Processing data packets using a policy based network path

US 10,659,354 B2
Filed: 06/04/2018
Issued: 05/19/2020
Est. Priority Date: 03/15/2013
Status: Active Grant

First Claim

Patent Images

1. A system for processing a data packet using a policy-based network path, the system comprising:

a policy enforcing point that;

receives, from a client, the data packet associated with a service session, the policy enforcing point being associated with a plurality of network application appliances configured to process data packets;

determines data packet information associated with the data packet;

based on the data packet information and one or more packet processing criteria, selects the policy-based network path for the data packet from a database storing the one or more packet processing criteria and a plurality of policy-based network paths, the policy-based network path including an order list of the plurality of network application appliances associated with a plurality of policy enforcing points;

based on the order list of the plurality of network application appliances, sends the data packet to a first network application appliance of the order list of the plurality of network application appliances, the first network application appliance being associated with the policy enforcing point;

receives the data packet back from the first network application appliance upon processing the data packet by the network application appliance;

based on the determination of the policy-based network path, generates a further data packet by encapsulating the data packet and the policy-based network path into the further data packet; and

routes the further data packet to a further policy enforcing point of the plurality of policy enforcing points in the policy-based network path, wherein the further policy enforcing point determines the policy-based network path by retrieving the policy-based network path from the further data packet; and

the database configured to store the plurality of policy-based network paths.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Provided are methods and systems for processing data packets in a data network using a policy-based network path. The method may commence with receiving the data packet associated with a service session from a client. The method may continue with determining data packet information associated with the data packet. The method may further include determining the policy-based network path for the data packet based on the data packet information and one or more packet processing criteria. The method may continue with routing, based on the determination of the policy-based network path, the data packet along the policy-based network path.

1 Citation

19 Claims

1. A system for processing a data packet using a policy-based network path, the system comprising:
- a policy enforcing point that;
  
  receives, from a client, the data packet associated with a service session, the policy enforcing point being associated with a plurality of network application appliances configured to process data packets;
  
  determines data packet information associated with the data packet;
  
  based on the data packet information and one or more packet processing criteria, selects the policy-based network path for the data packet from a database storing the one or more packet processing criteria and a plurality of policy-based network paths, the policy-based network path including an order list of the plurality of network application appliances associated with a plurality of policy enforcing points;
  
  based on the order list of the plurality of network application appliances, sends the data packet to a first network application appliance of the order list of the plurality of network application appliances, the first network application appliance being associated with the policy enforcing point;
  
  receives the data packet back from the first network application appliance upon processing the data packet by the network application appliance;
  
  based on the determination of the policy-based network path, generates a further data packet by encapsulating the data packet and the policy-based network path into the further data packet; and
  
  routes the further data packet to a further policy enforcing point of the plurality of policy enforcing points in the policy-based network path, wherein the further policy enforcing point determines the policy-based network path by retrieving the policy-based network path from the further data packet; and
  
  the database configured to store the plurality of policy-based network paths.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The system of claim 1, wherein the data packet information includes one or more of the following:
    - information associated with content of the data packet, information associated with one or more prior data packets of the session, and further information obtained from a network computer.
  - 3. The system of claim 1, wherein the data packet information includes one or more of the following:
    - a Media Access Control (MAC) address, a network interface number, a source Internet Protocol (IP) address, a destination IP address, a source Transmission Control Protocol (TCP)/User Datagram Protocol (UDP) port, a destination TCP/UDP port, a TCP/UDP option, a Uniform Resource Locator (URL), cookie information, a Domain Name System (DNS) identity, a service session identity, a receiving time of the data packet, an error code, a document file name, and a command string.
  - 4. The system of claim 1, wherein each of the plurality of policy enforcing points is in communication with at least one network application appliance of the plurality of network application appliances, the data packet being routed through the plurality of policy enforcing points according to the order list.
  - 5. The system of claim 1, wherein the policy enforcing point is configured to examine the policy-based network path, select a next policy enforcing point on the policy-based network path, and forward the data packet to the next policy enforcing point.
  - 6. The system of claim 1, wherein the policy enforcing point is further configured to:
    - send the further data packet to a next policy enforcing point, the further data packet including the data packet and the policy-based network path.
  - 7. The system of claim 6, wherein the policy enforcing point encapsulates the policy-based network path into a protocol header of the further data packet.
  - 8. The system of claim 1, wherein the policy enforcing point further:
    - establishes a tunneling communication session; and
      
      wherein the further data packet is adopted for the tunneling communication session.

