ПЕРЕДАЧА УПРАВЛЯЮЩЕЙ ИНФОРМАЦИИ В СИСТЕМЕ МОБИЛЬНОЙ СВЯЗИ

Изобретение относится к технике связи. Предложен способ передачи управляющей информации в системе мобильной связи. Технический результат заключается в увеличении скорости передачи новой управляющей информации. Настоящее изобретение содержит этапы, на которых передают блок первых данных, содержащий управляющую информацию, предназначенную для передачи первых данных, когда нет в наличии ресурсов для передачи первых данных, принимают вторые данные из верхнего уровня, которые необходимо передать, причем вторые данные имеют более высокий приоритет, чем первые данные, и передают блок вторых данных, содержащий обновленную управляющую информацию, предназначенную для передачи первых и вторых данных, когда нет в наличии ресурсов для передачи первых и вторых данных. 2 н. и 30 з.п. ф-лы, 8 ил.

ФИЛЬТРАЦИЯ И МАРШРУТИЗАЦИЯ ФРАГМЕНТИРОВАННЫХ ДЕЙТАГРАММ В СЕТИ ПЕРЕДАЧИ ДАННЫХ

Изобретение относится к области сетей передачи данных. Технический результат заключается в уменьшении требуемого объема обрабатываемой информации, а также нагрузки на канал связи. Сущность изобретения заключается в том, что для каждой фрагментированной дейтаграммы узел фильтрации получает параметры фильтрации по мере приема фрагментов дейтаграммы. Когда все параметры фильтрации доступны, узел применяет один или более фильтров в отношении параметров фильтрации, чтобы получить результат фильтрации для дейтаграммы, и сохраняет результат фильтрации в записи в таблице маршрутизации. Прежде чем получить результат фильтрации, узел сохраняет все фрагменты, принятые для дейтаграммы, в памяти. Когда результат фильтрации становится доступным, узел обрабатывает все фрагменты, уже принятые для дейтаграммы, в соответствии с результатом фильтрации. По мере приема каждого оставшегося фрагмента для дейтаграммы узел немедленно обрабатывает фрагмент в соответствии с результатом фильтрации. Когда принимается ...

СИСТЕМА СВЯЗИ, КОММУТАТОР, УСТРОЙСТВО УПРАВЛЕНИЯ, СПОСОБ ОБРАБОТКИ ПАКЕТОВ И ПРОГРАММА

Изобретение относится к технологиям сетевой связи. Технический результат заключается в повышении скорости передачи данных. Система связи содержит: устройство управления, которое передает на коммутатор два или более элементов потока, имеющих идентичное условие согласования, но разное содержание обработки, подлежащее применению, и условие для изменения приоритета применения среди упомянутых двух или более элементов потока; и коммутатор, который сохраняет упомянутые два или более элементов потока и переключает приоритет применения в соответствии с условием, указанным упомянутым устройством управления, для обработки принятого(ых) пакета(ов); при этом упомянутое устройство управления предписывает, в качестве упомянутого условия, содержание для изменения упомянутого приоритета применения каждый раз, когда значение счетчика, установленное в каждом элементе потока, превышает предписанный порог, для упомянутого коммутатора. 4 н. и 4 з.п. ф-лы, 9 ил.

ОБРАБОТКА ПОТОКОВ ТРАФИКА В КОММУНИКАЦИОННОЙ СИСТЕМЕ

Изобретение относится к области обработки потоков трафика. Технический результат – обеспечение улучшенной обработки потоков трафика в коммуникационной системе за счет направления потока трафика через набор услуг на основе установочного параметра метки. Способ передачи информации осуществляется в узле управления политикой обслуживания для передачи информации и содержит: назначение установочного параметра метки, идентифицирующего: метку, конкретный поток трафика, который пройдет через программно определяемую сеть (SDN), и одно или несколько мест назначения для конкретного потока трафика; передачу информации, указывающей на установочный параметр метки, к SDN-контроллеру, выполненному с возможностью создания пути для потока трафика через SDN на основе метки и упомянутых одного или нескольких мест назначения, идентифицируемых установочным параметром метки; назначение установочного параметра фильтра, определяющего то, что конкретный поток трафика должен быть связан с меткой; и передачу информации ...

СПОСОБ И УСТРОЙСТВО ДЛЯ УПРАВЛЕНИЯ ЦЕПОЧКОЙ УСЛУГИ ПОТОКА УСЛУГИ

Изобретение относится к области технологий беспроводной связи, а именно к управлению цепочкой услуги потока услуги. Технический результат – уменьшение загруженности управления цепочкой услуги. Способ включает в себя этапы, на которых принимают сообщение запроса настройки обработки услуги, отправленное сервером поставщика контента/сервером поставщика услуг; формируют информацию цепочки услуги потока услуги, соответствующего серверу поставщика контента/серверу поставщика услуг, и конструируют информацию управления цепочкой услуги, соответствующую цепочке услуги, так что контроллер получает информацию управления цепочкой услуги и отправляет информацию политики переадресации потока, соответствующую цепочке услуги, к коммутатору на основании информации управления цепочкой услуги, так что коммутатор обрабатывает, в соответствии с информацией политики переадресации потока, принятый поток услуги, соответствующий серверу поставщика контента/серверу поставщика услуг. 8 н. и 13 з.п. ф-лы, 16 ил.

СИСТЕМЫ И СПОСОБЫ ДЛЯ УПРАВЛЕНИЯ КАЧЕСТВОМ ОБСЛУЖИВАНИЯ ДЛЯ МНОЖЕСТВЕННОГО ДОСТУПА

Заявленное изобретение относится к системам и способам для управления качеством обслуживания для множественного доступа, более конкретно, управления качеством обслуживания для множественного доступа через улучшенные правила качества обслуживания. Технический результат заключается в повышении эффективности распространения ресурсов в беспроводных сетях. Для этого функция правил и политик тарификации и оплаты услуг или аналогичный сетевой объект может включать в набор правил качества обслуживания индикатор, который инструктирует шлюзу доступа либо устанавливать ресурсы качества обслуживания/сразу инициировать установление однонаправленного канала, либо сохранять правила качества обслуживания до тех пор, пока запрос ресурсов качества обслуживания не принимается от абонентского устройства или другое заранее определенное событие не происходит. 10 н. и 32 з.п. ф-лы, 11 ил.

СПОСОБ ОПРЕДЕЛЕНИЯ МАРШРУТА И СООТВЕТСТВУЮЩИЕ УСТРОЙСТВО И СИСТЕМА

Настоящее изобретение относится к области цифровой связи. Технический результат заключается в повышении гибкости и скорости балансирования нагрузки узлов обслуживания. Способ определения маршрута пакета содержит этапы: принимают первый ввод потока, содержащий первое соотношение отображения маршрута для потока обслуживания первой цепочки обслуживания, первую пропорциональную долю нагрузки для каждого узла обслуживания и первый эффективный период времени первого ввода потока; принимают второй ввод потока, содержащий второе соотношение отображения маршрута для потока обслуживания первой цепочки обслуживания, вторую пропорциональную долю нагрузки для каждого узла обслуживания и второй эффективный период времени второго ввода потока, причем второй эффективный период времени отличается от первого эффективного периода времени; принимают первый пакет первого потока обслуживания, содержащий первую временную отметку первого потока обслуживания и идентификатор первой цепочки обслуживания, причем идентификатор ...

УПРАВЛЕНИЕ РАЗРЕШЕНИЕМ НА ДОСТУП И РАСПРЕДЕЛЕНИЕ РЕСУРСОВ В СИСТЕМЕ СВЯЗИ С ПОДДЕРЖКОЙ ПОТОКОВ ПРИЛОЖЕНИЙ С НАЛИЧИЕМ ТРЕБОВАНИЙ К КАЧЕСТВУ ОБСЛУЖИВАНИЯ

... 1. Способ управления разрешением на доступ в системе связи с поддержкой использующих протокол (IP) Интернет IP-приложений, система связи включает в себя сеть доступа (СД, AN) и набор терминалов доступа (ТД, AT), каждый из терминалов доступа посылает запрашиваемую скорость данных на СД, система связи поддерживает на многие ТД соответствующие приложениям потоки, имеющие требования к КО, способ заключается в том, что определяют доступные ресурсы в системе связи; принимают запрос первого соответствующего приложению потока, имеющего первый профиль трафика и первый профиль КО; определяют, поддерживают ли доступные ресурсы запрос первого потока приложения; отвергают первый поток приложения, если первый поток приложения имеет соответствующую скорость передачи данных больше средней запрашиваемой скорости передачи данных; и разрешают доступ первого потока приложения, если соответствующая скорость передачи данных не больше средней запрашиваемой скорости передачи данных, и если доступные ресурсы поддерживают ...

СИСТЕМА СНИЖЕНИЯ НАГРУЗКИ И СПОСОБ СНИЖЕНИЯ НАГРУЗКИ

... 1. Система снижения нагрузки, содержащая:коммутатор, сконфигурированный для выполнения обработки принимаемого пакета на основе ввода потока, задающего правило и действие для единообразного управления пакетами в качестве потока; иконтроллер, сконфигурированный для установки ввода потока для упомянутого коммутатора,причем после приема определенного пакета, упомянутый коммутатор выполняет запрос ввода потока, соответствующего принятому определенному пакету, к упомянутому контроллеру, если ввод потока, соответствующий принятому определенному пакету, не установлен, размещает принятый определенный пакет в стеке и управляет передачей одного из пакетов, который имеет данные заголовка, аналогичные данным заголовка размещенного в стеке пакета, с использованием размещенного в стеке пакета, до тех пор, пока ввод потока, соответствующий принятому пакету, не будет установлен.2. Система снижения нагрузки по п. 1, в которой в случае приема пакета до установки ввода потока упомянутый коммутатор проверяет ...

УЛУЧШЕНИЯ УПРАВЛЕНИЯ ПОЛИТИКАМИ ТАРИФИКАЦИИ И ОПЛАТЫ УСЛУГ (РСС) ДЛЯ ПОДДЕРЖКИ ШИФРОВАНИЯ

... 1. Способ обеспечения туннелирования в окружении беспроводной связи, содержащий этапы, на которых: ! принимают одно из одного или более потоков данных и указания того, что один или более потоков данных должны приниматься; ! формируют идентификационную информацию потока для каждого из этих одного или более потоков данных; и ! передают идентификационную информацию потока в компонент политик для обеспечения ассоциирования политик потоков с этими одним или более потоками данных. ! 2. Способ по п.1, в котором при передаче идентификационной информации потока передают один или более исходных адресов, DSCP или номеров портов с идентификационной информацией потока. ! 3. Способ по п.2, дополнительно содержащий этап, на котором комбинируют, по меньшей мере, исходный адрес по меньшей мере одного из упомянутых потоков данных с соответствующей идентификационной информацией потока, чтобы задать уникальный идентификатор для этого по меньшей мере одного потока данных. ! 4. Способ по п.1, в котором политики ...

VERFAHREN UND GERÄT UM DEN NETZWERKVERKEHR ZU ÜBERWACHEN

ADAPTIVES PUNKT-ZU-PUNKT-MIKROWELLENFUNKSYSTEM

VERFAHREN UND SYSTEM ZUR SCHLEIFENDATENRUNDFUNKSENDUNG

DRAHTLOSES INTERNET-ENDGERÄT UND PAKETÜBERTRAGUNGSVERFAHREN ZUR VERBESSERUNG DER DIENSTQUALITÄT

Distributing information transmission resources involves selecting information transmitters from number of information transmitters in accordance with variable resource attribute criteria

The method involves selecting an information transmitter from a number of information transmitters in accordance with a resource attribute criterion, allocating a quantity of resources to the selected transmitter so that a resource attribute is varied for the selected information transmitter, selecting an information transmitter from the number of transmitters taking into account the altered resource attribute based on a previous allocation and allocating a quantity of resources to the second selected transmitter. Independent claims are also included for the following: (A) a computer program for implementing the inventive method (B) and a device for distributing information transmission resources.

Parallele Steuerungsvorrichtungen für den Data Link Layer mit Statistikerfassung in einer Netzwerksvermittlungseinrichtung

UMORDNUNG DER KLASSE DER DIENSTGÜTE (QOS)

A method and apparatus for wire-speed application layer classification of data packets

Improvements in or relating to packet-switched access networks

Fifo-based network interface supporting out-of-order processing

State engine for data processor

Coherent accesses and updates to state shared by parallel processors, such as SIMD array processors, is made possible by the use of state elements having local memory storing the state and permitting serialisation of accesses. Operations on single or multiple items of state are perfumed by a fixed/hardwired set of operations but they can be programmable by sending command and data to control operations. Individual state elements comprise the local memory, an arithmetic unit, and command and control logic. Multiple state elements are pipelined in state cells which can, in turn, be organised into state arrays and state engines effecting complete control over shared state access. A read/modify/write operation can be performed in only two cycles and a complete command in only three to five cycles.

Allocation of priority to traffic flow in network switches

Controlling the allocation of priority for data packets within a multi-port switch includes detecting the commencement of an HTTP message; enabling the storage of an identification of the source port on which that message was received by the switch; finding correspondence between destination data of packets and the said source port; and adjusting a priority allotted to said packets in response to the correspondence. The adjustment of priority preferably increases the priority of packets forwarded to said source port relative to priority allotted packets received at the said source and thereby allots asymmetric priority to traffic between a server and a client.

Resolving conflicts between rule sets with subsets for which priority is expressed by ordered precedence and longest prefix

Methods and systems for transmitting packets through network interfaces

Method and apparatus for communications bandwidth allocation

Improvements relating to traffic managers

Processing user traffic in a virtualised network

User traffic is processed in a virtualised network. First and second VNFs (405, 5 410, 415, 500, 505, 510) are initialised in the same network namespace as each other in user space in a host (400) and have access to a shared memory region of the host. The first VNF (405, 500) processes user traffic and the second VNF (410, 415, 505, 510) provides a user plane service in relation to user traffic processed by the first VNF (405, 500). The first VNF (405, 500) is used to establish a point-to-point, shared-memory 10 interface between the first and second VNFs (405, 410, 415, 500, 505, 510) and is used to classify incoming user traffic. In response to the first VNF (405, 500) determining, based on the classifying, that the incoming user traffic is to be subject to the user plane service, the first VNF (405, 500) is used to store the incoming user traffic in the shared memory region of the host (400) to enable the second VNF (410, 415, 505, 510) to 15 provide the user plane service in relation ...

Data network system

Packet classifier

Packet classifier

CORRELATION OF SERVICE QUALITY REQUIREMENTS

PROCEDURE AND DEVICE FOR A PACKAGING OF PACKAGES

MULTI-HAVEN SERIAL HIGH-SPEED SWITCHING CROSS CONNECTION CHIP IN A MESHED CONFIGURATION

PRIORITIZATION OF IN ONE ROUT TO TRANSMITTED DATA

SWITCHING EQUIPMENT AND MEDIATION PROCEDURE

DEVICE AND PROCEDURE FOR COMBINATION OF CUSTOMER RIVER AND QUALITY CLASS BASING PLANNING

ASSIGNMENT AND RETURN OF A DYNAMIC QUEUE

STORE MANAGEMENT UNIT IN A NET SWITCHING CENTER

FILTERING OF DATA STREAMS

PROCEDURE AND CONTROLLER FOR AN PACKAGE-ORIENTED DATA NETWORK WORK FOR THE TRANSMISSION OF DATA IN VARIABLE TIME SLOTS

SET FROM PRIORITIES FOR DATA WITH FLOW CONTROL

GATEWAY WITH INCREASED QOS KNOWLEDGE

IMPROVED MAC ADDRESS LEARNING

HYPER+CUBIC PACKAGE RIVER PASSING ON IN PACKAGE NETWORKS

PROCEDURE FOR THE CONTROL OF DATA COMMUNICATION OF A SENDING MECHANISM AT A RECEIVING INSTALLATION OF A RADIO ENTRANCE NET OF A RADIO COMMUNICATION SYSTEM AS WELL AS RECEIVING MECHANISM AND RADIO ENTRANCE NET

COMMUNICATION SYSTEM AND - PROCEDURES FOR DATA COMMUNICATION

PROCEDURE FOR THE ADMINISTRATION OF DATA STREAMS IN A MOBILE TELECOMMUNICATION SYSTEM

CALL DEVICE

QUEUING SYSTEM FOR PROCESSORS IN PACKAGE GUIDANCE OPERATIONS

NODE WITH MODULAR ONE, MULTI-LEVEL ONE PACKAGE CLASSIFICATION

PROCEDURE FOR THE SUPPORT OF THE SERVICE QUALITY OF A DATA COMMUNICATION

SECTOR BASIS STATION

PROCEDURE AND SYSTEM FOR THE SUPPLY OF A SERVICE QUALITY SERVICE

PACKAGE LEVEL PRIORITIZATION IN CONNECTING NETWORKS

Übertragung von Datenpaketen

Um in einem Mischnetzwerk (1) ein Datenpaket (D1) von einer Ethernet-Komponente (E1, E2, E3), in einem Ethernet-Netzwerk (3) an ein Industrielles Kommunikationsnetzwerk zu übertragen, wird ein nach den Standards der Arbeitsgruppe IEEE 802.1 TSN konfiguriertes Industriellen Kommunikationsnetzwerk (2) verwendet und für das Datenpaket (D1) zumindest eine in den Standards der Arbeitsgruppe IEEE 802.1 TSN definierte Garantie vergeben, indem ein das Datenpaket (D1) beinhaltende Frame (F1) im nach den Standards der Arbeitsgruppe IEEE 802.1 TSN konfigurierten Industriellen Kommunikationsnetzwerk (2) von einer TSN-Bridge (TSN-F) identifiziert, in einen das Datenpaket (D1) beinhaltende TSN- Stream (S1) umgewandelt und das Datenpaket (D1) im TSN-Stream (S1) an eine TSN- Komponente (TSN-C) übermittelt wird.

