Processing data packets using a policy based network path

Description

TECHNICAL FIELD

The present invention relates generally to data processing, and more particularly to processing data packets using a policy-based network path.

BACKGROUND

Data networks such as the Internet, enterprise data networks, mobile broadband networks, and cloud networks, have become an integral part of our lives. We use data networks to obtain news, gather product information, reserve a table for dinner, submit a payment, purchase a good, read a book, find a map, make or receive phone calls, conduct or join a conferencing event, participate in a meeting, work on a document, approve a promotion, chat with a friend, watch television and videos, book a plane ticket, and do many other things in our normal lifestyle or work style. Typically, we use a host computing device such as a smartphone, a tablet, a laptop, a personal computer, or a smart television, to communicate with an application service server to perform one or more tasks over a service session. The server is typically a computing device. The service session includes a plurality of data packets routing through a data network.

Currently, a host device sends data packets through the data network to the server device. Conversely the server device sends response data packets through the data network to the host device. The network path, in which data packets traverse from the host device to the server device, is pre-set by the data network using one or more network forwarding protocols such as Internet routing protocols, Ethernet protocols, and other layer 2 or layer 3 protocols. The network path typically consists of network switches and routers.

The data packets of the service session is usually subjected to a number of inspections and controls before the data packets are delivered to the destination host device or server device. These network inspections and controls are performed by special network application appliances. There are security related inspections and controls such as IDS (intrusion detection system), firewall, lawful interception, malware detection and many others. There are company specific security inspections and controls that detects for document transfer, email scan, user access control, and others. There are network traffic inspections and controls such as bandwidth management, quality of service, tariff control and others. There are network monitoring inspections and controls such as rating, sampling, packet tracing and others. There are network optimization inspection and controls such as content caching, data de-duplication, email access optimization, and others.

It is very common for a network administrator to deploy one or more such network inspections and controls to a service session. In order for the inspection and control to function properly, a network administrator must know the preset network path of the service session and deploy the network application appliance along the preset network path. To assure the service session is subjected to the inspection and control function of the deployed network application appliance, the network administrator also needs to engineer and plan the data network such that any changes, due to a change of the network switches and routers, from the preset network path to a new preset network path, the new preset network path needs to include the deployed network application appliance.

Additionally, network inspection and control functions are usually computing and/or resource intensive. When their capacities are reached, the network administrator needs to deploy additional network application appliances or utilize other less busy network application appliances in the data network. Deploying additional network application appliances requires, as mentioned above, careful planning and engineering of the data network in order for the plurality of network application appliances to share the processing or resource load, and to ensure the network paths of a plurality of service sessions to pass through the plurality of network application appliances in an evenly distributed manner. Utilizing other less busy network application appliances is often not possible as the network paths are pre-determined by the networking protocols outside the scope of the network application appliance.

SUMMARY

This summary is provided to introduce a selection of concepts in a simplified form that are further described in the Detailed Description below. This summary is not intended to identify key features or essential features of the claimed subject matter, nor is it intended to be used as an aid in determining the scope of the claimed subject matter.

The present disclosure is related to approaches for processing a data packet using a policy-based network path. Specifically, according to one approach of the present disclosure, a system for mitigating a DDoS attack is provided. The system may include a policy enforcing point and a database configured to store one or more policy-based network paths. The policy enforcing point may be configured to receive, from a client, the data packet associated with a service session. The policy enforcing point may be further configured to determine data packet information associated with the data packet. Based on the data packet information and one or more packet processing criteria, the policy enforcing point may determine the policy-based network path for the data packet. Based on the determination of the policy-based network path, the policy enforcing point may route the data packet along the policy-based network path.

According to another approach of the present disclosure, there is provided a method for processing a data packet using a policy-based network path. The method may commence with receiving the data packet associated with a service session from a client. The method may continue with determining data packet information associated with the data packet. The method may further include determining the policy-based network path for the data packet based on the data packet information and one or more packet processing criteria. The method may continue with routing, based on the determination of the policy-based network path, the data packet along the policy-based network path.

Additional objects, advantages, and features will be set forth in part in the detailed description section of this disclosure, which follows, and in part will become apparent to those skilled in the art upon examination of this specification and the accompanying drawings or may be learned by production or operation of the example embodiments. The objects and advantages of the concepts may be realized and attained by means of the methodologies, instrumentalities, and combinations particularly pointed out in the appended claims.

BRIEF DESCRIPTION OF THE DRAWINGS

Embodiments are illustrated by way of example, and not by limitation, in the figures of the accompanying drawings, in which like references indicate similar elements.

FIG. 1 is a block diagram illustrating an environment within which a method can be implemented for routing a data packet along a policy-based network path from a client to a server.

FIG. 2 is a block diagram of a detailed representation of a client-side policy enforcing point.

FIG. 3 shows a system which implements a method for routing a data packet along a policy-based network path from a server to a client.

FIG. 4 is a block diagram illustrating a server-side policy enforcing point.

FIG. 5 shows a diagrammatic representation of a computing device for a machine in the example electronic form of a computer system, within which a set of instructions for causing the machine to perform any one or more of the methodologies discussed herein can be executed.

DETAILED DESCRIPTION

In various embodiments, a policy-based data network adapts a policy-based data network path for a service session between a client device and an application service server device in order to apply one or more network inspections and controls over the service session.

A policy-based data network may be a data network connected to a plurality of network application appliances, which perform one or more inspection and control functions over a service session. The policy-based data network path may include an indication of one or more network application appliances corresponding to one or more network inspections and controls. The indication may include an order of the one or more network application appliances, where the policy-based data network forwards the data packets of the service session through the one or more network appliances according to the indicated order.

Turning now to the drawings, FIG. 1 shows an example embodiment in which the client device 102 may be a computing device connected to the policy-based data network 104 using a network module of the client device. The client device may be a personal computer, a laptop computer, a tablet, a smartphone, a mobile phone, an Internet phone, a netbook, a home gateway, a broadband gateway, a network appliance, a set top box, a media server, a personal media play, a personal digital assistant, an access gateway, a networking switch, a server computer, a network storage computer, or any computing device comprising a network module and a processor module.

The application service server device or server device 138 may be a server computer connected to the policy-based data network using a network module of the server computer. The application service server device includes a processing module and a storage medium. The storage medium may include executive instructions that, when executed by the processing module of the application service server device, performs a function to serve an application service requested by the client device. The application service server device may serve the application service requested by the client device over a service session 106 where the server device and the client device exchange data packets over the service session. At least some of the data packets of the service session may be processed through the policy-based data network.

The policy-based data network may comprise a plurality of network elements. These network elements may include network switches such as Ethernet switches, ATM switches, optical switches and other data packet switches. These network elements may further include network routers such as IP routers, wireless network elements, or cellular base stations. In various embodiments, data packets of the service session may be processed and forwarded by one or more of these network elements. The policy-based data network may be connected to one or more of these network elements.

In the present embodiment, the policy-based data network may include one or more policy enforcing points 110. A policy enforcing point 110 may be a networking element that includes a processor module, a network module and a storage module 112. The storage module 112 may store a plurality of programming instructions that, when executed by the processor module, perform one or more functions of this invention. The network module may connect to one or more other policy enforcing points 110. The policy enforcing point 110 may connect to a network application appliance 116 performing network inspection, load balancing or control function.

In various embodiments, a policy enforcing point 110 may connect to a network application appliance 116 and send data packets of the service session 106 to the network application appliance 116 according to the policy-based data network path. The policy enforcing point 110 may receive a data packet 108 of the service session 106 from the network application appliance 116. The policy enforcing point 110 determines the data packet to be processed according to the policy-based data network path and processes the data packet based on the policy-based data network path and the network application appliance 116.

In various embodiments, a network application appliance 116 may include a processor module, a network module and a storage module. The storage module may include a plurality of programming instructions which, when executed by the processor module, performs a network application function. A network application function may include one or more security functions such as intrusion detection, malware detection, firewalling, lawful interception, email scanning, or virus detection. A network application function may also include one or more traffic management functions such as bandwidth management, bandwidth tariff policing, quality of services policing, or traffic steering. Additionally, a network application function may include one or more corporate security policing functions such as content detection, file transfer detection, service proxy like web proxy, SSL proxy, or IPSec proxy, application identification, public user identity identification, private user identity identification, access control, or user authentication. Furthermore, a network application function may include one or more service optimization functions such as content caching, email and document caching, data de-duplication, video caching, server load balancing, global server load balancing, or DNS optimization. A network application function may also include one or more traffic tracking functions such as packet counting, statistics sampling, application service rating, or client device rating.

In some embodiments, the policy-based data network path 124, 132, 136 includes a client-side policy enforcing point 126. The client-side policy enforcing point 110 receives a data packet 108 of the service session 106 from the client device 102. The client-side policy enforcing point 110 may select a policy-based network path 124, 132, 136 based on the data packet 108.

The client-side policy enforcing point 110 may retrieve information 140 from the data packet 108. The data packet information may include one or more of the layer 2 information such as a MAC address or a network interface number, layer 3 addresses such as source IP address and destination IP address, layer 4 address information such as source TCP/UDP port, destination TCP/UDP port, and TCP/UDP option, application layer content information such as URL, cookie information, transaction identity, DNS identity, session identity, receiving time of the data packet, and data packet information 114 from a prior data packet. The client-side policy enforcing point 110 may combine the data packet information 140 together with the information from prior data packets 114 of the service session 106 from the client device 102 to perform the selection. The client-side policy enforcing point 110 may also obtain additional information regarding the data packet by querying a network computer 118, based on the retrieved data packet information 140. Data packet information as used herein may refer to the combination of the retrieved information 140 from the data packet 108, the information from prior data packets 114 and the additional information obtained from another computer. The client-side policy enforcing point 110 may use the data packet information 140 to select the policy-based data network path 124, 132, 136.

