System and method of predictive internet traffic steering. An internet steering gateway decouples between traffic classification and traffic steering, and includes: a deep packet inspection (DPI) utility to ascertain an indication of a destination remote application server (ras) from an initial packet of a data session in a network; a ras database to store an optimization profile for each ras; and a steering utility to look-up, based on the ras addressing information that was determined by the DPI utility inspection of the initial packet of the data session, an indicated ras in the ras database. The steering utility steers the data session to an external optimization platform (eop) based on the associated profile in the ras database.

PTO Wrapper PDF
Dossier Espace Google
Patent
   RE48434
Priority
Apr 22 2010
Filed
Jul 12 2018
Issued
Feb 09 2021
Expiry
Apr 20 2031
Inventors
Shahar, As…
Assg.orig
Allot Ltd.
Assg.curr
ALLOT LTD
Entity
Large
Referenced by
4
References
16
Maint.:
currently ok
CROSS-REFERENCE TO R…
0. 26. A method comprising:
storing, in a database an associated profile for each of a plurality of remote application servers;
inspecting a first packet of a data session with a deep packet inspection utility to ascertain an indication of a destination remote application server of the plurality of remote application servers;
determining from the first packet a remote application server addressing information;
identifying a destination address for the destination remote application server from the first packet;
looking up the destination remote application server in the database based on the identified destination address;
performing, by the deep packet inspection utility, deep packet inspection on a group of multiple subsequent packets that follow the first packet;
steering the data session in accordance with the associated profile of the destination remote application server stored in the database based on predicting, using account historical session data of the associated profiles, whether the data session is suitable for processing by a first external optimization platform via a route that excludes any proxy server, and without terminating the data session, wherein when the destination remote access server is found in the database, and if the associated profile in the database indicates that traffic intended for the destination remote access server is optimizable, steering the data session to the first external optimization platform based on the associated profile in the database, wherein when the destination remote access server is found in the database, and if the associated profile in the database indicates that traffic intended for said destination remote access server is not optimizable, steering said data session directly to the destination remote access server;
when the destination remote access server was not found in the database, adding a new record in the database with an associated profile per the remote access server addressing information; and
utilizing, by the first external optimization platform, content of the first packet of the data session to perform optimization of the data session,
wherein the method performs decoupling between (i) traffic classification and (ii) traffic steering.
0. 21. A method comprising:
storing, in a database an associated profile for each of a plurality of remote application servers;
inspecting a first packet of a data session with a deep packet inspection utility to ascertain an indication of a destination remote application server of the plurality of remote application servers;
determining from the first packet a remote application server addressing information;
identifying a destination address for the destination remote application server from the first packet;
looking up the destination remote application server in the database based on the identified destination address;
performing, by the deep packet inspection utility, deep packet inspection on a group of multiple subsequent packets that follow the first packet;
steering the data session in accordance with the associated profile of the destination remote application server stored in the database, the steering comprising starting with the first packet of the data session based on predicting the data session is suitable for processing by a first external optimization platform, wherein the predicting takes into account historical session data of the associated profiles, wherein the steering comprises steering the data session to the first external optimization platform via a route that excludes any proxy server and without terminating the data session, wherein when the destination remote access server is found in the database, and if the associated profile in the database indicates that traffic intended for the destination remote access server is optimizable, steering the data session to the first external optimization platform based on the associated profile in the database, wherein when the destination remote access server is found in the database, and if the associated profile in the database indicates that traffic intended for said destination remote access server is not optimizable, steering said data session directly to the destination remote access server;
when the destination remote access server was not found in the database, adding a new record in the database with an associated profile per the remote access server addressing information; and
utilizing, by the first external optimization platform, content of the first packet of the data session to perform optimization of the data session,
wherein the method performs decoupling between (i) traffic classification and (ii) traffic steering.
15. A method for optimizing network service delivery, implementable on an internet service gateway, the method comprising:
storing in a remote access server (ras) database an optimization associated profile for each of a multiplicity of RASs;
inspecting an initial packet of a data session with a deep packet inspection (DPI) utility to ascertain an indication of a destination remote application server (ras) ras, by performing deep packet inspection of said initial packet of said data session passing through said internet service gateway, and determining from said initial packet a ras addressing information;
identifying a destination address for a remote access server (ras) ras from said first initial packet;
