System and method for inspecting domain name system flows in a network environment

US 9,015,318 B1
Filed: 11/18/2009
Issued: 04/21/2015
Est. Priority Date: 11/18/2009
Status: Active Grant

First Claim

Patent Images

1. A method, comprising:

receiving a first packet associated with a domain name system (DNS) exchange between a subscriber and a DNS server;

maintaining a correlation between a domain name and a plurality of Internet protocol (IP) addresses included in a DNS response;

receiving from the subscriber a subsequent packet associated with a subsequent flow;

identifying an IP address within the subsequent packet as being one of the plurality of IP addresses included in the DNS response, wherein each of the IP addresses corresponds to one of a plurality of web servers associated with the domain name; and

executing a policy decision for the subsequent flow without inspecting the contents of the subsequent flow at layer 7 based on an identity of the subscriber and the domain name correlated to the identified IP address, wherein the policy decision relates to charging a different rate for a particular flow.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method is provided in one example and includes receiving a first packet associated with a domain name system (DNS) exchange between a subscriber and a DNS server. A correlation is maintained between a domain name and an Internet protocol (IP) address included in a DNS response. A subsequent packet associated with a subsequent flow is received and the IP address is identified within the subsequent packet. The method further includes executing a policy decision for the subsequent flow based on the correlation between the IP address and the domain name. In more specific embodiments, the correlation is stored in a table that includes a time to live (TTL) parameter associated with the IP address. The IP address within the subsequent packet can be mapped to the domain name in order to apply the policy decision for the subsequent flow.

212 Citations

18 Claims

1. A method, comprising:
- receiving a first packet associated with a domain name system (DNS) exchange between a subscriber and a DNS server;
  
  maintaining a correlation between a domain name and a plurality of Internet protocol (IP) addresses included in a DNS response;
  
  receiving from the subscriber a subsequent packet associated with a subsequent flow;
  
  identifying an IP address within the subsequent packet as being one of the plurality of IP addresses included in the DNS response, wherein each of the IP addresses corresponds to one of a plurality of web servers associated with the domain name; and
  
  executing a policy decision for the subsequent flow without inspecting the contents of the subsequent flow at layer 7 based on an identity of the subscriber and the domain name correlated to the identified IP address, wherein the policy decision relates to charging a different rate for a particular flow.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1, wherein the correlation is stored in a table that includes a time to live (TTL) parameter associated with the IP address.
  - 3. The method of claim 1, wherein the IP address within the subsequent packet is mapped to the domain name in order to apply the policy decision to the subsequent flow.
  - 4. The method of claim 1, wherein the policy decision is based on the IP address associated with a particular server.
  - 5. The method of claim 1, wherein the policy decision includes at least one of executing billing, rate limiting, and controlling access associated with the subscriber.
  - 6. The method of claim 1, wherein the policy decision includes applying a quality of service to the subsequent flow based on a policy associated with the subscriber.

7. One or more non-transitory tangible media that includes code for execution and when executed by a processor operable to perform operations comprising:
- receiving a first packet associated with a domain name system (DNS) exchange between a subscriber and a DNS server;
  
  maintaining a correlation between a domain name and a plurality of Internet protocol (IP) addresses included in a DNS response;
  
  receiving from the subscriber a subsequent packet associated with a subsequent flow;
  
  identifying an IP address within the subsequent packet as being one of the plurality of IP addresses included in the DNS response, wherein each of the IP addresses corresponds to one of a plurality of web servers associated with the domain name; and
  
  executing a policy decision for the subsequent flow without inspecting the contents of the subsequent flow at layer 7 based on an identity of the subscriber and the domain name correlated to the identified IP address, wherein the policy decision relates to charging a different rate for a particular flow.
- View Dependent Claims (8, 9, 10, 11)
- - 8. The media of claim 7, wherein the correlation is stored in a table that includes a time to live (TTL) parameter associated with the IP address.
  - 9. The media of claim 7, wherein the IP address within the subsequent packet is mapped to the domain name in order to apply the policy decision to the subsequent flow.
  - 10. The media of claim 7, wherein the policy decision is based on the IP address associated with a particular server.
  - 11. The media of claim 7, wherein the policy decision includes at least one of executing billing associated with the subscriber, and applying a quality of service to the subsequent flow.

12. An apparatus, comprising:
- a memory element configured to store data,a processor operable to execute instructions associated with the data, andan awareness module configured to;
  
  receive a first packet associated with a domain name system (DNS) exchange between a subscriber and a DNS server;
  
  maintain a correlation between a domain name and a plurality of Internet protocol (IP) addresses included in a DNS response;
  
  receive from the subscriber a subsequent packet associated with a subsequent flow;
  
  identify an IP address within the subsequent packet as being one of the plurality of IP addresses included in the DNS response, wherein each of the IP addresses corresponds to one of a plurality of web servers associated with the domain name; and
  
  execute a policy decision for the subsequent flow without inspecting the contents of the subsequent flow at layer 7 based on an identity of the subscriber and the domain name correlated to the identified IP address, wherein the policy decision relates to charging a different rate for a particular flow.
- View Dependent Claims (13, 14, 15, 16, 17, 18)
- - 13. The apparatus of claim 12, wherein the correlation is stored in a table that includes a time to live (TTL) parameter associated with the IP address.
  - 14. The apparatus of claim 12, further comprising:
    - a policy control enforcement function (PCEF) module configured to block traffic associated with the subscriber based on the correlation.
  - 15. The apparatus of claim 12, wherein the IP address within the subsequent packet is mapped to the domain name in order to apply the policy decision to the subsequent flow.
  - 16. The apparatus of claim 12, further comprising:
    - a quality of service module configured to apply a quality of service to the subsequent flow based on a policy associated with the subscriber.
  - 17. The apparatus of claim 12, further comprising:
    - one or more traffic processors configured to store one or more entries associated with a plurality of IP addresses and respective domain names.
  - 18. The apparatus of claim 12, further comprising:
    - a policy and charging rules function configured to store one or more policies that affect routing decisions associated with a plurality of subscribers.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Original Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Inventors
Batz, Robert, Mackie, Robert
Primary Examiner(s)
Hamza, Faruk
Assistant Examiner(s)
OH, ANDREW CHUNG SUK

Application Number

US12/621,114
Time in Patent Office

1,980 Days
Field of Search

None
US Class Current

709/225
CPC Class Codes

H04L 12/14   Charging , metering or bill...

H04L 12/1407   Policy-and-charging control...

H04L 12/1485   Tariff-related aspects

H04L 2101/668   Internet protocol [IP] addr...

H04L 41/0896   Bandwidth or capacity manag...

H04L 45/306   Route determination based o...

H04L 47/10   Flow control; Congestion co...

H04L 61/2503   Translation of Internet pro...

H04L 61/302   Administrative registration...

H04L 61/3025   Domain name generation or a...

H04L 61/4511   using domain name system [DNS]

H04L 61/5076   Update or notification mech...

H04L 61/58   Caching of addresses or names

H04L 63/0263   Rule management

H04L 63/0892   by using authentication-aut...

H04L 67/1036   Load balancing of requests ...

H04L 67/63   Routing a service request d...

System and method for inspecting domain name system flows in a network environment

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

212 Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for inspecting domain name system flows in a network environment

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

212 Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links