Turning now to FIG. 2, in some embodiments, the storage module 204 of the client-side policy enforcing point 202 may include a database 206 of policy-based data network paths 208. A policy-based data network path 208 in the database 206 may be associated with a packet processing criterion 210. The client-side policy enforcing point 202 matches the data packet information 214 with the packet processing criterion 210. When the client-side policy enforcing point 202 determines the data packet information 214 matches the packet processing criterion 210, the client-side policy enforcing point 202 may select the policy-based data network path 220. In one embodiment, the packet processing criterion 210 includes a destination IP address, a source IP address, a MAC address, a network interface number, a layer 4 port number, a source layer 4 port number, a destination layer 4 port number, an URL, an user identity, a cookie value, a time value, an identity, other information in the packet or a combination of one or more of the above.

In some embodiments, the policy enforcing point 202 may create a new data packet 218 which comprises the data packet 212 and a protocol header 216 which contains the selected policy-based data network path 220.

In various embodiments, the selected network path 220 includes an order list of policy enforcing points and their associated network application appliances, and may be used to process the data packet 212. In one embodiment, the selected network path 220 includes an order list of network application appliances. The client-side policy enforcing point 202 determines an order list of policy enforcing points corresponding to the order list of network application appliances. Each determined policy enforcing point may connect to the corresponding network application appliance. The client-side policy enforcing point 202 may use the determined order list of policy enforcing points as the selected network path to process the data packet 212.

In other embodiments, the selected network path 220 does not include the client-side policy enforcing point 202. The client-side policy enforcing point 202 updates the selected network path 220 to include the client-side policy enforcing point 202 as the first policy enforcing point. The client-side policy enforcing point 202 may not update the selected network path 220.

Returning now to FIG. 1, in other embodiments, the client-side policy enforcing point 108 may examine the network path 124, 132, 136 and select a next policy enforcing point 126. The client-side policy enforcing point 110 may identify itself in the network path 124, 132, 136. The client-side policy enforcing point 110 may select the policy enforcing point 126 following the client-side policy enforcing point 110 in the order list of policy enforcing points of the network path 124, 132, 136. The client-side policy enforcing point 110 may select the first policy enforcing point in the order list of policy enforcing points of the network path 124, 132, 136 as the next policy enforcing point 126. The client-side policy enforcing point 110 may send the data packet 108 to the next policy enforcing point 126. The client-side policy enforcing point 110 may generate a new data packet 120 based on the data packet 108 and the network path 124, 132, 136, and send the new data packet 120 to the next policy enforcing point 126. The client-side policy enforcing point 110 may then include this data packet 108 into the new data packet 120, and the network path 124, 132, 136. The client-side policy enforcing point 110 may encapsulate the network path 124, 132, 136 into a layer 2 protocol header such as a VLAN header or a MPLS header. The client-side policy enforcing point 110 may also establish a communication session such as an IP tunneling session (IP in IP session, L2TP tunnel, IPSec tunnel), or other tunneling mechanism and generate the new data packet 120 for the tunnel. The client-side policy enforcing point 110 may include the data packet 108 and network path 124, 132, 136 as the content of the new data packet 120.

In the present embodiments, the client-side policy enforcing point 110 may include a portion of the network path 124, 132, 136 in the new data packet 120. The client-side policy enforcing point 110 may include the portion of the order list starting from the next policy enforcing point 126. Alternately, the client-side policy enforcing point 110 may include the entire network path 126 in the new data packet 120.

In various embodiments, the client-side policy enforcing point 110 may send the network path 124, 132, 136 to the next policy enforcing point 126 in a different communication session. The client-side policy enforcing point 110 may also send the network path 124, 132, 136 to the next policy enforcing point 126 prior to sending the data packet 108 or the new data packet 120 to the next policy enforcing point 126.

In the present embodiments, the client-side policy enforcing point 110 may send the data packet 108 or the new data packet 120 to the next policy enforcing point 126 using the policy-based data network. The client-side policy enforcing point 110 may also send the data packet 108 or the new data packet 120 to the next policy enforcing point 126 using the connected network elements.

In various embodiments, a policy enforcing point 126 may receive a client device data packet 108 from another policy enforcing point, such as the client-side policy enforcing point 110. The policy enforcing point 126 may also retrieve the client device data packet 108 from a data packet 120 in a communication session between the policy enforcing point 126 and the other policy enforcing point 134. The policy enforcing point 126 may retrieve a network path 124, 132, 136 associated with the client device data packet 108. The policy enforcing point 126 may further retrieve the network path 124, 132, 136 from the data packet 120 in the communication session between the policy enforcing point 126 and the other policy enforcing point 134. The policy enforcing point 126 may also retrieve the network path 124, 132, 136 received prior to receiving the client device data packet 108.

In various embodiments, the policy enforcing point 126 may examine the order list of policy enforcing points in the network path 124, 132, 136 and select a network application appliance. The policy enforcing point may also identify itself in the order list of policy enforcing points and select an associated network application appliance 130 to itself in the order list of policy enforcing points. Furthermore, the policy enforcing point 126 may select the first associated network application appliance in the order list of policy enforcing points.

The policy enforcing point 126 in the order list in the network path 124, 132, 136 may be associated with a plurality of network application appliances 128, such as an order list of a plurality of network application appliances. The policy enforcing point 126 may select the first associated network application appliance 130 in the order list of a plurality of network application appliances 128.

In some embodiments, the policy enforcing point 126 may send the client device data packet 108 to the selected network application appliance 130. The policy enforcing point 126 may establish a communication session with the selected network application appliance 130 and send the client device data packet 108 over the communication session.

The network application appliance 130 may receive the client device data packet 108, process the client device data packet 108 and send the resulting client device data packet 108 to the policy enforcing point 126. The network application appliance 130 may also modify the client device data packet 108 as a result of processing the client device data packet 108. The network application appliance 130 may send the client device data packet 108 over the communication session with the policy enforcing point 126.

In various embodiments, the policy enforcing point 126 may receive the client device data packet 108 from the network application appliance 130. The policy enforcing point 126 may select a network path 136 for the client device data packet 108. The policy enforcing point 126 may select the previously received network path 124, 132, 136. The policy enforcing point may recognize that the client device data packet 108 may be received from the communication session with the network application appliance 130, and select the previously received network path 124, 132, 136 associated with the communication session. The policy enforcing point 126 may obtain information about the client device data packet 108 similar to the corresponding method employed by the client-side policy enforcing point 108 to obtain the client device data packet information 122. The policy enforcing point 126 may include a database of network paths in its storage module. The policy enforcing point 126 may match the client device data packet information 122 with the database of network paths to select the network path 136.

In various embodiments, the policy enforcing point 126 processes the client device data packet 108 received from the application appliance 130 using the selected network path 132, 136. The policy enforcing point 126 may select a next policy enforcing point 134 from the selected network path. The policy enforcing point 126 may also identify itself in the order list of policy enforcing points in the network path, and select a policy enforcing point immediately following itself in the order list. Alternately, the policy enforcing point 126 may select a first policy enforcing point in the order list.

In various embodiments, the policy enforcing point 126 may send the client device data packet to the next policy enforcing point 134. The policy enforcing point 126 may generate a new data packet using the client device data packet 108 and the network path 132, 136. The policy enforcing point 126 may include a portion of the network path 132, 136 into the new data packet. The policy enforcing point 126 may include the portion of the order list of policy enforcing points starting from the next policy enforcing point 134. Alternately, the policy enforcing point 126 may include the entire network path 124, 132, 136 in the new data packet. In one embodiment, the policy enforcing point 126 includes the client device data packet 108 into the new data packet.

In some embodiments, the policy enforcing point 134 may determine that the retrieved network path does not yield a next policy enforcing point. The network path may be empty, or the policy enforcing point may be the last entry in the order list of policy enforcing points in the network path 124, 132, 136. The policy enforcing point 134 may send the client device data packet to the application service server device 138 indicated in the client device data packet 108. The policy enforcing point 134 may send the client device data packet 108 to the application service server device 138 through the policy-based data network or through the connected network switches. In this embodiment, the policy enforcing point 134 may be a server-side policy enforcing point.

The application service server device 138 may receive the client device data packet 108 and process the data packet 120 from the service session 106. The application service server device 138 may send a data packet towards the client device over the service session 106.

Turning now to FIG. 3, in some embodiments, the server-side policy enforcing point 310 may receive a server device data packet 308 over the service session 306. The server-side policy enforcing point 310 retrieves information 340 from the server device data packet 308. In some embodiments, the server device data packet 308 information 340 includes layer 2 address information such as MAC address, VLAN identity, MPLS label; layer 3 address information such as an IP address, a source IP address, or a destination IP address; layer 4 information such as a source TCP/UDP port number, a destination TCP/UDP port number, TCP/UDP option value; application layer information such as a cookie, an error code, a protocol transaction identity like DNS identity; application content information such as a document file name, a command string; or some other content within the data packet 308.

Referring now to FIG. 4, in some embodiments, the server-side policy enforcing point 402 includes a storage module 404 which contains a database 406 of network paths 408, where each network path in the database may be associated with a packet processing criterion 410. The server-side policy enforcing point 402 matches the server device data packet information 414 against the database 406. The server-side policy enforcing point 402 may determine the server device data packet information 414 matches a packet processing criterion 410 of a network path 408 in the database 406. The server-side policy enforcing point 406 selects the network path.

Returning now to FIG. 3, the server device data packet 308 may also include an indication indicating that the server device data packet 308 may be destined towards the client device 336. The server-side policy enforcing point 310 retrieves the indication and determines the data packet 308 may be a server device data packet.

In other embodiments, the server-side policy enforcing point 310 determines that the server device data packet 308 may be destined towards the client device 336 by examining the layer 2 or layer 3 information of the server device data packet 308. The server device data packet 308 may be an IP packet and the server-side policy enforcing point 310 examines the source IP address, which may be an IP address belonging to a server device. The server-side data packet 308 may be an IP tunnel packet and the server-side policy enforcing point 310 examines the destination IP address, which may be an IP address of the server-side policy enforcing point 310. The server-side data packet 308 may include a VLAN identity and the server-side policy enforcing point 310 may determine that the VLAN identity is a pre-determined identity indicating the server device data packet 308 may be from a server device 302.

