Incremental application of resources to network traffic flows based on heuristics and business policies
First Claim
1. A method for operating a network service provider, comprising:
- receiving a first portion of a traffic flow from a router in a plurality of routers in a network, wherein the traffic flow satisfies a first condition;
inspecting the first portion of the traffic flow at a first level of detail;
determining, based on the inspecting, that the traffic flow satisfies a second condition;
when the traffic flow is determined to satisfy the second condition;
receiving a second portion of the traffic flow, wherein the second portion of the traffic flow comprises a larger amount of information than the first portion of the traffic flow; and
inspecting the second portion of the traffic flow at a second level of detail, wherein the inspecting at the second level of detail requires a different amount of computing resources than the inspecting at the first level of detail,wherein the inspecting the first portion of the traffic flow at a first level of detail comprises inspecting the header information of the packets belonging to the traffic flow, and the inspecting the second portion of the traffic flow at a second level of detail comprises inspecting the header and payload information of the packets describing the traffic flow.
2 Assignments
0 Petitions
Accused Products
Abstract
Disclosed herein are system, method, and computer program product embodiments for increasingly applying network resources to traffic flows based on heuristics and policy conditions. A network determines that a traffic flow satisfies a first condition and transmits a first portion of the traffic flow to a network service. A network service then inspects the first portion of the traffic flow at a first level of detail and determines that the traffic flow satisfies a second condition. The network can then transmit a second portion of the traffic flow to the network service based on the determining the traffic flow satisfies the second condition. The network service can inspect the second portion of the traffic flow at a second level of detail, wherein the inspecting at the second level of detail requires a different amount of computing resources than the inspecting at the first level of detail.
35 Citations
17 Claims
-
1. A method for operating a network service provider, comprising:
-
receiving a first portion of a traffic flow from a router in a plurality of routers in a network, wherein the traffic flow satisfies a first condition; inspecting the first portion of the traffic flow at a first level of detail; determining, based on the inspecting, that the traffic flow satisfies a second condition; when the traffic flow is determined to satisfy the second condition; receiving a second portion of the traffic flow, wherein the second portion of the traffic flow comprises a larger amount of information than the first portion of the traffic flow; and inspecting the second portion of the traffic flow at a second level of detail, wherein the inspecting at the second level of detail requires a different amount of computing resources than the inspecting at the first level of detail, wherein the inspecting the first portion of the traffic flow at a first level of detail comprises inspecting the header information of the packets belonging to the traffic flow, and the inspecting the second portion of the traffic flow at a second level of detail comprises inspecting the header and payload information of the packets describing the traffic flow. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A non-transitory computer-readable medium having instructions stored thereon that, when executed by at least one computing device, causes the at least one computing device to perform a method for operating a network service provider, the method comprising:
-
receiving a first portion of a traffic flow in a network, wherein the traffic flow satisfies a first condition; inspecting the first portion of the traffic flow at a first level of detail; determining, based on the inspecting, that the traffic flow satisfies a second condition; in response to determining that the traffic flow satisfies the second condition, sending a message to a controller indicating satisfying the second condition, wherein the controller is configured to instruct one or more routers to transmit a second portion of the traffic flow to the network service provider based on the determining the traffic flow satisfies the second condition; subsequent to sending the message, receiving the second portion of the traffic flow, wherein the second portion of the traffic flow comprises a larger amount of information than the first portion of the traffic flow; and in response to receiving the second portion of the traffic flow, inspecting the second portion of the traffic flow at a second level of detail, wherein the inspecting at the second level of detail requires a different amount of computing resources than the inspecting at the first level of detail, wherein the inspecting the first portion of the traffic flow at a first level of detail comprises inspecting the header information of the packets belonging to the traffic flow, and inspecting the second portion of the traffic flow at a second level of detail comprises inspecting the header and payload information of the packets describing the traffic flow. - View Dependent Claims (13, 14, 15, 16, 17)
-
Specification