`US007366101B1
`
`
`
`
`
`
`
`
`
`
`
`
`US 7,366,101 B1
`(10) Patent No:
`a2) United States Patent
`
`
`
`
`
`
`
`
`Apr. 29, 2008
`(45) Date of Patent:
`Varier et al.
`
`
`
`
`
`
`
`(54) NETWORK TRAFFIC SYNCHRONIZATION
`MECHANISM
`
`
`
`
`
`2003/0043792 A1*
`
`
`
`
`
`
`
`3/2003 Carpini et al. ws... 370/386
`
`
`
`
`
`
`
`
`
`(75)
`
`(22)
`(51)
`
`
`
`
`
`
`
`(56)
`
`
`
`
`
`Inventors: Roopesh R. Varier, Sunnyvale, CA
`
`
`
`
`(US); David Jacobson, Durham, NC
`
`
`
`
`
`(US); Guy Riddle, Los Gatos, CA (US)
`.
`.
`
`
`
`
`
`
`(73) Assignee: Packeteer, Inc., Cupertino, CA (US)
`(*) Notice:
`Subject to any disclaimer, the term ofthis
`
`
`
`
`
`
`
`
`
`
`
`
`patent is extended or adjusted under 35
`
`
`
`
`USC. 154(b) by 916 days.
`
`
`
`
`(21) Appl. No.: 10/611,573
`.
`
`
`
`Filed:
`Jun. 30, 2003
`Int. Cl
`
`
`n>
`(3008.01
`ny vin
`
`
`
`
`
`
`
`(2006.01)
`HOAL 1226
`
`
`
`
`(2006.01)
`HOAL 12/28
`
`
`
`
`(2006.01)
`HOAL 1246
`:
`
`
`
`
`
`
`
`(52) US. Ch. w......coeoe 370/241; 370/401; 370/503
`
`
`
`
`
`
`(58) Field of Classification Search........ 370/216-218,
`
`
`
`370/241, 242, 401, 503
`.
`;
`
`
`
`
`
`
`
`See application file for complete search history.
`
`
`References Cited
`U.S. PATENT DOCUMENTS
`
`
`
`
`
`
`
`2002/0167960 Al* 11/2002 Garcia-Luna-Aceves.... 370/442
`
`
`
`.
`*
`cited b
`
`
`by examiner
`cited
`
`
`
`
`Primary Examiner—Kevin C. Harper
`
`
`
`
`(74) Attorney, Agent, or Firm—Mark J. Spolyar
`
`
`
`57
`
`67)
`
`
`ABSTRACT
`
`
`
`
`
`
`
`
`
`Methods, apparatuses and systems directed to a network
`
`
`
`
`
`
`traffic synchronization mechanism facilitating the deploy-
`
`
`
`
`
`
`ment of network devices in redundant network topologies.
`
`
`
`
`
`
`
`
`In certain embodiments, whena first network device directly
`receives network traffic,
`it copies the network traffic and
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`transmits it to at least one partner network device. The
`
`
`
`
`
`
`
`
`partner network device processes the copied networktraffic,
`just as ifit had receivedit directly, but, in one embodiment,
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`discards the traffic before forwarding it onto its destination.
`
`
`
`
`
`
`
`
`In one embodiment, the partner network devices are opera-
`
`
`
`
`
`
`
`
`tive to exchange directly received network traffic. As a
`
`
`
`
`
`
`
`result, the present invention provides enhanced reliability
`
`
`
`
`
`
`
`
`
`and seamless failover. Fach unit, for example, is ready at any
`
`
`
`
`
`
`
`
`
`
`time to take over for the other unit should a failure occur. As
`
`
`
`
`
`
`
`discussed below, the network traffic synchronization mecha-
`
`
`
`
`
`
`
`nism can be appliedto a variety of network devices, such as
`
`
`
`
`
`
`
`firewalls, gateways, network routers, and bandwidth man-
`
`
`agement devices.
`
`
`
`
`
`
`
`
`
`140
`
`
`
`Splunk Inc.
`
`Exhibit1018
`
`Page 1
`
`
`
`
`
`
`
`34 Claims, 12 Drawing Sheets
`
`Splunk Inc. Exhibit 1018 Page 1
`
`

`

`
`U.S. Patent
`
`
`
`
`
`Apr.29, 2008
`
`
`
`
`
`Sheet 1 of 12
`
`
`
`US 7,366,101 B1
`
`
`
`
` Computer
`
`
`
`Network
`
`
`
`
`
`(Prior Art)
`
`
`
`
`42
`
`Splunk Inc.
`
`Exhibit1018
`
`Page 2
`
`Splunk Inc. Exhibit 1018 Page 2
`
`

