by applying one or more classification operations to at least one of the one or more originally received packets and at least one of the one or more mirrored packets of the data flow;
  
  mirroring one or more packets of the data flow to the one or more cooperating network devices by transmitting the one or more packets from the network device to the one or more cooperating network devices; and
  
  discontinuing the mirroring of packets of the data flow, at the network device, upon termination of the one or more classification operations;
  
  wherein the detected packets originally received at the network device, the received mirrored packets from the cooperating network devices received at the network device, and the transmitted mirrored packets to the cooperating device network devices from the network device each correspond to the same data flow.
- View Dependent Claims (2, 3, 4)
- - 2. The method as recited in claim 1 further comprisingdetermining whether an external host associated with the data flow has been newly identified within a threshold period of time;
    - and wherein execution of the mirroring is conditioned on whether the external host is newly identified.
  - 3. The method as recited in claim 2 further comprisingidentifying internal and external hosts of the detected data flow;
    - andadding the internal and external hosts to a host database; and
      
      wherein the determining step comprises;
      
      determining whether the external host associated with the data flow has been added to the host database within a threshold hold period of time.
  - 4. The method as recited in claim 2 further comprising:
    - determining if the data flow is indicator traffic, wherein indicator traffic comprises one or more attributes of a data flow that facilitates classification of other data flows; and
      
      mirroring the indicator traffic to the second network device.

5. In a first network device operative to classify data flows and mirror data flows to a second network device, a method facilitating classification of asymmetric data flows, the method comprising:
- receiving, from the second network device, a mirrored packet identifying an external host;
  
  marking a seen elsewhere flag associated with the external host identified in the mirrored packet;
  
  receiving a second original data flow, wherein the second original data flow includes one or more packets;
  
  determining whether the second original data flow is associated with the external host identified in the mirrored packet; and
  
  mirroring at least one packet of the second original data flow to the second network device by transmitting the one or more packets from the first network device to the second network devices, if the seen elsewhere flag corresponding to the external host is marked;
  
  detecting, at the first network device, one or more packets of the data flow originally received at the network device; and
  
  classifying the data flow into respective network applications of a plurality of network applications, at the first network device, by applying one or more classification operations to at least one of the one or more originally received packets and at least one of the one or more mirrored packets of the data flow;
  
  wherein the mirrored packet transmitted from the first network device to the second network device and the one or more packets of the received second original data flow each correspond to the same data flow.
- View Dependent Claims (6)
- - 6. The method as recited in claim 5 further comprising:
    - determining if the second original data flow is indicator traffic wherein indicator traffic comprises one or more attributes of a data flow that facilitates classification of other data flows; and
      
      mirroring the indicator traffic to the second network device by transmitting packets of the indicator traffic from the network device to the second network device.

7. In a first network device operative to classify data flows and mirror data flows to a second network device, a method facilitating classification of asymmetric data flows, the method comprising:
- receiving, at the first network device, one or more packets corresponding to a data flow;
  
  monitoring the data flow for an indication of asymmetry, wherein the indication of asymmetry comprises receiving one or more mirrored packets of the data flow from one or more cooperating network devices or receiving an ACK packet in the data flow wherein the first network device did not encounter a corresponding TCP packet of the ACK packet;
  
  mirroring one or more packets of the data flow to the second network device by transmitting the one or more packets of the data flow from the first network device to the second network device, if an indication of asymmetry is detected; and
  
  classifying the data flow into a network application of a plurality of network applications, at the first network device, by applying one or more classification operations to at least one of the one or more originally received packets and at least one of the one or more mirrored packets of the data flow;
  
  wherein the one or more packets received at the first network device and the mirrored one or more packets transmitted from the first network device to the second network device each correspond to the same data flow.
- View Dependent Claims (8)
- - 8. The method as recited in claim 7 further comprising:
    - marking an external host asymmetry flag pertaining to an external host associated with the data flow, if an indication of asymmetry is detected;
      
      receiving a new data flow, associated with the external host, comprising one or more packets; and
      
      mirroring the one or more packets of the new data flow to the second network device until the new data flow is classified, if the external host asymmetry flag is marked.

