431 results about "Traffic classification" patented technology

Methods, apparatuses and systems directed to the coordinated classification of network traffic. In one implementation, the present invention enables a coordinated network environment for traffic classification where an upstream network device classifies a data flow and adds traffic class information to at least one packet in the data flow. Downstream network devices in the communications path to the destination host can use the traffic class information in the modified packet, bypassing at least some of the local traffic classification operations and thereby reducing CPU utilization. In one implementation, the last downstream network device strips the traffic classification information from the modified packet before it is forwarded to the destination host. Embodiments of the invention reduce or eliminate redundant network traffic classification operations performed by a plurality of network devices in a communications path.

Methods, apparatuses and systems directed to an automatic network traffic discovery and classification mechanism that includes dynamically adjusted traffic discovery thresholds. In one implementation, the dynamic discovery thresholds are adjusted based on analysis of one or more operational parameters associated with network traffic discovery, and/or network traffic characteristics. The present invention in one implementation can be configured to dynamically adjust one or more thresholds or range limits that affect the behavior of the automatic traffic classification mechanism, such as the rate at which new traffic classes are added to a traffic classification database. One implementation of the present invention minimizes the user intervention often required with the use of static traffic discovery thresholds.

Methods, apparatuses and systems that facilitate the classification of web services network traffic. In one implementation, the present invention processes interface definitions corresponding to a given Web service to construct a traffic classification configuration for the Web service, including one or more traffic classes and corresponding matching rules or attributes for each traffic class. In one implementation, the present invention automatically creates traffic classes and matching rules that allow for differentiation between the operations supported by a Web service. Implementations of the present invention provide a mechanism allowing for classification of Web services network traffic on a granular basis to enhance network monitoring and analysis tasks, as well as network control functions, such as bandwidth management, security and other functions.

Device, system, and method of classification of communication traffic. For example, a communication traffic classifier includes: a dynamically configurable port and address classifier to classify an unclassified packet based on port and address configuration information received from an application protocol classifier.

A method and system for conveying an arbitrary mixture of high and low latency traffic streams across a common switch fabric implements a multi-dimensional traffic classification scheme, in which multiple orthogonal traffic classification methods are successively implemented for each traffic stream traversing the system. At least two diverse paths are mapped through the switch fabric, each path being optimized to satisfy respective different latency requirements. A latency classifier is adapted to route each traffic stream to a selected path optimized to satisfy latency requirements most closely matching a respective latency requirement of the traffic stream. A prioritization classifier independently prioritizes traffic streams in each path. A fairness classifier at an egress of each path can be used to enforce fairness between responsive and non-responsive traffic streams in each path. This arrangement enables traffic streams having similar latency requirements to traverse the system through a path optimized for those latency requirements.

Methods, apparatuses and systems directed to a flow-based, traffic-classification-aware data collection and reporting system that combine flow-based data collection technologies with enhanced traffic classification functionality to allow for analysis and reporting into aspects of network operations that prior art systems cannot provide. Embodiments provide enhanced views into the operation of computer network infrastructures to facilitate monitoring, administration, compliance and other tasks associated with networks. When a traffic flow terminates, a traffic monitoring device emits a flow data record (FDR) containing measurements variables and other attributes for an individual flow. A data collector gathers the flow data records and enters them into a database. A network management application can then query the database with selected commands to derive reports characterizing operation of the network suitable to diagnose problems or view conditions associated with the network.

As described herein, explicit service ordering information may be associated with each of a plurality of logical services in a service path. A unique sequence number, for example, may be assigned, and associated with each service in the path. The sequence number may be assigned by a service broker in the control plane of a service insertion architecture that provides a platform-independent framework to insert services into a network. The sequence number may represent the relative ordering of the service with respect to the other services in the path. The sequence number, along with a traffic classification identifier, constitutes the shared context that is tagged to the packet injected into the chain which is used in the SIA data plane to virtualize and uniquely select series of services defined in the policy.

Methods apparatuses and systems allowing for an examination of the runtime performance and efficiency of traffic classification configuration associated with bandwidth management and other network devices including network traffic classification functionality. Embodiments of the present invention are operative to identify possible changes to the current traffic classification configurations that improve performance efficiency.

Methods, apparatuses and systems directed to the classification of encrypted network traffic. In one implementation, the present invention facilitates the classification of network traffic that has been encrypted according to a dynamically-created encryption mechanism involving a handshake between two end-systems, such as the SSL and TLS protocols. In one implementation, the present invention observes and analyzes attributes of the handshake between two nodes to enhance the classification of network traffic. In one embodiment, the enhanced classification mechanisms described herein operate seamlessly with other Layer 7 traffic classification mechanisms that operate on attributes of the packets themselves. Implementations of the present invention can be incorporated into a variety of network devices, such as traffic monitoring devices, packet capture devices, firewalls, and bandwidth management devices.