`

`
`U.S. Patent
`
`
`
`
`
`Apr. 29, 2008
`
`
`
`
`Sheet 2 of 12
`
`
`
`US 7,366,101 B1
`
`
`
`
`
`
`
`
`Bandwidth
`Management
`Device
`
`
`
`
`Bandwidth
`Management
`Device
`
`
`
`40
`
`
`
`
`Fig. 1B
`
`
`(Prior Art)
`
`
`
`Splunk Inc.
`
`Exhibit1018
`
`Page 3
`
`Splunk Inc. Exhibit 1018 Page 3
`
`

`

`
`U.S. Patent
`
`
`
`
`
`Apr.29, 2008
`
`
`
`
`Sheet 3 of 12
`
`
`
`US 7,366,101 B1
`
`
`
`50
`
`
`
`21
`
`
`
`22
`
`
`
`
`
`
`
`30b
`
`
`
`
`
`L_J
`
`42
`
`L_]
`l=
`zz=z=z=_m™,
`
`[|
`
`mn z
`
`
`140
`
`Fig.2A
`
`Splunk Inc.
`
`Exhibit1018
`
`Page 4
`
`Splunk Inc. Exhibit 1018 Page 4
`
`

`

`
`U.S. Patent
`
`
`
`
`
`Apr.29, 2008
`
`
`
`
`Sheet 4 of 12
`
`
`
`US 7,366,101 B1
`
`
`
`50
`
`
`
`
`
`
`
`
`
`
`
`
`
`L_J
`ci
`
`42
`
`
`
`.
`
`44
`
`
`
`A
`
`
`
`140
`
`
`Fig.2B
`
`
`
`Splunk Inc.
`
`Exhibit1018
`
`Page5
`
`Splunk Inc. Exhibit 1018 Page 5
`
`

`

`
`U.S. Patent
`
`
`
`
`
`Apr.29, 2008
`
`
`
`
`Sheet 5 of 12
`
`
`
`US 7,366,101 B1
`
`
`
`9g
`
`
`ToPartner
`
`Device
`
`
`
`
`
`
`
`30a Network
`
`
`
`
`
`Device
`
`
`
`40
`
`
`
`
`Fig.2C
`
`
`
`Splunk Inc.
`
`Exhibit1018
`
`Page6é
`
`Splunk Inc. Exhibit 1018 Page 6
`
`

`

`
`U.S. Patent
`
`
`
`
`
`Apr.29, 2008
`
`
`
`
`Sheet 6 of 12
`
`
`
`US 7,366,101 B1
`
`
`
`50
`
`{50
`
`Administrator
`
`Interface
`
`
`
`Engine
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`Flow
`Database
`
`140
`
`
`
`
`
`
`
`138
`
`
`
`
`
`Classification
`
`
`Database
`
`
`
`
`Management
`
`
`Information Base
`
`
`
`
`
`
`Data Packet
`
`
`Out
`
`
`
`
`
`
`
`
`137
`
`
`
`
`
`134
`
`
`Data Packet
`Tn
`
`
`
`
`
`
`
`
`
`Host
`Database
`
`
`
`
`
`
`Packet
`Processor
`
`
`
`
`131
`
`
`
`
`
`
`
`
`Flow Control
`
`Module
`
`
`
`
`132
`
`
`Fig.3
`
`Splunk Inc.
`
`Exhibit1018
`
`Page 7
`
`Splunk Inc. Exhibit 1018 Page 7
`
`

`

`330a
`
`
`
`
`4T
`
`
`
`
`VioSs
`
`eo 44
`
`
`3 &
`Network
`
`oO
`Device
`
`al
`
` ®
`
`
`U.S. Patent
`
`
`
`
`
`Apr.29, 2008
`
`
`
`
`Sheet 7 of 12
`
`
`
`US 7,366,101 B1
`
`
`
`97
`
`
`
`
`
`
`
`
`eo
`
`BS
`
`a a
`
`
`ee
`
`
`
`
`
`
`
`
`
`40
`
`
`
`
`Se
`
`
`Fig.2E
`
`
`
`Splunk Inc.
`
`Exhibit1018
`
`Page8
`
`Splunk Inc. Exhibit 1018 Page 8
`
`

`

`
`U.S. Patent
`
`
`
`
`
`Apr.29, 2008
`
`
`
`
`Sheet 8 of 12
`
`
`
`US 7,366,101 B1
`
`
`
`97
`
`
`
`
`
`B
`
`5 9
`
`5 =
`
`
`at
`
`
`
`
`Network
`Device
`
`$30a
`
`
`
`Wf
`
`
`
`5 py
`
`g =
`
`© a
`
`
`
`73
`
`
`
`
`
`44
`
`
`
`50
`
`
`
`=C>
`
`
`
`72b
`
`74
`22aC>
`SL)
`40
`xv
`
`
`
`a_
`
`71a wf
`
`
`
`Splunk Inc.
`
`Exhibit1018
`
`Page9
`
`Splunk Inc. Exhibit 1018 Page 9
`
`

