Data flow segment optimized for hot flows

US 9,762,492 B2
Filed: 04/08/2016
Issued: 09/12/2017
Est. Priority Date: 05/01/2012
Status: Active Grant

First Claim

Patent Images

1. A method for managing connection flows over a network with a traffic management device (TMD) that includes one or more processors, wherein execution of logic by the one or more processors performs actions, comprising:

employing one or more control segment (CS) components to perform actions, including;

generating one or more connection flow metrics based on one or more received network packets for one or more managed connection flows; and

employing the one or more connection flow metrics to determine one or more hot connection flows in the managed connection flows based on a predicted capacity of the one or more CS components, wherein a percentile of the connection flows are identified as the one or more hot connection flows; and

employing one or more data flow segment (DFS) components to perform actions, including maintaining packet level flow handling for one or more of the connection flows.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Embodiments are directed towards improving the performance of network traffic management devices by optimizing the management of hot connection flows. A packet traffic management device (“PTMD”) may employ a data flow segment (“DFS”) and control segment (“CS”). The CS may perform high-level control functions and per-flow policy enforcement for connection flows maintained at the DFS, while the DFS may perform statistics gathering, per-packet policy enforcement (e.g., packet address translations), or the like, on connection flows maintained at the DFS. The DFS may include high-speed flow caches and other high-speed components that may be comprised of high-performance computer memory. Making efficient use of the high speed flow cache capacity may be improved by maximizing the number of hot connection flows and minimizing the number of malicious and/or in-operative connections flows (e.g., non-genuine flows) that may have flow control data stored in the high-speed flow cache.

111 Citations

20 Claims

1. A method for managing connection flows over a network with a traffic management device (TMD) that includes one or more processors, wherein execution of logic by the one or more processors performs actions, comprising:
- employing one or more control segment (CS) components to perform actions, including;
  
  generating one or more connection flow metrics based on one or more received network packets for one or more managed connection flows; and
  
  employing the one or more connection flow metrics to determine one or more hot connection flows in the managed connection flows based on a predicted capacity of the one or more CS components, wherein a percentile of the connection flows are identified as the one or more hot connection flows; and
  
  employing one or more data flow segment (DFS) components to perform actions, including maintaining packet level flow handling for one or more of the connection flows.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, further comprising:
    - when a flow cache that is at less than full capacity and the one or more DFS components receive new flow control data for a flow connection from the one or more CS components, inserting the new flow control data in the flow cache; and
      
      when the flow cache is at full capacity and the new flow control data is received by the one or more DFS components, employing the one or more DFS components to insert the new flow control data into the flow cache and remove flow control data for another flow connection from the flow cache, wherein an evict message is sent to the one or more CS components.
  - 3. The method of claim 1, further comprising:
    - when the one or more CS components receive an evict message for flow control data from the one or more DFS components, performing actions, including;
      
      when a flow connection is closed and corresponds to the flow control data, discarding the flow control data that corresponds to the closed flow connection at the one or more CS components; and
      
      when the flow connection is open and corresponds to the flow control data, transferring the managing of the open flow connection to the one or more CS components from the one or more DFS components.
  - 4. The method of claim 1, wherein generating the at least one connection flow metric further comprises, examining contents of one or more received network packets to identify at one or more of a data pattern, or meta data that indicates when one or more of the connection flows is a hot connection flow.
  - 5. The method of claim 1, further comprising:
    - when the managed connection flows exceeds a capacity of the one or more DFS components, determining each hot connection flow handled by the one or more DFS components; and
      
      sorting a ranked ordering of the managed connection flows based on a total amount of data exchanged over a time interval.
  - 6. The method of claim 1, wherein employing the one or more connection flow metrics further comprises:
    - determining a median bit-rate of data communicated for one or more connection flows handled by the one or more CS components; and
      
      employing the median bit-rate of data communicated for the one or more connection flows and at least a bit-rate capacity of the one or more CS components to estimate a maximum number of connection flows for the one or more CS components.
  - 7. The method of claim 1, wherein determining each hot connection flow to be handled by the one or more DFS components based on a total amount of data communicated over a time interval, wherein N number of connection flows having a top total amount of data communicated over the time interval are identified as hot connection flows.

8. A traffic management computer (TMC) that includes a plurality of components to manage connection flows over a network, wherein the TMC employs one or more processors to execute logic that performs actions, comprising:
- employing one or more control segment (CS) components to perform actions, including;
  
  generating one or more connection flow metrics based on one or more received network packets for one or more managed connection flows; and
  
  employing the one or more connection flow metrics to determine one or more hot connection flows in the managed connection flows based on a predicted capacity of the one or more CS components, wherein a percentile of the connection flows are identified as the one or more hot connection flows; and
  
  employing one or more data flow segment (DFS) components to perform actions, including maintaining packet level flow handling for one or more of the connection flows.
- View Dependent Claims (9, 10, 11, 12)
- - 9. The TMC of claim 8, performs further actions comprising:
    - when a flow cache that is at less than full capacity and the one or more DFS components receive new flow control data for a flow connection from the one or more CS components, inserting the new flow control data in the flow cache; and
      
