`
`____________________
`
`BEFORE THE PATENT TRIAL AND APPEAL BOARD
`
`___________________
`
`SANDVINE CORPORATION and SANDVINE INCORPORATED ULC,
`
`PETITIONERS,
`
`
`
`V.
`
`PACKET INTELLIGENCE, LLC,
`
`PATENT OWNER.
`
`___________________
`
`Case No. IPR2017-00450
`U.S. Patent No. 6,771,646
`___________________
`
`
`
`DECLARATION OF KEVIN C. ALMEROTH, PH.D.
`
`PACKET INTELLIGENCE LLC 2001 - 00001
`
`
`
`
`
`
`
`TABLE OF CONTENTS
`
`INTRODUCTION .......................................................................................... 1
`I.
`BACKGROUND AND QUALIFICATIONS ................................................ 1
`II.
`COMPENSATION ......................................................................................... 9
`III.
`IV. MATERIALS REVIEWED ........................................................................... 9
`V.
`CLAIM CONSTRUCTION ......................................................................... 10
`A. Person of Ordinary Skill in the Art .............................................................. 10
`B. “Conversational Flow” ................................................................................. 11
`VI. OVERVIEW OF BASIC NETWORK PRINCIPLES ................................. 14
`A. The OSI Model ............................................................................................. 22
`B. Data Encapsulation ....................................................................................... 24
`C. Prior Art Network Monitors ......................................................................... 27
`VII. OVERVIEW OF ENGEL ............................................................................ 29
`A. Dialog in Engel ............................................................................................. 29
`B. Engel’s “State” Disclosure ........................................................................... 35
`VIII. OPINIONS REGARDING APPLICATION LEVEL DIALOGS AND
`APPLICATION-SPECIFIC SERVER STATISTICS ............................................. 37
`IX.
`CONCLUSION ............................................................................................ 40
`
`
`
`
`
`
`
`
`
`
`
`i
`
`PACKET INTELLIGENCE LLC 2001 - 00002
`
`
`
`
`
`I.
`
`I, Kevin C. Almeroth, declare as follows:
`
`INTRODUCTION
`1. My name is Kevin C. Almeroth. I have been retained by Skiermont
`
`Derby LLP, on behalf of Packet Intelligence LLC, and am submitting this
`
`declaration to offer my independent expert opinion concerning certain issues raised
`
`in the present Petition for Inter Partes Review (“Petition”), as well as similar
`
`Petitions submitted by Petitioners on related patents. Specifically, Petitioners filed
`
`seven (7) IPR Petitions: (1) IPR2017-00450 concerning U.S. Patent No. 6,771,646,
`
`(2) IPR2017-00451 concerning U.S. Patent No. 6,839,751, (3) IPR2017-00629
`
`concerning U.S. Patent No. 6,954,789, (4) IPR2017-00630 concerning U.S. Patent
`
`No. 6,954,789, (5) IPR2017-00769 concerning U.S. Patent No. 6,651,099, (6)
`
`IPR2017-00862 concerning U.S. Patent No. 6,665,725, and (7) IPR2017-00863
`
`concerning U.S. Patent No. 6,665,725 (collectively, the “Asserted IPRs” and
`
`“Challenged Patents”, respectively).
`
`II. BACKGROUND AND QUALIFICATIONS
`2.
`I am currently a Professor in the Department of Computer Science at
`
`the University of California, Santa Barbara (UCSB). I also hold an appointment
`
`and am a founding member of the Computer Engineering (CE) Program. I am a
`
`founding member of the Media Arts and Technology (MAT) Program, and the
`
`Technology Management Program (TMP). I also served as the Associate Director
`
`
`
`1
`
`PACKET INTELLIGENCE LLC 2001 - 00003
`
`
`
`
`
`of the Center for Information Technology and Society (CITS) from 1999 to 2012. I
`
`have been a faculty member at UCSB since July 1997.
`
`3.
