System and method of updating modules for application or content identification
First Claim
Patent Images
1. A method for network traffic control, comprising:
- executing, as a result of computing hardware and programmable memory, on a first traffic controller, a traffic control application that includes a first plurality of traffic-classification modules, wherein each module of the first plurality of traffic-classification modules is capable of identifying a traffic type, for association with a session, and the first plurality of traffic-classification modules is separately loadable-from a remainder traffic control application;
identifying, as a result of computing hardware and programmable memory, a first packet, flowing from a source network device to a destination network device, as a subject of traffic-type classification;
identifying, as a result of computing hardware and programmable memory, a first session from the first packet;
applying, as a result of computing hardware and programmable memory, a first traffic-classification module of the first plurality of traffic-classification modules, to the first session, wherein the first traffic controller creates an intra-session saved state, associated with the first session and the first traffic-classification module, as a result of executing a traffic-classification process in accordance with the first traffic-classification module, the intra-session saved state is to be kept across multiple packets of the first session, wherein the first traffic-classification module is applied to the first session having the intra-session saved state until the first session is ended, the plurality of traffic-classification modules being applied to a plurality of sessions having no intra-session saved state with respect to the plurality of traffic-classification modules;
loading, as a result of computing hardware and programmable memory, a second plurality of traffic-classification modules while the first plurality of traffic-classification modules is applied;
applying, as a result of computing hardware and programmable memory, to each session that did not exist before the loading, the second plurality of traffic-classification modules, for purposes of determining whether a traffic type is applicable to the second plurality of traffic-classification modules;
switching, as a result of computing hardware and programmable memory, for each session of the plurality of sessions that existed before the loading and has no intra-session saved state with respect to any module of the first plurality of traffic-classification modules, from the first plurality of traffic-classification modules to the second plurality of traffic-classification modules, thereby unloading the first plurality of traffic-classification modules when the first plurality of traffic-classification modules has no current sessions, for purposes of determining whether a traffic type is applicable to the second plurality of traffic-classification modules; and
upon the switching, unloading, as a result of computing hardware and programmable memory, the first plurality of traffic-classification modules, when an insufficient number of sessions having the intra-session saved state are associated with the first plurality of traffic-classification module.
2 Assignments
0 Petitions
Accused Products
Abstract
Expertise, for performing classification of a type of network traffic, can be encapsulated in a module. A set of modules, as currently available to a traffic controller, can be referred to as a collection. An improved process, for updating a collection of modules, is presented. A traffic controller can have two or more locations, each storing a module collection. While an old collection remains active, a new collection can be loaded. Once the new collection is loaded, transitioning can be undertaken, on a session-by-session basis that keeps a traffic controller active, from the old collection to the new collection.
-
Citations
17 Claims
-
1. A method for network traffic control, comprising:
-
executing, as a result of computing hardware and programmable memory, on a first traffic controller, a traffic control application that includes a first plurality of traffic-classification modules, wherein each module of the first plurality of traffic-classification modules is capable of identifying a traffic type, for association with a session, and the first plurality of traffic-classification modules is separately loadable-from a remainder traffic control application; identifying, as a result of computing hardware and programmable memory, a first packet, flowing from a source network device to a destination network device, as a subject of traffic-type classification; identifying, as a result of computing hardware and programmable memory, a first session from the first packet; applying, as a result of computing hardware and programmable memory, a first traffic-classification module of the first plurality of traffic-classification modules, to the first session, wherein the first traffic controller creates an intra-session saved state, associated with the first session and the first traffic-classification module, as a result of executing a traffic-classification process in accordance with the first traffic-classification module, the intra-session saved state is to be kept across multiple packets of the first session, wherein the first traffic-classification module is applied to the first session having the intra-session saved state until the first session is ended, the plurality of traffic-classification modules being applied to a plurality of sessions having no intra-session saved state with respect to the plurality of traffic-classification modules; loading, as a result of computing hardware and programmable memory, a second plurality of traffic-classification modules while the first plurality of traffic-classification modules is applied; applying, as a result of computing hardware and programmable memory, to each session that did not exist before the loading, the second plurality of traffic-classification modules, for purposes of determining whether a traffic type is applicable to the second plurality of traffic-classification modules; switching, as a result of computing hardware and programmable memory, for each session of the plurality of sessions that existed before the loading and has no intra-session saved state with respect to any module of the first plurality of traffic-classification modules, from the first plurality of traffic-classification modules to the second plurality of traffic-classification modules, thereby unloading the first plurality of traffic-classification modules when the first plurality of traffic-classification modules has no current sessions, for purposes of determining whether a traffic type is applicable to the second plurality of traffic-classification modules; and upon the switching, unloading, as a result of computing hardware and programmable memory, the first plurality of traffic-classification modules, when an insufficient number of sessions having the intra-session saved state are associated with the first plurality of traffic-classification module. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
-
-
15. A system for network traffic control, comprising:
-
