System and method for directing network traffic in tunneling applications
First Claim
1. An apparatus for directing a packet to a tunnel in a network, comprising:
- (a) a transceiver arranged to receive and forward each packet in a flow of packets; and
(b) a processor, coupled to the transceiver, that is arranged to perform actions, including;
receiving the packets from a network device;
extracting data from the packets, wherein the extraction comprises a deep packet inspection at multiple layers of the seven layers in an Open Systems Interconnection (OSI) layered protocol across data extracted from a plurality of the packets to provide a rule syntax for at least one symbolic variable that is employed to generate a flow criteria for selecting a tunnel from a plurality of different tunnels, wherein the at least one symbolic variable includes Transmission Control Protocol (TCP) data content and one or more of a client address, server address, client port, server port, or Hypertext Transfer Protocol (HTTP) content;
buffering a defined amount of data from the plurality of packets to determine whether the flow criteria is satisfied, wherein the defined amount is based on a number of packets required to identify the flow criteria, and wherein the number of packets is selectable based on a request to access the at least one symbolic variable;
when the flow criteria is unsatisfied by the defined amount of buffered data, selecting the tunnel from the plurality of different tunnels based on the flow criteria being unsatisfied;
when the flow criteria is satisfied by the defined amount of buffered data, selecting the tunnel from the plurality of different tunnels based in part on the extracted data, wherein the selected tunnel is pre-designated for a tunneling protocol that is associated with the extracted data;
associating the packets with the selected tunnel, wherein the selected tunnel further comprises at least one of an MPLS tunnel, an IPSec tunnel, a SOCKS tunnel, a secure tunnel, and a load-balanced tunnel; and
forwarding the packets towards the selected tunnel.
2 Assignments
0 Petitions
Accused Products
Abstract
A method, apparatus, and system are directed to managing traffic towards a tunnel in a network. The invention enables a network device, to extract data from a received packet. A deep packet inspection is employed that enables examination of the extracted data at virtually any layer of an OSI layered protocol of the packet. If the extracted data does not satisfy the flow criteria, a second packet may be inspected at a deep packet level to determine whether the data of the first and second packet satisfies the flow criteria. If the extracted data satisfies the flow criteria a tunnel is determined based, in part, on the flow criteria. The packet is associated with and forwarded towards the determined tunnel.
-
Citations
43 Claims
-
1. An apparatus for directing a packet to a tunnel in a network, comprising:
-
(a) a transceiver arranged to receive and forward each packet in a flow of packets; and (b) a processor, coupled to the transceiver, that is arranged to perform actions, including; receiving the packets from a network device; extracting data from the packets, wherein the extraction comprises a deep packet inspection at multiple layers of the seven layers in an Open Systems Interconnection (OSI) layered protocol across data extracted from a plurality of the packets to provide a rule syntax for at least one symbolic variable that is employed to generate a flow criteria for selecting a tunnel from a plurality of different tunnels, wherein the at least one symbolic variable includes Transmission Control Protocol (TCP) data content and one or more of a client address, server address, client port, server port, or Hypertext Transfer Protocol (HTTP) content; buffering a defined amount of data from the plurality of packets to determine whether the flow criteria is satisfied, wherein the defined amount is based on a number of packets required to identify the flow criteria, and wherein the number of packets is selectable based on a request to access the at least one symbolic variable; when the flow criteria is unsatisfied by the defined amount of buffered data, selecting the tunnel from the plurality of different tunnels based on the flow criteria being unsatisfied; when the flow criteria is satisfied by the defined amount of buffered data, selecting the tunnel from the plurality of different tunnels based in part on the extracted data, wherein the selected tunnel is pre-designated for a tunneling protocol that is associated with the extracted data; associating the packets with the selected tunnel, wherein the selected tunnel further comprises at least one of an MPLS tunnel, an IPSec tunnel, a SOCKS tunnel, a secure tunnel, and a load-balanced tunnel; and forwarding the packets towards the selected tunnel. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. An apparatus for directing a packet to a tunnel in a network, comprising:
-
(a) a transceiver arranged to receive and forward each packet in a flow of packets; and (b) a processor, coupled to the transceiver, that is arranged to perform actions, including; receiving the packets from a network device; extracting data from the packets, wherein the extraction comprises; a deep packet inspection of multiple layers of the seven layers in an Open Systems Interconnection (OSI) layered protocol to provide a rule syntax for at least one symbolic variable that is employed to generate a flow criteria for selecting a tunnel from a plurality of different tunnels based on the extracted data from the packets, wherein the at least one symbolic variable includes Transmission Control Protocol (TCP) data content and one or more of a client address, server address, client port, server port, or Hypertext Transfer Protocol (HTTP) content; buffering a defined amount of data from the packets to determine whether the flow criteria is satisfied, wherein the defined amount is based on a number of packets required to identify the flow criteria, and wherein the number of packets is selectable based on a request to access the at least one symbolic variable; when the flow criteria is unsatisfied by the defined amount of buffered data, selecting the tunnel from the plurality of different tunnels based on the flow criteria being unsatisfied; when the flow criteria is satisfied by the defined amount of buffered data, selecting the tunnel from the plurality of different tunnels based in part on the extracted data, wherein the selected tunnel is pre-designated for a tunneling protocol that is associated with the extracted data; associating the packet with the selected tunnel, wherein the selected tunnel further comprises at least one of an MPLS tunnel, an IPSec tunnel, a SOCKS tunnel, a secure tunnel, and a load-balanced tunnel; and forwarding the packet towards the selected tunnel. - View Dependent Claims (13, 14)