`
`I hold three degrees from the Georgia Institute of Technology: (1) a
`
`Bachelor of Science degree in Information and Computer Science (with minors in
`
`Economics, Technical Communication, and American Literature) earned in June,
`
`1992; (2) a Master of Science degree in Computer Science (with specialization in
`
`Networking and Systems) earned in June, 1994; and (3) a Doctor of Philosophy
`
`(Ph.D.) degree in Computer Science (Dissertation Title: Networking and System
`
`Support for the Efficient, Scalable Delivery of Services in Interactive Multimedia
`
`System, minor in Telecommunications Public Policy) earned in June, 1997.
`
`4.
`
`In 1994, I began to research issues associated with the development
`
`and deployment of a one-to-many communication facility (called “multicast”) in
`
`the Internet (first deployed as the Multicast Backbone, a virtual overlay network
`
`supporting one-to-many communication). Some of my more recent research
`
`endeavors have looked at how to use the scalability offered by multicast to provide
`
`streaming media support for complex applications like distance learning,
`
`distributed
`
`collaboration, distributed games,
`
`and
`
`large-scale wireless
`
`communication. Multicast has also been used as the delivery mechanism in
`
`systems that perform local filtering (i.e., sending the same content to a large
`
`number of users and allowing them to filter locally content in which they are not
`
`
`
`2
`
`PACKET INTELLIGENCE LLC 2001 - 00004
`
`
`
`
`
`interested). As part of this research, I have investigated how these applications are
`
`utilized by using network monitoring tools and packet traces to determine when
`
`users are joined to multicast sessions.
`
`5.
`
`Starting in 1997, I worked on a project to integrate the streaming
`
`media capabilities of the Internet together with the interactivity of the web. I
`
`developed a project called the Interactive Multimedia Jukebox (IMJ). Users would
`
`visit a web page and select content to view. The content would then be scheduled
`
`on one of a number of channels, including delivery to students in Georgia Tech
`
`dorms delivered via the campus cable plant. The content of each channel was
`
`delivered using multicast communication.
`
`6.
`
`In the IMJ, the number of channels varied depending on the
`
`capabilities of the server including the available bandwidth of its connection to the
`
`Internet. If one of the channels was idle, the requesting user would be able to watch
`
`their selection immediately. If all channels were streaming previously selected
`
`content, the user’s selection would be queued on the channel with the shortest wait
`
`time. In the meantime, the user would see what content was currently playing on
`
`other channels, and because of the use of multicast, would be able to join one of
`
`the existing channels and watch the content at the point it was currently being
`
`transmitted.
`
`
`
`3
`
`PACKET INTELLIGENCE LLC 2001 - 00005
`
`
`
`
`
`7.
`
`The IMJ service combined the interactivity of the web with the
`
`streaming capabilities of the Internet to create a jukebox-like service. It supported
`
`true Video-on-Demand when capacity allowed, but scaled to any number of users
`
`based on queuing requested programs. As part of the project, we obtained
`
`permission from Turner Broadcasting to transmit cartoons and other short-subject
`
`content. We also attempted to connect the IMJ into the Georgia Tech campus cable
`
`television network so that students in their dorms could use the web to request
`
`content and then view that content on one of the campus’s public access channels.
`
`As part of this work, I monitored who was requesting content and who was
`
`watching content by analyzing web logs and performing packet traces.
`
`8. More recently, I have also studied issues concerning how users choose
`
`content, especially when considering the price of that content. My research has
`
`examined how dynamic content pricing can be used to control system load. By
`
`raising prices when systems start to become overloaded (i.e., when all available
`
`resources are fully utilized) and reducing prices when system capacity is readily
`
`available, users’ capacity to pay as well as their willingness can be used as factors
`
`in stabilizing the response time of a system. This capability is particularly useful in
`
`systems where content is downloaded or streamed on-demand to users.
`
`9.