9. A computer-implemented method for processing a data packet using a policy-based network path, the method comprising:
- receiving from a client, by a policy enforcing point, the data packet associated with a service session, the policy enforcing point being associated with a plurality of network application appliances configured to process data packets;
  
  determining, by the policy enforcing point, data packet information associated with the data packet;
  
  based on the data packet information and one or more packet processing criteria, selecting, by the policy enforcing point, the policy-based network path for the data packet from a database storing the one or more packet processing criteria and a plurality of policy-based network paths, the policy-based network path including an order list of the plurality of network application appliances associated with a plurality of policy enforcing points;
  
  based on the order list of the plurality of network application appliances, sending, by the policy enforcing point, the data packet to a first network application appliance of the order list of the plurality of network application appliances, the first network application appliance being associated with the policy enforcing point;
  
  receiving, by the policy enforcing point, the data packet back from the first network application appliance upon processing the data packet by the network application appliance;
  
  based on the determination of the policy-based network path, generating a further data packet by encapsulating the data packet and the policy-based network path into the further data packet; and
  
  routing, by the policy enforcing point, the further data packet to a further policy enforcing point of the plurality of policy enforcing points in the policy-based network path, wherein the further policy enforcing point determines the policy-based network path by retrieving the policy-based network path from the further data packet.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16, 17, 18)
- - 10. The computer-implemented method of claim 9, wherein the data packet information includes one or more of the following:
    - information associated with content of the data packet, information associated with one or more prior data packet of the session, and further information obtained from a network computer.
  - 11. The computer-implemented method of claim 9, wherein the data packet information includes one or more of the following:
    - a Media Access Control (MAC) address, a network interface number, a source Internet Protocol (IP) address, a destination IP address, a source Transmission Control Protocol (TCP)/User Datagram Protocol (UDP) port, a destination TCP/UDP port, a TCP/UDP option, a Uniform Resource Locator (URL), cookie information, a Domain Name System (DNS) identity, a service session identity, a receiving time of the data packet, an error code, a document file name, and a command string.
  - 12. The computer-implemented method of claim 9, wherein each of the plurality of policy enforcing points is in communication with at least one network application appliance of the plurality of network application appliances, the data packet being routed by the policy enforcing point through the plurality of policy enforcing points according to the order list.
  - 13. The computer-implemented method of claim 9, further comprising:
    - examining, by the policy enforcing point, the policy-based network path;
      
      selecting, by the policy enforcing point, a next policy enforcing point on the policy-based network path; and
      
      forwarding, by the policy enforcing point, the data packet to the next policy enforcing point.
  - 14. The computer-implemented method of claim 9, further comprising:
    - sending the further data packet to a next policy enforcing point, the further data packet including the data packet and the policy-based network path.
  - 15. The computer-implemented method of claim 9, further comprising encapsulating, by the policy enforcing point, the policy-based network path into a protocol header of the further data packet.
  - 16. The computer-implemented method of claim 9, further comprising:
    - establishing, by the policy enforcing point, a tunneling communication session; and
      
      generating, by the policy enforcing point, a new data packet adapted for the tunneling communication session, the new data packet incorporating the data packet.
  - 17. The computer-implemented method of claim 9, wherein the data packet is sent to a next policy enforcing point in a further communication session.
  - 18. The computer-implemented method of claim 9, further comprising sending, by the policy enforcing point, the policy-based network path to a next policy enforcing point prior to sending the data packet to the next policy enforcing point.

19. A system for processing a data packet using a policy-based network path, the system comprising:
- a policy enforcing point that;
  
  receives, from a client, the data packet associated with a service session, the policy enforcing point being associated with a plurality of network application appliances configured to process data packets;
  
  determines data packet information associated with the data packet;
  
  based on the data packet information and one or more packet processing criteria, selects the policy-based network path for the data packet from a database storing the one or more packet processing criteria and a plurality of policy-based network paths, wherein the policy-based network path includes an order list of the plurality of network application appliances associated with a plurality of policy enforcing points, each of the plurality of policy enforcing points being in communication with at least one network application appliance of the plurality of network application appliances;
  
  based on the order list of the plurality of network application appliances, sends the data packet to a first network application appliance of the order list of the plurality of network application appliances, the first network application appliance being associated with the policy enforcing point;
  
  receives the data packet back from the first network application appliance upon processing the data packet by the network application appliance; and
  
  based on the determination of the policy-based network path, generates a further data packet by encapsulating the data packet and the policy-based network path into the further data packet; and
  
  routes the further data packet to a further policy enforcing point of the plurality of policy enforcing points in the policy-based network path, the further data packet being routed through the plurality of policy enforcing points according to the order list, wherein the further policy enforcing point determines the policy-based network path by retrieving the policy-based network path from the further data packet; and
  
  the database configured to store the plurality of policy-based network paths.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
A10 Networks Incorporated
Original Assignee
A10 Networks Incorporated
Inventors
Jalan, Rajkumar, Kamat, Gurudeep
Primary Examiner(s)
Ly, Anh Vu H
Assistant Examiner(s)
Reyes, Hector

Application Number

US15/997,446
Publication Number

US 20180287937A1
Time in Patent Office

715 Days
Field of Search
US Class Current
CPC Class Codes

H04L 45/306   Route determination based o...

H04L 45/38   Flow based routing

H04L 45/66   Layer 2 routing, e.g. in Et...

H04L 45/72   Routing based on the source...

Processing data packets using a policy based network path

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

1 Citation

19 Claims

Specification

Solutions

Use Cases

Quick Links

Processing data packets using a policy based network path

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

1 Citation

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links