-
-
15. An apparatus for directing a packet to a tunnel in a network, comprising:
-
(a) a transceiver arranged to receive and forward each packet in a flow of packets; and (b) a processor, coupled to the transceiver, that is arranged to perform actions, including; receiving the packet from a network device; extracting data from the packet, wherein the extraction comprises; a deep packet inspection of multiple layers of the seven layers in an Open Systems Interconnection (OSI) layered protocol to provide a rule syntax for at least one symbolic variable that is employed to generate a flow criteria for selecting a tunnel from a plurality of different tunnels, wherein the at least one symbolic variable includes Transmission Control Protocol (TCP) data content and one or more of a client address, server address, client port, server port, or Hypertext Transfer Protocol (HTTP) content; buffering a defined amount of data from the packets to determine whether the flow criteria is satisfied, wherein the defined amount is based on a number of packets required to identify the flow criteria, and wherein the number of packets is selectable based on a request to access the at least one symbolic variable; when the flow criteria is unsatisfied by the defined amount of buffered data, selecting the tunnel from the plurality of different tunnels based on the flow criteria being unsatisfied; when the flow criteria is satisfied by the defined amount of buffered data, selecting the tunnel from the plurality of different tunnels based in part on the extracted data, wherein the selected tunnel is pre-designated for a tunneling protocol that is associated with the extracted data; associating the packet with the selected tunnel, wherein the selected tunnel further comprises at least one of an MPLS tunnel, an IPSec tunnel, a SOCKS tunnel, a secure tunnel, and a load-balanced tunnel; and forwarding the packet towards the selected tunnel. - View Dependent Claims (16, 17)
-
-
18. A method for directing a packet towards a tunnel in a network, wherein a network device is arranged to perform actions, comprising:
-
receiving the packet from a network device; buffering the received packet, wherein buffering the received packet further comprises buffering a number of packets based on the number of packets required to identify a flow criteria, wherein the number of packets is selectable based on a request to access at least one symbolic variable; extracting data from the buffered packet, wherein the extraction comprises performing a deep packet inspection at multiple layers of the seven layers in an Open Systems Interconnection (OSI) layered protocol to provide a rule syntax for the at least one symbolic variable that is employed to generate a flow criteria for selecting a tunnel from a plurality of different tunnels, wherein the at least one symbolic variable includes Transmission Control Protocol (TCP) data content and one or more of a client address, server address, client port, server port, or Hypertext Transfer Protocol (HTTP) content; selecting the tunnel from the plurality of different tunnels based in part on the extracted data, wherein the selected tunnel is pre-designated for a tunneling protocol that is associated with the extracted data, and wherein the selected tunnel further comprises at least one of an MPLS tunnel, or a secure tunnel; modifying the packet for the selected tunnel; and forwarding the modified packet towards the selected tunnel. - View Dependent Claims (19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29)
-
-
30. A method for directing a packet towards a tunnel in a network, wherein a network device is arranged to perform actions, comprising:
-
receiving packets from another network device; determining a number of packets to buffer based on a defined number of packets required to determine whether a flow criteria is satisfied, wherein the defined number of packets includes more than one packet and is selectable based on a request to access at least one symbolic variable; buffering the determined number of packets; extracting data from within the determined number of buffered packets, wherein the extraction comprises performing a deep packet inspection of multiple layers of the seven layers in an Open Systems Interconnection (OSI) layered protocol for specific application layer data content to provide a rule syntax for the at least one symbolic variable that is employed to generate the flow criteria for selecting a tunnel from a plurality of different tunnels, wherein the at least one symbolic variable includes Transmission Control Protocol (TCP) data content and one or more of a client address, server address, client port, server port, or Hypertext Transfer Protocol (HTTP) content; when the flow criteria is unsatisfied in the determined number of buffered packets, selecting the tunnel from the plurality of different tunnels based on the flow criteria being unsatisfied; when the flow criteria is satisfied in the determined number of buffered packets, selecting the tunnel from the plurality of different tunnels based in part on the extracted data, wherein the selected tunnel is pre-designated for a tunneling protocol that is associated with the extracted data; modifying the packets for the selected tunnel, wherein the selected tunnel further comprises at least one of an MPLS tunnel, an IPSec tunnel, a SOCKS tunnel, a secure tunnel, and a load-balanced tunnel; and forwarding the modified packets towards the selected tunnel. - View Dependent Claims (31, 32)