`
`As a parallel research theme, starting in 1997, I began researching
`
`issues related to wireless devices and sensors. In particular, I was interested in
`
`
`
`4
`
`PACKET INTELLIGENCE LLC 2001 - 00006
`
`
`
`
`
`showing how to provide greater communication capability to “lightweight
`
`devices,” i.e., small form-factor, resource-constrained (e.g., CPU, memory,
`
`networking, and power) devices. Starting by at least 2004, I researched techniques
`
`to wirelessly disseminate information, for example, advertisements between users
`
`using ad hoc networks. In the system, called Coupons, an incentive scheme is used
`
`to encourage users to relay information, including advertisements, to other nearby
`
`users.
`
`10. Starting in 1998, I published several papers on my work to develop a
`
`flexible, lightweight, battery-aware network protocol stack. The lightweight
`
`protocols we envisioned were similar in nature to protocols like Universal Plug and
`
`Play (UPnP) and Digital Living Network Alliance (DLNA).
`
`11. From this initial work, I have made wireless networking—including
`
`ad hoc, mesh networks and wireless devices—one of the major themes of my
`
`research. One topic includes developing applications for mobile devices, for
`
`example, virally exchanging and tracking “coupons” through “opportunistic
`
`contact” (i.e., communication with other devices coming into communication
`
`range with a user). Other topics include building network communication among a
`
`set of mobile devices unaided by any other kind of network infrastructure. Yet
`
`another theme is monitoring wireless networks, in particular different variants of
`
`IEEE 802.11 compliant networks, to (1) understand the operation of the various
`
`
`
`5
`
`PACKET INTELLIGENCE LLC 2001 - 00007
`
`
`
`
`
`protocols used in real-world deployments, (2) use these measurements to
`
`characterize use of the networks and identify protocol limitations and weaknesses,
`
`and (3) propose and evaluate solutions to these problems.
`
`12. Protecting networks, including their operation and content, has been
`
`an underlying theme of my research almost since the beginning. Starting in 2000, I
`
`have also been involved in several projects that specifically address security,
`
`network protection, and firewalls. After significant background work, a team on
`
`which I was a member successfully submitted a $4.3M grant proposal to the Army
`
`Research Office (ARO) at the Department of Defense to propose and develop a
`
`high-speed intrusion detection system. Once the grant was awarded, we spent
`
`several years developing and meeting the milestones of the project. I have also
`
`used firewalls in developing techniques for the classroom to ensure that students
`
`are not distracted by online content.
`
`13. As an important component of my research program, I have been
`
`involved in the development of academic research into available technology in the
`
`market place. One aspect of this work is my involvement in the Internet
`
`Engineering Task Force (IETF) including many content delivery-related working
`
`groups like the Audio Video Transport (AVT) group, the MBone Deployment
`
`(MBONED) group, Source Specific Multicast (SSM) group, the Inter- Domain
`
`Multicast Routing (IDMR) group, the Reliable Multicast Transport (RMT) group,
`
`
`
`6
`
`PACKET INTELLIGENCE LLC 2001 - 00008
`
`
`
`
`
`the Protocol Independent Multicast (PIM) group, etc. I have also served as a
`
`member of
`
`the Multicast Directorate (MADDOGS), which oversaw
`
`the
`
`standardization of all things related to multicast in the IETF. Finally, I was the
`
`Chair of the Internet2 Multicast Working Group for seven years.
`
`14.
`
`I am an author or co-author of approximately 200 technical papers,
`
`published software systems, IETF Internet Drafts and IETF Request for Comments
`
`(RFCs). A list of these papers is included in my CV (Ex. 2002).
`
`15. My involvement in the research community extends to leadership
`
`positions for several journals and conferences. I am the co-chair of the Steering
`
`Committee for the ACM Network and System Support for Digital Audio and
`
`Video (NOSSDAV) workshop and on
`
`the Steering Committees for
`
`the
`
`International Conference on Network Protocols (ICNP), ACM Sigcomm
`
`Workshop on Challenged Networks (CHANTS), and IEEE Global Internet (GI)
`
`Symposium. I have served or am serving on the editorial boards of IEEE/ACM
`
`Transactions on Networking, IEEE Transactions on Mobile Computing, IEEE
`
`Transactions on Networks and System Management, IEEE Network, ACM
`
`Computers in Entertainment, AACE Journal of Interactive Learning Research
`
`(JILR), and ACM Computer Communications Review.
