US20040049596A1 - Reliable packet monitoring methods and apparatus for high speed networks - Google Patents

Reliable packet monitoring methods and apparatus for high speed networks Download PDF

Info

Publication number
US20040049596A1
US20040049596A1 US10/638,815 US63881503A US2004049596A1 US 20040049596 A1 US20040049596 A1 US 20040049596A1 US 63881503 A US63881503 A US 63881503A US 2004049596 A1 US2004049596 A1 US 2004049596A1
Authority
US
United States
Prior art keywords
flow
tcp
data
monitoring
network
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Abandoned
Application number
US10/638,815
Inventor
David Schuehler
John Lockwood
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Washington University in St Louis WUSTL
Original Assignee
Washington University in St Louis WUSTL
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Washington University in St Louis WUSTL filed Critical Washington University in St Louis WUSTL
Priority to US10/638,815 priority Critical patent/US20040049596A1/en
Publication of US20040049596A1 publication Critical patent/US20040049596A1/en
Assigned to WASHINGTON UNIVERSITY IN ST. LOUIS reassignment WASHINGTON UNIVERSITY IN ST. LOUIS ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: LOCKWOOD, JOHN W., SCHUEHLER, DAVID V.
Assigned to WASHINGTON UNIVERSITY IN ST. LOUIS reassignment WASHINGTON UNIVERSITY IN ST. LOUIS ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: SCHUEHLER, DAVID V.
Assigned to WASHINGTON UNIVERSITY IN ST. LOUIS reassignment WASHINGTON UNIVERSITY IN ST. LOUIS ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: LOCKWOOD, JOHN W.
Abandoned legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/18Protocol analysers
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/16Implementation or adaptation of Internet protocol [IP], of transmission control protocol [TCP] or of user datagram protocol [UDP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/16Implementation or adaptation of Internet protocol [IP], of transmission control protocol [TCP] or of user datagram protocol [UDP]
    • H04L69/163In-band adaptation of TCP data exchange; In-band control procedures

Definitions

  • This invention relates generally to data transfer through a network and, more particularly, to the monitoring of data passing through the Internet.
  • a method for controlling traffic on a network includes monitoring a data stream, determining a particular byte offset within the monitored stream at which to block flow of the stream, and blocking flow of the data stream at the determined byte offset.
  • a method for controlling traffic on a network includes monitoring a data stream for a first predetermined condition, blocking flow of the data steam upon a detection of the first predetermined condition, and re-enabling flow of the blocked stream.
  • a method for controlling traffic on a network includes monitoring a TCP data stream for a predetermined condition, and generating and transmitting a TCP FIN packet for the monitored data stream upon a detection of the predetermined condition for the purpose of terminating the TCP data stream.
  • a method for controlling traffic on a network includes monitoring TCP traffic in band through a switch using a plurality of content scanning engines.
  • a method for controlling traffic on a network includes content scanning a plurality of TCP packets to detect a content match that spans multiple packets.
  • a method for controlling traffic on a network includes monitoring a plurality of flows through the network wherein per flow memory usage is matched to a burst width of a memory module used to monitor a flow.
  • a method for controlling traffic on a network includes monitoring a plurality of flows through the network wherein an overlapping retransmission is handled using a data enabled signal and a valid bytes vector.
  • a method for controlling traffic on a network includes monitoring a plurality of data flows simultaneously, assigning a maximum idle period of time for each monitored flow, and stopping monitoring a flow which is idle for at least the assigned period of time.
  • a method for controlling traffic on a network includes monitoring a plurality of data flows simultaneously, maintaining a period of idle time for each monitored flow, and stopping monitoring the flow having a longest period of idle time.
  • a method for controlling traffic on a network includes monitoring a plurality of existing data flows simultaneously wherein each existing flow has a hash table entry, receiving a new flow to be monitored, wherein the new flow hashes to the hash table entry of an existing flow causing a hash table collision, and stopping monitoring of the existing flow whose hash table entry the new flow collided with.
  • a Field Programmable Gate Array is configured to monitor a plurality of data flows using a hash table to store state information regarding each flow, resolve hash table collisions according to a first algorithm stored on the FPGA, receive a second algorithm at the FPGA to resolve hash table collisions, the second algorithm different from the first algorithm, and use the received second algorithm to resolve hash table collisions occurring subsequent the receipt of the second algorithm.
  • FPGA Field Programmable Gate Array
  • an apparatus for controlling traffic on a network includes at least one input port, at least one output port, and at least one logic device operationally coupled to the input port and the output port.
  • the logic device is configured to monitor a data stream, determine a particular byte offset within the monitored stream at which to block flow of the stream, and block flow of the data stream at the determined byte offset.
  • an apparatus for controlling traffic on a network includes at least one input port, at least one output port, and at least one logic device operationally coupled to the input port and the output port.
  • the logic device is configured to monitor a data stream for a first predetermined condition, block flow of the data steam upon a detection of the first predetermined condition, and re-enable flow of the blocked stream.
  • an apparatus for controlling traffic on a network includes at least one input port, at least one output port, and at least one logic device operationally coupled to the input port and the output port.
  • the logic device is configured to monitor a TCP data stream for a predetermined condition, and generate and transmit a TCP FIN packet for the monitored data stream upon a detection of the predetermined condition for the purpose of terminating the TCP data stream.
  • an apparatus for controlling traffic on a network includes at least one input port, at least one output port, and at least one logic device operationally coupled to the input port and the output port.
  • the logic device is configured to monitor a TCP data stream from a first device directed toward a second device for a predetermined condition, and manipulate the TCP data stream such that the second device receives data different than that sent from the first device.
  • an apparatus for controlling traffic on a network includes at least one input port, at least one output port, and at least one logic device operationally coupled to the input port and the output port.
  • the logic device is configured to monitor TCP traffic in band using a plurality of content scanning engines.
  • an apparatus for controlling traffic on a network includes at least one input port, at least one output port, and at least one logic device operationally coupled to the input port and the output port.
  • the logic device is configured to scan a plurality of TCP packets to detect a content match that spans multiple packets.
  • an apparatus for controlling traffic on a network includes at least one input port, at least one output port, and at least one logic device operationally coupled to the input port and the output port.
  • the logic device is configured to monitor a plurality of flows through the network wherein per flow memory usage is matched to a burst width of a memory module used to monitor a flow.
  • an apparatus for controlling traffic on a network includes at least one input port, at least one output port, and at least one logic device operationally coupled to the input port and the output port.
  • the logic device is configured to monitor a plurality of flows through the network wherein an overlapping retransmission is handled using a data enabled signal and a valid bytes vector.
  • an apparatus for controlling traffic on a network includes at least one input port, at least one output port, and at least one logic device operationally coupled to the input port and the output port.
  • the logic device is configured to monitor a plurality of data flows simultaneously, assign a maximum idle period of time for each monitored flow, and stop monitoring a flow which is idle for at least the assigned period of time.
  • an apparatus for controlling traffic on a network includes at least one input port, at least one output port, and at least one logic device operationally coupled to the input port and the output port.
  • the logic device is configured to monitor a plurality of data flows simultaneously, maintain a period of idle time for each monitored flow, and stop monitoring the flow having a longest period of idle time.
  • an apparatus for controlling traffic on a network includes at least one input port, at least one output port, and at least one logic device operationally coupled to the input port and the output port.
  • the logic device is configured to monitor a plurality of existing data flows simultaneously wherein each existing flow has a hash table entry, receive a new flow to be monitored, wherein the new flow hashes to the hash table entry of an existing flow causing a hash table collision, and stop monitoring of the existing flow whose hash table entry the new flow collided with.
  • FIG. 1 is a high level view of the data flow through an embodiment of a TCP-Splitter.
  • FIG. 2 is a low-level view of data flow through an embodiment of a TCP-splitter.
  • FIG. 3 is a perspective view of a Field-programmable Port Extender (FPX) module.
  • FPX Field-programmable Port Extender
  • FIG. 4 is a schematic view of the FPX module shown in FIG. 3.
  • FIG. 5 illustrates a plurality of workstations connected to a remote client across the Internet through a node including a TCP-Splitter coupled to a monitoring client application.
  • FIG. 6 illustrates a plurality of TCP-Splitter implemented FPX modules, as shown in FIGS. 3 and 4, in series between a programming device and a endpoint device forming a network.
  • FIG. 7 illustrates that monitoring systems are implemented as either in-band or out-of-band solutions.
  • FIG. 8 illustrates a system that focuses on an in-band type of solution where network data is routed into and back out of the monitoring application.
  • FIG. 9 illustrates a layout on an entry stored for a flow.
  • FIG. 10 illustrates a content-scanning engine combined with the TCP-Splitter shown in FIG. 1.
  • FIG. 11 illustrates an overall throughput of the content scanner increases by putting four scanning engines in parallel and processing four flows concurrently.
  • FIG. 12 illustrates that frames are buffered the event that there is congestion in a TCP Protocol Processing engine.
  • FIG. 13 illustrates three packet sequencing issues.
  • FIG. 14 illustrates an example of an overlapping retransmission and controlling signals.
  • FIG. 1 is a high level view of the data flow through an embodiment of a TCP-Splitter 10 .
  • a plurality of Internet Protocol (IP) frames 12 enter into TCP-Splitter 10 from a source device 14 and frames 12 are addressed to a destination device 16 .
  • IP frames 12 each include an IP header 18 and a TCP frame including a TCP header and a data packet.
  • the TCP header is removed, the packet is classified to retrieve Flow State, and then the packet is sent as a byte stream to a client application 20 .
  • An IP frame including the embedded TCP frame is also sent to destination device 16 . Accordingly, the splitting of the TCP frame from the IP frame is transparent to devices 14 and 16 .
  • client application 20 counts how many bits are being transferred in a TCP exchange. Additionally, client application 20 is provided with TCP header information and/or IP header information, and in one embodiment, the header information is used to bill a user on a bit transferred basis. In another embodiment, client application 20 has access to reference data and, in real time, compares the byte stream of TCP transferred data provided to client application 20 with the reference data to provide a content matching such as for example but not limited content matching as described in co-pending patent application Ser. No. 10/152,532 and Ser. No. 10/037,543, which are hereby incorporated herein in their entireties.
  • TCP-splitter 10 upon finding a particular match with a predefined reference data, stops all data flow from a particular IP address, all data flow to a particular IP address, and/or all data flow through TCP-splitter 10 .
  • client application 20 monitors data through TCP-Splitter for security purposes, for keyword detection, for data protection, for copyright protection, and/or for watermark detection (and/or other types of embedded digital signatures).
  • a delay is utilized such that the data is analyzed as described above before an IP frame including the removed TCP frame is sent to the destination device. Accordingly, TCP-Splitter 10 allows for actions to be taken in real time processing.
  • TCP-Splitter 10 allows for arbitrary actions to be taken by the client application before the IP frame is sent to the destination device. These actions include delaying transmission of the IP frame and stopping transmission of the IP frame. Additionally, in some placements, IP frames 12 can be wrapped with other protocol wrappers such as an ATM Adaptation Layer 5 (AAL5) frame wrapper 22 and an Asynchronous transmission mode (ATM) Cell wrapper 24 .
  • ATM ATM Adaptation Layer 5
  • ATM Asynchronous transmission mode
  • TCP-Splitter 10 is not implemented in software, rather TCP-Splitter 10 is implemented with combinational logic and finite state machines in a logic device.
  • a logic device refers to an Application Specific IC (ASIC) and/or a Field Programmable Gate Array (FPGA), and excludes processors.
  • ASIC Application Specific IC
  • FPGA Field Programmable Gate Array
  • TCP-splitter 10 processes packets at line rates exceeding 3 gigabits per second (Gbps) and is capable of monitoring 256 k TCP flows simultaneously.
  • Gbps gigabits per second
  • TCP-Splitter 10 is not limited in the number of simultaneous TCP flows TCP-Splitter 10 is capable of monitoring and while 256 k flows was implemented in the prototype built, additional flows can easily be monitored by increasing the amount of memory utilized.
  • TCP-splitter 10 delivers a consistent byte stream for each TCP flow to client application 20 .
  • TCP-splitter 10 processes data in real time, provides client application 20 the TCP packets in order, and eliminates the need for large reassembly buffers. Additionally, by providing the TCP content in order, TCP-Splitter facilitates keeping a minimal amount of state.
  • FIG. 2 is a low level view of data flow through an embodiment of a TCP-splitter 30 illustrating a TCP input section 32 and a TCP output sections 34 .
  • Input section 32 includes a Flow classifier 36 , a Checksum Engine 38 , an Input State Machine 40 , a Control First In-First Out (FIFO) buffer 42 , a Frame FIFO buffer 44 , and an Output State Machine 46 .
  • TCP output section 34 includes a Packet Routing engine 48 operationally coupled to a Client Application 50 and an IP output stack 52 .
  • TCP-Input section 32 data is delivered to an input stack 54 operationally coupled to TCP input section 32 .
  • Flow Classifier 36 Checksum Engine 38 , Input State Machine 40 , Control FIFO 42 , and Frame FIFO 44 all process IP packet data received from the IP protocol wrapper.
  • Output State Machine 46 is responsible for clocking data out of the control and frame FIFOs 42 and 44 , and into output section 34 .
  • the input interface signals to TCP-Input section 32 are as follows:
  • IP frames are clocked into input section 32 thirty-two data bits at a time. As data words are clocked in, the data is processed by Input State Machine 40 and buffered for one clock cycle. Input State Machine 40 examines the content of the data along with the control signals in order to determine the next state.
  • Input State Machine 40 is the current state and the corresponding data and control signals for that state. This data is clocked into Flow Classifier 36 , Checksum Engine 38 , and Frame FIFO 44 .
  • Flow Classifier 44 performs TCP/IP flow classification, verifies the sequence number, and maintains state information for this flow.
  • Output signals of Flow Classifier 44 are (1) a 1 bit indication of whether or not this is a TCP packet, (2) a variable length flow identifier (currently eighteen bits), (3) a 1 bit indication of whether of not this is a new TCP flow, (4) a 1 bit indication of whether or not this packet should be forwarded, (5) a 1 bit indication of whether the sequence number was correct, and (6) a 1 bit indication of the end of a TCP flow.
  • Checksum Engine 38 verifies the TCP checksum located in the TCP header of the packet.
  • the output of the checksum engine is a 1-bit indication whether of not the checksum was successfully verified.
  • Frame FIFO 44 stores the IP packet while Checksum Engine 38 and Flow Classifier 36 are operating on the packet.
  • Frame FIFO 44 also stores a 1 bit indication of the presence of TCP data, a 1 bit indication of the start of frame, a 1 bit indication of the end of frame, a 1 bit indication of the start of the IP packet payload, a 1 bit indication of whether or not there is valid TCP data, and a 2 bit indication of the number of valid bytes in the data word.
  • the packet is stored so that the checksum and flow classifier results can be delivered to the outbound section 34 along with the start of the packet.
  • Control FIFO 42 facilitates holding state information of smaller frames while preceding larger frames are still being clocked out of Frame FIFO 44 for outbound processing.
  • Output State Machine 46 is responsible for clocking data out of the Control and Frame FIFOs 42 and 44 , and into output section 34 of TCP-Splitter 30 . Upon detecting a non-empty Control FIFO 42 , output state machine 46 starts clocking the next IP frame out of Frame FIFO 44 . This frame data along with the control signals from Control FIFO 42 exit TCP-Input section 32 and enter TCP-Output section 34 .
  • TCP-Splitter 30 uses a flow classifier that can operate at high speed and has minimal hardware complexity.
  • a flow table with a 256 k element array contained in a low latency static RAM chip is used. Each entry in the table contains thirty-three bits of state information.
  • An eighteen-bit hash of the source IP address, the destination IP address, the source TCP port, and the destination TCP port are used as the index into the flow table.
  • the detection of a TCP FIN flag signals the end of a TCP flow and the hash table entry for that particular flow is cleared.
  • Other classifiers can be used to identify traffic flows for TCP-Splitter 30 .
  • SWITCHGEN (as described in “Pattern Matching in Reconfigurable Logic for Packet Classification”, Association for Computing Machinery, International Conference on Compilers, Architectures and Synthesis for Embedded Systems (ACM Cases), 2001, A. Johnson and K. Mackenzie) is a tool which transforms packet classification into reconfigurable hardware based circuit design and can be used with TCP-splitter 30 .
  • a Recursive Flow Classification (RFC) algorithm can also be used with TCP-Splitter and is another high performance classification technique that optimizes rules by removing redundancy.
  • the design of TCP-Splitter 30 does not impose any restrictions on the flow classification technique utilized and can be used with any flow classifier.
  • output-processing section 34 of TCP-Splitter 30 is responsible for determining how a packet should be processed.
  • the input interface signals to output section 34 are as follows:
  • Packets can be (1) passed on to the outbound IP stack only, (2) passed both to the outbound IP stack and to client application 50 , or (3) discarded (dropped).
  • the rules for processing packets are as follows:
  • All non-TCP packets (i.e., classified as non-TCP) are sent to the outbound IP stack.
  • All TCP packets with sequence numbers greater than the current expected sequence number are dropped (i.e., discarded and not sent to either client application 50 or the outbound IP stack).
  • TCP-SYN TCP synchronization
  • All other packets are forwarded both to the outbound IP stack and client application 50 . Note that when the TCP packet has a sequence number equal to expected and has a valid checksum, then that packet is classified as else and sent to the outbound IP stack as well as to client application 50 .
  • a client interface (not shown) is between client application 50 and TCP output section 34 .
  • the client interface provides a hardware interface for application circuits. Only data that is valid, checksummed, and in-sequence for each specific flow is passed to client application 50 . This allows the client to solely process the consistent stream of bytes from the TCP connection. All of the packet's protocol headers are clocked into client application 50 along with a start-of-header signal so that the client can extract information from these headers. This eliminates the need to store header information, but still allows the client access to this data. Client application 50 does not sit in the network data path and therefore does not induce any delay into the packets traversing the network switch. This allows the client application to have arbitrary complexity without affecting the throughput rate of TCP-splitter 30 .
  • the client interface contains the following signals:
  • Client application 50 can generate a flow control signal that will stop the delivery of cells.
  • this signal is not processed by TCP-Splitter 30 , but is passed on to the IP wrapper driving the ingress of IP packets.
  • this signal is processed by TCP-Splitter 30 .
  • TCP-Splitter 30 does not process the flow control signals, there is a delay in the cessation of the flow of data words into client application 50 while the flow control signal is being processed by the lower protocol layers. Since TCP-Splitter 30 does not act upon the flow control signal, data continues to flow until all buffers of TCP-Splitter 30 are empty.
  • Client application 50 is configured to either handle data at line rates or is capable of buffering 1500 bytes worth of data after the flow control signal is asserted.
  • TCP/IP Transmission Control Protocol/Internet Protocol
  • IP Internet Protocol
  • High-speed network switches currently operate at OC-48 (2.5 Gb/s) line rates, while faster OC-192 (10 Gb/s) and OC-768 (40 Gb/s) networks will likely be implemented in the near future.
  • New types of networking equipment require the ability to monitor and interrogate the data contained in packets flowing through this equipment.
  • TCP-Splitter 30 provides an easily implementable solution for monitoring at these increased bandwidths.
  • TCP-Splitter 30 provides a reconfigurable hardware solution which provides for the monitoring of TCP/IP flows in high speed active networking equipment.
  • the reconfigurable hardware solution is implemented using Very High Speed Integrated Circuit (VHSIC) Hard-ware Description Language (VHDL) for use in ASICs or Field Programmable Gate Arrays (FPGAs).
  • VHSIC Very High Speed Integrated Circuit
  • VHDL Hard-ware Description Language
  • FPGAs Field Programmable Gate Arrays
  • TCP-Splitter in addition to the hardware itself (i.e., 10 and 30). This name stems from the concept that the TCP flow is being split into two directions. One copy of each network data packet is forwarded on toward the destination host.
  • Another copy is passed to a client application monitoring TCP/IP flows.
  • the copy that is passed to the client application is rewrapped with an IP wrapper to form an IP frame that is forwarded to the destination host.
  • IP wrapper In order to provide for the reliable delivery of a stream of data into a client application, a TCP connection only needs to be established that transits through the device monitoring the data. The bulk of the work for guaranteed delivery is managed by the TCP endpoints, not by the logic on the network hardware. This eliminates the need for a complex protocol stack within the reconfigurable hardware because the retransmission logic remains at the connection endpoints, not in the active network switch.
  • TCP-Splitter 30 is a lightweight, high performance circuit that contains a simple client interface that can monitor a nearly unlimited number of TCP/IP flows simultaneously. The need for reassembly buffers is eliminated because all frames for a particular flow transit the networking equipment in order. Because there is no guarantee that TCP frames will traverse the network in order, some action will have to take place when packets are out of order. As explained above, by actively dropping out of order packets, a TCP byte stream is generated for the client application without requiring reassembly buffers. If a missing packet is detected, subsequent packets are actively dropped until the missing packet is retransmitted. This ensures in-order packet flow through the switch. Therefore a monitoring device always has an accumulated in order content stream before a destination device accumulates the in order content stream.
  • This feature forces the TCP connections into a Go-Back-N sliding window mode when a packet is dropped upstream of the monitoring node (e.g., the node where TCP-Splitter is positioned).
  • the Go-Back-N retransmission policy is widely used on machines throughout the Internet. Many implementations of TCP, including that of Windows 98, FreeBSD 4.1, and Linux 2.4, use the Go-Back-N retransmission logic. The benefit on the throughput is dependent on the specific TCP implementations being utilized at the endpoints. In instances where the receiving TCP stack is performing Go-Back-N sliding window behavior, the active dropping of frames may improve overall network throughput by eliminating packets that will be discarded by the receiver.
  • TCP-Splitter 30 is placed in the network where all packets of monitored flows will pass. All packets associated with a TCP/IP connection being monitored then passes through the networking node where monitoring is taking place. It would otherwise be impossible to provide a client application with a consistent TCP byte stream from a connection if the switch performing the monitoring only processed a fraction of the TCP packets. In general, this requirement is true at the edge routers but not true for interior nodes of the Internet. This strategic placement of TCP-Splitter can be easily accomplished in private networks where the network has been designed to pass traffic in a certain manner.
  • FIG. 3 is a perspective view and FIG. 4 is a schematic view of a Field-programmable Port Extender (FPX) module 60 configured to implement a TCP-Splitter as described above.
  • Module 60 includes a Network Interface Device (NID) 62 operationally coupled to a Reprogrammable Application Device (RAD) 64 .
  • NID 62 is configured to program and/or reprogram RAD 64 .
  • Module 60 also includes a plurality of memories including a static RAM 66 , a Synchronous DRAM 68 , and a PROM 70 operationally coupled to at least one of NID 62 and RAD 64 .
  • NID Network Interface Device
  • RAD Reprogrammable Application Device
  • PROM 70 operationally coupled to at least one of NID 62 and RAD 64 .
  • NID 62 includes a FPGA such as a XCV600E FPGA commercially available from Xilinx, San Jose Calif.
  • RAD 64 includes a FPGA such as a XCV2000E FPGA also available from Xilinx.
  • module 60 monitors network traffic and send TCP data streams to a client application in order. Because module 60 implements the TCP-Splitter in a FPGA, upon receipt of FPGA programming data the TCP-Splitter can reprogram itself and send the FPGA programming data to other TCP-splitters in a flow path between a sending device and a destination device. Additionally, module 60 can reprogram the router to process the traffic flow differently than before. Also, because the data is passed along to other TCP-Splitters, the overall QoS of a network is quickly and easily changeable. In other words, QoS policies, as known in the art, are easily and quickly changed in networks including a TCP-Splitter as herein described.
  • the reprogrammed router prioritizes network traffic based on the flow.
  • the TCP-Splitter can include a plurality of reprogrammable circuits such as FPGAs and can monitor the TCP flows for different things substantially simultaneously. For example, one flow contains data in order for a client application to count bits, while another flow contains data in order for another client application to perform content matching, while another flow contains data for reprogramming an FPGA.
  • a plurality of FPGAs can be coupled to each other such that upon receipt by at least one of an ASIC and a FPGA of FPGA programming data, the ASIC or FPGA receiving the data uses the data to reprogram the FPGAs.
  • FIG. 5 illustrates a plurality of workstations 80 connected to a remote client 82 across the Internet 84 through a node 86 including a TCP-Splitter (not shown in FIG. 4) coupled to a Monitoring client application 88 . All traffic from remote client 82 or any other device on the Internet 84 to or from workstations 80 passes through node 86 and is monitored with the TCP-Splitter coupled to client application 88 .
  • FIG. 6 illustrates a plurality of TCP-Splitter implemented FPX modules 60 (Shown in FIGS. 3 and 4) in series between a programming device 90 and an endpoint device 92 forming a network 94 .
  • programming device 90 transmits programming data via a stream-oriented protocol using the Internet Protocol (IP) to send the data to endpoint device 92 .
  • IP Internet Protocol
  • Each FPX module 60 receives a plurality of IP frames addressed to endpoint device 92 , removes the embedded stream-oriented protocol frame from the IP frame, and provides a client application the removed stream-oriented protocol frame.
  • Each FPX module 60 sends an IP frame including the removed protocol frame back onto network 92 . Accordingly, with one transmission stream made from programming device 90 to endpoint device 92 , a plurality of intermediate devices (modules 60 ) receive programming data either to reprogram themselves (modules 60 ) or to reprogram any attached devices.
  • TCP-Splitter imparts the ability to easily and quickly reconfigure a network of any size.
  • a stream-oriented protocol refers to all protocols that send data as a stream of packets such as TCP as opposed to non-stream-oriented protocols such as UDP where a single packet contains the entire message.
  • the above described TCP-Splitter is a circuit design which supports the monitoring of TCP data streams.
  • a consistent byte stream of data is delivered to a client application for every TCP data flow that passes through the circuit.
  • the TCP-Splitter accomplishes this task by tracking the TCP sequence number along with the current flow state.
  • Selected out-of-order packets are dropped in order to provide the client application with the full TCP data stream without requiring large stream reassembly buffers.
  • the dropping of packets to maintain an ordered flow of packets through the network has the potential to adversely affect the overall throughput of the network.
  • an analysis of out-of-sequence packets in Tier-1 IP backbones has found that approximately 95% of all TCP packets were detected in proper sequence.
  • Network induced packet reordering accounted for a small fraction of out-of-sequence packets, with the majority resulting from retransmissions due to data loss. Greater than 86% of all TCP flows observed contained no out-of-sequence packets.
  • the first implementation of the above described TCP-Splitter stored 33 bits of state information for each active flow in the network. By utilizing a low latency SRAM module, 256 k simultaneous flows were supported.
  • the TCP-Splitter circuit utilized 32 bit wide data path of the FPX card and could operate at 100 MHz. At that clock rate, a maximum throughput of 3.2 Gbps was supported.
  • Monitoring systems are implemented as either in-band or out-of-band solutions.
  • the two basic types are illustrated in FIG. 7.
  • Out-of-band solutions are always passive systems.
  • a cable splitter, network tap, or other content duplicating mechanism is employed to deliver a copy of the network traffic to monitoring system. Since the monitor processes a copy of the true network traffic, it has no means by which to alter the network content and is therefore always a passive solution.
  • in-band network monitoring systems are positioned within the data path of the network. Traffic is processed and forwarded on toward end systems.
  • In-band solutions could be configured to alter the content of the network by either inserting, dropping, or modifying network traffic.
  • the following system is developed as an in-band monitoring device in order to provide a flexible platform upon with either passive or active extensible networking solutions can be developed.
  • FIG. 8 illustrates a system 100 that focuses on an in-band type of solution where network data is routed into and back out of the monitoring application. Developing a monitoring solution in this manner allows one to block selected flows, unblock previously blocked flows, and alter flow specific data as the data traverses through the monitoring system 100 . Blocking flows allows system 100 to prevent data (ie. a virus) from reaching its intended destination. The unblocking of flows allows one to block the transmission of data (ie.
  • an authorizing authority includes a Regional Transaction Processor (RTP) (not shown) as described in co-pending application Ser. No. 10/037,593.
  • RTP includes various hardware and software components (not shown) that allow the RTP to communicate with system 100 , facilitate and process transactions, and store the related information securely over the Internet.
  • a remote access server can receive content match information directly from content owners via communication lines connected to the content owners' servers (not shown).
  • a DB server (not shown) and storage system (not shown) store the content match information.
  • a Central Storage and Backup System (CSBS) (not shown) backs up and stores data from one of more RTPs.
  • the CSBS receives data from the RTPs through a router (not shown), a firewall (not shown), and an enterprise switch (not shown) to back-up onto a plurality of storage systems (not shown).
  • a DataBase (DB) server (not shown) date stamps and logs all information received.
  • the RTP that processes transactions based on messages from a workstation (not shown) and/or system 100 .
  • An accounting server receives and processes transactions using data in the DB server, a remote access server (not shown), and an external billing system (not shown) to facilitate transactions at the workstation.
  • the RTP has access to a tax lookup table (not shown) stored on the DB server or the storage system.
  • the tax table can be used to determine the amount of sales tax rates to add to the price of delivering content through the system 100 or other retail transactions made by a user at the workstation.
  • An identifier for the workstation and an identifier for the corresponding system 100 can be used to determine which tax tables or tax rate formula to use to determine the amount of state and/or local sales tax to charge for a transaction.
  • System 100 and the RTP also can use public/private key encryption/decryption technology to decrypt encrypted data packets for content matching, and then re-encrypt the data packet and forward it to the workstation.
  • content match information can be provided to identify the content of a data packet in encrypted format, thereby eliminating the need to decrypt the data packet.
  • the content provider also can supply or indicate transaction instructions to be used in the RTP when the system 100 finds a content match in a data packet. For example, if the user is required to pay for the content before receiving it, the RTP transmits a transaction prompt to the user's workstation (not shown) informing the user of the price to be paid for the content, and allowing the user to accept or decline the purchase. As another example, the RTP can transmit a prompt to inform the user that content infected with a virus is attempting to be transmitted from or received to the user's workstation, and that transmission or reception of the virus is being halted.
  • the RTP can transmit a prompt to inform the user that content subject to security control is attempting to be transmitted from or received to the user's workstation, and that transmission or reception of the confidential content is being halted.
  • the RTP can tally statistics regarding transmission of designated content for purposes such as rating the popularity of the content.
  • System 100 performs content match searches for content unique to application(s) being performed by various entities such as content providers, business organizations, and/or government organizations.
  • the applications can handle various situations based on the content, such as collecting payment for the authorized use of copyrighted content, preventing outgoing transmission of confidential material, preventing incoming receipt of material previously designated as unwanted by the recipient, and preventing the transmission of files containing viruses.
  • the content matches can include logic to search for particular watermarks or fingerprints to identify copyright content based on content match information from the content providers.
  • the content matches also can include logic to understand one or more hashing functions.
  • System 100 includes a hardware circuit which is capable of reassembling TCP/IP data flows into their respective byte streams at multi-gigabit line rates.
  • a large per-flow state store maintains 64 bytes of state information for millions of active TCP flows concurrently. Additional logic provides support for flow blocking, unblocking and stream modification features.
  • System 100 enables a new generation of network services to operate within the core of the Internet.
  • System 100 includes a plurality of content scanner engines 102 .
  • Each content-scanning engine 102 is a hardware module that is capable of scanning the payload of packets for a set of regular expressions as described by J. Moscola, J. Lockwood, R. P. Loui, and M. Pachos in Implementation of a Content - Scanning Module for an Internet Firewall IEEE Symposium on Field-Programmable Custom Computing Machines (FCCM), Napa, Calif., USA, April 2003 and co-pending U.S. patent application Ser. No. 10/152,532.
  • Regular expressions are well-known tools for defining conditional strings.
  • a regular expression may match several different strings.
  • various regular expression operators in a pattern definition may encompass a plurality of different strings.
  • the regular expression operator “.*” means “any number of any characters”.
  • the regular expression “c.*t” defines a data pattern that encompasses strings such as “cat”, “coat”, “Chevrolet”, and “cold is the opposite of hot”.
  • Another example of a regular expression operator is “*” which means “zero or more of the preceding expression”.
  • the regular expression “a*b” defines a data pattern that encompasses strings such as “ab”, “aab”, and “aaab”, but not “acb” or “aacb”.
  • the regular expression “(ab)*c” encompasses strings such as “abc”, “ababc”, “abababc”, but not “abac” or “abdc”.
  • regular expression operators can be combined for additional flexibility in defining patterns.
  • the regular expression “(ab)*c.*z” would encompass strings such as the alphabet “abcdefghij klmnopqrstuvwxy”, “ababcz”, “ababcqsrz”, and “abcz”, but not “abacz”, “ababc” or “ababacxvhgfjz”.
  • regular expressions are well-known in the art, it is unnecessary to list all possible regular expression operators (for example, there is also an OR operator “
  • each content-scanning engine 102 employs a set of Deterministic Finite Automata (DFAs), each searching in parallel for one of the targeted regular expressions.
  • DFAs Deterministic Finite Automata
  • content-scanner 102 Upon matching the content of a network data packet with any of these regular expressions, content-scanner 102 has the ability to either allow the data to pass or to drop the packet.
  • Content-scanning engine 102 also has the ability to generate an alert message that can be sent to a log server when a match is detected in a packet.
  • the alert message contains the source and destination addresses of the matching packet along with a list of regular expressions that were found in the packet.
  • the TCP based content scanning engine integrates and extends the capabilities of the above described TCP-Splitter and Content-Scanning Engine 102 . As illustrated in FIG. 8, data flow is from the left to the right. IP packets are passed into a TCP Protocol Processing Engine 104 from lower layer protocol processing engines contained within a network switch. An input packet buffer 106 provides an amount of packet buffering when there are downstream processing delays. TCP Protocol Processing Engine 104 validates packets and classifies them as part of a flow. Packets along with the associated flow state information are passed onto a Packet Routing module where the packets are routed either to Content Scanning Engines 102 or a Flow Blocking module 108 .
  • Multiple Content Scanning Engines 102 evaluate regular expressions against the TCP data stream. Packets returning from Content Scanning Engines 102 are passed to Flow Blocking module 108 where application specific state information is stored and flow blocking is enforced. Packets that are not blocked are passed back to the network switch which forwards them on toward their end destination.
  • a hash table is used in one embodiment. However, whenever a hash table is used, hash table collisions can occur.
  • a State Store Manager 110 overcomes this problem by limiting the length of the chain to a constant number of entries.
  • a hashing algorithm which produces an even distribution across all hash buckets is important to the overall efficiency of the circuit.
  • Initial analysis of the flow classification hashing algorithm used for system 100 was performed against packet traces available from the National Laboratory for Applied Network Research. With 26,452 flow identifiers hashed into a table with 8 million entries, there was a hash collision in less than 0.3% of the flows.
  • Additional features of system 100 includes support for the following services: Flow Blocking which allows a flow to be blocked at a particular byte offset within the TCP data stream); Flow Unblocking in which a previously disabled flow can be re-enabled and data for a particular flow will once again be allowed to pass through the circuit; Flow Termination in which a selected flow will be shut down by generating a TCP FIN packet; and Flow Modification which provides the ability to sanitize selected data contained within a TCP stream. For example, a virus is detected and removed from a data stream. The concept of altering the content of a TCP data stream is counterintuitive to most (if not all) networks. In the majority of circumstances, this type of behavior should be avoided at all costs.
  • the second case involves the addition of data to the data stream. In this case, the total number of data bytes received by the destination will be greater than the number of data bytes sent by the source.
  • the third case involves the removal of data form the data stream. Here, the total number of data bytes received at the destination will be less than the total number of data bytes send by the source.
  • Case 1 Modifying the flow—In this situation, the processing engine which is altering the content of the TCP data stream need only operate on the flow of data in a single direction, from source to destination. When it is determined that data bytes should be altered, existing data bytes are replaced with new bytes. The TCP checksum of the network packet containing the altered data is recomputed to account for the new data. In addition, the processing engine remembers (1) the new content and (2) the TCP sequence number pertaining to the location in the data stream where the new content replaces existing content. This step is desired to handle the case where a retransmission occurs which contains data that has been altered.
  • the old data needs to be replaced with new data whenever the old data transits the network. In this manner, the end system will always receive a consistent view of the transmitted byte stream with the selected data alterations applied.
  • Case 2 Adding data to the flow—When a processing engine within the network wishes to add content to a TCP data stream, the processing engine must process TCP packets sent in the forward direction from source to destination and TCP packets sent in the reverse direction, from destination back to the source. Without processing both directions of the data flow, the system will be unable to accurately manage the insertion of data into the flow. Once the position within the network stream where the data should be inserted is realized, the processing engine can then either modify existing TCP data packets and/or generate additional TCP data packets as necessary to insert data into the data stream. For each of these packets, the appropriate TCP header fields will have to be populated, including a checksum value.
  • Sequence numbers contained in TCP packets received by the processing engine that occur after the point of insertion within the TCP data stream are incremented by the total number of bytes that were inserted into the stream.
  • the processing engine stores the sequence number of the location where the data insertion took place along with the total number of bytes inserted into the stream. If a packet retransmission occurs, the processing engine performs the steps taken to insert the additional stream data so that the receiving node always receives a consistent view of the amended data stream.
  • the processing engine decrements the acknowledgment number whenever the acknowledgment number exceeds the sequence number where the data insertion has taken place.
  • the processing engine can ensure that the source node will not receive acknowledgments for data that the receiving system has not yet processed.
  • the processing engine since the processing engine is inserting new data content into the stream, the processing engine also tracks the TCP processing state of the end systems and generates retransmission packets for the inserted data whenever it detects a nonincreasing sequence of acknowledgement numbers in the range of the inserted data.
  • Case 3 Removing data from the flow—When a processing engine within the network wishes to remove content from a TCP data stream, the processing engine processes TCP packets sent in the forward direction from the source to the destination and TCP packets sent in the reverse direction, from the destination back to the source. Without processing both packets traveling in both directions of the data flow, the system will be unable to accurately manage the removal of data from the flow. Once the position within the TCP data stream where data should be removed is encountered, the processing engine can start the removal process by eliminating packets or shrinking the overall size of a packet by removing part of the data contained within the packet. Packets which are modified must have their length fields and checksum values recomputed.
  • Sequence numbers contained in TCP packets received by the processing engine that occur after the point of data removal are decremented by the total number of bytes that were removed from the stream.
  • the processing engine stores the sequence number of the location where the data removal took place along with the total number of bytes that were removed from the stream. If a packets retransmission occurs, the processing engine performs the steps previously taken to effect the removal of data from the stream so that the receiving node always receives a consistent view of the altered data stream.
  • the processing engine increments the acknowledgment number whenever the acknowledgment number exceeds the sequence number where the data removal has taken place.
  • the processing engine can ensure that the source node receives the proper acknowledgment for all of the data received by the end system. Failure to perform this step could cause excessive retransmissions or a blocking of the flow of data if the amount of data removed exceeds the window size in use by the source node.
  • a high speed router may be forwarding millions of individual traffic flows.
  • a 512MB Synchronous Dynamic Random Access Memory (SDRAM) module can be utilized.
  • the memory interface to this memory module has a 64 bit wide data path and supports a maximum burst length of eight operations.
  • Storing 64 bytes of state information for each flow optimizes the use of the memory interface by matching the amount of per flow state information with the amount of data in a burst transfer to memory.
  • This configuration provides support for eight million simultaneous flows. Assuming $100.00 as a purchase price for a 512MB SDRAM memory module, the cost to store context for eight million flows is only 0.00125 cents per flow or 800 flows per penny as of August 2003. Memory modules other than SDRAM are also employable.
  • TCP processing engine 102 utilizes 32 bytes to maintain flow state and memory management overhead.
  • the additional 32 bytes of state store for each flow holds the application data for each flow context.
  • the layout of a single entry is illustrated in FIG. 9.
  • a portion of this per-flow state storage is used to maintain the TCP data stream re-assembly operation similar to the above described TCP-Splitter design.
  • Another portion of the storage area is used to ensure that network data packets are associated with the proper flow stored in the state store.
  • Yet another portion of memory is used to maintain navigation information and memory management overhead.
  • the final portion of the per-flow state storage area is used to store per-flow context information used by the monitoring application.
  • Additional features support passing this saved context information to the monitoring application for each network data packet. Updates to a flow's context information by the monitoring application is written back to the state store so that this information can be provided back to the monitoring application when future packets for the flow are encountered.
  • the source and destination IP addresses along with the source and destination TCP ports could be hashed into a 23 bit value. This hash value could then be used as a direct index to the first entry in a hash bucket.
  • the hash table would then contain 4 million records at fixed locations and an additional 4 million records that could be used to form a linked list.
  • the IP addresses and ports could be hashed to a bit value other than 23 bits.
  • the IP addresses and ports could be hashed to any bit value based upon a desired number of flows to be indexed.
  • the use of linked list records will enable the storing state information for multiple flows that hash to the same bucket.
  • the number of link traversals is constrained by a constant.
  • the term “hash table collision” refers to the situation where two flows hash to the same value, and to the situation where after two flows hash to the same hash value using a hash table employing a chaining of predetermined length and a chain is full for that hash value.
  • State Store Manager 110 can cache state information utilizing on-chip block RAM memory. This provides faster access to state information for the most recently accessed flows. A write-back cache design provides for improved performance.
  • the use of the TCP Processing Engine also requires that the content scanner process interleaved flows. Because each content scanner only holds the state of one flow, it needs to be able to save and restore the current state of a flow and perform a context switch whenever a new flow arrives. When a packet arrives at the content scanner on some flow, the content scanner must restore the last known matching state for that flow. When the content scanner has finished processing the packet, it must then save the new matching state of the flow which can be done by using the state store resources of the TCP processing circuit.
  • FIG. 10 shows the design of the content-scanning engine combined with the TCP-Splitter.
  • the overall throughput of the content scanner increases by putting four scanning engines in parallel and processing four flows concurrently.
  • Incoming packets are dispatched to one of the scanning engines based on the last two bits of a flow ID provided by the TCP Processing Engine. By dispatching packets in this fashion, the possibility of hazards that may occur when two scanners are processing packets from the same flow simultaneously can be eliminated.
  • data is received on the left from the Internet Protocol Wrappers and passed into input buffer 106 .
  • Frames are buffered here in the event that there is congestion in a TCP Protocol Processing engine 150 shown in FIG. 12. This congestion can occur at instants when there are hash table collisions and the State Store Manager has to walk through a linked list in order to locate the proper flow context.
  • IP frames are passed to TCP Protocol Processing Engine 150 .
  • An input state machine 152 tracks the processing state within a single packet. Data is forwarded to (1) a Frame FIFO 154 which stores the packet, (2) a checksum engine 156 which validates the TCP checksum, and (3) a flow classifier 158 . Once flow classifier 158 has computed a hash value for the packet, information is passed to State Store Manager 110 which retrieves the state information associated with the particular flow. Results are written to a Control FIFO 162 and the state store is updated with the current state of the flow.
  • An Output State Machine 164 reads data from the Frame and Control FIFOs and passes it to a packet routing engine 166 (shown in FIG. 8). Most traffic flows through the Content Scanning Engines 102 where the data is scanned. Packet retransmissions bypass Content Scanning Engines 102 and are sent directly to Flow Blocking module 108 .
  • Data returning from Content Scanning Engines 102 is passed to Flow Blocking module 108 .
  • the per flow state store is updated with the latest application specific state information. If flow blocking is enabled for a flow, it is enforced at this time.
  • the sequence number of the packet is compared with the sequence number where flow blocking should take place. If the packet meets the blocking criteria, it is dropped from the network at this point. Packets that are not dropped are passed on to the outbound Protocol Wrapper.
  • State Store Manager 110 is responsible for processing requests for and updates to a flow state record. All interactions with a SDRAM memory 166 are handled along with the caching of recently accessed flow state information.
  • a SDRAM controller 168 exposes three memory access interfaces, a read-write interface, a write only interface, and a read only interface. Requests to these interfaces are prioritized in the same order, with the read-write interface having the highest priority.
  • State Store Manager 110 Upon processing a new packet, a flow identifier hash value is computed and a record retrieval operation is initiated. State Store Manager 110 utilizes the read interface of memory controller 168 to retrieve the current state information for the flow and returns this information to the protocol processing engine. If the packet is determined to be valid and is accepted by the engine, an update operation is performed to store the new flow state. The flow blocking module also performs a SDRAM read operation in order to determine the current flow blocking state. If the flow blocking state has changed or there is an update to the application specific state information, a write operation is also performed to date the flow's saved state information.
  • the average TCP packet size on the Internet has been shown to be approximately 300 bytes. It is important to note that the TCP Protocol Processing engine does not need to access memory for acknowledgment packets that contain no data. Given that half of all TCP packets are acknowledgments, the average size of a packet requiring memory operations to the state store will be larger than the 300 byte average previously stated. Processing larger packets decrease the likelihood of throttling due to memory access latency. On average, the system will have over twice the memory bandwidth required to process a packet when operating at OC-48 rates.
  • This paper discusses architecture for performing content scanning of TCP flows within high-speed networks.
  • the circuit design is targeted for the Xilinx XCV2000E FPGA in the FPX platform with an operational clock frequency of 80 MHz. This provides for the monitoring of eight million simultaneous TCP flows at OC-48 (2.5 Gb/s) line rates.
  • 8M flows can be stored with at a cost of 0.00125 cents per flow. By storing 64 bytes per flow, it is possible to maintain the context of the scanning engine for each flow.
  • New FPGA devices are available which have 4 times the number of logic gates and operate at over twice the clock rate of the XVC2000E used on the FPX platform.
  • the latest memory modules support larger densities, higher clock frequencies, and Double Data Rate (DDR) transfer speeds. Utilizing these new devices, the TCP based content scanning engine could achieve OC-192 (10 Gb/s) data rates without requiring major modifications.
  • the goal of a TCP based flow monitoring system is to produce a byte stream within the interior of the network which is identical to the byte stream processed by the end system. In order to do this, one must effectively track the TCP processing state of the end system and perform similar operations. The difficulty of this task stems from the fact that the traffic observed at the monitoring node could be quite different from the traffic received at the end system.
  • Three potential packet sequencing issues are shown in FIG. 13 and outlined below. 1) Packets processed at the monitoring station are not processed by the end host system (A in FIG. 13). This can occur when a packet is dropped between the monitoring station and the end system.
  • the packet is processed accordingly and the processing state is advanced under the assumption that the end system will follow the same behavior when it received the packet. If the packet never arrives at the end system, then the state of the monitor and end system are inconsistent with respect to each other. 2) Packets processed at the end host system are not processed by the monitoring station (B in FIG. 13). This can occur when successive packets of a data flow take different paths through the network. If the monitoring station is placed at a point where it sees packets traversing one path but not the other, then it will be difficult to impossible to track the state of the end system depending on what data is sent over which path.
  • Packets processed at the monitoring station in the order [1][2][3] may arrive at arrive at the end system in a different order (C in FIG. 13). Without knowing the specifics of the protocol implementation, the monitoring system will be unable to determine how the end system processes that sequence. Even worse, the monitoring system will have no idea that the packets have been processed by the end system in a different order.
  • TCP based network flows do not always produce a proper termination sequence. This improper termination can be caused by a system crash, power outage, a network event, or something as simple a disconnected cable. Because TCP connections can exist for long periods of time without the presence of network traffic, it is difficult for a monitoring station to determine whether a flow is idle or if the flow should be terminated. Not terminating flows leads to the exhaustion of flow tracking resources. Prematurely terminating an active flow can lead to situations where data is allowed to traverse the network unmonitored. The problem is even worse when attempting to monitor a series of individual UDP data packets as a data stream. The UDP protocol does not contain any provisions for marking the start or end of a flow.
  • One down side is that it may take an excessive amount of time to retrieve flow state information from the state store because the state store manager may have to traverse a long linked list of entries. This delay in retrieving state information can lead to data loss on the network device which will adversely affect the overall throughput of the network.
  • the tracking of a flow is initiated by the reception of a TCP data packet.
  • the assumption here is that a proper TCP flow setup has previously been performed by the connection endpoints.
  • a denial of service attack which generates random TCP data packets without first establishing a valid TCP session can potentially induce processing delays for the proposed monitoring system.
  • the flow state manager allocates resources and attempts to track these packets as if they were part of a valid TCP flow. An attack of this nature could potentially exhaust the per-flow state storage resources of the solution.
  • a third approach involves cannibalizing the resources of another flow when resource contention occurs.
  • a flow would be assumed to be terminated whenever a hash table collision occurred during the arrival of a new flow.
  • One disadvantage of this approach is that two or more active flows which map to the same hash table entry will continually be bumping the other flow from the monitoring system. This will inhibit the ability of the monitoring system to fully monitor these flows.
  • One benefit of this technique over the first two is that of performance.
  • the third algorithm can be implemented quickly and takes a small, bounded amount of time to service each flow.
  • the other two algorithms require extra processing in order to maintain link lists of least recently used flows.
  • the traversal of long link list chains may be required in order to navigate to the proper flow record. This extra processing can cause excessive delays and leads to systems which are prone to data loss. All three of these options have limitations.
  • the modular design of the herein described monitoring engine allows the replacement of the State Store Manager component. All of the logic necessary to implement one of these algorithms will be contained within this module on an FPGA. By replacing this module, the behavior of the memory manager can be altered in order to match the behavior of the system with the expected traffic load.
  • the herein described circuit design employs a data enable signal and a valid bytes vector.
  • the data enable signal will during a clock cycle where there is TCP data to be processed by the client application.
  • Valid bytes is a 4-bit vector which indicates which of the four data bytes contain valid data to be processed. The client application will only process data when both the data enable signal and the appropriate valid bytes signal are asserted.
  • An example of an overlapping retransmission and the controlling signals can be seen in FIG. 14.
  • a hardware circuit which supports TCP stream re-assembly and flow monitoring is a desired component which will allow these services to operate in a high speed networking environment.
  • System 100 can be keyed with a data pattern that will reliably detect when a party's copyrighted material is transmitted over a network. For example, copyrighted songs, motion pictures, and images are often transmitted over the Internet via audio files, video files, and image files. By properly designing a data pattern that will detect when such works are present in packet traffic, a practitioner of the herein described systems and methods can utilize system 100 to detect the transmission of such copyrighted works and take appropriate action upon detection.
  • the herein described systems and methods can be used to protect against the dissemination of trade secrets and confidential documents, which is another technical effect.
  • a company having trade secrets and/or confidential documents stored on its internal computer system can utilize the herein described systems and methods to prevent the unauthorized transmission of such information outside a company's internal network.
  • the company's network firewall can use system 100 that is keyed to detect and drop any unauthorized packets that are found to include a string that matches a data pattern that encompasses that company's trade secrets and/or confidential information.
  • a company has a wide range of options for flagging their confidential/trade secret information, from adding electronic watermarks to such information (wherein the data processor is keyed by the watermark) to designing a separate data pattern for each confidential/trade secret document/file that will reliably detect when that document/file is transmitted.
  • System 100 can be keyed with a data pattern that encompasses keywords of interest and variations thereof. For example, certain words related to explosives (i.e., TNT, etc.), crimes (i.e., kill, rob, etc.), and/or wanted individuals (i.e., known terrorists, fugitives, etc.) can be keyed into the packet processor. Once so configured, the packet processor can detect whether those keywords (or variations) are present in a packet stream, and upon detection take appropriate action (e.g., notify an interested governmental agency, or redirect the data for further automated processing).
  • keywords of interest i.e., TNT, etc.
  • crimes i.e., kill, rob, etc.
  • wanted individuals i.e., known terrorists, fugitives, etc.
  • System 100 can be used to detect when a word in a first language is present in a packet, and upon detection, replace that word with its translation into a second language.
  • the packet processor can be used to replace the word “friend” when detected in a packet with its Spanish translation “amigo”.
  • the present invention can be used as a large scale translation device wherein the packet processor is keyed with a large language A to language B dictionary.
  • the herein described systems and methods can be used to monitor/filter packet traffic for offensive content, which is another technical effect.
  • a parent may wish to use system 100 to prevent a child from receiving profane or pornographic material over the Internet.
  • system 100 By keying system 100 to search for and delete profanities or potentially pornographic material, a parent can prevent such offensive material from reaching their home computer.
  • System 100 can be designed to replace various words or letters with replacement codes to thereby encrypt packets designed for the network.
  • another System 100 can be equipped to decrypt the encrypted packets by replacing the replacement codes with the original data.