PACKAGE ARRANGEMENT METHOD

PROCEDURE AND MONITOR FOR THE SAMPLE ANALYSIS OF DATA WITH A MULTIPLICITY OF PACKETS

CONTROLLING OF TIME-CRITICAL DATA IN A PACKAGE-BASED NETWORK

FILTERING AND ROUTES OF FRAGMENTED DATAGRAMS IN A DATA NETWORK WORK

PROCEDURE AND SYSTEM FOR THE ADMINISTRATION OF NETWORK TRAFFIC UNDER BERÜCKSICHTUNG OF SEVERAL OBLIGATION CONDITIONS

PROCEDURE FOR THE CONTROLLING OF A WIRELESS DATA TRANSMISSION RATE

MODIFIED LEAKY BUCKET PROCEDURE

PROCEDURE FOR THE OVERLOADING ADMINISTRATION IN A NETWORK SWITCHING

ROUT

QUEUING SYSTEM FOR DIFFSERV ROUT WITH SEVERAL OPERATINGS MODE

NETWORK SWITCHING

PROCEDURE AND NETWORK SWITCHING CENTER WITH DATA SERIALIZATION BY SAFE MULTI-LEVEL ONES TROUBLEFREE ONES MULTIPLEXIERUNG

ROUT

Systems and methods to filter out noisy application signatures to improve precision of first packet application classification

The system and methods discussed herein provide for filtering out noisy application signatures to improve the precision of first packet application classification. In some implementations, the system receive application signatures from devices along with their network identifiers. Based upon the frequency at which identical application signatures appear as originating from distinct network environments, the system determines the validity of application signatures and avoids storing irrelevant information for routing network traffic.

Process and apparatus for identifying and classifying video-data

A network traffic monitoring process of a communications network including: receiving data packets from a software-defined networking (SDN) flow switch; processing header of the received packets to identify its subsets belonging to respective network flows; detecting large network flows by determining a corresponding cumulative amount of data contained in the received packets for each of the network flow until it reaches or exceeds a predetermined threshold amount of data; for each detected large network flow, sending flow identification data to the SDN flow switch to identify further packets of the large network flow and to stop sending them to the network traffic monitoring component; periodically receiving from the SDN flow switch and processing the corresponding counter data and corresponding timestamp data to generate temporal metrics of the large network flow; and processing the generated temporal metrics with a trained classifier to classify the large network flow.

Network adaptor driver with destination based ordering

Recall device

Admission control and resource allocation in a communication system supporting quality of service

Packet retransmission and memory sharing

QOS differentiation for WCDMA services mapped onto an E-DCH channel

A METHOD AND BASE STATION FOR SCHEDULING HSDPA

Providing routing control of information over networks

SYSTEM AND METHOD FOR CONTROLLING ROUTING IN A VIRTUAL ROUTER SYSTEM

PACKET SCHEDULING MECHANISM

QoS SIGNALING FOR MOBILE IP

Method and system for collating data in a distributed computer network

Optimizing voice-over-ip priority and bandwidth requirements

Apparatus and method for processing packets in wireless local area network access point

Virtual switch quality of service for virtual machines

Charging control device, method and system

A charging control device, method and system. When a UE (112) accesses a service charging an OTT SP, a charging control device (102) receives flow description information from a PCEF (108) (2001), wherein the flow description information is acquired by the PCEF (108) according to a data flow received from the UE (112); a service identifier corresponding to the data flow is determined according to the flow description information (2002); and the service identifier is sent to the PCEF (108), so that the PCEF (108) charges the service according to the service identifier (2003). When the UE (112) accesses the service, the PCEF (108) can acquire the service identifier from the charging control device. In this way, without configuring a service identifier and a charging identifier on a PCEF (108), the PCEF (108) can obtain the service identifier and the charging identifier corresponding to a data flow, so as to reduce the workload of configuration.

Method and apparatus for forwarding packets from a plurality of contending queues to an output

Method and apparatus for forwarding packets from a plurality of contending queues to an output

Frame based quality of service

DATA PACKET SWITCHING

Digital communications processor

METHOD FOR THE PRIORITY CLASSIFICATION OF FRAMES

The invention relates to a method of classifying individual frames (OSI level 2 packets) into different priority levels according to the contents thereof. The inventive method is based on the application of a set of rules and sub- rules which are used to analyse the contents of each frame and assign a priority level to the frame accordingly. In this way, the invention enables the low-cost construction of systems which provide a quality of service or classes of service according to any element of the packet, i.e. origin, destination, level three data flow, higher level applications, any type of higher level priority classification (such as IP ToS) and, above all, according to any type of standard or proprietary priority protocol. The invention can also be used to design different priority hierarchies such that it is possible to assign one or other set of priorities depending on the situation (e.g. one hierarchy for TCP packets and a different hierarchy for UDP packets).

RECALL DEVICE

A small wearable recall device is provided to capture images triggered by a combination of a detection of a capture condition (e.g., changes in motion, temperature or light level) followed by a relatively stable period, as detected by an accelerometer. By triggering on the combination of a detected capture condition followed by a detected stability condition, a clearer image of the environment of an interesting event is expected to be captured. The small size of the recall device makes it possible to integrate it into common portable consumer products, such as MP3 players, purses, clothing, hats, backpacks, necklaces, collars, and other human-wearable products.

A METHOD FOR BILLING IN A TELECOMMUNICATIONS NETWORK

The present invention is directed to a method for placing a call between a client in one network and a client in another network. The IP network includes a SIP server and a network gateway configured to provide access to a public switched network. The method includes receiving a SIP call request message from the first client. The SIP call request message is authenticated to thereby identify an authentic originating client. Subsequently, a database is searched to find client billing tag corresponding to the authentic originating client. The call is completed if the client billing tag is obtained, and not completed if the client billing tag cannot be obtained. Thus, the present invention provides an efficient method for billing phone calls that are placed from SIP enabled devices to a telephone connected to the Public Switched Telephone Network (PSTN). The method of the present invention also substantially eliminates certain types of fraud.

APPARATUS, SYSTEM AND METHOD FOR THE TRANSMISSION OF DATA WITH DIFFERENT QOS ATTRIBUTES.

A novel apparatus, system and method for transmitting data flows which have different quality of service (QoS) attributes over a network link structured in two or more channels is provided. The method classifies arriving packets to determine their required/assigned QoS attributes and places the classified packets into one of several logical channel queues, the selected logical channel queue having an appropriate corresponding set of QoS attributes defined for it. A radio link controller examines the available channels and, for each channel, selects a logical channel queue whose contents will be transmitted thereon. The radio link controller determines the data transmission capacity for each channel and segments the contents of the selected logical channel to fit within the determined capacity. The selection of the logical channel queue is performed in accordance with the set of QoS attributes and thus each flow can have different QoS characteristics including priorities, reliabilities ( ...

METHOD OF PROVIDING SERVICE CLASSES IN A PACKET NETWORK

A method of operating a packet network to provide selectable levels of service to different communications flows is disclosed. The method provides a network user with more flexibility in assigning a level of service to a given flow than conventional Asynchronous Transfer Mode networks. Furthermore, it provides a better differentiation between different qualities of service than is enabled by recent proposals for Internet Protocol networks. By identifying packets belonging to flows requiring a relatively high level of service, and, in response, allowing those packets access to capacity which is otherwise withheld, a relatively high level of service can be provided to streams of such packets. The invention is especially useful in relation to providing selected flows along residential high-speed Internet access lines (e.g. ADSL) with a higher level of capacity than other flows. The withheld capacity can comprise capacity which is normally hidden from the end-user by network configuration.

ADMISSION CONTROL AND RESOURCE ALLOCATION IN A COMMUNICATION SYSTEM SUPPORTING QUALITY OF SERVICE

A method and apparatus for admission control in a communication system. An Access Network (AN) element determines available resources. When available resources are sufficient to support the requirements of a requested application flow, the AN admits the application flow. The AN periodically, and on trigger events, updates a measure of available resources. The admission control may operate in coordination with a scheduler applying a compensation factor to each flow type, and a compensation factor for aggregate flows of a given user.

PROCESSING PACKETS BASED ON CONTEXT INDICATIONS

A context vector, typically used in a lookup operation of an associative memory, is generated based on a context of a received packet and the packet itself. In one implementation, multiple interfaces can share a common access control list as the context vector provides an indication of the result of unique processing required because of varying contexts, such as, but not limited to different interfaces, source addresses, and virtual network addresses. One implementation includes an input interface circuitry, a context indicator generator, a lookup word field generator, and an associative memory. The context indicator generator generates a context vector corresponding to a characteristic of the input interface circuitry. The lookup word field generator generates one or more lookup word vectors based on the packet. The associative memory performs a lookup operation based on the context vector and lookup word vectors.

SYSTEM AND METHOD FOR PROVIDING BANDWIDTH MANAGEMENT FOR VPNS

A method and system for controlling the bandwidths of data traffic over virtual private networks are provided. The method includes classifying the data traffic for the virtual private network into different flows, monitoring a current bandwidth usage by at least one of the flows, comparing the current bandwidth usage with a predetermined threshold for the flow, and performing a bandwidth control operation for the flow if the current bandwidth usage exceeds the predetermined threshold for that flow.

PACKET SCHEDULING APPARATUS

A packet scheduling apparatus for reducing a transmission delay and a transmission jitter, caused by transmitting a low-priority packet, of a premium packet and for transmitting the low-priority packet efficiently. The packet scheduling apparatus comprises a packet input unit (1), a packet queue group (2), a scheduler unit (3), a packet division unit (4), a packet output unit (5) and a packet buffer (6). The packet queue group (2) includes a premium packet queue (21) and a low-priority packet queue (22). The scheduler unit (3) includes a scheduling queue (31) and a scheduler (32). The "low- priority packet" to influence the transmission of the "premium packet" is divided by the packet division unit (4) into a plurality of packets having such a length that they can be within the transmission interval of the "premium packet", and a schedule is dynamically made on the basis of the transmission interval or loading situation of the "premium packet".

Traffic Management In A Multi-Channel System

A method, system and computer program product in a downstream line card of a Cable Modem Termination System (CMTS) for managing downstream traffic for channels and bonded channel groups is provided herein. The method comprises the step of receiving packets for transmission to cable modems and classifying each packet to a flow based on class of service associated with the packet. The method further includes the step of storing the packets in flow queues based, wherein a flow queue is selected based on a flow a packet is associated with and wherein each flow corresponds to a single flow queue. The method also includes transmitting the packets from the flow queues to channel queues or bonded channel queues using corresponding channel nodes or bonded channel nodes at a rate that is determined based on feedback data and scheduling downstream transmission of packets on a single downstream channel if the packet is stored in a channel queue and on multiple downstream channels that are bonded together to form a bonded channel group if the packet is stored in a bonded channel queue. The feedback data is adjusted for each channel node or bonded channel node based on a queue depth for a corresponding channel queue or bonded channel queue.

Metro ethernet service enhancements

Numerous enhancements to metro Ethernet network (MEN) services include an enhancement of the overall MEN Quality of Service (QoS) architecture, an enhancement to classification at the provider edge, the use of Ethernet QoS classes, enhancements to policing and marking at ingress provider edge equipment, the provision of traffic management functions at egress provider edge equipment, the use of multiple Ethernet virtual connections (EVCs) and Aggregate EVCs, an enhancement to QoS across an external network-network interface and an enhancement to treatment of Ethernet service frames in a core network.

Network packet steering via configurable association of packet processing resources and network interfaces

Methods and systems are provided for steering network packets. According to one embodiment, a dynamically configurable steering table is stored within a memory of each network interface of a networking routing/switching device. The steering table represents a mapping that logically assigns each of the network interfaces to one of multiple packet processing resources of the network routing/switching device. The steering table has contained therein information indicative of a unique identifier/address of the assigned packet processing resource. Responsive to receiving a packet on a network interface, the network interface performs Layer 1 or Layer 2 steering of the received packet to the assigned packet processing resource by retrieving the information indicative of the unique identifier/address of the assigned packet processing resource from the steering table based on a channel identifier associated with the received packet and the received packet is processed by the assigned packet processing resource.

Ingress traffic flow control in a data communications system

Embodiments of the invention provide flow control of incoming data packets to data processing resources via a controller that can receive and react to advanced backpressure messages. These advanced backpressure messages are used to rate limit the data packets based one or more of the following factors: traffic class, traffic priority, destination port. The controller can also generate a traffic preference message to an upstream source of the data packets to inform the upstream unit of the most appropriate type of data that should be transmitted downstream at that time, thereby improving the likelihood of the transmitted data being processed in a proper and timely manner by the downstream data processing resources. Embodiments of the invention can improve the performance of a communications system during periods of congestion by ensuring that high-priority traffic has precedence over traffic of lower priority while maximizing utilization of the ingress data path bandwidth.

Write Traffic Shaper Circuits

In an embodiment, one or more fabric control circuits may be inserted in a communication fabric to control various aspects of the communications by components in the system. The fabric control circuits may be included on the interface of the components to the communication fabric, in some embodiments. In other embodiments that include a hierarchical communication fabric, fabric control circuits may alternatively or additionally be included. The fabric control circuits may be programmable, and thus may provide the ability to tune the communication fabric to meet performance and/or functionality goals.

Method and apparatus for pre-classifying packets

The disclosed embodiments relate to a system that provides an intelligent port infrastructure for communication network devices. This is accomplished by incorporating a highly configurable pre-classifier module into the port infrastructure. This pre-classifier makes it possible to realign packet data to add a configurable number of bytes to the front of the packet, and also to select interesting data from incoming packets for further analysis. The selected data is sent into a configurable classification engine, which generates instructions that specify how to determine associated packet attributes. The packet attributes are then generated based on the instructions, and are forwarded along with the packet to downstream processing units.

System and method for assigning a service flow classifier to a device

A system and method for assigning a service flow classifier to a device. A MAC address of a device is extracted from a DHCP discover message. A DHCP server constructs a key from the device MAC address and an IP address assigned by the DHCP server. The key identifies a record of attributes of the device. A configuration server uses the key to access the attribute record and to generate a boot file for the device. The boot file includes one or more service flow classifiers that determine a service flow for packets destined for the device.

Communication system and corresponding integrated circuit and method

A communication system transmits data from a first circuit over a communication channel to a second circuit, the data having a first priority and a second priority. The communication system includes a separation circuit, a first-in first-out (FIFO) memory, and a control circuit.

Method and apparatus for providing congestion management for a wireless communication network

A method and apparatus for providing a congestion management of a wireless communication network are disclosed. For example, the method projects dynamically a trend for a network element of the wireless communication network, using a functionality metric associated with the network element of the wireless communication network, and determines if there is a potential congestion in accordance with the trend. The method then provides a notification of the potential congestion, if there is a potential congestion for the network element of the wireless communication network.

Flow-based rate limiting

A device may include logic configured to receive a packet, identify a flow associated with the packet in a flow table, and identify a rate limit associated with the flow in the flow table. A current rate associated with the flow may be calculated based on the packet. It may be determined whether the current rate associated with the flow exceeds the rate limit associated with the flow. If so, the packet may be discarded or tagged as “over limit.”

On-chip memory (ocm) physical bank parallelism

According to an example embodiment, a processor is provided including an integrated on-chip memory device component. The on-chip memory device component includes a plurality of memory banks, and multiple logical ports, each logical port coupled to one or more of the plurality of memory banks, enabling access to multiple memory banks, among the plurality of memory banks, per clock cycle, each memory bank accessible by a single logical port per clock cycle and each logical port accessing a single memory bank per clock cycle.

Scheduling under congestion with traffic load-based scaling

Apparatus and techniques for scheduling packets to reduce congestion in a packet data network are described. In one embodiment of the invention, packets are received through each of a plurality of channels and are stored in a respective queue for each channel. The status of each queue is monitored as empty or not empty. When an empty queue becomes not empty, then bandwidth allocation value is added for the respective channel to a port load value. When a not empty queue becomes empty, then the bandwidth allocation for the respective channel is subtracted from the port load value. The traffic rate through the port is then scaled based upon the port load value.

Method and apparatus for multiple access of plural memory banks

A processor with on-chip memory including a plurality of physical memory banks is disclosed. The processor includes a method, and corresponding apparatus, of enabling multi-access to the plurality of physical memory banks The method comprises selecting a subset of multiple access requests to be executed in at least one clock cycle over at least one of a number of access ports connected to the plurality of physical memory banks, the selected subset of access requests addressed to different physical memory banks, among the plurality of memory banks, and scheduling the selected subset of access requests, each over a separate access port.