`
`16. Furthermore, in the courses I teach, the class spends significant time
`
`covering all aspects of the Internet including each of the layers of the Open System
`
`
`
`7
`
`PACKET INTELLIGENCE LLC 2001 - 00009
`
`
`
`
`
`Interconnect (OSI) protocol stack commonly used in the Internet. These layers
`
`include the physical and data link layers and their handling of signal modulation,
`
`error control, and data transmission. I also teach DOCSIS, DSL, and other
`
`standardized protocols for communicating across a variety of physical media
`
`including cable systems, telephone lines, wireless, and high-speed Local Area
`
`Networks (LANs). I teach the configuration and operation of switches, routers, and
`
`gateways including routing and forwarding and the numerous respective protocols
`
`as they are standardized and used throughout the Internet. Topics include a wide
`
`variety of standardized Internet protocols at the Network Layer (Layer 3),
`
`Transport Layer (Layer 4), and above. A key project in one of my classes is to use
`
`packet monitoring tools and analyzing network traffic to determine what data is
`
`being exchanged.
`
`17.
`
`In addition, I co-founded a technology company called Santa Barbara
`
`Labs that was working under a sub-contract from the U.S. Air Force to develop
`
`very accurate emulation systems for the military’s next generation internetwork.
`
`Santa Barbara Labs’ focus was in developing an emulation platform to test the
`
`performance characteristics of the network architecture in the variety of
`
`environments in which it was expected to operate, and in particular, for network
`
`services including IPv6, multicast, Quality of Service (QoS), satellite-based
`
`
`
`8
`
`PACKET INTELLIGENCE LLC 2001 - 00010
`
`
`
`
`
`communication, and security. Applications for this emulation program included
`
`communication of a variety of multimedia-based services.
`
`18.
`
`In addition to having co-founded a technology company myself, I
`
`have worked for, consulted with, and collaborated with companies such as IBM,
`
`Hitachi Telecom, Digital Fountain, RealNetworks, Intel Research, Cisco Systems,
`
`and Lockheed Martin.
`
`19.
`
`I am a Member of the Association of Computing Machinery (ACM)
`
`and a Fellow of the Institute of Electrical and Electronics Engineers (IEEE).
`
`20. Additional details about my employment history, fields of expertise,
`
`and publications are further included in my curriculum vitae, attached as Exhibit
`
`2002.
`
`III. COMPENSATION
`21.
`I am being compensated as an expert witness in this matter at $600
`
`per hour in addition to out-of-pocket expenses. I have received no additional
`
`compensation for my work on this matter and my compensation does not depend,
`
`and has not ever depended in any way, on my opinion as expressed in this
`
`Declaration, in any testimony that I may give, or on the outcome of this case.
`
`IV. MATERIALS REVIEWED
`22.
` I have reviewed the following materials in connection with the
`
`preparation of this Declaration:
`
`
`
`9
`
`PACKET INTELLIGENCE LLC 2001 - 00011
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`U.S. Patent No. 6,771,646 and its file history;
`
`U.S. Patent No. 6,839,751 and its file history;
`
`U.S. Patent No. 6,954,789 and its file history;
`
`U.S. Patent No. 6,651,099 and its file history;
`
`U.S. Patent No. 6,665,725 and its file history;
`
`U.S. Patent No. 6,115,393 (“Engel) (Ex. 1007);
`
`Engel source code Appendix VI (Ex. 1009);
`
`The Petitions for Inter Partes Review for IPR2017-00450, IPR2017-
`
`00451, IPR2017-00629, IPR2017-00630, IPR2017-00769, IPR2017-
`
`00862, and IPR2017-00863; and
`
`
`
`The Declarations of Bill Lin submitted in connection with IPR2017-
`
`00450, IPR2017-00451, IPR2017-00629, IPR2017-00630, IPR2017-
`
`00769, IPR2017-00862, and IPR2017-00863.
