Customer No. 20350
`TOWNSEND and TOWNSEND and CREW LLP
`Two Embarcadero Center, 8th Floor
`San Francisco, California 94111-3834
`(415) 576-0200
`
`Attorney Docket No.
`
`17814-9-10
`
`......
`
`ASSISTANT COMlVIISSIONER FOR PATENTS
`BOX PATENT APPLICATION
`WasJtington, D.C. 20231
`.....,_N
`U1
`--==UI
`...,-c::
`-......-ro
`. c...>_.
`'°~·
`
`CX>;;;.;;;;;;;;;;;
`'1'
`
`~>-I
`
`0
`
`"Express Mail" Label No.
`Date of Deposit:
`
`EM035149475US
`November 23 1998
`
`I hereby certify that this is being deposited with the United States
`Postal Service "Express Mail Post Office to Addressee" service
`under 37 CPR 1.10 on the date indicated above, addressed to:
`
`Assistant Commissioner for Patents
`:;shffigton, DC2023~
`
`Sir:
`
`Transmitted herewith for filing is the
`[ X ] patent application of
`[ ] continuation patent application of
`[ ] divisional patent application of
`[ ] continuation-in-part patent application of
`
`Ifi:entor(s)/Applicant Identifier: Guy Riddle
`s.sJ
`Ftii': METHOD FOR AUTO MA TI CALLY DETERMINING A TRAFFIC POLICY IN A PACKET COMMUNICATIONS
`iJ'.j NETWORK
`
`[ iX,i] This application claims priority from each of the following Application Nos./filing dates:
`60/066 962 filed November 26 1998
`the disclosure( s) of which is (are) incorporated by reference.
`
`Bntlosed are:
`[X,J
`sheet(s) of [ ] formal [X] informal drawing(s).
`6
`[~f
`A [ ] signed [X] unsigned Declaration & Power of Attorney
`[
`
`In view of the Unsigned Declaration as filed with this application and pursuant to 37 CFR §1.53(b),
`Applicant requests deferral of the filing fee until submission of the Missing Parts of Application.
`
`DO NOT CHARGE THE FILING FEE AT THIS TIME.
`
`Telephone:
`(650) 326-2400
`
`Facsimile:
`(650) 326-2422
`
`Kenneth R. Allen
`Reg No.: 27,301
`Attorneys for Applicant
`
`PA 162212 vl
`
`PA 162212 v1
`
`EX 1028 Page 1
`
`

`

`Attorney Docket No.: 17814-9.10
`
`PATENT APPLICATION
`
`METHOD FOR AUTOMATICALLY DETERlVHNING A TRAFFIC
`
`POLICY IN A PACKET COMMUNICATIONS NETWORK
`
`Guy Riddle (USA)
`18243 Knuth Road
`Los Gatos, CA 95033
`
`Inventor:
`
`Assignee:
`
`Packeteer, Inc.
`(a corporation of Delaware)
`10495 N. DeAnza Boulevard
`Cupertino, California 95014
`
`Entity:
`
`Small
`
`TO\VNSEND and TOWNSEND and CREW LLP
`Two Embarcadero Center, 81
`h Floor
`San Francisco, California 94111-3834
`(650) 326-2400
`
`EX 1028 Page 2
`
`

