System and method of updating modules for application or content identification

US 9,912,555 B2
Filed: 03/15/2013
Issued: 03/06/2018
Est. Priority Date: 03/15/2013
Status: Active Grant

First Claim

Patent Images

1. A method for network traffic control, comprising:

executing, as a result of computing hardware and programmable memory, on a first traffic controller, a traffic control application that includes a first plurality of traffic-classification modules, wherein each module of the first plurality of traffic-classification modules is capable of identifying a traffic type, for association with a session, and the first plurality of traffic-classification modules is separately loadable-from a remainder traffic control application;

identifying, as a result of computing hardware and programmable memory, a first packet, flowing from a source network device to a destination network device, as a subject of traffic-type classification;

identifying, as a result of computing hardware and programmable memory, a first session from the first packet;

applying, as a result of computing hardware and programmable memory, a first traffic-classification module of the first plurality of traffic-classification modules, to the first session, wherein the first traffic controller creates an intra-session saved state, associated with the first session and the first traffic-classification module, as a result of executing a traffic-classification process in accordance with the first traffic-classification module, the intra-session saved state is to be kept across multiple packets of the first session, wherein the first traffic-classification module is applied to the first session having the intra-session saved state until the first session is ended, the plurality of traffic-classification modules being applied to a plurality of sessions having no intra-session saved state with respect to the plurality of traffic-classification modules;

loading, as a result of computing hardware and programmable memory, a second plurality of traffic-classification modules while the first plurality of traffic-classification modules is applied;

applying, as a result of computing hardware and programmable memory, to each session that did not exist before the loading, the second plurality of traffic-classification modules, for purposes of determining whether a traffic type is applicable to the second plurality of traffic-classification modules;

switching, as a result of computing hardware and programmable memory, for each session of the plurality of sessions that existed before the loading and has no intra-session saved state with respect to any module of the first plurality of traffic-classification modules, from the first plurality of traffic-classification modules to the second plurality of traffic-classification modules, thereby unloading the first plurality of traffic-classification modules when the first plurality of traffic-classification modules has no current sessions, for purposes of determining whether a traffic type is applicable to the second plurality of traffic-classification modules; and

upon the switching, unloading, as a result of computing hardware and programmable memory, the first plurality of traffic-classification modules, when an insufficient number of sessions having the intra-session saved state are associated with the first plurality of traffic-classification module.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Expertise, for performing classification of a type of network traffic, can be encapsulated in a module. A set of modules, as currently available to a traffic controller, can be referred to as a collection. An improved process, for updating a collection of modules, is presented. A traffic controller can have two or more locations, each storing a module collection. While an old collection remains active, a new collection can be loaded. Once the new collection is loaded, transitioning can be undertaken, on a session-by-session basis that keeps a traffic controller active, from the old collection to the new collection.

Citations

17 Claims

1. A method for network traffic control, comprising:
- executing, as a result of computing hardware and programmable memory, on a first traffic controller, a traffic control application that includes a first plurality of traffic-classification modules, wherein each module of the first plurality of traffic-classification modules is capable of identifying a traffic type, for association with a session, and the first plurality of traffic-classification modules is separately loadable-from a remainder traffic control application;
  
  identifying, as a result of computing hardware and programmable memory, a first packet, flowing from a source network device to a destination network device, as a subject of traffic-type classification;
  
  identifying, as a result of computing hardware and programmable memory, a first session from the first packet;
  
  applying, as a result of computing hardware and programmable memory, a first traffic-classification module of the first plurality of traffic-classification modules, to the first session, wherein the first traffic controller creates an intra-session saved state, associated with the first session and the first traffic-classification module, as a result of executing a traffic-classification process in accordance with the first traffic-classification module, the intra-session saved state is to be kept across multiple packets of the first session, wherein the first traffic-classification module is applied to the first session having the intra-session saved state until the first session is ended, the plurality of traffic-classification modules being applied to a plurality of sessions having no intra-session saved state with respect to the plurality of traffic-classification modules;
  
  loading, as a result of computing hardware and programmable memory, a second plurality of traffic-classification modules while the first plurality of traffic-classification modules is applied;
  
  applying, as a result of computing hardware and programmable memory, to each session that did not exist before the loading, the second plurality of traffic-classification modules, for purposes of determining whether a traffic type is applicable to the second plurality of traffic-classification modules;
  
  switching, as a result of computing hardware and programmable memory, for each session of the plurality of sessions that existed before the loading and has no intra-session saved state with respect to any module of the first plurality of traffic-classification modules, from the first plurality of traffic-classification modules to the second plurality of traffic-classification modules, thereby unloading the first plurality of traffic-classification modules when the first plurality of traffic-classification modules has no current sessions, for purposes of determining whether a traffic type is applicable to the second plurality of traffic-classification modules; and
  