Abstract

A method for controlling traffic on a network includes monitoring a data stream, determining a particular byte offset within the monitored stream at which to block flow of the stream, and blocking flow of the data stream at the determined byte offset.

Description

    CROSS REFERENCE TO RELATED APPLICATIONS
  • This application is a Continuation-in-Part (CIP) of U.S. patent application Ser. No. 10/222,307 filed Aug. 15, 2002.[0001]
  • BACKGROUND OF THE INVENTION
  • This invention relates generally to data transfer through a network and, more particularly, to the monitoring of data passing through the Internet. [0002]
  • At least some known protocol analyzers and packet capturing programs have been around as long as there have been networks and protocols to monitor. These known tools provide the ability to capture and save network data with a wide range of capabilities. [0003]
  • For example, one such program “tcpdump” available from the Lawrence Berkeley National Laboratory (http://ee.lbl.gov/) allows for the capture and storage of TCP packets. These known tools work well for monitoring data at low bandwidth rates, but the performance of these programs is limited because they execute in software. Post processing is required with these tools in order to reconstruct TCP data streams. [0004]
  • Accordingly, it would be desirable to provide a solution to data monitoring that is implementable at high bandwidth rates. [0005]
  • BRIEF DESCRIPTION OF THE INVENTION
  • In one aspect, a method for controlling traffic on a network is provided. The method includes monitoring a data stream, determining a particular byte offset within the monitored stream at which to block flow of the stream, and blocking flow of the data stream at the determined byte offset. [0006]
  • In another aspect, a method for controlling traffic on a network is provided. The method includes monitoring a data stream for a first predetermined condition, blocking flow of the data steam upon a detection of the first predetermined condition, and re-enabling flow of the blocked stream. [0007]
  • In yet another aspect, a method for controlling traffic on a network is provided. The method includes monitoring a TCP data stream for a predetermined condition, and generating and transmitting a TCP FIN packet for the monitored data stream upon a detection of the predetermined condition for the purpose of terminating the TCP data stream. [0008]
  • In still another aspect, a method for controlling traffic on a network is provided. The method includes monitoring TCP traffic in band through a switch using a plurality of content scanning engines. [0009]
  • In one aspect, a method for controlling traffic on a network is provided. The method includes content scanning a plurality of TCP packets to detect a content match that spans multiple packets. [0010]
  • In another aspect, a method for controlling traffic on a network is provided. The method includes monitoring a plurality of flows through the network wherein per flow memory usage is matched to a burst width of a memory module used to monitor a flow. [0011]
  • In one aspect, a method for controlling traffic on a network is provided. The method includes monitoring a plurality of flows through the network wherein an overlapping retransmission is handled using a data enabled signal and a valid bytes vector. [0012]
  • In one aspect, a method for controlling traffic on a network is provided. The method includes monitoring a plurality of data flows simultaneously, assigning a maximum idle period of time for each monitored flow, and stopping monitoring a flow which is idle for at least the assigned period of time. [0013]
  • In still another aspect, a method for controlling traffic on a network is provided. The method includes monitoring a plurality of data flows simultaneously, maintaining a period of idle time for each monitored flow, and stopping monitoring the flow having a longest period of idle time. [0014]
  • In one aspect, a method for controlling traffic on a network is provided. The method includes monitoring a plurality of existing data flows simultaneously wherein each existing flow has a hash table entry, receiving a new flow to be monitored, wherein the new flow hashes to the hash table entry of an existing flow causing a hash table collision, and stopping monitoring of the existing flow whose hash table entry the new flow collided with. [0015]
  • In another aspect, A Field Programmable Gate Array (FPGA) is configured to monitor a plurality of data flows using a hash table to store state information regarding each flow, resolve hash table collisions according to a first algorithm stored on the FPGA, receive a second algorithm at the FPGA to resolve hash table collisions, the second algorithm different from the first algorithm, and use the received second algorithm to resolve hash table collisions occurring subsequent the receipt of the second algorithm. [0016]
  • In one aspect, an apparatus for controlling traffic on a network is provided. The apparatus includes at least one input port, at least one output port, and at least one logic device operationally coupled to the input port and the output port. The logic device is configured to monitor a data stream, determine a particular byte offset within the monitored stream at which to block flow of the stream, and block flow of the data stream at the determined byte offset. [0017]
  • In one aspect, an apparatus for controlling traffic on a network is provided. The apparatus includes at least one input port, at least one output port, and at least one logic device operationally coupled to the input port and the output port. The logic device is configured to monitor a data stream for a first predetermined condition, block flow of the data steam upon a detection of the first predetermined condition, and re-enable flow of the blocked stream. [0018]
  • In one aspect, an apparatus for controlling traffic on a network is provided. The apparatus includes at least one input port, at least one output port, and at least one logic device operationally coupled to the input port and the output port. The logic device is configured to monitor a TCP data stream for a predetermined condition, and generate and transmit a TCP FIN packet for the monitored data stream upon a detection of the predetermined condition for the purpose of terminating the TCP data stream. [0019]
  • In one aspect, an apparatus for controlling traffic on a network is provided. The apparatus includes at least one input port, at least one output port, and at least one logic device operationally coupled to the input port and the output port. The logic device is configured to monitor a TCP data stream from a first device directed toward a second device for a predetermined condition, and manipulate the TCP data stream such that the second device receives data different than that sent from the first device. [0020]
  • In one aspect, an apparatus for controlling traffic on a network is provided. The apparatus includes at least one input port, at least one output port, and at least one logic device operationally coupled to the input port and the output port. The logic device is configured to monitor TCP traffic in band using a plurality of content scanning engines. [0021]
  • In one aspect, an apparatus for controlling traffic on a network is provided. The apparatus includes at least one input port, at least one output port, and at least one logic device operationally coupled to the input port and the output port. The logic device is configured to scan a plurality of TCP packets to detect a content match that spans multiple packets. [0022]
  • In one aspect, an apparatus for controlling traffic on a network is provided. The apparatus includes at least one input port, at least one output port, and at least one logic device operationally coupled to the input port and the output port. The logic device is configured to monitor a plurality of flows through the network wherein per flow memory usage is matched to a burst width of a memory module used to monitor a flow. [0023]
  • In one aspect, an apparatus for controlling traffic on a network is provided. The apparatus includes at least one input port, at least one output port, and at least one logic device operationally coupled to the input port and the output port. The logic device is configured to monitor a plurality of flows through the network wherein an overlapping retransmission is handled using a data enabled signal and a valid bytes vector. [0024]
  • In one aspect, an apparatus for controlling traffic on a network is provided. The apparatus includes at least one input port, at least one output port, and at least one logic device operationally coupled to the input port and the output port. The logic device is configured to monitor a plurality of data flows simultaneously, assign a maximum idle period of time for each monitored flow, and stop monitoring a flow which is idle for at least the assigned period of time. [0025]
  • In one aspect, an apparatus for controlling traffic on a network is provided. The apparatus includes at least one input port, at least one output port, and at least one logic device operationally coupled to the input port and the output port. The logic device is configured to monitor a plurality of data flows simultaneously, maintain a period of idle time for each monitored flow, and stop monitoring the flow having a longest period of idle time. [0026]
  • In one aspect, an apparatus for controlling traffic on a network is provided. The apparatus includes at least one input port, at least one output port, and at least one logic device operationally coupled to the input port and the output port. The logic device is configured to monitor a plurality of existing data flows simultaneously wherein each existing flow has a hash table entry, receive a new flow to be monitored, wherein the new flow hashes to the hash table entry of an existing flow causing a hash table collision, and stop monitoring of the existing flow whose hash table entry the new flow collided with.[0027]
  • BRIEF DESCRIPTION OF THE DRAWINGS
  • FIG. 1 is a high level view of the data flow through an embodiment of a TCP-Splitter. [0028]
  • FIG. 2 is a low-level view of data flow through an embodiment of a TCP-splitter. [0029]
  • FIG. 3 is a perspective view of a Field-programmable Port Extender (FPX) module. [0030]
  • FIG. 4 is a schematic view of the FPX module shown in FIG. 3. [0031]
  • FIG. 5 illustrates a plurality of workstations connected to a remote client across the Internet through a node including a TCP-Splitter coupled to a monitoring client application. [0032]
  • FIG. 6 illustrates a plurality of TCP-Splitter implemented FPX modules, as shown in FIGS. 3 and 4, in series between a programming device and a endpoint device forming a network. [0033]
  • FIG. 7 illustrates that monitoring systems are implemented as either in-band or out-of-band solutions. [0034]
  • FIG. 8 illustrates a system that focuses on an in-band type of solution where network data is routed into and back out of the monitoring application. [0035]
  • FIG. 9 illustrates a layout on an entry stored for a flow. [0036]
  • FIG. 10 illustrates a content-scanning engine combined with the TCP-Splitter shown in FIG. 1. [0037]
  • FIG. 11 illustrates an overall throughput of the content scanner increases by putting four scanning engines in parallel and processing four flows concurrently. [0038]
  • FIG. 12 illustrates that frames are buffered the event that there is congestion in a TCP Protocol Processing engine. [0039]
  • FIG. 13 illustrates three packet sequencing issues. [0040]
  • FIG. 14 illustrates an example of an overlapping retransmission and controlling signals.[0041]
  • DETAILED DESCRIPTION OF THE INVENTION
  • FIG. 1 is a high level view of the data flow through an embodiment of a TCP-[0042] Splitter 10. A plurality of Internet Protocol (IP) frames 12 enter into TCP-Splitter 10 from a source device 14 and frames 12 are addressed to a destination device 16. IP frames 12 each include an IP header 18 and a TCP frame including a TCP header and a data packet. The TCP header is removed, the packet is classified to retrieve Flow State, and then the packet is sent as a byte stream to a client application 20. An IP frame including the embedded TCP frame is also sent to destination device 16. Accordingly, the splitting of the TCP frame from the IP frame is transparent to devices 14 and 16. In one embodiment, client application 20 counts how many bits are being transferred in a TCP exchange. Additionally, client application 20 is provided with TCP header information and/or IP header information, and in one embodiment, the header information is used to bill a user on a bit transferred basis. In another embodiment, client application 20 has access to reference data and, in real time, compares the byte stream of TCP transferred data provided to client application 20 with the reference data to provide a content matching such as for example but not limited content matching as described in co-pending patent application Ser. No. 10/152,532 and Ser. No. 10/037,543, which are hereby incorporated herein in their entireties. In one embodiment, upon finding a particular match with a predefined reference data, TCP-splitter 10 stops all data flow from a particular IP address, all data flow to a particular IP address, and/or all data flow through TCP-splitter 10. In other embodiments, client application 20 monitors data through TCP-Splitter for security purposes, for keyword detection, for data protection, for copyright protection, and/or for watermark detection (and/or other types of embedded digital signatures). In one embodiment, a delay is utilized such that the data is analyzed as described above before an IP frame including the removed TCP frame is sent to the destination device. Accordingly, TCP-Splitter 10 allows for actions to be taken in real time processing. In other words, TCP-Splitter 10 allows for arbitrary actions to be taken by the client application before the IP frame is sent to the destination device. These actions include delaying transmission of the IP frame and stopping transmission of the IP frame. Additionally, in some placements, IP frames 12 can be wrapped with other protocol wrappers such as an ATM Adaptation Layer 5 (AAL5) frame wrapper 22 and an Asynchronous transmission mode (ATM) Cell wrapper 24.
  • TCP-[0043] Splitter 10 is not implemented in software, rather TCP-Splitter 10 is implemented with combinational logic and finite state machines in a logic device. As used herein a logic device refers to an Application Specific IC (ASIC) and/or a Field Programmable Gate Array (FPGA), and excludes processors. In the FPGA prototype, TCP-splitter 10 processes packets at line rates exceeding 3 gigabits per second (Gbps) and is capable of monitoring 256 k TCP flows simultaneously. However, TCP-Splitter 10 is not limited in the number of simultaneous TCP flows TCP-Splitter 10 is capable of monitoring and while 256 k flows was implemented in the prototype built, additional flows can easily be monitored by increasing the amount of memory utilized. Additionally, TCP-splitter 10 delivers a consistent byte stream for each TCP flow to client application 20. As explained in greater detail below, TCP-splitter 10 processes data in real time, provides client application 20 the TCP packets in order, and eliminates the need for large reassembly buffers. Additionally, by providing the TCP content in order, TCP-Splitter facilitates keeping a minimal amount of state.
  • FIG. 2 is a low level view of data flow through an embodiment of a TCP-[0044] splitter 30 illustrating a TCP input section 32 and a TCP output sections 34. Input section 32 includes a Flow classifier 36, a Checksum Engine 38, an Input State Machine 40, a Control First In-First Out (FIFO) buffer 42, a Frame FIFO buffer 44, and an Output State Machine 46. TCP output section 34, includes a Packet Routing engine 48 operationally coupled to a Client Application 50 and an IP output stack 52.
  • In use, data is delivered to an [0045] input stack 54 operationally coupled to TCP input section 32. Flow Classifier 36, Checksum Engine 38, Input State Machine 40, Control FIFO 42, and Frame FIFO 44 all process IP packet data received from the IP protocol wrapper. Output State Machine 46 is responsible for clocking data out of the control and frame FIFOs 42 and 44, and into output section 34. The input interface signals to TCP-Input section 32 are as follows:
  • IN 1 bit clock [0046]
  • IN 1 bit reset [0047]
  • IN 32 bit data word [0048]
  • IN 1 bit data enable [0049]
  • IN 1 bit start of frame [0050]
  • IN 1 bit end of frame [0051]
  • IN 1 bit start of IP payload[0052]
  • IP frames are clocked into [0053] input section 32 thirty-two data bits at a time. As data words are clocked in, the data is processed by Input State Machine 40 and buffered for one clock cycle. Input State Machine 40 examines the content of the data along with the control signals in order to determine the next state.
  • The output of [0054] Input State Machine 40 is the current state and the corresponding data and control signals for that state. This data is clocked into Flow Classifier 36, Checksum Engine 38, and Frame FIFO 44.
  • [0055] Flow Classifier 44 performs TCP/IP flow classification, verifies the sequence number, and maintains state information for this flow. Output signals of Flow Classifier 44 are (1) a 1 bit indication of whether or not this is a TCP packet, (2) a variable length flow identifier (currently eighteen bits), (3) a 1 bit indication of whether of not this is a new TCP flow, (4) a 1 bit indication of whether or not this packet should be forwarded, (5) a 1 bit indication of whether the sequence number was correct, and (6) a 1 bit indication of the end of a TCP flow.
  • [0056] Checksum Engine 38 verifies the TCP checksum located in the TCP header of the packet. The output of the checksum engine is a 1-bit indication whether of not the checksum was successfully verified. Frame FIFO 44 stores the IP packet while Checksum Engine 38 and Flow Classifier 36 are operating on the packet. Frame FIFO 44 also stores a 1 bit indication of the presence of TCP data, a 1 bit indication of the start of frame, a 1 bit indication of the end of frame, a 1 bit indication of the start of the IP packet payload, a 1 bit indication of whether or not there is valid TCP data, and a 2 bit indication of the number of valid bytes in the data word. The packet is stored so that the checksum and flow classifier results can be delivered to the outbound section 34 along with the start of the packet.
  • Once the flow has been classified and the TCP checksum has been computed, information about the current frame is written to [0057] Control FIFO 42. This data includes the checksum result (pass or fail), a flow identifier (currently 18 bits), an indication of whether or not this information is the start of a new flow, an indication of whether or not the sequence number matched the expected sequence number, a signal to indicate whether or not the frame should be forwarded, and a 1 bit indication of whether or not this is the end of a flow. Control FIFO 42 facilitates holding state information of smaller frames while preceding larger frames are still being clocked out of Frame FIFO 44 for outbound processing.
  • [0058] Output State Machine 46 is responsible for clocking data out of the Control and Frame FIFOs 42 and 44, and into output section 34 of TCP-Splitter 30. Upon detecting a non-empty Control FIFO 42, output state machine 46 starts clocking the next IP frame out of Frame FIFO 44. This frame data along with the control signals from Control FIFO 42 exit TCP-Input section 32 and enter TCP-Output section 34.
  • TCP-[0059] Splitter 30 uses a flow classifier that can operate at high speed and has minimal hardware complexity. In an exemplary embodiment a flow table with a 256 k element array contained in a low latency static RAM chip is used. Each entry in the table contains thirty-three bits of state information. An eighteen-bit hash of the source IP address, the destination IP address, the source TCP port, and the destination TCP port are used as the index into the flow table. The detection of a TCP FIN flag signals the end of a TCP flow and the hash table entry for that particular flow is cleared. Other classifiers can be used to identify traffic flows for TCP-Splitter 30. For example, SWITCHGEN (as described in “Pattern Matching in Reconfigurable Logic for Packet Classification”, Association for Computing Machinery, International Conference on Compilers, Architectures and Synthesis for Embedded Systems (ACM Cases), 2001, A. Johnson and K. Mackenzie) is a tool which transforms packet classification into reconfigurable hardware based circuit design and can be used with TCP-splitter 30. A Recursive Flow Classification (RFC) algorithm can also be used with TCP-Splitter and is another high performance classification technique that optimizes rules by removing redundancy. The design of TCP-Splitter 30 does not impose any restrictions on the flow classification technique utilized and can be used with any flow classifier.
  • In an exemplary embodiment, output-processing [0060] section 34 of TCP-Splitter 30 is responsible for determining how a packet should be processed. The input interface signals to output section 34 are as follows:
  • IN 1 bit clock [0061]
  • IN 1 bit reset [0062]
  • IN 32 bit data word [0063]
  • IN 1 bit data enable [0064]
  • IN 1 bit start of frame [0065]
  • IN 1 bit end of frame [0066]
  • IN 1 bit start of IP payload [0067]
  • IN 1 bit TCP data enable [0068]
  • IN 2 bit number of valid data bytes [0069]
  • IN 1 bit TCP protocol indication [0070]
  • IN 1 bit checksum passed [0071]
  • IN 18 bit flow identifier [0072]
  • IN 1 bit new flow indication [0073]
  • IN 1 bit forward frame indication [0074]
  • IN 1 bit correct sequence number [0075]
  • IN 1 bit data is valid [0076]
  • IN 1 bit end of flow[0077]
  • There are three possible choices for packet routing. Packets can be (1) passed on to the outbound IP stack only, (2) passed both to the outbound IP stack and to [0078] client application 50, or (3) discarded (dropped). The rules for processing packets are as follows:
  • All non-TCP packets (i.e., classified as non-TCP) are sent to the outbound IP stack. [0079]
  • All TCP packets with invalid checksums (i.e., classified as invalid TCP checksum) are dropped. [0080]
  • All TCP packets with sequence numbers less than the current expected sequence number (i.e., classified as sequence number less than expected) are sent to the outbound IP stack. [0081]
  • All TCP packets with sequence numbers greater than the current expected sequence number (i.e., classified as sequence number greater than expected) are dropped (i.e., discarded and not sent to either [0082] client application 50 or the outbound IP stack).
  • All TCP synchronization (TCP-SYN) packets are sent to the outbound IP stack. [0083]
  • All other packets (classified as else) are forwarded both to the outbound IP stack and [0084] client application 50. Note that when the TCP packet has a sequence number equal to expected and has a valid checksum, then that packet is classified as else and sent to the outbound IP stack as well as to client application 50.
  • A client interface (not shown) is between [0085] client application 50 and TCP output section 34. The client interface provides a hardware interface for application circuits. Only data that is valid, checksummed, and in-sequence for each specific flow is passed to client application 50. This allows the client to solely process the consistent stream of bytes from the TCP connection. All of the packet's protocol headers are clocked into client application 50 along with a start-of-header signal so that the client can extract information from these headers. This eliminates the need to store header information, but still allows the client access to this data. Client application 50 does not sit in the network data path and therefore does not induce any delay into the packets traversing the network switch. This allows the client application to have arbitrary complexity without affecting the throughput rate of TCP-splitter 30. The client interface contains the following signals:
  • IN 1 bit clock [0086]
  • IN 1 bit reset [0087]
  • IN 32 bit data word [0088]
  • IN 1 bit data enable [0089]
  • IN 1 bit start of frame [0090]
  • IN 1 bit end of frame [0091]
  • IN 1 bit start of IP payload [0092]
  • IN 1 bit TCP data enable [0093]
  • IN 2 bit number of valid data bytes [0094]
  • IN 18 bit flow identifier [0095]
  • IN 1 bit new flow indication [0096]
  • IN 1 bit end of flow [0097]
  • OUT 1 bit flow control[0098]
  • [0099] Client application 50 can generate a flow control signal that will stop the delivery of cells. In one embodiment, this signal is not processed by TCP-Splitter 30, but is passed on to the IP wrapper driving the ingress of IP packets. In another embodiment, this signal is processed by TCP-Splitter 30.
  • In the embodiment where TCP-[0100] Splitter 30 does not process the flow control signals, there is a delay in the cessation of the flow of data words into client application 50 while the flow control signal is being processed by the lower protocol layers. Since TCP-Splitter 30 does not act upon the flow control signal, data continues to flow until all buffers of TCP-Splitter 30 are empty. Client application 50 is configured to either handle data at line rates or is capable of buffering 1500 bytes worth of data after the flow control signal is asserted.
  • Because Transmission Control Protocol/Internet Protocol (TCP/IP) is the most commonly used protocol on the Internet, it is utilized by nearly all applications that require reliable data communications on a network. These applications include Web browsers, FTP, Telnet, Secure Shell, and many other applications. High-speed network switches currently operate at OC-48 (2.5 Gb/s) line rates, while faster OC-192 (10 Gb/s) and OC-768 (40 Gb/s) networks will likely be implemented in the near future. New types of networking equipment require the ability to monitor and interrogate the data contained in packets flowing through this equipment. TCP-[0101] Splitter 30 provides an easily implementable solution for monitoring at these increased bandwidths.
  • In one embodiment, and as explained in greater detail below, TCP-[0102] Splitter 30 provides a reconfigurable hardware solution which provides for the monitoring of TCP/IP flows in high speed active networking equipment. The reconfigurable hardware solution is implemented using Very High Speed Integrated Circuit (VHSIC) Hard-ware Description Language (VHDL) for use in ASICs or Field Programmable Gate Arrays (FPGAs). The collection of VHDL code that implements this TCP/IP monitoring function is also called TCP-Splitter in addition to the hardware itself (i.e., 10 and 30). This name stems from the concept that the TCP flow is being split into two directions. One copy of each network data packet is forwarded on toward the destination host. Another copy is passed to a client application monitoring TCP/IP flows. In an alternative embodiment, the copy that is passed to the client application is rewrapped with an IP wrapper to form an IP frame that is forwarded to the destination host. In order to provide for the reliable delivery of a stream of data into a client application, a TCP connection only needs to be established that transits through the device monitoring the data. The bulk of the work for guaranteed delivery is managed by the TCP endpoints, not by the logic on the network hardware. This eliminates the need for a complex protocol stack within the reconfigurable hardware because the retransmission logic remains at the connection endpoints, not in the active network switch.
  • TCP-[0103] Splitter 30 is a lightweight, high performance circuit that contains a simple client interface that can monitor a nearly unlimited number of TCP/IP flows simultaneously. The need for reassembly buffers is eliminated because all frames for a particular flow transit the networking equipment in order. Because there is no guarantee that TCP frames will traverse the network in order, some action will have to take place when packets are out of order. As explained above, by actively dropping out of order packets, a TCP byte stream is generated for the client application without requiring reassembly buffers. If a missing packet is detected, subsequent packets are actively dropped until the missing packet is retransmitted. This ensures in-order packet flow through the switch. Therefore a monitoring device always has an accumulated in order content stream before a destination device accumulates the in order content stream.
  • This feature forces the TCP connections into a Go-Back-N sliding window mode when a packet is dropped upstream of the monitoring node (e.g., the node where TCP-Splitter is positioned). The Go-Back-N retransmission policy is widely used on machines throughout the Internet. Many implementations of TCP, including that of Windows 98, FreeBSD 4.1, and Linux 2.4, use the Go-Back-N retransmission logic. The benefit on the throughput is dependent on the specific TCP implementations being utilized at the endpoints. In instances where the receiving TCP stack is performing Go-Back-N sliding window behavior, the active dropping of frames may improve overall network throughput by eliminating packets that will be discarded by the receiver. [0104]
  • Typically, TCP-[0105] Splitter 30 is placed in the network where all packets of monitored flows will pass. All packets associated with a TCP/IP connection being monitored then passes through the networking node where monitoring is taking place. It would otherwise be impossible to provide a client application with a consistent TCP byte stream from a connection if the switch performing the monitoring only processed a fraction of the TCP packets. In general, this requirement is true at the edge routers but not true for interior nodes of the Internet. This strategic placement of TCP-Splitter can be easily accomplished in private networks where the network has been designed to pass traffic in a certain manner.
  • FIG. 3 is a perspective view and FIG. 4 is a schematic view of a Field-programmable Port Extender (FPX) [0106] module 60 configured to implement a TCP-Splitter as described above. Module 60 includes a Network Interface Device (NID) 62 operationally coupled to a Reprogrammable Application Device (RAD) 64. NID 62 is configured to program and/or reprogram RAD 64. Module 60 also includes a plurality of memories including a static RAM 66, a Synchronous DRAM 68, and a PROM 70 operationally coupled to at least one of NID 62 and RAD 64. In an exemplary embodiment, NID 62 includes a FPGA such as a XCV600E FPGA commercially available from Xilinx, San Jose Calif., and RAD 64 includes a FPGA such as a XCV2000E FPGA also available from Xilinx.
  • In use, [0107] module 60 monitors network traffic and send TCP data streams to a client application in order. Because module 60 implements the TCP-Splitter in a FPGA, upon receipt of FPGA programming data the TCP-Splitter can reprogram itself and send the FPGA programming data to other TCP-splitters in a flow path between a sending device and a destination device. Additionally, module 60 can reprogram the router to process the traffic flow differently than before. Also, because the data is passed along to other TCP-Splitters, the overall QoS of a network is quickly and easily changeable. In other words, QoS policies, as known in the art, are easily and quickly changed in networks including a TCP-Splitter as herein described. Accordingly, the reprogrammed router prioritizes network traffic based on the flow. Additionally, the TCP-Splitter can include a plurality of reprogrammable circuits such as FPGAs and can monitor the TCP flows for different things substantially simultaneously. For example, one flow contains data in order for a client application to count bits, while another flow contains data in order for another client application to perform content matching, while another flow contains data for reprogramming an FPGA. Also, a plurality of FPGAs can be coupled to each other such that upon receipt by at least one of an ASIC and a FPGA of FPGA programming data, the ASIC or FPGA receiving the data uses the data to reprogram the FPGAs.
  • FIG. 5 illustrates a plurality of [0108] workstations 80 connected to a remote client 82 across the Internet 84 through a node 86 including a TCP-Splitter (not shown in FIG. 4) coupled to a Monitoring client application 88. All traffic from remote client 82 or any other device on the Internet 84 to or from workstations 80 passes through node 86 and is monitored with the TCP-Splitter coupled to client application 88.
  • FIG. 6 illustrates a plurality of TCP-Splitter implemented FPX modules [0109] 60 (Shown in FIGS. 3 and 4) in series between a programming device 90 and an endpoint device 92 forming a network 94.
  • In use, [0110] programming device 90 transmits programming data via a stream-oriented protocol using the Internet Protocol (IP) to send the data to endpoint device 92. Each FPX module 60 receives a plurality of IP frames addressed to endpoint device 92, removes the embedded stream-oriented protocol frame from the IP frame, and provides a client application the removed stream-oriented protocol frame. Each FPX module 60 sends an IP frame including the removed protocol frame back onto network 92. Accordingly, with one transmission stream made from programming device 90 to endpoint device 92, a plurality of intermediate devices (modules 60) receive programming data either to reprogram themselves (modules 60) or to reprogram any attached devices. Because the programming data is split (i.e., sent to the client application and sent back on network 94 addressed to endpoint device 92), TCP-Splitter imparts the ability to easily and quickly reconfigure a network of any size. As used herein, a stream-oriented protocol refers to all protocols that send data as a stream of packets such as TCP as opposed to non-stream-oriented protocols such as UDP where a single packet contains the entire message.
  • The above described TCP-Splitter is a circuit design which supports the monitoring of TCP data streams. A consistent byte stream of data is delivered to a client application for every TCP data flow that passes through the circuit. The TCP-Splitter accomplishes this task by tracking the TCP sequence number along with the current flow state. Selected out-of-order packets are dropped in order to provide the client application with the full TCP data stream without requiring large stream reassembly buffers. The dropping of packets to maintain an ordered flow of packets through the network has the potential to adversely affect the overall throughput of the network. However, an analysis of out-of-sequence packets in Tier-1 IP backbones has found that approximately 95% of all TCP packets were detected in proper sequence. Network induced packet reordering accounted for a small fraction of out-of-sequence packets, with the majority resulting from retransmissions due to data loss. Greater than 86% of all TCP flows observed contained no out-of-sequence packets. [0111]
  • The first implementation of the above described TCP-Splitter stored 33 bits of state information for each active flow in the network. By utilizing a low latency SRAM module, 256 k simultaneous flows were supported. The TCP-Splitter circuit utilized 32 bit wide data path of the FPX card and could operate at 100 MHz. At that clock rate, a maximum throughput of 3.2 Gbps was supported. [0112]
  • Monitoring systems are implemented as either in-band or out-of-band solutions. The two basic types are illustrated in FIG. 7. Out-of-band solutions are always passive systems. For example, a cable splitter, network tap, or other content duplicating mechanism is employed to deliver a copy of the network traffic to monitoring system. Since the monitor processes a copy of the true network traffic, it has no means by which to alter the network content and is therefore always a passive solution. In contrast, in-band network monitoring systems are positioned within the data path of the network. Traffic is processed and forwarded on toward end systems. In-band solutions could be configured to alter the content of the network by either inserting, dropping, or modifying network traffic. The following system is developed as an in-band monitoring device in order to provide a flexible platform upon with either passive or active extensible networking solutions can be developed. [0113]
  • The above described TCP-Splitter design was more closely aligned to the out-of-band type of monitoring solution. Network data was duplicated and a copy was passed to the monitoring application. FIG. 8 illustrates a [0114] system 100 that focuses on an in-band type of solution where network data is routed into and back out of the monitoring application. Developing a monitoring solution in this manner allows one to block selected flows, unblock previously blocked flows, and alter flow specific data as the data traverses through the monitoring system 100. Blocking flows allows system 100 to prevent data (ie. a virus) from reaching its intended destination. The unblocking of flows allows one to block the transmission of data (ie. confidential or copyrighted material) until an authorizing authority has granted permission for the blocked content to be delivered to the end user selectively. The altering of data is useful in removing a virus that has attached itself to normal (proper) data transiting the network. In this manner, a virus attached to a web page or email can be removed from the network without preventing the user from receiving the desired content. An example of an authorizing authority includes a Regional Transaction Processor (RTP) (not shown) as described in co-pending application Ser. No. 10/037,593. The RTP includes various hardware and software components (not shown) that allow the RTP to communicate with system 100, facilitate and process transactions, and store the related information securely over the Internet. A remote access server (not shown) can receive content match information directly from content owners via communication lines connected to the content owners' servers (not shown). A DB server (not shown) and storage system (not shown) store the content match information. A Central Storage and Backup System (CSBS) (not shown) backs up and stores data from one of more RTPs. The CSBS receives data from the RTPs through a router (not shown), a firewall (not shown), and an enterprise switch (not shown) to back-up onto a plurality of storage systems (not shown). A DataBase (DB) server (not shown) date stamps and logs all information received.
  • The RTP that processes transactions based on messages from a workstation (not shown) and/or [0115] system 100. An accounting server (not shown) receives and processes transactions using data in the DB server, a remote access server (not shown), and an external billing system (not shown) to facilitate transactions at the workstation.
  • The RTP has access to a tax lookup table (not shown) stored on the DB server or the storage system. The tax table can be used to determine the amount of sales tax rates to add to the price of delivering content through the [0116] system 100 or other retail transactions made by a user at the workstation. An identifier for the workstation and an identifier for the corresponding system 100 can be used to determine which tax tables or tax rate formula to use to determine the amount of state and/or local sales tax to charge for a transaction.
  • [0117] System 100 and the RTP also can use public/private key encryption/decryption technology to decrypt encrypted data packets for content matching, and then re-encrypt the data packet and forward it to the workstation. Alternatively, content match information can be provided to identify the content of a data packet in encrypted format, thereby eliminating the need to decrypt the data packet.
  • The content provider also can supply or indicate transaction instructions to be used in the RTP when the [0118] system 100 finds a content match in a data packet. For example, if the user is required to pay for the content before receiving it, the RTP transmits a transaction prompt to the user's workstation (not shown) informing the user of the price to be paid for the content, and allowing the user to accept or decline the purchase. As another example, the RTP can transmit a prompt to inform the user that content infected with a virus is attempting to be transmitted from or received to the user's workstation, and that transmission or reception of the virus is being halted. As another example, the RTP can transmit a prompt to inform the user that content subject to security control is attempting to be transmitted from or received to the user's workstation, and that transmission or reception of the confidential content is being halted. As a further example, the RTP can tally statistics regarding transmission of designated content for purposes such as rating the popularity of the content.
  • [0119] System 100 performs content match searches for content unique to application(s) being performed by various entities such as content providers, business organizations, and/or government organizations. The applications can handle various situations based on the content, such as collecting payment for the authorized use of copyrighted content, preventing outgoing transmission of confidential material, preventing incoming receipt of material previously designated as unwanted by the recipient, and preventing the transmission of files containing viruses.
  • The content matches can include logic to search for particular watermarks or fingerprints to identify copyright content based on content match information from the content providers. The content matches also can include logic to understand one or more hashing functions. [0120]
  • [0121] System 100 includes a hardware circuit which is capable of reassembling TCP/IP data flows into their respective byte streams at multi-gigabit line rates. A large per-flow state store maintains 64 bytes of state information for millions of active TCP flows concurrently. Additional logic provides support for flow blocking, unblocking and stream modification features. System 100 enables a new generation of network services to operate within the core of the Internet.
