System and method for customizing the identification of application or content type

US 9,722,918 B2
Filed: 03/15/2013
Issued: 08/01/2017
Est. Priority Date: 03/15/2013
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method for dynamic network traffic control, comprising:

identifying, by a traffic controller, a first data packet, flowing from a source network device to a destination network device, as a subject of traffic-type classification by the traffic controller, the first packet produced in response to an action by an end-user, the traffic type classification being associated with at least one of an application type and a content type, the traffic controller including a control engine coupled to a network interface, the control engine controlling transmission and receipt of data packets between clients and servers, the control engine including classification modules, each of the classification modules having a unique identifier and being operable to trigger on a RULE INIT event;

identifying by a first collection of traffic classification modules of the traffic controller, a session identifier of the first data packet, the session identifier corresponding to a network session between the source network device and the destination network device, the session identifier distinguishing the network session from other network sessions;

determining that the traffic controller is transitioning from the first collection of traffic classification modules to a second collection of traffic classification modules;

setting the collection identifier for the session to point to the second collection of traffic classification modules;

determining that the first data packet is an event of a first event type, the first event type representing an initiating event;

processing the first data packet in accordance with a rule set defined by the second collection of classification modules and the initiating event; and

producing, as a result of processing the first data packet, an intra-session persistent state for the second collection of traffic classification modules.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Expertise, for performing classification of a type of network traffic, can be encapsulated in a module. A set of modules, as currently available to a traffic controller, can be referred to as a collection. Programming language constructs are introduced that facilitate the writing of modules customized to identify network traffic that is peculiar to a particular user, or to a relatively small group of users. An example programming language, based on Tcl, is introduced. A key aspect is event-driven programming, and the “when” command construct is introduced. Three important event types, that can trigger a “when” command, are CLIENT_DATA, SERVER_DATA, and RULE_INIT. Another key aspect is an ability to keep state information between events. Constructs for intra-session, intra-module, and global state are introduced. A module can be blocked from executing more than once for a session. Successful execution of a module can be specified by a “match” statement.

Citations

20 Claims

1. A computer-implemented method for dynamic network traffic control, comprising:
- identifying, by a traffic controller, a first data packet, flowing from a source network device to a destination network device, as a subject of traffic-type classification by the traffic controller, the first packet produced in response to an action by an end-user, the traffic type classification being associated with at least one of an application type and a content type, the traffic controller including a control engine coupled to a network interface, the control engine controlling transmission and receipt of data packets between clients and servers, the control engine including classification modules, each of the classification modules having a unique identifier and being operable to trigger on a RULE INIT event;
  
  identifying by a first collection of traffic classification modules of the traffic controller, a session identifier of the first data packet, the session identifier corresponding to a network session between the source network device and the destination network device, the session identifier distinguishing the network session from other network sessions;
  
  determining that the traffic controller is transitioning from the first collection of traffic classification modules to a second collection of traffic classification modules;
  
  setting the collection identifier for the session to point to the second collection of traffic classification modules;
  
  determining that the first data packet is an event of a first event type, the first event type representing an initiating event;
  
  processing the first data packet in accordance with a rule set defined by the second collection of classification modules and the initiating event; and
  
  producing, as a result of processing the first data packet, an intra-session persistent state for the second collection of traffic classification modules.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 2. The method of claim 1, wherein the determining that the first data packet is an event of the first event type further comprises determining that the first packet is an initial packet of its session.
  - 3. The method of claim 1, wherein the first event identifier is represented by an administrative user via a programming language statement of the RULE_INIT event.
  - 4. The method of claim 1, further comprising producing, as a result of processing the first data packet, intra-module persistent for the second collection of traffic classification modules.
  - 5. The method of claim 1, further comprising producing, as a result of processing the first data packet, globally persistent state for the second collection of traffic classification modules.
  - 6. The method of claim 1, further comprising identifying the first packet as being part of a pre-existing first session, in response to receipt of the first packet, if the first packet is not an initial packet to be received, by the traffic controller, with respect to the first session.
  - 7. The method of claim 1, wherein the step of determining that the first data packet is an event of the first event type further comprises determining that the first data packet is traveling from a client to a server.
  - 8. The method of claim 1, wherein the first event identifier is represented by an administrative user via a programming language statement of CLIENT_EVENT.
  - 9. The method of claim 1, further comprising:
    - classifying the first session as being of a first traffic type; and
      
      configuring the first traffic type, when applied to a session, to cause packets of that session to be processed in accordance with a first policy.
  - 10. The method of claim 9, wherein the first policy guarantees a specific amount of bandwidth for forwarding traffic.
  - 11. The method of claim 9, wherein the first policy specifies a maximum amount of bandwidth for forwarding traffic.
  - 12. The method of claim 9, wherein the first policy marks a priority to be used for forwarded traffic.
  - 13. The method of claim 9, wherein the first policy causes packets not to be forwarded.
  - 14. The method of claim 1, wherein the step of determining that the first data packet is an event of the first event type further comprises determining that the first data packet is traveling from a server to a client.
  - 15. The method of claim 14, wherein the first event identifier is represented by an administrative user via a programming language statement of SERVER_EVENT.
  - 16. The method of claim 1, wherein the second collection of traffic classification modules is written in a classification module language.
  - 17. The method of claim 16, wherein the classification module language is based upon Tcl.
  - 18. The method of claim 16, further comprising compiling, at least in part, a first description into a first object-level specification of the second traffic-classification module.
  - 19. The method of claim 18, wherein the compiling is performed only if the interpreting of the first description indicates that the first description is functionally correct.
  - 20. The method of claim 1, wherein at least one module of the second collection of traffic classification modules is written by an administrative user of a client device using a classification module language.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
A10 Networks Incorporated
Original Assignee
A10 Networks Incorporated
Inventors
Oshiba, Dennis Isao
Primary Examiner(s)
Khan, Aftab N.

Application Number

US13/842,372
Publication Number

US 20140269308A1
Time in Patent Office

1,600 Days
Field of Search

709227
US Class Current
CPC Class Codes

H04L 43/028   by filtering

H04L 45/30   Routing of multiclass traffic

H04L 47/20   Traffic policing

H04L 47/2408   for supporting different se...

H04L 47/2441   relying on flow classificat...

System and method for customizing the identification of application or content type

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for customizing the identification of application or content type

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links