Method and system for identifying matching packets

US 9,438,517 B2
Filed: 10/30/2013
Issued: 09/06/2016
Est. Priority Date: 10/30/2012
Status: Active Grant

First Claim

Patent Images

1. A method, comprising:

receiving, by a device, a first subset of a first plurality of packets,the first plurality of packets being associated with a first location in a network, andthe first subset of the first plurality of packets being selected based on a filter;

receiving, by the device, a second subset of a second plurality of packets,the second plurality of packets being associated with a second location in the network,the second location being different than the first location, andthe second subset of the second plurality of packets being selected based on the filter;

parsing, by the device, each packet in the first subset and the second subset to extract invariant header fields from an outermost internet protocol (IP) header until a minimal set of invariant header fields is obtained, for each packet, that uniquely identifies each packet throughout the network, or until the minimal set of invariant header fields cannot be obtained for each packet,the minimal set of invariant header fields including a minimum set of invariant header fields, of each packet, that uniquely identifies each packet throughout the network within a particular time period,the particular time period being long enough in duration to allow each packet to traverse the network, but short enough in duration to prevent a same packet signature from being computed for different packets,the minimal set of invariant header fields not being obtainable for a particular packet with a particular protocol combination,the particular protocol combination including no known identifier or sequence number that uniquely identifies the particular packet at the first location and the second location;

computing, by the device, a packet signature from the minimal set of invariant header fields for each packet in the first subset and the second subset for which a minimal set of invariant header fields is obtained; and

comparing, by the device, packet signatures associated with the first subset and packet signatures associated with the second subset to identify matching packets with a same packet signature in the first subset and the second subset.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In a method of identifying matching packets at different locations in a network, a first plurality of packets is received at a first location in the network, and a first subset thereof is selected in accordance with a filter. A second plurality of packets is received at a second location in the network, and a second subset thereof is selected in accordance with the same filter. Each packet in the first and second subsets is parsed to extract invariant header fields from an outermost IP header inwards, until a minimal set of invariant header fields is obtained for that packet, or until it is determined that a minimal set is not obtainable for that packet. A packet signature is computed from the minimal set for each packet having a minimal set, and the packet signatures are compared to identify matching packets in the first and second subsets.

39 Citations

View as Search Results

20 Claims

1. A method, comprising:
- receiving, by a device, a first subset of a first plurality of packets,the first plurality of packets being associated with a first location in a network, andthe first subset of the first plurality of packets being selected based on a filter;
  
  receiving, by the device, a second subset of a second plurality of packets,the second plurality of packets being associated with a second location in the network,the second location being different than the first location, andthe second subset of the second plurality of packets being selected based on the filter;
  
  parsing, by the device, each packet in the first subset and the second subset to extract invariant header fields from an outermost internet protocol (IP) header until a minimal set of invariant header fields is obtained, for each packet, that uniquely identifies each packet throughout the network, or until the minimal set of invariant header fields cannot be obtained for each packet,the minimal set of invariant header fields including a minimum set of invariant header fields, of each packet, that uniquely identifies each packet throughout the network within a particular time period,the particular time period being long enough in duration to allow each packet to traverse the network, but short enough in duration to prevent a same packet signature from being computed for different packets,the minimal set of invariant header fields not being obtainable for a particular packet with a particular protocol combination,the particular protocol combination including no known identifier or sequence number that uniquely identifies the particular packet at the first location and the second location;
  
  computing, by the device, a packet signature from the minimal set of invariant header fields for each packet in the first subset and the second subset for which a minimal set of invariant header fields is obtained; and
  
  comparing, by the device, packet signatures associated with the first subset and packet signatures associated with the second subset to identify matching packets with a same packet signature in the first subset and the second subset.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, where each packet in the first subset and the second subset is parsed header by header from the outermost IP header inwards.
  - 3. The method of claim 1, where:
    - at least some of the packets in the first subset have different protocol combinations,at least some of the packets in the second subset have different protocol combinations, andthe minimal set of invariant header fields for each packet in the first subset and the second subset, for which a minimal set of invariant header fields is obtained, depends on the protocol combination of each packet.
  - 4. The method of claim 1, wherein the minimal set of invariant header fields includes an IP source address, an IP destination address, and at least one additional invariant header field selected from an identifier and a sequence number.
  - 5. The method of claim 1, where the packet signature for each packet in the first subset and the second subset, for which a minimal set of invariant header fields is obtained, is computed by applying a hash function to the minimal set of invariant header fields for each packet.
  - 6. The method of claim 5, further comprising:
    - storing each packet in the first subset and the second subset in memory and in a hash table indexed by packet signature.
  - 7. The method of claim 1, further comprising:
    - assigning a first timestamp to each packet in the first subset;
      
      assigning a second timestamp to each packet in the second subset; and
      
      comparing first timestamps and second timestamps of the matching packets in the first subset and the second subset to determine a latency between the first location and the second location in the network.
  - 8. The method of claim 1, where:
    - the filter includes a first filter condition based on a first invariant header field selected from an identifier and a sequence number, andthe first filter condition defines at least one of an entire identifier, an entire sequence number, a subset of the identifier, or a subset of the sequence number.
  - 9. The method of claim 8, further comprising:
    - counting each packet in the first subset and the second subset to obtain a total number of packets;
      
      comparing the total number of packets to a predetermined threshold; and
      
      when the total number of packets is less than the predetermined threshold, adding a second filter condition to the filter,the second filter condition being based on a second invariant header field selected from another identifier and another sequence number, andthe second filter condition defining at least one of an entire identifier, an entire sequence number, a subset of the identifier, or a subset of the sequence number.