looking up said ras in said ras database as per said destination address, wherein said looking up comprises: based on said ras addressing information, that was determined by the DPI utility inspection of said initial packet of the data session, looking up an indicated the destination ras in said ras database;
wherein if when the indicated destination ras is found in said ras database, and if an the associated profile in said ras database indicates that traffic intended for said destination ras is optimizable, then the method comprises steering said data session to an external optimization platform (eop) based on said associated profile in said ras database;
wherein if when the indicated destination ras is found in said ras database, and if the associated profile in said ras database indicates that traffic intended for said destination ras is not optimizable, then the method comprises steering said data session directly to an originally-addressed the destination ras; and,
for said ras found in said ras database, steering said data session in accordance with a profile associated with said ras, wherein steering said data session comprises steering said data session starting with the initial packet of said data session based on predicting whether or not said data session is suitable for processing by a particular eop, wherein said predicting takes into account historical session data of the associated profiles of historical session data;
wherein the method comprises, at said DPI utility, performing, at said DPI utility, deep packet inspection on a group first and second groups of multiple subsequent packets that follow said initial packet of said data session;
based on the results of the deep packet inspection of said first group of multiple subsequent packets, updating the ras database by performing: if when the indicated ras was not found in said looking-up looking up, then adding a new record in said ras database with an associated profile per said ras addressing information; wherein the method comprises
waiting until the deep packet inspection results are confirmed at least one or more times for the second group of multiple subsequent packets before updating said ras database;
steering the data session to the external optimization platform (eop) eop via a route that excludes any proxy server and without terminating the data session in the network;
at the external optimization platform (eop), receiving, at the eop, the data session starting from said initial packet of the data session; and
at the external optimization platform (eop), utilizing, at the eop, at least the content of said initial packet of the data session to perform optimization of said data session;,
wherein the method performs decoupling between (i) traffic classification and (ii) traffic steering.
1. An internet steering gateway comprising:
a memory unit configured to store program code;
a processor configured to execute said program code;
a deep packet inspection (DPI) utility configured to ascertain an indication of a destination remote application server (ras) from an initial packet of a data session in a network;, wherein the DPI utility is configured (A) to inspect said initial packet of said data session passing through said internet steering gateway, and (B) to determine from said initial packet a ras addressing information;
an ras database configured to store an optimization associated profile for each of a multiplicity of said RASs; and
a steering utility configured to look-up lookup, based on said ras addressing information that was determined by the DPI utility inspection of said initial packet of the data session, an indicated ras in said ras database;,
wherein if when the indicated ras is found in said ras database, and if an the associated profile in said ras database indicates that traffic intended for said ras is optimizable, then the steering utility is configured to steer said data session to an at least one external optimization platform (eop) based on said associated profile in said ras database;,
wherein if when the indicated ras is found in said ras database, and if the associated profile in said ras database indicates that traffic intended for said ras is not optimizable, then the steering utility is configured to steer said data session directly to an originally-addressed the indicated ras;,
wherein steering of said data session by said steering utility, is performed by steering configured to steer said data session, starting with said initial packet of said data session, to one of the at least one external optimization platform (eop) eop and a the indicated ras as per said optimization associated profile associated with said indication, based on predicting whether or not said data session is suitable for processing by a particular eop, wherein said predicting takes is configured to take into account historical session data of the associated profiles of historical session data;,
wherein the DPI utility is configured to perform deep packet inspection on a group first and second groups of multiple subsequent packets that follow said initial packet of said data session;,
wherein based on the results of the deep packet inspection of said first group of multiple subsequent packets, the steering utility is configured to update the ras database by performing: if when the indicated ras was not found in said look-up lookup, then the steering utility is configured to add a new record in said ras database with an associated profile per said ras addressing information;, wherein the steering gateway is configured to wait until the deep packet inspection results of the second group of multiple subsequent packets are confirmed at least one or more times before updating said ras database;,
wherein the data session is configured to be steered to the external optimization platform (eop) at least one eop via a route that excludes any proxy server and without terminating the data session in the network;,
wherein the external optimization platform (eop) receives at least one eop is configured to receive the data session starting from said initial packet of the data session;, wherein the external optimization platform (eop) utilizes at least one eop is configured to utilize at least the content of said initial packet of the data session to perform optimization of said data session;, wherein the internet steering gateway is configured to decouple between (i) traffic classification and (ii) traffic steering.