In various embodiments, the server-side policy enforcing point 310 examines the selected network path 326, 330, 334. The server-side policy enforcing point 310 may identify itself in the order list of policy enforcing points in the selected network path 326, 330, 334. The server-side policy enforcing point 310 selects itself as the policy enforcing point to process the data packet 308. The server-side policy enforcing point 310 may also determine itself in the order list may be associated with a network application appliance 320, the server-side policy enforcing point 310 sends the server device data packet 308 to the associated network application appliance 320.

In some embodiments, a server-side policy enforcing point 310 determines itself in the order list of policy enforcing points may be not associated with a network application appliance. The server-side policy enforcing point 310 may also select the policy enforcing point in the order list of policy enforcing points preceding itself in the order list. The server-side policy enforcing point 310 may send the server device data packet 308 to the selected policy enforcing point 328.

In an alternate embodiment, a server-side policy enforcing point 332 does not find any policy enforcing point in the order list of preceding policy enforcing points preceding. The server-side policy enforcing point 332 may send the server device data packet 308 to the client device 336.

If a server-side policy enforcing point 328 does not find itself in the order list of policy enforcing points in the selected network path 326, 330, 334, the server-side policy enforcing point 328 may select a last entry policy enforcing point 332 in the order list of policy enforcing points. The server-side policy enforcing point 328 sends the server device data packet 308 to the selected policy enforcing point 332.

In one embodiment, a server-side policy enforcing point 332 fails to select a policy enforcing point from the order list of policy enforcing points in the selected network path 326, 330, 334, and the server-side policy enforcing point 332 consequently sends the server device data packet 308 to the client device 436.

In some embodiments, a network application appliance 320 receives a server device data packet 308, processes the data packet 308, and sends the server device data packet 308 to a policy enforcing point 310. The network application appliance 320 may also modify the server device data packet 308 prior to sending to the policy enforcing point 310.

In various embodiments, a policy enforcing point 328 receives a server device data packet 322 from a network application appliance 332. The policy enforcing point 328 selects a network path 330, 334 to process the server device data packet 322. The policy enforcing point may retrieve the network path 330, 334 from the server device data packet 322. The policy enforcing point 328 may retrieve information 324 about the server device data packet 322 and select the network path 330, 334 using the server device data packet information 324. The policy enforcing point 328 may determine that the server device data packet 322 is destined towards the client device 336, by either obtaining an indication inside the server device data packet 322 or examining the layer 2 or layer 3 information of the server device data packet 322, as illustrated earlier.

The policy enforcing point 328 may select a policy enforcing point 332 or a network application appliance 338 from the order list of policy enforcing points of the selected network path, using a similar process illustrated herein in the embodiments for a server-side policy enforcing point. The policy enforcing point sends the server device data packet 322 to the selected policy enforcing point 332, or to the selected network application appliance 338.

In some embodiments, the policy enforcing point 332 may fail to select a policy enforcing point or a network application appliance, and consequently may send the server device data packet 322 to the client device 336.

In various embodiments, the policy-based data network 304 may connect to a network computer 318. The policy enforcing points 310, 328, 332 of the policy-based data network 304 may access the network computer 318. The network computer may be considered as a portion of the storage module 312 of each policy enforcing point.

The network computer 318 may include a database of network paths, which may be accessible to a policy enforcing point 310. When a policy enforcing point 310 accesses a database of network paths 314, the policy enforcing point 318 may access the database of network paths in the network computer 318. A network path in the network computer 318 may be associated to a network path identity. When a policy enforcing point 310 incorporates a network path 326 into a data packet illustrated in FIG. 2 for an embodiment described earlier in this invention, the policy enforcing point 310 may include a network path identity associated to the network path 326 into the data packet 322. When a policy enforcing point 328 retrieves a network path from a data packet 322, the policy enforcing point 328 may retrieve a network path identity from the data packet, match the network path identity with the network computer 318 and retrieve the network path 326 wherein the retrieved network path identity from the data packet 322 matches a network path identity associated to the retrieved network path 326 from the network computer 418.

In various embodiments, the network computer 318 may be a computing device connected to the policy-based data network 304, or a distributed database. The network computer 318 may include storage modules of one or more policy enforcing points 310, 328, 332 in the policy-based data network 304.

In some embodiments, the policy-based data network may be connected to a policy controller. The policy controller may be a network computing device comprising a storage module, a processor module and a network module. The network module of the policy controller may connect to the policy-based data network. The storage module of the policy controller includes one or more programming instructions which when executed by the processor module performs one or more functions illustrated herein.

In some embodiments, the policy controller may send a network path to a policy enforcing point wherein the policy enforcing point stores the network path into its storage module. The policy controller may also send a network path to be stored in the network storage. In various embodiments, a policy enforcing point receives all the network paths in its storage module from the policy controller. The network storage may also receive all the network paths from the policy controller.

The policy controller may also include the network storage, and store the network path into the network storage.

In various embodiments, a policy-based network path includes an indication to a plurality of network inspection and control functions which are associated to a plurality of network application appliances corresponding to the network inspection and control functions. A policy enforcing point selects a network application appliance associated to a network inspection and control function to process a client device or server device data packet.

A policy enforcing point may include functionality to perform a network inspection and control function. A policy enforcing point may also perform as a network application appliance.

In some embodiments, a network application appliance may include a plurality of devices serving the associated network inspection or control function. A network application appliance may also include a cluster of devices, a virtual chassis of devices, or a plurality of devices distributed over a data network. In various embodiments, a policy enforcing point selects a device of the network application appliance.

A policy enforcing point may modify a network path based on the information obtained from a client device or server device data packet. A policy enforcing point may also modify the network path by inserting another policy enforcing point and/or another network application appliance/network inspection or control function into the network path. Further, a policy enforcing point may remove or replace a policy enforcing point, a network application appliance or a network inspection or control function from the network path.

A server-side policy enforcing point may select a network path different from the network path used in processing the client-side data packet of the service session. In some embodiments, both the server-side policy and the client-side policy can process the data packets containing information concerning corporate information security policy, document transfer, virus scanning, phishing, email scanning, and the like. The client-side policy can also process data packets containing information concerning corporate information policy, document transfer, virus scanning, and the like. Additionally, the client-side can enable checking the data packets for intrusion, distributed denial of services (DDOS) attacks, network scanning, and so forth.

When processing a current client device data packet, a client-side policy enforcing point may retrieve the network path, selected to process a prior client device data packet of the service session, to process the current client device data packet.

In various embodiments, the client device establishes a service with the service device where the service includes a plurality of service sessions. The service may be a SIP service, an FTP service, a video conferencing service, or a collaboration service. In one embodiment, the client-side policy enforcing point selects a network path to process a first service session of the service. The client-side policy enforcing point stores the relationship between the selected network path with the service into its storage module. When the client-side policy enforcing point processes a client device data packet of a second service session, the client-side policy enforcing point determines that the second service session, based on the client device data packet information, may be associated to the service. The client-side policy enforcing point retrieves from its storage module the network path of the service and uses the retrieved network path to process the client device data packet of the second service session. The client-side policy enforcing point may also select a network path different from the network path of the first service session to process the second service session. The client-side policy enforcing point may use a network path to process a SIP signaling session of a SIP service and use a different network path to process a SIP media session of the SIP service. The client-side policy enforcing point may use a network path to process an FTP control session of an FTP service and use a different network path to process an FTP data session of the FTP service.

In various embodiments, the client-side policy enforcement point processes a prior data packet of the service session and stores the selected network path processing the prior data packet, and the prior data packet information in the storage module of the client-side policy enforcement point. The client-side policy enforcement point subsequently receives a data packet of the service session. The client-side policy enforcement point combines the current data packet information and the prior data packet information to determine a change to the selected network path for the prior data packet. The client-side policy enforcement point modifies the selected network path to become the selected network path to process the current data packet.

The various embodiments, implementations and features of the invention noted above can be combined in various ways or used separately. Those skilled in the art will understand from the description that the invention can be equally applied to or used in other various different settings with respect to various combinations, embodiments, implementations or features provided in the description herein.

Numerous specific details are set forth in order to provide a thorough understanding of the present invention. However, it will become obvious to those skilled in the art that the invention may be practiced without these specific details. The description and representation herein are the common meanings used by those experienced or skilled in the art to most effectively convey the substance of their work to others skilled in the art. In other instances, well-known methods, procedures, components, and circuitry have not been described in detail to avoid unnecessarily obscuring aspects of the present invention.

Also, in this specification, reference to “one embodiment,” “an embodiment,” “various embodiments,” or “some embodiments” means that a particular feature, structure, or characteristic described in connection with the embodiment can be included in at least one embodiment of the invention. The appearances of these phrases in various places in the specification are not necessarily all referring to the same embodiment, nor are separate or alternative embodiments mutually exclusive of other embodiments. Further, the order of blocks in process flowcharts or diagrams, if any, representing one or more embodiments of the invention do not inherently indicate any particular order nor imply any limitations in the invention.

Other embodiments of the invention will be apparent to those skilled in the art from a consideration of this specification or practice of the invention disclosed herein. It is intended that the specification and examples be considered as exemplary only, with the true scope and spirit of the invention being indicated by the following claims.

The invention can be implemented in software, hardware or a combination of hardware and software. A number of embodiments of the invention can also be embodied as computer readable code on a computer readable medium. The computer readable medium may be any data storage device that can store data which can thereafter be read by a computer system. Examples of the computer readable medium include read-only memory, random-access memory, CD-ROMs, magnetic tape, optical data storage devices, solid state storage drives, hard disk drives, and carrier waves. The computer readable medium can also be distributed over network-coupled computer systems so that the computer readable code may be stored and executed in a distributed fashion.