`
`V. CLAIM CONSTRUCTION
`A.
`Person of Ordinary Skill in the Art
`23.
`
`I have been told that the factors that may be considered in determining
`
`the ordinary level of skill in the art include: (1) the types of problems encountered
`
`in the art, (2) the prior art solutions to those problems, (3) the rapidity with which
`
`innovations are made, (4) the sophistication of the technology, and (5) the
`
`educational level of active workers in the field.
`
`
`
`10
`
`PACKET INTELLIGENCE LLC 2001 - 00012
`
`
`
`
`
`24.
`
`In my opinion, as it pertains to United States Patent Nos. 6,651,099;
`
`6,665,725; 6,771,646; 6,839,751; and 6,954,789, a person of ordinary skill in the
`
`art in the late 1990s would have the equivalent of a four-year degree from an
`
`accredited institution (usually denoted as a B.S. degree) in computer science,
`
`computer engineering or the equivalent and experience with, or exposure to, packet
`
`analysis techniques. A person of ordinary skill in the art would also have
`
`approximately 1-2 years of professional experience with packet network
`
`communication protocols. Additional graduate education could substitute for
`
`professional experience, while significant experience in the field might substitute
`
`for formal education.
`
`25. As demonstrated above in the section on my background and
`
`qualifications, I more than meet the definition of one of ordinary skill in the art.
`
`B.
`
`“Conversational Flow”
`26.
`
`I understand that a patentee can act as his own lexicographer and
`
`define terms used in a specification. To do so a patentee must clearly set forth a
`
`definition other than its plain and ordinary meaning.
`
`27. United States Patent No. 6,651,099 states as follows at Col. 2:37-45:
`
`
`
`11
`
`PACKET INTELLIGENCE LLC 2001 - 00013
`
`
`
`
`
`
`
`
`
`28. An identical statement as the one highlighted above appears in U.S.
`
`Patent No. 6,954,789 at Col. 2:45-53. Furthermore, I understand the Challenged
`
`Patents cross-reference and incorporate the contents of United States Patent No.
`
`6,651,099 (Appl. No. 09/608,237). See U.S. Patent No. 6,665,725 at Col. 1:16-21,
`
`Col. 2:21-31; U.S. Patent No. 6,771,646 at Col. 1:16-19 (Ex. 1001); U.S. Patent
`
`No. 6,839,751 at Col. 1:17-20 (Ex. 1002); and U.S. Patent No. 6,954,789 at Col.
`
`1:7-12 (Ex. 1004).
`
`29. Likewise, Provisional Application No. 60/141,903 (Ex. 1005)
`
`contains the same statements at Page 3 lines 3-10:
`
`
`
`12
`
`PACKET INTELLIGENCE LLC 2001 - 00014
`
`
`
`
`
`
`
`30.
`
`I understand all of the Challenged Patents claim priority to Provisional
`
`Application No. 60/141,903 (Ex. 1005) and incorporate its contents by reference.
`
`See U.S. Patent No. 6,651,099 at Col. 1:6-11 (Ex. 1003); U.S. Patent No.
`
`6,665,725 at Col. 1:8-12, Col. 2:21-31; U.S. Patent No. 6,771,646 at Col. 1:8-12
`
`(Ex. 1001); U.S. Patent No. 6,839,751 at Col. 1:8-12 (Ex. 1002); and U.S. Patent
`
`No. 6,954,789 at Col. 1:13-16 (Ex. 1004).
`
`31.