`

`
`U.S. Patent
`
`
`
`
`
`Apr.29, 2008
`
`
`
`
`Sheet 9 of 12
`
`
`
`US 7,366,101 B1
`
`
`
`50
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`140
`
`
`
`Splunk Inc.
`
`Exhibit1018
`
`Page 10
`
`Splunk Inc. Exhibit 1018 Page 10
`
`

`

`
`U.S. Patent
`
`
`
`
`
`Apr. 29, 2008
`
`
`
`
`Sheet 10 of 12
`
`
`
`US 7,366,101 B1
`
`
`
`50
`
`
`
`
`
`
`
`
`
`_ 330a
`
`
`140
`
`Splunk Inc.
`
`Exhibit1018
`
`Page 11
`
`Splunk Inc. Exhibit 1018 Page 11
`
`

`

`
`U.S. Patent
`
`
`
`
`
`Apr. 29, 2008
`
`
`
`
`
`Sheet 11 of 12
`
`
`
`US 7,366,101 B1
`
`
`
`
`Receive Data
`
`
`
`
`230
`
`
`
`
`
`
`
`
`
`202
`
`
`
`
`
`
`
`
`
`234
`
`
`
`
`
`236
`
`
`
`
`
`Yes
`
`
`
`
`
`Transmit
`
`
`
`Encapsulate (Sync)
`‘
`Packet to Partners
`& Flag Backes
`
`
`
`
`
`
`
`
`
`
`
`Control
`
`No
`
`
`
`Construct
`
`
`
`New Data
`Flow?
`
`
`
`
`
`
`
`
`
`
`
`
`Changes
`
`
`
`Traffic Class
`
`
`
`Packet
`
`
`
`
`Copy &
`No
`
`Encapsulate
`
`
`
`Packet
`
`
`212
`
`
`
`
`
`ee
`
`
`Yes
`
`
`
`
`
`Fetch/Updatc
`
`
`
`Control Block
`
`
`To Flow? Identify
`
`
`
`
`P = getControls
`
`
`(Traffic Class)
`
`
`
`
`
`Pass Packet to
`
`
`
`Flow Control
`
`
`Module (P)
`
`
`
`
`Record Bandwidth
`
`
`
`
`Utilization Data In
`
`
`
`Association with
`
`
`
`
`Traffic Class
`
`214
`
`
`
`
`
`
`
`
`
`
`
`
`
`Splunk Inc.
`
`Exhibit1018
`
`Page 12
`
`Splunk Inc. Exhibit 1018 Page 12
`
`

`

`
`U.S. Patent
`
`
`
`
`
`Apr. 29, 2008
`
`
`
`
`Sheet 12 of 12
`
`
`
`US 7,366,101 B1
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`Discard
`
`Packet
`
`
`
`
`
`104
`
`
`
`
`
`
`
`
`Report
`Configuration
`
`Error
`
`
`
`
`Receive on
`
`Sync
`Interface?
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`Receive Data
`
`
`Packet
`
`
`
`
`Set Bad Cable
`106
`
`
`
`Connection State
` Connection
`
` Copy &
`
`Encapsulate
`
`
`
`
`
`Connection
`Magic
`Packet
`
`
`
`State OK?
`Number?
` No
`
`
`
`Yes
`
`Connection
`
`State SS StateOK?Yes
`
`
`
`
`
`
`State OK?
`120
`
`
`
`
`
`
` Transmit
`
`
`
`
`Encapsulate (Sync)
`
`
`Packet to Partner(s)
`
`Reset Connection
`
`
`
`
`
`No
`
`
`
`122
`
`
`
`124
`
`
`
`
`Decapsulate
`
`
`& Flag Packet
`
`126
`
`
`
`
`Process
`
`Packet
`
`128
`
`
`
`
`
`
`
`
`
`130
`
`
`
`
`
`
`Discard
`
`Packet
`
`
`
`Yes
`Flagged as
`
`
`Sync Packet?
`
`
`
`
`
`
`No
`
`132
`
`
`
`:
`
`
`
`Splunk Inc.
`
`Exhibit1018
`
`Page 13
`
`Splunk Inc. Exhibit 1018 Page 13
`
`