Methods, apparatuses and systems facilitating hierarchical network traffic classification and resource allocation schemes. In one embodiment, the present invention provides traffic classification data structure facilitating creation and configuration of multi-dimensional, hierarchical network resource allocation schemes. The present invention features a hierarchical network traffic classification scheme that allows users to logically embed (or otherwise associate) one or more reference trees within selected traffic class nodes of a given traffic classification tree. In one embodiment, an administrator can create a pool of referenceable traffic classification trees and select such trees or sub-trees from the pool to achieve a variety of different traffic classification configurations. The present invention, in one embodiment, also facilitates the implementation of a system or domain-level workflow interface that features managed access links as configurable objects as opposed to the network devices operating on the access links.

Methods, apparatuses and systems facilitating enhanced classification of network traffic that extends beyond analysis of explicitly presented packet attributes and holistically analyzes data flows, and in some implementations, related data flows against known application behavior patterns to classify the data flows. Implementations of the present invention facilitate the classification of encrypted or compressed network traffic, or where the higher layer information in the data flows are formatted according to a non-public or proprietary protocol.

A method and apparatus for an application aware traffic shaping service node positioned between the access and core networks is described. One embodiment of the invention enforces a per subscriber, per application traffic policy for network traffic between one or more subscribers communicatively connected through an access network and a set of one or more service providers communicatively connected through a core network. According to another embodiment of the invention enforcement of the per subscriber, per application traffic policy comprises classifying the network traffic into application level subscriber flows, maintaining real-time statistics on the application level subscriber flows and overall network element congestion, updating, in real-time, the per subscriber, per application traffic policy based on the real-time statistics and restricting bandwidth and dropping packets on the application level subscriber flows as necessary to enforce the per subscriber, per application traffic policy. Another embodiment of the invention is a passthrough mode where the data traffic is transmitted by the traffic in the same manner as received by the traffic shaping service node. Yet another embodiment of the invention is a combined service node with integral edge routing and traffic aggregator.

Adaptive network traffic classification using historical context. Network traffic may be monitored and classified by considering several attributes using packet filters, regular expressions, context-free grammars, rule sets, and/or protocol dissectors, among other means and by applying a variety of techniques such as signature matching and statistical analysis. Unlike static systems, the classification decisions may be reexamined from time to time or after subsequent processing determines that the traffic does not conform to the protocol specification corresponding to the classification decision. Historical context may be used to adjust the classification strategy for similar or related traffic.

A traffic classifier has a plurality of binary classifiers, each associated with one of a plurality of calibrators. Each calibrator trained to translate an output score of the associated binary classifier into an estimated class probability value using a fitted logistic curve, each estimated class probability value indicating a probability that the packet flow on which the output score is based belongs to the traffic class associated with the binary classifier associated with the calibrator. The classifier training system configured to generate a training data based on network information gained using flow and packet sampling methods. In some embodiments, the classifier training system configured to generate reduced training data sets, one for each traffic class, reducing the training data related to traffic not associated with the traffic class.

An architecture for capture and generation, and a set of methods for characterization, prediction, and classification of traffic in packet networks are disclosed. The architecture consists of a device that stores packet timing information and processes the data so that characterization, prediction, and classification algorithms can perform operations in real-time. A methodology is disclosed for real-time traffic analysis, characterization, prediction, and classification in packet networks. The methodology is based on the simultaneous aggregation of packet arrival times at different times scales. The traffic is represented at the synchronous carrier level by the arrival or non-arrival of a packet. The invention does not require knowledge about the information source, nor needs to decode the information contents of the packets. Only the arrival timing information is required. The invention provides a characterization of the traffic on packet networks suitable for a real-time implementation. The methodology can be applied in real-time traffic classification by training a neural network from calculated second order statistics of the traffic of several known sources. Performance descriptors for the network can also be obtained by calculating the deviation of the traffic distribution from calculated models. Traffic prediction can also be done by training a neural network from a vector of the results of a given processing against a vector of results of the subsequent processing unit; noticing that the latter vector contains information at a larger time scale than the previous. The invention also provides a method of estimating an effective bandwidth measure in real time which can be used for connection admission control and dynamic routing in packet networks. The invention provides appropriate traffic descriptors that can be applied in more efficient traffic control on packet networks.

Methods and apparatus for providing an Anti-Flooding Flow-Control (AFFC) mechanism suitable for use in defending against flooding network Denial-of-Service (N-DoS) attacks is described. Features of the AFFC mechanism include (1) traffic baseline generation, (2) dynamic buffer management, (3) packet scheduling, and (4) optional early traffic regulation. Baseline statistics on the flow rates for flows of data corresponding to different classes of packets are generated. When a router senses congestion, it activates the AFFC mechanism of the present invention. Traffic flows are classified. Elastic traffic is examined to determine if it is responsive to flow control signals. Flows of non-responsive elastic traffic is dropped. The remaining flows are compared to corresponding class baseline flow rates. Flows exceeding the baseline flow rates are subject to forced flow rate reductions, e.g., dropping of packets.