`

`1
`
`PATENT
`
`Attorney Docket No.: 17814-9.10
`
`l\1ETHOD FOR AUTOMATICALLY DETERMINING A TRAFFIC
`
`POLICY IN A POLICY BASED BANDWIDTH ALLOCATION
`
`5
`
`SYSTEM
`
`COPYRIGHT NOTICE
`
`A portion of the disclosure of this patent document contains material
`
`which is subject to copyright protection. The copyright owner has no objection to the
`
`10
`
`facsimile reproduction by anyone of the patent document or the patent disclosure as it
`
`appears in the Patent and Trademark Office patent file or records, but otherwise reserves
`
`all copyright rights whatsoever.
`
`CROSS-REFERENCE TO RELATED APPLICATIONS
`
`15
`
`This application claims priority from a commonly owned U.S. Provisional
`
`Patent Application, Serial No. 60/066,962,
`
`in the name of Guy Riddle, entitled Method
`
`for Automatically Determining a Traffic Policy in a Policy Based Bandwidth Allocation."
`
`Reference is made to:
`
`-----~
`"Method for Rapid Data Rate Detection in a Packet Communication Environment
`
`in the name of Robert L. Packer, entitled
`
`U.S. Patent No.
`
`20
`
`Without Data Rate Supervision," based on Serial No. 08/762,828 filed 12/6/96 which
`
`relates to a technique for automatically determining the data rate of a TCP connection;
`
`Copending U.S. Patent Application Serial No. 08/977,376,
`
`in the name of
`
`Robert L. Packer, entitled "Method for Managing Flow Bandwidth Utilization at
`
`25
`
`Network, Transport and Application Layers in Store and Forward Network," relates to a
`
`technique for automatically allocating bandwidth based upon data rates of TCP
`
`connections according to a hierarchical classification paradigm; and
`
`Copending U.S. Patent Application Serial No. 08/742,994,
`
`in the name of
`
`Robert L. Packer, entitled "Method for Explicit Data Rate Control in a Packet
`
`30
`
`Communication Environment Without a Data Rate Supervision," relates to a technique
`
`for automatically scheduling TCP packets for transmission.
`
`EX 1028 Page 3
`
`

`

`The contents of the foregoing patent applications are incorporated herein
`
`2
`
`by reference.
`
`BACKGROL1NTI OF THE INVENTION
`
`This invention relates to digital packet telecommunications, and
`
`5
`
`particularly to management of network bandwidth based on information ascertainable
`
`from multiple layers of OSI network model. It is particularly useful in conjunction with
`
`bandwidth allocation mechanisms employing traffic classification in a digitally-switched
`
`packet telecommunications environment normally not subject to data flow rate control.
`
`The ubiquitous TCP/IP protocol suite, which implements the world-wide
`
`10
`
`data communication network environment called the Internet and is also used in private
`
`networks (lntranets), intentionally omits explicit supervisory function over the rate of data
`
`transport over the various media which comprise the network.
`
`'While there are certain
`
`perceived advantages, this characteristic has the consequence of juxtaposing very high(cid:173)
`
`speed packet flows and very low-speed packet flows in potential conflict for network
`
`15
`
`resources, which results in inefficiencies. Certain pathological loading conditions can
`
`result in instability, overloading and data transfer stoppage. Therefore, it is desirable to
`
`provide some mechanism to optimize efficiency of data transfer while minimizing the risk
`
`of data loss. Early indication of the rate of data flow which can or must be supported is
`
`imperative. In fact, data flow rate capacity information is a key factor for use in resource
`
`20
`
`allocation decisions. For example, if a particular path is inadequate to accommodate a
`
`high rate of data flow, an alternative route can be sought out.
`
`Internet/Intranet technology is based largely on the TCP/IP protocol suite,
`
`where IP, or Internet Protocol, is the network layer protocol and TCP, or Transmission
`
`Control Protocol, is the transport layer protocol. At the network level, IP provides a
`
`25
`
`"datagram" delivery service. By contrast, TCP builds a transport level service over the
`
`datagram service to provide guaranteed, sequential delivery of a byte stream between two
`
`hosts.
`
`TCP flow control mechanisms operate exclusively at the end stations to
`
`limit the rate at which TCP endpoints emit data. However, TCP lacks explicit data rate
`
`30
`
`control. The basic flow control mechanism is a sliding window, superimposed on a range
`
`of bytes beyond the last explicitly-acknowledged byte. Its sliding operation limits the
`
`amount of unacknowledged transmissible data that a TCP endpoint can emit.
`
`EX 1028 Page 4
`
`