2. The internet steering gateway of claim 1, wherein said optimization associated profile comprises at least an indication whether or not data traffic associated with said ras is optimizable.
3. The internet steering gateway of claim 1, wherein said optimization associated profile comprises an indication of which particular eop, out of a plurality of eops, to steer said data session to for optimization.
4. The internet steering gateway of claim 1, wherein said at least one eop comprises at least two eops selected from a plurality of EPOs eops.
5. The internet steering gateway of claim 1, further comprising:
an eop database configured to store an eop profile and address for each eop of a plurality of eops.
6. The internet steering gateway of claim 5, wherein said DPI utility is configurable further configured to inspect multiple data packets of said data session to ascertain whether or not said data session is optimizable by a particular EPO eop out of a the plurality of available EPOs eops.
7. The internet steering gateway of claim 6, wherein the internet steering gateway further is configured to associate said optimizable data session with said eop profile of said particular EPO eop in order to determine an appropriate said eop for said ras.
8. The internet steering gateway of claim 1, wherein the internet steering gateway further is configured to update said ras database with said ras and an associated said optimization profile, wherein said associated optimization profile comprises at least an indication of said at least one eop that is appropriate for customizing said data traffic associated with said ras based on inspection of a set of packets that includes at least said initial packet of said data session.
9. The internet steering gateway of claim 1, wherein said at least one eop is positioned internally within said internet steering gateway.
10. The internet steering gateway of claim 1, wherein the internet steering gateway further comprises a load balancing unit configured to distribute traffic among multiple EPOs eops and multiple RASs in a generally even manner.
11. The internet steering gateway of claim 1, wherein the internet steering gateway further comprises a load balancing unit configured to distribute traffic among multiple EPOs eops and multiple RASs in a generally even manner, based on information received from the DPI utility, wherein the information comprises information regarding ongoing data sessions with individual server components of EPOs eops and RASs.
12. The internet steering gateway of claim 1, wherein the steering utility steers is configured to steer the data session, starting at the initial packet of the data session, to said at least one eop to enable said at least one eop to process said data session starting from its initial packet.
13. The internet steering gateway of claim 1, wherein the steering utility is configured to steer the data session, starting with its at the initial packet, by selecting one option out of the following three steering options:
(A) if the indicated ras is found in said ras database, and if an associated profile in said ras database indicates that traffic intended for said ras is optimizable, then the steering utility is configured to steer said data session to an external optimization platform (eop) the at least one eop based on said associated profile in said ras database;,
(B) if the indicated ras is found in said ras database, and if the an associated profile in said ras database indicates that traffic intended for said ras is not optimizable, then the steering utility is configured to steer said data session directly to an originally-addressed originally addressed ras;, and
(C) if the indicated ras is not found in said ras database, and regardless of whether or not the data session is optimizable, then the steering utility is configured to steer said data session directly to said originally-addressed originally addressed ras.
14. The internet steering gateway of claim 1, wherein data sessions remain continuous and non-terminated from end-user devices, through the internet steering gateway, to the external optimization platform (eop) at least one eop that optimizes the data session starting from its at the initial packet and in a communication route that excludes any eop proxy server.
16. The method of claim 15, wherein said steering comprises:
steering said data session, including its initial packet, to a particular external optimization platform (eop) eop selected from a plurality of available eops in accordance with said associated profile, wherein said associated profile indicates that said data session is optimizable by said particular eop.
17. The method of claim 15, wherein said steering comprises:
steering said data session to said destination address, starting with the initial packet of said data session, wherein said associated profile does not indicate that said data session is optimizable by an eop.
18. The method of claim 15, further comprising:
inspecting a multiplicity of packets from said data session by said DPI utility;
determining whether or not said data session is optimizable; and
associating said ras with an appropriate eop in said associated profile.
19. The method of claim 15, further comprising:
if when said ras was not found by said looking look up, then adding a record to said ras database for said ras, based on results of deep packet inspection of a group of packets of said data session that comprises at least said initial packet of said data session.
20. The method of claim 15, further comprising:
initializing said ras database with a list of known RASs with their associated said profiles prior to a first operation of of deep packet inspection of said initial packet by said DPI utility.
0. 22. The method of claim 21, wherein the inspecting the first packet of the data session comprises performing deep packet inspection of the first packet of the data session passing through a gateway.
0. 23. The method of claim 22, wherein the gateway is an internet service gateway.
0. 24. The method of claim 21, wherein the associated profile comprises an indication that data traffic associated with the destination remote application server is optimizable.
0. 25. The method of claim 21, wherein the associated profile comprises an indication of which external optimization platform, out of a plurality of external optimization platforms, to steer the data session to for optimization.
CROSS-REFERENCE TO RELATED APPLICATIONS