  • [0122] System 100 includes a plurality of content scanner engines 102. Each content-scanning engine 102 is a hardware module that is capable of scanning the payload of packets for a set of regular expressions as described by J. Moscola, J. Lockwood, R. P. Loui, and M. Pachos in Implementation of a Content-Scanning Module for an Internet Firewall IEEE Symposium on Field-Programmable Custom Computing Machines (FCCM), Napa, Calif., USA, April 2003 and co-pending U.S. patent application Ser. No. 10/152,532.
  • Regular expressions are well-known tools for defining conditional strings. A regular expression may match several different strings. By incorporating various regular expression operators in a pattern definition, such a pattern definition may encompass a plurality of different strings. For example, the regular expression operator “.*” means “any number of any characters”. Thus, the regular expression “c.*t” defines a data pattern that encompasses strings such as “cat”, “coat”, “Chevrolet”, and “cold is the opposite of hot”. Another example of a regular expression operator is “*” which means “zero or more of the preceding expression”. Thus, the regular expression “a*b” defines a data pattern that encompasses strings such as “ab”, “aab”, and “aaab”, but not “acb” or “aacb”. Further, the regular expression “(ab)*c” encompasses strings such as “abc”, “ababc”, “abababc”, but not “abac” or “abdc”. Further still, regular expression operators can be combined for additional flexibility in defining patterns. For example, the regular expression “(ab)*c.*z” would encompass strings such as the alphabet “abcdefghij klmnopqrstuvwxy”, “ababcz”, “ababcqsrz”, and “abcz”, but not “abacz”, “ababc” or “ababacxvhgfjz”. [0123]
  • As regular expressions are well-known in the art, it is unnecessary to list all possible regular expression operators (for example, there is also an OR operator “|” which for “(a|b)” means any string having “a” or “b”) and combinations of regular expression operators. What is to be understood from the background material described above is that regular expressions provide a powerful tool for defining a data pattern that encompasses strings of interest to a user of [0124] system 100.
  • To accomplish the scanning of the payload of packets for a set of regular expressions, each content-scanning engine [0125] 102 employs a set of Deterministic Finite Automata (DFAs), each searching in parallel for one of the targeted regular expressions. Upon matching the content of a network data packet with any of these regular expressions, content-scanner 102 has the ability to either allow the data to pass or to drop the packet. Content-scanning engine 102 also has the ability to generate an alert message that can be sent to a log server when a match is detected in a packet. In an exemplary embodiment, the alert message contains the source and destination addresses of the matching packet along with a list of regular expressions that were found in the packet.
  • The TCP based content scanning engine integrates and extends the capabilities of the above described TCP-Splitter and Content-Scanning Engine [0126] 102. As illustrated in FIG. 8, data flow is from the left to the right. IP packets are passed into a TCP Protocol Processing Engine 104 from lower layer protocol processing engines contained within a network switch. An input packet buffer 106 provides an amount of packet buffering when there are downstream processing delays. TCP Protocol Processing Engine 104 validates packets and classifies them as part of a flow. Packets along with the associated flow state information are passed onto a Packet Routing module where the packets are routed either to Content Scanning Engines 102 or a Flow Blocking module 108. Multiple Content Scanning Engines 102 evaluate regular expressions against the TCP data stream. Packets returning from Content Scanning Engines 102 are passed to Flow Blocking module 108 where application specific state information is stored and flow blocking is enforced. Packets that are not blocked are passed back to the network switch which forwards them on toward their end destination.
  • To enable a quick access for storing and retrieving state information, a hash table is used in one embodiment. However, whenever a hash table is used, hash table collisions can occur. [0127]
  • Gracefully handling hash table collisions is a difficult problem for real-time network systems. An efficient method for dealing with hash collisions is to have the new flow age out the previous flow whenever a collision occurs. In other words when a new flow hashes to the same value as a previous flow, the monitoring of the previous flow is stopped and the new flow is monitored. This type of action leads to the incomplete scanning of TCP flows because the context scanning engine will loose the context information of the previous flow when it encounters a new flow with the same flow identifier. To ensure all flows are properly monitored, a linked list of flow state records can be chained off of the appropriate hash entry. The advantage to this approach is that all flows that encounter hash collisions in the state store can be fully monitored. The major drawback to this approach is that the time required to traverse a linked list of hash bucket entries could be excessive. The delay caused in retrieving flow state information can adversely affect the throughput of the system and lead to data loss. Another drawback of linked entries in the state store is the need to perform buffer management operations. This induces additional processing overhead into a system which is operating in a time critical environment. A [0128] State Store Manager 110 overcomes this problem by limiting the length of the chain to a constant number of entries.
  • A hashing algorithm which produces an even distribution across all hash buckets is important to the overall efficiency of the circuit. Initial analysis of the flow classification hashing algorithm used for [0129] system 100 was performed against packet traces available from the National Laboratory for Applied Network Research. With 26,452 flow identifiers hashed into a table with 8 million entries, there was a hash collision in less than 0.3% of the flows.
  • Additional features of [0130] system 100 includes support for the following services: Flow Blocking which allows a flow to be blocked at a particular byte offset within the TCP data stream); Flow Unblocking in which a previously disabled flow can be re-enabled and data for a particular flow will once again be allowed to pass through the circuit; Flow Termination in which a selected flow will be shut down by generating a TCP FIN packet; and Flow Modification which provides the ability to sanitize selected data contained within a TCP stream. For example, a virus is detected and removed from a data stream. The concept of altering the content of a TCP data stream is counterintuitive to most (if not all) networks. In the majority of circumstances, this type of behavior should be avoided at all costs. But there are a selected number of situations where modifying a TCP flow can be advantageous. One such situation is the above described removal of a virus from a TCP data stream in order to prevent the spreading of the virus. Another use could be associated with a series of extensible network solutions where information is added to or removed from a TCP data flow as the data traverses network nodes running extensible networking solutions.
  • There are three separate situations that need to be addressed when altering TCP stream data within the core of the network. The first involves modifying data within an existing data flow. In this case, the total number of data bytes transmitted by the source will be identical to the total number of data bytes received at the destination, only the content will have changed. The second case involves the addition of data to the data stream. In this case, the total number of data bytes received by the destination will be greater than the number of data bytes sent by the source. The third case involves the removal of data form the data stream. Here, the total number of data bytes received at the destination will be less than the total number of data bytes send by the source. [0131]
  • Case 1: Modifying the flow—In this situation, the processing engine which is altering the content of the TCP data stream need only operate on the flow of data in a single direction, from source to destination. When it is determined that data bytes should be altered, existing data bytes are replaced with new bytes. The TCP checksum of the network packet containing the altered data is recomputed to account for the new data. In addition, the processing engine remembers (1) the new content and (2) the TCP sequence number pertaining to the location in the data stream where the new content replaces existing content. This step is desired to handle the case where a retransmission occurs which contains data that has been altered. In order to ensure that the end system receives a consistent view of the new data stream, the old data needs to be replaced with new data whenever the old data transits the network. In this manner, the end system will always receive a consistent view of the transmitted byte stream with the selected data alterations applied. [0132]
  • Case 2: Adding data to the flow—When a processing engine within the network wishes to add content to a TCP data stream, the processing engine must process TCP packets sent in the forward direction from source to destination and TCP packets sent in the reverse direction, from destination back to the source. Without processing both directions of the data flow, the system will be unable to accurately manage the insertion of data into the flow. Once the position within the network stream where the data should be inserted is realized, the processing engine can then either modify existing TCP data packets and/or generate additional TCP data packets as necessary to insert data into the data stream. For each of these packets, the appropriate TCP header fields will have to be populated, including a checksum value. Sequence numbers contained in TCP packets received by the processing engine that occur after the point of insertion within the TCP data stream are incremented by the total number of bytes that were inserted into the stream. The processing engine stores the sequence number of the location where the data insertion took place along with the total number of bytes inserted into the stream. If a packet retransmission occurs, the processing engine performs the steps taken to insert the additional stream data so that the receiving node always receives a consistent view of the amended data stream. When processing TCP packets sent back from the receiving host, the processing engine decrements the acknowledgment number whenever the acknowledgment number exceeds the sequence number where the data insertion has taken place. In this manner, the processing engine can ensure that the source node will not receive acknowledgments for data that the receiving system has not yet processed. In addition, since the processing engine is inserting new data content into the stream, the processing engine also tracks the TCP processing state of the end systems and generates retransmission packets for the inserted data whenever it detects a nonincreasing sequence of acknowledgement numbers in the range of the inserted data. [0133]
  • Case 3: Removing data from the flow—When a processing engine within the network wishes to remove content from a TCP data stream, the processing engine processes TCP packets sent in the forward direction from the source to the destination and TCP packets sent in the reverse direction, from the destination back to the source. Without processing both packets traveling in both directions of the data flow, the system will be unable to accurately manage the removal of data from the flow. Once the position within the TCP data stream where data should be removed is encountered, the processing engine can start the removal process by eliminating packets or shrinking the overall size of a packet by removing part of the data contained within the packet. Packets which are modified must have their length fields and checksum values recomputed. Sequence numbers contained in TCP packets received by the processing engine that occur after the point of data removal are decremented by the total number of bytes that were removed from the stream. The processing engine stores the sequence number of the location where the data removal took place along with the total number of bytes that were removed from the stream. If a packets retransmission occurs, the processing engine performs the steps previously taken to effect the removal of data from the stream so that the receiving node always receives a consistent view of the altered data stream. When processing TCP packets sent from the receiving host back to the sending host, the processing engine increments the acknowledgment number whenever the acknowledgment number exceeds the sequence number where the data removal has taken place. In this manner, the processing engine can ensure that the source node receives the proper acknowledgment for all of the data received by the end system. Failure to perform this step could cause excessive retransmissions or a blocking of the flow of data if the amount of data removed exceeds the window size in use by the source node. [0134]
  • At any given moment, a high speed router may be forwarding millions of individual traffic flows. To support this large number of flows along with a reasonable amount of state information stored for each flow, a 512MB Synchronous Dynamic Random Access Memory (SDRAM) module can be utilized. The memory interface to this memory module has a 64 bit wide data path and supports a maximum burst length of eight operations. By matching [0135] system 10's per flow memory usage to the burst width of the memory module, one can optimize the memory bandwidth. Storing 64 bytes of state information for each flow optimizes the use of the memory interface by matching the amount of per flow state information with the amount of data in a burst transfer to memory. This configuration provides support for eight million simultaneous flows. Assuming $100.00 as a purchase price for a 512MB SDRAM memory module, the cost to store context for eight million flows is only 0.00125 cents per flow or 800 flows per penny as of August 2003. Memory modules other than SDRAM are also employable.
  • Of the 64 bytes of data stored for each flow, TCP processing engine [0136] 102 utilizes 32 bytes to maintain flow state and memory management overhead. The additional 32 bytes of state store for each flow holds the application data for each flow context. The layout of a single entry is illustrated in FIG. 9. A portion of this per-flow state storage is used to maintain the TCP data stream re-assembly operation similar to the above described TCP-Splitter design. Another portion of the storage area is used to ensure that network data packets are associated with the proper flow stored in the state store. Yet another portion of memory is used to maintain navigation information and memory management overhead. The final portion of the per-flow state storage area is used to store per-flow context information used by the monitoring application. Additional features support passing this saved context information to the monitoring application for each network data packet. Updates to a flow's context information by the monitoring application is written back to the state store so that this information can be provided back to the monitoring application when future packets for the flow are encountered. For example, the source and destination IP addresses along with the source and destination TCP ports could be hashed into a 23 bit value. This hash value could then be used as a direct index to the first entry in a hash bucket. The hash table would then contain 4 million records at fixed locations and an additional 4 million records that could be used to form a linked list. The IP addresses and ports could be hashed to a bit value other than 23 bits. For example, the IP addresses and ports could be hashed to any bit value based upon a desired number of flows to be indexed. The use of linked list records will enable the storing state information for multiple flows that hash to the same bucket. To ensure that system 100 is able to maintain real-time behavior, the number of link traversals is constrained by a constant. And as used herein, the term “hash table collision” refers to the situation where two flows hash to the same value, and to the situation where after two flows hash to the same hash value using a hash table employing a chaining of predetermined length and a chain is full for that hash value.
  • [0137] State Store Manager 110 can cache state information utilizing on-chip block RAM memory. This provides faster access to state information for the most recently accessed flows. A write-back cache design provides for improved performance.
  • If a match spans across multiple packets, the original design of the content-scanning engine would fail to detect the match. To alleviate this problem, the new content-scanning engine processes streams from the TCP Processing Engine. [0138]
  • The use of the TCP Processing Engine also requires that the content scanner process interleaved flows. Because each content scanner only holds the state of one flow, it needs to be able to save and restore the current state of a flow and perform a context switch whenever a new flow arrives. When a packet arrives at the content scanner on some flow, the content scanner must restore the last known matching state for that flow. When the content scanner has finished processing the packet, it must then save the new matching state of the flow which can be done by using the state store resources of the TCP processing circuit. [0139]
  • FIG. 10 shows the design of the content-scanning engine combined with the TCP-Splitter. When a new packet arrives from the TCP Processing Engine, it arrives concurrently with a flow ID and state information for that context. Once the state of the search engine is loaded, the content scanner can process the packet. If no matches are found in the packet, then the packet is allowed to pass through the module. If a match is discovered in the packet, then the packet may be dropped or the whole flow may be blocked. The content scanner also has the ability to send out an alert message if a match occurs. The format of the alert message is a UDP datagram which is also used for logging events in the system. As shown in FIG. 11, the overall throughput of the content scanner increases by putting four scanning engines in parallel and processing four flows concurrently. Incoming packets are dispatched to one of the scanning engines based on the last two bits of a flow ID provided by the TCP Processing Engine. By dispatching packets in this fashion, the possibility of hazards that may occur when two scanners are processing packets from the same flow simultaneously can be eliminated. [0140]
  • As was shown in FIG. 8, data is received on the left from the Internet Protocol Wrappers and passed into [0141] input buffer 106. Frames are buffered here in the event that there is congestion in a TCP Protocol Processing engine 150 shown in FIG. 12. This congestion can occur at instants when there are hash table collisions and the State Store Manager has to walk through a linked list in order to locate the proper flow context.
  • From [0142] input buffer 106, IP frames are passed to TCP Protocol Processing Engine 150. An input state machine 152 tracks the processing state within a single packet. Data is forwarded to (1) a Frame FIFO 154 which stores the packet, (2) a checksum engine 156 which validates the TCP checksum, and (3) a flow classifier 158. Once flow classifier 158 has computed a hash value for the packet, information is passed to State Store Manager 110 which retrieves the state information associated with the particular flow. Results are written to a Control FIFO 162 and the state store is updated with the current state of the flow.
  • An Output State Machine [0143] 164 reads data from the Frame and Control FIFOs and passes it to a packet routing engine 166 (shown in FIG. 8). Most traffic flows through the Content Scanning Engines 102 where the data is scanned. Packet retransmissions bypass Content Scanning Engines 102 and are sent directly to Flow Blocking module 108.
  • Data returning from Content Scanning Engines [0144] 102 is passed to Flow Blocking module 108. At this stage, the per flow state store is updated with the latest application specific state information. If flow blocking is enabled for a flow, it is enforced at this time. The sequence number of the packet is compared with the sequence number where flow blocking should take place. If the packet meets the blocking criteria, it is dropped from the network at this point. Packets that are not dropped are passed on to the outbound Protocol Wrapper.
  • [0145] State Store Manager 110 is responsible for processing requests for and updates to a flow state record. All interactions with a SDRAM memory 166 are handled along with the caching of recently accessed flow state information. A SDRAM controller 168 exposes three memory access interfaces, a read-write interface, a write only interface, and a read only interface. Requests to these interfaces are prioritized in the same order, with the read-write interface having the highest priority.
  • The layout of [0146] State Store Manager 110 along with its interactions to memory controller 168 and other modules in the TCP Processing Engine are illustrated in FIG. 12. Upon processing a new packet, a flow identifier hash value is computed and a record retrieval operation is initiated. State Store Manager 110 utilizes the read interface of memory controller 168 to retrieve the current state information for the flow and returns this information to the protocol processing engine. If the packet is determined to be valid and is accepted by the engine, an update operation is performed to store the new flow state. The flow blocking module also performs a SDRAM read operation in order to determine the current flow blocking state. If the flow blocking state has changed or there is an update to the application specific state information, a write operation is also performed to date the flow's saved state information.
  • In a worse case scenario, where there is at most a single entry per hash bucket, a total of two read and two write operations to SDRAM are required for each packet. These operations are an eight word read to retrieve flow state, an 8 word write to initialize a new flow record, a 4 word read to retrieve flow blocking information, and a 5 word write to update application specific flow state and blocking information. No memory accesses are required for TCP acknowledgment packets that contain no data. Analysis indicates that all of the read and write operations can be performed during the packet processing time if the average TCP packet contains more than 120 bytes of data. If the TCP packets contain less than this amount of data, insufficient time may be available to complete all of the memory operations while processing the packet. If this occurs, the packet may be stalled while waiting for a memory operation to complete. The average TCP packet size on the Internet has been shown to be approximately 300 bytes. It is important to note that the TCP Protocol Processing engine does not need to access memory for acknowledgment packets that contain no data. Given that half of all TCP packets are acknowledgments, the average size of a packet requiring memory operations to the state store will be larger than the 300 byte average previously stated. Processing larger packets decrease the likelihood of throttling due to memory access latency. On average, the system will have over twice the memory bandwidth required to process a packet when operating at OC-48 rates. [0147]
  • This paper discusses architecture for performing content scanning of TCP flows within high-speed networks. The circuit design is targeted for the Xilinx XCV2000E FPGA in the FPX platform with an operational clock frequency of 80 MHz. This provides for the monitoring of eight million simultaneous TCP flows at OC-48 (2.5 Gb/s) line rates. Utilizing a 512MB commodity SDRAM memory, 8M flows can be stored with at a cost of 0.00125 cents per flow. By storing 64 bytes per flow, it is possible to maintain the context of the scanning engine for each flow. [0148]
  • By developing a circuit that operates in a Field Programmable Gate Array (FPGA) device, run-time changes can be made to the list of scanned content. Having the ability to quickly react to new filtering requirements, makes this architecture an ideal framework for a network based Intrusion Detection System. [0149]
  • New FPGA devices are available which have 4 times the number of logic gates and operate at over twice the clock rate of the XVC2000E used on the FPX platform. The latest memory modules support larger densities, higher clock frequencies, and Double Data Rate (DDR) transfer speeds. Utilizing these new devices, the TCP based content scanning engine could achieve OC-192 (10 Gb/s) data rates without requiring major modifications. [0150]
  • The goal of a TCP based flow monitoring system is to produce a byte stream within the interior of the network which is identical to the byte stream processed by the end system. In order to do this, one must effectively track the TCP processing state of the end system and perform similar operations. The difficulty of this task stems from the fact that the traffic observed at the monitoring node could be quite different from the traffic received at the end system. Three potential packet sequencing issues are shown in FIG. 13 and outlined below. 1) Packets processed at the monitoring station are not processed by the end host system (A in FIG. 13). This can occur when a packet is dropped between the monitoring station and the end system. Once arriving at the monitoring system, the packet is processed accordingly and the processing state is advanced under the assumption that the end system will follow the same behavior when it received the packet. If the packet never arrives at the end system, then the state of the monitor and end system are inconsistent with respect to each other. 2) Packets processed at the end host system are not processed by the monitoring station (B in FIG. 13). This can occur when successive packets of a data flow take different paths through the network. If the monitoring station is placed at a point where it sees packets traversing one path but not the other, then it will be difficult to impossible to track the state of the end system depending on what data is sent over which path. And 3) Packets processed at the monitoring station in the order [1][2][3] may arrive at arrive at the end system in a different order (C in FIG. 13). Without knowing the specifics of the protocol implementation, the monitoring system will be unable to determine how the end system processes that sequence. Even worse, the monitoring system will have no idea that the packets have been processed by the end system in a different order. [0151]
  • The task of maintaining per-flow state information is difficult when the following three constraints are imposed: (1) provide storage for tens of bytes of per-flow state information, (2) support millions of simultaneous flows, (3) operate within a high-speed networking environment. Eliminating any one of these constraints greatly simplifies the problem. Reducing the amount of state information required for each flow down to one bit or reducing the number of flows to less then about 100,000 allows the use of a commodity static RAM devices-or on chip memories. Eliminating the high speed networking environment would allow for long delays associated with slower memory or secondary storage. In a worse case scenario containing a steady stream of 64 byte packets, the monitoring system will only have 200 ns in which to perform the required memory operations when processing data on an OC-48 link (2.5 Gbps). Each packet will require a read and a write operation in order to retrieve flow context information and to store the updated flow state. [0152]
  • When tracking large numbers of network flows, it is impossible to utilize a directly indexed state store. A unique flow is determined by a 32 bit source IP address, a 32 bit destination IP address, a 16 bit source TCP port number, and a 16 bit destination TCP port number. This would require 2[0153] 96 or 8*1028 individually addressable memory locations. In order to reduce this to a reasonable number, a hashing scheme or other reduced memory indexing scheme is implemented. If the hash table is sparsely populated and there are no hash collisions, then state information can be accessed in a timely manner. When dealing with large numbers of flows (on the order of a million), the issue of hash collision becomes a real concern. Take for instance, the case where there 100 different flows that all hash to the same entry. The state retrieval algorithm will have to traverse 50 entries on average in order to navigate to the correct entry. This can lead to an excessive amount of time spent retrieving state information which leads to diminished throughput of the system. This can quickly lead to data loss and dropped packets when buffering resources are exhausted. Artificially limiting the number of entries posted to any single hash bucket can greatly improve the worst case performance associated with a lookup operation. The resulting negative tradeoff is that flow state information may be discarded for an active flow when a hash bucket reaches the limit. Content scanning and flow re-assembly operations will be interrupted when this occurs.
  • Additionally, TCP based network flows do not always produce a proper termination sequence. This improper termination can be caused by a system crash, power outage, a network event, or something as simple a disconnected cable. Because TCP connections can exist for long periods of time without the presence of network traffic, it is difficult for a monitoring station to determine whether a flow is idle or if the flow should be terminated. Not terminating flows leads to the exhaustion of flow tracking resources. Prematurely terminating an active flow can lead to situations where data is allowed to traverse the network unmonitored. The problem is even worse when attempting to monitor a series of individual UDP data packets as a data stream. The UDP protocol does not contain any provisions for marking the start or end of a flow. [0154]
  • Due to the tight timing constrains imposed by the operating environment, the task of dealing with potential hash collisions is difficult. One approach is to have new flows preempt previous flows when hash table collisions occur. The benefit of this processing behavior is that the system can quickly respond to hash table lookups because each hash bucket only contains one entry. With a total of 8 million hash buckets, the frequency of hash collisions would be low. The downside of this approach is that interesting flows may not be fully monitored because state information for an active flow is lost when a hash table collision occurs. Another approach is to support a linked list of flow state entries tied to each hash bucket. One advantage with this solution is that all flows are monitored, regardless of whether or not there were hash table collisions. One down side is that it may take an excessive amount of time to retrieve flow state information from the state store because the state store manager may have to traverse a long linked list of entries. This delay in retrieving state information can lead to data loss on the network device which will adversely affect the overall throughput of the network. [0155]
  • In order to improve the performance of the system, herein described engine will not perform any memory operations to the state store when processing a TCP SYN packet. Instead, these packets are passed through the system without incurring any of the delays associated with an attempt to retrieve state information. In the presence of a TCP SYN attack, the system will pass traffic through without consuming flow state resources. Other non-TCP traffic will also flow through the system without any additional processing. [0156]
  • The tracking of a flow is initiated by the reception of a TCP data packet. The assumption here is that a proper TCP flow setup has previously been performed by the connection endpoints. A denial of service attack which generates random TCP data packets without first establishing a valid TCP session can potentially induce processing delays for the proposed monitoring system. The flow state manager allocates resources and attempts to track these packets as if they were part of a valid TCP flow. An attack of this nature could potentially exhaust the per-flow state storage resources of the solution. [0157]
  • There are several methods which could be employed to age flows out of the active flow cache. First, one could set a maximum idle period. If no traffic is detected on a particular flow for a predefined unit of time, then the flow will assumed to have been terminated and the resources that were used to monitor the flow-will-be released. Secondly, a least recently used algorithm is implemented. Instead of aging out flows after a set period of time, the age out of idle flows only occurs after all of the system resources have been utilized. When a new flow arrives and there are no flow tracking resources available. The resources associated with the flow which has been idle for the longest period of time will be used to support the tracking of the newly arrived flow. This approach eliminates the need for periodic background processing to age out flows because a flow age out is triggered by the arrival of a new flow. A third approach involves cannibalizing the resources of another flow when resource contention occurs. When using a hash table to store flow state information, a flow would be assumed to be terminated whenever a hash table collision occurred during the arrival of a new flow. One disadvantage of this approach is that two or more active flows which map to the same hash table entry will continually be bumping the other flow from the monitoring system. This will inhibit the ability of the monitoring system to fully monitor these flows. One benefit of this technique over the first two is that of performance. The third algorithm can be implemented quickly and takes a small, bounded amount of time to service each flow. The other two algorithms require extra processing in order to maintain link lists of least recently used flows. In addition, the traversal of long link list chains may be required in order to navigate to the proper flow record. This extra processing can cause excessive delays and leads to systems which are prone to data loss. All three of these options have limitations. The modular design of the herein described monitoring engine allows the replacement of the State Store Manager component. All of the logic necessary to implement one of these algorithms will be contained within this module on an FPGA. By replacing this module, the behavior of the memory manager can be altered in order to match the behavior of the system with the expected traffic load. [0158]
  • During any TCP conversation, a situation called overlapping retransmissions can arise. While the occurrence of condition is normal behavior for the TCP protocol, it can cause problems when performing flow reconstruction if not handled properly. To accommodate an overlapping retransmission, the herein described circuit design employs a data enable signal and a valid bytes vector. The data enable signal will during a clock cycle where there is TCP data to be processed by the client application. Valid bytes is a 4-bit vector which indicates which of the four data bytes contain valid data to be processed. The client application will only process data when both the data enable signal and the appropriate valid bytes signal are asserted. An example of an overlapping retransmission and the controlling signals can be seen in FIG. 14. [0159]
  • The herein described systems and methods that enable content based routing algorithms which support fine grain routing of network packets based on packet payloads, intrusion detection systems which offer a wide range services from the triggering of alarms to packet filtering to virus removal, advanced traffic filtering systems which filter copyrighted or confidential material based on data signatures or watermarks, real-time monitoring systems which operate at multi-gigabit line speeds, data scrubbing system which remove selected content providing enhanced levels of security, and data mining systems which collect data for specialized analysis systems. Extensible networking systems provide a flexible platform for performing these complex tasks. With the continued increase of clock frequencies, gate counts, and memory densities in microprocessors and Field Programmable Gate Arrays (FPGA), vast amounts of hardware resources can be made available to the extensible networking solutions developers. Instead of just forwarding packets, new network devices will be able to provide value added services within the core of the Internet. A hardware circuit which supports TCP stream re-assembly and flow monitoring is a desired component which will allow these services to operate in a high speed networking environment. [0160]
  • Also, the herein described systems and methods can be used to police copyrights, which is one technical effect. [0161] System 100 can be keyed with a data pattern that will reliably detect when a party's copyrighted material is transmitted over a network. For example, copyrighted songs, motion pictures, and images are often transmitted over the Internet via audio files, video files, and image files. By properly designing a data pattern that will detect when such works are present in packet traffic, a practitioner of the herein described systems and methods can utilize system 100 to detect the transmission of such copyrighted works and take appropriate action upon detection.
  • Further still, the herein described systems and methods can be used to protect against the dissemination of trade secrets and confidential documents, which is another technical effect. A company having trade secrets and/or confidential documents stored on its internal computer system can utilize the herein described systems and methods to prevent the unauthorized transmission of such information outside a company's internal network. The company's network firewall can use [0162] system 100 that is keyed to detect and drop any unauthorized packets that are found to include a string that matches a data pattern that encompasses that company's trade secrets and/or confidential information. A company has a wide range of options for flagging their confidential/trade secret information, from adding electronic watermarks to such information (wherein the data processor is keyed by the watermark) to designing a separate data pattern for each confidential/trade secret document/file that will reliably detect when that document/file is transmitted.
  • Further still, the herein described systems and methods can be utilized by governmental investigatory agencies to monitor data transmissions of targeted entities over a computer network, which is another technical effect. [0163] System 100 can be keyed with a data pattern that encompasses keywords of interest and variations thereof. For example, certain words related to explosives (i.e., TNT, etc.), crimes (i.e., kill, rob, etc.), and/or wanted individuals (i.e., known terrorists, fugitives, etc.) can be keyed into the packet processor. Once so configured, the packet processor can detect whether those keywords (or variations) are present in a packet stream, and upon detection take appropriate action (e.g., notify an interested governmental agency, or redirect the data for further automated processing).
  • Yet another example of an application for the herein described systems and methods is as a language translator, which is another technical effect. [0164] System 100's search and replace capabilities can be used to detect when a word in a first language is present in a packet, and upon detection, replace that word with its translation into a second language. For example, the packet processor can be used to replace the word “friend” when detected in a packet with its Spanish translation “amigo”. Taking advantage of the fact that system 100 possesses the capability of searching packets for a plurality of different data patterns, the present invention can be used as a large scale translation device wherein the packet processor is keyed with a large language A to language B dictionary. Further still, it is possible that a practitioner of the herein described systems and methods can develop data patterns that not only take into account word-for-word translations, but also will account for grammatical issues (for example, to reconcile the English method of a noun preceded by an adjective with the Spanish method of a noun followed by an adjective).
  • Further still, the herein described systems and methods can be used to monitor/filter packet traffic for offensive content, which is another technical effect. For example, a parent may wish to use [0165] system 100 to prevent a child from receiving profane or pornographic material over the Internet. By keying system 100 to search for and delete profanities or potentially pornographic material, a parent can prevent such offensive material from reaching their home computer.
  • Yet another potential application is as an encryption/decryption device, which is yet another technical effect. [0166] System 100 can be designed to replace various words or letters with replacement codes to thereby encrypt packets designed for the network. On the receiving end, another System 100 can be equipped to decrypt the encrypted packets by replacing the replacement codes with the original data.
  • These are but a few of the potential uses and technical effects of the herein described methods and systems. Those of ordinary skill in the art will readily recognize additional uses for the present invention, and as such, the scope of the present invention should not be limited to the above-described applications which are merely illustrative of the wide range of usefulness possessed by the present invention. The full scope of the present invention can be determined upon review of the description above and the attached claims. [0167]
  • While the invention has been described in terms of various specific embodiments, those skilled in the art will recognize that the invention can be practiced with modification within the spirit and scope of the claims. [0168]