PRIORITIZING HIGHLY COMPRESSED TRAFFIC TO PROVIDE A PREDETERMINED QUALITY OF SERVICE

A network optimization engine can be used to optimize the transmission of network traffic by employing means to prioritize highly compressed network traffic over other network traffic. The network optimization engine accomplishes network traffic optimization by calculating a compression ratio for received data packets and determining whether the calculated compression ratios exceed a compression ratio threshold. The predetermined compression ratio threshold can be a hard coded value or an empirically determined compression ratio threshold that is calculated using a sample of the received network packets. Network packets having a compression ratio that exceeds the compression ratio threshold are classified as highly compressed network traffic and transmitted according to a transmission scheme that is different than a transmission scheme used to transmit non-highly compressed network traffic. 1. A method for optimizing transmission of network traffic , the method comprising:receiving, by a network optimization engine executing on an appliance, data packets transmitted over a network;analyzing, by the network optimization engine, each received data packets to calculate a compression ratio for each data packet and determining whether the calculated compression ratio for each received data packet exceeds a predetermined compression ratio threshold;classifying, by the network optimization engine, data packets having a compression ratio that exceeds the predetermined compression ratio threshold as highly compressed traffic;sorting, by the network optimization engine, the received data packets according to the highly compressed traffic classification;transmitting data packets classified as highly compressed traffic according to a first transmission scheme; andtransmitting data packets not classified as highly compressed traffic according to a second transmission scheme, where the first transmission scheme is different than the second transmission scheme.2. The method of ...

ADAPTIVE QUEUE-MANAGEMENT

In one embodiment, a method includes storing in a QoS-enabled communication system a data structure that has a multi-level hierarchy including a physical level, a logical level, and a class level; receiving a first request for M number of services provided by the QoS-enabled communication system; in response to the first request, modifying an allocation of the logical-level nodes by mapping M class-level nodes to a first one of the logical-level nodes according to a first mapping mode of the data structure; receiving a second request for P services provided by the QoS-enabled communication system, with P being greater than M; and, in response to the second request, modifying an allocation of the logical-level nodes by mapping P class-level nodes to a second one of the logical-level nodes according to a second mapping mode of the data structure. 120-. (canceled)21. A method comprising , by one or more computing systems: a physical level comprising one or more physical-level nodes, each of the physical-level nodes corresponding to a physical interface for transmitting a bandwidth-limited traffic (BLT) stream of packets;', 'a logical level comprising one or more logical-level nodes, each of the logical-level nodes comprising a bandwidth-limitation parameter; and', 'a class level comprising one or more class-level nodes, each of the class-level nodes corresponding to a service provided by the QoS-enabled communication system;, 'storing in a quality-of-service (QoS) -enabled communication system a data structure that has a multi-level hierarchy comprisingreceiving a first request for M number of services provided by the QoS-enabled communication system; andin response to the first request, modifying an allocation of the logical-level nodes by mapping M class-level nodes to a first one of the logical-level nodes according to a first mapping mode of the data structure.22. The method of claim 21 , further comprising:receiving a second request for P services provided by the ...

Configurable Access Control Lists Using TCAM

A communication apparatus includes a Content-Addressable Memory (CAM) and packet processing circuitry. The packet processing circuitry is configured to store in respective regions of the CAM multiple Access Control Lists (ACLs) that are defined for respective packet types, to classify an input packet to a respective packet type selected from the packet types, to identify a region holding an ACL defined for the selected packet type, and to process the input packet in accordance with the ACL stored in the identified region.

ESTABLISHING THE PACKET FLOW POSSESSING A SYMMETRICAL QUALITY OF SERVICE BY NEGOTIATING THE QUALITY INDICATOR

A method for establishing a packet flow with another device over a communication network includes determining a first value of a priority indicator based on the type of data flow and exchanging signaling messages with that other device in order to enable the establishment of the data flow. The first value is inserted into the first of those signaling messages. Upon receiving a signaling message having a received value of that priority indicator, a sent value is determined based on that received value, and inserted into the packets of the packet flow. 1. A network device comprising means for establishing a packet flow with another device over a communication network , means for determining a first value of a priority indicator based on the type of said data flow and means for exchanging signaling messages with said other device in order to enable the establishment of said data flow , further having means for inserting said first value into the first of said signaling messages and means for , upon receiving a signaling message comprising a received value of said priority indicator , determining a sent value based on said received value and inserting said sent value into the packets of said packet flow.2. A network device according to claim 1 , wherein said sent value is the greater value between said received value and the value determined by said device based on said type of packet flow.3. A network device according to claim 1 , wherein said priority indicator complies with the DiffSery mechanism claim 1 , and adapted to insert said third value into the field “DS Field” of said packet flow.4. A network device according to claim 1 , adapted to insert said sent value into an attribute compliant with the SDP protocol within said signaling messages.5. A network device according to claim 1 , adapted to insert said sent value into a “DS Field” field of the packets of said packet flow.6. A method for establishing a packet flow with another device over a communication ...

Packet classification apparatus and method for classifying packet thereof

Disclosed is a packet processing device which includes a packet processor Classifying a packet according to a region needed to search and providing a search key corresponding to the classified packet; a search key distributing unit decoding the search key to classify an address-based search key and a content-based search key; an address-based content addressable memory (hereinafter, referred to as CAM) unit performing an address-based search operation according to the address-based search key; a content-based CAM unit performing a content-based search operation according to the content-based search key; and a packet forwarding unit processing an output toward a port corresponding to a packet transferred from the packet processor, based on results searched according to the address-based search operation and the content-based search operation.

Mitigation of detected patterns in a network device

A method for mitigating detected patterns in a network device is described herein. A packet is moved through a first pipeline of the network device, to perform processing of the packet. A pattern is detected within the packet. In response to detecting the pattern, a hardware component of the network device generates a flag as the packet is moving through the first pipeline, in parallel with the processing of the packet. One or more forwarding policies associated with the packet are determined using the flag.

Retrieving content from local cache

A network device transmits, to a cache located proximate to the network device, instructions to store content in the cache. The cache stores the content based on the instructions. The network device further receives a request for the content from a mobile communication device; determines, based on the request, that the content is stored in the local cache; and retrieves the content from the local cache. The network device also creates packets based on the retrieved content, and transmits the packets to the mobile communication device.

Methods of operating forwarding elements including shadow tables and related forwarding elements

A method may be provided to operate a forwarding element in a forwarding plane of a network including the forwarding plane and a control plane. The method may include receiving a packet through an input/output port of the forwarding element and attempting to match the packet with a flow table of the forwarding element. Responsive to the packet missing a match with the flow table, the forwarding element may attempt to match the packet with a shadow table of the forwarding element. Responsive to the packet matching with the shadow table, a new flow rule may be installed in the flow table based on a matching shadow rule from the shadow table. Related forwarding elements are also discussed.

Generating and/or receiving at least one packet to facilitate, at least in part, network path establishment

An embodiment may include circuitry to be included, at least in part, in at least one node in a network. The circuitry may generate, at least in part, and/or receive, at least in part, at least one packet. The packet may be received, at least in part, by at least one switch node in the network. The switch node may designate, in response at least in part to the packet, at least one port of the switch node to be used to facilitate, at least in part, establishment, at least in part, of at least one path for propagation of at least one flow between at least two other nodes in the network. The packet may be generated based at least in part upon (1) at least one application classification, (2) at least one allocation request, and (3) network resource availability information.

Prioritized Handling of Incoming Packets by a Network Interface Controller

A network interface controller includes a host interface, which is configured to be coupled to a host processor having a host memory. A network interface is configured to receive data packets from a network, each data packet including a header, which includes header fields, and a payload including data. Packet processing circuitry is configured to process one or more of the header fields and at least a part of the data and to select, responsively at least to the one or more of the header fields, a location in the host memory. The circuitry writes the data to the selected location and upon determining that the processed data satisfies a predefined criterion, asserts an interrupt on the host processor so as to cause the host processor to read the data from the selected location in the host memory.

Method and System for Creating Software Defined Ordered Service Patterns in a Communications Network

A software defined network service (SDNS) node for altering a logical flow of data packets in a network to accommodate predetermined ordered service chains, comprising a receiver configured to receive an encapsulated data packet comprising a tag via a encapsulated tunnel from another SDNS node, wherein the tag identifies an ordered service chain or a next hop in the ordered service chain, a processor coupled to the receiver and configured to decapsulate the encapsulated data packet, and a transmitter coupled to the processor and configured to forward the decapsulated data packet to a service device attached to the SDNS node when the processor determines, based on the tag, that a service on the service device should be applied to the data packet. 1. A software defined network service (SDNS) node for altering a logical flow of data packets in a network to accommodate predetermined ordered service chains , comprising:a receiver configured to receive an encapsulated data packet comprising a tag via a encapsulated tunnel from another SDNS node, wherein the tag identifies an ordered service chain or a next hop in the ordered service chain;a processor coupled to the receiver and configured to decapsulate the encapsulated data packet; anda transmitter coupled to the processor and configured to forward the decapsulated data packet to a service device attached to the SDNS node when the processor determines, based on the tag, that a service on the service device should be applied to the data packet.2. The SDNS node of claim 1 , wherein the receiver is further configured to receive a processed data packet from the service device.3. The SDNS node of claim 2 , wherein the tag comprises a tag and wherein the processor is configured to:classify the processed data packet;map the classification of the processed data packet to a second tag; andencapsulate the processed data packet,wherein the encapsulated processed data packet comprises the second tag, andwherein the second tag ...

Method and system for a gigabit ethernet ip telephone chip with integrated security module

Methods and systems for processing Ethernet data are disclosed and may comprise receiving Ethernet data via a single gigabit Ethernet IP telephone chip. A secure application key may be received from a secure server by an OSM integrated within the gigabit Ethernet IP telephone chip for processing the received Ethernet data. The received Ethernet data may be processed by the gigabit Ethernet IP telephone chip based on the received secure application key. A unique security identifier internal to the single gigabit Ethernet IP telephone chip may be communicated off-chip to the secure server. The unique security identifier may identify the single gigabit Ethernet IP telephone chip. The secure server may authenticate the gigabit Ethernet IP telephone chip based on the unique security identifier internal to the single gigabit Ethernet IP telephone chip, prior to the receiving of the secure application key.

FENCING OFF SWITCH DOMAINS

Techniques are disclosed to reduce crossover between traffic from switch elements of different switch domains in a distributed switch. Addition of a first switch element to the distributed switch is detected. The distributed switch includes multiple switch elements at least subsequent to the addition, and each switch element has a switch element identifier and a fabric identifier. The respective fabric identifiers of the first switch element and of a second switch element are retrieved. The second switch element is communicably connected to the first switch element via a link, and the link is configured to allow only command traffic to be transmitted via the link. Upon a determination that the fabric identifier of the first switch element does not match the fabric identifier of the second switch element, then no command is issued specifying to reconfigure the link to allow at least one additional traffic type, different from command traffic. 18.-. (canceled)9. A computer program product to reduce crossover between traffic from switch elements of different switch domains in a distributed switch , the computer program product comprising: computer-readable program code configured to retrieve, respectively, the fabric identifiers of the first switch element and of a second switch element of the plurality of switch elements, wherein the second switch element is communicably connected to the first switch element via a link, wherein the link is configured to allow only command traffic to be transmitted via the link; and', 'computer-readable program code configured to, upon determining, by operation of one or more computer processors when executing the computer-readable program code, that the retrieved fabric identifier of the first switch element does not match the retrieved fabric identifier of the second switch element, refrain from issuing any command specifying to reconfigure the link to allow at least one additional traffic type, different from command traffic., ' ...

Systems and methods to filter out noisy application signatures to improve precision of first packet application classification

The system and methods discussed herein provide for filtering out noisy application signatures to improve the precision of first packet application classification. In some implementations, the system receive application signatures from devices along with their network identifiers. Based upon the frequency at which identical application signatures appear as originating from distinct network environments, the system determines the validity of application signatures and avoids storing irrelevant information for routing network traffic.

Path Visibility, Packet Drop, and Latency Measurement with Service Chaining Data Flows

Techniques for determining packet path visibility, packet drops, and latency measurements associated with data flows of a networked computing environment are disclosed herein. The techniques may include receiving flow data associated with a data flow of a networked computing environment and determining a packet path associated with the data flow. The packet path may indicate that a first leaf switch is configured to send packets to a service chain device and that a second leaf switch is configured to receive the packets from the service chain device. The techniques may also include receiving timestamp data indicating a first time when the first leaf switch sent a packet to the service chain device and a second time when the second leaf switch received the packet from the service chain device. Based at least in part on the timestamp data, a latency associated with the service chain device may be calculated. 1. A method comprising:receiving, from an ingress leaf switch of a networked computing environment, first timestamp data indicating a first time at which a packet entered a data flow of the networked computing environment;receiving, from a first intermediary leaf switch in the networked computing environment, first flow data associated with the data flow;determining, based at least in part on the first flow data, that the first intermediary leaf switch is configured to export the packet to a service chain device located outside of the networked computing environment;receiving, from a second intermediary leaf switch in the networked computing environment, second flow data associated with the data flow;determining, based at least in part on the second flow data, that the second intermediary leaf switch received the packet as it returned back into the networked computing environment from the service chain device;receiving, from an egress leaf switch of the networked computing environment, second timestamp data indicating a second time at which the packet exited the ...

METHODS AND APPARATUS FOR APPLICATION AWARE HUB CLUSTERING TECHNIQUES FOR A HYPER SCALE SD-WAN

Some embodiments provide a method for a software-defined wide area network (SD-WAN) connecting first and second sites, with the first site including an edge node and the second site including multiple forwarding hub nodes. At the edge node of the first site, the method receives a packet of a particular flow including a flow attribute. The method uses the flow attribute to identify a hub-selection rule from multiple hub-selection rules, each hub-selection rule identifying at least one forwarding hub node at the second site for receiving one or more flows from the first site, and at least one hub-selection rule identifying at least one forwarding hub node that is not identified by another hub-selection rule. The method uses the identified hub-selection rule to identify a forwarding hub node for the particular flow. The method then sends the packet from the edge node at the first site to the identified forwarding hub node at the second site. 1. For a software-defined wide area network (SD-WAN) , a method for providing resources of a datacenter to a plurality of branch sites , the method comprising: receiving a set of network traffic statistics from a plurality of forwarding hub nodes of the datacenter;', 'based on the received set of network traffic statistics, determining that additional forwarding hub nodes are needed for processing a particular category of flows;', 'directing a server at the datacenter to generate additional forwarding hub nodes; and', 'providing, to edge nodes of the plurality of branch sites, an updated list of forwarding hub nodes available for processing flows belonging to the particular category of flow., 'at a controller of the SD-WAN,'}2. The method of claim 1 , wherein the updated list of forwarding hub nodes is provided as an updated hub selection rule.3. The method of claim 2 , wherein the controller provides a plurality of hub selection rules to the plurality of branch sites claim 2 , each hub selection rule specifying one or more ...

SYSTEM AND METHOD FOR CLASSIFYING NETWORK DATA PACKETS WITH PROVIDED CLASSIFIER IDENTIFIERS

An improved Wi-Fi access point classifies network data packets with classification identifiers provided by RTC/RTE devices without scanning the content of them. The access point receives inbound and outbound packet classification identifiers from the RTC/RTE applications running on the RTC/RTE devices. The identifiers are provided to a hardware data packet classifier. The hardware data packet classifier applies the identifiers against ingress packets and egress packets respectively. Data packets of the same class are assigned with a same priority. The prioritized network data packets are scheduled for transmission based on their respective priorities. The scheduled network data packets are forwarded to respective network interfaces for transmission. 1. A method for classifying network data packets by a hardware data packet classifier to improving packet forwarding performance , said method performed by a wireless access point and comprising:1) creating a socket with a predetermined port on an IP address of said wireless access point;2) establishing a connection with a first RTC/RTE device over said socket;3) receiving a set of inbound data packet classification identifiers from said first RTC/RTE device;4) receiving a set of outbound data packet classification identifiers from said first RTC/RTE device;5) providing said set of inbound data packet classification identifiers to a hardware data packet classifier;6) providing said set of outbound data packet classification identifiers to a hardware data packet classifier;7) receiving a set of inbound data packets from a second RTC/RTE device from a wired network interface of said wireless access point;8) applying said set of inbound data packet classification identifiers to said set of inbound data packets by said hardware data packet classifier to generate a set of classified inbound data packets;9) assigning a same priority to data packets of a same class within said set of classified inbound data packets to generate ...