This application 340 330) and the associated profile in database 230 indicates that traffic intended for the RAS is optimizable (step 340), steering utility 210 may steer (step 350) the data session to an appropriate EOP as per the RAS profile. It will be appreciated that the embodiment of FIGS. 2 is exemplary, system 100 may be configured with multiple EOPs 25 associated with a multiplicity of RASs 30. Accordingly, RAS database 230 may associate one or more EOPs 25 for each RAS 30 associated with optimizable traffic.

If the RAS is not found (step 330) and/or if the associated profile in database 230 indicates that traffic intended for the RAS is not optimizable (step 340), steering utility 210 may steer (step 335) the data session directly to the originally addressed RAS.

It will be appreciated that in such manner an EOP 25 may only handle the specific application related traffic for which it may provide optimization services. As opposed to the prior art where an EOP 25 may be expected to process all of the network's traffic, the present invention substantially reduces the percentage of traffic that is processed by by an EOP 25. For example, in an exemplary network video traffic there may be x data sessions of which one tenth may comprise optimizable video sessions. A prior art EOP proxy server 20 may have to handle x incoming data sessions, initiate an additional x sessions to EOP 25, and then initiate another 0.9x data sessions with RASs 30 for sessions not handled by EOP 25. Accordingly, in system 50 proxy server 20 may participate in 2.9x sessions and EOP 25 may participate in x. In contrast, as implemented in system 100, steering gateway 200 may process only x data sessions and EOP 25 may participate in only 0.1x sessions.

Returning to FIG. 4, regardless of how the data session may be steered (i.e. whether via step 335 or step 350), DPI utility 220 may continue to inspect and analyze (step 360) the next several packets of the data session.

Based on the results of step 360, steering gateway 200 may update (step 370) RAS database 230. For example, if the indicated RAS 30 was not found in the lookup of step 320, gateway 200 may add a new record in database 230 with an associated profile per the addressing information of RAS 30. The profile may then be updated as per the results of step 360. If the analyzed data appears to be optimizable by an EOP 25, then the record will be updated with at least one relevant EOP 25. Accordingly, the next time a data session attempts to connect with the indicated RAS, steering gateway 200 may steer the data session to the relevant EOP 25 instead of directly to the RAS.

It will be appreciated that in such manner, database 230 may be populated over time based on the historical results of step 360. It will further be appreciated that system 100 may therefore begin operation in “learning mode” without an initial list of RAS profiles in database 230. Steering gateway 200 may simply steer all incoming data sessions to their originally addressed RASs 30 until such time as an incoming RAS 30 may be found in database 230. However, it will also be appreciated that RAS database 230 may be initialized with a list of known RAS profiles prior to the start of operation.

There may be occasions on which the results of step 370 may not match the associated profile in RAS database 230. For example, according to the profile, the data associated with the indicated RAS 30 may not be customizable, whereas the results of step 360 may indicate that the data may be customizable. Gateway 200 may be configured to update (step 370) RAS database 230 in accordance with the most recent results of step 36 360. Alternatively, gateway 200 may be configured wait until the results of step 360 are confirmed one or more additional times before updating database 230.

It will be appreciated that the present invention may provide benefit even if a particular EOP 25 may not require proxy functionality, i.e. the EOP functionality does not require any session termination or other proxy like functionality. In the absence of the present invention, the EOP may be required to pre-process every session in the network if it may receive a direct feed of Internet traffic with no steering or filtering. Such pre-processing may likely require an EOP to handle traffic volumes much larger than necessary, thus leading scalability issues.

It will also be appreciated that system 100 as illustrated in FIG. 2 may be exemplary. System 100 may not be limited to steering for any particular EOP 25 and/or RAS 30. Furthermore, unlike the prior art, system 100 may be configured to support a multiplicity of different EOPs 25 processing a multiplicity of different types of data traffic.

It will also be appreciated that steering gateway may comprise an EOP database (not shown) that may store details regarding EOPs 25 recognized by gateway 200. The EOP database, may, for example, store a usage profile and addressing information for EOPs 25. Gateway 200 may use the usage profile to identify an appropriate EOP for a customizable data session identified by DPI unit 220, and steering unit 210 may use the addressing information to steer the data session accordingly.

In accordance with a preferred embodiment of the present invention, steering gateway 200 may also comprise a load balancing unit (not shown) which may enable steering gateway 200 to distribute traffic among EOPs and RASs in a generally even manner. Some EOPs and/or RASs may be comprised of multiple servers operating in tandem. DPI unit 220 may forward information to the load balancing unit regarding ongoing data sessions with the individual servers components of relevant EPOs EOPs and RASs. The load balancing unit may use this information to instruct steering unit 210 in a manner such that the loads on the individual servers are generally even.

