Apparatus and method for wire-speed classification and...

Multiplex communications – Data flow congestion prevention or control – Flow control of data transmission through a network

Reexamination Certificate

Rate now

  [ 0.00 ] – not rated yet Voters 0   Comments 0

Details

C370S229000, C370S389000, C370S400000, C370S411000, C370S230000

Reexamination Certificate

active

06831893

ABSTRACT:

FIELD OF THE INVENTION
The present invention relates to an apparatus that monitors data packets transmitted on a data network and processes the data packets. More particularly, the present invention relates to an apparatus that classifies the data packets, associates the classified data packets with a particular data flow, and processes the classified data packets via a particular packet processor that corresponds to the particular data flow. The apparatus is further optimized to operate at wire speeds. Furthermore, the present invention relates to a method employed by the apparatus.
BACKGROUND OF THE INVENTION
In a digital communication network (e.g. the internet, wide area network (“WAN”), local area network (“LAN”), etc.), data packets are transmitted over the network between a source computer (e.g. a personal computer, router, server, etc.) and a destination computer (e.g. a personal computer, router, server, etc.). Furthermore, in a network that is capable of full duplex communications, data packets can be simultaneously transmitted from the source computer to the destination computer and from the destination computer to the source computer over the same data path or channel. The transmission of data from the source computer to the destination computer is typically referred to as a “downstream” transmission of the data packets. Conversely, the transmission of data from the destination computer to the source computer is generally referred to as an “upstream” transmission.
Typically, data networks contain a relatively large number of computers, and each of the computers can operate as both a source computer and a destination computer. For example, in one instance, a particular computer in the network may perform an operation and output data to another computer in the network. In such a situation, the particular computer acts as a source computer. However, in another instance, the particular computer may receive data from another computer in the system, and in such a situation, the particular computer acts as a destination computer.
Often, each of the computers in the network forms at least part of a “node” of the network, and data is transferred among the various nodes by transmitting data packets among the computers. For example, a first computer located at a first node may run a first application program that generates first data to be subsequently processed by a second computer at a second node. In order to transfer the first data to the second computer so that it can be processed, the first computer divides the first data into a plurality of data segments and forms one or more data packets corresponding to each of the data segments. Then, the data packets are transmitted downstream from the first computer to the second computer. After the second computer receives the data packets, it may respond by sending a corresponding confirmation packet upstream to the first computer. Also, if the network is capable of full duplex communications, the second computer may simultaneously transmit data packets upstream to the first computer when the first computer is transmitting data packets downstream to the second computer.
Each of the data packets transmitted from the first computer to the second computer (and transmitted from the second computer to the first computer) typically contains a data packet header. The header often includes data that identifies the type of data contained in the data packet, the source computer from which the data packet was transmitted, the intended destination computer of the data packet, etc. An example of a data packet header is illustrated in FIG.
1
.
As shown in the figure, the header HDR comprises a source internet protocol (“IP”) address field
100
, a destination IP address field
110
, a protocol field
120
, a source port field
130
, and a destination port field
140
. The source IP address field
100
contains a 32-bit source IP address that identifies the source computer transmitting the data packet. The destination IP address field
110
contains a 32-bit destination address that identifies the intended destination computer of the data packet. The protocol field
120
contains eight bits of protocol data that identify the data format and/or the transmission format of the data contained in the data packet. The source port field
130
includes sixteen bits of data that identify the computer port that physically outputs the data packet, and the destination port field
140
contains sixteen bits of data that represent the computer port that is supposed to input the data packet.
When data packets are transmitted over the network from the source computer to the destination computer, they are input by various network components that process the data packets and direct them to the appropriate destination computer. Such network components may be included in the destination computer and/or may be contained in an intermediate computer that processes the data as it is being transmitted from the source computer to the destination computer. If the data packets can be quickly and efficiently processed and routed between the various nodes of the network, the operation of the entire network is enhanced. For example, by quickly and efficiently transmitting data packets to the destination computer, the quality of real-time applications such as internet video conferencing and internet voice conferencing is improved. Also, the network components can quickly process the data packets to determine if they are authorized to be transmitted to the destination computer, and if they are not, the network components discard the data packets. As a result, the security of the network is greatly enhanced.
Before processing a data packet, a network component must “classify” the data packet according to various characteristics of the data packet and/or the data contained in the packet. Then, the network component processes the data packet based on its classification. Furthermore, the classification of the data packet enables the data packet to be associated with the other data packets belonging to a particular stream of packets. As a result, data packets belonging to a certain stream or flow can all be processed by the same packet processing unit.
A data packet is usually classified by evaluating the information contained in the data packet header. For example, if the data packet contains the header HDR shown in
FIG. 1
, a network component may classify the data packet as a first type of data packet if the source IP address falls within a first range of source IP addresses, the destination IP address falls within a first range of destination IP addresses, the protocol data falls within a first range of protocol data values, the source port data falls within a first range of source port data values, and the destination port data falls within a first range of destination port data values. On the other hand, the internet component may classify the data packet as a second type of data packet if the source IP address, destination IP address, protocol data, source port data, and destination port data respectively fall within a second range of source IP addresses, a second range of destination IP addresses, a second range of protocol data values, a second range of source port data values, and a second range of destination port data values.
Each group of data value ranges by which a data packet is classified may be considered to be a “rule”. Thus, in the examples above, the data packet is classified as the first type of data packet if its header HDR satisfies a first rule defined by the first range of source IP addresses, destination IP addresses, protocol data values, source port data values, and destination port data values. On the other hand, the data packet is classified as the second type of data packet if its header HDR satisfies a second rule defined by the second range of source IP addresses, destination IP addresses, protocol data values, source port data values, and destination port data values.
After the data packet is classified, the network component is able to determ

LandOfFree

Say what you really think

Search LandOfFree.com for the USA inventors and patents. Rate them and share your experience with other people.

Rating

Apparatus and method for wire-speed classification and... does not yet have a rating. At this time, there are no reviews or comments for this patent.

If you have personal experience with Apparatus and method for wire-speed classification and..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Apparatus and method for wire-speed classification and... will most certainly appreciate the feedback.

Rate now

     

Profile ID: LFUS-PAI-O-3302459

  Search
All data on this website is collected from public sources. Our data reflects the most accurate information available at the time of publication.