FIG. 5 shows a diagrammatic representation of a machine in the example electronic form of a computer system 500, within which a set of instructions for causing the machine to perform any one or more of the methodologies discussed herein may be executed. In various example embodiments, the machine operates as a standalone device or may be connected (e.g., networked) to other machines. In a networked deployment, the machine may operate in the capacity of a server or a client machine in a server-client network environment, or as a peer machine in a peer-to-peer (or distributed) network environment. The machine may be a PC, a tablet PC, a set-top box (STB), a cellular telephone, a portable music player (e.g., a portable hard drive audio device such as an Moving Picture Experts Group Audio Layer 3 (MP3) player), a web appliance, a network router, switch or bridge, or any machine capable of executing a set of instructions (sequential or otherwise) that specify actions to be taken by that machine. Further, while only a single machine is illustrated, the term “machine” shall also be taken to include any collection of machines that individually or jointly execute a set (or multiple sets) of instructions to perform any one or more of the methodologies discussed herein.

The example computer system 500 includes a processor or multiple processors 502 (e.g., a central processing unit (CPU), a graphics processing unit (GPU), or both), a main memory 504 and a static memory 506, which communicate with each other via a bus 508. The computer system 500 may further include a video display unit 510 (e.g., a liquid crystal display (LCD) or a cathode ray tube (CRT)). The computer system 500 may also include an alphanumeric input device 512 (e.g., a keyboard), a cursor control device 514 (e.g., a mouse), a disk drive unit 516, a signal generation device 518 (e.g., a speaker), and a network interface device 520.

The disk drive unit 516 includes a non-transitory computer-readable medium 522, on which is stored one or more sets of instructions and data structures (e.g., instructions 524) embodying or utilized by any one or more of the methodologies or functions described herein. The instructions 524 may also reside, completely or at least partially, within the main memory 504 and/or within the processors 502 during execution thereof by the computer system 500. The main memory 504 and the processors 502 may also constitute machine-readable media.

The instructions 524 may further be transmitted or received over a network 526 via the network interface device 520 utilizing any one of a number of well-known transfer protocols (e.g., Hyper Text Transfer Protocol (HTTP)).

While the computer-readable medium 522 is shown in an example embodiment to be a single medium, the term “computer-readable medium” should be taken to include a single medium or multiple media (e.g., a centralized or distributed database and/or associated caches and servers) that store the one or more sets of instructions. The term “computer-readable medium” shall also be taken to include any medium that is capable of storing, encoding, or carrying a set of instructions for execution by the machine and that causes the machine to perform any one or more of the methodologies of the present application, or that is capable of storing, encoding, or carrying data structures utilized by or associated with such a set of instructions. The term “computer-readable medium” shall accordingly be taken to include, but not be limited to, solid-state memories, optical and magnetic media, and carrier wave signals. Such media may also include, without limitation, hard disks, floppy disks, flash memory cards, digital video disks, random access memory (RAMs), read only memory (ROMs), and the like.

The example embodiments described herein can be implemented in an operating environment comprising computer-executable instructions (e.g., software) installed on a computer, in hardware, or in a combination of software and hardware. The computer-executable instructions can be written in a computer programming language or can be embodied in firmware logic. If written in a programming language conforming to a recognized standard, such instructions can be executed on a variety of hardware platforms and for interfaces to a variety of operating systems. Although not limited thereto, computer software programs for implementing the present method can be written in any number of suitable programming languages such as, for example, Hypertext Markup Language (HTML), Dynamic HTML, Extensible Markup Language (XML), Extensible Stylesheet Language (XSL), Document Style Semantics and Specification Language (DSSSL), Cascading Style Sheets (CSS), Synchronized Multimedia Integration Language (SMIL), Wireless Markup Language (WML), Java™, Jini™, C, C++, Perl, UNIX Shell, Visual Basic or Visual Basic Script, Virtual Reality Markup Language (VRML), ColdFusion™ or other compilers, assemblers, interpreters or other computer languages or platforms.

Thus, methods and systems for processing data packets using policy-based networks have been described. Although embodiments have been described with reference to specific example embodiments, it will be evident that various modifications and changes can be made to these example embodiments without departing from the broader spirit and scope of the present application. Accordingly, the specification and drawings are to be regarded in an illustrative rather than a restrictive sense.

Claims

1. A system for processing a data packet using a policy-based network path, the system comprising: a policy enforcing point that: receives, from a client, the data packet associated with a service session, the policy enforcing point being associated with a plurality of network application appliances configured to process data packets;determines data packet information associated with the data packet;based on the data packet information and one or more packet processing criteria, selects the policy-based network path for the data packet from a database storing the one or more packet processing criteria and a plurality of policy-based network paths, the policy-based network path including an order list of the plurality of network application appliances associated with a plurality of policy enforcing points;based on the order list of the plurality of network application appliances, sends the data packet to a first network application appliance of the order list of the plurality of network application appliances, the first network application appliance being associated with the policy enforcing point;receives the data packet back from the first network application appliance upon processing the data packet by the network application appliance;based on the determination of the policy-based network path, generates a further data packet by encapsulating the data packet and the policy-based network path into the further data packet; androutes the further data packet to a further policy enforcing point of the plurality of policy enforcing points in the policy-based network path, wherein the further policy enforcing point determines the policy-based network path by retrieving the policy-based network path from the further data packet; andthe database configured to store the plurality of policy-based network paths.
2. The system of claim 1, wherein the data packet information includes one or more of the following: information associated with content of the data packet, information associated with one or more prior data packets of the session, and further information obtained from a network computer.
3. The system of claim 1, wherein the data packet information includes one or more of the following: a Media Access Control (MAC) address, a network interface number, a source Internet Protocol (IP) address, a destination IP address, a source Transmission Control Protocol (TCP)/User Datagram Protocol (UDP) port, a destination TCP/UDP port, a TCP/UDP option, a Uniform Resource Locator (URL), cookie information, a Domain Name System (DNS) identity, a service session identity, a receiving time of the data packet, an error code, a document file name, and a command string.
4. The system of claim 1, wherein each of the plurality of policy enforcing points is in communication with at least one network application appliance of the plurality of network application appliances, the data packet being routed through the plurality of policy enforcing points according to the order list.
5. The system of claim 1, wherein the policy enforcing point is configured to examine the policy-based network path, select a next policy enforcing point on the policy-based network path, and forward the data packet to the next policy enforcing point.
6. The system of claim 1, wherein the policy enforcing point is further configured to: send the further data packet to a next policy enforcing point, the further data packet including the data packet and the policy-based network path.
7. The system of claim 6, wherein the policy enforcing point encapsulates the policy-based network path into a protocol header of the further data packet.
8. The system of claim 1, wherein the policy enforcing point further: establishes a tunneling communication session; andwherein the further data packet is adopted for the tunneling communication session.
9. A computer-implemented method for processing a data packet using a policy-based network path, the method comprising: receiving from a client, by a policy enforcing point, the data packet associated with a service session, the policy enforcing point being associated with a plurality of network application appliances configured to process data packets;determining, by the policy enforcing point, data packet information associated with the data packet;based on the data packet information and one or more packet processing criteria, selecting, by the policy enforcing point, the policy-based network path for the data packet from a database storing the one or more packet processing criteria and a plurality of policy-based network paths, the policy-based network path including an order list of the plurality of network application appliances associated with a plurality of policy enforcing points;based on the order list of the plurality of network application appliances, sending, by the policy enforcing point, the data packet to a first network application appliance of the order list of the plurality of network application appliances, the first network application appliance being associated with the policy enforcing point;receiving, by the policy enforcing point, the data packet back from the first network application appliance upon processing the data packet by the network application appliance;based on the determination of the policy-based network path, generating a further data packet by encapsulating the data packet and the policy-based network path into the further data packet; androuting, by the policy enforcing point, the further data packet to a further policy enforcing point of the plurality of policy enforcing points in the policy-based network path, wherein the further policy enforcing point determines the policy-based network path by retrieving the policy-based network path from the further data packet.
10. The computer-implemented method of claim 9, wherein the data packet information includes one or more of the following: information associated with content of the data packet, information associated with one or more prior data packet of the session, and further information obtained from a network computer.
11. The computer-implemented method of claim 9, wherein the data packet information includes one or more of the following: a Media Access Control (MAC) address, a network interface number, a source Internet Protocol (IP) address, a destination IP address, a source Transmission Control Protocol (TCP)/User Datagram Protocol (UDP) port, a destination TCP/UDP port, a TCP/UDP option, a Uniform Resource Locator (URL), cookie information, a Domain Name System (DNS) identity, a service session identity, a receiving time of the data packet, an error code, a document file name, and a command string.
12. The computer-implemented method of claim 9, wherein each of the plurality of policy enforcing points is in communication with at least one network application appliance of the plurality of network application appliances, the data packet being routed by the policy enforcing point through the plurality of policy enforcing points according to the order list.
13. The computer-implemented method of claim 9, further comprising: examining, by the policy enforcing point, the policy-based network path;selecting, by the policy enforcing point, a next policy enforcing point on the policy-based network path; andforwarding, by the policy enforcing point, the data packet to the next policy enforcing point.
14. The computer-implemented method of claim 9, further comprising: sending the further data packet to a next policy enforcing point, the further data packet including the data packet and the policy-based network path.
15. The computer-implemented method of claim 9, further comprising encapsulating, by the policy enforcing point, the policy-based network path into a protocol header of the further data packet.
16. The computer-implemented method of claim 9, further comprising: establishing, by the policy enforcing point, a tunneling communication session; andgenerating, by the policy enforcing point, a new data packet adapted for the tunneling communication session, the new data packet incorporating the data packet.
17. The computer-implemented method of claim 9, wherein the data packet is sent to a next policy enforcing point in a further communication session.
18. The computer-implemented method of claim 9, further comprising sending, by the policy enforcing point, the policy-based network path to a next policy enforcing point prior to sending the data packet to the next policy enforcing point.
19. A system for processing a data packet using a policy-based network path, the system comprising: a policy enforcing point that: receives, from a client, the data packet associated with a service session, the policy enforcing point being associated with a plurality of network application appliances configured to process data packets;determines data packet information associated with the data packet;based on the data packet information and one or more packet processing criteria, selects the policy-based network path for the data packet from a database storing the one or more packet processing criteria and a plurality of policy-based network paths, wherein the policy-based network path includes an order list of the plurality of network application appliances associated with a plurality of policy enforcing points, each of the plurality of policy enforcing points being in communication with at least one network application appliance of the plurality of network application appliances;based on the order list of the plurality of network application appliances, sends the data packet to a first network application appliance of the order list of the plurality of network application appliances, the first network application appliance being associated with the policy enforcing point;receives the data packet back from the first network application appliance upon processing the data packet by the network application appliance; andbased on the determination of the policy-based network path, generates a further data packet by encapsulating the data packet and the policy-based network path into the further data packet; androutes the further data packet to a further policy enforcing point of the plurality of policy enforcing points in the policy-based network path, the further data packet being routed through the plurality of policy enforcing points according to the order list, wherein the further policy enforcing point determines the policy-based network path by retrieving the policy-based network path from the further data packet; andthe database configured to store the plurality of policy-based network paths.