PACKET RETRANSMISSION

Through the identification of different packet-types, packets can be handled based on an assigned packet handling identifier. This identifier can, for example, enable forwarding of latency-sensitive packets without delay and allow error-sensitive packets to be stored for possible retransmission. In another embodiment, and optionally in conjunction with retransmission protocols including a packet handling identifier, a memory used for retransmission of packets can be shared with other transceiver functionality such as, coding, decoding, interleaving, deinterleaving, error correction, and the like. 1105.-. (canceled)106. A method of packet retransmission comprising:transmitting or receiving, using a transceiver, a plurality of packets,wherein at least one first packet of the plurality of packets is associated with a first delay requirement,wherein at least one second packet of the plurality of packets is associated with a second delay requirement, andwherein the second delay requirement is lower than the first delay requirement; andtransmitting or receiving, using the transceiver, a message comprising acknowledgement (ACK) information of the at least one first packet,wherein the ACK information is transmitted or received a plurality of times such that the ACK information is transmitted or received in a first DMT symbol and the ACK information is also transmitted or received in a second DMT symbol.107. The method of claim 106 , further comprising passing the at least one second packet when it is received without error to a higher layer without waiting for receipt of other retransmitted packets.108. The method of claim 106 , further comprising passing the at least one first packet when it is received without error to a higher layer without waiting for receipt of other retransmitted packets.109. The method of claim 106 , further comprising waiting for the receipt of other retransmitted packets before passing the at least one first packet a higher layer when they are ...

DATA PROCESSING METHOD AND CLIENT

A data processing method and a client is provided. When obtaining a first data packet and a second data packet of a target call service, a client classifies the first data packet into a first data packet set and classifies the second data packet into a second data packet set based on a first time segment and a second time segment, where a first obtaining moment of the first data packet belongs to the first time segment, a second obtaining moment of the second data packet belongs to the second time segment, the first time segment and the second time segment are different time segments. Furthermore, the client calculates, audio and/or video quality corresponding to the first data packet set, and audio and/or video quality corresponding to the second data packet set. 1. A data processing method , comprising:when obtaining a first data packet and a second data packet of a target call service initiated by a terminal, classifying, by a client, the first data packet into a first data packet set and classifying the second data packet into a second data packet set based on a first time segment and a second time segment, wherein a first obtaining moment of the first data packet belongs to the first time segment, a second obtaining moment of the second data packet belongs to the second time segment, the first time segment and the second time segment are different time segments used by the client to obtain the data packets of the target call service, and an intersection set of the first time segment and the second time segment is empty;determining, by the client, a first feature parameter corresponding to the first data packet set and a second feature parameter corresponding to the second data packet set; andcalculating, by the client based on one or both of a preset audio and video quality evaluation algorithm, one or both of audio and video quality corresponding to the first feature parameter, and one or both of audio and video quality corresponding to the second feature ...

ALLOCATING BANDWIDTH BETWEEN BANDWIDTH ZONES ACCORDING TO USER LOAD

A bandwidth management system includes a plurality of queues respectively corresponding to a plurality of zones. An enqueuing module receives network traffic from one or more incoming network interfaces, determines a belonging zone to which the network traffic belongs, and enqueues the network traffic on a queue corresponding to the belonging zone. A dequeuing module selectively dequeues data from the queues and passes the data to one or more outgoing network interfaces. When dequeuing data from the queues the dequeuing module dequeues an amount of data from a selected queue, and the amount of data dequeued from the selected queue is determined according to user load of a zone to which the selected queue corresponds. 1. A bandwidth management system for allocating bandwidth between a plurality of bandwidth zones at an establishment serving a plurality of users , each of the bandwidth zones having a number of users competing for bandwidth allocated thereto , the bandwidth management system comprising:a computer server providing a first queue and a second queue, wherein the first queue queues first data associated with a first bandwidth zone of the plurality of bandwidth zones, and the second queue queues second data associated with a second bandwidth zone of the plurality of bandwidth zones; anda computer readable medium storing a plurality of software instructions for execution by the computer server;wherein, by the computer server executing the software instructions loaded from the computer readable medium, the computer server is operable to repeatedly dequeue a first amount of the first data from the first queue and a second amount of the second data from the second queue, and pass the first amount of the first data and the second amount of the second data to one or more outgoing network interfaces; andthe computer server is further operable to automatically adjust the first amount and the second amount over time such that the first amount is larger than the ...

PACKET CLASSIFICATION FOR NETWORK ROUTING

Techniques for packet classification for network routing are disclosed. In some embodiments, packet classification for network routing includes receiving packets associated with a new flow at a security controller from a network device, in which the network device performs packet forwarding; classifying the flow; and determining an action for the flow based on a policy (e.g., a security policy). In some embodiments, the network device is a Software Defined Network (SDN) network device (e.g., a packet forwarding device that supports the OpenFlow protocol or another protocol). 1. (canceled)2. A system , comprising:a processor configured to:receive packets associated with a new flow at a security controller from a network device, wherein the network device performs packet forwardingclassify the flow based on an application determined to be associated with the flow;determine an action for the flow based on a policy; 'in the event that the action is to shunt the flow, receive additional packets associated with the flow from the network device, wherein the security controller performs further inline inspection and classification of the flow, and wherein the shunted flow is determined to be a flow that is to be ignored or dropped based on the further inline inspection and classification of the flow; and', 'instruct the network device to perform the action for the flow; and'}a memory coupled to the processor and configured to provide the processor with instructions.3. The system recited in claim 2 , wherein the network device is a Software Defined Network (SDN) network device.4. The system recited in claim 2 , wherein the policy is a security policy that includes an allow or a block rule based on an application and a user.5. The system recited in claim 2 , wherein the instructing of the network device to perform the action for the flow is based on an API mechanism.6. The system recited in claim 2 , wherein instructing of the network device to perform the action for the flow ...

ANALYZING ENCRYPTED TRAFFIC BEHAVIOR USING CONTEXTUAL TRAFFIC DATA

In one embodiment, a device in a network detects an encrypted traffic flow associated with a client in the network. The device captures contextual traffic data regarding the encrypted traffic flow from one or more unencrypted packets associated with the client. The device performs a classification of the encrypted traffic flow by using the contextual traffic data as input to a machine learning-based classifier. The device generates an alert based on the classification of the encrypted traffic flow. 1. A method , comprising:detecting, at a device in a network, an encrypted traffic flow associated with a client in the network;receiving, at the device, a sequence of packets sent by the client associated with the encrypted traffic flow, the sequence of packets including 1) an encrypted request packet of the encrypted traffic flow and 2) one or more unencrypted packets sent by the client sequentially before or after the encrypted request packet;capturing, by the device, contextual traffic data regarding the encrypted traffic flow from the one or more unencrypted packets;performing, by the device, a classification of the encrypted traffic flow by using the captured contextual traffic data as input to a machine learning-based classifier; andgenerating, by the device, an alert based on the classification of the encrypted traffic flow analyzing, by the device, the encrypted traffic flow to infer a header field of the encrypted traffic flow; and', 'comparing, by the device, the inferred header field of the encrypted traffic flow with a header field of the one or more unencrypted packets., 'wherein capturing the contextual traffic data further comprises2. The method as in claim 1 , wherein the machine learning-based classifier is configured to infer the header field of the encrypted traffic flow based on a cipher suite that is advertised in one or more other header fields of the encrypted traffic flow.3. The method as in claim 1 , wherein the one or more unencrypted packets ...

AGGREGATING FLOWS BY ENDPOINT CATEGORY

A computer-implemented method of preventing communications based on endpoint category is provided that comprises: accessing, by one or more processors of a router, a data packet that indicates a source identifier that identifies a source endpoint and a destination identifier that identifies a destination endpoint; determining, by the one or more processors of the router, a source category based on the source identifier; determining, by the one or more processors of the router, a destination category based on the destination identifier; and based on the source category and the destination category, refraining from sending the data packet to the destination endpoint. 1. A computer-implemented method of preventing communications based on endpoint category , comprising:accessing, by one or more processors of a router, a data packet that indicates a source identifier that identifies a source endpoint and a destination identifier that identifies a destination endpoint;determining, by the one or more processors of the router, a source category based on the source identifier;determining, by the one or more processors of the router, a destination category based on the destination identifier; andbased on the source category and the destination category, refraining from sending the data packet to the destination endpoint.2. The computer-implemented method of claim 1 , wherein: sending the source identifier to a category server; and', 'receiving the source category from the category server., 'the determining of the source category based on the source identifier comprises3. The computer-implemented method of claim 1 , further comprising:based on the source category and the destination category, determining that the source endpoint is not permitted to communicate with the destination endpoint.4. The computer-implemented method of claim 1 , further comprising:determining, based on the source category and the destination category, a maximum transmission rate for the source endpoint ...

Packet Processing Method and Network Device

A packet processing method and a network device, where the method includes: receiving, by a network device, a packet, where the packet includes classification information, and the classification information includes M fields; determining, by the network device, K fields in the M fields according to indication information stored by the network device; determining, by the network device, a target classification rule based on a first classification rule set stored by the network device and the K fields, and processing the packet according to the target classification rule. 1. A packet processing method , comprising:receiving, by a network device, a packet, wherein the packet comprises classification information, wherein the classification information comprises M fields, wherein the M fields comprise X fields and K fields, the M fields comprise N bits, wherein the X fields comprise P bits, wherein the K fields comprise Q bits, wherein N is a positive integer greater than or equal to 2, wherein N is equal to a sum of Q and P, wherein M is equal to a sum of K and X, wherein Q, P, K, and X are all positive integers, and wherein M is a positive integer greater than or equal to 2;determining, by the network device, the K fields in the M fields according to indication information stored by the network device, wherein the indication information comprises M indication digits, wherein the M fields are in a one-to-one correspondence with the M indication digits, wherein a value of an indication digit corresponding to each of the K fields is equal to a first value, wherein a value of an indication digit corresponding to each of the X fields is equal to a second value, and wherein the first value is not equal to the second value;determining, by the network device, a target classification rule based on a first classification rule set stored by the network device and the K fields, wherein the target classification rule is a first classification rule in the first classification rule ...

QUEUING SYSTEM TO PREDICT PACKET LIFETIME IN A COMPUTING DEVICE

Techniques are disclosed for a queuing system for network devices. In one example, a network device includes a plurality of memories and processing circuitry connected to the plurality of memories. The plurality of memories includes a local memory of processing circuitry and an external memory to the processing circuitry. The processing circuitry is configured to receive an incoming network packet to be processed, wherein the network packet is held in a queue prior to processing and determine a predicted lifetime of the network packet based on a dequeue rate for the queue. The processing circuitry is further configured to select a first memory from the plurality of memories based on the predicted lifetime and store the network packet at the first memory in response to selecting the first memory from the plurality of memories. 1. A method comprising:receiving, by processing circuitry of a networking device, an incoming network packet to be processed, wherein the network packet is held in a queue prior to processing;selecting, by the processing circuitry, a queue state from a plurality of queue states for the queue;determining, by the processing circuitry, a predicted lifetime of the network packet based on a dequeue rate for the queue, wherein determining the predicted lifetime comprises using a look-up table corresponding to the selected queue state;selecting, by the processing circuitry, a first memory from a plurality of memories for the network packet based on the predicted lifetime, wherein the plurality of memories includes a local memory of the processing circuitry and an external memory to the processing circuitry; andstoring, by the processing circuitry, the network packet at the first memory in response to selecting the first memory from the plurality of memories.2. (canceled)3. The method of claim 1 , wherein determining the predicted lifetime of the network packet comprises:determining a latency for the queue based on a queue length of the queue and the ...

Machine-to-Machine Anomaly Detection

A method and apparatus for configuring an anomaly detector by constructing a classifier using supervised learning and applying that classifier to classify M2M traffic as either “anomalous” or “non-anomalous” with respect to a particular host. Anomaly detection is provided using one or more constructed classifiers. Each classifier is akin to an object that supports two main operations: (1) train: given a set of labeled feature vectors, construct a classifier; and (2) classify: given a feature vector, output a particular classification (i.e., result) selected from two classes defined as anomalous or non-anomalous. A non-anomalous result is indicative of host flow data that is typically associated with a particular host (i.e., safe traffic). An anomalous result is indicative of host flow data that is not typically associated with a particular host (i.e., unsafe traffic). 1. A method comprising:receiving first flow data associated with a plurality of hosts;computing a first plurality of feature vectors from the first flow data;assigning a label to each feature vector of the first plurality of feature vectors;training a host classifier using particular ones of the labeled feature vectors of the first plurality of feature vectors;receiving second flow data associated with a target host, the target host included in the plurality of hosts;computing a second plurality of feature vectors from the second flow data; andclassifying one or more of the feature vectors from the second plurality of feature vectors using the trained host classifier.2. The method of claim 1 , wherein the classifying operation further comprises:designating whether the one or more feature vectors is either anomalous or non-anomalous with respect to the target host.3. The method of wherein the plurality of hosts includes a set of machine-to-machine (M2M) hosts.4. The method of wherein the first flow data includes data from particular ones of the M2M hosts.5. The method of wherein the first flow data ...

Intent-based network security policy modification

A device may receive first information associated with a set of security rules. The first information may identify a set of security actions a device is to implement when the set of security rules applies to traffic. The device may determine a manner in which the set of security rules is to apply using the first information. The device may determine whether the manner in which the set of security rules is to apply and an intent of a network security policy or a manner in which a set of previously defined security rules is to apply match to determine whether the set of security rules conflicts with the network security policy or whether the set of security rules and the set of previously defined security rules are related. The device may perform an action.

Coalescing packets based on hints generated by network adapter

A network node includes a network adapter and a host. The network adapter is coupled to a communication network. The host includes a processor running a client process and a communication stack, and is configured to receive packets from the communication network, and classify the received packets into respective flows that are associated with respective chunks in a receive buffer, to distribute payloads of the received packets among the chunks so that payloads of packets classified to a given flow are stored in a given chunk assigned to the given flow, and to notify the communication stack of the payloads in the given chunk, for transferring the payloads in the given chunk to the client process. 1. A network node , comprising:a network adapter coupled to a communication network; anda host comprising a processor running a client process and a communication stack; receive packets from the communication network, and classify the received packets into respective flows that are associated with respective chunks in a receive buffer;', 'distribute payloads of the received packets among the chunks so that payloads of packets classified to a given flow are stored in a given chunk assigned to the given flow; and', 'notify the communication stack of the payloads in the given chunk, for transferring the payloads in the given chunk to the client process., 'wherein the network adapter is configured to2. The network node according to claim 1 , wherein the processor is further configured to run a driver that mediates between the network adapter and the communication stack claim 1 , wherein the network adapter is configured to notify the communication stack of the payloads in the given chunk claim 1 , via the driver.3. The network node according to claim 2 , wherein the driver is configured to construct a coalesced payload comprising two or more consecutive payloads in the given chunk claim 2 , and to notify the communication stack of the coalesced payload.4. The network node ...

CREDIT FLOW CONTROL FOR ETHERNET

One embodiment provides a method for enabling class-based credit flow control for a network node in communication with a link partner using an Ethernet communications protocol. The method includes receiving a control frame from the link partner. The control frame includes at least one field for specifying credit for at least one traffic class and the credit is based on available space in a receive buffer associated with the at least one traffic class. The method further includes sending data packets to the link partner based on the credit, the data packets associated with the at least one traffic class. 1. A network controller to communicate with a link partner , the network controller comprising:a receiver circuit to receive a control frame from the link partner, wherein the control frame includes at least one field for specifying credit for at least one traffic class, wherein the credit is based on available space in a receive buffer associated with the at least one traffic class; anda transmit scheduler module to send data packets to the link partner based on the credit, the data packets associated with the at least one traffic class.2. The network controller of claim 1 , wherein the receiver circuit is further to receive a data frame from the link partner claim 1 , wherein the data frame includes at least one field for specifying credit flow control operations for at least one traffic class.3. The network controller of claim 2 , wherein the data frame and the control frame are compatible with the Ethernet communications.4. The network controller of claim 1 , wherein the control frame is received periodically based on claim 1 , at least in part claim 1 , the size of the receive buffer associated with the at least one traffic class.5. The network controller of claim 1 , further to generate a configuration frame that includes at least one field for defining at least one parameter related to credit flow control; wherein the configuration frame is exchanged between ...

Network System, Switch and Method of Network Configuration

A network system of the present invention includes a switch and controllers. The switch processes on a received packet in accordance with a flow entry in which are defined a rule and an action. The controllers set the flow entry to a flow table of the switch. The switch assigns a flow table to each controller, searches when receiving a packet from outside for a flow table matching with the packet in all flow tables, ignores a flow entry set by a controller of which a status of connection is invalid among flow entries matching with the packet and processes the packet in accordance with an action of a flow entry set by a controller of which a status of connection is valid. 1. A network system comprising:a switch configured to perform a process on a received packet in accordance with a flow entry in which are defined a rule and an action for uniformly control a packet as a flow; anda plurality of controllers configured to set said flow entry to a flow table of said switch,wherein said switch assigns a flow table to each of said plurality of controllers, searches when receiving a packet from outside for a flow table matching with said packet in all flow tables, verifies a status of connection with each of said plurality of controllers, ignores a flow entry set by a controller of which a status of connection is invalid among flow entries matching with said packet and processes said packet in accordance with an action of a flow entry set by a controller of which a status of connection is valid.2. The network system according to claim 1 ,wherein said switch adopts, if a plurality of flow entries set by a controller of which a status of connection is valid exists, a flow entry of which a priority level of said flow entry itself is highest and adopts, if a plurality of flow entries with a same priority level exist, a flow table of which a priority level of a flow table in which said flow entry is set is highest.3. The network system according to claim 1 ,wherein each of said ...