`

`3
`
`Another flow control mechanism is a congestion window, which is a
`
`refinement of the sliding window scheme, which employs conservative expansion to fully
`
`utilize all of the allowable window. A component of this mechanism is sometimes
`
`referred to as "slow start".
`
`5
`
`The sliding window flow control mechanism works in conjunction with
`
`the Retransmit Timeout Mechanism (RTO), which is a timeout to prompt a
`
`retransmission of unacknowledged data. The timeout length is based on a running
`
`average of the Round Trip Time (RTT) for acknowledgment receipt, i.e. if an
`acknowledgment is not received within (typically) the smoothed RTT + 4*mean
`deviation, then packet loss is inferred and the data pending acknowledgment is
`
`10
`
`retransmitted.
`
`Data rate flow control mechanisms which are operative end-to-end without
`
`explicit data rate control draw a strong inference of congestion from packet loss (inferred,
`
`typically, by RTO). TCP end systems, for example, will 'back-off',
`
`i.e., inhibit
`
`15
`
`transmission in increasing multiples of the base RTT average as a reaction to consecutive
`
`packet loss.
`
`Bandwidth Management in TCP/IP Networks
`
`Conventional bandwidth management in TCP/IP networks is accomplished
`
`20
`
`by a combination of TCP end systems and routers which queue packets and discard
`
`packets when certain congestion thresholds are exceeded. The discarded, and therefore
`
`unacknowledged, packet serves as a feedback mechanism to the TCP transmitter. (TCP
`
`end systems are clients or servers running the TCP transport protocol, typically as part of
`
`their operating system.)
`
`25
`
`The term "bandwidth management" is often used to refer to link level
`
`bandwidth management, e.g. multiple line support for Point to Point Protocol (PPP).
`
`Link level bandwidth management is essentially the process of keeping track of all traffic
`
`and deciding whether an additional dial line or ISDN channel should be opened or an
`
`extraneous one closed. The field of this invention is concerned with network level
`
`30
`
`bandwidth management, i.e. policies to assign available bandwidth from a single logical
`
`link to network flows.
`
`In a copending U.S. Patent Application Serial No. 08/977,376, in the name
`
`of Robert L. Packer, entitled "Method for Managing Flow Bandwidth Utilization at
`
`EX 1028 Page 5
`
`

`

`4
`
`Network, Transport and Application Layers in Store and Forward Network," a technique
`
`for automatically allocating bandwidth based upon data rates of TCP connections
`
`according to a hierarchical classification paradigm is disclosed.
`
`Automated tools assist the network manager in configuring and managing
`
`5
`
`the network equipped with the rate control techniques described in these copending
`
`applications. The first such tool, enables a network manager to automatically produce
`
`classifications for traffic detected in a network. It is described in U.S. Provisional Patent
`
`Application Serial No. 09/066,864, in the name of Guy Riddle and Robert L. Packer,
`
`entitled "Method for Automatically Classifying Traffic in a Packet Communications
`
`10 Network". The subject of the present invention is another tool designed to assist the
`
`network manager.
`
`While these efforts teach methods for solving problems associated with
`
`scheduling transmissions, automatically determining a data flow rate on a TCP
`
`connection and for allocating bandwidth based upon a classification of network traffic,
`
`15
`
`and automatically classifying network traffic respectively, there is no teaching in the prior
`
`art of methods for automatically determining traffic policies for packet traffic based upon
`
`information about multiple OSI layer protocol characteristics.
`
`i,,
`
`Bandwidth has become the expensive commodity of the '90s, as traffic
`
`expands faster than resources, the need to "prioritize" a scarce resource, becomes ever
`
`20 more critical. One way to solve this is by applying "policies" to control traffic classified
`
`as to type of service required in order to more efficiently match resources with traffic.
`
`Traffic may be classified by type, e.g. E-mail, web surfing, file transfer, at
`
`various levels. For example, to classify by network paradigm, examining messages for an
`
`IEEE source/destination service access point (SAP) or a sub-layer access protocol
`
`25
`
`(SNAP) yields a very broad indicator, i.e., SNA or IP. More specific types exist, such as
`
`whether an IP protocol field in an IP header indicates TCP or UDP. Well known
`
`connection ports provide indications at the application layer, i.e., SMTP or HTTP.
`
`Classification is not new. Firewall products like "CheckPoint FireWall-1,"
`
`a product of Checkpoint Software Technologies, Inc., a company with headquarters in
`
`30
`
`Redwood City, CA., have rules for matching traffic. Bandwidth managers such as
`
`"Aponet," a product of Aponet, Inc., a company with headquarters in San Jose, CA.,
`
`classify by destination. The PacketShaper, a product of Packeteer, Inc., a company with
`
`headquarters in Cupertino CA., allows a user to manually enter rules to match various
`
`EX 1028 Page 6
`
`