CROSS-REFERENCE TO RELATED APPLICATIONS

This patent application is a continuation of U.S. patent application Ser. No. 14/214,142, filed Mar. 14, 2014, which claims the priority benefit of U.S. Provisional Patent Application No. 61/799,244, filed Mar. 15, 2013, the disclosures of which are incorporated by reference herein in their entirety.

US Referenced Citations (515)

Number	Name	Date	Kind
4403286	Fry et al.	Sep 1983	A
4495570	Kitajima et al.	Jan 1985	A
4577272	Ballew et al.	Mar 1986	A
4720850	Oberlander et al.	Jan 1988	A
4864492	Blakely-Fogel et al.	Sep 1989	A
4882699	Evensen	Nov 1989	A
5031089	Liu et al.	Jul 1991	A
5218602	Grant et al.	Jun 1993	A
5218676	Ben-Ayed et al.	Jun 1993	A
5293488	Riley et al.	Mar 1994	A
5341477	Pitkin et al.	Aug 1994	A
5432908	Heddes et al.	Jul 1995	A
5537542	Eilert et al.	Jul 1996	A
5563878	Blakeley et al.	Oct 1996	A
5603029	Aman et al.	Feb 1997	A
5675739	Eilert et al.	Oct 1997	A
5740371	Wallis	Apr 1998	A
5751971	Dobbins et al.	May 1998	A
5754752	Sheh et al.	May 1998	A
5774660	Brendel et al.	Jun 1998	A
5774668	Choquier et al.	Jun 1998	A
5796936	Watabe et al.	Aug 1998	A
5812771	Fee et al.	Sep 1998	A
5828847	Gehr et al.	Oct 1998	A
5835724	Smith	Nov 1998	A
5867636	Walker	Feb 1999	A
5867661	Bittinger et al.	Feb 1999	A
5875296	Shi et al.	Feb 1999	A
5917997	Bell et al.	Jun 1999	A
5918017	Attanasio et al.	Jun 1999	A
5923854	Bell et al.	Jul 1999	A
5931914	Chiu	Aug 1999	A
5935207	Logue et al.	Aug 1999	A
5935215	Bell et al.	Aug 1999	A
5941988	Bhagwat et al.	Aug 1999	A
5944794	Okamoto et al.	Aug 1999	A
5946686	Schmuck et al.	Aug 1999	A
5951650	Bell et al.	Sep 1999	A
5951694	Choquier et al.	Sep 1999	A
5958053	Denker	Sep 1999	A
5995981	Wikstrom	Nov 1999	A
6003069	Cavill	Dec 1999	A
6006264	Colby et al.	Dec 1999	A
6006269	Phaal	Dec 1999	A
6031978	Cotner et al.	Feb 2000	A
6041357	Kunzelman et al.	Mar 2000	A
6047268	Bartoli et al.	Apr 2000	A
6076108	Courts et al.	Jun 2000	A
6088728	Bellemore et al.	Jul 2000	A
6098093	Bayeh et al.	Aug 2000	A
6104717	Coile et al.	Aug 2000	A
6119174	Borowsky et al.	Sep 2000	A
6128279	O'Neil et al.	Oct 2000	A
6131163	Wiegel	Oct 2000	A
6141759	Braddy	Oct 2000	A
6185598	Farber et al.	Feb 2001	B1
6219706	Fan et al.	Apr 2001	B1
6223205	Harchol-Balter et al.	Apr 2001	B1
6223287	Douglas et al.	Apr 2001	B1
6247057	Barrera, III	Jun 2001	B1
6249820	Dobbins et al.	Jun 2001	B1
6252878	Locklear, Jr. et al.	Jun 2001	B1
6259705	Takahashi et al.	Jul 2001	B1
6262976	McNamara	Jul 2001	B1
6286039	Van Home et al.	Sep 2001	B1
6314463	Abbott et al.	Nov 2001	B1
6317786	Yamane et al.	Nov 2001	B1
6321338	Porras et al.	Nov 2001	B1
6324177	Howes et al.	Nov 2001	B1
6330560	Harrison et al.	Dec 2001	B1
6339423	Sampson et al.	Jan 2002	B1
6353614	Borella et al.	Mar 2002	B1
6363075	Huang et al.	Mar 2002	B1
6363081	Gase	Mar 2002	B1
6374300	Masters	Apr 2002	B2
6374359	Shrader et al.	Apr 2002	B1
6381632	Lowell	Apr 2002	B1
6393475	Leong et al.	May 2002	B1
6397261	Eldridge et al.	May 2002	B1
6430622	Aiken, Jr. et al.	Aug 2002	B1
6445704	Howes et al.	Sep 2002	B1
6446225	Robsman et al.	Sep 2002	B1
6459682	Ellesson et al.	Oct 2002	B1
6490682	Vanstone et al.	Dec 2002	B2
6496866	Attanasio et al.	Dec 2002	B2
6510464	Grantges, Jr. et al.	Jan 2003	B1
6515988	Eldridge et al.	Feb 2003	B1
6542926	Zalewski et al.	Apr 2003	B2
6564215	Hsiao et al.	May 2003	B1
6567857	Gupta et al.	May 2003	B1
6578066	Logan et al.	Jun 2003	B1
6587866	Modi et al.	Jul 2003	B1
6591262	MacLellan et al.	Jul 2003	B1
6594268	Aukia et al.	Jul 2003	B1
6598167	Devine et al.	Jul 2003	B2
6606315	Albert et al.	Aug 2003	B1
6609150	Lee et al.	Aug 2003	B2
6611498	Baker et al.	Aug 2003	B1
6650641	Albert et al.	Nov 2003	B1
6657974	Britton et al.	Dec 2003	B1
6697354	Borella et al.	Feb 2004	B1
6701377	Burmann et al.	Mar 2004	B2
6704317	Dobson	Mar 2004	B1
6711618	Danner et al.	Mar 2004	B1
6714979	Brandt et al.	Mar 2004	B1
6718383	Hebert	Apr 2004	B1
6742126	Mann et al.	May 2004	B1
6745229	Gobin et al.	Jun 2004	B1
6748413	Bournas	Jun 2004	B1
6748414	Bournas	Jun 2004	B1
6760758	Lund et al.	Jul 2004	B1
6763370	Schmeidler et al.	Jul 2004	B1
6763468	Gupta et al.	Jul 2004	B2
6772333	Brendel	Aug 2004	B1
6772334	Glawitsch	Aug 2004	B1
6779017	Lamberton et al.	Aug 2004	B1
6779033	Watson et al.	Aug 2004	B1
6877095	Allen	Apr 2005	B1
6886044	Miles et al.	Apr 2005	B1
6892307	Wood et al.	May 2005	B1
6941384	Aiken, Jr. et al.	Sep 2005	B1
6952728	Alles et al.	Oct 2005	B1
6954784	Aiken, Jr. et al.	Oct 2005	B2
6963917	Callis et al.	Nov 2005	B1
6965930	Arrowood et al.	Nov 2005	B1
6996617	Aiken, Jr. et al.	Feb 2006	B1
6996631	Aiken, Jr. et al.	Feb 2006	B1
7010605	Dharmarajan	Mar 2006	B1
7013482	Krumel	Mar 2006	B1
7058600	Combar et al.	Jun 2006	B1
7058718	Fontes et al.	Jun 2006	B2
7058789	Henderson et al.	Jun 2006	B2
7069438	Balabine et al.	Jun 2006	B2
7076555	Orman et al.	Jul 2006	B1
7120697	Aiken, Jr. et al.	Oct 2006	B2
7143087	Fairweather	Nov 2006	B2
7167927	Philbrick et al.	Jan 2007	B2
7181524	Lele	Feb 2007	B1
7188181	Squier et al.	Mar 2007	B1
7218722	Turner et al.	May 2007	B1
7225249	Barry et al.	May 2007	B1
7228359	Monteiro	Jun 2007	B1
7234161	Maufer et al.	Jun 2007	B1
7236457	Joe	Jun 2007	B2
7254133	Govindarajan et al.	Aug 2007	B2
7269850	Govindarajan et al.	Sep 2007	B2
7277963	Dolson et al.	Oct 2007	B2
7301899	Goldstone	Nov 2007	B2
7308499	Chavez	Dec 2007	B2
7310686	Uysal	Dec 2007	B2
7328267	Bashyam et al.	Feb 2008	B1
7334232	Jacobs et al.	Feb 2008	B2
7337241	Boucher et al.	Feb 2008	B2
7343399	Hayball et al.	Mar 2008	B2
7349970	Clement et al.	Mar 2008	B2
7370353	Yang	May 2008	B2
7391725	Huitema et al.	Jun 2008	B2
7398317	Chen et al.	Jul 2008	B2
7423977	Joshi	Sep 2008	B1
7430611	Aiken, Jr. et al.	Sep 2008	B2
7430755	Hughes et al.	Sep 2008	B1
7463648	Eppstein et al.	Dec 2008	B1
7467202	Savchuk	Dec 2008	B2
7472190	Robinson	Dec 2008	B2
7492766	Cabeca et al.	Feb 2009	B2
7506360	Wilkinson et al.	Mar 2009	B1
7509369	Tormasov	Mar 2009	B1
7512980	Copeland et al.	Mar 2009	B2
7533409	Keane et al.	May 2009	B2
7552323	Shay	Jun 2009	B2
7584262	Wang et al.	Sep 2009	B1
7584301	Joshi	Sep 2009	B1
7590736	Hydrie et al.	Sep 2009	B2