DISTRIBUTED SERVICE CHAIN ACROSS MULTIPLE CLOUDS

Some embodiments of the invention provide novel methods for performing services on data messages passing through a network connecting one or more datacenters, such as software defined datacenters (SDDCs). The method of some embodiments uses service containers executing on host computers to perform different chains (e.g., ordered sequences) of services on different data message flows. For a data message of a particular data message flow that is received or generated at a host computer, the method in some embodiments uses a service classifier executing on the host computer to identify a service chain that specifies several services to perform on the data message. For each service in the identified service chain, the service classifier identifies a service container for performing the service. The service classifier then forwards the data message to a service forwarding element to forward the data message through the service containers identified for the identified service chain. The service classifier and service forwarding element are implemented in some embodiments as processes that are defined as hooks in the virtual interface endpoints (e.g., virtual Ethernet ports) of the host computer's operating system (e.g., Linux operating system) over which the service containers execute. 120-. (canceled)21. A method of performing services on a data message , the method comprising: identifying, for the data message, a service chain comprising a set of two or more services to perform on the data message, and a service path comprising a plurality of service machines in first and second datacenters for performing the services of the service chain;', 'using a first service machine executing in the first datacenter to perform a first service in the identified service chain;', 'using a service forwarding proxy to encapsulate the data message with an encapsulating header, to store in the encapsulating header an identifier that identifies the service path in the second datacenter, ...

TRANSACTION BASED NETWORK APPLICATION SIGNATURES FOR TEXT BASED PROTOCOLS

A method for profiling network traffic of a network. The method includes extracting cells from bi-directional payloads generated by a network application, wherein each cell comprises at least one direction reversal in a corresponding bi-directional flow, generating a cell group comprising a portion of the cells that are similar, analyzing the cell group to generate a signature of the network application, and classifying, based on the signature of the network application, a new bi-directional flow as being generated by the network application. 1. A method for profiling network traffic of a network , comprising:identifying, by a processor of a computer system and based on a pre-determined criterion, a training set from a plurality of bi-directional flows obtained from the network traffic, wherein the training set is associated with a network application, wherein each bi-directional flow comprises a sequence of captured payloads exchanged between a server and a client of the network;extracting, by the processor and based on a first pre-determined algorithm, a plurality of cells from the plurality of captured payloads, wherein each cell comprises a consecutive portion of the sequence of captured payloads, wherein the consecutive portion comprises at least one direction reversal in a corresponding bi-directional flow;analyzing, by the processor and based on a second pre-determined algorithm, a portion of the plurality of cells to calculate a similarity measure representing similarity among cells in the portion of the plurality of cells;generating, in response to the similarity measure exceeding a pre-determined threshold, a cell group comprising the portion of the plurality of cells;analyzing, by the processor and based on a third pre-determined algorithm, the cell group to generate a signature of the network application; andclassifying, by the processor and based on the signature of the network application, a new bi-directional flow, separate from the plurality of bi- ...

PACKET DETECTION AND BANDWIDTH CLASSIFICATION FOR VARIABLE-BANDWIDTH PACKETS

A receiver receives packets without prior knowledge of their bandwidths. The receiver calculates a first auto-correlation function for a first channel, a second auto-correlation function for a second channel, and a dot product of the first auto-correlation function and the second auto-correlation function. A packet is detected and its bandwidth classified based at least in part on the dot product. 1. A method of packet detection and bandwidth classification , comprising:calculating a first auto-correlation function for a first channel;calculating a second auto-correlation function for a second channel;calculating a dot product of the first auto-correlation function and the second auto-correlation function; anddetecting a packet, the detecting comprising classifying a bandwidth of the packet based at least in part on the dot product.2. The method of claim 1 , wherein:the first auto-correlation function is a first averaged auto-correlation function;the second auto-correlation function is a second averaged auto-correlation function;calculating the first averaged auto-correlation function comprises generating a first unaveraged auto-correlation function for the first channel in accordance with a predefined delay and taking a moving average of the first unaveraged auto-correlation function; andcalculating the second averaged auto-correlation function comprises generating a second unaveraged auto-correlation function for the second channel in accordance with the predefined delay and taking a moving average of the second unaveraged auto-correlation function.3. The method of claim 2 , wherein the predefined delay corresponds to a training-field periodicity for the packet.4. The method of claim 1 , wherein classifying the bandwidth comprises determining that the bandwidth of the packet includes both the first and second channels claim 1 , based at least in part on the dot product satisfying a first threshold.5. The method of claim 4 , wherein the first auto-correlation ...

NETWORK TRAFFIC CLASSIFICATION

A computer implemented method and system comprising receiving a data packet from a network source, extracting source and destination data from the received data packet, determining a user from the extracted source and destination data from the received data packet. If a label does not exist for the extracted source and destination data from the received data packet, creating a label for the data packet, the label comprising the extracted source data and historic source data for the determined user, calling a chaotic function with the label for the received data packet. If the chaotic function returns false, calling an alternative function for an output with the label for the received data packet. If the chaotic function returns true, capturing the output of the chaotic function, and updating the label with the output of the chaotic function or with the output of the alternative function. 1a computer system comprising: a computer processor, a computer-readable storage medium, and program instructions stored on the computer-readable storage medium being executable by the processor, to cause the computer system to perform a method, comprising:receiving a data packet from a network source and a network device, including network traffic on one or more of: a fixed network, and a mobile network;extracting source and destination data from the received data packet using a network collector executing an algorithm, the extracting of source and destination data from the received data packet comprises extracting an IP source, a source port, an IP destination and a destination port from the received data packet;determining a user from the extracted source and destination data from the received data packet, the determining the user including extracting from a user data field in the data packet user information associated with the user via the network collector;creating a label for the data packet, in response to a determination that the label does not exist for the extracted ...

FRAMEWORK FOR JOINT LEARNING OF NETWORK TRAFFIC REPRESENTATIONS AND TRAFFIC CLASSIFIERS

In one embodiment, a device in a network receives traffic data associated with a particular communication channel between two or more nodes in the network. The device generates a mean map by employing kernel embedding of distributions to the traffic data. The device forms a representation of the communication channel by identifying a set of lattice points that approximate the mean map. The device generates a traffic classifier using the representation of the communication channel. The device uses machine learning to jointly identify the set of lattice points and one or more parameters of the traffic classifier. The device causes the traffic classifier to analyze network traffic sent via the communication channel. 1. A method comprising:receiving, at a device in a network, traffic data associated with a particular communication channel between two or more nodes in the network;generating, by the device, a mean map by employing kernel embedding of distributions to the traffic data;forming, by the device, a representation of the communication channel by identifying a set of lattice points that approximate the mean map;generating, by the device, a traffic classifier using the representation of the communication channel, wherein the device uses machine learning to jointly identify the set of lattice points and one or more parameters of the traffic classifier; andcausing, by the device, the traffic classifier to analyze network traffic sent via the communication channel.2. The method as in claim 1 , wherein the representation of the communication channel comprises an approximated mean map claim 1 , and wherein forming the representation of the communication channel comprises:calculating an approximation of the mean map as a function of lattice points; andidentifying the set of lattice points by optimizing the approximation of the mean map.3. The method as in claim 2 , wherein the traffic classifier calculates a classification score for the analyzed network traffic as a ...

COMMUNICATION SYSTEM, SWITCH, CONTROL APPARATUS, PACKET PROCESSING METHOD, AND PROGRAM

A communication system contains a control apparatus and switch(es). The control apparatus transmits, to a switch, two or more flow entries having an identical match condition but having different processing content to be applied, and a condition for changing application priorities of the two or more flow entries. The switch holds the two or more flow entries, and switches the application priorities in accordance with the condition specified by the control apparatus, to process received packet(s). 1. A communication system comprising:a control apparatus that transmits, to a switch, 2 or more flow entries having an identical match condition but different processing content to be applied, and a condition for changing application priority among said 2 or more flow entries; anda switch that holds said 2 or more flow entries and switches application priority in accordance with a condition specified by said control apparatus, to process received packet(s).2. The communication system according to claim 1 , wherein said control apparatus prescribes claim 1 , as said condition claim 1 , content to change said application priority each time a counter value set in each flow entry exceeds a prescribed threshold claim 1 , for said switch.3. The communication system according to claim 1 , wherein said control apparatus prescribes claim 1 , as said condition claim 1 , content to change said application priority each prescribed time period claim 1 , for said switch.4. The communication system according to claim 1 , wherein said control apparatus determines a switch to transmit said two or more flow entries and said condition claim 1 , based on a counter value for each flow entry collected from said switch.5. The communication system according to claim 1 , whereinsaid control apparatus collects values of statistical information of packets dropped without being transmitted with regard to respective ports, from said switch; creates, with respect to a flow entry for which output from a ...

SERVERS, SWITCHES, AND SYSTEMS WITH SWITCHING MODULE IMPLEMENTING A DISTRIBUTED NETWORK OPERATING SYSTEM

One networking device includes a switch module, a server, and a switch controller. The switch module has ports with a communications interface of a first type (CI1) and ports with a communications interface of a second type (CI2). The server, coupled to the switch module via a first CI2 coupling, includes a virtual CI1 driver, which provides a CI1 interface in the server, defined to exchange CI1 packets with the switch module via the first CI2 coupling. The virtual CI1 driver includes a first network device operating system (ndOS) program. The switch controller, in communication with the switch module via a second CI2 coupling, includes a second ndOS program controlling, in the switch module, a packet switching policy defining the switching of packets through the switch module or switch controller. The first and second ndOS programs exchange control messages to maintain a network policy for the switch fabric. 1. A networking device comprising:a switch fabric;external ports in the switch fabric;a Ternary Content-Addressable Memory (TCAM) table in the switch fabric, the TCAM configured for storing classification information to classify packets received at the external ports;a switch fabric classifier in the switch fabric configured to determine if there is classification information for an incoming packet in the TCAM table;a control processor; anda memory in communication with the control processor, the memory configured for storing a processor classification table with processor classification information to classify the packets received at the external ports;wherein when there is classification information for the incoming packet in the TCAM table, the switch fabric classifier transmits the incoming packet to one of the external ports based on header information in the incoming packet and the classification information from the TCAM table;wherein when there is no classification information for the incoming packet in the TCAM table, the switch fabric sends the ...

A METHOD FOR OPERATING A NETWORK

A method operates a network, wherein multiple clients are connected to a server for accessing an application that is provided or running on the server. The application is tunneled within one or more corresponding flows between the clients and the server. A device for per flow scheduling of the flows prioritizes the flows based on at least one of application characteristics, application requirements, flow characteristics or flow requirements. The prioritizing by the device takes into consideration a change or a variation, over time, of at least one of an application characteristic, an application requirement, a flow characteristic or a flow requirement. 1. A method for operating a network , wherein multiple clients are connected to a server for accessing an application that is provided or running on the server , wherein the application is tunneled within one or more corresponding flows between the clients and the server , the method comprising:prioritizing, by a device for per flow scheduling of the flows, the flows based on at least one of application characteristics, application requirements, flow characteristics or flow requirements, andwherein the prioritizing by the device takes into consideration a change or a variation, over time, of at least one of an application characteristic, an application requirement, a flow characteristic or a flow requirement.2. The method according to claim 1 , wherein the application requirement or the flow requirement that is used includes at least one of a Quality of Experience claim 1 , QoE claim 1 , requirement claim 1 , a QoF claim 1 , threshold claim 1 , a bandwidth requirement or a bandwidth threshold.3. The method according to claim 1 , wherein an the application characteristic or the flow characteristic that is used comprises a Round-Trip Time claim 1 , RTT.4. The method according to claim 1 , wherein the device prioritizes a flow with a delay-sensitive application.5. The method according to claim 1 , wherein the flows ...

Automatically Cycling Among Packet Traffic Flows Subjecting Them to Varying Drop Probabilities in a Packet Network

In one embodiment, a network node automatically cycles among packet traffic flows and subjects the currently selected packet flows to varying drop probabilities in a packet network, such as, but not limited to in response to congestion in a device or network. Packets of the currently selected packet traffic flows are subjected to a drop or forward decision, while packets of other packet traffic flows are not. By cycling through all of these packet traffic flows, all of these packet flows are subjected to the drop or forward decision in the long term approximately uniformly providing fairness to all packet traffic flows. In the short term, only packets of a currently selected flow are targeted for possible dropping providing unfairness to the currently selected flows, while possibly providing communication efficiencies by affecting the currently selected, but not all flows. 1. A method , comprising:repeatedly cycling through a plurality of packet flows by a network node while processing packets, with said repeatedly cycling through including selecting a current one or more selected packet flows of the plurality of packet flows, with the current one or more selected packet flows being less than all of the plurality of packet flows; and for each specific packet of a plurality of packets not in said current one or more selected packet flows, forwarding said specific packet from a particular location within the network node, and', 'for each particular packet of a plurality of packets in said current one or more selected packet flows, processing said particular packet at the particular location according to a packet dropping determination made based on a drop probability currently associated with a particular flow of said current one or more selected packet flows corresponding to said particular packet, with said processing including dropping said particular packet in response to said packet dropping determination resulting in a decision to drop or not to forward said ...

Combined hardware/software forwarding mechanism and method

A forwarding system comprises a identification engine, a hardware forwarding engine configured to process an ingressing packet, a software forwarding engine configured to process the ingressing packet, and a selection engine. The selection engine is configured to select one of the hardware forwarding engine or the software forwarding engine to process the ingressing packet. The selection is based on at least one of an indication of resource availability or a classification of the ingressing packet based on a priority of a flow as determined by the identification engine. In some embodiments, the selection engine selects different forwarding engines to process different packets of a same flow based on changes in resource availability or classification of the ingressing packet.

INTERIOR GATEWAY PROTOCOL (IGP) FOR SEGMENT ROUTING (SR) PROXY SEGMENT IDENTIFIERS (SIDS)

A Proxy Forwarding node configured to advertise Segment Routing (SR) proxy forwarding capability of the Proxy Forwarding node for neighboring nodes of the Proxy Forwarding node using extensions to interior gateway protocol (IGP) for Proxy Forwarding for enabling an ingress node to the SR Traffic Engineering (SR-TE) path to continue to forward the traffic without modifying a segment list of the SR-TE path that includes a node segment identifier (SID) of a failed neighboring node of the Proxy Forwarding node. When the Proxy Forwarding node receives traffic targeting the failed neighboring node, the Proxy Forwarding node performs SR proxy forwarding for the failed neighboring node by forwarding the traffic towards a destination of the traffic in a direction that avoids the failed neighboring node for a period of time after the IGP has converged. 1. A method for enabling traffic to continue to be forwarded on a Segment Routing Traffic Engineering (SR-TE) path for an extended period of time after a failure of a neighboring node along the SR-TE path , the method comprising:detecting, by a Proxy Forwarding node, the failure of the neighboring node along the SR-TE path;advertising, by a Proxy Forwarding node, SR proxy forwarding capability of the Proxy Forwarding node for neighboring nodes of the Proxy Forwarding node using extensions to interior gateway protocol (IGP) for Proxy Forwarding for enabling an ingress node to the SR-TE path to continue to forward the traffic without modifying a segment list of the SR-TE path that includes a node segment identifier (SID) of the failed neighboring node of the Proxy Forwarding node;receiving, by the Proxy Forwarding node, traffic targeting the failed neighboring node of the Proxy Forwarding node, the traffic including a proxy node-SID of the failed neighboring node; andperforming, by the Proxy Forwarding node, SR proxy forwarding for the failed neighboring node by forwarding the traffic towards a destination of the traffic in a ...

Load Distribution System and Load Distribution Method

A load distribution system has: determination means for determining, upon an input port receiving a packet, a flow attribute indicating whether a flow configured by the packet is a flow that tends to include many long packets or a flow that tends to include many short packets; and output means for outputting the packet to a packet transfer device in a load state indicating that a load applied by the flow of the flow attribute is low, of a plurality of packet transfer devices, in accordance with the flow attribute determined by the determination means. 1. A load distribution system comprising:determination means, including one or more processors, for determining, upon an input port receiving a packet, a flow attribute indicating whether a flow configured by the packet is a flow that tends to include many long packets or a flow that tends to include many short packets; andoutput means, including one or more processors, for outputting the packet to a particular packet transfer device identified, from among a plurality of packet transfer devices and in accordance with the flow attribute determined by the determination means, as being in a load state indicating that a load applied by the flow of the flow attribute is low.2. The load distribution system according to claim 1 , further comprising:monitoring means, including one or more processors, for monitoring a bps bits per second (bps) value representing a traffic flow rate at each of the plurality of packet transfer devices related to long packets, and a packets per second (pps) value representing a traffic flow rate at each of the plurality of packet transfer devices related to short packets;first changing means, including one or more processors, for, if the bps value of at least one of the plurality of packet transfer devices exceeds a predetermined first threshold, changing a load state of the at least one packet transfer device to a load state indicating that a load applied by the flow that tends to include many ...