Claims (61)

What is claimed is:
1. A method for controlling traffic on a network, said method comprising:
monitoring a data stream;
determining a particular byte offset within the monitored stream at which to block flow of the stream; and
blocking flow of the data stream at the determined byte offset.
2. A method in accordance with claim 1 further comprising:
sending data to an authorizing authority; and
re-enabling flow of the blocked stream upon receipt of an authorization from the authorizing authority.
3. A method in accordance with claim 1 further comprising manipulating the data stream such that a second device comprising a receiving device receives data different than that sent from a first device comprising a sending device.
4. A method in accordance with claim 3, wherein said monitoring a data stream comprises monitoring TCP traffic in band through a switch using a plurality of content scanning engines.
5. A method in accordance with claim 4, wherein said monitoring comprises content scanning a plurality of TCP packets to detect a content match that spans multiple packets.
6. A method in accordance with claim 5, wherein said monitoring comprises monitoring a plurality of flows through the network wherein an overlapping retransmission is handled using a data enabled signal and a valid bytes vector.
7. A method in accordance with claim 6 further comprising:
maintaining a period of idle time for each monitored flow; and
stopping monitoring a flow which has the longest period of idle time upon receipt of a new flow to be monitored when a total number of flows being monitored is equal to a desired maximum number of simultaneous flows.
8. A method in accordance with claim 6, wherein said monitoring a plurality of data flows comprises monitoring a plurality of existing data flows simultaneously wherein each existing flow has a hash table entry, said method further comprises:
receiving a new flow to be monitored, wherein the new flow hashes to the hash table entry of an existing flow causing a hash table collision; and
stopping monitoring of the existing flow whose hash table entry the new flow collided with.
9. A method in accordance with claim 1, wherein said monitoring comprises monitoring a TCP data stream for a predetermined condition, said blocking comprises generating and transmitting a TCP FIN packet for the monitored data stream upon a detection of the predetermined condition for the purpose of terminating the TCP data stream.
10. A method for controlling traffic on a network, said method comprising:
monitoring a data stream for a first predetermined condition;
blocking flow of the data steam upon a detection of the first predetermined condition; and
re-enabling flow of the blocked stream.
11. A method in accordance with claim 10 further comprising:
sending data to an authorizing authority; and
re-enabling flow of the blocked stream upon receipt of an authorization from the authorizing authority.
12. A method in accordance with claim 11, wherein said monitoring comprises monitoring a plurality of flows through the network wherein an overlapping retransmission is handled using a data enabled signal and a valid bytes vector.
13. A method for controlling traffic on a network, said method comprising:
monitoring a TCP data stream for a predetermined condition; and
generating and transmitting a TCP FIN packet for the monitored data stream upon a detection of the predetermined condition for the purpose of terminating the TCP data stream.
14. A method for controlling traffic on a network, said method comprising:
monitoring a TCP data stream from a first device directed toward a second device for a predetermined condition; and
manipulating the TCP data stream such that the second device receives data different than that sent from the first device.
15. A method in accordance with claim 14, wherein said monitoring comprises monitoring a TCP data stream from a first device directed toward a second device for an indication of a presence of a virus within the stream, said manipulating comprises removing the virus from the stream.
16. A method in accordance with claim 14, wherein said manipulating comprises computing a checksum for a modified TCP packet which is the same number of bytes long as an original TCP packet which the modified TCP packet is replacing in the TCP data stream.
17. A method in accordance with claim 14, wherein said manipulating comprises computing a checksum for a TCP packet added to the stream.
18. A method for controlling traffic on a network, said method comprising monitoring TCP traffic in band through a switch using a plurality of content scanning engines.
19. A method in accordance with claim 18 further comprising buffering the monitored TCP traffic in an input buffer.
20. A method in accordance with claim 18 further comprising validating and classifying TCP packets as part of individual flows and sending the flows to the content scanning engines such that each content scanning engine receives a unique flow.
21. A method in accordance with claim 20, wherein said classifying comprises using a hash table to classify a flow wherein hash table conflicts are resolved by chaining off a linked list of flow state records wherein a length of the chain is limited to a constant number of entries.
22. A method for controlling traffic on a network, said method comprising content scanning a plurality of TCP packets to detect a content match that spans multiple packets.
23. A method for controlling traffic on a network, said method comprising monitoring a plurality of flows through the network wherein per flow memory usage is matched to a burst width of a memory module used to monitor a flow.
24. A method for controlling traffic on a network, said method comprising monitoring a plurality of flows through the network wherein an overlapping retransmission is handled using a data enabled signal and a valid bytes vector.
25. A method for controlling traffic on a network said method comprising:
monitoring a plurality of data flows simultaneously;
assigning a maximum idle period of time for each monitored flow; and
stopping monitoring a flow which is idle for at least the assigned period of time.
26. A method for controlling traffic on a network said method comprising:
monitoring a plurality of data flows simultaneously;
maintaining a period of idle time for each monitored flow; and
stopping monitoring the flow having a longest period of idle time.
27. A method in accordance with claim 26, wherein said stopping comprises stopping monitoring a flow having the longest period of idle time upon receipt of a new flow to be monitored.
28. A method in accordance with claim 26, wherein said stopping comprises stopping monitoring a flow which has the longest period of idle time upon receipt of a new flow to be monitored when a total number of flows being monitored is equal to a desired maximum number of simultaneous flows.
29. A method for controlling traffic on a network said method comprising:
monitoring a plurality of existing data flows simultaneously wherein each existing flow has a hash table entry;
receiving a new flow to be monitored, wherein the new flow hashes to the hash table entry of an existing flow causing a hash table collision; and
stopping monitoring of the existing flow whose hash table entry the new flow collided with.
30. A method in accordance with claim 29 further comprising monitoring the new flow after said stopping monitoring the existing flow.
31. A Field Programmable Gate Array (FPGA) configured to:
monitor a plurality of data flows using a hash table to store state information regarding each flow;
resolve hash table collisions according to a first algorithm stored on said FPGA;
receive a second algorithm at said FPGA to resolve hash table collisions, said second algorithm different from the first algorithm; and
use the received second algorithm to resolve hash table collisions occurring subsequent said receipt of the second algorithm.
32. An apparatus for controlling traffic on a network, said apparatus comprising:
at least one input port;
at least one output port; and
at least one logic device operationally coupled to said input port and said output port, said logic device configured to:
monitor a data stream;
determine a particular byte offset within the monitored stream at which to block flow of the stream; and
block flow of the data stream at the determined byte offset.
33. An apparatus in accordance with claim 32, wherein said logic device further configured to:
send data to an authorizing authority; and
re-enable flow of the blocked stream upon receipt of an authorization from the authorizing authority.
34. An apparatus in accordance with claim 32, wherein said logic device further configured to manipulate the data stream such that a second device comprising a receiving device receives data different than that sent from a first device comprising a sending device.
35. An apparatus in accordance with claim 32, wherein said logic device further configured to monitor TCP traffic in band using a plurality of content scanning engines.
36. An apparatus in accordance with claim 32, wherein said logic device further configured to content scan a plurality of TCP packets to detect a content match that spans multiple packets.
37. An apparatus in accordance with claim 32, wherein said logic device further configured to monitor a plurality of flows through the network wherein an overlapping retransmission is handled using a data enabled signal and a valid bytes vector.
38. An apparatus in accordance with claim 32, wherein said logic device further configured to:
maintain a period of idle time for each monitored flow; and
stop monitoring a flow which has the longest period of idle time upon receipt of a new flow to be monitored when a total number of flows being monitored is equal to a desired maximum number of simultaneous flows.
39. An apparatus in accordance with claim 32, wherein said logic device further configured to:
monitor a plurality of existing data flows simultaneously wherein each existing flow has a hash table entry;
receive a new flow to be monitored, wherein the new flow hashes to the hash table entry of an existing flow causing a hash table collision; and
stop monitoring of the existing flow whose hash table entry the new flow collided with.
40. An apparatus in accordance with claim 32, wherein said logic device further configured to:
monitor a TCP data stream for a predetermined condition; and
generate and transmit a TCP FIN packet for the monitored data stream upon a detection of the predetermined condition for the purpose of terminating the TCP data stream.
41. An apparatus for controlling traffic on a network, said apparatus comprising:
at least one input port;
at least one output port; and
at least one logic device operationally coupled to said input port and said output port, said logic device configured to:
monitor a data stream for a first predetermined condition;
block flow of the data steam upon a detection of the first predetermined condition; and
re-enable flow of the blocked stream.
42. An apparatus in accordance with claim 41, wherein said logic device further configured to:
send data to an authorizing authority; and
re-enable flow of the blocked stream upon receipt of an authorization from the authorizing authority.
43. An apparatus in accordance with claim 41, wherein said logic device further configured to monitor a plurality of flows through the network wherein an overlapping retransmission is handled using a data enabled signal and a valid bytes vector.
44. An apparatus for controlling traffic on a network, said apparatus comprising:
at least one input port;
at least one output port; and
at least one logic device operationally coupled to said input port and said output port, said logic device configured to:
monitor a TCP data stream for a predetermined condition; and
generate and transmit a TCP FIN packet for the monitored data stream upon a detection of the predetermined condition for the purpose of terminating the TCP data stream.
45. An apparatus for controlling traffic on a network, said apparatus comprising:
at least one input port;
at least one output port; and
at least one logic device operationally coupled to said input port and said output port, said logic device configured to:
monitor a TCP data stream from a first device directed toward a second device for a predetermined condition; and
manipulate the TCP data stream such that the second device receives data different than that sent from the first device.
46. An apparatus in accordance with claim 45, wherein said logic device further configured to:
monitor a TCP data stream from a first device directed toward a second device for an indication of a presence of a virus within the stream; and
remove the virus from the stream.
47. An apparatus in accordance with claim 45, wherein said logic device further configured to compute a checksum for a modified TCP packet which is the same number of bytes long as an original TCP packet which the modified TCP packet is replacing in the TCP data stream.
48. An apparatus in accordance with claim 45, wherein said logic device further configured to compute a checksum for a TCP packet added to the stream.
49. An apparatus for controlling traffic on a network, said apparatus comprising:
at least one input port;
at least one output port; and
at least one logic device operationally coupled to said input port and said output port, said logic device configured to:
monitor TCP traffic in band using a plurality of content scanning engines.
50. An apparatus in accordance with claim 49, wherein said logic device further configured to buffer the monitored TCP traffic in an input buffer.
51. An apparatus in accordance with claim 49, wherein said logic device further configured to validate and classify TCP packets as part of individual flows and send the flows to the content scanning engines such that each content scanning engine receives a unique flow.
52. An apparatus in accordance with claim 51, wherein said logic device further configured to use a hash table to classify a flow wherein hash table conflicts are resolved by chaining off a linked list of flow state records wherein a length of the chain is limited to a constant number of entries.
53. An apparatus for controlling traffic on a network, said apparatus comprising:
at least one input port;
at least one output port; and
at least one logic device operationally coupled to said input port and said output port, said logic device configured to scan a plurality of TCP packets to detect a content match that spans multiple packets.
54. An apparatus for controlling traffic on a network, said apparatus comprising:
at least one input port;
at least one output port; and
at least one logic device operationally coupled to said input port and said output port, said logic device configured to monitor a plurality of flows through the network wherein per flow memory usage is matched to a burst width of a memory module used to monitor a flow.
55. An apparatus for controlling traffic on a network, said apparatus comprising:
at least one input port;
at least one output port; and
at least one logic device operationally coupled to said input port and said output port, said logic device configured to monitor a plurality of flows through the network wherein an overlapping retransmission is handled using a data enabled signal and a valid bytes vector.
56. An apparatus for controlling traffic on a network said apparatus comprising:
at least one input port;
at least one output port; and
at least one logic device operationally coupled to said input port and said output port, said logic device configured to:
monitor a plurality of data flows simultaneously;
assign a maximum idle period of time for each monitored flow; and
stop monitoring a flow which is idle for at least the assigned period of time.
57. An apparatus for controlling traffic on a network said apparatus comprising:
at least one input port;
at least one output port; and
at least one logic device operationally coupled to said input port and said output port, said logic device configured to:
monitor a plurality of data flows simultaneously;
maintain a period of idle time for each monitored flow; and
stop monitoring the flow having a longest period of idle time.
58. An apparatus in accordance with claim 57, wherein said logic device further configured to stop monitoring a flow having the longest period of idle time upon receipt of a new flow to be monitored.
59. An apparatus in accordance with claim 57, wherein said logic device further configured to stop monitoring a flow which has the longest period of idle time upon receipt of a new flow to be monitored when a total number of flows being monitored is equal to a desired maximum number of simultaneous flows.
60. An apparatus for controlling traffic on a network, said apparatus comprising:
at least one input port;
at least one output port; and
at least one logic device operationally coupled to said input port and said output port, said logic device configured to:
monitor a plurality of existing data flows simultaneously wherein each existing flow has a hash table entry;
receive a new flow to be monitored, wherein the new flow hashes to the hash table entry of an existing flow causing a hash table collision; and
stop monitoring of the existing flow whose hash table entry the new flow collided with.
61. An apparatus in accordance with claim 60, wherein said logic device further configured to monitor the new flow after stopping monitoring the existing flow.
US10/638,815 2002-08-15 2003-08-11 Reliable packet monitoring methods and apparatus for high speed networks Abandoned US20040049596A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
US10/638,815 US20040049596A1 (en) 2002-08-15 2003-08-11 Reliable packet monitoring methods and apparatus for high speed networks

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US10/222,307 US7711844B2 (en) 2002-08-15 2002-08-15 TCP-splitter: reliable packet monitoring methods and apparatus for high speed networks
US10/638,815 US20040049596A1 (en) 2002-08-15 2003-08-11 Reliable packet monitoring methods and apparatus for high speed networks

Related Parent Applications (1)

Application Number Title Priority Date Filing Date
US10/222,307 Continuation-In-Part US7711844B2 (en) 2002-08-15 2002-08-15 TCP-splitter: reliable packet monitoring methods and apparatus for high speed networks

Publications (1)

Publication Number Publication Date
US20040049596A1 true US20040049596A1 (en) 2004-03-11

Family

ID=28041397

Family Applications (2)

Application Number Title Priority Date Filing Date
US10/222,307 Expired - Fee Related US7711844B2 (en) 2002-08-15 2002-08-15 TCP-splitter: reliable packet monitoring methods and apparatus for high speed networks
US10/638,815 Abandoned US20040049596A1 (en) 2002-08-15 2003-08-11 Reliable packet monitoring methods and apparatus for high speed networks

Family Applications Before (1)

Application Number Title Priority Date Filing Date
US10/222,307 Expired - Fee Related US7711844B2 (en) 2002-08-15 2002-08-15 TCP-splitter: reliable packet monitoring methods and apparatus for high speed networks

Country Status (3)

Country Link
US (2) US7711844B2 (en)
AU (1) AU2003265411A1 (en)
WO (1) WO2004017604A2 (en)