7613193	Swami et al.	Nov 2009	B2
7613822	Joy et al.	Nov 2009	B2
7673072	Boucher et al.	Mar 2010	B2
7675854	Chen et al.	Mar 2010	B2
7703102	Eppstein et al.	Apr 2010	B1
7707295	Szeto et al.	Apr 2010	B1
7711790	Barrett et al.	May 2010	B1
7747748	Allen	Jun 2010	B2
7765328	Bryers et al.	Jul 2010	B2
7792113	Foschiano et al.	Sep 2010	B1
7808994	Vinokour et al.	Oct 2010	B1
7826487	Mukerji et al.	Nov 2010	B1
7881215	Daigle et al.	Feb 2011	B1
7948952	Hurtta et al.	May 2011	B2
7965727	Sakata et al.	Jun 2011	B2
7970934	Patel	Jun 2011	B1
7979585	Chen et al.	Jul 2011	B2
7983258	Ruben et al.	Jul 2011	B1
7990847	Leroy et al.	Aug 2011	B1
7991859	Miller et al.	Aug 2011	B1
8019870	Eppstein et al.	Sep 2011	B1
8032634	Eppstein et al.	Oct 2011	B1
8090866	Bashyam et al.	Jan 2012	B1
8099492	Dahlin et al.	Jan 2012	B2
8122116	Matsunaga et al.	Feb 2012	B2
8179809	Eppstein et al.	May 2012	B1
8185651	Moran et al.	May 2012	B2
8191106	Choyi et al.	May 2012	B2
8224971	Miller et al.	Jul 2012	B1
8234650	Eppstein et al.	Jul 2012	B1
8239445	Gage et al.	Aug 2012	B1
8255644	Sonnier et al.	Aug 2012	B2
8266235	Jalan et al.	Sep 2012	B2
8296434	Miller et al.	Oct 2012	B1
8312507	Chen et al.	Nov 2012	B2
8379515	Mukerji	Feb 2013	B1
8499093	Grosser et al.	Jul 2013	B2
8539075	Bali et al.	Sep 2013	B2
8554929	Szeto et al.	Oct 2013	B1
8560693	Wang et al.	Oct 2013	B1
8584199	Chen et al.	Nov 2013	B1
8595791	Chen et al.	Nov 2013	B1
RE44701	Chen et al.	Jan 2014	E
8675488	Sidebottom et al.	Mar 2014	B1
8681610	Mukerji	Mar 2014	B1
8750164	Casado et al.	Jun 2014	B2
8782221	Han	Jul 2014	B2
8813180	Chen et al.	Aug 2014	B1
8826372	Chen et al.	Sep 2014	B1
8879427	Krumel	Nov 2014	B2
8885463	Medved et al.	Nov 2014	B1
8897154	Jalan et al.	Nov 2014	B2
8965957	Barros	Feb 2015	B2
8977749	Han	Mar 2015	B1
8989192	Foo	Mar 2015	B2
8990262	Chen et al.	Mar 2015	B2
9094364	Jalan et al.	Jul 2015	B2
9106561	Jalan et al.	Aug 2015	B2
9118618	Davis	Aug 2015	B2
9118620	Davis	Aug 2015	B1
9154577	Jalan et al.	Oct 2015	B2
9154584	Han	Oct 2015	B1
9215275	Kannan et al.	Dec 2015	B2
9219751	Chen et al.	Dec 2015	B1
9253152	Chen et al.	Feb 2016	B1
9270705	Chen et al.	Feb 2016	B1
9270774	Jalan et al.	Feb 2016	B2
9338225	Jalan et al.	May 2016	B2
9350744	Chen et al.	May 2016	B2
9356910	Chen et al.	May 2016	B2
9386088	Zheng et al.	Jul 2016	B2
9497201	Chen et al.	Nov 2016	B2
9531846	Han et al.	Dec 2016	B2
9544364	Jalan et al.	Jan 2017	B2
9602442	Han	Mar 2017	B2
9609052	Jalan et al.	Mar 2017	B2
9661026	Chen et al.	May 2017	B2
9705800	Sankar et al.	Jul 2017	B2
9742879	Davis	Aug 2017	B2
9843484	Sankar et al.	Dec 2017	B2
9900252	Chiong	Feb 2018	B2
9906422	Jalan et al.	Feb 2018	B2
9906591	Jalan et al.	Feb 2018	B2
9942152	Jalan et al.	Apr 2018	B2
9942162	Golshan et al.	Apr 2018	B2
9954899	Chen et al.	Apr 2018	B2
9960967	Chen et al.	May 2018	B2
9961135	Kannan et al.	May 2018	B2
9979801	Jalan et al.	May 2018	B2
9986061	Jalan et al.	May 2018	B2
9992107	Jalan et al.	Jun 2018	B2
10002141	Jalan et al.	Jun 2018	B2
20010015812	Sugaya	Aug 2001	A1
20010049741	Skene et al.	Dec 2001	A1
20020010783	Primak et al.	Jan 2002	A1
20020032777	Kawata et al.	Mar 2002	A1
20020078164	Reinschmidt	Jun 2002	A1
20020091831	Johnson	Jul 2002	A1
20020091844	Craft et al.	Jul 2002	A1
20020103916	Chen et al.	Aug 2002	A1
20020124089	Aiken et al.	Sep 2002	A1
20020133491	Sim et al.	Sep 2002	A1
20020138618	Szabo	Sep 2002	A1
20020141448	Matsunaga	Oct 2002	A1
20020143953	Aiken	Oct 2002	A1
20020143954	Aiken et al.	Oct 2002	A1
20020143991	Chow et al.	Oct 2002	A1
20020166080	Attanasio et al.	Nov 2002	A1
20020178259	Doyle et al.	Nov 2002	A1
20020178265	Aiken et al.	Nov 2002	A1
20020178268	Aiken et al.	Nov 2002	A1
20020191575	Kalavade et al.	Dec 2002	A1
20020194335	Maynard	Dec 2002	A1
20020194350	Lu et al.	Dec 2002	A1
20020199000	Banerjee	Dec 2002	A1
20030009591	Hayball et al.	Jan 2003	A1
20030014544	Pettey	Jan 2003	A1
20030023711	Parmar et al.	Jan 2003	A1
20030023873	Ben-Itzhak	Jan 2003	A1
20030035409	Wang et al.	Feb 2003	A1
20030035420	Niu	Feb 2003	A1
20030061402	Yadav	Mar 2003	A1
20030065762	Stolorz et al.	Apr 2003	A1
20030079146	Burstein	Apr 2003	A1
20030081624	Aggarwal et al.	May 2003	A1
20030091028	Chang et al.	May 2003	A1
20030131245	Linderman	Jul 2003	A1
20030135625	Fontes et al.	Jul 2003	A1
20030152078	Henderson et al.	Aug 2003	A1
20030195962	Kikuchi et al.	Oct 2003	A1
20030202536	Foster et al.	Oct 2003	A1
20040001497	Sharma	Jan 2004	A1
20040062246	Boucher et al.	Apr 2004	A1
20040073703	Boucher et al.	Apr 2004	A1
20040078419	Ferrari et al.	Apr 2004	A1
20040078480	Boucher et al.	Apr 2004	A1
20040111516	Cain	Jun 2004	A1
20040128312	Shalabi et al.	Jul 2004	A1
20040139057	Hirata et al.	Jul 2004	A1
20040139108	Tang et al.	Jul 2004	A1
20040141005	Banatwala et al.	Jul 2004	A1
20040143599	Shalabi et al.	Jul 2004	A1
20040184442	Jones et al.	Sep 2004	A1
20040187032	Gels et al.	Sep 2004	A1
20040199616	Karhu	Oct 2004	A1
20040199646	Susai et al.	Oct 2004	A1
20040202182	Lund et al.	Oct 2004	A1
20040210623	Hydrie et al.	Oct 2004	A1
20040210663	Phillips et al.	Oct 2004	A1
20040213158	Collett et al.	Oct 2004	A1
20040253956	Collins	Dec 2004	A1
20040268358	Darling et al.	Dec 2004	A1
20050005207	Herneque	Jan 2005	A1
20050009520	Herrero et al.	Jan 2005	A1
20050021848	Jorgenson	Jan 2005	A1
20050027862	Nguyen et al.	Feb 2005	A1
20050036501	Chung et al.	Feb 2005	A1
20050036511	Baratakke et al.	Feb 2005	A1
20050044270	Grove et al.	Feb 2005	A1
20050074013	Hershey et al.	Apr 2005	A1
20050080890	Yang et al.	Apr 2005	A1
20050102400	Nakahara et al.	May 2005	A1
20050125276	Rusu	Jun 2005	A1
20050141506	Aiken et al.	Jun 2005	A1
20050163073	Heller et al.	Jul 2005	A1
20050198335	Brown et al.	Sep 2005	A1
20050213586	Cyganski et al.	Sep 2005	A1
20050240989	Kim et al.	Oct 2005	A1
20050249225	Singhal	Nov 2005	A1
20050259586	Hafid et al.	Nov 2005	A1
20060023721	Miyake et al.	Feb 2006	A1
20060036610	Wang	Feb 2006	A1
20060036733	Fujimoto et al.	Feb 2006	A1
20060064478	Sirkin	Mar 2006	A1
20060069774	Chen et al.	Mar 2006	A1
20060069804	Miyake et al.	Mar 2006	A1
20060077926	Rune	Apr 2006	A1
