Stateful packet inspection and classification

US 9,860,166 B1
Filed: 12/18/2013
Issued: 01/02/2018
Est. Priority Date: 12/18/2013
Status: Active Grant

First Claim

Patent Images

1. A system, comprising:

a processor configured to;

determine, for a first packet associated with a network traffic flow and originating from an application, a first differentiated services header value (DSHV) to associate with the first packet, wherein the first DSHV is determined based at least in part by determining a context in which the application is used, and wherein determining the context in which the application is used includes evaluating a user identifier associated with an originator of the first packet;

use the first DSHV to perform a lookup of a first quality of service treatment associated with the first DSHV and apply the first quality of service treatment to the first packet;

determine that the context in which the application is used has changed, and in response, determine, for a second packet associated with the network traffic flow originating from the application, a second DSHV to associate with the second packet, wherein the second DSHV is different from the first DSHV;

use the second DSHV to perform a lookup of a second quality of service treatment associated with the second DSHV and apply the second quality of service treatment to the second packet, wherein the first quality of service treatment and the second quality of service treatment are different; and

a memory coupled to the processor and configured to provide the processor with instructions.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Stateful inspection and classification of packets is disclosed. For a first packet associated with a network traffic flow, a differentiated services header value is determined. The differentiated services header value is used to perform a lookup of a quality of service treatment associated with the differentiated services header value. The treatment is applied to the first packet. A return traffic packet is received. A differentiated services header value is written in the header of the return traffic packet.

Citations

20 Claims

1. A system, comprising:
- a processor configured to;
  
  determine, for a first packet associated with a network traffic flow and originating from an application, a first differentiated services header value (DSHV) to associate with the first packet, wherein the first DSHV is determined based at least in part by determining a context in which the application is used, and wherein determining the context in which the application is used includes evaluating a user identifier associated with an originator of the first packet;
  
  use the first DSHV to perform a lookup of a first quality of service treatment associated with the first DSHV and apply the first quality of service treatment to the first packet;
  
  determine that the context in which the application is used has changed, and in response, determine, for a second packet associated with the network traffic flow originating from the application, a second DSHV to associate with the second packet, wherein the second DSHV is different from the first DSHV;
  
  use the second DSHV to perform a lookup of a second quality of service treatment associated with the second DSHV and apply the second quality of service treatment to the second packet, wherein the first quality of service treatment and the second quality of service treatment are different; and
  
  a memory coupled to the processor and configured to provide the processor with instructions.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The system of claim 1 wherein determining the first DSHV includes reading a header.
  - 3. The system of claim 1 wherein determining the context in which the application is used includes evaluating the application that originated the first packet.
  - 4. The system of claim 1 wherein determining the context in which the application is used includes evaluating at least one of a source and a destination associated with the traffic flow.
  - 5. The system of claim 1 wherein the first DSHV comprises a Differentiated Service Code Point value.
  - 6. The system of claim 1 wherein the first DSHV comprises a Type of Service value.
  - 7. The system of claim 1 wherein the processor is further configured to associate the first DSHV with the network traffic flow in a session table.
  - 8. The system of claim 1 wherein the processor is further configured to generate a session record that includes a Differentiated Service Code Point value to be used for the session.
  - 9. The system of claim 1 wherein the processor is further configured to generate a session record that includes a Differentiated Service Code Point value to be used for return traffic.
  - 10. The system of claim 1 wherein the processor is further configured to generate a session record that includes a Quality of Service treatment to be used for the session.
  - 11. The system of claim 1 wherein the processor is further configured to receive a customizable Differentiated Service Code Point profile.
  - 12. The system of claim 1 wherein the first packet is a packet other than an initial packet sent by a device in conjunction with the flow.

13. A method, comprising:
- determining, for a first packet associated with a network traffic flow and originating from an application, a first differentiated services header value (DSHV) to associate with the first packet, wherein the first DSHV is determined based at least in part by determining a context in which the application is used, and wherein determining the context in which the application is used includes evaluating a user identifier associated with an originator of the first packet;
  
  using the first DSHV to perform a lookup of a first quality of service treatment associated with the first DSHV and applying the first quality of service treatment to the first packet;
  
  determining that the context in which the application is used has changed, and in response, determining, for a second packet associated with the network traffic flow originating from the application, a second DSHV to associate with the second packet, wherein the second DSHV is different from the first DSHV; and
  
  using the second DSHV to perform a lookup of a second quality of service treatment associated with the second DSHV and applying the second quality of service treatment to the second packet, wherein the first quality of service treatment and the second quality of service treatment are different.
- View Dependent Claims (14, 15, 16, 17, 18, 19, 20)
- - 14. The method of claim 13 wherein determining the context in which the application is used includes evaluating the application that originated the first packet.
  - 15. The method of claim 13 wherein determining the context in which the application is used includes evaluating at least one of a source and a destination associated with the traffic flow.
  - 16. The method of claim 13 wherein the first DSHV comprises a Differentiated Service Code Point value.
  - 17. The method of claim 13 wherein the first DSHV comprises a Type of Service value.
  - 18. The method of claim 13 further comprising associating the first DSHV with the network traffic flow in a session table.
  - 19. The method of claim 13 further comprising generating a session record that includes a Differentiated Service Code Point value to be used for the session.
  - 20. The method of claim 13 further comprising generating a session record that includes a Differentiated Service Code Point value to be used for return traffic.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Palo Alto Networks Incorporated
Original Assignee
Palo Alto Networks Incorporated
Inventors
Kwan, Philip, Lin, Shu
Primary Examiner(s)
Skripnikov, Alex

Application Number

US14/133,479
Time in Patent Office

1,476 Days
Field of Search

None
US Class Current
CPC Class Codes

H04L 45/74   Address processing for routing

H04L 47/2408   for supporting different se...

H04L 69/22   Parsing or analysis of headers

Stateful packet inspection and classification

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Stateful packet inspection and classification

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links