Cited By (159)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20020029289A1 (en) * 2000-07-28 2002-03-07 Byrne Michael A. Debugging of multiple data processors
US20030177253A1 (en) * 2002-08-15 2003-09-18 Schuehler David V. TCP-splitter: reliable packet monitoring methods and apparatus for high speed networks
US20040024894A1 (en) * 2002-08-02 2004-02-05 Osman Fazil Ismet High data rate stateful protocol processing
US20040196308A1 (en) * 2003-04-04 2004-10-07 Blomquist Scott Alan Displaying network segment decode information in diagrammatic form
US20050132232A1 (en) * 2003-12-10 2005-06-16 Caleb Sima Automated user interaction in application assessment
US20050182929A1 (en) * 2004-02-13 2005-08-18 Sanjay Kaniyar Efficient hash table protection for data transport protocols
US20060023709A1 (en) * 2004-08-02 2006-02-02 Hall Michael L Inline intrusion detection using a single physical port
US20060053295A1 (en) * 2004-08-24 2006-03-09 Bharath Madhusudan Methods and systems for content detection in a reconfigurable hardware
US20060069872A1 (en) * 2004-09-10 2006-03-30 Bouchard Gregg A Deterministic finite automata (DFA) processing
US20060075206A1 (en) * 2004-09-10 2006-04-06 Bouchard Gregg A Deterministic finite automata (DFA) instruction
US20060101195A1 (en) * 2004-11-08 2006-05-11 Jain Hemant K Layered memory architecture for deterministic finite automaton based string matching useful in network intrusion detection and prevention systems and apparatuses
US20060146708A1 (en) * 2003-02-28 2006-07-06 Matsushita Electric Industrial Co., Ltd Packet transfer control method and packet transfer control circuit
US20070055664A1 (en) * 2005-09-05 2007-03-08 Cisco Technology, Inc. Pipeline sequential regular expression matching
US20070097982A1 (en) * 2005-11-03 2007-05-03 Chang-Chung Wen Network Flow/Stream Simulation Method
US20070124816A1 (en) * 2005-11-29 2007-05-31 Alcatel Unauthorized content detection for information transfer
US20070130140A1 (en) * 2005-12-02 2007-06-07 Cytron Ron K Method and device for high performance regular expression pattern matching
US20070168547A1 (en) * 2006-01-13 2007-07-19 Fortinet, Inc. Computerized system and method for handling network traffic
US20070174841A1 (en) * 2006-01-26 2007-07-26 Exegy Incorporated & Washington University Firmware socket module for FPGA-based pipeline processing
US20070189175A1 (en) * 2006-02-14 2007-08-16 Finisar Corporation Capture timing and negotiation data with repeat counts in a networking diagnostic component
US20070189176A1 (en) * 2006-02-14 2007-08-16 Finisar Corporation Random data compression scheme in a network diagnostic component
US20070192469A1 (en) * 2006-02-14 2007-08-16 Finisar Corporation Align/notify compression scheme in a network diagnostic component
US20070206509A1 (en) * 2006-03-03 2007-09-06 Finisar Corporation Capture rcdt and sntt sas speed negotiation decodes in a network diagnostic component
US20070244891A1 (en) * 2006-04-18 2007-10-18 International Business Machines Corporation Method of obtaining data samples from a data stream and of estimating the sortedness of the data stream based on the samples
US20070294157A1 (en) * 2006-06-19 2007-12-20 Exegy Incorporated Method and System for High Speed Options Pricing
US20080002677A1 (en) * 2006-06-30 2008-01-03 Bugenhagen Michael K System and method for collecting network performance information
US20080002576A1 (en) * 2006-06-30 2008-01-03 Bugenhagen Michael K System and method for resetting counters counting network performance information at network communications devices on a packet network
US20080002716A1 (en) * 2006-06-30 2008-01-03 Wiley William L System and method for selecting network egress
US20080002670A1 (en) * 2006-06-30 2008-01-03 Bugenhagen Michael K System and method for adjusting code speed in a transmission path during call set-up due to reduced transmission performance
US20080049625A1 (en) * 2006-08-22 2008-02-28 Edwards Stephen K System and method for collecting and managing network performance information
US20080049787A1 (en) * 2006-08-22 2008-02-28 Mcnaughton James L System and method for controlling network bandwidth with a connection admission control engine
US20080049626A1 (en) * 2006-08-22 2008-02-28 Bugenhagen Michael K System and method for communicating network performance information over a packet network
US20080049631A1 (en) * 2006-08-22 2008-02-28 Morrill Robert J System and method for monitoring interlayer devices and optimizing network performance
US20080049649A1 (en) * 2006-08-22 2008-02-28 Kozisek Steven E System and method for selecting an access point
US20080049650A1 (en) * 2006-08-22 2008-02-28 Coppage Carl M System and method for managing radio frequency windows
US20080049630A1 (en) * 2006-08-22 2008-02-28 Kozisek Steven E System and method for monitoring and optimizing network performance to a wireless device
US20080052401A1 (en) * 2006-08-22 2008-02-28 Bugenhagen Michael K Pin-hole firewall for communicating data packets on a packet network
US20080049615A1 (en) * 2006-08-22 2008-02-28 Bugenhagen Michael K System and method for dynamically shaping network traffic
US20080052393A1 (en) * 2006-08-22 2008-02-28 Mcnaughton James L System and method for remotely controlling network operators
US20080049745A1 (en) * 2006-08-22 2008-02-28 Edwards Stephen K System and method for enabling reciprocal billing for different types of communications over a packet network
US20080049632A1 (en) * 2006-08-22 2008-02-28 Ray Amar N System and method for adjusting the window size of a TCP packet through remote network elements
US20080049746A1 (en) * 2006-08-22 2008-02-28 Morrill Robert J System and method for routing data on a packet network
US20080049640A1 (en) * 2006-08-22 2008-02-28 Heinz John M System and method for provisioning resources of a packet network based on collected network performance information
US20080049775A1 (en) * 2006-08-22 2008-02-28 Morrill Robert J System and method for monitoring and optimizing network performance with vector performance tables and engines
US20080049641A1 (en) * 2006-08-22 2008-02-28 Edwards Stephen K System and method for displaying a graph representative of network performance over a time period
US20080049777A1 (en) * 2006-08-22 2008-02-28 Morrill Robert J System and method for using distributed network performance information tables to manage network communications
US20080049638A1 (en) * 2006-08-22 2008-02-28 Ray Amar N System and method for monitoring and optimizing network performance with user datagram protocol network performance information packets
US20080049753A1 (en) * 2006-08-22 2008-02-28 Heinze John M System and method for load balancing network resources using a connection admission control engine
US20080049748A1 (en) * 2006-08-22 2008-02-28 Bugenhagen Michael K System and method for routing communications between packet networks based on intercarrier agreements
US20080049757A1 (en) * 2006-08-22 2008-02-28 Bugenhagen Michael K System and method for synchronizing counters on an asynchronous packet communications network
US20080095049A1 (en) * 2006-10-19 2008-04-24 Embarq Holdings Company, Llc System and method for establishing a communications session with an end-user based on the state of a network connection
US20080095173A1 (en) * 2006-10-19 2008-04-24 Embarq Holdings Company, Llc System and method for monitoring the connection of an end-user to a remote network
US20080114725A1 (en) * 2006-11-13 2008-05-15 Exegy Incorporated Method and System for High Performance Data Metatagging and Data Indexing Using Coprocessors
US20080168177A1 (en) * 2007-01-04 2008-07-10 Yahoo! Inc. Estimation of web client response time
US20080184276A1 (en) * 2006-12-04 2008-07-31 Sun Microsystems Communication method and apparatus using changing destination and return destination ID's
US20080189641A1 (en) * 2006-02-14 2008-08-07 Finisar Corporation Show oob and speed negotiation data graphically in a network diagnostic component
US20080232376A1 (en) * 2007-03-23 2008-09-25 Huawei Technologies Co., Ltd. Control method, system and function entity for reporting bearer event of signaling ip flow
EP1989826A2 (en) * 2006-02-14 2008-11-12 Finisar Corporation Diagnostic functions in an in-line device
US20090013301A1 (en) * 2006-09-11 2009-01-08 The Mathworks, Inc. Hardware definition language generation for frame-based processing
US20090119399A1 (en) * 2007-11-01 2009-05-07 Cavium Networks, Inc. Intelligent graph walking
US20090138494A1 (en) * 2007-11-27 2009-05-28 Cavium Networks, Inc. Deterministic finite automata (DFA) graph compression
US20090138440A1 (en) * 2007-11-27 2009-05-28 Rajan Goyal Method and apparatus for traversing a deterministic finite automata (DFA) graph compression
US20090161568A1 (en) * 2007-12-21 2009-06-25 Charles Kastner TCP data reassembly
US7562389B1 (en) 2004-07-30 2009-07-14 Cisco Technology, Inc. Method and system for network security
US20090204696A1 (en) * 2008-02-13 2009-08-13 Ming Zhang Service dependency discovery in enterprise networks
US7596621B1 (en) * 2002-10-17 2009-09-29 Astute Networks, Inc. System and method for managing shared state using multiple programmed processors
US20090257350A1 (en) * 2008-04-09 2009-10-15 Embarq Holdings Company, Llc System and method for using network performance information to determine improved measures of path states
US7657937B1 (en) * 2003-01-02 2010-02-02 Vmware, Inc. Method for customizing processing and response for intrusion prevention
US7660793B2 (en) 2006-11-13 2010-02-09 Exegy Incorporated Method and system for high performance integration, processing and searching of structured and unstructured data using coprocessors
US7680790B2 (en) 2000-04-07 2010-03-16 Washington University Method and apparatus for approximate matching of DNA sequences
US20100114973A1 (en) * 2008-10-31 2010-05-06 Cavium Networks, Inc. Deterministic Finite Automata Graph Traversal with Nodal Bit Mapping
US7716330B2 (en) 2001-10-19 2010-05-11 Global Velocity, Inc. System and method for controlling transmission of data packets over an information network
US20100208611A1 (en) * 2007-05-31 2010-08-19 Embarq Holdings Company, Llc System and method for modifying network traffic
US20100218124A1 (en) * 2009-02-20 2010-08-26 International Business Machines Corporation Logic for designing portlet views
US7797598B1 (en) * 2006-11-14 2010-09-14 Xilinx, Inc. Dynamic timer for testbench interface synchronization
US7814218B1 (en) * 2002-10-17 2010-10-12 Astute Networks, Inc. Multi-protocol and multi-format stateful processing
US20100306209A1 (en) * 2006-07-22 2010-12-02 Tien-Fu Chen Pattern matcher and its matching method
US7873048B1 (en) * 2005-12-02 2011-01-18 Marvell International Ltd. Flexible port rate limiting
US7917299B2 (en) 2005-03-03 2011-03-29 Washington University Method and apparatus for performing similarity searching on a data stream with respect to a query string
US7921046B2 (en) 2006-06-19 2011-04-05 Exegy Incorporated High speed processing of financial information using FPGA devices
US20110134930A1 (en) * 2009-12-09 2011-06-09 Mclaren Moray Packet-based networking system
US7970878B1 (en) * 2005-11-16 2011-06-28 Cisco Technology, Inc. Method and apparatus for limiting domain name server transaction bandwidth
US8000318B2 (en) 2006-06-30 2011-08-16 Embarq Holdings Company, Llc System and method for call routing based on transmission performance of a packet network
US20110235518A1 (en) * 2008-08-29 2011-09-29 Brocade Communications Systems, Inc. Source-based congestion detection and control
US20110246616A1 (en) * 2010-04-02 2011-10-06 Ronca David R Dynamic Virtual Chunking of Streaming Media Content
US8045457B1 (en) * 2006-06-29 2011-10-25 Symantec Corporation Dropping packets to prevent unauthorized data transfer through multimedia tunnels
US8069102B2 (en) 2002-05-21 2011-11-29 Washington University Method and apparatus for processing financial information at hardware speeds using FPGA devices
US8095508B2 (en) 2000-04-07 2012-01-10 Washington University Intelligent data storage and processing using FPGA devices
US8107366B2 (en) 2006-08-22 2012-01-31 Embarq Holdings Company, LP System and method for using centralized network performance tables to manage network communications
US20120047248A1 (en) * 2010-08-20 2012-02-23 Arbor Networks, Inc. Method and System for Monitoring Flows in Network Traffic
US8151278B1 (en) 2002-10-17 2012-04-03 Astute Networks, Inc. System and method for timer management in a stateful protocol processing system
US8189468B2 (en) 2006-10-25 2012-05-29 Embarq Holdings, Company, LLC System and method for regulating messages between networks
US8224371B1 (en) * 2009-12-21 2012-07-17 Sprint Spectrum L.P. Multimode power control
US20120218999A1 (en) * 2011-02-01 2012-08-30 Roke Manor Research Limited Method and Apparatus for Identifier Correlation
US8358580B2 (en) 2006-08-22 2013-01-22 Centurylink Intellectual Property Llc System and method for adjusting the window size of a TCP packet through network elements
US8374986B2 (en) 2008-05-15 2013-02-12 Exegy Incorporated Method and system for accelerated stream processing
US8379841B2 (en) 2006-03-23 2013-02-19 Exegy Incorporated Method and system for high throughput blockwise independent encryption/decryption
US8407765B2 (en) 2006-08-22 2013-03-26 Centurylink Intellectual Property Llc System and method for restricting access to network performance information tables
US8493847B1 (en) 2006-11-27 2013-07-23 Marvell International Ltd. Hierarchical port-based rate limiting
US8531954B2 (en) 2006-08-22 2013-09-10 Centurylink Intellectual Property Llc System and method for handling reservation requests with a connection admission control engine
US8537695B2 (en) 2006-08-22 2013-09-17 Centurylink Intellectual Property Llc System and method for establishing a call being received by a trunk on a packet network
US8549405B2 (en) 2006-08-22 2013-10-01 Centurylink Intellectual Property Llc System and method for displaying a graphical representation of a network to identify nodes and node segments on the network that are not operating normally
US8560475B2 (en) 2004-09-10 2013-10-15 Cavium, Inc. Content search mechanism that uses a deterministic finite automata (DFA) graph, a DFA state machine, and a walker process
US20130282911A1 (en) * 2012-04-18 2013-10-24 Qualcomm Incorporated Invasive socket manager
US8576722B2 (en) * 2006-08-22 2013-11-05 Centurylink Intellectual Property Llc System and method for modifying connectivity fault management packets
US20130308448A1 (en) * 2012-05-16 2013-11-21 The Keyw Corporation Packet capture deep packet inspection sensor
US8620881B2 (en) 2003-05-23 2013-12-31 Ip Reservoir, Llc Intelligent data storage and processing using FPGA devices
US8619600B2 (en) 2006-08-22 2013-12-31 Centurylink Intellectual Property Llc System and method for establishing calls over a call path having best path metrics
US20140053264A1 (en) * 2004-10-13 2014-02-20 Sonicwall, Inc. Method and apparatus to perform multiple packet payloads analysis
US20140059681A1 (en) * 2004-10-13 2014-02-27 Sonicwall, Inc. Method and an apparatus to perform multiple packet payloads analysis
US8694947B1 (en) 2009-12-09 2014-04-08 The Mathworks, Inc. Resource sharing workflows within executable graphical models
US8743703B2 (en) 2006-08-22 2014-06-03 Centurylink Intellectual Property Llc System and method for tracking application resource usage
US8750158B2 (en) 2006-08-22 2014-06-10 Centurylink Intellectual Property Llc System and method for differentiated billing
US8762249B2 (en) 2008-12-15 2014-06-24 Ip Reservoir, Llc Method and apparatus for high-speed processing of financial market depth data
US20140244554A1 (en) * 2013-02-22 2014-08-28 International Business Machines Corporation Non-deterministic finite state machine module for use in a regular expression matching system
US8879727B2 (en) 2007-08-31 2014-11-04 Ip Reservoir, Llc Method and apparatus for hardware-accelerated encryption/decryption
US20140351948A1 (en) * 2011-11-07 2014-11-27 Kabushiki Kaisya Advance Security box
US9047243B2 (en) 2011-12-14 2015-06-02 Ip Reservoir, Llc Method and apparatus for low latency data distribution
US9094257B2 (en) 2006-06-30 2015-07-28 Centurylink Intellectual Property Llc System and method for selecting a content delivery network
US20150312155A1 (en) * 2014-04-25 2015-10-29 Telefonaktiebolaget L M Ericsson (Publ) System and method for efectuating packet distribution among servers in a network
US9185692B2 (en) 2011-09-16 2015-11-10 Huawei Technologies Co., Ltd. Method and apparatus for retrieving transmit opportunity control in reverse direction grant
US9203771B1 (en) 2012-07-23 2015-12-01 F5 Networks, Inc. Hot service flow hardware offloads based on service priority and resource usage
US20160043915A1 (en) * 2013-07-16 2016-02-11 Bank Of America Corporation Detecting Trends in Electronic Communications for Steganography Analysis
WO2016044176A1 (en) * 2014-09-15 2016-03-24 Alibaba Group Holding Limited Data processing method and apparatus in service-oriented architecture system, and the service-oriented architecture system
US9338095B2 (en) 2012-05-01 2016-05-10 F5 Networks, Inc. Data flow segment optimized for hot flows
US9355000B1 (en) 2011-08-23 2016-05-31 The Mathworks, Inc. Model level power consumption optimization in hardware description generation
US9436441B1 (en) 2010-12-08 2016-09-06 The Mathworks, Inc. Systems and methods for hardware resource sharing
US9456030B2 (en) 2014-09-15 2016-09-27 Telefonaktiebolaget Lm Ericsson (Publ) Methods of operating load balancing switches and controllers using modified flow entries
US9479341B2 (en) 2006-08-22 2016-10-25 Centurylink Intellectual Property Llc System and method for initiating diagnostics on a packet network node
US9525632B1 (en) 2012-05-01 2016-12-20 F5 Networks, Inc. Minimize recycle SYN issues for split TCP hot flows to improve system reliability and performance
US9621642B2 (en) 2013-06-17 2017-04-11 Telefonaktiebolaget Lm Ericsson (Publ) Methods of forwarding data packets using transient tables and related load balancers
US9633093B2 (en) 2012-10-23 2017-04-25 Ip Reservoir, Llc Method and apparatus for accelerated format translation of data in a delimited data format
US9633097B2 (en) 2012-10-23 2017-04-25 Ip Reservoir, Llc Method and apparatus for record pivoting to accelerate processing of data fields
US9817931B1 (en) 2013-12-05 2017-11-14 The Mathworks, Inc. Systems and methods for generating optimized hardware descriptions for models
US20170346751A1 (en) * 2016-05-24 2017-11-30 International Business Machines Corporation Managing data traffic according to data stream analysis
US20180075165A1 (en) * 2009-06-26 2018-03-15 Micron Technology Inc. Methods and Devices for Saving and/or Restoring a State of a Pattern-Recognition Processor
US9990393B2 (en) 2012-03-27 2018-06-05 Ip Reservoir, Llc Intelligent feed switch
US10037568B2 (en) 2010-12-09 2018-07-31 Ip Reservoir, Llc Method and apparatus for managing orders in financial markets
US10078717B1 (en) 2013-12-05 2018-09-18 The Mathworks, Inc. Systems and methods for estimating performance characteristics of hardware implementations of executable models
US10121196B2 (en) 2012-03-27 2018-11-06 Ip Reservoir, Llc Offload processing of data packets containing financial market data
US10146845B2 (en) 2012-10-23 2018-12-04 Ip Reservoir, Llc Method and apparatus for accelerated format translation of data in a delimited data format
US10229453B2 (en) 2008-01-11 2019-03-12 Ip Reservoir, Llc Method and system for low latency basket calculation
US10271077B2 (en) 2017-07-03 2019-04-23 At&T Intellectual Property I, L.P. Synchronizing and dynamic chaining of a transport layer network service for live content broadcasting
US10419490B2 (en) 2013-07-16 2019-09-17 Fortinet, Inc. Scalable inline behavioral DDoS attack mitigation
US10423733B1 (en) 2015-12-03 2019-09-24 The Mathworks, Inc. Systems and methods for sharing resources having different data types
US10572824B2 (en) 2003-05-23 2020-02-25 Ip Reservoir, Llc System and method for low latency multi-functional pipeline with correlation logic and selectively activated/deactivated pipelined data processing engines
US10650452B2 (en) 2012-03-27 2020-05-12 Ip Reservoir, Llc Offload processing of data packets
US10673816B1 (en) * 2017-04-07 2020-06-02 Perspecta Labs Inc. Low delay network intrusion prevention
US10846624B2 (en) 2016-12-22 2020-11-24 Ip Reservoir, Llc Method and apparatus for hardware-accelerated machine learning
US10902013B2 (en) 2014-04-23 2021-01-26 Ip Reservoir, Llc Method and apparatus for accelerated record layout detection
US10942943B2 (en) 2015-10-29 2021-03-09 Ip Reservoir, Llc Dynamic field data translation to support high performance stream data processing
US11108840B2 (en) 2017-07-03 2021-08-31 At&T Intellectual Property I, L.P. Transport layer network service for live content broadcasting
US11115328B2 (en) * 2017-05-04 2021-09-07 Telefonaktiebolaget Lm Ericsson (Publ) Efficient troubleshooting in openflow switches
US11277383B2 (en) * 2015-11-17 2022-03-15 Zscaler, Inc. Cloud-based intrusion prevention system
US11316889B2 (en) 2015-12-21 2022-04-26 Fortinet, Inc. Two-stage hash based logic for application layer distributed denial of service (DDoS) attack attribution
US11436672B2 (en) 2012-03-27 2022-09-06 Exegy Incorporated Intelligent switch for processing financial market data
US11438254B2 (en) 2018-06-13 2022-09-06 Telefonaktiebolaget Lm Ericsson (Publ) Apparatus and method to trace packets in a packet processing pipeline of a software defined networking switch
US11444877B2 (en) * 2019-03-18 2022-09-13 At&T Intellectual Property I, L.P. Packet flow identification with reduced decode operations
US11451494B2 (en) * 2019-09-10 2022-09-20 Ciena Corporation Packet order recovery in a programmable edge switch in a data center network
US11522797B2 (en) 2017-08-30 2022-12-06 Telefonaktiebolaget Lm Ericsson (Publ) Method and system for tracing packets in software defined networks

Families Citing this family (29)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2004021626A2 (en) * 2002-08-30 2004-03-11 Broadcom Corporation System and method for handling out-of-order frames
US9432463B2 (en) * 2003-03-25 2016-08-30 Sandvine Incorporated Ulc System and method for diverting established communication sessions on the basis of content
CN1331320C (en) * 2003-12-27 2007-08-08 华为技术有限公司 A method for determining data packet checksum after data modification
IES20050376A2 (en) 2005-06-03 2006-08-09 Asavie R & D Ltd Secure network communication system and method
US20070022098A1 (en) * 2005-07-25 2007-01-25 Dale Malik Systems and methods for automatically updating annotations and marked content of an information search
US8209700B2 (en) * 2005-12-22 2012-06-26 International Business Machines Corporation System, method, and program product for providing local load balancing for high-availability servers
US7743090B1 (en) * 2006-02-08 2010-06-22 Federal Home Loan Mortgage Corporation (Freddie Mac) Systems and methods for infrastructure validation
US20070237146A1 (en) * 2006-03-31 2007-10-11 Ilija Hadzic Methods and apparatus for modeling and synthesizing packet processing pipelines
WO2008022036A2 (en) * 2006-08-10 2008-02-21 Washington University Method and apparatus for protein sequence alignment using fpga devices
WO2008063973A2 (en) * 2006-11-13 2008-05-29 Exegy Incorporated Method and system for high performance data metatagging and data indexing using coprocessors
CA2577030A1 (en) * 2007-01-31 2008-07-31 Unlimi-Tech Software Inc. Improved data transfer method, system and protocol
US8140701B2 (en) * 2009-03-06 2012-03-20 Microsoft Corporation Scalable dynamic content delivery and feedback system
US9600429B2 (en) 2010-12-09 2017-03-21 Solarflare Communications, Inc. Encapsulated accelerator
CN102546582A (en) * 2010-12-30 2012-07-04 中国科学院声学研究所 Method and system of improving transmission speed of embedded data transmission system
US9171079B2 (en) * 2011-01-28 2015-10-27 Cisco Technology, Inc. Searching sensor data
US9225793B2 (en) 2011-01-28 2015-12-29 Cisco Technology, Inc. Aggregating sensor data
US9275093B2 (en) * 2011-01-28 2016-03-01 Cisco Technology, Inc. Indexing sensor data
US8954599B2 (en) * 2011-10-28 2015-02-10 Hewlett-Packard Development Company, L.P. Data stream operations
US10505747B2 (en) 2012-10-16 2019-12-10 Solarflare Communications, Inc. Feed processing
WO2014094455A1 (en) * 2012-12-19 2014-06-26 北京奇虎科技有限公司 Fault data processing device and method
CN103036992B (en) * 2012-12-19 2015-10-07 北京奇虎科技有限公司 A kind of data download method and device
US9391903B2 (en) * 2013-07-15 2016-07-12 Calix, Inc. Methods and apparatuses for distributed packet flow control
US9680760B2 (en) * 2013-07-16 2017-06-13 Cisco Technology, Inc. Adaptive marking for WRED with intra-flow packet priorities in network queues
US9319293B2 (en) 2013-07-31 2016-04-19 Calix, Inc. Methods and apparatuses for network flow analysis and control
US9240938B2 (en) 2013-09-23 2016-01-19 Calix, Inc. Distributed system and method for flow identification in an access network
CN104008024A (en) * 2014-06-12 2014-08-27 北京航空航天大学 Dynamic reconstruction technology application platform based on FPGA
US9503353B1 (en) * 2014-12-30 2016-11-22 Emc Corporation Dynamic cross protocol tuner
US9888095B2 (en) 2015-06-26 2018-02-06 Microsoft Technology Licensing, Llc Lightweight transport protocol
US10841277B2 (en) * 2017-08-14 2020-11-17 Ut-Battelle, Llc One step removed shadow network

Citations (97)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4314356A (en) * 1979-10-24 1982-02-02 Bunker Ramo Corporation High-speed term searcher
US5101424A (en) * 1990-09-28 1992-03-31 Northern Telecom Limited Method for generating a monitor program for monitoring text streams and executing actions when pre-defined patterns, are matched using an English to AWK language translator
US5179626A (en) * 1988-04-08 1993-01-12 At&T Bell Laboratories Harmonic speech coding arrangement where a set of parameters for a continuous magnitude spectrum is determined by a speech analyzer and the parameters are used by a synthesizer to determine a spectrum which is used to determine senusoids for synthesis
US5239298A (en) * 1992-04-17 1993-08-24 Bell Communications Research, Inc. Data compression
US5388259A (en) * 1992-05-15 1995-02-07 Bell Communications Research, Inc. System for accessing a database with an iterated fuzzy query notified by retrieval response
US5396253A (en) * 1990-07-25 1995-03-07 British Telecommunications Plc Speed estimation
US5481735A (en) * 1992-12-28 1996-01-02 Apple Computer, Inc. Method for modifying packets that meet a particular criteria as the packets pass between two layers in a network
US5487151A (en) * 1991-04-15 1996-01-23 Hochiki Kabushiki Kaisha Transmission error detection system for use in a disaster prevention monitoring system
US5488725A (en) * 1991-10-08 1996-01-30 West Publishing Company System of document representation retrieval by successive iterated probability sampling
US5497488A (en) * 1990-06-12 1996-03-05 Hitachi, Ltd. System for parallel string search with a function-directed parallel collation of a first partition of each string followed by matching of second partitions
US5596569A (en) * 1994-03-08 1997-01-21 Excel, Inc. Telecommunications switch with improved redundancy
US5710757A (en) * 1995-03-27 1998-01-20 Hewlett Packard Company Electronic device for processing multiple rate wireless information
US5712942A (en) * 1996-05-13 1998-01-27 Lucent Technologies Inc. Optical communications system having distributed intelligence
US5721898A (en) * 1992-09-02 1998-02-24 International Business Machines Corporation Method and system for data search in a data processing system
US5832212A (en) * 1996-04-19 1998-11-03 International Business Machines Corporation Censoring browser method and apparatus for internet viewing
US5864738A (en) * 1996-03-13 1999-01-26 Cray Research, Inc. Massively parallel processing system using two data paths: one connecting router circuit to the interconnect network and the other connecting router circuit to I/O controller
US5870730A (en) * 1994-07-11 1999-02-09 Hitachi, Ltd Decision making method
US5884286A (en) * 1994-07-29 1999-03-16 Daughtery, Iii; Vergil L. Apparatus and process for executing an expirationless option transaction
US6023760A (en) * 1996-06-22 2000-02-08 Xerox Corporation Modifying an input string partitioned in accordance with directionality and length constraints
US6025755A (en) * 1997-12-12 2000-02-15 The Aerospace Corporation Method of stabilizing electromagnetic field strength in an atomic system
US6028939A (en) * 1997-01-03 2000-02-22 Redcreek Communications, Inc. Data security system and method
US6044407A (en) * 1992-11-13 2000-03-28 British Telecommunications Public Limited Company Interface for translating an information message from one protocol to another
US6169969B1 (en) * 1998-08-07 2001-01-02 The United States Of America As Represented By The Director Of The National Security Agency Device and method for full-text large-dictionary string matching using n-gram hashing
US6173276B1 (en) * 1997-08-21 2001-01-09 Scicomp, Inc. System and method for financial instrument modeling and valuation
US6175874B1 (en) * 1997-07-03 2001-01-16 Fujitsu Limited Packet relay control method packet relay device and program memory medium
US6178494B1 (en) * 1996-09-23 2001-01-23 Virtual Computer Corporation Modular, hybrid processor and method for producing a modular, hybrid processor
US6205148B1 (en) * 1996-11-26 2001-03-20 Fujitsu Limited Apparatus and a method for selecting an access router's protocol of a plurality of the protocols for transferring a packet in a communication system
US6336150B1 (en) * 1998-10-30 2002-01-01 Lsi Logic Corporation Apparatus and method for enhancing data transfer rates using transfer control blocks
US6339819B1 (en) * 1997-12-17 2002-01-15 Src Computers, Inc. Multiprocessor with each processor element accessing operands in loaded input buffer and forwarding results to FIFO output buffer
US20020010825A1 (en) * 2000-07-20 2002-01-24 Alex Wilson Memory resource arbitrator for multiple gate arrays
US6343324B1 (en) * 1999-09-13 2002-01-29 International Business Machines Corporation Method and system for controlling access share storage devices in a network environment by configuring host-to-volume mapping data structures in the controller memory for granting and denying access to the devices
US20020031125A1 (en) * 1999-12-28 2002-03-14 Jun Sato Packet transfer communication apparatus, packet transfer communication method, and storage medium
US6363384B1 (en) * 1999-06-29 2002-03-26 Wandel & Goltermann Technologies, Inc. Expert system process flow
US20030002502A1 (en) * 1998-05-01 2003-01-02 Gibson William A. System for recovering lost information in a data stream by means of parity packets
US20030009693A1 (en) * 2001-07-09 2003-01-09 International Business Machines Corporation Dynamic intrusion detection for computer systems
US20030014662A1 (en) * 2001-06-13 2003-01-16 Gupta Ramesh M. Protocol-parsing state machine and method of using same
US20030014521A1 (en) * 2001-06-28 2003-01-16 Jeremy Elson Open platform architecture for shared resource access management
US20030018630A1 (en) * 2000-04-07 2003-01-23 Indeck Ronald S. Associative database scanning and information retrieval using FPGA devices
US20030023876A1 (en) * 2001-07-27 2003-01-30 International Business Machines Corporation Correlating network information and intrusion information to find the entry point of an attack upon a protected computer
US20030023653A1 (en) * 2001-01-29 2003-01-30 Andrew Dunlop System, method and article of manufacture for a single-cycle floating point library
US20030028408A1 (en) * 2001-02-23 2003-02-06 Rudusky Daryl System, method and article of manufacture for a contractor-based hardware development service
US20030028864A1 (en) * 2001-01-29 2003-02-06 Matt Bowen System, method and article of manufacture for successive compilations using incomplete parameters
US20030028690A1 (en) * 2000-07-20 2003-02-06 John Appleby-Alis System, method and article of manufacture for a reconfigurable hardware-based multimedia device
US20030033588A1 (en) * 2001-01-29 2003-02-13 John Alexander System, method and article of manufacture for using a library map to create and maintain IP cores effectively
US20030033594A1 (en) * 2001-01-29 2003-02-13 Matt Bowen System, method and article of manufacture for parameterized expression libraries
US20030033240A1 (en) * 2001-06-11 2003-02-13 Opt4 Derivatives, Inc. Integrated electronic exchange of structured contracts with dynamic risk-based transaction permissioning
US20030033234A1 (en) * 2001-02-23 2003-02-13 Rudusky Daryl System, method and article of manufacture for a hardware configuration service
US20030035547A1 (en) * 2001-03-27 2003-02-20 John Newton Server with multiple encryption libraries
US20030037321A1 (en) * 2001-01-29 2003-02-20 Matt Bowen System, method and article of manufacture for extensions in a programming lanauage capable of programming hardware architectures
US20030037037A1 (en) * 2001-08-17 2003-02-20 Ec Outlook, Inc. Method of storing, maintaining and distributing computer intelligible electronic data
US20030039355A1 (en) * 2001-05-11 2003-02-27 Mccanny John Vincent Computer useable product for generating data encryption/decryption apparatus
US20030043805A1 (en) * 2001-08-30 2003-03-06 International Business Machines Corporation IP datagram over multiple queue pairs
US20030046668A1 (en) * 2001-01-29 2003-03-06 Matt Bowen System, method and article of manufacture for distributing IP cores
US20030051043A1 (en) * 2001-09-12 2003-03-13 Raqia Networks Inc. High speed data stream pattern recognition
US6535868B1 (en) * 1998-08-27 2003-03-18 Debra A. Galeazzi Method and apparatus for managing metadata in a database management system
US20030055771A1 (en) * 2001-02-23 2003-03-20 Rudusky Daryl System, method and article of manufacture for a reverse-auction-based system for hardware development
US20030055770A1 (en) * 2001-02-23 2003-03-20 Rudusky Daryl System, method and article of manufacture for an auction-based system for hardware development
US20030055769A1 (en) * 2001-02-23 2003-03-20 Rudusky Daryl System, method and article of manufacture for a library-based hardware configuration service
US20030055658A1 (en) * 2001-02-23 2003-03-20 Rudusky Daryl System, method and article of manufacture for dynamic, automated fulfillment of an order for a hardware product
US20030055777A1 (en) * 1992-06-10 2003-03-20 Ginsberg Philip M. Fixed income portfolio index processor
US20030061409A1 (en) * 2001-02-23 2003-03-27 Rudusky Daryl System, method and article of manufacture for dynamic, automated product fulfillment for configuring a remotely located device
US6601061B1 (en) * 1999-06-18 2003-07-29 Surfwax, Inc. Scalable information search and retrieval including use of special purpose searching resources
US20040019703A1 (en) * 1997-12-17 2004-01-29 Src Computers, Inc. Switch/network adapter port incorporating shared memory resources selectively accessible by a direct execution logic element and one or more dense logic devices
US6691301B2 (en) * 2001-01-29 2004-02-10 Celoxica Ltd. System, method and article of manufacture for signal constructs in a programming language capable of programming hardware architectures
US20040028047A1 (en) * 2002-05-22 2004-02-12 Sean Hou Switch for local area network
US20040034587A1 (en) * 2002-08-19 2004-02-19 Amberson Matthew Gilbert System and method for calculating intra-period volatility
US6704816B1 (en) * 1999-07-26 2004-03-09 Sun Microsystems, Inc. Method and apparatus for executing standard functions in a computer system using a field programmable gate array
US20040054924A1 (en) * 2002-09-03 2004-03-18 Chuah Mooi Choo Methods and devices for providing distributed, adaptive IP filtering against distributed denial of service attacks
US6711558B1 (en) * 2000-04-07 2004-03-23 Washington University Associative database scanning and information retrieval
US6847645B1 (en) * 2001-02-22 2005-01-25 Cisco Technology, Inc. Method and apparatus for controlling packet header buffer wrap around in a forwarding engine of an intermediate network node
US6850906B1 (en) * 1999-12-15 2005-02-01 Traderbot, Inc. Real-time financial search engine and method
US20050033672A1 (en) * 2003-07-22 2005-02-10 Credit-Agricole Indosuez System, method, and computer program product for managing financial risk when issuing tender options
US6870837B2 (en) * 1999-08-19 2005-03-22 Nokia Corporation Circuit emulation service over an internet protocol network
US6870929B1 (en) * 1999-12-22 2005-03-22 Juniper Networks, Inc. High throughput system for encryption and other data operations
US6910078B1 (en) * 2001-11-15 2005-06-21 Cisco Technology, Inc. Methods and apparatus for controlling the transmission of stream data
US20060020715A1 (en) * 2000-06-23 2006-01-26 Cloudshield Technologies, Inc. System and method for processing packets according to user specified rules governed by a syntax
US20060020536A1 (en) * 2004-07-21 2006-01-26 Espeed, Inc. System and method for managing trading orders received from market makers
US20060031156A1 (en) * 2004-08-04 2006-02-09 Noviello Joseph C System and method for managing trading using alert messages for outlying trading orders
US20060031154A1 (en) * 2004-08-04 2006-02-09 Noviello Joseph C System and method for managing trading using alert messages for outlying trading orders
US20060059064A1 (en) * 2004-09-10 2006-03-16 Chicago Mercantile Exchange, Inc. System and method for efficiently using collateral for risk offset
US20060059065A1 (en) * 2004-09-10 2006-03-16 Chicago Mercantile Exchange, Inc. System and method for displaying a combined trading and risk management GUI display
US20060059083A1 (en) * 1999-04-09 2006-03-16 Trading Technologies International, Inc. User interface for semi-fungible trading
US20060059069A1 (en) * 2004-09-10 2006-03-16 Chicago Mercantile Exchange, Inc. System and method for hybrid spreading for flexible spread participation
US20060059067A1 (en) * 2004-09-10 2006-03-16 Chicago Mercantile Exchange, Inc. System and method of margining fixed payoff products
US20060059099A1 (en) * 2004-04-14 2006-03-16 Digital River, Inc. Software wrapper having use limitation within a geographic boundary
US20060059066A1 (en) * 2004-09-10 2006-03-16 Chicago Mercantile Exchange, Inc. System and method for asymmetric offsets in a risk management system
US20060059068A1 (en) * 2004-09-10 2006-03-16 Chicago Mercantile Exchange, Inc. System and method for hybrid spreading for risk management
US20060059213A1 (en) * 2002-12-18 2006-03-16 Koninklijke Philips Electronics N.V. Dedicated encrypted virtual channel in a multi-channel serial communications interface
US7167980B2 (en) * 2002-05-30 2007-01-23 Intel Corporation Data comparison process
US7181608B2 (en) * 2000-02-03 2007-02-20 Realtime Data Llc Systems and methods for accelerated loading of operating systems and application programs
US7181765B2 (en) * 2001-10-12 2007-02-20 Motorola, Inc. Method and apparatus for providing node security in a router of a packet network
US7185081B1 (en) * 1999-04-30 2007-02-27 Pmc-Sierra, Inc. Method and apparatus for programmable lexical packet classifier
US20080037420A1 (en) * 2003-10-08 2008-02-14 Bob Tang Immediate ready implementation of virtually congestion free guaranteed service capable network: external internet nextgentcp (square waveform) TCP friendly san
US7478431B1 (en) * 2002-08-02 2009-01-13 Symantec Corporation Heuristic detection of computer viruses
US20090019538A1 (en) * 2002-06-11 2009-01-15 Pandya Ashish A Distributed network security system and a hardware processor therefor
US7480253B1 (en) * 2002-05-30 2009-01-20 Nortel Networks Limited Ascertaining the availability of communications between devices
US20120016998A1 (en) * 2006-10-10 2012-01-19 Cisco Technology, Inc. Refreshing a Session Initiation Protocol (SIP) Session