`
`It is my opinion that the patentees set forth a specific definition of
`
`“conversational flow” and that a person of ordinary skill in the art reading the
`
`Challenged Patents would apply
`
`that express definition. Specifically,
`
`“conversational flow” means “the sequence of packets that are exchanged in any
`
`direction as a result of an activity—for instance, the running of an application on a
`
`server as requested by a client—and where some conversational flows involve
`
`more than one connection, and some even involve more than one exchange of
`
`packets between a client and server.”
`
`
`
`13
`
`PACKET INTELLIGENCE LLC 2001 - 00015
`
`
`
`
`
`VI. OVERVIEW OF BASIC NETWORK PRINCIPLES
`32. As basic background, one of the most widely used computer networks
`
`is the Internet. The Internet has been around for several decades. Many trace the
`
`origins of the Internet to the Arpanet (the Advanced Research Projects Agency
`
`Network), which dates back to the late 1960s. While the origins of the Internet
`
`were humble, it has grown into a massive, highly sophisticated network for highly
`
`complex and highly varied forms of communication. One of the major leaps in the
`
`Internet's evolution did not occur until the early 1990s and the sale of the NSFnet
`
`Backbone to MCI, spurring commercialization of the Internet and interest in the
`
`World Wide Web (WWW). These changes were significant contributors towards
`
`the Internet becoming more widely available and usable.
`
`33. Originally useful mainly for the exchange of text documents through
`
`email (using the Simple Mail Transfer Protocol, or SMTP) or file exchange (using
`
`a protocol like the File Transfer Protocol, or FTP), the Internet has evolved to
`
`support more complex data including multiple media types (e.g., pictures, audio,
`
`video), hence the concept of “multimedia.” Coupled with new and improved
`
`delivery capabilities and increased ways of offering information to users, the ways
`
`in which the Internet could be used increased dramatically during the 1990s. These
`
`factors led to numerous technical innovations in the way data was made available
`
`to users.
`
`
`
`14
`
`PACKET INTELLIGENCE LLC 2001 - 00016
`
`
`
`
`
`34. One of the more important capabilities that existed within the Internet
`
`was that it was acting as an information repository whereby servers held
`
`information and clients would make requests for that information. The Internet was
`
`also evolving such that, instead of servers holding important information, it was
`
`other users who held the information. In some cases, instead of information stored
`
`in documents, it was the users themselves who were the object of contact, for
`
`example, in multimedia conferencing. As described in more detail below, an
`
`underlying and long-standing challenge in the Internet was identifying the right
`
`address to use in contacting other users or servers.
`
`35. Much Internet communication takes place using a client/server
`
`paradigm. That is, content servers hold information desired by users. Through their
`
`clients, users make requests for this information, and the server responds by
`
`providing the requested information. Such a paradigm is used in, for example, the
`
`World Wide Web (WWW). In other applications, like email, servers are
`
`responsible for accepting, storing, and forwarding email.
`
`36. Two principles upon which applications and the underlying network
`
`infrastructure are based are the use of layered communication to break the task of
`
`data delivery into more manageable sub-tasks, and the use of protocols to establish
`
`rules for how data is communicated.
`
`
`
`15
`
`PACKET INTELLIGENCE LLC 2001 - 00017
`
`
`
`
`
`37. Generally, a protocol is a set of rules that defines how a set of
`
`functions will be performed. Protocols are important within networks since the two
`
`sides of a communication must act in the same, predictable way for data to be
`
`successfully delivered. For example, the HyperText Transfer Protocol (HTTP)
`
`defines both how requests/responses for objects are to be made and the syntax of
`
`request/response messages. The way in which data is exchanged is as important as
`
`the format of the data when it is exchanged. Called syntax, protocol specifications
`
`typically include the way information in a message is formatted. By clearly
`
`describing a protocol's communication rules and syntax, ambiguities and errors can
`
`be avoided.