-
-
33. A system for directing a packet towards a tunnel in a network, comprising:
-
a router, configured to receive a packet and to route the packet; and a tunnel manager, in communication with the router, that is configured to perform actions, comprising; receiving packets from a network device; determining a number of packets to buffer based on a defined number of packets required to determine whether a flow criteria is satisfied, wherein the defined number of packets includes more than one packet and is selectable based on a request to access at least one symbolic variable; buffering the determined number of packets; extracting data from within the determined number of buffered packets; performing a deep packet inspection on the extracted data, wherein the deep packet inspection comprises examining data from multiple layers of the seven layers of the OSI layered protocol for specific application layer data content to provide a rule syntax for the at least one symbolic variable that is employed to generate the flow criteria for selecting a tunnel from a plurality of different tunnels, wherein the at least one symbolic variable includes Transmission Control Protocol (TCP) data content and one or more of a client address, server address, client port, server port, or Hypertext Transfer Protocol (TCP) content; when the flow criteria is unsatisfied by the extracted data, selecting the tunnel from the plurality of different tunnels based on the flow criteria being unsatisfied; when the extracted data satisfies the flow criteria, selecting the tunnel from the plurality of different tunnels based in part on the satisfied flow criteria, wherein the selected tunnel is pre-designated for a tunneling protocol that is associated with the extracted data, and wherein the selected tunnel further comprises at least one of an MPLS tunnel, or a secure tunnel; modifying the packets for the selected tunnel, and forwarding the modified packets to the router, wherein the router is configured to route the packets towards the selected tunnel. - View Dependent Claims (34, 35, 36, 37, 38, 39)
-
-
40. A system for directing a packet towards a tunnel in a network, comprising:
-
a router, configured to receive a packet and to route the packet; and a tunnel manager, in communication with the router, that is configured to perform actions, comprising; receiving packets from a network device; determining a number of packets to buffer based on a defined number of packets required to determine whether a flow criteria is satisfied, wherein the defined number of packets includes more than one packet and is selectable based on a request to access at least one symbolic variable; buffering the determined number of packets; extracting data from within the determined number of buffered packets; performing a deep packet inspection on the extracted data, wherein the deep packet inspection comprises examining data from multiple layers of the seven layers of the OSI layered protocol for specific application layer data content to provide a rule syntax for the at least one symbolic variable that is employed to generate the flow criteria for selecting a tunnel from a plurality of different tunnels, wherein the at least one symbolic variable includes Transmission Control Protocol (TCP) data content and one or more of a client address, server address, client port, server port, or Hypertext Transfer Protocol (HTTP) content; when the flow criteria is unsatisfied by the extracted data, selecting the tunnel from the plurality of different tunnels based on the flow criteria being unsatisfied; when the extracted data satisfies the flow criteria, selecting the tunnel from the plurality of different tunnels based in part on the satisfied flow criteria, wherein the selected tunnel is pre-designated for a tunneling protocol that is associated with the extracted data; modifying the packets for the selected tunnel, wherein the selected tunnel further comprises at least one of an MPLS tunnel, an IPSec tunnel, a SOCKS tunnel, a secure tunnel, or a load-balanced tunnel; and forwarding the modified packets to the router, wherein the router is configured to route the packets towards the selected tunnel. - View Dependent Claims (41, 42)
-
-
43. A network device for directing a packet towards a tunnel in a network, comprising:
-
a receiver configured to receive packets from another network device; a processor that is arranged to perform actions, including; buffering a defined number of packets required to determine whether a flow criteria is satisfied, wherein the defined number of packets includes more than one packet and is selectable based on a request to access the at least one symbolic variable; extracting specific application layer data content from within the defined number of buffered packets using deep packet inspection at an application layer to provide a rule syntax for the at least one symbolic variable that is employed to generate the flow criteria for selecting a tunnel from a plurality of different tunnels; selecting the tunnel from the plurality of different tunnels when the flow criteria is unsatisfied in the defined number of buffered packets, wherein the tunnel is selected based on the flow criteria being unsatisfied; and selecting the tunnel from the plurality of different tunnels when the flow criteria is satisfied in the defined number of buffered packets, wherein the tunnel is selected based in part on the deep packet inspection at multiple layers of the seven layers in the OSI layered protocol, wherein the selected tunnel is pre-designated for a tunneling protocol that is associated with the extracted data, and wherein the selected tunnel further comprises at least one of an MPLS tunnel, an IPSec tunnel, a SOCKS tunnel, a secure tunnel, or a load-balanced tunnel, wherein the at least one symbolic variable includes Transmission Control Protocol (TCP) data content and one or more of a client address, server address, client port, server port, or Hypertext Transfer Protocol (HTTP) content; and a logic device that is configured to associate the packets with the selected tunnel; and a transmitter configured to forward the packets towards the selected tunnel.
-
Specification