Family Cites Families (214)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US3601808A (en) 1968-07-18 1971-08-24 Bell Telephone Labor Inc Advanced keyword associative access memory system
US3611314A (en) 1969-09-09 1971-10-05 Texas Instruments Inc Dynamic associative data processing system
US3824375A (en) 1970-08-28 1974-07-16 Financial Security Syst Inc Memory system
US3729712A (en) 1971-02-26 1973-04-24 Eastman Kodak Co Information storage and retrieval system
US3848235A (en) 1973-10-24 1974-11-12 Ibm Scan and read control apparatus for a disk storage drive in a computer system
US3906455A (en) 1974-03-15 1975-09-16 Boeing Computer Services Inc Associative memory device
CA1056504A (en) 1975-04-02 1979-06-12 Visvaldis A. Vitols Keyword detection in continuous speech using continuous asynchronous correlation
US4298898A (en) 1979-04-19 1981-11-03 Compagnie Internationale Pour L'informatique Cii Honeywell Bull Method of and apparatus for reading data from reference zones of a memory
FR2481026B1 (en) 1980-04-21 1984-06-15 France Etat
US4464718A (en) 1982-07-30 1984-08-07 International Business Machines Corporation Associative file processing method and apparatus
US4550436A (en) 1983-07-26 1985-10-29 At&T Bell Laboratories Parallel text matching methods and apparatus
US5270922A (en) 1984-06-29 1993-12-14 Merrill Lynch & Company, Inc. System for distributing, processing and displaying financial information
US4941178A (en) 1986-04-01 1990-07-10 Gte Laboratories Incorporated Speech recognition using preclassification and spectral normalization
KR910002325B1 (en) * 1987-01-12 1991-04-11 후지쓰 가부시기가이샤 Data transferring buffer circuits for data exchange
US4823306A (en) 1987-08-14 1989-04-18 International Business Machines Corporation Text search system
US5023910A (en) 1988-04-08 1991-06-11 At&T Bell Laboratories Vector quantization in a harmonic speech coding arrangement
US5050075A (en) 1988-10-04 1991-09-17 Bell Communications Research, Inc. High performance VLSI data filter
US5249292A (en) 1989-03-31 1993-09-28 Chiappa J Noel Data packet switch using a primary processing unit to designate one of a plurality of data stream control circuits to selectively handle the header processing of incoming packets in one data packet stream
US5077665A (en) 1989-05-25 1991-12-31 Reuters Limited Distributed matching system
JPH0314075A (en) 1989-06-13 1991-01-22 Ricoh Co Ltd Document retrieval device
AU620994B2 (en) 1989-07-12 1992-02-27 Digital Equipment Corporation Compressed prefix matching database searching
US5126936A (en) 1989-09-01 1992-06-30 Champion Securities Goal-directed financial asset management system
US5163131A (en) 1989-09-08 1992-11-10 Auspex Systems, Inc. Parallel i/o network file server architecture
EP0565738A1 (en) 1990-01-05 1993-10-20 Symbol Technologies, Inc. System for encoding and decoding data in machine readable graphic form
US5347634A (en) 1990-03-15 1994-09-13 Hewlett-Packard Company System and method for directly executing user DMA instruction from user controlled process by employing processor privileged work buffer pointers
US5319776A (en) 1990-04-19 1994-06-07 Hilgraeve Corporation In transit detection of computer virus with safeguard
US5255136A (en) 1990-08-17 1993-10-19 Quantum Corporation High capacity submicro-winchester fixed disk drive
GB9023096D0 (en) 1990-10-24 1990-12-05 Int Computers Ltd Database search processor
US5339411A (en) 1990-12-21 1994-08-16 Pitney Bowes Inc. Method for managing allocation of memory space
US5404411A (en) 1990-12-27 1995-04-04 Xerox Corporation Bitmap-image pattern matching apparatus for correcting bitmap errors in a printing system
US5421028A (en) 1991-03-15 1995-05-30 Hewlett-Packard Company Processing commands and data in a common pipeline path in a high-speed computer graphics system
EP0510634B1 (en) 1991-04-25 1999-07-07 Nippon Steel Corporation Data base retrieval system
JP2641999B2 (en) 1991-05-10 1997-08-20 日本電気株式会社 Data format detection circuit
US5477451A (en) 1991-07-25 1995-12-19 International Business Machines Corp. Method and system for natural language translation
US5265065A (en) 1991-10-08 1993-11-23 West Publishing Company Method and apparatus for information retrieval from a database by replacing domain specific stemmed phases in a natural language to create a search query
US5826075A (en) 1991-10-16 1998-10-20 International Business Machines Corporation Automated programmable fireware store for a personal computer system
WO1993018505A1 (en) 1992-03-02 1993-09-16 The Walt Disney Company Voice transformation system
US5524268A (en) 1992-06-26 1996-06-04 Cirrus Logic, Inc. Flexible processor-driven control of SCSI buses utilizing tags appended to data bytes to determine SCSI-protocol phases
GB9220404D0 (en) 1992-08-20 1992-11-11 Nat Security Agency Method of identifying,retrieving and sorting documents
US5504926A (en) 1992-09-24 1996-04-02 Unisys Corporation Method for a host central processor and its associated controller to capture the selected one of a number of memory units via path control commands
JP2575595B2 (en) 1992-10-20 1997-01-29 インターナショナル・ビジネス・マシーンズ・コーポレイション Image frame compression method and data processing system
US5440723A (en) 1993-01-19 1995-08-08 International Business Machines Corporation Automatic immune system for computers and computer networks
US5432822A (en) 1993-03-12 1995-07-11 Hughes Aircraft Company Error correcting decoder and decoding method employing reliability based erasure decision-making in cellular communication system
US5546462A (en) 1993-04-09 1996-08-13 Washington University Method and apparatus for fingerprinting and authenticating various magnetic media
US5544352A (en) 1993-06-14 1996-08-06 Libertech, Inc. Method and apparatus for indexing, searching and displaying data
US6456982B1 (en) 1993-07-01 2002-09-24 Dragana N. Pilipovic Computer system for generating projected data and an application supporting a financial transaction
EP0651321B1 (en) 1993-10-29 2001-11-14 Advanced Micro Devices, Inc. Superscalar microprocessors
US5371794A (en) 1993-11-02 1994-12-06 Sun Microsystems, Inc. Method and apparatus for privacy and authentication in wireless networks
US5813000A (en) 1994-02-15 1998-09-22 Sun Micro Systems B tree structure and method
US5465353A (en) 1994-04-01 1995-11-07 Ricoh Company, Ltd. Image matching and retrieval by multi-access redundant hashing
US5461712A (en) 1994-04-18 1995-10-24 International Business Machines Corporation Quadrant-based two-dimensional memory manager
US5987432A (en) 1994-06-29 1999-11-16 Reuters, Ltd. Fault-tolerant central ticker plant system for distributing financial market data
US5623652A (en) 1994-07-25 1997-04-22 Apple Computer, Inc. Method and apparatus for searching for information in a network and for controlling the display of searchable information on display devices in the network
US6263321B1 (en) 1994-07-29 2001-07-17 Economic Inventions, Llc Apparatus and process for calculating an option
JP2964879B2 (en) 1994-08-22 1999-10-18 日本電気株式会社 Post filter
US5629980A (en) 1994-11-23 1997-05-13 Xerox Corporation System for controlling the distribution and use of digital works
SE505156C2 (en) 1995-01-30 1997-07-07 Ericsson Telefon Ab L M Procedure for noise suppression by spectral subtraction
US5819290A (en) 1995-04-10 1998-10-06 Sony Corporation Data recording and management system and method for detecting data file division based on quantitative number of blocks
US5687297A (en) 1995-06-29 1997-11-11 Xerox Corporation Multifunctional apparatus for appearance tuning and resolution reconstruction of digital images
US5886701A (en) 1995-08-04 1999-03-23 Microsoft Corporation Graphics rendering device and method for operating same
US5943421A (en) 1995-09-11 1999-08-24 Norand Corporation Processor having compression and encryption circuitry
JPH0981574A (en) 1995-09-14 1997-03-28 Fujitsu Ltd Method and system for data base retrieval using retrieval set display picture
US5701464A (en) 1995-09-15 1997-12-23 Intel Corporation Parameterized bloom filters
US6134551A (en) 1995-09-15 2000-10-17 Intel Corporation Method of caching digital certificate revocation lists
US5774839A (en) 1995-09-29 1998-06-30 Rockwell International Corporation Delayed decision switched prediction multi-stage LSF vector quantization
AUPN743096A0 (en) 1996-01-05 1996-02-01 Canon Kabushiki Kaisha Force field halftoning
US20050267836A1 (en) 1996-03-25 2005-12-01 Cfph, Llc Method and system for transacting with a trading application
US5761431A (en) 1996-04-12 1998-06-02 Peak Audio, Inc. Order persistent timer for controlling events at multiple processing stations
US5781921A (en) 1996-05-06 1998-07-14 Ohmeda Inc. Method and apparatus to effect firmware upgrades using a removable memory device under software control
US6147976A (en) 1996-06-24 2000-11-14 Cabletron Systems, Inc. Fast network layer packet filter
US5995963A (en) 1996-06-27 1999-11-30 Fujitsu Limited Apparatus and method of multi-string matching based on sparse state transition list
US5974414A (en) 1996-07-03 1999-10-26 Open Port Technology, Inc. System and method for automated received message handling and distribution
US6061662A (en) 1997-08-15 2000-05-09 Options Technology Company, Inc. Simulation method and system for the valuation of derivative financial instruments
US5991881A (en) 1996-11-08 1999-11-23 Harris Corporation Network surveillance system
JP3231673B2 (en) 1996-11-21 2001-11-26 シャープ株式会社 Character and character string search method and recording medium used in the method
DE19651075A1 (en) 1996-12-09 1998-06-10 Pact Inf Tech Gmbh Unit for processing numerical and logical operations, for use in processors (CPU's), multi-computer systems, data flow processors (DFP's), digital signal processors (DSP's) or the like
US6108782A (en) 1996-12-13 2000-08-22 3Com Corporation Distributed remote monitoring (dRMON) for networks
US6073160A (en) 1996-12-18 2000-06-06 Xerox Corporation Document communications controller
US5911778A (en) 1996-12-31 1999-06-15 Sun Microsystems, Inc. Processing system security
US6233684B1 (en) 1997-02-28 2001-05-15 Contenaguard Holdings, Inc. System for controlling the distribution and use of rendered digital works through watermaking
US6070172A (en) 1997-03-06 2000-05-30 Oracle Corporation On-line free space defragmentation of a contiguous-file file system
US5930753A (en) 1997-03-20 1999-07-27 At&T Corp Combining frequency warping and spectral shaping in HMM based speech recognition
US6115751A (en) 1997-04-10 2000-09-05 Cisco Technology, Inc. Technique for capturing information needed to implement transmission priority routing among heterogeneous nodes of a computer network
JPH10326287A (en) 1997-05-23 1998-12-08 Mitsubishi Corp System and device for digital content management
DE19722424C5 (en) 1997-05-28 2006-09-14 Telefonaktiebolaget Lm Ericsson (Publ) Method of securing access to a remote system
US6236727B1 (en) 1997-06-24 2001-05-22 International Business Machines Corporation Apparatus, method and computer program product for protecting copyright data within a computer system
US6067569A (en) 1997-07-10 2000-05-23 Microsoft Corporation Fast-forwarding and filtering of network packets in a computer system
US6317795B1 (en) 1997-07-22 2001-11-13 International Business Machines Corporation Dynamic modification of multimedia content
US6609196B1 (en) 1997-07-24 2003-08-19 Tumbleweed Communications Corp. E-mail firewall with stored key encryption/decryption
US6772136B2 (en) 1997-08-21 2004-08-03 Elaine Kant System and method for financial instrument modeling and using Monte Carlo simulation
JPH11110320A (en) 1997-10-03 1999-04-23 Matsushita Electric Ind Co Ltd Message exchange device
GB2330682A (en) 1997-10-22 1999-04-28 Calluna Tech Ltd Password access to an encrypted drive
US6442533B1 (en) 1997-10-29 2002-08-27 William H. Hinkle Multi-processing financial transaction processing system
US6112181A (en) 1997-11-06 2000-08-29 Intertrust Technologies Corporation Systems and methods for matching, selecting, narrowcasting, and/or classifying based on rights management and/or other information
US6138176A (en) 1997-11-14 2000-10-24 3Ware Disk array controller with automated processor which routes I/O data according to addresses and commands received from disk drive controllers
WO1999027684A1 (en) 1997-11-25 1999-06-03 Packeteer, Inc. Method for automatically classifying traffic in a packet communications network
US6058391A (en) 1997-12-17 2000-05-02 Mci Communications Corporation Enhanced user view/update capability for managing data from relational tables
US6216173B1 (en) 1998-02-03 2001-04-10 Redbox Technologies Limited Method and apparatus for content processing and routing
US5987610A (en) 1998-02-12 1999-11-16 Ameritech Corporation Computer virus screening methods and systems
KR100441171B1 (en) 1998-02-20 2004-10-14 삼성전자주식회사 Firmware composing method using flash rom and ram
US6279113B1 (en) 1998-03-16 2001-08-21 Internet Tools, Inc. Dynamic signature inspection-based network intrusion detection
US6233618B1 (en) 1998-03-31 2001-05-15 Content Advisor, Inc. Access control of networked data
US6389532B1 (en) 1998-04-20 2002-05-14 Sun Microsystems, Inc. Method and apparatus for using digital signatures to filter packets in a network
US6397259B1 (en) 1998-05-29 2002-05-28 Palm, Inc. Method, system and apparatus for packet minimized communications
US6105067A (en) 1998-06-05 2000-08-15 International Business Machines Corp. Connection pool management for backend servers using common interface
US6289461B1 (en) 1998-06-09 2001-09-11 Placeware, Inc. Bi-directional process-to-process byte stream protocol
US6456632B1 (en) 1998-08-27 2002-09-24 Robert T. Baum Protocol separation in packet communication
GB9819183D0 (en) 1998-09-04 1998-10-28 Int Computers Ltd Multiple string search method
US6219786B1 (en) 1998-09-09 2001-04-17 Surfcontrol, Inc. Method and system for monitoring and controlling network access
US6628652B1 (en) * 1998-09-18 2003-09-30 Lucent Technologies Inc. Flexible telecommunications switching network
US6226676B1 (en) 1998-10-07 2001-05-01 Nortel Networks Corporation Connection establishment and termination in a mixed protocol network
EP1145541B1 (en) 1998-11-24 2012-11-21 Niksun, Inc. Apparatus and method for collecting and analyzing communications data
US6564263B1 (en) 1998-12-04 2003-05-13 International Business Machines Corporation Multimedia content description framework
US6499107B1 (en) 1998-12-29 2002-12-24 Cisco Technology, Inc. Method and system for adaptive network security using intelligent packet analysis
US6578147B1 (en) 1999-01-15 2003-06-10 Cisco Technology, Inc. Parallel intrusion detection sensors with load balancing for high speed networks
US6934255B1 (en) * 1999-02-02 2005-08-23 Packeteer, Inc. Internet over satellite apparatus
US6778968B1 (en) 1999-03-17 2004-08-17 Vialogy Corp. Method and system for facilitating opportunistic transactions using auto-probes
US6336117B1 (en) 1999-04-30 2002-01-01 International Business Machines Corporation Content-indexing search system and method providing search results consistent with content filtering and blocking policies implemented in a blocking engine
US6775290B1 (en) 1999-05-24 2004-08-10 Advanced Micro Devices, Inc. Multiport network switch supporting multiple VLANs per port
US6765918B1 (en) 1999-06-16 2004-07-20 Teledata Networks, Ltd. Client/server based architecture for a telecommunications network
JP2001014239A (en) 1999-06-29 2001-01-19 Hitachi Ltd Security system by multiplex system parallel operated computers
US6463474B1 (en) 1999-07-02 2002-10-08 Cisco Technology, Inc. Local authentication of a client at a network device
US7002986B1 (en) 1999-07-08 2006-02-21 Nortel Networks Limited Mapping arbitrary signals into SONET
US6418419B1 (en) 1999-07-23 2002-07-09 5Th Market, Inc. Automated system for conditional order transactions in securities or other items in commerce
WO2001022425A1 (en) 1999-09-20 2001-03-29 Seagate Technology Llc Field programmable gate array hard disk system
US6546375B1 (en) 1999-09-21 2003-04-08 Johns Hopkins University Apparatus and method of pricing financial derivatives
US7181424B1 (en) 1999-09-23 2007-02-20 The Nasdaq Stock Market, Inc. Montage for automated market system
US7251629B1 (en) 1999-10-14 2007-07-31 Edge Capture, Llc Automated trading system in an electronic trading exchange
US6886103B1 (en) 1999-10-28 2005-04-26 Lucent Technologies Inc. Method and apparatus for extending network address translation for unsupported protocols
US6643717B1 (en) 1999-11-10 2003-11-04 Digi International Inc. Flow control
KR100417758B1 (en) * 1999-11-16 2004-02-11 김창선 propeller apparatus
US6804667B1 (en) 1999-11-30 2004-10-12 Ncr Corporation Filter for checking for duplicate entries in database
US7356498B2 (en) 1999-12-30 2008-04-08 Chicago Board Options Exchange, Incorporated Automated trading exchange system having integrated quote risk monitoring and integrated quote modification services
JP3448254B2 (en) 2000-02-02 2003-09-22 インターナショナル・ビジネス・マシーンズ・コーポレーション Access chain tracking system, network system, method, and recording medium
US6877044B2 (en) 2000-02-10 2005-04-05 Vicom Systems, Inc. Distributed storage management platform architecture
WO2001061913A2 (en) 2000-02-18 2001-08-23 Verimatrix, Inc. Network-based content distribution system
US20030093347A1 (en) 2000-03-15 2003-05-15 Gray Dale F. Managing risk using macro-financial risk analysis
US7103569B1 (en) 2000-03-24 2006-09-05 Groveman Lloyd A Active account management using volatility arbitrage
US7363277B1 (en) 2000-03-27 2008-04-22 International Business Machines Corporation Detecting copyright violation via streamed extraction and signature analysis in a method, system and program
US7353267B1 (en) 2000-04-07 2008-04-01 Netzero, Inc. Targeted network video download interface
US8095508B2 (en) 2000-04-07 2012-01-10 Washington University Intelligent data storage and processing using FPGA devices
AU2001255394B2 (en) 2000-04-13 2006-04-13 Superderivatives, Inc. Method and system for pricing options
WO2001080558A2 (en) 2000-04-14 2001-10-25 Solidstreaming, Inc. A system and method for multimedia streaming
US6981054B1 (en) 2000-06-06 2005-12-27 Advanced Micro Devices, Inc. Flow control arrangement in a network switch based on priority traffic
US6381242B1 (en) 2000-08-29 2002-04-30 Netrake Corporation Content processor
US20020069370A1 (en) 2000-08-31 2002-06-06 Infoseer, Inc. System and method for tracking and preventing illegal distribution of proprietary material over computer networks
US7065475B1 (en) 2000-10-31 2006-06-20 Goldman Sachs & Co. Modeling option price dynamics
US6985956B2 (en) * 2000-11-02 2006-01-10 Sun Microsystems, Inc. Switching system
WO2002061525A2 (en) 2000-11-02 2002-08-08 Pirus Networks Tcp/udp acceleration
US6807156B1 (en) 2000-11-07 2004-10-19 Telefonaktiebolaget Lm Ericsson (Publ) Scalable real-time quality of service monitoring and analysis of service dependent subscriber satisfaction in IP networks
US7760737B2 (en) 2000-11-30 2010-07-20 Audiocodes, Inc. Method for reordering and reassembling data packets in a network
US6728929B1 (en) * 2001-02-16 2004-04-27 Spirent Communications Of Calabasas, Inc. System and method to insert a TCP checksum in a protocol neutral manner
US7117370B2 (en) 2001-02-20 2006-10-03 Sal Khan System for transmitting secure data between a sender and a recipient over a computer network using a virtual envelope and method for using the same
WO2002071227A1 (en) 2001-03-01 2002-09-12 Cyber Operations, Llc System and method for anti-network terrorism
US7681032B2 (en) 2001-03-12 2010-03-16 Portauthority Technologies Inc. System and method for monitoring unauthorized transport of digital content
EP1490767B1 (en) 2001-04-05 2014-06-11 Audible Magic Corporation Copyright detection and protection system and method
US7325249B2 (en) 2001-04-30 2008-01-29 Aol Llc Identifying unwanted electronic messages
US6785677B1 (en) 2001-05-02 2004-08-31 Unisys Corporation Method for execution of query to search strings of characters that match pattern with a target string utilizing bit vector
US6944168B2 (en) 2001-05-04 2005-09-13 Slt Logic Llc System and method for providing transformation of multi-protocol packets in a data stream
US7152151B2 (en) 2002-07-18 2006-12-19 Ge Fanuc Embedded Systems, Inc. Signal processing resource for selective series processing of data in transit on communications paths in multi-processor arrangements
US7065482B2 (en) 2001-05-17 2006-06-20 International Business Machines Corporation Internet traffic analysis tool
US7149715B2 (en) 2001-06-29 2006-12-12 Goldman Sachs & Co. Method and system for simulating implied volatility surfaces for use in option pricing simulations
US7046848B1 (en) 2001-08-22 2006-05-16 Olcott Peter L Method and system for recognizing machine generated character glyphs and icons in graphic images
US6978223B2 (en) 2001-09-06 2005-12-20 Bbnt Solutions Llc Systems and methods for network performance measurement using packet signature collection
CA2403699C (en) 2001-09-17 2014-12-02 Recognia Inc. Technical analysis formation recognition using pivot points
US7191233B2 (en) 2001-09-17 2007-03-13 Telecommunication Systems, Inc. System for automated, mid-session, user-directed, device-to-device session transfer system
US20030065943A1 (en) 2001-09-28 2003-04-03 Christoph Geis Method and apparatus for recognizing and reacting to denial of service attacks on a computerized network
US7716330B2 (en) 2001-10-19 2010-05-11 Global Velocity, Inc. System and method for controlling transmission of data packets over an information network
US20030078865A1 (en) 2001-10-24 2003-04-24 Lee Theodore C. Automated financial market information and trading system
US20030149869A1 (en) 2002-02-01 2003-08-07 Paul Gleichauf Method and system for securely storing and trasmitting data by applying a one-time pad
US6772345B1 (en) 2002-02-08 2004-08-03 Networks Associates Technology, Inc. Protocol-level malware scanner
US20030198345A1 (en) 2002-04-15 2003-10-23 Van Buer Darrel J. Method and apparatus for high speed implementation of data encryption and decryption utilizing, e.g. Rijndael or its subset AES, or other encryption/decryption algorithms having similar key expansion data flow
US7093023B2 (en) 2002-05-21 2006-08-15 Washington University Methods, systems, and devices using reprogrammable hardware for high-speed processing of streaming data to find a redefinable pattern and respond thereto
US7711844B2 (en) 2002-08-15 2010-05-04 Washington University Of St. Louis TCP-splitter: reliable packet monitoring methods and apparatus for high speed networks
US7389330B2 (en) 2002-09-11 2008-06-17 Hughes Network Systems, Llc System and method for pre-fetching content in a proxy architecture
WO2004042562A2 (en) 2002-10-31 2004-05-21 Lockheed Martin Corporation Pipeline accelerator and related system and method
CA2503611C (en) 2002-10-31 2013-06-18 Lockheed Martin Corporation Peer-vector system utilizing a host processor and pipeline accelerator
JP4154213B2 (en) 2002-11-01 2008-09-24 富士通株式会社 Packet processing device
JP2004186717A (en) 2002-11-29 2004-07-02 Toshiba Corp Communication control method, server apparatus, and client apparatus
US20040107361A1 (en) * 2002-11-29 2004-06-03 Redan Michael C. System for high speed network intrusion detection
US6901461B2 (en) 2002-12-31 2005-05-31 Intel Corporation Hardware assisted ATA command queuing
US7305391B2 (en) 2003-02-07 2007-12-04 Safenet, Inc. System and method for determining the start of a match of a regular expression
TW591532B (en) 2003-03-07 2004-06-11 Mediatek Inc Firmware structuring method and related apparatus for unifying handling of execution responses of subroutines
US7593880B2 (en) 2003-03-19 2009-09-22 General Electric Company Methods and systems for analytical-based multifactor multiobjective portfolio risk optimization
US20040186804A1 (en) 2003-03-19 2004-09-23 Anindya Chakraborty Methods and systems for analytical-based multifactor multiobjective portfolio risk optimization
US7640201B2 (en) 2003-03-19 2009-12-29 General Electric Company Methods and systems for analytical-based multifactor Multiobjective portfolio risk optimization
CA2523548C (en) 2003-05-23 2014-02-04 Washington University Intelligent data processing system and method using fpga devices
US7444515B2 (en) 2003-08-14 2008-10-28 Washington University Method and apparatus for detecting predefined signatures in packet payload using Bloom filters
US7408932B2 (en) 2003-10-20 2008-08-05 Intel Corporation Method and apparatus for two-stage packet classification using most specific filter matching and transport level sharing
US10002385B2 (en) 2003-10-28 2018-06-19 Bgc Partners, Inc. Managing the execution of trades between market makers
US20050097027A1 (en) 2003-11-05 2005-05-05 Sylvan Kavanaugh Computer-implemented method and electronic system for trading
WO2005050396A2 (en) 2003-11-18 2005-06-02 Citigroup Global Markets, Inc. Method and system for artificial neural networks to predict price movements in the financial markets
US20050216384A1 (en) 2003-12-15 2005-09-29 Daniel Partlow System, method, and computer program for creating and valuing financial instruments linked to real estate indices
US7019674B2 (en) 2004-02-05 2006-03-28 Nec Laboratories America, Inc. Content-based information retrieval architecture
US7602785B2 (en) 2004-02-09 2009-10-13 Washington University Method and system for performing longest prefix matching for network address lookup using bloom filters
US8219477B2 (en) 2004-02-20 2012-07-10 General Electric Company Systems and methods for multi-objective portfolio analysis using pareto sorting evolutionary algorithms
US7469228B2 (en) 2004-02-20 2008-12-23 General Electric Company Systems and methods for efficient frontier supplementation in multi-objective portfolio analysis
US20050187845A1 (en) 2004-02-20 2005-08-25 Eklund Neil Holger W. Systems and methods for multi-objective portfolio analysis using dominance filtering
US7542932B2 (en) 2004-02-20 2009-06-02 General Electric Company Systems and methods for multi-objective portfolio optimization
US8126795B2 (en) 2004-02-20 2012-02-28 General Electric Company Systems and methods for initial sampling in multi-objective portfolio analysis
US7630928B2 (en) 2004-02-20 2009-12-08 General Electric Company Systems and methods for multi-objective portfolio analysis and decision-making using visualization techniques
US20050197938A1 (en) 2004-03-05 2005-09-08 Cantor Index Llc System and method for determining odds for wagering in a financial market environment
US7711628B2 (en) 2004-03-05 2010-05-04 Cantor Index Llc System and method for offering intraday wagering in a financial market environment
US7835961B2 (en) 2004-03-05 2010-11-16 Cantor Index Llc System and method for wagering in a financial market environment
US7305383B1 (en) 2004-06-10 2007-12-04 Cisco Technology, Inc. Processing system using bitmap array to compress deterministic finite automation state table allowing direct indexing
US7555449B2 (en) 2004-06-18 2009-06-30 Sap Ag System and method for updating stop loss orders
US7613813B2 (en) * 2004-09-10 2009-11-03 Cavium Networks, Inc. Method and apparatus for reducing host overhead in a socket server implementation
US7653066B2 (en) * 2004-11-04 2010-01-26 Cisco Technology Inc. Method and apparatus for guaranteed in-order delivery for FICON over SONET/SDH transport
US7539132B2 (en) * 2005-01-21 2009-05-26 At&T Intellectual Property Ii, L.P. Methods, systems, and devices for determining COS level
US7917299B2 (en) 2005-03-03 2011-03-29 Washington University Method and apparatus for performing similarity searching on a data stream with respect to a query string
US7702629B2 (en) 2005-12-02 2010-04-20 Exegy Incorporated Method and device for high performance regular expression pattern matching
US7954114B2 (en) 2006-01-26 2011-05-31 Exegy Incorporated Firmware socket module for FPGA-based pipeline processing
US8074275B2 (en) * 2006-02-01 2011-12-06 Cisco Technology, Inc. Preventing network denial of service attacks by early discard of out-of-order segments
WO2008022036A2 (en) 2006-08-10 2008-02-21 Washington University Method and apparatus for protein sequence alignment using fpga devices