A network application flow classifying recognizing device includes a dynamic flow classifying device which builds a hash table by taking the IP five-tuple array contained in a massage as the key assignments and searches a network flow table by making use of the hash table; a (address, port ) checking matching device which searches an information table of the address to carry through matching on the received messages; a service terminal matching device which carries through matching on the received messages by searching a service port table, a flow/action characteristic matching device which counts the flow characteristic and action characteristic aiming at the front M messages of the flow and carries through matching with the information in a flow/action characteristic mode library; a protocol characteristic code matching device which carries through matching on the front L bytes of the message payload and the protocol characteristic codes of a protocol characteristic code library; a decision device which comprehensively analyzes and judges the application type or application protocol that a network flow belongs to; a network topology detecting device which searches the currently active nodes and uses a node information to dynamically update the information table of the address aiming at various application service.

A system including a storage processing device with an input/output module. The input/output module has port processors to receive and transmit network traffic. The input/output module also has a switch connecting the port processors. Each port processor categorizes the network traffic as fast path network traffic or control path network traffic. The switch routes fast path network traffic from an ingress port processor to a specified egress port processor. The storage processing device also includes a control module to process the control path network traffic received from the ingress port processor. The control module routes processed control path network traffic to the switch for routing to a defined egress port processor. The control module is connected to the input/output module. The input/output module and the control module are configured to interactively support data virtualization, data migration, data journaling, and snapshotting. The distributed control and fast path processors achieve scaling of storage network software. The storage processors provide line-speed processing of storage data using a rich set of storage-optimized hardware acceleration engines. The multi-protocol switching fabric provides a low-latency, protocol-neutral interconnect that integrally links all components with any-to-any non-blocking throughput.

The invention discloses a network flow classifying system and a network flow classifying method combining a DPI and a DFI. The network flow classifying system is formed by combining a DPI service recognizing system module and a DFI flow recognizing system module, wherein the DPI module comprises a flow meter detecting module and a flow recognizing module; and the DFI module comprises a sample acquiring module, a classifier training module and a classifier classifying and predicting module. The sample acquiring module divides data stream capable of being accurately recognized by the flow recognizing module in the DPI into several classes and adopts the data stream as a sample to train the classifier training module so as to acquire a classifying model which can distinguish the class of thenetwork flow; then the flow which can not be recognized by the flow recognizing module of the DPI passes through the classifier classifying and predicting module of the DFI so as to achieve the aim for distinguishing the class of the flow which can not be recognized by the DPI. The invention is more comprehensive than a method for singly using the DPI or the DFI and can accurately recognize a service which is not encrypted in an application layer and distinguish the class of the service which is encrypted in the application layer.

Systems and methods are disclosed for classifying traffic flows. A traffic agent operable to collect classification information for one or more traffic flows may be deployed at an end host communicatively coupled to a data-center network. The traffic agent, deployed in a user space independent of the operating system, may compare the classification information for a given traffic flow to a metric value. Where the classification information achieves a certain threshold indicated by the metric value, the traffic agent may classify the traffic flow as an elephant flow. In some examples, a library may be included with the traffic agent that may include a modified send function. The modified send function may provide classification information to the traffic agent indexed to the traffic flow for which it is called so that the traffic agent may analyze the classification information to potentially provide a classification for the traffic flow.

Methods and apparatus for providing an Anti-Flooding Flow-Control (AFFC) mechanism suitable for use in defending against flooding network Denial-of-Service (N-DoS) attacks is described. Features of the AFFC mechanism include (1) traffic baseline generation, (2) dynamic buffer management, (3) packet scheduling, and (4) optional early traffic regulation. Baseline statistics on the flow rates for flows of data corresponding to different classes of packets are generated. When a router senses congestion, it activates the AFFC mechanism of the present invention. Traffic flows are classified. Elastic traffic is examined to determine if it is responsive to flow control signals. Flows of non-responsive elastic traffic is dropped. The remaining flows are compared to corresponding class baseline flow rates. Flows exceeding the baseline flow rates are subject to forced flow rate reductions, e.g., dropping of packets.

The present invention discloses a method for providing QoS guarantee by an edge router, the edge router transporting user traffic between the access network and core network, the method comprising: creating a service traffic flow classification table; establishing a plurality of label switching paths; configuring the attributes of the label switching paths; classifying and conditioning the service traffic flows entering into the core network at a downlink interface of an edge router according to the service traffic flow classification table; forwarding the processed traffic by an uplink interface of the edge router according to the attributes of the label switching paths. The present invention also discloses an apparatus for providing QoS guarantee by an edge router. Using the present invention, an edge router can provide exact QoS guarantee and QoS routing control for the application flows.

Embodiments of the invention provide a framework for traffic classification that bridges the gap between the packet content inspection and the flow-based behavioral analysis techniques. In particular, IP packets and/or IP flows are used as an input, network nodes are associated to specific network applications by leveraging information gathered from the web, and packet-level and/or flow-level signatures are extracted in an off-line fashion using clustering and signature extraction algorithms. The signatures learned are systematically exported to a traffic classifier that uses the newly available signatures to classify applications on-the-fly.

Hybrid packet traffic flow profiling technology inspects packet headers to classify packet traffic flows using clustering models developed using unsupervised learning based on known packet traffic flows and one or more traffic classification models developed using supervised learning based on the known packet traffic flows.