      when the flow cache is at full capacity and the new flow control data is received by the one or more DFS components, employing the one or more DFS components to insert the new flow control data into the flow cache and remove flow control data for another flow connection from the flow cache, wherein an evict message is sent to the one or more CS components.
  - 10. The TMC of claim 8, performs further actions comprising:
    - when the one or more CS components receive an evict message for flow control data from the one or more DFS components, performing actions, including;
      
      when a flow connection is closed and corresponds to the flow control data, discarding the flow control data that corresponds to the closed flow connection at the one or more CS components; and
      
      when the flow connection is open and corresponds to the flow control data, transferring the managing of the open flow connection to the one or more CS components from the one or more DFS components.
  - 11. The TMC of claim 8, wherein generating the at least one connection flow metric further comprises, examining contents of one or more received network packets to identify at one or more of a data pattern, or meta data that indicates when one or more of the connection flows is a hot connection flow.
  - 12. The TMC of claim 8, performs further actions comprising:
    - when the managed connection flows exceeds a capacity of the one or more DFS components, determining each hot connection flow handled by the one or more DFS components; and
      
      sorting a ranked ordering of the managed connection flows based on a total amount of data exchanged over a time interval.

13. A system that includes a plurality of components to manage connection flows over a network, wherein the system employs one or more processors to execute logic that performs actions, comprising:
- one or more control segment (CS) components that perform actions, including;
  
  generating one or more connection flow metrics based on one or more received network packets for one or more managed connection flows; and
  
  employing the one or more connection flow metrics to determine one or more hot connection flows in the managed connection flows based on a predicted capacity of the one or more CS components, wherein a percentile of the connection flows are identified as the one or more hot connection flows; and
  
  one or more data flow segment (DFS) components to perform actions, including maintaining packet level flow handling for one or more of the connection flows.
- View Dependent Claims (14, 15, 16, 17, 18, 19, 20)
- - 14. The system of claim 13, performs further actions comprising:
    - when a flow cache that is at less than full capacity and the one or more DFS components receive new flow control data for a flow connection from the one or more CS components, inserting the new flow control data in the flow cache; and
      
      when the flow cache is at full capacity and the new flow control data is received by the one or more DFS components, employing the one or more DFS components to insert the new flow control data into the flow cache and remove flow control data for another flow connection from the flow cache, wherein an evict message is sent to the one or more CS components.
  - 15. The system of claim 13, performs further actions comprising:
    - when the one or more CS components receive an evict message for flow control data from the one or more DFS components, performing actions, including;
      
      when a flow connection is closed and corresponds to the flow control data, discarding the flow control data that corresponds to the closed flow connection at the one or more CS components; and
      
      when the flow connection is open and corresponds to the flow control data, transferring the managing of the open flow connection to the one or more CS components from the one or more DFS components.
  - 16. The system of claim 13, wherein generating the at least one connection flow metric further comprises, examining contents of one or more received network packets to identify at one or more of a data pattern, or meta data that indicates when one or more of the connection flows is a hot connection flow.
  - 17. The system of claim 13, performs further actions comprising:
    - when the managed connection flows exceeds a capacity of the one or more DFS components, determining each hot connection flow handled by the one or more DFS components; and
      
      sorting a ranked ordering of the managed connection flows based on a total amount of data exchanged over a time interval.
  - 18. The system of claim 13, wherein employing the one or more connection flow metrics further comprises:
    - determining a median bit-rate of data communicated for one or more connection flows handled by the one or more CS components; and
      
      employing the median bit-rate of data communicated for the one or more connection flows and at least a bit-rate capacity of the one or more CS components to estimate a maximum number of connection flows for the one or more CS components.
  - 19. The system of claim 13, wherein determining each hot connection flow to be handled by the one or more DFS components based on a total amount of data communicated over a time interval, wherein N number of connection flows having a top total amount of data communicated over the time interval are identified as hot connection flows.
  - 20. The system of claim 13, wherein the one or more CS components perform further actions, comprising:
    - dividing each connection flow into an upload portion and a download portion;
      
      generating separate connection flow metrics for each upload portion and each download portion of each of the managed connection flows;
      
      employing each connection flow metric to determine each hot download portion and each hot upload portion of the managed connection flows;
      
      determining each hot upload portion and each download portion of the managed connection flows to be handled by the one or more DFS components; and
      
      employing the one or more DFS components to handle each determined hot upload portion and each download portion of the managed connection flows.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
F5 Networks, Inc. (F5 Incorporated)
Original Assignee
F5 Networks, Inc. (F5 Incorporated)
Inventors
Szabo, Paul Imre, Thornewell, Peter M., Michels, Timothy Scott
Primary Examiner(s)
Kao, Jutai

Application Number

US15/094,869
Publication Number

US 20160323185A1
Time in Patent Office

522 Days
Field of Search
US Class Current
CPC Class Codes

H04L 45/38   Flow based routing

H04L 45/64   using an overlay routing layer

H04L 47/10   Flow control; Congestion co...

H04L 47/12   Avoiding congestion; Recove...

H04L 67/1001   for accessing one among a p...

H04L 69/169   Special adaptations of TCP,...

H04L 69/22   Parsing or analysis of headers

Data flow segment optimized for hot flows

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

111 Citations

20 Claims

Specification

Use Cases

Quick Links

Others

Data flow segment optimized for hot flows

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

111 Citations

20 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others