a sub-system configured, as a result of the computing hardware and programmable memory, to accomplish executing, on a first traffic controller, a traffic control application that includes a first plurality of traffic-classification modules, wherein each module of the first plurality of traffic-classification modules is capable of identifying a traffic type for association with a session, and the first plurality of traffic-classification modules is separately loadable from a remainder traffic control application including at least a second plurality of traffic-classification modules; a sub-system configured, as a result of the computing hardware and programmable memory, to accomplish identifying a first packet flowing from a source network device to a destination network device, as a subject of traffic-type classification; a sub-system configured, as a result of the computing hardware and programmable memory, to accomplish identifying a first session from the first packet; a sub-system configured, as a result of the computing hardware and programmable memory, to accomplish applying a first traffic-classification module, of the first plurality of traffic-classification modules, to the first session, wherein the first traffic controller creates an intra-session saved state associated with the first session and the first traffic-classification module, as a result of executing a traffic-classification process in accordance with the first traffic-classification module, the intra-session saved state is to be kept across multiple packets of the first session, wherein the first traffic-classification module is applied to the first session having the intra-session saved state until the first session is ended, the plurality of traffic-classification modules being applied to a plurality of sessions having no intra-session saved state with respect to the plurality of traffic-classification modules; a sub-system configured, as a result of the computing hardware and programmable memory, to accomplish loading a second plurality of traffic classification modules while the first plurality of traffic-classification modules is applied; a sub-system configured, as a result of the computing hardware and programmable memory, to accomplish applying, to each session that did not exist before the loading, the second plurality of traffic-classification modules, for purposes of determining whether a traffic type is applicable to the second plurality of traffic-classification modules; a sub-system configured, as a result of the computing hardware and programmable memory, to accomplish switching, for each session of the plurality of sessions that existed before the loading and has no intra-session saved state with respect to any module of the first plurality of traffic-classification modules, from the first plurality of traffic-classification modules to the second plurality of traffic-classification modules, thereby unloading the first plurality of traffic-classification modules when the first plurality of traffic-classification modules has no current sessions, for purposes of determining whether a traffic type is applicable to the second plurality of traffic-classification modules; and a sub-system configured, as a result of the computing hardware and programmable memory, to accomplish, upon the switching, unloading the first plurality of traffic-classification modules, when an insufficient number of sessions having the intra-session saved state are associated with the first plurality of traffic-classification modules.
-
-
16. A method for network traffic control, comprising:
-
executing, as a result of computing hardware and programmable memory, on a traffic controller, a traffic control application that includes a first plurality of traffic-classification modules, wherein each module of the first plurality of traffic-classification modules is capable of identifying a traffic type for association with a session, and the first plurality of traffic-classification modules is separately loadable from a remainder traffic control application; applying, as a result of computing hardware and programmable memory, a first traffic-classification module of the first plurality of traffic-classification modules, to the first session, wherein the first traffic controller creates an intra-session saved state, associated with the first session and the first traffic-classification module, as a result of executing a traffic-classification process in accordance with the first traffic-classification module, the intra-session saved state is to be kept across multiple packets of the first session, wherein the first traffic-classification module is applied to the first session having the intra-session saved state until the first session is ended, the plurality of traffic-classification modules being applied to a plurality of sessions having no intra-session saved state with respect to the plurality of traffic-classification modules; loading, as a result of computing hardware and programmable memory, a second plurality of traffic-classification modules while the first plurality of traffic-classification modules is applied; applying, as a result of computing hardware and programmable memory, to each session that did not exist before the loading, the second plurality of traffic-classification modules, for purposes of determining whether a traffic type is applicable to the second plurality of traffic-classification modules; switching, as a result of computing hardware and programmable memory, for each session of the plurality of sessions that existed before the loading and has no intra-session saved state with respect to any module of the first plurality of traffic-classification modules, from the first plurality of traffic-classification modules to the second plurality of traffic-classification modules, thereby unloading the first plurality of traffic-classification modules when the first plurality of traffic-classification modules has no current sessions, for purposes of determining whether a traffic type is applicable to the second plurality of traffic-classification modules; and upon the switching, unloading, as a result of computing hardware and programmable memory, the first plurality of traffic-classification modules.
-
-
17. A system for network traffic control, comprising:
-
a sub-system configured, as a result of the computing hardware and programmable memory, to accomplish executing, on a traffic controller, a traffic control application that includes a first plurality of traffic-classification modules, wherein each module of the first plurality of traffic-classification modules is capable of identifying a traffic type for association with a session, and the first plurality of traffic-classification modules is separately loadable from a remainder traffic control application; a sub-system configured, as a result of the computing hardware and programmable memory, to accomplish applying a first traffic-classification module of the first plurality of traffic-classification modules, to the first session, wherein the first traffic controller creates an intra-session saved state, associated with the first session and the first traffic-classification module, as a result of executing a traffic-classification process in accordance with the first traffic-classification module, the intra-session saved state is to be kept across multiple packets of the first session, wherein the first traffic-classification module is applied to the first session having the intra-session saved state until the first session is ended, the plurality of traffic-classification modules being applied to a plurality of sessions having no intra-session saved state with respect to the plurality of traffic-classification modules; a sub-system configured, as a result of the computing hardware and programmable memory, to accomplish loading a second plurality of traffic-classification modules while the first plurality of traffic-classification modules is applied; a sub-system configured, as a result of the computing hardware and programmable memory, to accomplish applying, to each session that did not exist before the loading, the second plurality of traffic-classification modules, for purposes of determining whether a traffic type is applicable to the second plurality of traffic-classification modules; a sub-system configured, as a result of the computing hardware and programmable memory, to accomplish switching, for each session of the plurality of sessions that existed before the loading and has no intra-session saved state with respect to any module of the first plurality of traffic-classification modules, from the first plurality of traffic-classification modules to the second plurality of traffic-classification modules, thereby unloading the first plurality of traffic-classification modules when the first plurality of traffic-classification modules has no current sessions, for purposes of determining whether a traffic type is applicable to the second plurality of traffic-classification modules; a sub-system configured, as a result of the computing hardware and programmable memory, to accomplish, upon the switching, unloading the first plurality of traffic-classification modules.
-
Specification