`

`5
`
`traffic types for statistical tracking, i.e., counting by transaction, byte count, rates, etc.
`
`However, manual rule entry requires a level of expertise that limits the appeal for such a
`
`system to network savvy customers. What is really needed is a method for analyzing real
`
`traffic in a customer's network and automatically producing a list of the "found traffic."
`
`5
`
`SUMMARY OF THE INVENTION
`
`According to the invention, in a packet telecommunication
`
`environment in
`
`which traffic flows are classified according to a hierarchical classification paradigm, a
`
`method is provided for automatically determining a policy for allocating bandwidth
`
`10
`
`resources by a rule of assignment of a service level. The method comprises applying
`
`individual instances of traffic classification paradigms to packet network flows. Based on
`
`selectable information obtained from a plurality oflayers of a multi-layered
`
`communication protocol, defining a characteristic class, then mapping the flow to the
`
`defined traffic class.
`
`15
`
`An advantage of traffic management rule based techniques according to
`
`the present invention is that network managers need not know the technical aspects of
`
`each kind of traffic in order to configure traffic classes.
`
`A further advantage of the present invention is that traffic classes may
`
`include information such as a URI pattern for web traffic.
`
`20
`
`The invention will be better understood upon reference to the following
`
`detailed description in connection with the accompanying drawings.
`
`BRIEF DESCRIPTION OF THE DRA \VINGS
`
`Fig. IA depicts a representative client server relationship
`
`in accordance
`
`25
`
`with a particular embodiment of the invention;
`
`Fig. lB depicts a functional perspective of the representative client server
`
`relationship
`
`in accordance with a particular embodiment of the invention;
`
`Fig. 1 C depicts a representative
`
`intemetworking environment
`
`in
`
`accordance with a particular embodiment of the invention;
`
`30
`
`Fig. lD depicts a relationship diagram of the layers of the TCP/IP protocol
`
`suite;
`
`Figs. 2A-2B depict representative divisions of bandwidth;
`
`EX 1028 Page 7
`
`

`

`Fig. 3 depicts a flowchart of process steps in automatically determining a
`
`policy for classified traffic in accordance with a particular embodiment of the invention.
`
`6
`
`5
`
`1.0
`
`Introduction
`
`DESCRIPTION OF SPECIFIC EMBODIMENTS
`
`The present invention provides techniques automatically determining a
`
`policy for allocating bandwidth resources by a rule of assignment of a service level in a
`
`packet telecommunications
`
`system for management of network bandwidth in systems
`
`such as a private area network, a wide area network or an internetwork. Systems
`
`10
`
`according to the present invention enable network managers to: automatically create
`
`policies for specifying service levels for traffic classes and isolating bandwidth resources
`
`associated with certain traffic classes. Inbound as well as outbound traffic may be
`
`managed. Table 1 provides a definitional list of terminology used herein.
`
`15
`
`20
`
`25
`
`30
`
`LIST OF DEFINITIONAL TERMS
`
`ADMISSIONS CONTROL
`
`A policy invoked whenever a system according
`
`to
`
`the invention detects that a guaranteed
`
`information
`
`rate cannot be maintained. An admissions control
`
`policy is analogous to a busy signal in the telephone
`
`world.
`
`CLASS SEARCH ORDER
`
`A search method based upon traversal of a N-ary
`
`tree data structure containing classes.
`
`COMMITTED INFORMATION
`RATE
`(CIR)
`
`A rate of data flow allocated
`
`to reserved service
`
`traffic for rate based bandwidth
`
`allocation
`
`for a
`
`committed bandwidth. Also called a guaranteed
`
`information rate (GIR).
`
`EX 1028 Page 8
`
`

