Incremental application of resources to network traffic flows based on heuristics and business policies
First Claim
1. A system comprising:
- a data collection module configured to collect data belonging to a plurality of traffic flows from a plurality of routers;
a controller; and
an analytics module configured to;
received data from the data collection module,retrieve from a policy data base a set of policy rules for a traffic flow among the plurality of traffic flows,determine if any data packets belonging to the traffic flow matches a first policy rule within the set of policy rules,in response to determining that the traffic flow satisfies the first policy rule, send policy compliance information about the traffic flow to the controller,wherein the controller is configured to;
receive policy compliance information about the plurality of traffic flows from the analytics module, andin response to receiving policy compliance information about the traffic flow from the analytics module, configure one or more routers to transmit a first portion of the traffic flow to a network service providerin response to determining that the traffic flow satisfies a second policy rule, send a request to receive a second portion of the traffic flow, wherein the second portion of the traffic flow comprises a larger amount of information than the first portion of the traffic flow; and
in response to receiving the second portion of the traffic flow, inspect the second portion of the traffic flow at a second level of detail, wherein the inspecting at the second level of detail requires a different amount of computing resources than the inspecting the first portion of the traffic at the first level of detail.
2 Assignments
0 Petitions
Accused Products
Abstract
Disclosed herein are system, method, and computer program product embodiments for increasingly applying network resources to traffic flows based on heuristics and policy conditions. A network determines that a traffic flow satisfies a first condition and transmits a first portion of the traffic flow to a network service. A network service then inspects the first portion of the traffic flow at a first level of detail and determines that the traffic flow satisfies a second condition. The network can then transmit a second portion of the traffic flow to the network service based on the determining the traffic flow satisfies the second condition. The network service can inspect the second portion of the traffic flow at a second level of detail, wherein the inspecting at the second level of detail requires a different amount of computing resources than the inspecting at the first level of detail.
-
Citations
20 Claims
-
1. A system comprising:
-
a data collection module configured to collect data belonging to a plurality of traffic flows from a plurality of routers; a controller; and an analytics module configured to; received data from the data collection module, retrieve from a policy data base a set of policy rules for a traffic flow among the plurality of traffic flows, determine if any data packets belonging to the traffic flow matches a first policy rule within the set of policy rules, in response to determining that the traffic flow satisfies the first policy rule, send policy compliance information about the traffic flow to the controller, wherein the controller is configured to; receive policy compliance information about the plurality of traffic flows from the analytics module, and in response to receiving policy compliance information about the traffic flow from the analytics module, configure one or more routers to transmit a first portion of the traffic flow to a network service provider in response to determining that the traffic flow satisfies a second policy rule, send a request to receive a second portion of the traffic flow, wherein the second portion of the traffic flow comprises a larger amount of information than the first portion of the traffic flow; and in response to receiving the second portion of the traffic flow, inspect the second portion of the traffic flow at a second level of detail, wherein the inspecting at the second level of detail requires a different amount of computing resources than the inspecting the first portion of the traffic at the first level of detail. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A network service provider configured to:
-
receive a first portion of a traffic flow; inspect the first portion of the traffic flow at a first level of detail based on a first condition; determine, based on the inspecting, that the traffic flow satisfies a second condition; in response to determining that the traffic flow satisfies the second condition, send a request to receive a second portion of the traffic flow, wherein the second portion of the traffic flow comprises a larger amount of information than the first portion of the traffic flow; and in response to receiving the second portion of the traffic flow, inspect the second portion of the traffic flow at a second level of detail, wherein the inspecting at the second level of detail requires a different amount of computing resources than the inspecting at the first level of detail. - View Dependent Claims (8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
-
-
18. A non-transitory computer-readable medium having instructions stored thereon that, when executed by at least one computing device, causes the at least one computing device to perform operations comprising:
-
(a) receiving a plurality of data packets belonging to a plurality of traffic flows; (b) retrieving a set of policy rules for a traffic flow among the plurality of traffic flows from a policy data base; (c) determining if any of the data packets belonging to the traffic flow matches a first policy rule within the set of policy rules; (d) sending policy compliance information to a controller in response to determining in (c); (e) in response to receiving policy compliance information about the traffic flow, configuring one or more routers to transmit a first portion of the traffic flow to a network service provider; and in response to determining that the traffic flow satisfies a second policy rule, send a request to receive a second portion of the traffic flow, wherein the second portion of the traffic flow comprises a larger amount of information than the first portion of the traffic flow; and in response to receiving the second portion of the traffic flow, inspect the second portion of the traffic flow at a second level of detail, wherein inspecting at the second level of detail requires a different amount of computing resources than inspecting the first portion of the traffic at a first level of detail. - View Dependent Claims (19, 20)
-
Specification