20060092950	Arregoces et al.	May 2006	A1
20060098645	Walkin	May 2006	A1
20060112170	Sirkin	May 2006	A1
20060168319	Trossen	Jul 2006	A1
20060187901	Cortes et al.	Aug 2006	A1
20060190997	Mahajani et al.	Aug 2006	A1
20060209789	Gupta et al.	Sep 2006	A1
20060230129	Swami et al.	Oct 2006	A1
20060233100	Luft et al.	Oct 2006	A1
20060251057	Kwon et al.	Nov 2006	A1
20060277303	Hegde et al.	Dec 2006	A1
20060280121	Matoba	Dec 2006	A1
20070019543	Wei et al.	Jan 2007	A1
20070086382	Narayanan et al.	Apr 2007	A1
20070094396	Takano et al.	Apr 2007	A1
20070118881	Mitchell et al.	May 2007	A1
20070156919	Potti et al.	Jul 2007	A1
20070165622	O'Rourke et al.	Jul 2007	A1
20070185998	Touitou et al.	Aug 2007	A1
20070230337	Igarashi et al.	Oct 2007	A1
20070245090	King et al.	Oct 2007	A1
20070259673	Willars et al.	Nov 2007	A1
20070283429	Chen et al.	Dec 2007	A1
20070286077	Wu	Dec 2007	A1
20070288247	Mackay	Dec 2007	A1
20070294209	Strub et al.	Dec 2007	A1
20080031263	Ervin et al.	Feb 2008	A1
20080101396	Miyata	May 2008	A1
20080109452	Patterson	May 2008	A1
20080109870	Sherlock et al.	May 2008	A1
20080134332	Keohane et al.	Jun 2008	A1
20080162679	Maher et al.	Jul 2008	A1
20080212579	LaVigne	Sep 2008	A1
20080228781	Chen et al.	Sep 2008	A1
20080250099	Shen et al.	Oct 2008	A1
20080263209	Pisharody et al.	Oct 2008	A1
20080271130	Ramamoorthy	Oct 2008	A1
20080282254	Blander et al.	Nov 2008	A1
20080291911	Lee et al.	Nov 2008	A1
20080320151	McCanne et al.	Dec 2008	A1
20090037361	Prathaban et al.	Feb 2009	A1
20090049198	Blinn et al.	Feb 2009	A1
20090070470	Bauman et al.	Mar 2009	A1
20090077651	Poeluev	Mar 2009	A1
20090092124	Singhal et al.	Apr 2009	A1
20090106830	Maher	Apr 2009	A1
20090138606	Moran et al.	May 2009	A1
20090138945	Savchuk	May 2009	A1
20090141634	Rothstein et al.	Jun 2009	A1
20090164614	Christian et al.	Jun 2009	A1
20090172093	Matsubara	Jul 2009	A1
20090213858	Dolganow	Aug 2009	A1
20090222583	Josefsberg et al.	Sep 2009	A1
20090227228	Hu et al.	Sep 2009	A1
20090228547	Miyaoka et al.	Sep 2009	A1
20090262741	Jungck et al.	Oct 2009	A1
20090271472	Scheifler et al.	Oct 2009	A1
20090313379	Rydnell et al.	Dec 2009	A1
20100008229	Bi et al.	Jan 2010	A1
20100023621	Ezolt et al.	Jan 2010	A1
20100036952	Hazlewood et al.	Feb 2010	A1
20100054139	Chun et al.	Mar 2010	A1
20100061319	Aso et al.	Mar 2010	A1
20100064008	Yan et al.	Mar 2010	A1
20100082787	Kommula et al.	Apr 2010	A1
20100083076	Ushiyama	Apr 2010	A1
20100094985	Abu-Samaha et al.	Apr 2010	A1
20100098417	Tse-Au	Apr 2010	A1
20100106833	Banerjee et al.	Apr 2010	A1
20100106854	Kim et al.	Apr 2010	A1
20100128606	Patel et al.	May 2010	A1
20100162378	Jayawardena et al.	Jun 2010	A1
20100188975	Raleigh	Jul 2010	A1
20100205310	Altshuler et al.	Aug 2010	A1
20100210265	Borzsei et al.	Aug 2010	A1
20100217793	Preiss	Aug 2010	A1
20100223630	Degenkolb et al.	Sep 2010	A1
20100228819	Wei	Sep 2010	A1
20100235507	Szeto et al.	Sep 2010	A1
20100238828	Russell	Sep 2010	A1
20100265824	Chao et al.	Oct 2010	A1
20100268814	Cross et al.	Oct 2010	A1
20100293296	Hsu et al.	Nov 2010	A1
20100312740	Clemm et al.	Dec 2010	A1
20100318631	Shukla	Dec 2010	A1
20100322252	Suganthi et al.	Dec 2010	A1
20100330971	Selitser et al.	Dec 2010	A1
20100333101	Pope et al.	Dec 2010	A1
20110007652	Bai	Jan 2011	A1
20110019550	Bryers et al.	Jan 2011	A1
20110023071	Li et al.	Jan 2011	A1
20110029599	Pulleyn et al.	Feb 2011	A1
20110032941	Quach et al.	Feb 2011	A1
20110040826	Chadzelek et al.	Feb 2011	A1
20110047294	Singh et al.	Feb 2011	A1
20110060831	Ishii et al.	Mar 2011	A1
20110064083	Borkenhagen et al.	Mar 2011	A1
20110099403	Miyata et al.	Apr 2011	A1
20110110294	Valluri et al.	May 2011	A1
20110145324	Reinart et al.	Jun 2011	A1
20110153834	Bharrat	Jun 2011	A1
20110178985	San Martin Arribas et al.	Jul 2011	A1
20110185073	Jagadeeswaran et al.	Jul 2011	A1
20110191773	Pavel et al.	Aug 2011	A1
20110196971	Reguraman et al.	Aug 2011	A1
20110276695	Maldaner	Nov 2011	A1
20110276982	Nakayama et al.	Nov 2011	A1
20110289496	Steer	Nov 2011	A1
20110292939	Subramaian et al.	Dec 2011	A1
20110302256	Sureshehandra et al.	Dec 2011	A1
20110307541	Walsh et al.	Dec 2011	A1
20120008495	Shen et al.	Jan 2012	A1
20120023231	Ueno	Jan 2012	A1
20120026897	Guichard et al.	Feb 2012	A1
20120030341	Jensen et al.	Feb 2012	A1
20120066371	Patel et al.	Mar 2012	A1
20120084460	McGinnity et al.	Apr 2012	A1
20120106355	Ludwig	May 2012	A1
20120117571	Davis et al.	May 2012	A1
20120144014	Natham et al.	Jun 2012	A1
20120151353	Joanny	Jun 2012	A1
20120155495	Clee et al.	Jun 2012	A1
20120170548	Rajagopalan et al.	Jul 2012	A1
20120173759	Agarwal et al.	Jul 2012	A1
20120191839	Maynard	Jul 2012	A1
20120239792	Banerjee et al.	Sep 2012	A1
20120240185	Kapoor et al.	Sep 2012	A1
20120290727	Tivig	Nov 2012	A1
20120297046	Raja et al.	Nov 2012	A1
20130007225	Gage et al.	Jan 2013	A1
20130046876	Narayana et al.	Feb 2013	A1
20130058335	Koponen et al.	Mar 2013	A1
20130074177	Varadhan	Mar 2013	A1
20130083725	Mallya	Apr 2013	A1
20130089099	Pollock et al.	Apr 2013	A1
20130091273	Ly et al.	Apr 2013	A1
20130124713	Feinberg et al.	May 2013	A1
20130148500	Sonoda et al.	Jun 2013	A1
20130166731	Yamanaka et al.	Jun 2013	A1
20130173795	McPherson	Jul 2013	A1
20130176854	Chisu et al.	Jul 2013	A1
20130191486	Someya et al.	Jul 2013	A1
20130191548	Boddukuri et al.	Jul 2013	A1
20130198385	Han et al.	Aug 2013	A1
20130250765	Ehsan et al.	Sep 2013	A1
20130258846	Damola	Oct 2013	A1
20130282791	Kruglick	Oct 2013	A1
20130311686	Fetterman et al.	Nov 2013	A1
20130329734	Chesla	Dec 2013	A1
20140047115	Lipscomb et al.	Feb 2014	A1
20140258465	Li	Sep 2014	A1
20140286313	Fu et al.	Sep 2014	A1
20140298091	Carlen et al.	Oct 2014	A1
20140330982	Jalan et al.	Nov 2014	A1
20140334485	Jain et al.	Nov 2014	A1
20140359052	Joachimpillai et al.	Dec 2014	A1
20150085650	Cui et al.	Mar 2015	A1
20150156223	Xu et al.	Jun 2015	A1
20150215436	Kancherla	Jul 2015	A1
20150237173	Virkki et al.	Aug 2015	A1
20150312268	Ray	Oct 2015	A1
20150350048	Sampat et al.	Dec 2015	A1
20150381465	Narayanan et al.	Dec 2015	A1
20160044095	Sankar et al.	Feb 2016	A1
20160139910	Ramanathan et al.	May 2016	A1

