Incremental application of resources to network traffic flows based on heuristics and business policies
First Claim
1. A computer-implemented method of inspecting network traffic, comprising:
- determining that a traffic flow satisfies a first condition;
transmitting a first portion of the traffic flow to a network service based on the determining the traffic flow satisfies the first condition;
inspecting, at the network service, the first portion of the traffic flow at a first level of detail based on the first condition;
determining, based on the inspecting, that the traffic flow satisfies a second condition;
transmitting a second portion of the traffic flow to the network service based on the determining the traffic flow satisfies the second condition;
inspecting, at the network service, the second portion of the traffic flow at a second level of detail, wherein the inspecting at the second level of detail requires a different amount of computing resources than the inspecting at the first level of detailwherein the second portion of the traffic flow comprises a larger amount of information than the first portion of the traffic flow.
2 Assignments
0 Petitions
Accused Products
Abstract
Disclosed herein are system, method, and computer program product embodiments for increasingly applying network resources to traffic flows based on heuristics and policy conditions. A network determines that a traffic flow satisfies a first condition and transmits a first portion of the traffic flow to a network service. A network service then inspects the first portion of the traffic flow at a first level of detail and determines that the traffic flow satisfies a second condition. The network can then transmit a second portion of the traffic flow to the network service based on the determining the traffic flow satisfies the second condition. The network service can inspect the second portion of the traffic flow at a second level of detail, wherein the inspecting at the second level of detail requires a different amount of computing resources than the inspecting at the first level of detail.
41 Citations
19 Claims
-
1. A computer-implemented method of inspecting network traffic, comprising:
-
determining that a traffic flow satisfies a first condition; transmitting a first portion of the traffic flow to a network service based on the determining the traffic flow satisfies the first condition; inspecting, at the network service, the first portion of the traffic flow at a first level of detail based on the first condition; determining, based on the inspecting, that the traffic flow satisfies a second condition; transmitting a second portion of the traffic flow to the network service based on the determining the traffic flow satisfies the second condition; inspecting, at the network service, the second portion of the traffic flow at a second level of detail, wherein the inspecting at the second level of detail requires a different amount of computing resources than the inspecting at the first level of detail wherein the second portion of the traffic flow comprises a larger amount of information than the first portion of the traffic flow. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A system comprising:
-
an analytics module configured to determine that a traffic flow satisfies a first condition; a controller configured to configure one or more routers to; transmit a first portion of the traffic flow to a network service based on the determining the traffic flow satisfies the first condition; a network service configured to; inspect the first portion of the traffic flow at a first level of detail based on the first condition; and determine, based on the inspecting, that the traffic flow satisfies a second condition; wherein the controller is further configured to configure one or more routers to transmit a second portion of the traffic flow to the network service based on the determining the traffic flow satisfies the second condition, wherein the network service is further configured to inspect the second portion of the traffic flow at a second level of detail, wherein the inspecting at the second level of detail requires a different amount of computing resources than the inspecting at the first level of detail, and wherein the second portion of the traffic flow comprises a larger amount of information than the first portion of the traffic flow. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
-
-
17. A non-transitory computer-readable medium having instructions stored thereon that, when executed by at least one computing device, causes the at least one computing device to perform operations comprising:
-
determining that a traffic flow satisfies a first condition; transmitting a first portion of the traffic flow to a network service based on the determining the traffic flow satisfies the first condition; inspecting, at the network service, the first portion of the traffic flow at a first level of detail based on the first condition; determining, based on the inspecting, that the traffic flow satisfies a second condition; transmitting a second portion of the traffic flow to the network service based on the determining the traffic flow satisfies the second condition; inspecting, at the network service, the second portion of the traffic flow at a second level of detail, wherein the inspecting at the second level of detail requires a different amount of computing resources than the inspecting at the first level of detail, wherein the second portion of the traffic flow comprises a larger amount of information than the first portion of the traffic flow. - View Dependent Claims (18, 19)
-
Specification