Patent Citations (102)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4314356A (en) * 1979-10-24 1982-02-02 Bunker Ramo Corporation High-speed term searcher
US5179626A (en) * 1988-04-08 1993-01-12 At&T Bell Laboratories Harmonic speech coding arrangement where a set of parameters for a continuous magnitude spectrum is determined by a speech analyzer and the parameters are used by a synthesizer to determine a spectrum which is used to determine senusoids for synthesis
US5497488A (en) * 1990-06-12 1996-03-05 Hitachi, Ltd. System for parallel string search with a function-directed parallel collation of a first partition of each string followed by matching of second partitions
US5396253A (en) * 1990-07-25 1995-03-07 British Telecommunications Plc Speed estimation
US5101424A (en) * 1990-09-28 1992-03-31 Northern Telecom Limited Method for generating a monitor program for monitoring text streams and executing actions when pre-defined patterns, are matched using an English to AWK language translator
US5487151A (en) * 1991-04-15 1996-01-23 Hochiki Kabushiki Kaisha Transmission error detection system for use in a disaster prevention monitoring system
US5488725A (en) * 1991-10-08 1996-01-30 West Publishing Company System of document representation retrieval by successive iterated probability sampling
US5239298A (en) * 1992-04-17 1993-08-24 Bell Communications Research, Inc. Data compression
US5388259A (en) * 1992-05-15 1995-02-07 Bell Communications Research, Inc. System for accessing a database with an iterated fuzzy query notified by retrieval response
US20030055777A1 (en) * 1992-06-10 2003-03-20 Ginsberg Philip M. Fixed income portfolio index processor
US5721898A (en) * 1992-09-02 1998-02-24 International Business Machines Corporation Method and system for data search in a data processing system
US6044407A (en) * 1992-11-13 2000-03-28 British Telecommunications Public Limited Company Interface for translating an information message from one protocol to another
US5481735A (en) * 1992-12-28 1996-01-02 Apple Computer, Inc. Method for modifying packets that meet a particular criteria as the packets pass between two layers in a network
US5596569A (en) * 1994-03-08 1997-01-21 Excel, Inc. Telecommunications switch with improved redundancy
US5870730A (en) * 1994-07-11 1999-02-09 Hitachi, Ltd Decision making method
US5884286A (en) * 1994-07-29 1999-03-16 Daughtery, Iii; Vergil L. Apparatus and process for executing an expirationless option transaction
US5710757A (en) * 1995-03-27 1998-01-20 Hewlett Packard Company Electronic device for processing multiple rate wireless information
US5864738A (en) * 1996-03-13 1999-01-26 Cray Research, Inc. Massively parallel processing system using two data paths: one connecting router circuit to the interconnect network and the other connecting router circuit to I/O controller
US5832212A (en) * 1996-04-19 1998-11-03 International Business Machines Corporation Censoring browser method and apparatus for internet viewing
US5712942A (en) * 1996-05-13 1998-01-27 Lucent Technologies Inc. Optical communications system having distributed intelligence
US6023760A (en) * 1996-06-22 2000-02-08 Xerox Corporation Modifying an input string partitioned in accordance with directionality and length constraints
US6178494B1 (en) * 1996-09-23 2001-01-23 Virtual Computer Corporation Modular, hybrid processor and method for producing a modular, hybrid processor
US6205148B1 (en) * 1996-11-26 2001-03-20 Fujitsu Limited Apparatus and a method for selecting an access router's protocol of a plurality of the protocols for transferring a packet in a communication system
US6028939A (en) * 1997-01-03 2000-02-22 Redcreek Communications, Inc. Data security system and method
US6175874B1 (en) * 1997-07-03 2001-01-16 Fujitsu Limited Packet relay control method packet relay device and program memory medium
US6173276B1 (en) * 1997-08-21 2001-01-09 Scicomp, Inc. System and method for financial instrument modeling and valuation
US6025755A (en) * 1997-12-12 2000-02-15 The Aerospace Corporation Method of stabilizing electromagnetic field strength in an atomic system
US20040019703A1 (en) * 1997-12-17 2004-01-29 Src Computers, Inc. Switch/network adapter port incorporating shared memory resources selectively accessible by a direct execution logic element and one or more dense logic devices
US6339819B1 (en) * 1997-12-17 2002-01-15 Src Computers, Inc. Multiprocessor with each processor element accessing operands in loaded input buffer and forwarding results to FIFO output buffer
US20030002502A1 (en) * 1998-05-01 2003-01-02 Gibson William A. System for recovering lost information in a data stream by means of parity packets
US6169969B1 (en) * 1998-08-07 2001-01-02 The United States Of America As Represented By The Director Of The National Security Agency Device and method for full-text large-dictionary string matching using n-gram hashing
US6535868B1 (en) * 1998-08-27 2003-03-18 Debra A. Galeazzi Method and apparatus for managing metadata in a database management system
US6336150B1 (en) * 1998-10-30 2002-01-01 Lsi Logic Corporation Apparatus and method for enhancing data transfer rates using transfer control blocks
US20060059083A1 (en) * 1999-04-09 2006-03-16 Trading Technologies International, Inc. User interface for semi-fungible trading
US7185081B1 (en) * 1999-04-30 2007-02-27 Pmc-Sierra, Inc. Method and apparatus for programmable lexical packet classifier
US6601061B1 (en) * 1999-06-18 2003-07-29 Surfwax, Inc. Scalable information search and retrieval including use of special purpose searching resources
US6363384B1 (en) * 1999-06-29 2002-03-26 Wandel & Goltermann Technologies, Inc. Expert system process flow
US6704816B1 (en) * 1999-07-26 2004-03-09 Sun Microsystems, Inc. Method and apparatus for executing standard functions in a computer system using a field programmable gate array
US6870837B2 (en) * 1999-08-19 2005-03-22 Nokia Corporation Circuit emulation service over an internet protocol network
US6343324B1 (en) * 1999-09-13 2002-01-29 International Business Machines Corporation Method and system for controlling access share storage devices in a network environment by configuring host-to-volume mapping data structures in the controller memory for granting and denying access to the devices
US6850906B1 (en) * 1999-12-15 2005-02-01 Traderbot, Inc. Real-time financial search engine and method
US6870929B1 (en) * 1999-12-22 2005-03-22 Juniper Networks, Inc. High throughput system for encryption and other data operations
US20020031125A1 (en) * 1999-12-28 2002-03-14 Jun Sato Packet transfer communication apparatus, packet transfer communication method, and storage medium
US7181608B2 (en) * 2000-02-03 2007-02-20 Realtime Data Llc Systems and methods for accelerated loading of operating systems and application programs
US6711558B1 (en) * 2000-04-07 2004-03-23 Washington University Associative database scanning and information retrieval
US20030018630A1 (en) * 2000-04-07 2003-01-23 Indeck Ronald S. Associative database scanning and information retrieval using FPGA devices
US7181437B2 (en) * 2000-04-07 2007-02-20 Washington University Associative database scanning and information retrieval
US20060020715A1 (en) * 2000-06-23 2006-01-26 Cloudshield Technologies, Inc. System and method for processing packets according to user specified rules governed by a syntax
US20030028690A1 (en) * 2000-07-20 2003-02-06 John Appleby-Alis System, method and article of manufacture for a reconfigurable hardware-based multimedia device
US20030033514A1 (en) * 2000-07-20 2003-02-13 John Appleby-Allis System, method and article of manufacture for controlling peripherals and processing data on a system having no dedicated storage program and no central processing unit.
US20030033450A1 (en) * 2000-07-20 2003-02-13 John Appleby-Alis System, method, and article of manufacture for remote updating of hardware
US20020010825A1 (en) * 2000-07-20 2002-01-24 Alex Wilson Memory resource arbitrator for multiple gate arrays
US20030041129A1 (en) * 2000-07-20 2003-02-27 John Applcby-Allis Voice-over-internet protocol telephone in reconfigurable logic
US20030033594A1 (en) * 2001-01-29 2003-02-13 Matt Bowen System, method and article of manufacture for parameterized expression libraries
US20030037321A1 (en) * 2001-01-29 2003-02-20 Matt Bowen System, method and article of manufacture for extensions in a programming lanauage capable of programming hardware architectures
US20030046668A1 (en) * 2001-01-29 2003-03-06 Matt Bowen System, method and article of manufacture for distributing IP cores
US20030033588A1 (en) * 2001-01-29 2003-02-13 John Alexander System, method and article of manufacture for using a library map to create and maintain IP cores effectively
US6691301B2 (en) * 2001-01-29 2004-02-10 Celoxica Ltd. System, method and article of manufacture for signal constructs in a programming language capable of programming hardware architectures
US20030028864A1 (en) * 2001-01-29 2003-02-06 Matt Bowen System, method and article of manufacture for successive compilations using incomplete parameters
US20040015502A1 (en) * 2001-01-29 2004-01-22 John Alexander Application program interface for programmable architecture cores
US20030023653A1 (en) * 2001-01-29 2003-01-30 Andrew Dunlop System, method and article of manufacture for a single-cycle floating point library
US6847645B1 (en) * 2001-02-22 2005-01-25 Cisco Technology, Inc. Method and apparatus for controlling packet header buffer wrap around in a forwarding engine of an intermediate network node
US20030028408A1 (en) * 2001-02-23 2003-02-06 Rudusky Daryl System, method and article of manufacture for a contractor-based hardware development service
US20030061409A1 (en) * 2001-02-23 2003-03-27 Rudusky Daryl System, method and article of manufacture for dynamic, automated product fulfillment for configuring a remotely located device
US20030055658A1 (en) * 2001-02-23 2003-03-20 Rudusky Daryl System, method and article of manufacture for dynamic, automated fulfillment of an order for a hardware product
US20030055769A1 (en) * 2001-02-23 2003-03-20 Rudusky Daryl System, method and article of manufacture for a library-based hardware configuration service
US20030055770A1 (en) * 2001-02-23 2003-03-20 Rudusky Daryl System, method and article of manufacture for an auction-based system for hardware development
US20030055771A1 (en) * 2001-02-23 2003-03-20 Rudusky Daryl System, method and article of manufacture for a reverse-auction-based system for hardware development
US20030033234A1 (en) * 2001-02-23 2003-02-13 Rudusky Daryl System, method and article of manufacture for a hardware configuration service
US20030035547A1 (en) * 2001-03-27 2003-02-20 John Newton Server with multiple encryption libraries
US20030039355A1 (en) * 2001-05-11 2003-02-27 Mccanny John Vincent Computer useable product for generating data encryption/decryption apparatus
US20030033240A1 (en) * 2001-06-11 2003-02-13 Opt4 Derivatives, Inc. Integrated electronic exchange of structured contracts with dynamic risk-based transaction permissioning
US20030014662A1 (en) * 2001-06-13 2003-01-16 Gupta Ramesh M. Protocol-parsing state machine and method of using same
US20030014521A1 (en) * 2001-06-28 2003-01-16 Jeremy Elson Open platform architecture for shared resource access management
US20030009693A1 (en) * 2001-07-09 2003-01-09 International Business Machines Corporation Dynamic intrusion detection for computer systems
US20030023876A1 (en) * 2001-07-27 2003-01-30 International Business Machines Corporation Correlating network information and intrusion information to find the entry point of an attack upon a protected computer
US20030037037A1 (en) * 2001-08-17 2003-02-20 Ec Outlook, Inc. Method of storing, maintaining and distributing computer intelligible electronic data
US20030043805A1 (en) * 2001-08-30 2003-03-06 International Business Machines Corporation IP datagram over multiple queue pairs
US20030051043A1 (en) * 2001-09-12 2003-03-13 Raqia Networks Inc. High speed data stream pattern recognition
US7181765B2 (en) * 2001-10-12 2007-02-20 Motorola, Inc. Method and apparatus for providing node security in a router of a packet network
US6910078B1 (en) * 2001-11-15 2005-06-21 Cisco Technology, Inc. Methods and apparatus for controlling the transmission of stream data
US20040028047A1 (en) * 2002-05-22 2004-02-12 Sean Hou Switch for local area network
US7480253B1 (en) * 2002-05-30 2009-01-20 Nortel Networks Limited Ascertaining the availability of communications between devices
US7167980B2 (en) * 2002-05-30 2007-01-23 Intel Corporation Data comparison process
US20090019538A1 (en) * 2002-06-11 2009-01-15 Pandya Ashish A Distributed network security system and a hardware processor therefor
US7478431B1 (en) * 2002-08-02 2009-01-13 Symantec Corporation Heuristic detection of computer viruses
US20040034587A1 (en) * 2002-08-19 2004-02-19 Amberson Matthew Gilbert System and method for calculating intra-period volatility
US20040054924A1 (en) * 2002-09-03 2004-03-18 Chuah Mooi Choo Methods and devices for providing distributed, adaptive IP filtering against distributed denial of service attacks
US20060059213A1 (en) * 2002-12-18 2006-03-16 Koninklijke Philips Electronics N.V. Dedicated encrypted virtual channel in a multi-channel serial communications interface
US20050033672A1 (en) * 2003-07-22 2005-02-10 Credit-Agricole Indosuez System, method, and computer program product for managing financial risk when issuing tender options
US20080037420A1 (en) * 2003-10-08 2008-02-14 Bob Tang Immediate ready implementation of virtually congestion free guaranteed service capable network: external internet nextgentcp (square waveform) TCP friendly san
US20060059099A1 (en) * 2004-04-14 2006-03-16 Digital River, Inc. Software wrapper having use limitation within a geographic boundary
US20060020536A1 (en) * 2004-07-21 2006-01-26 Espeed, Inc. System and method for managing trading orders received from market makers
US20060031154A1 (en) * 2004-08-04 2006-02-09 Noviello Joseph C System and method for managing trading using alert messages for outlying trading orders
US20060031156A1 (en) * 2004-08-04 2006-02-09 Noviello Joseph C System and method for managing trading using alert messages for outlying trading orders
US20060059068A1 (en) * 2004-09-10 2006-03-16 Chicago Mercantile Exchange, Inc. System and method for hybrid spreading for risk management
US20060059066A1 (en) * 2004-09-10 2006-03-16 Chicago Mercantile Exchange, Inc. System and method for asymmetric offsets in a risk management system
US20060059067A1 (en) * 2004-09-10 2006-03-16 Chicago Mercantile Exchange, Inc. System and method of margining fixed payoff products
US20060059069A1 (en) * 2004-09-10 2006-03-16 Chicago Mercantile Exchange, Inc. System and method for hybrid spreading for flexible spread participation
US20060059065A1 (en) * 2004-09-10 2006-03-16 Chicago Mercantile Exchange, Inc. System and method for displaying a combined trading and risk management GUI display
US20060059064A1 (en) * 2004-09-10 2006-03-16 Chicago Mercantile Exchange, Inc. System and method for efficiently using collateral for risk offset
US20120016998A1 (en) * 2006-10-10 2012-01-19 Cisco Technology, Inc. Refreshing a Session Initiation Protocol (SIP) Session