`
`38. Protocols are then combined, based on the layer at which each
`
`operates, to perform the functions necessary to deliver data between sources and
`
`destinations. In many cases, there is one protocol responsible for the functions of
`
`not one, but sometimes multiple layers. Each layer and its corresponding protocol
`
`perform a set of functions based on widely, but not universally, agreed upon
`
`guidelines. As data is prepared for transmission by an application, it is sent through
`
`a set of layers. Each layer performs specified functions. For some of the layers,
`
`there is a corresponding protocol and a corresponding protocol header that is added
`
`to the application's data.
`
`
`
`16
`
`PACKET INTELLIGENCE LLC 2001 - 00018
`
`
`
`
`
`39. To help understand the process and give direction to the flow of data,
`
`the layers are “stacked” one on the other, from the highest layer (the application
`
`layer) to the lowest layer (the physical layer). Data, therefore, flows “down” the
`
`stack from the application layer of the transmitting host, across the network, and
`
`“up” a corresponding stack at the receiver.
`
`40. Over the years, there have been several efforts to “standardize” the
`
`layers and the functions performed by each. One example is the International
`
`Standards Organization's (ISO) Open System Interconnect (OSI). The OSI stack
`
`has seven layers and the general functions of each layer are well-known. ISO's OSI
`
`stack model is an older example dating back to the mid-1980s. A more recent
`
`example is the “TCP/IP stack,” also called the “Internet stack.” It integrated the
`
`functionality of two of the layers from the OSI stack (Presentation and Session
`
`Layers) into the Application Layer and better maps to the Internet's currently used
`
`protocols, e.g., IP, UDP, and TCP.
`
`41. Of the layers in the TCP/IP stack, the “highest” layer is the
`
`application layer and includes protocols like the HyperText Transfer Protocol
`
`(HTTP) and the Simple Mail Transfer Protocol (SMTP). There are dozens of
`
`application layer protocols, each typically corresponding to a specific application.
`
`42. The Hypertext Transfer Protocol (or “HTTP”) is an example of a
`
`well-known application (layer 7) protocol. HTTP version 1.1 was published as
`
`
`
`17
`
`PACKET INTELLIGENCE LLC 2001 - 00019
`
`
`
`
`
`RFC 2068 in January 1997. As an application layer protocol, HTTP is a set of rules
`
`for carrying application-specific data between a source and a destination (for
`
`example, carrying HTTP protocol headers and world wide web data between a web
`
`browser and a web site server). Because most Internet traffic uses both IP and
`
`TCP, Internet traffic is often described as “TCP over IP” or simply “TPC/IP.”
`
`When that traffic happens to also use HTTP as the application layer protocol, it is
`
`often described as “HTTP over TCP/IP.”
`
`43. The next layer is the transport layer. The two most common protocols
`
`are the Transmission Control Protocol (TCP) and the User Datagram Protocol
`
`(UDP). Where the UDP protocol only provides support for “ports,” TCP provides
`
`better support for reliable data delivery through acknowledgements, in-order
`
`packet delivery, connections, as well as congestion control, and similar to UDP,
`
`port numbers. Data sent through the Internet almost always uses one of these two
`
`protocols.
`
`44. The Transmission Control Protocol, referred to as “TCP,” is one of
`
`the main protocols used to send and receive information over the Internet. TCP is
`
`well known in the computer networking industry—one early TCP rule set was
`
`published as a Request for Comment (or “RFC”) by the Internet Engineering Task
`
`Force (“IETF”) in September 1981 (RFC 793). That rule set was based on an even
`
`earlier rule set published in December 1974 as RFC 675. TCP is an example of a
`
`
`
`18
`
`PACKET INTELLIGENCE LLC 2001 - 00020
`
`
`
`
`
`transport (layer 4) protocol in the OSI model. TCP is responsible for adding
`
`reliability and ordering to the stream of network information—for example, the
`
`packets of information sent using IP as the network-layer protocol may not arrive
`
`at the destination in the same order intended by the sender of the message. TCP
`
`sets rules for breaking up and transmitting the message so that the recipient is able
`
`to reliably receive and reassemble the message. Another common analogy from the
`
`physical world is the example of sending a multi-page letter through the mail by
`
`separately numbering page and mailing each page in its own envelope. IP, like the
`
`postal service, will route the envelope-like packets to the destination, but TCP (like
`
`the numbering of the individual pages) sets the rules to allow the recipient to verify
`
`that all of the pages have been received and to reassemble the pages in the right
`
`order.