DETERMINISTIC PACKET SCHEDULING AND DMA FOR TIME SENSITIVE NETWORKING

In one embodiment, a network interface controller (NIC) includes multiple packet transmission queues to queue data packets for transmission. The data packets are assigned to multiple traffic classes. The NIC also includes multiple input/output (I/O) interfaces for retrieving the data packets from memory. Each I/O interface is assigned to a subset of the traffic classes. The NIC also includes scheduler circuitry to select a first data packet to be retrieved from memory, and direct memory access (DMA) engine circuitry to retrieve the first data packet from memory via one of the I/O interfaces based on the traffic class of the first data packet, and store the first data packet in one of the packet transmission queues. The NIC also includes a transmission interface to transmit the first data packet over a network at a corresponding launch time indicated by the scheduler circuitry. 1. A network interface controller , comprising:a plurality of packet transmission queues to queue a plurality of data packets for transmission, wherein the plurality of data packets are assigned to a plurality of traffic classes;a plurality of input/output (I/O) interfaces for retrieving the plurality of data packets from a memory of a host computing system, wherein each I/O interface of the plurality of I/O interfaces is assigned to one or more of the plurality of traffic classes;scheduler circuitry to select a first data packet to be retrieved from the memory, wherein the first data packet is to be selected from the plurality of data packets;direct memory access (DMA) engine circuitry to retrieve the first data packet from the memory via one of the plurality of I/O interfaces based on a corresponding traffic class of the first data packet, wherein the DMA engine circuitry is to store the first data packet in a corresponding packet transmission queue of the plurality of packet transmission queues; anda transmission interface to transmit the first data packet over a network at a corresponding ...

LIGHTWEIGHT FLOW REPORTING IN CONSTRAINED NETWORKS

In one embodiment, a device in a network receives one or more packets that are part of a traffic flow. The device provides a sample packet to a path computation element (PCE) that includes a signature that uniquely identifies the traffic flow. The device receives a traffic flow policy for the traffic flow from a policy engine and enforces the traffic flow policy for the traffic flow.

Service Chains for Network Services

Disclosed herein are systems, methods, computer media, and apparatuses for providing service chains. A control and monitoring system orders a service chain—an order of data flow through a plurality of network nodes—based on network node identifiers. The control and monitoring system provides a policy to all networking nodes in order to enforce the order of the service chain. In some embodiments, features are implemented to improve the availability of service chains. Such features include load-balancing, fail-over, traffic engineering, and automated deployment of virtualized network functions at various stages of a service chain, among others.

Incremental Application of Resources to Network Traffic Flows Based on Heuristics and Business Policies

Disclosed herein are system, method, and computer program product embodiments for increasingly applying network resources to traffic flows based on heuristics and policy conditions. A network determines that a traffic flow satisfies a first condition and transmits a first portion of the traffic flow to a network service. A network service then inspects the first portion of the traffic flow at a first level of detail and determines that the traffic flow satisfies a second condition. The network can then transmit a second portion of the traffic flow to the network service based on the determining the traffic flow satisfies the second condition. The network service can inspect the second portion of the traffic flow at a second level of detail, wherein the inspecting at the second level of detail requires a different amount of computing resources than the inspecting at the first level of detail. 1. A system comprising:a data collection module configured to collect data belonging to a plurality of traffic flows from a plurality of routers;a controller; and 'received data from the data collection module,', 'an analytics module configured toretrieve from a policy data base a set of policy rules for a traffic flow among the plurality of traffic flows,determine if any data packets belonging to the traffic flow matches a first policy rule within the set of policy rules,in response to determining that the traffic flow satisfies the first policy rule, send policy compliance information about the traffic flow to the controller, receive policy compliance information about the plurality of traffic flows from the analytics module, and', 'in response to receiving policy compliance information about the traffic flow from the analytics module, configure one or more routers to transmit a first portion of the traffic flow to a network service provider., 'wherein the controller is configured to2. The system of claim 1 , wherein the controller is configured to transmit the first portion ...

Method for Packet Network Traffic Regulation

A method of traffic regulation in a packet communication network involves a token bucket associated with a subscriber. Packets arriving at the regulator are handled in accordance with the token bucket configuration. The method involves measuring a demand placed on the network by the subscriber. The token bucket configuration is dynamically adjusted based on the demand. Another method of traffic regulation handles packets arriving at the regulator in accordance with first and second token bucket configurations. The first token bucket regulates packet rate while the second token bucket regulates data rate. Another method of traffic regulation involves handling packets in accordance with a token bucket configuration, where the amount of tokens to be removed is based on the amount of the flow and is further based on a classification of the flow. Packet-level devices for traffic regulation are also contemplated. 125-. (canceled)26. A method comprising:transmitting, by a first device and via a network, one or more packets corresponding to a packet flow associated with a user;receiving, by a second device associated with the network, the one or more packets corresponding to the packet flow associated with the user;removing, by the second device, a number of tokens from a token bucket, the token bucket comprising a token bucket depth and a sustain rate, wherein the number of tokens is determined based on a flow amount associated with the one or more packets and a token multiplier associated with a classification of the one or more packets;determining, by the second device and based on a remaining number of tokens in the token bucket, that a burst demand placed on the network by the user over a first period of time has met or exceeded the sustain rate and, in response to the determining that the burst demand has met or exceeded the sustain rate, temporarily reducing the token bucket depth; andin response to determining, by the second device and after determining that the ...

SERVICE LINK SELECTION CONTROL METHOD AND DEVICE

Disclosed are a flow classifier, policy and charging rules function unit and controller. The flow classifier receives a service chain selection control policy sent by a policy and charging rules function unit. The service chain selection control policy includes a corresponding relation between an application type and an identifier of a service chain. The service chain is a path formed by a forwarding device and a value-added service device both of which a service flow with the application type needs to pass through. The flow classifier detects the service flow with the application type based on the service chain selection control policy and adds the identifier of the service chain to a message of the service flow. The flow classifier sends the message of the service flow with the added identifier of the service chain to a forwarding device directly connected to the flow classifier. 1. A flow classifier , comprising:one or more processors; and receive a service chain selection control policy sent by a policy and charging rules function (PCRF) unit, wherein the service chain selection control policy comprises a corresponding relation between an application type and an identifier of a service chain, and the service chain is a path formed by a forwarding device and a value-added service device both of which a service flow with the application type needs to pass through;', 'detect the service flow with the application type based on the service chain selection control policy, and add the identifier of the service chain to a message of the service flow; and', 'send the message of the service flow with the added identifier of the service chain to a forwarding device directly connected to the flow classifier., 'a memory storing program instructions that, when executed by the one or more processors, configure the flow classifier to2. The flow classifier according to claim 1 , wherein the flow classifier is configured to receive claim 1 , through an extended Gx interface ...

Technologies for annotating process and user information for network flows

Systems, methods, and computer-readable media for annotating process and user information for network flows. In some embodiments, a capturing agent, executing on a first device in a network, can monitor a network flow associated with the first device. The first device can be, for example, a virtual machine, a hypervisor, a server, or a network device. Next, the capturing agent can generate a control flow based on the network flow. The control flow may include metadata that describes the network flow. The capturing agent can then determine which process executing on the first device is associated with the network flow and label the control flow with this information. Finally, the capturing agent can transmit the labeled control flow to a second device, such as a collector, in the network.

SYSTEM AND METHOD OF SUPPRESSING INBOUND PAYLOAD TO AN INTEGRATION FLOW OF AN ORCHESTRATION BASED APPLICATION INTEGRATION

In accordance with an embodiment, described herein are systems and methods for suppressing inbound payload to an integration flow of an orchestration based application integration. The systems and methods described herein can, based upon a scan of an integration, identify and exclude from memory certain portions of one or more payloads that are received at the integration flow. 1. A system for suppressing inbound payload to an integration flow of an orchestration based application integration , comprising:a computer including one or more microprocessors;an integration platform running on the computer; andan integration flow provided at the integration platform, the integration flow comprising a plurality of connectors, wherein at least one of the plurality of connectors is associated with a property file;wherein the integration flow is scanned;wherein a list of payload elements used within the integration flow is generated as a result of the scan;wherein a property file of the at least one of the plurality of connectors is updated to reflect the list of payload elements used within the integration flow;wherein updating the property file comprises writing to the property file one of a list of included payload elements or excluded payload elements; andwherein upon a payload being received at the integration flow, selected portions of the payload file stored in memory associated with the integration platform based upon the updated property file.2. The system of claim 1 ,wherein each of the plurality of connections links to a respective external application of a plurality of external applications.3. The system of claim 2 ,wherein the payload is received from an external application the plurality of external applications.4. The system of claim 3 ,wherein the scan of the integration flow determines a plurality of elements of a payload received in the integration flow from a call to the external application of the plurality of external applications.5. The system of claim 4 ...

MULTICORE OFFLOADING OF NETWORK PROCESSING

A method for reassigning flows to cores in a multi-core network device includes receiving a packet flow and periodically determining a packet rate of the flow and the processing load on each of the worker cores. Unassigned flows are assigned to the least loaded core. If an assigned flow has a packet rate that exceeds a particular threshold proportion of the processing capacity of the currently assigned worker core, reassigning the flow to the lowest loaded worker core unless the resulting load would exceed the current load on the currently assigned worker core. 1. A method for processing network flows in a multi-core network device , the method comprising:receiving a packet flow at a network device having a plurality of worker cores;periodically determining a packet rate of the flow and the processing load on each of the worker cores;determining if the flow is currently assigned to one of the plurality of worker cores;in response to determining that a flow is not assigned, assigning the flow to a worker core that has the lowest processing load among the plurality of worker cores; determining which of the plurality of worker cores has the lowest load;', 'determining if reallocating the flow to the lowest loaded worker core would cause the load on the lowest load worker core to exceed the current load on the currently assigned worker core;', 'in response to determining that reallocating the flow would not cause the load on the lowest load worker core to exceed the current load on the currently assigned worker core, reallocating the flow to the lowest load worker core., 'in response to determining that a flow is currently assigned and that the determined packet rate exceeds a particular threshold proportion of the processing capacity of the currently assigned worker core2. The method of wherein the multi-core network device is programmed and configured to operate using a modular software architecture claim 1 , the method further comprising:generating an instance of an ...

SERVICE OFFLOADING METHOD, APPARATUS, AND SYSTEM, ELECTRONIC DEVICE, AND STORAGE MEDIUM

Aspects of the disclosure provide methods and apparatuses for service offloading. In some examples, a processing circuitry of an electronic device detects that received information associated with a service flow satisfies a preset rule, and generates an offloading strategy that uses a first network address in the received information associated with the service flow as an offloading address. Then, the processing circuitry offloads a first uplink data packet associated with the service flow from a terminal device to an edge network according to the offloading strategy in response to a destination address of the first uplink data packet matching the offloading address. Non-transitory computer-readable storage medium counterpart embodiments are also contemplated. 1. A method for service offloading , comprising:detecting that received information associated with a service flow satisfies a preset rule;generating, by processing circuitry, an offloading strategy that uses a first network address in the received information associated with the service flow as an offloading address; andoffloading a first uplink data packet associated with the service flow from a terminal device to an edge network according to the offloading strategy, a destination address of the first uplink data packet matching the offloading address.2. The method according to claim 1 , wherein after the generating the offloading strategy claim 1 , the method further comprises:transmitting the offloading strategy to a session management function entity;receiving a response message from the session management function entity;activating the offloading strategy, in response to the response message agreeing to the offloading strategy; anddeactivating the offloading strategy, in response to the response message rejecting the offloading strategy.3. The method according to claim 1 , wherein the received information associated with the service flow is a domain name system (DNS) response message claim 1 , and the ...

SESSIONIZATION OF NETWORK FLOWS IN A WIRELESS COMMUNICATION NETWORK

Systems and methods discussed herein are directed to combining multiple network flows with respect to usage of applications into sessions. A record of a plurality of network flows may be obtained where the record relates to usage of the application by a user device in a wireless communication network. The plurality of network flows may be combined into a session, where an earliest start time of a network flow represents a session start time for the session and a latest end time of a network flow represents a session end time for the session. Based at least in part on the session start time and the session end time, a usage of the application during the session by the user device may be determined. Based at least in part on a plurality of sessions, usage of the application in the wireless communication network may be estimated. 1. A method comprising: obtaining a record of a plurality of network flows related to usage of the application by a user device in the wireless communication network;', 'determining a first start time for a first network flow of the plurality of network flows, the first start time representing an earliest start time for the plurality of network flows;', 'determining a first end time for a second network flow of the plurality of network flows, the first end time representing a latest start time for the plurality of network flows;', 'combining the plurality of network flows into the session, the first start time being a session start time for the session and the first end time being a session end time for the session; and', 'determining, based at least in part on the session start time and the session end time, a usage of the application during the session by the user device; and, 'determining a plurality of sessions relating to usage of an application by users in a wireless communication network, the determining of a session of the plurality of sessions comprisingestimating, based at least in part on the plurality of sessions, usage of the ...

HYBRID PACKET MEMORY FOR BUFFERING PACKETS IN NETWORK DEVICES

A network device processes received packets to determine port or ports of the network device via which to transmit the packets. The network device classifies the packets into packet flows and selects, based at least in part on one or more characteristics of data being transmitted in the respective packet flows, a first packet memory having a first memory access bandwidth or a second packet memory having a second memory access bandwidth, and buffers the packets in the selected first or second packet memory which the packets are being processed by the network device. After processing the packets, the network device retrieves the packets from the first packet memory or the second packet memory in which the packets are buffered, and forwards the packets to the determined one or more ports for transmission of the packets. 1. A method for processing packets in a network device , the method comprising:receiving, at a packet processor of the network device, packets ingressing via a network port among a plurality of network ports of the network device;processing, with the packet processor, the packets at least to determine one or more network ports, of the plurality of network ports, via which the packets are to be transmitted from the network device;classifying, with the packet processor according at least in part to source address information and destination address information obtained from headers of the packets, the packets into packet flows;selecting, with the packet processor based at least in part on one or more characteristics of data being transmitted in the respective packet flows, one of i) a first packet memory having a first memory access bandwidth and ii) a second packet memory having a second memory access bandwidth different from the first memory access bandwidth of the first packet memory, for buffering packets that belong to the respective packet flows while the packets are being processed by the network device, the one or more data characteristics being ...

Dynamic Assignment of Traffic Classes to a Priority Queue in a Packet Forwarding Device

Responsive to detecting that bandwidth consumption of a packet flow has exceeded a threshold, packet forwarding treatment is changed in accordance with at least one class of packet flow from a first packet forwarding treatment to a second packet forwarding treatment.

Quality of service (qos) management in wireless networks

A core network (CN) may establish and distribute a quality of service (QoS) policy across a wireless communication system, e.g., by sending QoS policy information to an access network and to user equipment. The QoS policy may be implemented with respect to data network (DN) sessions as well as data sessions. For each DN session or data session, the QoS policy may be applied by explicit or implicit request, and data sessions may in some examples utilize pre-authorized QoS policies without the need to request the QoS. Other aspects, embodiments, and features may also be claimed and described.

System for early system resource constraint detection and recovery

A system for optimizing network traffic is described. The system includes a quality of service (QoS) engine configured to acquire information regarding a plurality of data packets comprising a plurality of data packet flows operating over a plurality of links. The QoS engine can be further configured to determine a flow priority to the plurality of data packets flows, and to determine TCP characteristics for the plurality of data packet flows. The system further includes a TCP controller configured to acquire the flow priority to the plurality of data packets from the QoS engine. The TCP controller can be configured to obtain queue information associated with the plurality of data packets, and adjust a receive window size based on the flow priority and the queue information.

EFFICIENT PACKET CLASSIFICATION FOR DYNAMIC CONTAINERS

A novel algorithm for packet classification that is based on a novel search structure for packet classification rules is provided. Addresses from all the containers are merged and maintained in a single Trie. Each entry in the Trie has additional information that can be traced back to the container from where the address originated. This information is used to keep the Trie in sync with the containers when the container definition dynamically changes. 120-. (canceled)21. A method for classifying an incoming packet based on a set of rules comprising:using an address-based search structure to identify a first set of potential matching rules for the incoming packet based on source and destination addresses of the incoming packet;using a port-based search structure to identify a second set of potential matching rules for the incoming packet based on source and destination ports of the incoming packet;using a protocol-based search structure to identify a third set of potential matching rules for the incoming packet based on the protocol of the incoming packet;identifying a matching rule for the incoming packet from the first, second, and third sets of potential matching rules.22. The method of claim 21 , wherein the port-based search structure comprises a discrete port value search structure for identifying rules that specifies a single explicit value for at least one of its source or destination port field.23. The method of claim 22 , wherein the discrete port value search structure is a binary search tree claim 22 , wherein each node in the binary search tree corresponds to a different discrete port value.24. The method of claim 22 , wherein the port-based search structure further comprises a port expression search structure for identifying rules that specifies a range or collection of ports values by using expressions or relational operators.25. The method of claim 24 , wherein the port expression search structure is a link list claim 24 , wherein each node in the ...