`

`EXCEPTION
`
`A class of traffic provided by the user which
`
`7
`
`supersedes an automatically determined
`
`classification order.
`
`5
`
`EXCESS IN"'FORMATION
`RATE
`(EIR)
`
`A rate of data flow allocated to reserved service
`
`traffic for rate based bandwidth allocation for
`
`uncommitted bandwidth resources.
`
`10
`
`FLOW
`
`A flow is a single instance of a traffic class. For
`
`example, all packets in a TCP connection belong to
`
`the same flow. As do all packets in a UDP session.
`
`15
`
`GUARANTEED
`INFORLv1ATION RATE
`(GIR)
`
`20
`
`INSIDE
`
`A rate of data flow allocated to reserved service
`
`traffic for rate based bandwidth allocation for a
`
`committed bandwidth. Also called a committed
`
`information rate (CIR).
`
`On the system side of an access
`
`link. Outside
`
`clients and servers are on the other side of the access
`
`link.
`
`25
`
`ISOLATION
`
`Isolation is the degree that bandwidth resources are
`
`allocable to traffic classes.
`
`OUTSIDE
`
`On the opposite side of an access link as viewed
`
`from the perspective of the system on which the
`
`30
`
`software resides.
`
`PARTITION
`
`POLICY
`
`Partition is an arbitrary unit of network resources.
`
`A rule for the assignment of a service level to a
`
`flow.
`
`EX 1028 Page 9
`
`

`

`8
`
`POLICY INHERITANCE
`
`A method for assigning policies to flows for which
`
`5
`
`10
`
`POLICY BASED
`SCALNG
`
`no policy exists in a hierarchical arrangement of
`
`policies. For example, if a flow is determined to be
`
`comprised of FTP packets
`
`for Host A, and no
`
`corresponding policy exists, a policy associated with
`
`a parent node, such as an FTP policy, may be
`
`located and used.
`
`An adjustment of a requested data
`
`rate
`
`for a
`
`particular
`
`flow based upon
`
`the policy associated
`
`with
`
`the flow and
`
`information
`
`about
`
`the flow's
`
`potential rate.
`
`15
`
`20
`
`25
`
`SCALED RATE
`
`Assignment of a data rate based upon detected
`
`speed.
`
`SERVICE LEVEL
`
`A service paradigm
`
`having
`
`a combination
`
`of
`
`characteristics defined by a network manager
`
`to
`
`handle a particular class of traffic. Service levels
`
`may be designated as either reserved or unreserved.
`
`TRAFFIC CLASS
`
`All traffic between a client and a server endpoints.
`
`A single instance of a traffic class is called a flow.
`
`Traffic classes have properties or class attributes
`
`such as, directionality, which
`
`is the property of
`
`whether traffic is flowing inbound or outbound.
`
`30 UNRESERVED SERVICE
`
`Unreserved
`
`service 1s a service
`
`level defined m
`
`terms of priority m which no
`
`reservation
`
`of
`
`bandwidth is made.
`
`EX 1028 Page 10
`
`

`

`URI
`
`9
`
`A Universal Resource Identifier is the name of the
`
`location field in a web reference address.
`
`It is also
`
`called URL or Universal Resource Locator.
`
`5
`
`Table 1
`
`1.1
`
`Hardware Overview
`
`The method for automatically dete1mining a policy rule of assignment of
`
`bandwidth in a packet telecommunications environment of the present invention is
`
`10
`
`implemented in the C programming
`
`language and is operational on a computer system
`
`such as shown in Fig. IA This invention may be implemented in a client-server
`
`environment, but a client-server environment is not essential. This figure shows a
`
`conventional client-server computer system which includes a server 20 and numerous
`
`clients, one of which is shown as client 25. The use of the term "server" is used in the
`
`15
`
`context of the invention, wherein the server receives queries from (typically remote)
`
`clients, does substantially all the processing necessary to formulate responses to the
`
`queries, and provides these responses to the clients. However, server 20 may itself act in
`
`the capacity of a client when it accesses remote databases located at another node acting
`
`as a database server.
`
`20
`
`The hardware configurations are in general standard and will be described
`
`only briefly. In accordance with known practice, server 20 includes one or more
`
`processors 30 which communicate with a number of peripheral devices via a bus
`
`subsystem 32. These peripheral devices typically include a storage subsystem 35,
`
`comprised of a memory subsystem 35a and a file storage subsystem 35b holding
`
`25
`
`computer programs ( e.g., code or instructions) and data, a set of user interface input and
`
`output devices 37, and an interface to outside networks, which may employ Ethernet,
`
`Token Ring, ATM, IEEE 802.3, ITU X.25, Serial Link Internet Protocol (SLIP) or the
`
`public switched telephone network. This interface is shown schematically as a "Network
`
`Interface" block 40. It is coupled to corresponding interface devices in client computers
`
`30
`
`via a network connection 45.
`
`Client 25 has the same general configuration, although typically with less
`
`storage and processing capability. Thus, while the client computer could be a terminal or
`
`a low-end personal computer, the server computer is generally a high-end workstation or
`
`EX 1028 Page 11
`
`