10. A system, comprising:
- a first probe to;
  
  receive a first plurality of packets at a first location in a network; and
  
  select a first subset of the first plurality of packets in accordance with a filter;
  
  a second probe to;
  
  receive a second plurality of packets at a second location in the network,the second location being different than the first location; and
  
  select a second subset of the second plurality of packets in accordance with the filter; and
  
  a packet-matching unit to;
  
  parse each packet in the first subset and the second subset to extract invariant header fields from an outermost interne protocol (IP) header until a set of invariant header fields is obtained, for each packet, that uniquely identifies each packet throughout the network, or until the set of invariant header fields cannot be obtained for each packet,the set of invariant header fields including a minimum set of invariant header fields, of each packet, that uniquely identifies each packet throughout the network within a particular time period,the particular time period being long enough in duration to allow each packet to traverse the network, but short enough in duration to prevent a same packet signature from being computed for different packets,the set of invariant header fields not being obtainable for a particular packet with a particular protocol combination,the particular protocol combination including no known identifier or sequence number that uniquely identifies the particular packet at the first location and the second location;
  
  compute a packet signature from the set of invariant header fields for each packet in the first subset and the second subset for which a set of invariant header fields is obtained; and
  
  compare packet signatures associated with the first subset and packet signatures associated with the second subset to identify matching packets with a same packet signature in the first subset and the second subset.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18, 19)
- - 11. The system of claim 10, where:
    - the first probe is incorporated into a first network node physically located at the first location, andthe second probe is incorporated into a second network node physically located at the second location.
  - 12. The system of claim 10, where each packet in the first subset and the second subset is parsed header by header from the outermost IP header inwards.
  - 13. The system of claim 10, where:
    - at least some of the packets in the first subset have different protocol combinations,at least some of the packets in the second subset have different protocol combinations, andthe set of invariant header fields for each packet in the first subset and the second subset, for which a set of invariant header fields is obtained, depends on the protocol combination of each packet.
  - 14. The system of claim 10, where the set of invariant header fields includes an IP source address, an IP destination address, and at least one additional invariant header field selected from an identifier and a sequence number.
  - 15. The system of claim 10, where the packet signature for each packet in the first subset and the second subset, for which a set of invariant header fields is obtained, is computed by applying a hash function to the set of invariant header fields for each packet.
  - 16. The system of claim 15, where the packet-matching unit is to:
    - store each packet in the first subset and the second subset in memory and in a hash table indexed by packet signature.
  - 17. The system of claim 10, where:
    - the first probe is to assign a first timestamp to each packet in the first subset,the second probe is to assign a second timestamp to each packet in the second subset, andthe packet-matching unit is to compare first timestamps and second timestamps of the matching packets in the first subset and the second subset to determine a latency between the first location and the second location in the network.
  - 18. The system of claim 10, where:
    - the filter includes a first filter condition based on a first invariant header field selected from an identifier and a sequence number, andthe first filter condition defines at least one of an entire identifier, an entire sequence number, a subset of the identifier, and a subset of the sequence number.
  - 19. The system of claim 18, where the packet-matching unit is to:
    - count each packet in the first subset and the second subset to obtain a total number of packets;
      
      compare the total number of packets to a predetermined threshold; and
      
      when the total number of packets is less than the predetermined threshold, add a second filter condition to the filter,the second filter condition being based on a second invariant header field selected from another identifier and another sequence number,the second filter condition defining at least one of an entire identifier, an entire sequence number, a subset of the identifier, or a subset of the sequence number.

20. A device, comprising:
- one or more processors to;
  
  receive a first subset of a first plurality of packets,the first plurality of packets being associated with a first location in a network, andthe first subset of the first plurality of packets being selected based on a filter;
  
  receive a second subset of a second plurality of packets,the second plurality of packets being associated with a second location in the network,the second location being different than the first location, andthe second subset of the second plurality of packets being selected based on the filter;
  
  parse each packet in the first subset and the second subset to extract invariant header fields from an outermost interne protocol (IP) header until a set of invariant header fields is obtained, for each packet, that uniquely identifies each packet throughout the network, or until the set of invariant header fields cannot be obtained for each packet,the set of invariant header fields including a minimum set of invariant header fields, of each packet, that uniquely identifies each packet throughout the network within a particular time period,the particular time period being long enough in duration to allow each packet to traverse the network, but short enough in duration to prevent a same packet signature from being computed for different packets,the set of invariant header fields not being obtainable for a particular packet with a particular protocol combination,the particular protocol combination including no known identifier or sequence number that uniquely identifies the particular packet at the first location and the second location;
  
  compute a packet signature from the set of invariant header fields for each packet in the first subset and the second subset for which a minimal set of invariant header fields is obtained; and
  
  compare packet signatures associated with the first subset and packet signatures associated with the second subset to identify matching packets with a same packet signature in the first subset and the second subset.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Viavi Solutions, Inc. (Lumentum Holdings Inc.)
Original Assignee
Viavi Solutions, Inc. (Lumentum Holdings Inc.)
Inventors
Chan, Lai-chong, Moody, Brian
Primary Examiner(s)
Chriss, Andrew
Assistant Examiner(s)
Preval, Voster

Application Number

US14/067,656
Publication Number

US 20140119231A1
Time in Patent Office

1,042 Days
Field of Search

370/253
US Class Current

1/1
CPC Class Codes

H04L 43/022   by sampling

H04L 43/024   by adaptive sampling

H04L 43/026   using flow identification

H04L 43/028   by filtering

H04L 43/0852   Delays

H04L 43/0858   One way delays

H04L 47/115   using a dedicated packet

H04L 47/24   Traffic characterised by sp...

H04L 47/34   ensuring sequence integrity...

H04L 69/22   Parsing or analysis of headers

Method and system for identifying matching packets

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

39 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system for identifying matching packets

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

39 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links