9. In a network device operative to classify data flows and mirror data flows to one or more cooperating network devices, a method facilitating classification of asymmetric data flows, the method comprising:
- detecting, at the network device, a data flow, comprising one or more packets, corresponding to an external host;
  
  mirroring the one or more packets of the data flow to at least a plurality of network devices of the one or more cooperating network devices;
  
  receiving an indication that one or more other packets of the data flow has been detected at a first network device of plurality of network devices;
  
  mirroring, after receipt of the indication, one or more packets of the data flow, and one or more packets of subsequent data flows associated with the external host, by transmitting the one or more packets of the data flow from the network device only to the first network device; and
  
  classifying the data flow and the subsequent data flows into respective network applications of a plurality of network applications, at the network device, by applying one or more classification operations to at least one of the one or more originally received packets and at least one of one or more mirrored packets of the data flow received from the first network device;
  
  wherein the detected one or more packets corresponding to an external at the network device and the mirrored one or more packets to the plurality of cooperating network devices each correspond to the same data flow.
- View Dependent Claims (10, 11, 12)
- - 10. The method as recited in claim 9 further comprising mirroring one or more packets of the data flow to the plurality of network devices, if one or more packets of the data flow, or one or more packets of subsequent data flows associated with the external host, is detected at one of the network devices in the plurality of network devices other than the first network device.
  - 11. The method as recited in claim 9 wherein mirroring the one or more packets of the data flow to the first network device or to the one or more other network devices is controlled via a mirroring device identifier.
  - 12. The method as recited in claim 11 wherein the mirroring device identifier is a MAC address.

13. In a network device operative to classify data flows and mirror data flows to one or more cooperating network devices, a method facilitating classification of asymmetric data flows, the method comprising:
- receiving a mirror packet corresponding to a data flow associated with an external host transmitted from a first network device of the one or more cooperating network devices;
  
  if the mirroring device identifier is not set, setting a mirroring device identifier associated with the external host to correspond to the first network device;
  
  receiving, at the network device, one or more mirror packets associated with the external host transmitted from at least a second network device of the one or more cooperating network devices;
  
  setting, at the network device, the mirroring device identifier to cause the network device to mirror subsequent packets associated with the external host by transmitting the subsequent packets from the network device to all network devices of the one or more cooperating network devices;
  
  detecting, at the network device, one or more packets of the data flow originally received at the network device; and
  
  classifying the data flow into respective network applications of a plurality of network applications, at the network device, by applying one or more classification operations to at least one of the one or more originally received packets and at least one of the one or more mirrored packets of the data flow;
  
  wherein the originally received packets and the mirrored packets each correspond to the same data flow.
- View Dependent Claims (14)
- - 14. The method as recited in claim 13 further comprising marking a seen elsewhere flag associated with the external host, after receiving one or more mirror packets from at least one of the one or more cooperating network devices.

15. A network device operative to classify asymmetric data flows and mirror data flows to one or more cooperating network devices, the network device comprising:
- one or more network interfaces;
  
  a memory;
  
  one or more processors; and
  
  an application, physically stored in the memory, including instructions operable to cause the one or more processors and the network device to;
  
  detect, at the network device, one or more packets of a data flow originally received at the network device;
  
  receive one or more mirrored packets of the data flow from one or more cooperating network devices;
  
  classify the data flow into respective network applications of a plurality of network applications, at the network device, by applying one or more classification operations to at least one of the one or more originally received packets and at least one of the one or more mirrored packets of the data flow;
  
  mirror one or more packets of the data flow to the one or more cooperating network devices by transmitting the one or more packets from the network device to the one or more cooperating network devices; and
  
  discontinue mirroring of packets of the data flow upon termination of the one or more classification operations;
  
  wherein the detected packets, received packets, and mirrored packets each correspond to the same data flow.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
CA, Inc. (d/b/a CA Technologies) (Broadcom, Inc.)
Original Assignee
Blue Coat Systems Incorporated (Gen Digital Inc.)
Inventors
Riddle, Guy
Primary Examiner(s)
Dharia, Rupal
Assistant Examiner(s)
MCKENZIE, MARCUS A

Application Number

US11/479,371
Time in Patent Office

2,951 Days
Field of Search

709/224
US Class Current

709/224
CPC Class Codes

H04L 47/193   at the transport layer, e.g...

H04L 47/22   Traffic shaping

H04L 47/2408   for supporting different se...

H04L 47/2441   relying on flow classificat...

H04L 47/27   Evaluation or update of win...

Traffic synchronization across multiple devices in wide area network topologies

First Claim

12 Assignments

0 Petitions

Accused Products

Abstract

Citations

15 Claims

Specification

Solutions

Use Cases

Quick Links

Traffic synchronization across multiple devices in wide area network topologies

First Claim

12 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

15 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links