`

`10
`
`mainframe, such as a SUN SP ARC server. Corresponding elements and subsystems in
`
`the client computer are shown with corresponding, but primed, reference numerals.
`
`Bus subsystem 32 is shovm schematically as a single bus, but a typical
`
`system has a number of buses such as a local bus and one or more expansion buses (e.g.,
`
`5 ADB, SCSI, ISA, EISA, MCA, NuBus, or PCI), as well as serial and parallel ports.
`
`Network connections are usually established through a device such as a network adapter
`
`on one of these expansion buses or a modem on a serial port. The client computer may be
`
`a desktop system or a portable system.
`
`The user interacts with the system using interface devices 3 7' ( or devices
`
`10
`
`37 in a standalone system). For example, client queries are entered via a keyboard,
`
`communicated to client processor 30', and thence to modem or network interface 40' over
`
`bus subsystem 32'. The query is then communicated to server 20 via network connection
`
`45. Similarly, results of the query are communicated from the server to the client via
`
`network connection 45 for output on one of devices 37' (say a display or a printer), or
`
`15 may be stored on storage subsystem 35'.
`
`Fig. lB is a functional diagram of a computer system such as that of Fig.
`
`IA. Fig. lB depicts a server 20, and a representative client 25 of a plurality of clients
`
`which may interact with the server 20 via the Internet 45 or any other communications
`
`method. Blocks to the right of the server are indicative of the processing steps and
`
`20
`
`functions which occur in the server's program and data storage indicated by blocks 35a
`
`and 35b in Fig. lA. A TCP/IP "stack" 44 works in conjunction with Operating System 42
`
`to communicate with processes over a network or serial connection attaching Server 20 to
`
`Internet 45. Web server software 46 executes concurrently and cooperatively with other
`
`processes in server 20 to make data objects 50 and 51 available to requesting clients. A
`
`25
`
`Common Gateway Interface (CGI) script 55 enables information from user clients to be
`
`acted upon by web server 46, or other processes within server 20. Responses to client
`
`queries may be returned to the clients in the form of a Hypertext Markup Language
`
`(HTML) document outputs which are then communicated via Internet 45 back to the user.
`
`Client 25 in Fig. lB possesses software implementing functional processes
`
`30
`
`operatively disposed in its program and data storage as indicated by block 35a' in Fig. lA.
`
`TCP/IP stack 44', works in conjunction with Operating System 42' to communicate with
`
`processes over a network or serial connection attaching Client 25 to Internet 45. Software
`
`implementing the function of a web browser 46' executes concurrently and cooperatively
`
`EX 1028 Page 12
`
`