Unless specifically stated otherwise, as apparent from the preceding discussions, it is appreciated that, throughout the specification, discussions utilizing terms such as “processing,” “computing,” “calculating,” “determining,” or the like, refer to the action and/or processes of a computer, computing system, or similar electronic computing device that manipulates and/or transforms data represented as physical, such as electronic, quantities within the computing system's registers and/or memories into other data similarly represented as physical quantities within the computing system's memories, registers or other such information storage, transmission or display devices.

Embodiments of the present invention may include apparatus for performing the operations herein. This apparatus may be specially constructed for the desired purposes, or it may comprise a general-purpose computer selectively activated or reconfigured by a computer program stored in the computer. Such a computer program may be stored in a computer readable storage medium, such as, but not limited to, any type of disk, including floppy disks, optical disks, magnetic-optical disks, read-only memories (ROMs), compact disc read-only memories (CD-ROMs), random access memories (RAMs), electrically programmable read-only memories (EPROMs), electrically erasable and programmable read only memories (EEPROMs), magnetic or optical cards, Flash memory, or any other type of media suitable for storing electronic instructions and capable of being coupled to a computer system bus.

The processes and displays presented herein are not inherently related to any particular computer or other apparatus. Various general-purpose systems may be used with programs in accordance with the teachings herein, or it may prove convenient to construct a more specialized apparatus to perform the desired method. The desired structure for a variety of these systems will appear from the description below. In addition, embodiments of the present invention are not described with reference to any particular programming language. It will be appreciated that a variety of programming languages may be used to implement the teachings of the invention as described herein.

While certain features of the invention have been illustrated and described herein, many modifications, substitutions, changes, and equivalents will now occur to those of ordinary skill in the art. It is, therefore, to be understood that the appended claims are intended to cover all such modifications and changes as fall within the true spirit of the invention.

INVENTORS:

Shahar, Asaf

THIS PATENT IS REFERENCED BY THESE PATENTS:
Patent Priority Assignee Title
11115460, Oct 04 2017 Parallels International GmbH Systems and methods for determining an execution location for a utility component
11463914, Sep 24 2020 Juniper Networks, Inc.; Juniper Networks, Inc Application identification and path selection at a wireless access point for local network traffic breakout
11606719, Sep 24 2020 Juniper Networks, Inc Application identification and path selection at a wireless access point for local network traffic breakout
11950139, Sep 24 2020 Juniper Networks, Inc Application identification and path selection at a wireless access point for local network traffic breakout
THIS PATENT REFERENCES THESE PATENTS:
Patent Priority Assignee Title
8873556, Dec 24 2008 PALO ALTO NETWORKS, INC Application based packet forwarding
20030041168,
20030210694,
20060233101,
20070061433,
20070206617,
20090019538,
20090109845,
20090150565,
20090285225,
20100188990,
20100188993,
20100262472,
20120127881,
20120134291,
20120198061,
ASSIGNMENT RECORDS    Assignment records on the USPTO
//
Executed onAssignorAssigneeConveyanceFrameReelDoc
Jul 12 2018Allot Ltd.(assignment on the face of the patent)
Oct 24 2018ALLOT COMMUNICATIONS LTD ALLOT LTDCHANGE OF NAME SEE DOCUMENT FOR DETAILS 0484650783 pdf
MAINTENANCE FEES AND DATES:    Maintenance records on the USPTO
Date Maintenance Fee Events
Jul 12 2018BIG: Entity status set to Undiscounted (note the period is included in the code).
Jul 12 2018BIG: Entity status set to Undiscounted (note the period is included in the code).
Jul 17 2018SMAL: Entity status set to Small.
Jul 17 2018SMAL: Entity status set to Small.
Jan 10 2024BIG: Entity status set to Undiscounted (note the period is included in the code).
Jan 11 2024M1552: Payment of Maintenance Fee, 8th Year, Large Entity.


Date Maintenance Schedule
Feb 09 20244 years fee payment window open
Aug 09 20246 months grace period start (w surcharge)
Feb 09 2025patent expiry (for year 4)
Feb 09 20272 years to revive unintentionally abandoned end. (for year 4)
Feb 09 20288 years fee payment window open
Aug 09 20286 months grace period start (w surcharge)
Feb 09 2029patent expiry (for year 8)
Feb 09 20312 years to revive unintentionally abandoned end. (for year 8)
Feb 09 203212 years fee payment window open
Aug 09 20326 months grace period start (w surcharge)
Feb 09 2033patent expiry (for year 12)
Feb 09 20352 years to revive unintentionally abandoned end. (for year 12)