METHOD, DEVICE AND COMPUTER READABLE STORAGE MEDIUM FOR TRANSMITTING INFORMATION

A method and device for transmitting information are provided. The method includes: querying a corresponding second QoS flow identifier and a length of the second QoS flow identifier from stored configuration information in accordance with a first QoS flow identifier of data to be transmitted, where the configuration information includes a configuration list corresponding to a data bearer, the configuration list is configured to store a correspondence relationship among the first QoS flow identifier, the second QoS flow identifier and the length of the second QoS flow identifier, and the length of the second QoS flow identifier is smaller than a length of the first QoS flow identifier; and adding the second QoS flow identifier into a packet header of the data and implementing information transmission based on data obtained after addition when the second QoS flow identifier and the length of the second QoS flow identifier are queried. 1. A method for transmitting information , comprising:based on a first Quality of Service (QoS) flow identifier of data to be transmitted, querying a corresponding second QoS flow identifier and a length of the second QoS flow identifier from stored configuration information, the configuration information comprising a configuration list corresponding to a data bearer, the configuration list being configured to store a correspondence relationship among the first QoS flow identifier, the second QoS flow identifier and the length of the second QoS flow identifier, wherein the length of the second QoS flow identifier is smaller than a length of the first QoS flow identifier; andadding the second QoS flow identifier into a packet header of the data and implementing information transmission based on data obtained after addition when the second QoS flow identifier and the length of the second QoS flow identifier are queried.2. The method according to claim 1 , wherein the configuration information further comprises first indication information ...

SUPPORTING ASYNCHRONOUS PACKET OPERATIONS IN A DETERMINISTIC NETWORK

In one embodiment, a particular device in a deterministic network performs classification of one or more packets of a traffic flow between a source and a destination in the deterministic network. The particular device determines, based on the classification of the one or more packets, a requirement of the traffic flow. The particular device performs, based on the requirement, a packet operation on at least one packet of the traffic flow. The particular device sends packets of the traffic flow towards the destination via two or more paths in the deterministic network. 1. A method comprising:performing, by a particular device in a deterministic network, classification of one or more packets of a traffic flow between a source and a destination in the deterministic network;determining, by the particular device and based on the classification of the one or more packets, a requirement of the traffic flow;performing, by the particular device, based on the requirement, a packet operation on at least one packet of the traffic flow; andsending, by the particular device, packets of the traffic flow towards the destination via two or more paths in the deterministic network.2. The method as in claim 1 , wherein performing the packet operation on at least one packet of the traffic flow comprises:load balancing the traffic flow across the two or more paths in the deterministic network.3. The method as in claim 1 , wherein the requirement specifies a service in the deterministic network to be applied to the traffic flow.4. The method as in claim 3 , wherein the service comprises a packet inspection service claim 3 , a packet tagging service claim 3 , or a firewall service.5. The method as in claim 3 , wherein performing the packet operation comprises generating a replicate of at least one packet of the traffic flow claim 3 , and wherein sending packets of the traffic flow towards the destination via two or more paths in the deterministic network comprises:sending the replicate via ...

Distributed antenna system, frame processing method therefor, and congestion avoiding method therefor

According to one or more embodiments of the present invention, a frame processing method of a distributed antenna system may include confirming whether a quality of service (QoS) tag exists in header information of a received frame; performing frame scheduling of the frame based on the QoS tag; and dropping or transmitting the frame according to a transmission priority according to a result of the frame scheduling.

DIFFERENTIATED SERVICE BEHAVIOR BASED ON DIFFERENTIATED SERVICES CODE POINT (DSCP) BITS

A device may be configured to receive an Internet Protocol (IP) packet from a client device. The IP packet may include DiffServ Code Points (DSCP) information and payload data. The device may read the DSCP information included in the IP packet. The device may determine a module to load based on the DSCP information and before reading the payload data included in the IP packet. The device may load the module and provide a service to the client device based on the loaded module and the IP packet. 1. A device , comprising: [ 'the IP packet including DiffServ Code Points (DSCP) information and', 'receive an Internet Protocol (IP) packet from a client device,'}, 'payload data;', 'read the DSCP information included in the IP packet;', 'determine a module to load based on the DSCP information and before reading the payload data included in the IP packet;', 'load the module; and', 'provide a service to the client device based on the loaded module and the IP packet., 'one or more processors to2. The device of claim 1 , where the one or more processors claim 1 , when determining the module to load claim 1 , are further to:determine the module to load independent of the payload data.3. The device of claim 1 , where the one or more processors claim 1 , when receiving the IP packet claim 1 , are further to:receive the IP packet via a socket, and 'copy the DSCP information in a memory associated with the socket.', 'the one or more processors are further to4. The device of claim 1 , where the one or more processors claim 1 , when reading the DSCP information included in the IP packet claim 1 , are further to:read the DSCP information through a socket option.5. The device of claim 1 , where the one or more processors claim 1 , when reading the DSCP information claim 1 , are further to: 'the server device application being used to determine the module to load.', 'cause a server device application to receive the DSCP information through a socket option,'}6. The device of claim 1 , ...

SYSTEM AND METHOD FOR IMPLEMENTING UNIVERSAL CLOUD CLASSIFICATION (UCC) AS A SERVICE (UCCAAS)

Disclosed is a system and method of providing transport-level identification and isolation of container traffic. The method includes assigning, by a software-defined-network (SDN) controller in an SDN-enable cloud environment, a service-ID to a service, a tenant-ID to a tenant and/or workload-ID to yield universal cloud classification details, and extracting, from a data flow, the universal cloud classification details. The method includes receiving a policy, generating flow rules based on the policy and universal cloud classification details, and transmitting the flow rules to an openflow application to confine packet forwarding decisions for the data flow. 1. A method comprising:assigning, by a software defined network controller in a software-defined network-enable cloud environment, a service-ID to a service and a tenant-ID to a tenant, to yield universal cloud classification details;extracting, from a data flow, the universal cloud classification details;generating flow rules based on a received policy and universal cloud classification details; andtransmitting the flow rules to an application to confine packet forwarding decisions for the data flow.2. The method of claim 1 , further comprising storing the service-ID and tenant-ID.3. The method of claim 1 , wherein the universal cloud classification details are stored in header of a packet in the data flow.4. The method of claim 1 , wherein the flow rules are defined using a 5-tuple classification.5. The method of claim 1 , wherein the flow rules are defined without direct understanding of the service-ID or the tenant-ID.6. The method of claim 1 , wherein the software defined network controller communicates via an API.7. The method of claim 1 , wherein the policy is based on the service-ID and the tenant-ID.8. The method of claim 1 , wherein the policy is defined on one of a per service-ID basis and per tenant-ID basis.9. The method of claim 1 , wherein the extracting comprises extracting the universal cloud ...

SWITCH, COMPUTER SYSTEM USING SAME, AND PACKET FORWARDING CONTROL METHOD

Provided are a PCIe switch provided with a bandwidth control function, and a computer system using the same. The PCIe switch has: input ports to which are connected initiators that generate packets; output ports to which are connected targets that are the transmission destinations of the packets; and an output port adjustment section intervening between the input ports and the output ports, for adjusting the output of packets from the input ports to the output ports. The input ports further have a bandwidth control section that establishes bandwidth limit values beforehand for each of a plurality of divided groups; classifies packets transmitted from the initiators into any of the plurality of groups according to a predetermined rule; and outputs the classified packets to the output adjustment section, on the basis of the bandwidth limit values. 1. A switch that connects initiators that generate packets and targets which are transmission destinations of the packets , the switch comprising:input ports to which the initiators are connected; output ports to which the targets are connected; and an output port adjustment section intervening between the input ports and the output ports, for adjusting the output of packets from the input ports to the output ports, whereinthe input ports further have a bandwidth control section that establishes bandwidth limit values beforehand for each of a plurality of divided groups; classifies packets transmitted from the initiators into any of the plurality of groups according to a predetermined rule; and outputs the classified packets to the output port adjustment section, on the basis of the bandwidth limit values.2. The switch according to claim 1 , wherein the bandwidth control section determines priority of the group claim 1 , on the basis of the bandwidth limit values established beforehand and a flow rate of packets measured for a predetermine term claim 1 , from a usage bandwidth at a time point before the measurement to ...

Method and Apparatus for Processing Bearer

The present invention provides a method and an apparatus for processing a bearer. The method includes performing depth packet inspection DPI processing on a traffic flow of a service according to a preset layer-7 protocol type matching rule. Alternatively, shallow packet inspection SPI processing is performed on a traffic flow of a service according to a preset layer-3 or layer-4 protocol type matching rule so as to obtain a DPI/SPI processing result. According to the DPI/SPI result and the preset matching rule, a service quality attribute parameter of the service is determined. The method further includes determining whether the service quality attribute parameter is the same as a service quality attribute parameter of an existing bearer, and if different, creating a dedicated bearer for the service.

MAXIMIZING BOTTLENECK LINK UTILIZATION UNDER CONSTRAINT OF MINIMIZING QUEUING DELAY FOR TARGETED DELAY-SENSITIVE TRAFFIC

In one embodiment, a system and method include determining bandwidth of a link that connects a local modem to a remote router. A first percentage of the bandwidth is assigned to a first class of data and a second percentage of bandwidth is assigned to a second class of data. The remaining percentage of the bandwidth is assigned for nominal excess capacity. The flow of first class of data and second class of data are controlled to below respective percentages of the bandwidth.

Congestion control enforcement in a virtualized environment

In a data network congestion control in a virtualized environment is enforced in packet flows to and from virtual machines in a host. A hypervisor and network interface hardware in the host are trusted components. Enforcement comprises estimating congestion states in the data network attributable to respective packet flows, recognizing a new packet that belongs to one of the data packet flows, and using one or more of the trusted components and to make a determination based on the congestion states that the new packet belongs to a congestion-producing packet flow. A congestion-control policy is applied by one or more of the trusted components to the new packet responsively to the determination.

SERVICE LAYER SOUTHBOUND INTERFACE AND QUALITY OF SERVICE

Existing resource reservation techniques are inefficient for M2M communications. In an example embodiment described herein, a system comprises a service layer server that resides on a service layer and a control plane node that resides on an access network, wherein the service layer server communicates with the control plane node via a control plane interface. The control plane interface can be used to configure quality of service (QoS) policies (rules) that are based on an object that is being addressed. In this context, for example, an object may be a memory location or value. For example, the service layer may configure one or more QoS rules for the access network based on the object by sending a QoS provisioning message that includes one or more parameters to the control plane node. The control plane node may determine the object that is identified in the one or more QoS rules, and the QoS rules may be distributed to one or more routers that may be used to access the object. The access network may apply the one or more QoS rules in accordance with the parameters.

Multi-Level Flow Control

Various methods, systems, and apparatuses can be used to control flow in an ethernet environment. In some implementations, methods can include receiving a flow of ethernet frames at a first device via an ethernet switch, determining that a buffer at the first device exceeds a threshold for an incoming flow, generating an initial pause frame operable to pause only a second device, and transmitting the initial pause frame to the ethernet switch.

Providing security through characterizing mobile traffic by domain names

A method, computer-readable medium, and apparatus for classifying mobile traffic for securing a network or a mobile user endpoint device are disclosed. For example, a method may include a processor for classifying mobile network traffic using a probabilistic model for a plurality of mobile software applications based on a distribution of domain names, detecting an anomaly associated with a mobile software application of the plurality of mobile software applications, and performing a remedial action to address the anomaly.

SERVICE TRAFFIC STEERING METHOD, DEVICE AND SYSTEM

A service traffic steering method, device and system are provided. The method includes that: a steering path identifier of a downlink service traffic is identified according to a service traffic steering policy; and the steering path identifier of the downlink service traffic and description information of the downlink service traffic are sent to a downlink classifier to enable the downlink classifier to mark the downlink service traffic according to the steering path identifier of the downlink service traffic, an uplink classifier and the downlink classifier are deployed in different network devices. 1. A service traffic steering method , applied to an uplink classifier , the method comprising:identifying a steering path identifier of a downlink service traffic according to a service traffic steering policy; andsending the steering path identifier of the downlink service traffic and description information of the downlink service traffic to a downlink classifier to enable the downlink classifier to mark the downlink service traffic according to the steering path identifier of the downlink service traffic, wherein the uplink classifier and the downlink classifier are deployed in different network devices.2. The method according to claim 1 , wherein the step of identifying the steering path identifier of the downlink service traffic according to the service traffic steering policy comprises:when the steering path identifier of the downlink service traffic can be directly identified according to an uplink service traffic, directly identifying the uplink service traffic to obtain the steering path identifier of the downlink service traffic according to the service traffic steering policy.3. The method according to claim 1 , wherein the step of identifying the steering path identifier of the downlink service traffic according to the service traffic steering policy comprises:when the steering path identifier of the downlink service traffic cannot be directly identified ...

Flow-based management of shared buffer resources

An apparatus for controlling a Shared Buffer (SB), the apparatus including an interface and a SB controller. The interface is configured to access flow-based data counts and admission states. The SB controller is configured to perform flow-based accounting of packets received by a network device coupled to a communication network, for producing flow-based data counts, each flow-based data count associated with one or more respective flows, and to generate admission states based at least on the flow-based data counts, each admission state being generated from one or more respective flow-based data counts. 1. Apparatus for controlling a Shared Buffer (SB) , the apparatus comprising:an interface configured to access flow-based data counts and admission states; and perform flow-based accounting of packets received by a network device coupled to a communication network for producing flow-based data counts, each flow-based data count associated with one or more respective flows; and', 'generate admission states based at least on the flow-based data counts, each admission state being generated from one or more respective flow-based data counts., 'a SB controller configured to2. The apparatus according to claim 1 , wherein the SB is comprised in a memory accessible to the SB controller claim 1 , the memory being external to the apparatus.3. The apparatus according to claim 1 , wherein the apparatus further comprises a memory claim 1 , and the SB is comprised in the memory.4. The apparatus according to claim 1 , further comprising:multiple ports including an ingress port, configured to connect to the communication network; and receive a packet from the ingress port;', 'classify the packet into a respective flow; and', 'based on one or more admission states that were generated based on the flow-based data counts, decide whether to admit the packet into the SB or drop the packet., 'data-plane logic, configured to5. The apparatus according to claim 1 , wherein the SB controller ...

Function Based Dynamic Traffic Management for Network Services

Technologies are disclosed for local and distributed function based dynamic traffic management for network services. A service host executes a network service and provides a service framework that includes one or more handlers. When a request is received for the service, one of the handlers assigns a classification to the request. The handler then provides the classification to a dynamic function based traffic controller. The controller determines whether the network service is to process the request based on the classification of the request, metrics associated with the network service, and a local traffic management policy. If the controller determines that the network service is not to process the request, the request is rejected. Otherwise, the request is passed to the network service for processing. Metrics can also be provided from the service host to a distributed performance monitoring system for use in managing network traffic at a fleet level. 1. A method comprising:receiving, at a fleet of service host computers, a service request directed to a network service;responsive to receiving the service request, determining a classification associated with the service request;determining whether the service request is to be processed by the network service based at least in part on the classification, one or more real time or near real time metrics associated with the network service, and a distributed traffic management policy, wherein the distributed traffic management policy defines a traffic management function having an input comprising a value of at least one of the one or more real time or near real time metrics and an output defining a throttle rate at which at least one of the fleet of service host computers is to throttle service requests of the classification; andin response to determining that the service request is not to be processed by the network service, rejecting the service request.2. The method as recited in claim 1 , wherein the throttle rate ...

ENCRYPTED TRAFFIC ANALYSIS CONTROL MECHANISMS

In one embodiment, a service monitors collection of telemetry data by a telemetry exporter in a network. The telemetry exporter collects the telemetry data from a plurality of interfaces via which a plurality of encrypted traffic flows flow. The telemetry exporter also sends the collected telemetry data to a traffic analysis service for analysis. The service determines that a cost associated with the collection of the telemetry data by the telemetry exporter exceeds a cost threshold. The service selects a subset of the interfaces from which telemetry data is to be captured by the telemetry exporter, based in part on a determination that the cost associated with the collection of the telemetry data exceeds the cost threshold. The service controls the telemetry exporter to collect telemetry data to for a subset of the plurality of encrypted traffic flows using the selected subset of interfaces. 1. A method comprising:monitoring, by a service, collection of telemetry data by a telemetry exporter in a network, wherein the telemetry exporter collects the telemetry data from a plurality of interfaces via which a plurality of encrypted traffic flows flow, and wherein the telemetry exporter sends the collected telemetry data to a traffic analysis service for analysis;determining, by the service, that a cost associated with the collection of the telemetry data by the telemetry exporter exceeds a cost threshold;selecting, by the service, a subset of the interfaces from which telemetry data is to be captured by the telemetry exporter, based in part on a determination that the cost associated with the collection of the telemetry data exceeds the cost threshold; andcontrolling, by the service, the telemetry exporter to collect telemetry data to for a subset of the plurality of encrypted traffic flows using the selected subset of interfaces.2. The method as in claim 1 , wherein the telemetry data for a particular one of the encrypted traffic flows comprises a first packet of the ...