`

`11
`
`with other processes in client 25 to make requests of server 20 for data objects 50 and 51.
`
`The user of the client may interact via the web browser 46' to make such queries of the
`
`server 20 via Internet 45 and to view responses from the server 20 via Internet 45 on the
`
`web browser 46'.
`
`5
`
`1.1 Network Overview
`
`Fig. 1 C is illustrative of the intemetworking of a plurality of clients such
`
`as client 25 of Figs. IA and IB and a plurality of servers such as server 20 of Figs. IA
`
`and lB as described herein above. In Fig. 1 C, network 60 is an example of a Token Ring
`
`or frame oriented network. Network 60 links host 61, such as an IBM RS6000 RISC
`
`10 workstation, which may be running the AIX operating system, to host 62, which is a
`
`personal computer, which may be running Windows 95, IBM OS/2 or a DOS operating
`
`system, and host 63, which may be an IBM AS/400 computer, which may be running the
`
`OS/400 operating system. Network 60 is internetworked to network 70 via a system
`
`gateway which is depicted here as router 75, but which may also be a gateway having a
`
`15
`
`firewall or a network bridge. Network 70 is an example of an Ethernet network that
`
`interconnects host 71, which is a SP ARC workstation, which may be running SUNOS
`
`operating system with host 72, which may be a Digital Equipment V AX6000 computer
`
`which may be running the VMS operating system.
`
`Router 75 is a network access point (NAP) of network 70 and network 60.
`
`20
`
`Router 75 provides both a Token Ring interface and Ethernet interfaces, through for
`
`example, a respective adapter. This enables router 75 to interface with the two
`
`heterogeneous networks. Router 75 is also aware of the Inter-network Protocols, such as
`
`ICMP ARP and RIP, which are described herein below.
`
`Fig. ID is illustrative of the constituents of the Transmission Control
`
`25
`
`Protocol/Internet Protocol (TCP/IP) protocol suite. The base layer of the TCP/IP protocol
`
`suite is the physical layer 80, which defines the mechanical, electrical, functional and
`
`procedural standards for the physical transmission of data over communications media,
`
`such as, for example, the network connection 45 of Fig. IA. The physical layer may
`
`comprise electrical, mechanical or functional standards such as whether a network is
`
`30
`
`packet switching or frame-switching; or whether a network is based on a Carrier Sense
`
`Multiple Access/Collision Detection (CSMA/CD) or a frame relay paradigm.
`
`Overlying the physical layer is the data link layer 82. The data link layer
`
`provides the function and protocols to transfer data between network resources and to
`
`EX 1028 Page 13
`
`

`

`12
`
`detect errors that may occur at the physical layer. Operating modes at the datalink layer
`
`comprise such standardized network topologies as IEEE 802.3 Ethernet, IEEE 802.5
`
`Token Ring, ITU X.25, or serial (SLIP) protocols.
`
`Network layer protocols 84 overlay the datalink layer and provide the
`
`5 means for establishing connections between networks. The standards of network layer
`
`protocols provide operational control procedures for intemetworking communications and
`
`routing information through multiple heterogenous networks. Examples of network layer
`
`protocols are the Internet Protocol (IP) and the Address Resolution Protocol (ARP). The
`
`Address Resolution Protocol (ARP) is used to correlate an Internet address and a Media
`
`10 Access Address (MAC) for a particular host. The Routing Infonnation Protocol (RIP) is
`
`a dynamic routing protocol for passing routing information between hosts on networks.
`
`The Internet Control Message Protocol (ICMP) is an internal protocol for passing control
`
`messages between hosts on various networks.
`
`ICMP messages provide feedback about
`
`events in the network environment or can help determine if a path exists to a particular
`
`15
`
`host in the network environment. The latter is called a "Ping". The Internet Protocol (IP)
`
`provides the basic mechanism for routing packets of information
`
`in the Internet. IP is a
`
`non-reliable communication protocol. It provides a "best efforts" delivery service and
`
`does not commit network resources to a particular transaction, nor does it perform
`
`retransmissions or give acknowledgments.
`
`20
`
`The transport layer protocols 86 provide end-to-end transport services
`
`across multiple heterogenous networks. The User Datagram Protocol (UDP) provides a
`
`connectionless, datagram oriented service which provides a non-reliable delivery
`
`mechanism for streams of information. The Transmission Control Protocol (TCP)
`
`provides a reliable session-based service for delivery of sequenced packets of information
`
`25
`
`across the Internet. TCP provides a connection oriented reliable mechanism for
`
`information delivery.
`
`The session, or application layer 88 provides a list of network applications
`
`and utilities, a few of which are illustrated here. For example, File Transfer Protocol
`
`(FTP) is a standard TCP/IP protocol for transferring files from one machine to another.
`
`30
`
`FTP clients establish sessions through TCP connections with FTP servers in order to
`
`obtain files. Telnet is a standard TCP/IP protocol for remote terminal connection. A
`
`Telnet client acts as a terminal emulator and establishes a connection using TCP as the
`
`transport mechanism with a Telnet server. The Simple Network Management Protocol
`
`EX 1028 Page 14
`
`