  upon the switching, unloading, as a result of computing hardware and programmable memory, the first plurality of traffic-classification modules, when an insufficient number of sessions having the intra-session saved state are associated with the first plurality of traffic-classification module.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
- - 2. The method of claim 1, further including the following:
    - applying a first traffic identifier, to the first session, if the first traffic-classification module identifies a first traffic type is associated with the first session.
  - 3. The method of claim 2, further including the following:
    - creating intra-session saved state, associated with the first session and the first module, that blocks further execution of the first traffic-classification module.
  - 4. The method of claim 3, further including the following:
    - switching, for each session that existed before the loading, from the first plurality to the second plurality of traffic-classification modules, for purposes of determining whether a traffic type is applicable to it, each session that has all its intra-session saved state of a type that blocks further execution of a module of the first plurality.
  - 5. The method of claim 2, wherein the first traffic type indicates that the first session is associated with a first type of application software.
  - 6. The method of claim 2, wherein the first traffic type indicates that the first session is associated with a first type of content.
  - 7. The method of claim 2, further including the following:
    - managing usage of bandwidth, by the first session, in accordance with a first policy, wherein the first policy is configured for application to sessions determined to be of the first traffic type.
  - 8. The method of claim 2, further including the following:
    - reporting on usage of bandwidth, by the first session, in accordance with a configuration setup for sessions determined to be of the first traffic type.
  - 9. The method of claim 1, further including the following:
    - updating a first indicator, of a number of sessions associated with the first plurality, each time a session is switched from the first plurality to the second plurality of traffic-classification modules.
  - 10. The method of claim 9, wherein the updating comprises decrementing a first counter.
  - 11. The method of claim 10, further including the following:
    - unloading the first plurality, when the first counter is zero.
  - 12. The method of claim 1, wherein the first session is connectionless.
  - 13. The method of claim 1, further including the following:
    - setting a transition indicator, from the first plurality to the second plurality of traffic-classification modules, upon the loading of the second plurality of traffic classification modules.
  - 14. The method of claim 13, further including the following:
    - resetting the transition indicator, upon the unloading of the first plurality of traffic-classification modules.

15. A system for network traffic control, comprising:
- a sub-system configured, as a result of the computing hardware and programmable memory, to accomplish executing, on a first traffic controller, a traffic control application that includes a first plurality of traffic-classification modules, wherein each module of the first plurality of traffic-classification modules is capable of identifying a traffic type for association with a session, and the first plurality of traffic-classification modules is separately loadable from a remainder traffic control application including at least a second plurality of traffic-classification modules;
  
  a sub-system configured, as a result of the computing hardware and programmable memory, to accomplish identifying a first packet flowing from a source network device to a destination network device, as a subject of traffic-type classification;
  
  a sub-system configured, as a result of the computing hardware and programmable memory, to accomplish identifying a first session from the first packet;
  
  a sub-system configured, as a result of the computing hardware and programmable memory, to accomplish applying a first traffic-classification module, of the first plurality of traffic-classification modules, to the first session, wherein the first traffic controller creates an intra-session saved state associated with the first session and the first traffic-classification module, as a result of executing a traffic-classification process in accordance with the first traffic-classification module, the intra-session saved state is to be kept across multiple packets of the first session, wherein the first traffic-classification module is applied to the first session having the intra-session saved state until the first session is ended, the plurality of traffic-classification modules being applied to a plurality of sessions having no intra-session saved state with respect to the plurality of traffic-classification modules;
  
  a sub-system configured, as a result of the computing hardware and programmable memory, to accomplish loading a second plurality of traffic classification modules while the first plurality of traffic-classification modules is applied;
  
  a sub-system configured, as a result of the computing hardware and programmable memory, to accomplish applying, to each session that did not exist before the loading, the second plurality of traffic-classification modules, for purposes of determining whether a traffic type is applicable to the second plurality of traffic-classification modules;
  
  a sub-system configured, as a result of the computing hardware and programmable memory, to accomplish switching, for each session of the plurality of sessions that existed before the loading and has no intra-session saved state with respect to any module of the first plurality of traffic-classification modules, from the first plurality of traffic-classification modules to the second plurality of traffic-classification modules, thereby unloading the first plurality of traffic-classification modules when the first plurality of traffic-classification modules has no current sessions, for purposes of determining whether a traffic type is applicable to the second plurality of traffic-classification modules; and
  
  a sub-system configured, as a result of the computing hardware and programmable memory, to accomplish, upon the switching, unloading the first plurality of traffic-classification modules, when an insufficient number of sessions having the intra-session saved state are associated with the first plurality of traffic-classification modules.