Network Application Security Policy Generation

Embodiments of the present invention generate network communication policies by applying machine learning to existing network communications, and without using information that labels such communications as healthy or unhealthy. The resulting policies may be used to validate communication between applications (or services) over a network. 1 (1) data representing a local Internet Protocol (IP) address, local port, and protocol of the communication;', '(2) data representing a remote IP address and remote port of the communication;', '(3) data, other than the local IP address, local port, and protocol of the communication, representing a source application of the communication; and', '(4) data, other than the remote IP address and remote port of the communication, representing a destination application of the communication;, '(A) for each of a plurality of communications over a network between applications executing on a plurality of computer systems, collecting and storing data about the plurality of communications, including, for each of the plurality of communications(B) generating flow data based on the data about the plurality of communications collected and stored in (A), wherein the flow data includes a plurality of flow objects, wherein each of the plurality of flow objects contains data representing communications involving a single corresponding application;(C) producing match data containing a plurality of match objects, wherein each of the match objects represents a pair of flow objects, in the plurality of flow objects, representing a flow at a source end of a network communication and a flow at a destination end of the network communication wherein the plurality of match objects do not include labels labeling communications as healthy or unhealthy; and(D) generating a network communication model based on the match data, the network communication model comprising a plurality of rules, each of which comprises at least one feature-value pair representing a ...

Network-On-Chip Link Size Generation

The present disclosure advantageously provides a system, a computer-readable medium and a method for synthesizing a Network-on-Chip (NoC). A plurality of route feature vectors are determined based on a network configuration for the NoC. The network configuration includes bridge ports, routers, connections and routes. A link size is determined for each router by providing route feature vectors to a supervised learning-based (SLB) model. The SLB model generates a plurality of route label vectors based on the route feature vectors. Each route label vector is associated with a route feature vector, and includes the link size and a route position for each router. A resizer is added between a bridge and a router with different link sizes or between adjacent routers with different link sizes. Pipeline and retiming components are added based on timing. An output specification is then generated for the NoC. 1. A computer-based method for synthesizing a Network-on-Chip (NoC) , comprising:determining a plurality of route feature vectors based on a network configuration for a NoC, the network configuration including a plurality of bridge ports, a plurality of routers, a plurality of connections and a plurality of routes, each route including a source bridge port, a destination bridge port and one or more routers disposed along a connection route between the source bridge port and the destination bridge port, where each route feature vector is associated with a route and includes a source bridge port link size, a destination bridge port link size, and a router data set for each router in the route; 'providing the route feature vectors to a supervised learning-based (SLB) model to generate a plurality of route label vectors, where each route label vector is associated with a route feature vector and includes the link size and a route position for each router, and where the SLB model is trained based on a plurality of reference route feature vectors and a plurality of associated ...

METHOD OF PROVIDING NETWORK SLICE PACKET FLOW DESCRIPTORS TO A SESSION MANAGEMENT FUNCTION IN A TELECOMMUNICATION NETWORK

A method is disclosed for providing a Packet Flow Descriptor, PFD, to a session management function, SMF, in a telecommunication network that supports network slicing and that includes a Packet Flow Description Function, PFDF, for hiding a topology of the telecommunication network from Application Service Providers, ASP, where the PFDF is shared among slices of the telecommunication network. The method includes receiving a PFD from an ASP, and storing the PFD in a Unified Data Repository, UDR. The method further includes receiving, from the SMF, a request for PFDs that apply to a particular slice, retrieving, from the UDR, the PFD that applies to the particular slice, and providing the retrieved PFD to the SMF. 1. A method of providing a Packet Flow Descriptor (PFD) to a session management function (SMF) in a telecommunication network , wherein said telecommunication network is able to support network slicing , wherein said telecommunication network comprises a Packet Flow Description Function (PFDF) arranged for hiding a topology of said telecommunication network from Application Service Providers (ASPs) and wherein said PFDF is shared among slices of said telecommunication network , said method comprises the steps of:receiving, by said PFDF, from an ASP, a PFD;storing, by said PFDF, said PFD in a Unified Data Repository (UDR) comprised by said telecommunication network;receiving, by said PFDF, from a Session Management Function (SMF) a request for PFDs that apply to a particular slice;retrieving, by said PFDF, from said UDR said PFD that applies to said particular slice;providing, by said PFDF, said retrieved PFD to said SMF.2. The method according to claim 1 , wherein said step of storing comprises:storing, by said PFDF, said PFD with identifications of corresponding applicable slices in said UDR.3. The method according to claim 2 , wherein said received request from said SMF comprises an identification of said particular slice claim 2 , and wherein said step of ...

HIGH PERFORMANCE FOR EFFICIENT AUTO-SCALING OF STATEFUL SERVICE

A method is provided including obtaining at a newly added flow mapper node of a plurality of flow mapper nodes, from a first flow locator node of a plurality of flow locator nodes, a flow owner lookup request for flow state information that includes identification of a particular flow locator that is to handle processing of a packet flow. The newly added flow mapper node determines whether it has stored flow state information. When the newly added flow mapper node does not have stored flow state information, the newly added flow mapper node identifies a particular flow mapper node of the plurality of flow mapper nodes which has stored flow state information for the particular packet flow and services the flow owner lookup request using flow state information stored by the particular flow mapper node. 1. A method comprising:obtaining at a newly added flow mapper node of a plurality of flow mapper nodes, from a first flow locator node of a plurality of flow locator nodes, a flow owner lookup request for flow state information that includes identification of a particular flow locator node that is to handle processing of a packet flow;determining, at the newly added flow mapper node, whether it has stored flow state information;upon determining that the newly added flow mapper node does not have stored flow state information, identifying a particular flow mapper node of the plurality of flow mapper nodes which has flow state information; andservicing the flow owner lookup request using flow state information stored by the particular flow mapper node.2. The method of claim 1 , wherein servicing the flow owner lookup request includes:the newly added flow mapper node providing a flow state transfer request to the particular flow mapper node;obtaining at the newly added flow mapper node, a flow state transfer response from the particular flow mapper node, the flow state transfer response including information identifying the particular flow locator node; andthe newly added ...

HOST-BASED FLOW AGGREGATION

Some embodiments provide a novel method for collecting and reporting attributes of data flows associated with machines executing on a plurality of host computers to an analysis appliance. Each host computer, in some embodiments, is responsible for collecting and reporting attributes of data flows associated with machines executing on a host computer. In some embodiments, the host computer includes a flow exporter that processes and publishes flow data to the analysis appliance, a set of agents for collecting context data relating to the flows from machines executing on the host, a set of additional modules that provide additional context data, an anomaly detection engine that analyzes flow data and context data and provides additional context data, and a context exporter for processing and publishing context data to the analysis appliance. 1. A method for collecting and reporting attributes of data flows associated with machines executing on a host computer , the method comprising:aggregating statistics for individual flows identified during each of a plurality of time periods;for each time period, identifying a plurality of groups of flows with each group comprising one or more individual flows;for each identified group, identifying a set of attributes by aggregating one or more subsets of attributes of one or more individual flows in the group, the subset of attributes of each individual flow in each group comprising the aggregated statistics of the individual flow; andafter the plurality of time periods, providing the set of attributes for each group identified in the plurality of time periods to a server for further analysis of the data flows identified.2. The method of claim 1 , wherein the identified set of attributes are contextual attributes for layers other than layers 2-4 of the open systems interconnection (OSI) model.3. The method of claim 1 , wherein the identified set of attributes are contextual attributes for layers other than layers 2-7 of the open ...

ANALYZING FLOW GROUP ATTRIBUTES USING CONFIGURATION TAGS

Some embodiments provide a novel method for correlating configuration data received from the network manager computer with flow group records. In some embodiments, the correlation with the configuration data identifies a group associated with at least one of: (i) the source machine, (ii) destination machine, and (iii) service rules applied to the flows. The correlation with the configuration data, in some embodiments, also identifies whether a service rule applied to the flows is a default service rule. In some embodiments, the correlation with the configuration is based on a tag included in the flow group record that identifies a configuration version, and a configuration associated with the identified configuration version is used to identify the group association or the identity of the default service rule. 1. A method for processing pluralities of data flow attribute sets and pluralities of configuration data sets each associated with a plurality of host computers , the method comprising: receiving a plurality of configuration tags identifying a plurality of different configuration data sets used to configure the plurality of host computers during the plurality of times;', 'receiving (i) a plurality of attribute sets related to groups of flows processed on the host computers, and (ii) for each attribute set, a configuration tag identifying a configuration data set associated with the attribute set;', 'using the configuration tags to identify the configuration data sets associated with the received attribute sets related to the group of flows processed on the host computers; and', 'using the identified configuration data sets to analyze the groups of flows processed on the host computers., 'at a plurality of times,'}2. The method of claim 1 , wherein the configuration tag associated with the attribute set of a group identifies a configuration data set at the time of the collection of the attribute set.3. The method of claim 2 , wherein an attribute set for a ...

METHODS AND APPARATUSES FOR PACKET SCHEDULING FOR SOFTWARE- DEFINED NETWORKING IN EDGE COMPUTING ENVIRONMENT

Provided are methods and apparatuses for packet scheduling for software-defined networking in an edge computing environment. A packet scheduling method according to an exemplary embodiment of the present disclosure comprises: receiving packets arriving at a queue connected to a switch in a software-defined network in an edge computing environment; moving the packets in the queue forward one position based on the order of arrival each time a packet is served by the switch; and if a new packet enters the switch while the buffer in the queue is full, pushing out the packet at the front and putting the new packet at the end of the queue. 1. A packet scheduling method executed by a packet scheduling apparatus for software-defined networking in an edge computing environment , the method comprising:receiving packets arriving at a queue connected to a switch in a software-defined network in an edge computing environment;moving the packets in the queue forward one position based on the order of arrival each time a packet is served by the switch; andif a new packet enters the switch while the buffer in the queue is full, pushing out the packet at the front and putting the new packet at the end of the queue.2. The packet scheduling method of claim 1 , wherein the switch is multiple switches operating according the OpenFlow protocol in the software-defined network.3. The packet scheduling method of claim 1 , wherein the packet is modeled as following the arrival rate of the Poisson process claim 1 , and the interarrival times of the packets are independent and follow exponential distribution.4. The packet scheduling method of claim 1 , wherein the average service time of the packets in the queue comprises the time required for the processing of the packets which are waiting in the queue at the time of the packet arrival claim 1 , and the time required for the processing of the packet in service.5. The packet scheduling method of claim 4 , wherein the average service time of the ...

METHOD FOR TRANSMITTING DATA BETWEEN A VEHICLE AND A VEHICLE SECURITY SYSTEM, A TRANSMISSION AND RECEPTION DEVICE, AND DATA TRANSMISSION SYSTEM

A method transmits data between a vehicle and a traffic security system. A number of transmission channels are available for transmitting data between the vehicle and the traffic security system. Data packets are specified for the transmission to the traffic security system. The transmission quality of the individual transmission channels is measured. A transmission configuration is selected from a plurality of transmission configurations, from the type of data and the ascertained transmission qualities, and other specifications according to a specified set of rules. The transmission configuration specifies particular transmission channels for individual data packets which are associated with a service, possibly as a function of the content of the data packet. An identifier characterizing the transmission configuration is added to the data packets. The data packets specified in the vehicle for the transmission are transmitted, together with the identifier, to the traffic security system according to the transmission configuration. 1. A method for transmitting data between a vehicle and a traffic security system , which comprises the steps of:making available a number of possible transmission channels for transmitting the data between the vehicle and the traffic security system;specifying data packets for a transmission to the traffic security system;measuring a transmission quality of the possible transmission channels;selecting a transmission configuration from a plurality of previously specified transmission configurations, from a type of the data to be transmitted and ascertained transmission qualities, wherein the transmission configuration specifies the possible transmission channels for the data packets which are associated with a service;adding an identifier characterizing the transmission configuration to the data packets; andtransmitting the data packets specified in the vehicle for the transmission, together with the identifier, to the traffic security ...

ASSET DISCOVERY DATA CLASSIFICATION AND RISK EVALUATION

Methods, systems, and devices for asset discovery, user discovery, data classification, risk evaluation, and data/device security are described. The method includes retrieving data stored at one or more remote locations, summarizing the retrieved data at the one or more remote locations, transferring the summarized data from the one or more remote locations to the at least one computing device, processing the transferred data by the at least one computing device, discovering assets in technology environments, classifying data that resides on each asset of the discovered assets into a respective confidentiality group of multiple confidentiality groups, calculating one or more risk scores for the discovered assets or users of the discovered assets, or both, and performing a security action to protect data that resides on an asset of the discovered assets. 1. A method for asset discovery , data classifications and protection , the method being performed by at least one computing device comprising at least one processor , the method comprising:retrieving data stored at one or more remote locations;summarizing the retrieved data at the one or more remote locations;transferring the summarized data from the one or more remote locations to the at least one computing device;processing the transferred data by the at least one computing device;discovering, based at least in part on the processing of the transferred data, assets in information technology environments, or in operational technology environments, or in internet-of-things technology environments, or in any combination thereof, that are operating in wired networks or wireless networks, or operating in both, wherein discovering the assets includes discovering known assets and unknown assets;classifying, based at least in part on the processing of the transferred data, data that resides on each asset of the discovered assets into a respective confidentiality group of multiple confidentiality groups;calculating, based ...

LDP Switchover Threshold TLV to Denote LSP Switchover Threshold

The present disclosure generally relates to the field of label switching. More specifically, the present disclosure relates to techniques of providing, forwarding and distributing load balancing information in a label switched network. A method of providing load balancing information in a label switched network comprises the steps of: configuring (S), by a first router () of the label switched network, load balancing information, the load balancing information indicating a condition under which load balancing is to be performed for a class of data packets comprising one or more data packets; and providing (S), by the first router (), the configured load balancing information together with label information, being related to the class of data packets, in one message to at least one second router () of the label switched network, in order to establish at least a section of a path for label switching the one or more data packets of the class of data packets through the label switched network on the basis of the label information. 122-. (canceled)23. A method of providing load balancing information in a label switched network , the method comprising:configuring, by a first router of the label switched network, load balancing information, the load balancing information indicating a condition under which load balancing is to be performed for a class of data packets comprising one or more data packets; andproviding, by the first router, the configured load balancing information together with label information, being related to the class of data packets, in one message to at least one second router of the label switched network, in order to establish at least a section of a path for label switching the one or more data packets of the class of data packets through the label switched network based on the label information.24. The method of claim 23 , wherein the providing comprises sending a label mapping message to the at least one second router claim 23 , the label mapping ...

PACKET RELAY DEVICE AND PACKET RELAY METHOD

A packet relay device has a packet receiving unit, a switch, a packet sending unit, an associative memory, and a packet search unit. The packet search unit has action registers which hold information specifying an action to be executed, holds address range information including consecutive address ranges of the associative memory and the action registers in association with each other, and registers a plurality of flow entries at a plurality of addresses in the same address range. The flow entries have conditions identifying the flows associated with the same action. The device inputs header information of the packets into the associative memory, determines the action to be executed in accordance with information read out from the action register corresponding to the address range including an address output from the associative memory, and executes the determined action. 1. A packet relay device which relays packets , comprising:a packet receiving unit which receives packets from an input line;a switch for switching the packets received by the packet receiving unit;a packet sending unit which sends the packets switched by the switch, through an output line;an associative memory which holds a plurality of flow entries with a set condition identifying a flow to which the packets belong, and, when header information of the input packets satisfies a condition of any of the flow entries, outputs an address of the flow entry with the satisfied condition; anda packet search unit which executes an action associated with the flow to which the packets belong, based on an output of the associative memory, and whereinthe packet search unithas an action register which holds information specifying an action to be executed,holds address range information including consecutive address ranges of the associative memory and the action registers in association with each other,registers the plurality of flow entries with the conditions identifying the flows associated with the same ...

SECURE HANDLE FOR INTRA-AND INTER-PROCESSOR COMMUNICATIONS

A protocol element referred to as a secure handle is described which provides an efficient and reliable method for application-to-application signaling in multi-process and multi-computer environments. The secure handle includes an absolute memory reference which allows the kernel to more quickly and efficiently associate a network data packet with an application's communication context in the kernel. 1. A method of sending a data packet by a source node , comprising:comparing an available source token count with a first positive threshold and a second positive threshold;in response to at least one source token being available, decrementing the available source token count and sending a data packet to a receiver;in response to the available source token count being greater than the first threshold, decrementing the available source token count and sending the data packet; creating a first update token control message,', 'inserting the first update token control message as a piggyback message in the data packet, and', 'sending the data packet including the piggyback message to the receiver;, 'in response to the available source token count being equal to the first positive thresholdin response to the available source token count being less than the first positive threshold and greater than the second positive threshold, decrementing the available source token count and sending the data packet to the receiver; creating a second update token control message,', 'inserting the second update token control message as a piggyback message in the data packet, and', 'sending the data packet including the piggyback message to the receiver;, 'in response to the available source token count being less than the first positive threshold, less than or equal to the second positive threshold, and greater than 0in response to the available source token count being not greater than zero, sending a third update tokens control message and starting a token time, wherein in response to the ...

Organizing and storing network communications

Examples relate to organizing and storing network communications. In one example, a programmable hardware processor may: receive a first set of network packets; identify, for each network packet included in the first set, a network flow, each network flow including at least one related packet; store each network packet included in a subset of the first set in a first data storage device; for each network packet included in the subset, organize the network packet according to the network flow identified for the network packet; identify, from the network flows, a set of network flows that each have at least one characteristic of interest; and store, in a second data storage device, each network packet included in each network flow of the set of network flows.