`

`13
`
`(SNMP) is a standard for managing TCP/IP networks. SNMP tasks, called "agents",
`
`monitor network status parameters and transmit these status parameters to SNMP tasks
`
`called "managers." Managers track the status of associated networks. A Remote
`
`Procedure Call (RPC) is a programming
`
`interface which enables programs to invoke
`
`5
`
`remote functions on server machines. The Hypertext Transfer Protocol (HTTP) facilitates
`
`the transfer of data objects across networks via a system of uniform resource indicators
`
`(URis).
`
`The Hypertext Transfer Protocol is a simple protocol built on top of
`
`Transmission Control Protocol (TCP). It is the mechanism which underlies the function
`
`10
`
`of the World Wide Web. The HTTP provides a method for users to obtain data objects
`
`from various hosts acting as servers on the Internet.
`
`2.0
`
`Traffic Class
`
`A traffic class is broadly defined as traffic between one or more clients and
`
`one or more servers. A single instance of a traffic class is called a flow. Traffic classes
`
`15
`
`have the property, or class attribute, of being directional, i.e. all traffic flowing inbound
`
`will belong to different traffic classes and be managed separately from traffic flowing
`
`outbound. The directional property enables asymmetric classification and control of
`
`traffic, i.e., inbound and outbound flows belong to different classes which may be
`
`managed independent of one another.
`
`20
`
`Traffic classes may be defined at any level of the TCP/IP protocol. For
`
`example, at the IP level, traffic may be defined as only those flows between a specified
`
`set of inside and outside IP addresses or domain names. An example of such a low level
`
`traffic class definition would be all traffic between my network and other corporate
`
`offices throughout the Internet. At the application level, traffic classes may be defined for
`
`25
`
`specific URI patterns within a web server. Traffic classes may be defined having "Web
`
`aware" class attributes. For example, a traffic class could be created such as all URI
`
`patterns matching "*.html" for all servers, or all lJRI patterns matching "*.gif' for server
`
`X, or for access to server Y with URI pattern "/sales/*" from client Z, wherein'*'
`
`is a
`
`wildcard character, i.e., a character which matches all other character combinations.
`
`30
`
`Traffic class attributes left unspecified will simply match any value for that attribute. For
`
`example, a traffic class that accesses data objects within a certain directory path of a web
`
`server is specified by a URI pattern of the directory path to be managed, e.g. "/sales/*".
`
`EX 1028 Page 15
`
`

`

`2.1
`
`Classifying Traffic
`
`14
`
`There is a method for classifying traffic according to a definable set of
`
`classification attributes selectable by the manager, including selecting a subset of traffic
`
`of interest to be classified, specifically the ability to classify and search traffic based upon
`
`5 multiple orthogonal classification attributes.
`
`Traffic class membership may be hierarchical. Thus, a flow may be
`
`classified by a series of steps through a traffic class tree, with the last step (i.e., at the
`
`leaves on the classification
`
`tree) mapping the flow to a policy. The policy is a rule of
`
`assignment for flows. For example, the first step in classification may be to classify a
`
`10
`
`flow as web traffic, the next may further classify this flow as belonging to server X, and
`
`the final classification may be a policy for URI pattern "* .avi".
`
`A classification tree is a data structure representing the hierarchical aspect
`
`of traffic class relationships. Each node of the classification
`
`tree represents a class, and
`
`has a traffic specification, i.e., a set of attributes or characteristics describing the traffic.
`
`15
`
`Leaf nodes of the classification tree contain