Foreign Referenced Citations (111)

Number	Date	Country
1372662	Oct 2002	CN
1449618	Oct 2003	CN
1473300	Feb 2004	CN
1529460	Sep 2004	CN
1575582	Feb 2005	CN
1714545	Dec 2005	CN
1725702	Jan 2006	CN
1910869	Feb 2007	CN
101004740	Jul 2007	CN
101094225	Dec 2007	CN
101163336	Apr 2008	CN
101169785	Apr 2008	CN
101189598	May 2008	CN
101193089	Jun 2008	CN
101247349	Aug 2008	CN
101261644	Sep 2008	CN
101495993	Jul 2009	CN
101878663	Nov 2010	CN
102143075	Aug 2011	CN
102546590	Jul 2012	CN
102571742	Jul 2012	CN
102577252	Jul 2012	CN
102918801	Feb 2013	CN
103365654	Oct 2013	CN
103533018	Jan 2014	CN
103944954	Jul 2014	CN
104040990	Sep 2014	CN
104067569	Sep 2014	CN
104106241	Oct 2014	CN
104137491	Nov 2014	CN
104796396	Jul 2015	CN
102577252	Mar 2016	CN
102918801	May 2016	CN
0648038	Apr 1995	EP
1209876	May 2002	EP
1770915	Apr 2007	EP
1885096	Feb 2008	EP
2296313	Mar 2011	EP
2577910	Apr 2013	EP
2622795	Aug 2013	EP
2647174	Oct 2013	EP
2760170	Jul 2014	EP
2772026	Sep 2014	EP
2901308	Aug 2015	EP
2760170	Dec 2015	EP
1182560	Nov 2013	HK
1183569	Dec 2013	HK
1183996	Jan 2014	HK
1189438	Jan 2014	HK
1188498	May 2014	HK
1198565	May 2015	HK
1198848	Jun 2015	HK
1199153	Jun 2015	HK
1199779	Jul 2015	HK
1200617	Aug 2015	HK
3764CHN2014	Sep 2015	IN
261CHE2014	Jan 2016	IN
1668CHENP2015	Jul 2016	IN
H0997233	Apr 1997	JP
H1196128	Apr 1999	JP
H11338836	Dec 1999	JP
2000276432	Oct 2000	JP
2000307634	Nov 2000	JP
2001051859	Feb 2001	JP
2001298449	Oct 2001	JP
2002091936	Mar 2002	JP
2003141068	May 2003	JP
2003186776	Jul 2003	JP
2005141441	Jun 2005	JP
2006332825	Dec 2006	JP
2008040718	Feb 2008	JP
2009500731	Jan 2009	JP
2013528330	Jul 2013	JP
2014504484	Feb 2014	JP
2014143686	Aug 2014	JP
2015507380	Mar 2015	JP
5855663	Feb 2016	JP
5906263	Apr 2016	JP
5913609	Apr 2016	JP
5946189	Jul 2016	JP
100830413	May 2008	KR
20130096624	Aug 2013	KR
101576585	Dec 2015	KR
101632187	Jun 2016	KR
WO2001013228	Feb 2001	WO
WO2001014990	Mar 2001	WO
WO2001045349	Jun 2001	WO
WO2003103237	Dec 2003	WO
WO2004084085	Sep 2004	WO
WO2006098033	Sep 2006	WO
WO2008053954	May 2008	WO
WO2008078593	Jul 2008	WO
WO2011049770	Apr 2011	WO
WO2011079381	Jul 2011	WO
WO2011149796	Dec 2011	WO
WO2012050747	Apr 2012	WO
WO2012075237	Jun 2012	WO
WO2012083264	Jun 2012	WO
WO2012097015	Jul 2012	WO
WO2013070391	May 2013	WO
WO2013081952	Jun 2013	WO
WO2013096019	Jun 2013	WO
WO2013112492	Aug 2013	WO
WO2014031046	Feb 2014	WO
WO2014052099	Apr 2014	WO
WO2014088741	Jun 2014	WO
WO2014093829	Jun 2014	WO
WO2014138483	Sep 2014	WO
WO2014144837	Sep 2014	WO
WO2014179753	Nov 2014	WO
WO2015153020	Oct 2015	WO

Non-Patent Literature Citations (35)

Entry
Abe, et al., “Adaptive Split Connection Schemes in Advanced Relay Nodes,” IEICE Technical Report, 2010, vol. 109 (438), pp. 25-30.
ACEdirector: 8-Port 10/100 MBPS Ethernet Web Switch, Alteon WebSystems, 1999, <http://www.andovercg.com/datasheets/alteon-ad3-ad4.pdf>, pp. 2.
Allot Communications Announces Business-Aware Network Policy Manager, Allot Communications, Sophia Antipolis, France, 1999, pp. 2.
Allot Communications Announces Directory Services Based Network Policy Manager, Allot Communications, Los Galos, California, 1999, pp. 2.
Allot Announces the General Availability of its Directroy Services-Based NetPolicy Manager, Allot Communications, Tel Aviv, Israel, 2000, pp. 2.
Allot Introduces Turnkey Next Generation IP Service and Creation Solution—The Virtual Bandwidth Manager, Allot Communications, Supercomm, 2000, 2 pgs.
Allot Communications Launches NetEnforcer with Netwizard, the Fastest Way to Implement Accurate and Reliable Network QoS Policies, Allot Communications, 2001, 2 pgs.
Allot Communications Announces the NetEnforcer Family of IP Traffic Management Products: Fault-Tolerant, Scaleable, Policy-Based Bandwidth Management, QoS, SLA Solutions, Allot Communications, 1999, 2 pgs.
Allot Communications Policy-Based Network Architecture, Allot Communications, 2001, pp. 1-12.
Apostolopoulos, et al., “Design, Implementation and Performance of a Content-Based Switch,” INFOCOM, Nineteenth Annual Joint Conference of the IEEE Computer and Communications Societies. Proceedings, 2000, vol. 3, pp. 1117-1126.
Aron, et al., “Efficient Support for P-HTTP in Cluster-Based Web Servers,” Proceedings of the Annual Conference on USENIX Annual Technical Conference, 1999, pp. 14.
Aron, “Scalable Content-Aware Request Distribution in Cluster-Based Network Servers,” Department of Computer Science, Rice University, [online retreived Mar. 13, 2001], <URL:http://softlib.rice.edu/scalableRD.html>, pp. 8.
Aron, et al., “Scalable Content-Aware Request Distribution in Cluster-Based Networks Servers,” Proceedings of the Annual Conference on USENIX Annual Technical Conference, 2000, pp. 15.
Cardellini, et al., “Dynamic Load Balancing on Web-Server Systems,” IEEE Internet Computing, 1999, vol. 3 (3), pp. 28-39.
Dahlin, et al., “EDDIE: A Robust and Scalable Internet Server,” 1998, http://www.eddie.org/, pp. 1-7 (Copy Unavailable).
Data Communications Awards Allot Communications “Hot Product” in Internetworking / IP Tools Catergory, Allot Communications, 1999, 2 pgs.
1.3.20 Device and Link Statement—Virtual Devices (VIPA), IP Configuration, IBM BookManager BookServer, 1998, <http://w3.enterlib.ibm.com:80/cgi-bin/bookmgr/books/F1AF7001/1.3.2>, pp. 3.
Devine, “TCP/IP Application Availability and Workload Balancing in the Parallel Sysplex,” SHARE Technical Conference, 1999, pp. 17.
Enhancing Web User Experience with Global Server Load Balancing, Alteon WebSystems, 1999, pp. 8.
FreeBSD, “tcp—TCP Protocal,” Linux Programme□ s Manual [online], 2007, [retrieved on Apr. 13, 2016], Retreived from the Internet: <https://www.freebsd.org/cgi/man.cgi?query=tcp&apropos=0&sektion=7&manpath=SuSe+Linux%2Fi386+11.0&format=asci>.
Gite, “Linux Tune Network Stack (Buffers Size) to Increase Networking Performance,” nixCraft [online], 2009, [retreived on Apr. 13, 2016], Retreived from the Internet: <URL:http://www.cyberciti.biz/faq/linux-tcp-tuning/>.
Goldszmidt, et al., “NetDispatcher: A TCP Connection Router,” IBM Researc Report, RC 20853, 1997, pp. 1-31.
1.3.23 Home Statement, IP Configuration, IBM BookManager BookServer, 1998, <http://w3.enterlib.com:80/cgi-bin/bookmgr/books/F1AF7001/1.3.2>, pp. 6.
Kjaer, et al., “Resource Allocation and Disturbance Rejection in Web Servers Using SLAs and Virtualized Servers,” IEEE Transactions on Network Service Management, 2009, vol. 6 (4), pp. 226-239.
Koike, et al., “Transport Middleware for Network-Based Control,” IEICE Technical Report, 2000, vol. 100 (53), pp. 13-18.
Noguchi, “Realizing the Highest Level “Layer 7” Switch”= Totally Managing Network Resources, Applications, and Users =, Computer & Network LAN, 2000, vol. 18 (1), pp. 109-112.
Ohnuma, “AppSwitch: 7th Layer Switch Provided with Full Setup and Report Tools,” Interop Magazine, 2000, vol. 10 (6), pp. 148-150.
Pai, et al., “Locality-Aware Request Distribution in Cluster-Based Network Servers,” ASPLOS VIII Proceedings of the Eighth International Conference on Architectural Support for Programming Languages and Operating Systems, 1998, pp. 205-216.
Samar, “Single Sign-On Using Cookies for Web Applications,” IEEE WETICE, 1999, pp. 158-163.
Sharifian, et al., “An Approximation-Based Load-Balancing Algorithm with Admission Control for Cluster Web Servers with Dynamic Workloads,” The Journal of Supercomputing, 2010, vol. 53 (3), pp. 440-463.
Spatscheck, et al., “Optimizing TCP Forwarder Performance,” IEEE/ACM Transactions on Networking, 2000, vol. 8 (2), pp. 146-157.
Takahashi, “The Fundamentals of the Windows Network: Understanding the Mystery of the Windows Network from the Basics,” Network Magazine, 2006, vol. 11 (7), pp. 32-35.
The Next Step in Server Load Balancing, Alteon WebSystems, 1999, pp. 16.
1.3.1.2.5 Virtual IP Addressing (VIPA), IP Configuration, IBM BookManager BookServer, 1998, <http://w3.enterlib.ibm.com:80/cgi-bin/boolmgr/books/F1AF7001/1.3.2>, pp. 4.
Yamamoto, et al., “Performance Evaluation of Window Size in Proxy-Based TCP for Multi-Hop Wireless Networks,” IPSJ SIG Technical Reports, 2008, vol. 2008 (44), pp. 109-114.

Related Publications (1)

	Number	Date	Country
	20180287937 A1	Oct 2018	US

Provisional Applications (1)

	Number	Date	Country
	61799244	Mar 2013	US

Continuations (1)

	Number	Date	Country
Parent	14214142	Mar 2014	US
Child	15997446		US

Processing data packets using a policy based network path

Information

Patent Number

Date Filed

Date Issued

Inventors

Original Assignees

Examiners

Agents

CPC

Field of Search

CPC

International Classifications

Disclaimer

Abstract