Cited By (400)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8549024B2 (en) 2000-04-07 2013-10-01 Ip Reservoir, Llc Method and apparatus for adjustable data matching
US7949650B2 (en) 2000-04-07 2011-05-24 Washington University Associative database scanning and information retrieval
US9020928B2 (en) 2000-04-07 2015-04-28 Ip Reservoir, Llc Method and apparatus for processing streaming data using programmable logic
US8095508B2 (en) 2000-04-07 2012-01-10 Washington University Intelligent data storage and processing using FPGA devices
US7953743B2 (en) 2000-04-07 2011-05-31 Washington University Associative database scanning and information retrieval
US8131697B2 (en) 2000-04-07 2012-03-06 Washington University Method and apparatus for approximate matching where programmable logic is used to process data being written to a mass storage medium and process data being read from a mass storage medium
US7680790B2 (en) 2000-04-07 2010-03-16 Washington University Method and apparatus for approximate matching of DNA sequences
US20020029289A1 (en) * 2000-07-28 2002-03-07 Byrne Michael A. Debugging of multiple data processors
US7716330B2 (en) 2001-10-19 2010-05-11 Global Velocity, Inc. System and method for controlling transmission of data packets over an information network
US10909623B2 (en) 2002-05-21 2021-02-02 Ip Reservoir, Llc Method and apparatus for processing financial information at hardware speeds using FPGA devices
US8069102B2 (en) 2002-05-21 2011-11-29 Washington University Method and apparatus for processing financial information at hardware speeds using FPGA devices
US20040024894A1 (en) * 2002-08-02 2004-02-05 Osman Fazil Ismet High data rate stateful protocol processing
US8015303B2 (en) 2002-08-02 2011-09-06 Astute Networks Inc. High data rate stateful protocol processing
US7711844B2 (en) 2002-08-15 2010-05-04 Washington University Of St. Louis TCP-splitter: reliable packet monitoring methods and apparatus for high speed networks
US20030177253A1 (en) * 2002-08-15 2003-09-18 Schuehler David V. TCP-splitter: reliable packet monitoring methods and apparatus for high speed networks
US7814218B1 (en) * 2002-10-17 2010-10-12 Astute Networks, Inc. Multi-protocol and multi-format stateful processing
US8151278B1 (en) 2002-10-17 2012-04-03 Astute Networks, Inc. System and method for timer management in a stateful protocol processing system
US7596621B1 (en) * 2002-10-17 2009-09-29 Astute Networks, Inc. System and method for managing shared state using multiple programmed processors
US7657937B1 (en) * 2003-01-02 2010-02-02 Vmware, Inc. Method for customizing processing and response for intrusion prevention
US20060146708A1 (en) * 2003-02-28 2006-07-06 Matsushita Electric Industrial Co., Ltd Packet transfer control method and packet transfer control circuit
US7607093B2 (en) * 2003-04-04 2009-10-20 Agilent Technologies, Inc. Displaying network segment decode information in diagrammatic form
US20040196308A1 (en) * 2003-04-04 2004-10-07 Blomquist Scott Alan Displaying network segment decode information in diagrammatic form
US11275594B2 (en) 2003-05-23 2022-03-15 Ip Reservoir, Llc Intelligent data storage and processing using FPGA devices
US9898312B2 (en) 2003-05-23 2018-02-20 Ip Reservoir, Llc Intelligent data storage and processing using FPGA devices
US9176775B2 (en) 2003-05-23 2015-11-03 Ip Reservoir, Llc Intelligent data storage and processing using FPGA devices
US8751452B2 (en) 2003-05-23 2014-06-10 Ip Reservoir, Llc Intelligent data storage and processing using FPGA devices
US8620881B2 (en) 2003-05-23 2013-12-31 Ip Reservoir, Llc Intelligent data storage and processing using FPGA devices
US8768888B2 (en) 2003-05-23 2014-07-01 Ip Reservoir, Llc Intelligent data storage and processing using FPGA devices
US10346181B2 (en) 2003-05-23 2019-07-09 Ip Reservoir, Llc Intelligent data storage and processing using FPGA devices
US10572824B2 (en) 2003-05-23 2020-02-25 Ip Reservoir, Llc System and method for low latency multi-functional pipeline with correlation logic and selectively activated/deactivated pipelined data processing engines
US10719334B2 (en) 2003-05-23 2020-07-21 Ip Reservoir, Llc Intelligent data storage and processing using FPGA devices
US10929152B2 (en) 2003-05-23 2021-02-23 Ip Reservoir, Llc Intelligent data storage and processing using FPGA devices
US7647631B2 (en) 2003-12-10 2010-01-12 Hewlett-Packard Development Company Automated user interaction in application assessment
US20050132232A1 (en) * 2003-12-10 2005-06-16 Caleb Sima Automated user interaction in application assessment
US7634655B2 (en) * 2004-02-13 2009-12-15 Microsoft Corporation Efficient hash table protection for data transport protocols
US20050182929A1 (en) * 2004-02-13 2005-08-18 Sanjay Kaniyar Efficient hash table protection for data transport protocols
US7562389B1 (en) 2004-07-30 2009-07-14 Cisco Technology, Inc. Method and system for network security
US7555774B2 (en) 2004-08-02 2009-06-30 Cisco Technology, Inc. Inline intrusion detection using a single physical port
US20060023709A1 (en) * 2004-08-02 2006-02-02 Hall Michael L Inline intrusion detection using a single physical port
US20060053295A1 (en) * 2004-08-24 2006-03-09 Bharath Madhusudan Methods and systems for content detection in a reconfigurable hardware
US9652505B2 (en) 2004-09-10 2017-05-16 Cavium, Inc. Content search pattern matching using deterministic finite automata (DFA) graphs
US20060075206A1 (en) * 2004-09-10 2006-04-06 Bouchard Gregg A Deterministic finite automata (DFA) instruction
US20060069872A1 (en) * 2004-09-10 2006-03-30 Bouchard Gregg A Deterministic finite automata (DFA) processing
US9336328B2 (en) 2004-09-10 2016-05-10 Cavium, Inc. Content search mechanism that uses a deterministic finite automata (DFA) graph, a DFA state machine, and a walker process
US8560475B2 (en) 2004-09-10 2013-10-15 Cavium, Inc. Content search mechanism that uses a deterministic finite automata (DFA) graph, a DFA state machine, and a walker process
US8301788B2 (en) * 2004-09-10 2012-10-30 Cavium, Inc. Deterministic finite automata (DFA) instruction
US8818921B2 (en) 2004-09-10 2014-08-26 Cavium, Inc. Content search mechanism that uses a deterministic finite automata (DFA) graph, a DFA state machine, and a walker process
US8392590B2 (en) 2004-09-10 2013-03-05 Cavium, Inc. Deterministic finite automata (DFA) processing
US9100427B2 (en) * 2004-10-13 2015-08-04 Dell Software Inc. Method and an apparatus to perform multiple packet payloads analysis
US9577983B2 (en) 2004-10-13 2017-02-21 Dell Software Inc. Method and apparatus to perform multiple packet payloads analysis
US20140059681A1 (en) * 2004-10-13 2014-02-27 Sonicwall, Inc. Method and an apparatus to perform multiple packet payloads analysis
US20140053264A1 (en) * 2004-10-13 2014-02-20 Sonicwall, Inc. Method and apparatus to perform multiple packet payloads analysis
US20150350231A1 (en) * 2004-10-13 2015-12-03 Dell Software Inc. Method and an apparatus to perform multiple packet payloads analysis
US10015138B2 (en) 2004-10-13 2018-07-03 Sonicwall Inc. Method and apparatus to perform multiple packet payloads analysis
US20170134409A1 (en) * 2004-10-13 2017-05-11 Dell Software Inc. Method and an apparatus to perform multiple packet payloads analysis
US10742606B2 (en) 2004-10-13 2020-08-11 Sonicwall Inc. Method and apparatus to perform multiple packet payloads analysis
US9553883B2 (en) * 2004-10-13 2017-01-24 Dell Software Inc. Method and an apparatus to perform multiple packet payloads analysis
US9065848B2 (en) * 2004-10-13 2015-06-23 Dell Software Inc. Method and apparatus to perform multiple packet payloads analysis
US10021122B2 (en) * 2004-10-13 2018-07-10 Sonicwall Inc. Method and an apparatus to perform multiple packet payloads analysis
US7356663B2 (en) 2004-11-08 2008-04-08 Intruguard Devices, Inc. Layered memory architecture for deterministic finite automaton based string matching useful in network intrusion detection and prevention systems and apparatuses
US20060101195A1 (en) * 2004-11-08 2006-05-11 Jain Hemant K Layered memory architecture for deterministic finite automaton based string matching useful in network intrusion detection and prevention systems and apparatuses
US10580518B2 (en) 2005-03-03 2020-03-03 Washington University Method and apparatus for performing similarity searching
US20110231446A1 (en) * 2005-03-03 2011-09-22 Washington University Method and Apparatus for Performing Similarity Searching
US9547680B2 (en) 2005-03-03 2017-01-17 Washington University Method and apparatus for performing similarity searching
US7917299B2 (en) 2005-03-03 2011-03-29 Washington University Method and apparatus for performing similarity searching on a data stream with respect to a query string
US10957423B2 (en) 2005-03-03 2021-03-23 Washington University Method and apparatus for performing similarity searching
US8515682B2 (en) 2005-03-03 2013-08-20 Washington University Method and apparatus for performing similarity searching
US20070055664A1 (en) * 2005-09-05 2007-03-08 Cisco Technology, Inc. Pipeline sequential regular expression matching
US7499941B2 (en) 2005-09-05 2009-03-03 Cisco Technology, Inc. Pipeline regular expression matching
US7580411B2 (en) * 2005-11-03 2009-08-25 Draytek Corp. Network flow/stream simulation method
US20070097982A1 (en) * 2005-11-03 2007-05-03 Chang-Chung Wen Network Flow/Stream Simulation Method
US7970878B1 (en) * 2005-11-16 2011-06-28 Cisco Technology, Inc. Method and apparatus for limiting domain name server transaction bandwidth
US20070124816A1 (en) * 2005-11-29 2007-05-31 Alcatel Unauthorized content detection for information transfer
US7702629B2 (en) 2005-12-02 2010-04-20 Exegy Incorporated Method and device for high performance regular expression pattern matching
US7945528B2 (en) 2005-12-02 2011-05-17 Exegy Incorporated Method and device for high performance regular expression pattern matching
US8634335B1 (en) 2005-12-02 2014-01-21 Marvell International Ltd. Flexible port rate limiting
US7873048B1 (en) * 2005-12-02 2011-01-18 Marvell International Ltd. Flexible port rate limiting
US20070130140A1 (en) * 2005-12-02 2007-06-07 Cytron Ron K Method and device for high performance regular expression pattern matching
US8234361B2 (en) * 2006-01-13 2012-07-31 Fortinet, Inc. Computerized system and method for handling network traffic
US10038668B2 (en) 2006-01-13 2018-07-31 Fortinet, Inc. Computerized system and method for handling network traffic
US20070168547A1 (en) * 2006-01-13 2007-07-19 Fortinet, Inc. Computerized system and method for handling network traffic
US8495200B2 (en) 2006-01-13 2013-07-23 Fortinet, Inc. Computerized system and method for handling network traffic
US20070174841A1 (en) * 2006-01-26 2007-07-26 Exegy Incorporated & Washington University Firmware socket module for FPGA-based pipeline processing
US7954114B2 (en) 2006-01-26 2011-05-31 Exegy Incorporated Firmware socket module for FPGA-based pipeline processing
US8769152B2 (en) 2006-02-14 2014-07-01 Jds Uniphase Corporation Align/notify compression scheme in a network diagnostic component
US20070189176A1 (en) * 2006-02-14 2007-08-16 Finisar Corporation Random data compression scheme in a network diagnostic component
US20070189175A1 (en) * 2006-02-14 2007-08-16 Finisar Corporation Capture timing and negotiation data with repeat counts in a networking diagnostic component
EP1989826A2 (en) * 2006-02-14 2008-11-12 Finisar Corporation Diagnostic functions in an in-line device
US8607145B2 (en) 2006-02-14 2013-12-10 Jds Uniphase Corporation Show OOB and speed negotiation data graphically in a network diagnostic component
EP1989826A4 (en) * 2006-02-14 2010-09-15 Finisar Corp Diagnostic functions in an in-line device
US20080189641A1 (en) * 2006-02-14 2008-08-07 Finisar Corporation Show oob and speed negotiation data graphically in a network diagnostic component
US20070192469A1 (en) * 2006-02-14 2007-08-16 Finisar Corporation Align/notify compression scheme in a network diagnostic component
US8576731B2 (en) 2006-02-14 2013-11-05 Jds Uniphase Corporation Random data compression scheme in a network diagnostic component
US8125906B2 (en) 2006-03-03 2012-02-28 Kiranmai Vedanabhatla Capture RCDT and SNTT SAS speed negotiation decodes in a network diagnostic component
US20070206509A1 (en) * 2006-03-03 2007-09-06 Finisar Corporation Capture rcdt and sntt sas speed negotiation decodes in a network diagnostic component
US8737606B2 (en) 2006-03-23 2014-05-27 Ip Reservoir, Llc Method and system for high throughput blockwise independent encryption/decryption
US8983063B1 (en) 2006-03-23 2015-03-17 Ip Reservoir, Llc Method and system for high throughput blockwise independent encryption/decryption
US8379841B2 (en) 2006-03-23 2013-02-19 Exegy Incorporated Method and system for high throughput blockwise independent encryption/decryption
US20070244891A1 (en) * 2006-04-18 2007-10-18 International Business Machines Corporation Method of obtaining data samples from a data stream and of estimating the sortedness of the data stream based on the samples
US7797326B2 (en) * 2006-04-18 2010-09-14 International Business Machines Corporation Method of obtaining data samples from a data stream and of estimating the sortedness of the data stream based on the samples
US8478680B2 (en) 2006-06-19 2013-07-02 Exegy Incorporated High speed processing of financial information using FPGA devices
US20110178911A1 (en) * 2006-06-19 2011-07-21 Exegy Incorporated High Speed Processing of Financial Information Using FPGA Devices
US20110040701A1 (en) * 2006-06-19 2011-02-17 Exegy Incorporated Method and System for High Speed Options Pricing
US11182856B2 (en) 2006-06-19 2021-11-23 Exegy Incorporated System and method for routing of streaming data as between multiple compute resources
US8843408B2 (en) 2006-06-19 2014-09-23 Ip Reservoir, Llc Method and system for high speed options pricing
US7840482B2 (en) 2006-06-19 2010-11-23 Exegy Incorporated Method and system for high speed options pricing
US10817945B2 (en) 2006-06-19 2020-10-27 Ip Reservoir, Llc System and method for routing of streaming data as between multiple compute resources
US8595104B2 (en) 2006-06-19 2013-11-26 Ip Reservoir, Llc High speed processing of financial information using FPGA devices
US10504184B2 (en) 2006-06-19 2019-12-10 Ip Reservoir, Llc Fast track routing of streaming data as between multiple compute resources
US10467692B2 (en) 2006-06-19 2019-11-05 Ip Reservoir, Llc High speed processing of financial information using FPGA devices
US20110178919A1 (en) * 2006-06-19 2011-07-21 Exegy Incorporated High Speed Processing of Financial Information Using FPGA Devices
US20110179050A1 (en) * 2006-06-19 2011-07-21 Exegy Incorporated High Speed Processing of Financial Information Using FPGA Devices
US20110178912A1 (en) * 2006-06-19 2011-07-21 Exegy Incorporated High Speed Processing of Financial Information Using FPGA Devices
US20110178917A1 (en) * 2006-06-19 2011-07-21 Exegy Incorporated High Speed Processing of Financial Information Using FPGA Devices
US20110178957A1 (en) * 2006-06-19 2011-07-21 Exegy Incorporated High Speed Processing of Financial Information Using FPGA Devices
US7921046B2 (en) 2006-06-19 2011-04-05 Exegy Incorporated High speed processing of financial information using FPGA devices
US20110178918A1 (en) * 2006-06-19 2011-07-21 Exegy Incorporated High Speed Processing of Financial Information Using FPGA Devices
US8600856B2 (en) 2006-06-19 2013-12-03 Ip Reservoir, Llc High speed processing of financial information using FPGA devices
US10360632B2 (en) 2006-06-19 2019-07-23 Ip Reservoir, Llc Fast track routing of streaming data using FPGA devices
US8458081B2 (en) 2006-06-19 2013-06-04 Exegy Incorporated High speed processing of financial information using FPGA devices
US8407122B2 (en) 2006-06-19 2013-03-26 Exegy Incorporated High speed processing of financial information using FPGA devices
US20070294157A1 (en) * 2006-06-19 2007-12-20 Exegy Incorporated Method and System for High Speed Options Pricing
US10169814B2 (en) 2006-06-19 2019-01-01 Ip Reservoir, Llc High speed processing of financial information using FPGA devices
US8655764B2 (en) 2006-06-19 2014-02-18 Ip Reservoir, Llc High speed processing of financial information using FPGA devices
US9582831B2 (en) 2006-06-19 2017-02-28 Ip Reservoir, Llc High speed processing of financial information using FPGA devices
US9916622B2 (en) 2006-06-19 2018-03-13 Ip Reservoir, Llc High speed processing of financial information using FPGA devices
US8626624B2 (en) 2006-06-19 2014-01-07 Ip Reservoir, Llc High speed processing of financial information using FPGA devices
US9672565B2 (en) 2006-06-19 2017-06-06 Ip Reservoir, Llc High speed processing of financial information using FPGA devices
US8045457B1 (en) * 2006-06-29 2011-10-25 Symantec Corporation Dropping packets to prevent unauthorized data transfer through multimedia tunnels
US10560494B2 (en) 2006-06-30 2020-02-11 Centurylink Intellectual Property Llc Managing voice over internet protocol (VoIP) communications
US8976665B2 (en) 2006-06-30 2015-03-10 Centurylink Intellectual Property Llc System and method for re-routing calls
US8717911B2 (en) 2006-06-30 2014-05-06 Centurylink Intellectual Property Llc System and method for collecting network performance information
US8000318B2 (en) 2006-06-30 2011-08-16 Embarq Holdings Company, Llc System and method for call routing based on transmission performance of a packet network
US20080002576A1 (en) * 2006-06-30 2008-01-03 Bugenhagen Michael K System and method for resetting counters counting network performance information at network communications devices on a packet network
US20080002716A1 (en) * 2006-06-30 2008-01-03 Wiley William L System and method for selecting network egress
US20080002670A1 (en) * 2006-06-30 2008-01-03 Bugenhagen Michael K System and method for adjusting code speed in a transmission path during call set-up due to reduced transmission performance
US20080002676A1 (en) * 2006-06-30 2008-01-03 Wiley William L System and method for routing calls if potential call paths are impaired or congested
US8570872B2 (en) 2006-06-30 2013-10-29 Centurylink Intellectual Property Llc System and method for selecting network ingress and egress
US7948909B2 (en) 2006-06-30 2011-05-24 Embarq Holdings Company, Llc System and method for resetting counters counting network performance information at network communications devices on a packet network
US9549004B2 (en) 2006-06-30 2017-01-17 Centurylink Intellectual Property Llc System and method for re-routing calls
US20080002677A1 (en) * 2006-06-30 2008-01-03 Bugenhagen Michael K System and method for collecting network performance information
US9054915B2 (en) 2006-06-30 2015-06-09 Centurylink Intellectual Property Llc System and method for adjusting CODEC speed in a transmission path during call set-up due to reduced transmission performance
US9094257B2 (en) 2006-06-30 2015-07-28 Centurylink Intellectual Property Llc System and method for selecting a content delivery network
US8184549B2 (en) 2006-06-30 2012-05-22 Embarq Holdings Company, LLP System and method for selecting network egress
US8488447B2 (en) 2006-06-30 2013-07-16 Centurylink Intellectual Property Llc System and method for adjusting code speed in a transmission path during call set-up due to reduced transmission performance
US9118583B2 (en) 2006-06-30 2015-08-25 Centurylink Intellectual Property Llc System and method for re-routing calls
US8477614B2 (en) 2006-06-30 2013-07-02 Centurylink Intellectual Property Llc System and method for routing calls if potential call paths are impaired or congested
US9154634B2 (en) 2006-06-30 2015-10-06 Centurylink Intellectual Property Llc System and method for managing network communications
US10230788B2 (en) 2006-06-30 2019-03-12 Centurylink Intellectual Property Llc System and method for selecting a content delivery network
US9838440B2 (en) 2006-06-30 2017-12-05 Centurylink Intellectual Property Llc Managing voice over internet protocol (VoIP) communications
US9749399B2 (en) 2006-06-30 2017-08-29 Centurylink Intellectual Property Llc System and method for selecting a content delivery network
US20100306209A1 (en) * 2006-07-22 2010-12-02 Tien-Fu Chen Pattern matcher and its matching method
US8619596B2 (en) 2006-08-22 2013-12-31 Centurylink Intellectual Property Llc System and method for using centralized network performance tables to manage network communications
US9621361B2 (en) 2006-08-22 2017-04-11 Centurylink Intellectual Property Llc Pin-hole firewall for communicating data packets on a packet network
US8228791B2 (en) 2006-08-22 2012-07-24 Embarq Holdings Company, Llc System and method for routing communications between packet networks based on intercarrier agreements
US8223654B2 (en) 2006-08-22 2012-07-17 Embarq Holdings Company, Llc Application-specific integrated circuit for monitoring and optimizing interlayer network performance
US8238253B2 (en) 2006-08-22 2012-08-07 Embarq Holdings Company, Llc System and method for monitoring interlayer devices and optimizing network performance
US20080049775A1 (en) * 2006-08-22 2008-02-28 Morrill Robert J System and method for monitoring and optimizing network performance with vector performance tables and engines
US8274905B2 (en) 2006-08-22 2012-09-25 Embarq Holdings Company, Llc System and method for displaying a graph representative of network performance over a time period
US20080049641A1 (en) * 2006-08-22 2008-02-28 Edwards Stephen K System and method for displaying a graph representative of network performance over a time period
US20080049769A1 (en) * 2006-08-22 2008-02-28 Bugenhagen Michael K Application-specific integrated circuit for monitoring and optimizing interlayer network performance
US8307065B2 (en) 2006-08-22 2012-11-06 Centurylink Intellectual Property Llc System and method for remotely controlling network operators
US20080049640A1 (en) * 2006-08-22 2008-02-28 Heinz John M System and method for provisioning resources of a packet network based on collected network performance information
US20080049746A1 (en) * 2006-08-22 2008-02-28 Morrill Robert J System and method for routing data on a packet network
US10469385B2 (en) 2006-08-22 2019-11-05 Centurylink Intellectual Property Llc System and method for improving network performance using a connection admission control engine
US8358580B2 (en) 2006-08-22 2013-01-22 Centurylink Intellectual Property Llc System and method for adjusting the window size of a TCP packet through network elements
US8374090B2 (en) 2006-08-22 2013-02-12 Centurylink Intellectual Property Llc System and method for routing data on a packet network
US20080049632A1 (en) * 2006-08-22 2008-02-28 Ray Amar N System and method for adjusting the window size of a TCP packet through remote network elements
US8224255B2 (en) 2006-08-22 2012-07-17 Embarq Holdings Company, Llc System and method for managing radio frequency windows
US10075351B2 (en) 2006-08-22 2018-09-11 Centurylink Intellectual Property Llc System and method for improving network performance
US8407765B2 (en) 2006-08-22 2013-03-26 Centurylink Intellectual Property Llc System and method for restricting access to network performance information tables
US8213366B2 (en) 2006-08-22 2012-07-03 Embarq Holdings Company, Llc System and method for monitoring and optimizing network performance to a wireless device
US8199653B2 (en) 2006-08-22 2012-06-12 Embarq Holdings Company, Llc System and method for communicating network performance information over a packet network
US8472326B2 (en) 2006-08-22 2013-06-25 Centurylink Intellectual Property Llc System and method for monitoring interlayer devices and optimizing network performance
US20080049777A1 (en) * 2006-08-22 2008-02-28 Morrill Robert J System and method for using distributed network performance information tables to manage network communications
US20080049638A1 (en) * 2006-08-22 2008-02-28 Ray Amar N System and method for monitoring and optimizing network performance with user datagram protocol network performance information packets
US8194555B2 (en) 2006-08-22 2012-06-05 Embarq Holdings Company, Llc System and method for using distributed network performance information tables to manage network communications
US8488495B2 (en) 2006-08-22 2013-07-16 Centurylink Intellectual Property Llc System and method for routing communications between packet networks based on real time pricing
US20080049753A1 (en) * 2006-08-22 2008-02-28 Heinze John M System and method for load balancing network resources using a connection admission control engine
US9992348B2 (en) 2006-08-22 2018-06-05 Century Link Intellectual Property LLC System and method for establishing a call on a packet network
US20080049745A1 (en) * 2006-08-22 2008-02-28 Edwards Stephen K System and method for enabling reciprocal billing for different types of communications over a packet network
US8509082B2 (en) 2006-08-22 2013-08-13 Centurylink Intellectual Property Llc System and method for load balancing network resources using a connection admission control engine
US9929923B2 (en) 2006-08-22 2018-03-27 Centurylink Intellectual Property Llc System and method for provisioning resources of a packet network based on collected network performance information
US8520603B2 (en) 2006-08-22 2013-08-27 Centurylink Intellectual Property Llc System and method for monitoring and optimizing network performance to a wireless device
US20080049748A1 (en) * 2006-08-22 2008-02-28 Bugenhagen Michael K System and method for routing communications between packet networks based on intercarrier agreements
US8531954B2 (en) 2006-08-22 2013-09-10 Centurylink Intellectual Property Llc System and method for handling reservation requests with a connection admission control engine
US8537695B2 (en) 2006-08-22 2013-09-17 Centurylink Intellectual Property Llc System and method for establishing a call being received by a trunk on a packet network
US8549405B2 (en) 2006-08-22 2013-10-01 Centurylink Intellectual Property Llc System and method for displaying a graphical representation of a network to identify nodes and node segments on the network that are not operating normally
US8144586B2 (en) 2006-08-22 2012-03-27 Embarq Holdings Company, Llc System and method for controlling network bandwidth with a connection admission control engine
US8144587B2 (en) 2006-08-22 2012-03-27 Embarq Holdings Company, Llc System and method for load balancing network resources using a connection admission control engine
US20080049757A1 (en) * 2006-08-22 2008-02-28 Bugenhagen Michael K System and method for synchronizing counters on an asynchronous packet communications network
US8130793B2 (en) 2006-08-22 2012-03-06 Embarq Holdings Company, Llc System and method for enabling reciprocal billing for different types of communications over a packet network
US8576722B2 (en) * 2006-08-22 2013-11-05 Centurylink Intellectual Property Llc System and method for modifying connectivity fault management packets
US8125897B2 (en) 2006-08-22 2012-02-28 Embarq Holdings Company Lp System and method for monitoring and optimizing network performance with user datagram protocol network performance information packets
US20080052393A1 (en) * 2006-08-22 2008-02-28 Mcnaughton James L System and method for remotely controlling network operators
US9832090B2 (en) 2006-08-22 2017-11-28 Centurylink Intellectual Property Llc System, method for compiling network performancing information for communications with customer premise equipment
US20080049615A1 (en) * 2006-08-22 2008-02-28 Bugenhagen Michael K System and method for dynamically shaping network traffic
US8107366B2 (en) 2006-08-22 2012-01-31 Embarq Holdings Company, LP System and method for using centralized network performance tables to manage network communications
US8102770B2 (en) 2006-08-22 2012-01-24 Embarq Holdings Company, LP System and method for monitoring and optimizing network performance with vector performance tables and engines
US8619600B2 (en) 2006-08-22 2013-12-31 Centurylink Intellectual Property Llc System and method for establishing calls over a call path having best path metrics
US8098579B2 (en) 2006-08-22 2012-01-17 Embarq Holdings Company, LP System and method for adjusting the window size of a TCP packet through remote network elements
US8619820B2 (en) 2006-08-22 2013-12-31 Centurylink Intellectual Property Llc System and method for enabling communications over a number of packet networks
US9813320B2 (en) 2006-08-22 2017-11-07 Centurylink Intellectual Property Llc System and method for generating a graphical user interface representative of network performance
US8064391B2 (en) 2006-08-22 2011-11-22 Embarq Holdings Company, Llc System and method for monitoring and optimizing network performance to a wireless device
US8040811B2 (en) 2006-08-22 2011-10-18 Embarq Holdings Company, Llc System and method for collecting and managing network performance information
US9806972B2 (en) 2006-08-22 2017-10-31 Centurylink Intellectual Property Llc System and method for monitoring and altering performance of a packet network
US9712445B2 (en) 2006-08-22 2017-07-18 Centurylink Intellectual Property Llc System and method for routing data on a packet network
US8670313B2 (en) 2006-08-22 2014-03-11 Centurylink Intellectual Property Llc System and method for adjusting the window size of a TCP packet through network elements
US8687614B2 (en) 2006-08-22 2014-04-01 Centurylink Intellectual Property Llc System and method for adjusting radio frequency parameters
US20080052401A1 (en) * 2006-08-22 2008-02-28 Bugenhagen Michael K Pin-hole firewall for communicating data packets on a packet network
US8015294B2 (en) 2006-08-22 2011-09-06 Embarq Holdings Company, LP Pin-hole firewall for communicating data packets on a packet network
US20080049630A1 (en) * 2006-08-22 2008-02-28 Kozisek Steven E System and method for monitoring and optimizing network performance to a wireless device
US8743703B2 (en) 2006-08-22 2014-06-03 Centurylink Intellectual Property Llc System and method for tracking application resource usage
US8743700B2 (en) 2006-08-22 2014-06-03 Centurylink Intellectual Property Llc System and method for provisioning resources of a packet network based on collected network performance information
US9660917B2 (en) 2006-08-22 2017-05-23 Centurylink Intellectual Property Llc System and method for remotely controlling network operators
US8750158B2 (en) 2006-08-22 2014-06-10 Centurylink Intellectual Property Llc System and method for differentiated billing
US9661514B2 (en) 2006-08-22 2017-05-23 Centurylink Intellectual Property Llc System and method for adjusting communication parameters
US20080049650A1 (en) * 2006-08-22 2008-02-28 Coppage Carl M System and method for managing radio frequency windows
US10298476B2 (en) 2006-08-22 2019-05-21 Centurylink Intellectual Property Llc System and method for tracking application resource usage
US7940735B2 (en) 2006-08-22 2011-05-10 Embarq Holdings Company, Llc System and method for selecting an access point
US9602265B2 (en) 2006-08-22 2017-03-21 Centurylink Intellectual Property Llc System and method for handling communications requests
US8811160B2 (en) 2006-08-22 2014-08-19 Centurylink Intellectual Property Llc System and method for routing data on a packet network
US20080049649A1 (en) * 2006-08-22 2008-02-28 Kozisek Steven E System and method for selecting an access point
US7889660B2 (en) 2006-08-22 2011-02-15 Embarq Holdings Company, Llc System and method for synchronizing counters on an asynchronous packet communications network
US20080049631A1 (en) * 2006-08-22 2008-02-28 Morrill Robert J System and method for monitoring interlayer devices and optimizing network performance
US9479341B2 (en) 2006-08-22 2016-10-25 Centurylink Intellectual Property Llc System and method for initiating diagnostics on a packet network node
US20080049626A1 (en) * 2006-08-22 2008-02-28 Bugenhagen Michael K System and method for communicating network performance information over a packet network
US7843831B2 (en) 2006-08-22 2010-11-30 Embarq Holdings Company Llc System and method for routing data on a packet network
US8223655B2 (en) 2006-08-22 2012-07-17 Embarq Holdings Company, Llc System and method for provisioning resources of a packet network based on collected network performance information
US20080049787A1 (en) * 2006-08-22 2008-02-28 Mcnaughton James L System and method for controlling network bandwidth with a connection admission control engine
US9253661B2 (en) 2006-08-22 2016-02-02 Centurylink Intellectual Property Llc System and method for modifying connectivity fault management packets
US9240906B2 (en) 2006-08-22 2016-01-19 Centurylink Intellectual Property Llc System and method for monitoring and altering performance of a packet network
US9241277B2 (en) 2006-08-22 2016-01-19 Centurylink Intellectual Property Llc System and method for monitoring and optimizing network performance to a wireless device
US9241271B2 (en) 2006-08-22 2016-01-19 Centurylink Intellectual Property Llc System and method for restricting access to network performance information
US9225646B2 (en) 2006-08-22 2015-12-29 Centurylink Intellectual Property Llc System and method for improving network performance using a connection admission control engine
US9225609B2 (en) 2006-08-22 2015-12-29 Centurylink Intellectual Property Llc System and method for remotely controlling network operators
US20080049625A1 (en) * 2006-08-22 2008-02-28 Edwards Stephen K System and method for collecting and managing network performance information
US9112734B2 (en) 2006-08-22 2015-08-18 Centurylink Intellectual Property Llc System and method for generating a graphical user interface representative of network performance
US7808918B2 (en) 2006-08-22 2010-10-05 Embarq Holdings Company, Llc System and method for dynamically shaping network traffic
US9094261B2 (en) 2006-08-22 2015-07-28 Centurylink Intellectual Property Llc System and method for establishing a call being received by a trunk on a packet network
US9014204B2 (en) 2006-08-22 2015-04-21 Centurylink Intellectual Property Llc System and method for managing network communications
US9054986B2 (en) 2006-08-22 2015-06-09 Centurylink Intellectual Property Llc System and method for enabling communications over a number of packet networks
US9042370B2 (en) 2006-08-22 2015-05-26 Centurylink Intellectual Property Llc System and method for establishing calls over a call path having best path metrics
US8533642B1 (en) * 2006-09-11 2013-09-10 The Mathworks, Inc. Hardware definition language generation for frame-based processing
US20090013301A1 (en) * 2006-09-11 2009-01-08 The Mathworks, Inc. Hardware definition language generation for frame-based processing
US8863069B1 (en) 2006-09-11 2014-10-14 The Mathworks, Inc. Hardware definition language generation for data serialization from executable graphical models
US8745557B1 (en) 2006-09-11 2014-06-03 The Mathworks, Inc. Hardware definition language generation for data serialization from executable graphical models
US8347245B2 (en) 2006-09-11 2013-01-01 The Mathworks, Inc. Hardware definition language generation for frame-based processing
US8194643B2 (en) 2006-10-19 2012-06-05 Embarq Holdings Company, Llc System and method for monitoring the connection of an end-user to a remote network
US20080095173A1 (en) * 2006-10-19 2008-04-24 Embarq Holdings Company, Llc System and method for monitoring the connection of an end-user to a remote network
US20080095049A1 (en) * 2006-10-19 2008-04-24 Embarq Holdings Company, Llc System and method for establishing a communications session with an end-user based on the state of a network connection
US8289965B2 (en) 2006-10-19 2012-10-16 Embarq Holdings Company, Llc System and method for establishing a communications session with an end-user based on the state of a network connection
US9521150B2 (en) 2006-10-25 2016-12-13 Centurylink Intellectual Property Llc System and method for automatically regulating messages between networks
US8189468B2 (en) 2006-10-25 2012-05-29 Embarq Holdings, Company, LLC System and method for regulating messages between networks
US9396222B2 (en) 2006-11-13 2016-07-19 Ip Reservoir, Llc Method and system for high performance integration, processing and searching of structured and unstructured data using coprocessors
US11449538B2 (en) 2006-11-13 2022-09-20 Ip Reservoir, Llc Method and system for high performance integration, processing and searching of structured and unstructured data
US7660793B2 (en) 2006-11-13 2010-02-09 Exegy Incorporated Method and system for high performance integration, processing and searching of structured and unstructured data using coprocessors
US20080114725A1 (en) * 2006-11-13 2008-05-15 Exegy Incorporated Method and System for High Performance Data Metatagging and Data Indexing Using Coprocessors
US10191974B2 (en) 2006-11-13 2019-01-29 Ip Reservoir, Llc Method and system for high performance integration, processing and searching of structured and unstructured data
US8880501B2 (en) 2006-11-13 2014-11-04 Ip Reservoir, Llc Method and system for high performance integration, processing and searching of structured and unstructured data using coprocessors
US8156101B2 (en) 2006-11-13 2012-04-10 Exegy Incorporated Method and system for high performance integration, processing and searching of structured and unstructured data using coprocessors
US9323794B2 (en) 2006-11-13 2016-04-26 Ip Reservoir, Llc Method and system for high performance pattern indexing
US20100094858A1 (en) * 2006-11-13 2010-04-15 Exegy Incorporated Method and System for High Performance Integration, Processing and Searching of Structured and Unstructured Data Using Coprocessors
US8326819B2 (en) 2006-11-13 2012-12-04 Exegy Incorporated Method and system for high performance data metatagging and data indexing using coprocessors
US7797598B1 (en) * 2006-11-14 2010-09-14 Xilinx, Inc. Dynamic timer for testbench interface synchronization
US8493847B1 (en) 2006-11-27 2013-07-23 Marvell International Ltd. Hierarchical port-based rate limiting
US20160006572A1 (en) * 2006-12-04 2016-01-07 Oracle International Corporation Communication method and apparatus using changing destination and return destination id's
US10142119B2 (en) * 2006-12-04 2018-11-27 Sun Microsystems, Inc. Communication method and apparatus using changing destination and return destination ID's
US20080184276A1 (en) * 2006-12-04 2008-07-31 Sun Microsystems Communication method and apparatus using changing destination and return destination ID's
US9137212B2 (en) * 2006-12-04 2015-09-15 Oracle America, Inc. Communication method and apparatus using changing destination and return destination ID's
US20080168177A1 (en) * 2007-01-04 2008-07-10 Yahoo! Inc. Estimation of web client response time
US7779133B2 (en) * 2007-01-04 2010-08-17 Yahoo! Inc. Estimation of web client response time
US9363078B2 (en) 2007-03-22 2016-06-07 Ip Reservoir, Llc Method and apparatus for hardware-accelerated encryption/decryption
US7961706B2 (en) 2007-03-23 2011-06-14 Huawei Technologies Co., Ltd. Control method, system and function entity for reporting bearer event of signaling IP flow
US8355325B2 (en) 2007-03-23 2013-01-15 Huawei Technologies Co., Ltd. Control method, system and function entity for reporting bearer event of signaling IP flow
US8923121B2 (en) 2007-03-23 2014-12-30 Huawei Technologies Co., Ltd. Control method, system and function entity for reporting bearer event of signaling IP flow
US20080232376A1 (en) * 2007-03-23 2008-09-25 Huawei Technologies Co., Ltd. Control method, system and function entity for reporting bearer event of signaling ip flow
US20100074110A1 (en) * 2007-03-23 2010-03-25 Huawei Technologies Co., Ltd. Control Method, System and Function Entity for Reporting Bearer Event of Signaling IP Flow
US8111692B2 (en) 2007-05-31 2012-02-07 Embarq Holdings Company Llc System and method for modifying network traffic
US20100208611A1 (en) * 2007-05-31 2010-08-19 Embarq Holdings Company, Llc System and method for modifying network traffic
US8879727B2 (en) 2007-08-31 2014-11-04 Ip Reservoir, Llc Method and apparatus for hardware-accelerated encryption/decryption
US8819217B2 (en) 2007-11-01 2014-08-26 Cavium, Inc. Intelligent graph walking
US20090119399A1 (en) * 2007-11-01 2009-05-07 Cavium Networks, Inc. Intelligent graph walking
US8180803B2 (en) 2007-11-27 2012-05-15 Cavium, Inc. Deterministic finite automata (DFA) graph compression
US7949683B2 (en) 2007-11-27 2011-05-24 Cavium Networks, Inc. Method and apparatus for traversing a compressed deterministic finite automata (DFA) graph
US20090138440A1 (en) * 2007-11-27 2009-05-28 Rajan Goyal Method and apparatus for traversing a deterministic finite automata (DFA) graph compression
US20090138494A1 (en) * 2007-11-27 2009-05-28 Cavium Networks, Inc. Deterministic finite automata (DFA) graph compression
US20090161568A1 (en) * 2007-12-21 2009-06-25 Charles Kastner TCP data reassembly
US10229453B2 (en) 2008-01-11 2019-03-12 Ip Reservoir, Llc Method and system for low latency basket calculation
US8954550B2 (en) * 2008-02-13 2015-02-10 Microsoft Corporation Service dependency discovery in enterprise networks
US20090204696A1 (en) * 2008-02-13 2009-08-13 Ming Zhang Service dependency discovery in enterprise networks
US8068425B2 (en) 2008-04-09 2011-11-29 Embarq Holdings Company, Llc System and method for using network performance information to determine improved measures of path states
US20090257350A1 (en) * 2008-04-09 2009-10-15 Embarq Holdings Company, Llc System and method for using network performance information to determine improved measures of path states
US8879391B2 (en) 2008-04-09 2014-11-04 Centurylink Intellectual Property Llc System and method for using network derivations to determine path states
US9547824B2 (en) 2008-05-15 2017-01-17 Ip Reservoir, Llc Method and apparatus for accelerated data quality checking
US10158377B2 (en) 2008-05-15 2018-12-18 Ip Reservoir, Llc Method and system for accelerated stream processing
US8374986B2 (en) 2008-05-15 2013-02-12 Exegy Incorporated Method and system for accelerated stream processing
US10411734B2 (en) 2008-05-15 2019-09-10 Ip Reservoir, Llc Method and system for accelerated stream processing
US10965317B2 (en) 2008-05-15 2021-03-30 Ip Reservoir, Llc Method and system for accelerated stream processing
US11677417B2 (en) 2008-05-15 2023-06-13 Ip Reservoir, Llc Method and system for accelerated stream processing
US8824294B2 (en) 2008-08-29 2014-09-02 Brocade Communication Systems, Inc. Source-based congestion detection and control
US20110235518A1 (en) * 2008-08-29 2011-09-29 Brocade Communications Systems, Inc. Source-based congestion detection and control
US8886680B2 (en) 2008-10-31 2014-11-11 Cavium, Inc. Deterministic finite automata graph traversal with nodal bit mapping
US8473523B2 (en) 2008-10-31 2013-06-25 Cavium, Inc. Deterministic finite automata graph traversal with nodal bit mapping
US20100114973A1 (en) * 2008-10-31 2010-05-06 Cavium Networks, Inc. Deterministic Finite Automata Graph Traversal with Nodal Bit Mapping
US9495479B2 (en) 2008-10-31 2016-11-15 Cavium, Inc. Traversal with arc configuration information
US8768805B2 (en) 2008-12-15 2014-07-01 Ip Reservoir, Llc Method and apparatus for high-speed processing of financial market depth data
US8762249B2 (en) 2008-12-15 2014-06-24 Ip Reservoir, Llc Method and apparatus for high-speed processing of financial market depth data
US10062115B2 (en) 2008-12-15 2018-08-28 Ip Reservoir, Llc Method and apparatus for high-speed processing of financial market depth data
US10929930B2 (en) 2008-12-15 2021-02-23 Ip Reservoir, Llc Method and apparatus for high-speed processing of financial market depth data
US11676206B2 (en) 2008-12-15 2023-06-13 Exegy Incorporated Method and apparatus for high-speed processing of financial market depth data
US8214753B2 (en) * 2009-02-20 2012-07-03 International Business Machines Corporation Logic for designing portlet views
US20100218124A1 (en) * 2009-02-20 2010-08-26 International Business Machines Corporation Logic for designing portlet views
US8832573B2 (en) 2009-02-20 2014-09-09 International Business Machines Corporation Creating portals having consistent appearances
US10817569B2 (en) * 2009-06-26 2020-10-27 Micron Technology, Inc. Methods and devices for saving and/or restoring a state of a pattern-recognition processor
US20180075165A1 (en) * 2009-06-26 2018-03-15 Micron Technology Inc. Methods and Devices for Saving and/or Restoring a State of a Pattern-Recognition Processor
US20110134930A1 (en) * 2009-12-09 2011-06-09 Mclaren Moray Packet-based networking system
US9298862B1 (en) 2009-12-09 2016-03-29 The Mathworks, Inc. Resource sharing workflows within executable graphical models
US10248390B1 (en) 2009-12-09 2019-04-02 The Mathworks, Inc. Resource sharing workflows within executable graphical models
US8694947B1 (en) 2009-12-09 2014-04-08 The Mathworks, Inc. Resource sharing workflows within executable graphical models
US8224371B1 (en) * 2009-12-21 2012-07-17 Sprint Spectrum L.P. Multimode power control
US10033787B2 (en) * 2010-04-02 2018-07-24 Netflix, Inc. Dynamic virtual chunking of streaming media content
US20110246616A1 (en) * 2010-04-02 2011-10-06 Ronca David R Dynamic Virtual Chunking of Streaming Media Content
US8954596B2 (en) * 2010-04-02 2015-02-10 Netflix, Inc. Dynamic virtual chunking of streaming media content
US20150156240A1 (en) * 2010-04-02 2015-06-04 Netflix, Inc Dynamic virtual chunking of streaming media content
US9055113B2 (en) * 2010-08-20 2015-06-09 Arbor Networks, Inc. Method and system for monitoring flows in network traffic
US20120047248A1 (en) * 2010-08-20 2012-02-23 Arbor Networks, Inc. Method and System for Monitoring Flows in Network Traffic
US9436441B1 (en) 2010-12-08 2016-09-06 The Mathworks, Inc. Systems and methods for hardware resource sharing
US11397985B2 (en) 2010-12-09 2022-07-26 Exegy Incorporated Method and apparatus for managing orders in financial markets
US10037568B2 (en) 2010-12-09 2018-07-31 Ip Reservoir, Llc Method and apparatus for managing orders in financial markets
US11803912B2 (en) 2010-12-09 2023-10-31 Exegy Incorporated Method and apparatus for managing orders in financial markets
US20120218999A1 (en) * 2011-02-01 2012-08-30 Roke Manor Research Limited Method and Apparatus for Identifier Correlation
US9355000B1 (en) 2011-08-23 2016-05-31 The Mathworks, Inc. Model level power consumption optimization in hardware description generation
US9907089B2 (en) 2011-09-16 2018-02-27 Huawei Technologies Co., Ltd. Method and apparatus for retrieving a transmission opportunity control in reverse direction grant
US9185692B2 (en) 2011-09-16 2015-11-10 Huawei Technologies Co., Ltd. Method and apparatus for retrieving transmit opportunity control in reverse direction grant
US20140351948A1 (en) * 2011-11-07 2014-11-27 Kabushiki Kaisya Advance Security box
US9886576B2 (en) * 2011-11-07 2018-02-06 Admedec Co., Ltd. Security box
US9047243B2 (en) 2011-12-14 2015-06-02 Ip Reservoir, Llc Method and apparatus for low latency data distribution
US9990393B2 (en) 2012-03-27 2018-06-05 Ip Reservoir, Llc Intelligent feed switch
US10872078B2 (en) 2012-03-27 2020-12-22 Ip Reservoir, Llc Intelligent feed switch
US10121196B2 (en) 2012-03-27 2018-11-06 Ip Reservoir, Llc Offload processing of data packets containing financial market data
US11436672B2 (en) 2012-03-27 2022-09-06 Exegy Incorporated Intelligent switch for processing financial market data
US10963962B2 (en) 2012-03-27 2021-03-30 Ip Reservoir, Llc Offload processing of data packets containing financial market data
US10650452B2 (en) 2012-03-27 2020-05-12 Ip Reservoir, Llc Offload processing of data packets
US9351331B2 (en) * 2012-04-18 2016-05-24 Qualcomm Incorporated Invasive socket manager
US20130282911A1 (en) * 2012-04-18 2013-10-24 Qualcomm Incorporated Invasive socket manager
CN104335547A (en) * 2012-04-18 2015-02-04 高通股份有限公司 Method, apparatuses and computer program product for initiating closing of a transport layer connection at a client
US9338095B2 (en) 2012-05-01 2016-05-10 F5 Networks, Inc. Data flow segment optimized for hot flows
US9762492B2 (en) 2012-05-01 2017-09-12 F5 Networks, Inc. Data flow segment optimized for hot flows
US9525632B1 (en) 2012-05-01 2016-12-20 F5 Networks, Inc. Minimize recycle SYN issues for split TCP hot flows to improve system reliability and performance
US9154461B2 (en) * 2012-05-16 2015-10-06 The Keyw Corporation Packet capture deep packet inspection sensor
US20130308448A1 (en) * 2012-05-16 2013-11-21 The Keyw Corporation Packet capture deep packet inspection sensor
US9596184B1 (en) 2012-07-23 2017-03-14 F5 Networks, Inc. Hot service flow hardware offloads based on service priority and resource usage
US9203771B1 (en) 2012-07-23 2015-12-01 F5 Networks, Inc. Hot service flow hardware offloads based on service priority and resource usage
US10949442B2 (en) 2012-10-23 2021-03-16 Ip Reservoir, Llc Method and apparatus for accelerated format translation of data in a delimited data format
US10146845B2 (en) 2012-10-23 2018-12-04 Ip Reservoir, Llc Method and apparatus for accelerated format translation of data in a delimited data format
US10133802B2 (en) 2012-10-23 2018-11-20 Ip Reservoir, Llc Method and apparatus for accelerated record layout detection
US10102260B2 (en) 2012-10-23 2018-10-16 Ip Reservoir, Llc Method and apparatus for accelerated data translation using record layout detection
US9633093B2 (en) 2012-10-23 2017-04-25 Ip Reservoir, Llc Method and apparatus for accelerated format translation of data in a delimited data format
US10621192B2 (en) 2012-10-23 2020-04-14 IP Resevoir, LLC Method and apparatus for accelerated format translation of data in a delimited data format
US11789965B2 (en) 2012-10-23 2023-10-17 Ip Reservoir, Llc Method and apparatus for accelerated format translation of data in a delimited data format
US9633097B2 (en) 2012-10-23 2017-04-25 Ip Reservoir, Llc Method and apparatus for record pivoting to accelerate processing of data fields
US9658835B1 (en) 2012-12-05 2017-05-23 The Mathworks, Inc. Systems and methods for hardware resource sharing
US9710237B1 (en) 2012-12-05 2017-07-18 The Mathworks, Inc. Systems and methods for hardware resource sharing
US9983876B2 (en) * 2013-02-22 2018-05-29 International Business Machines Corporation Non-deterministic finite state machine module for use in a regular expression matching system
US20140244554A1 (en) * 2013-02-22 2014-08-28 International Business Machines Corporation Non-deterministic finite state machine module for use in a regular expression matching system
US9621642B2 (en) 2013-06-17 2017-04-11 Telefonaktiebolaget Lm Ericsson (Publ) Methods of forwarding data packets using transient tables and related load balancers
US20160043915A1 (en) * 2013-07-16 2016-02-11 Bank Of America Corporation Detecting Trends in Electronic Communications for Steganography Analysis
US10419490B2 (en) 2013-07-16 2019-09-17 Fortinet, Inc. Scalable inline behavioral DDoS attack mitigation
US10162976B2 (en) * 2013-07-16 2018-12-25 Bank Of America Corporation Detecting trends in electronic communications for steganography analysis
US9817931B1 (en) 2013-12-05 2017-11-14 The Mathworks, Inc. Systems and methods for generating optimized hardware descriptions for models
US10261760B1 (en) 2013-12-05 2019-04-16 The Mathworks, Inc. Systems and methods for tracing performance information from hardware realizations to models
US10078717B1 (en) 2013-12-05 2018-09-18 The Mathworks, Inc. Systems and methods for estimating performance characteristics of hardware implementations of executable models
US10902013B2 (en) 2014-04-23 2021-01-26 Ip Reservoir, Llc Method and apparatus for accelerated record layout detection
US9485183B2 (en) * 2014-04-25 2016-11-01 Telefonaktiebolaget Lm Ericsson (Publ) System and method for efectuating packet distribution among servers in a network
US20150312155A1 (en) * 2014-04-25 2015-10-29 Telefonaktiebolaget L M Ericsson (Publ) System and method for efectuating packet distribution among servers in a network
US10904316B2 (en) 2014-09-15 2021-01-26 Alibaba Group Holding Limited Data processing method and apparatus in service-oriented architecture system, and the service-oriented architecture system
US9456030B2 (en) 2014-09-15 2016-09-27 Telefonaktiebolaget Lm Ericsson (Publ) Methods of operating load balancing switches and controllers using modified flow entries
WO2016044176A1 (en) * 2014-09-15 2016-03-24 Alibaba Group Holding Limited Data processing method and apparatus in service-oriented architecture system, and the service-oriented architecture system
US10362087B2 (en) 2014-09-15 2019-07-23 Alibaba Group Holding Limited Data processing method and apparatus in service-oriented architecture system, and the service-oriented architecture system
US10942943B2 (en) 2015-10-29 2021-03-09 Ip Reservoir, Llc Dynamic field data translation to support high performance stream data processing
US11526531B2 (en) 2015-10-29 2022-12-13 Ip Reservoir, Llc Dynamic field data translation to support high performance stream data processing
US11277383B2 (en) * 2015-11-17 2022-03-15 Zscaler, Inc. Cloud-based intrusion prevention system
US10423733B1 (en) 2015-12-03 2019-09-24 The Mathworks, Inc. Systems and methods for sharing resources having different data types
US11316889B2 (en) 2015-12-21 2022-04-26 Fortinet, Inc. Two-stage hash based logic for application layer distributed denial of service (DDoS) attack attribution
US11575613B2 (en) 2016-05-24 2023-02-07 Kyndryl, Inc. Managing data traffic according to data stream analysis
US10320689B2 (en) * 2016-05-24 2019-06-11 International Business Machines Corporation Managing data traffic according to data stream analysis
US20170346751A1 (en) * 2016-05-24 2017-11-30 International Business Machines Corporation Managing data traffic according to data stream analysis
US11416778B2 (en) 2016-12-22 2022-08-16 Ip Reservoir, Llc Method and apparatus for hardware-accelerated machine learning
US10846624B2 (en) 2016-12-22 2020-11-24 Ip Reservoir, Llc Method and apparatus for hardware-accelerated machine learning
US10673816B1 (en) * 2017-04-07 2020-06-02 Perspecta Labs Inc. Low delay network intrusion prevention
US11115328B2 (en) * 2017-05-04 2021-09-07 Telefonaktiebolaget Lm Ericsson (Publ) Efficient troubleshooting in openflow switches
US10972776B2 (en) 2017-07-03 2021-04-06 At&T Intellectual Property I, L.P. Synchronizing and dynamic chaining of a transport layer network service for live content broadcasting
US11659216B2 (en) 2017-07-03 2023-05-23 At&T Intellectual Property I, L.P. Synchronizing and dynamic chaining of a transport layer network service for live content broadcasting
US10271077B2 (en) 2017-07-03 2019-04-23 At&T Intellectual Property I, L.P. Synchronizing and dynamic chaining of a transport layer network service for live content broadcasting
US11108840B2 (en) 2017-07-03 2021-08-31 At&T Intellectual Property I, L.P. Transport layer network service for live content broadcasting
US11522797B2 (en) 2017-08-30 2022-12-06 Telefonaktiebolaget Lm Ericsson (Publ) Method and system for tracing packets in software defined networks
US11438254B2 (en) 2018-06-13 2022-09-06 Telefonaktiebolaget Lm Ericsson (Publ) Apparatus and method to trace packets in a packet processing pipeline of a software defined networking switch
US11444877B2 (en) * 2019-03-18 2022-09-13 At&T Intellectual Property I, L.P. Packet flow identification with reduced decode operations
US11451494B2 (en) * 2019-09-10 2022-09-20 Ciena Corporation Packet order recovery in a programmable edge switch in a data center network

Also Published As

Publication number Publication date
AU2003265411A8 (en) 2004-03-03
WO2004017604A2 (en) 2004-02-26
WO2004017604A9 (en) 2004-06-03
US20030177253A1 (en) 2003-09-18
AU2003265411A1 (en) 2004-03-03
US7711844B2 (en) 2010-05-04
WO2004017604A3 (en) 2004-07-08

Similar Documents

Publication Publication Date Title
US20040049596A1 (en) Reliable packet monitoring methods and apparatus for high speed networks
US8977744B2 (en) Real-time network monitoring and security
US7058974B1 (en) Method and apparatus for preventing denial of service attacks
US7471683B2 (en) Device for enabling trap and trace of internet protocol communications
US7373500B2 (en) Secure network processing
US20050216770A1 (en) Intrusion detection system
US7117533B1 (en) System and method for providing dynamic screening of transient messages in a distributed computing environment
US20070230445A1 (en) Integrated Circuit Apparatus And Method For High Throughput Signature Based Network Applications
US20040210663A1 (en) Object-aware transport-layer network processing engine
Schuehler et al. Architecture for a hardware based, TCP/IP content scanning system [intrusion detection system applications]
US20040218615A1 (en) Propagation of viruses through an information technology network
US7002974B1 (en) Learning state machine for use in internet protocol networks
Schuehler et al. Architecture for a hardware-based, TCP/IP content-processing system
US20030185219A1 (en) Method and apparatus for sharing connection state information between multiple processing elements
Schuehler Techniques for processing TCP/IP flow content in network switches at gigabit line rates
Lockwood Network Packet Processing in Reconfigurable Hardware
Moscola FPgrep and FPsed: Packet payload processors for managing the flow of digital content on local area networks and the Internet
Attig SEVER INSTITUTE OF TECHNOLOGY DEPARTMENT OF COMPUTER SCIENCE AND ENGINEERING
Fryckman Internet defenses against distributed denial of service attacks

Legal Events

Date Code Title Description
AS Assignment

Owner name: WASHINGTON UNIVERSITY IN ST. LOUIS, MISSOURI

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:LOCKWOOD, JOHN W.;SCHUEHLER, DAVID V.;REEL/FRAME:020523/0709

Effective date: 20020814

AS Assignment

Owner name: WASHINGTON UNIVERSITY IN ST. LOUIS, MISSOURI

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:SCHUEHLER, DAVID V.;REEL/FRAME:020929/0866

Effective date: 20080302

AS Assignment

Owner name: WASHINGTON UNIVERSITY IN ST. LOUIS, MISSOURI

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:LOCKWOOD, JOHN W.;REEL/FRAME:022019/0542

Effective date: 20081213

STCB Information on status: application discontinuation

Free format text: ABANDONED -- FAILURE TO RESPOND TO AN OFFICE ACTION