16. A method for network traffic control, comprising:
- executing, as a result of computing hardware and programmable memory, on a traffic controller, a traffic control application that includes a first plurality of traffic-classification modules, wherein each module of the first plurality of traffic-classification modules is capable of identifying a traffic type for association with a session, and the first plurality of traffic-classification modules is separately loadable from a remainder traffic control application;
  
  applying, as a result of computing hardware and programmable memory, a first traffic-classification module of the first plurality of traffic-classification modules, to the first session, wherein the first traffic controller creates an intra-session saved state, associated with the first session and the first traffic-classification module, as a result of executing a traffic-classification process in accordance with the first traffic-classification module, the intra-session saved state is to be kept across multiple packets of the first session, wherein the first traffic-classification module is applied to the first session having the intra-session saved state until the first session is ended, the plurality of traffic-classification modules being applied to a plurality of sessions having no intra-session saved state with respect to the plurality of traffic-classification modules;
  
  loading, as a result of computing hardware and programmable memory, a second plurality of traffic-classification modules while the first plurality of traffic-classification modules is applied;
  
  applying, as a result of computing hardware and programmable memory, to each session that did not exist before the loading, the second plurality of traffic-classification modules, for purposes of determining whether a traffic type is applicable to the second plurality of traffic-classification modules;
  
  switching, as a result of computing hardware and programmable memory, for each session of the plurality of sessions that existed before the loading and has no intra-session saved state with respect to any module of the first plurality of traffic-classification modules, from the first plurality of traffic-classification modules to the second plurality of traffic-classification modules, thereby unloading the first plurality of traffic-classification modules when the first plurality of traffic-classification modules has no current sessions, for purposes of determining whether a traffic type is applicable to the second plurality of traffic-classification modules; and
  
  upon the switching, unloading, as a result of computing hardware and programmable memory, the first plurality of traffic-classification modules.

17. A system for network traffic control, comprising:
- a sub-system configured, as a result of the computing hardware and programmable memory, to accomplish executing, on a traffic controller, a traffic control application that includes a first plurality of traffic-classification modules, wherein each module of the first plurality of traffic-classification modules is capable of identifying a traffic type for association with a session, and the first plurality of traffic-classification modules is separately loadable from a remainder traffic control application;
  
  a sub-system configured, as a result of the computing hardware and programmable memory, to accomplish applying a first traffic-classification module of the first plurality of traffic-classification modules, to the first session, wherein the first traffic controller creates an intra-session saved state, associated with the first session and the first traffic-classification module, as a result of executing a traffic-classification process in accordance with the first traffic-classification module, the intra-session saved state is to be kept across multiple packets of the first session, wherein the first traffic-classification module is applied to the first session having the intra-session saved state until the first session is ended, the plurality of traffic-classification modules being applied to a plurality of sessions having no intra-session saved state with respect to the plurality of traffic-classification modules;
  
  a sub-system configured, as a result of the computing hardware and programmable memory, to accomplish loading a second plurality of traffic-classification modules while the first plurality of traffic-classification modules is applied;
  
  a sub-system configured, as a result of the computing hardware and programmable memory, to accomplish applying, to each session that did not exist before the loading, the second plurality of traffic-classification modules, for purposes of determining whether a traffic type is applicable to the second plurality of traffic-classification modules;
  
  a sub-system configured, as a result of the computing hardware and programmable memory, to accomplish switching, for each session of the plurality of sessions that existed before the loading and has no intra-session saved state with respect to any module of the first plurality of traffic-classification modules, from the first plurality of traffic-classification modules to the second plurality of traffic-classification modules, thereby unloading the first plurality of traffic-classification modules when the first plurality of traffic-classification modules has no current sessions, for purposes of determining whether a traffic type is applicable to the second plurality of traffic-classification modules;
  
  a sub-system configured, as a result of the computing hardware and programmable memory, to accomplish, upon the switching, unloading the first plurality of traffic-classification modules.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
A10 Networks Incorporated
Original Assignee
A10 Networks Incorporated
Inventors
Oshiba, Dennis Isao
Primary Examiner(s)
Bates, Kevin
Assistant Examiner(s)
KIM, DAE Y

Application Number

US13/842,196
Publication Number

US 20140280832A1
Time in Patent Office

1,817 Days
Field of Search
US Class Current
CPC Class Codes

H04L 43/028   by filtering

H04L 43/04   Processing captured monitor...

H04L 47/2441   relying on flow classificat...

H04L 67/141   Setup of application sessio...

H04L 67/146   Markers for unambiguous ide...

System and method of updating modules for application or content identification

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

17 Claims

Specification

Solutions

Use Cases

Quick Links

System and method of updating modules for application or content identification

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

17 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links