`
`45. TCP describes, for example, how two devices on the Internet may
`
`establish a connection over which TCP data packets may be communicated
`
`between them. By way of a negotiation process known as a three-way handshake,
`
`such a connection can be established between two nodes, and once that connection
`
`establishment phase completes, data transfer can begin. Typically, a TCP
`
`connection is managed by a device operating system, so that applications such as a
`
`web browser, or a web server like a CDN caching server, can pass data to the
`
`operating system’s TCP protocol “stack” and the operating system will manage
`
`
`
`19
`
`PACKET INTELLIGENCE LLC 2001 - 00021
`
`
`
`
`
`transmission of that data to the receiver, and will pass received data from the other
`
`device up to the application layer.
`
`46. The next layer down, and the cornerstone of the Internet, is the
`
`Internet layer. The corresponding protocol, the Internet Protocol (IP), provides
`
`end-to-end delivery. Using IP address and a variety of support protocols (e.g.,
`
`routing protocols), routers in the Internet are able to choose the next path towards a
`
`destination, thereby robustly moving packets closer to their destination. From a lay
`
`perspective, the most common transport protocol, TCP, along with IP, form the
`
`core of Internet communications. Hence, the Internet's protocols are commonly
`
`called “TCP/IP.”
`
`47. The Internet Protocol (or “IP”) is an example of a well-known
`
`network (layer 3) protocol. IPv4 was published as RFC 760 in January 1980 while
`
`its successor IPv6 was published as RFC 2460 in December 1998. The IP protocol
`
`describes a set of rules for dividing a message into multiple parts (called “IP
`
`packets”) and then transmitting those packets from an IP sender to an IP
`
`destination across multiple routers or other links in a computer network. Each
`
`packet of information includes an IP address for its destination, analogous to
`
`sending a letter through the mail by placing the letter inside an envelope that has
`
`the recipient’s postal address printed on it.
`
`
`
`20
`
`PACKET INTELLIGENCE LLC 2001 - 00022
`
`
`
`
`
`48. The Data Link Layer (DLL) and the Physical Layer are often closely
`
`coupled. The reason is that the function of the DLL is to move bits across one
`
`physical hop of an end-to-end path. A DLL protocol is typically designed for a
`
`specific physical medium, though there are often many different protocols that can
`
`be used for a given medium. Physical Layer protocols are responsible for
`
`converting digital bits into the analog transmission signal specific to the particular
`
`medium being used for communication. It is therefore clear why there is a close
`
`relationship between a DLL protocol and the Physical Layer: both work for a
`
`specific medium and together move data across a single hop along a path from a
`
`source to a destination.
`
`49. Often overlooked in the transmission of data is that DLL protocols-
`
`and their headers-only survive across a single hop. Once data is delivered across
`
`the hop, the DLL layer header is removed, leaving the IP header exposed, and then
`
`based on the next hop to the destination, a new DLL protocol header is added-this
`
`one specific to the new medium the packet is to traverse. This process is repeated
`
`for each hop along the path from a source to a destination.
`
`50. As mentioned above, while the stack concept is a popular metaphor to
`
`help understand how network communication occurs, no reference model is
`
`perfect, and each serves as a guideline. Protocols, for example, may perform
`
`functions of other layers in violation of a particular reference model, and still be
`
`
`
`21
`
`PACKET INTELLIGENCE LLC 2001 - 00023
`
`
`
`
`
`accepted as valid protocols. Even in these cases, the abstraction provided by the
`
`general principle of layering and abstraction are sufficient to enable data
`
`transmission to take place successfully.
`
`51.
`
`In client/server based architectures that use a particula