`

`
`
`US 7,366,101 B1
`
`
`1
`NETWORK TRAFFIC SYNCHRONIZATION
`
`
`MECHANISM
`
`
`
`
`CROSS-REFERENCE TO RELATED
`
`APPLICATIONS
`
`
`
`
`
`
`
`
`
`
`
`
`
`This application makes reference to the following com-
`
`
`
`
`
`
`
`
`monly owned U.S. patent applications and patents, which
`
`
`
`
`
`
`
`
`are incorporated herein by reference in their entirety for alt
`
`purposes:
`
`
`
`
`
`
`
`
`
`USS. patent application Ser. No. 08/762,828 now U.S. Pat.
`
`
`
`
`
`
`
`No. 5,802,106 in the name of Robert L. Packer, entitled
`
`
`
`
`
`
`
`
`“Method for Rapid Data Rate Detection in a Packet Com-
`
`
`
`
`
`
`munication Environment Without Data Rate Supervision;”
`
`
`
`
`
`
`
`
`
`USS. patent application Ser. No. 08/970,693 now U.S. Pat.
`
`
`
`
`
`
`
`No. 6,018,516, in the name of Robert L. Packer, entitled
`
`
`
`
`
`“Method for Minimizing Unneeded Retransmission of Pack-
`
`
`
`
`
`
`ets in a Packet Communication Environment Supporting a
`
`
`
`
`Plurality of Data Link Rates;”
`
`
`
`
`
`
`
`
`
`USS. patent application Ser. No. 08/742,994 now U.S. Pat.
`
`
`
`
`
`
`
`No. 6,038,216, in the name of Robert L. Packer, entitled
`
`
`
`
`
`
`
`
`“Method for Explicit Data Rate Control in a Packet Com-
`
`
`
`
`
`
`munication Environment without Data Rate Supervision;”
`
`
`
`
`
`
`
`
`
`USS. patent application Ser. No. 09/977,642 now U.S. Pat.
`
`
`
`
`
`
`
`No. 6,046,980, in the name of Robert L. Packer, entitled
`
`
`
`
`
`
`
`“System for Managing Flow Bandwidth Utilization at Net-
`
`
`
`
`
`
`
`
`work, Transport and Application Layers in Store and For-
`
`
`ward Network;”
`
`
`
`
`
`
`
`
`
`USS. patent application Ser. No. 09/106,924 now U.S. Pat.
`
`
`
`
`
`
`
`
`No. 6,115,357, in the name of Robert L. Packer and Brett D.
`
`
`
`
`
`
`
`Galloway, entitled “Method for Pacing Data Flow in a
`
`
`Packet-based Network;”
`
`
`
`
`
`
`
`
`
`USS. patent application Ser. No. 09/046,776 now U.S. Pat.
`
`
`
`
`
`
`
`
`No. 6,205,120, in the name of Robert L. Packer and Guy
`
`
`
`
`
`
`Riddle, entitled “Method for Transparently Determining and
`
`
`
`
`
`
`Setting an Optimal Minimum Required TCP Window Size;”
`
`
`
`
`
`
`
`
`
`USS. patent application Ser. No. 09/479,356 now U.S. Pat.
`
`
`
`
`
`
`
`No. 6,285,658, in the name of Robert L. Packer, entitled
`
`
`
`
`
`
`
`“System for Managing Flow Bandwidth Utilization at Net-
`
`
`
`
`
`
`
`
`work, Transport and Application Layers in Store and For-
`
`
`ward Network;”
`
`
`
`
`
`
`
`
`
`USS. patent application Ser. No. 09/198,090 now U.S. Pat.
`
`
`
`
`
`
`
`
`No. 6,412,000, in the name of Guy Riddle and Robert L.
`
`
`
`
`
`
`Packer, entitled “Method for Automatically Classifying
`
`
`
`
`
`Traffic in a Packet Communications Network;”
`
`
`
`
`
`
`
`
`USS. patent application Ser. No. 09/198,051, in the name
`
`
`
`
`
`
`
`
`of Guy Riddle, entitled “Method for Automatically Deter-
`
`
`
`
`
`
`mining a Traffic Policy in a Packet Communications Net-
`
`work;”
`
`
`
`
`
`
`
`
`USS. patent application Ser. No. 09/206,772, in the name
`
`
`
`
`
`
`
`
`
`of Robert L. Packer, Brett D. Galloway and Ted Thi, entitled
`
`
`
`
`
`
`
`
`“Method for Data Rate Control for Heterogeneous or Peer
`
`Internetworking;”
`
`
`
`
`
`
`
`
`USS. patent application Ser. No. 09/966,538, in the name
`
`
`
`
`
`
`
`of Guy Riddle, entitled “Dynamic Partitioning of Network
`
`Resources;”
`
`
`
`
`
`
`
`
`U.S. patent application Ser. No. 10/039,992,
`in the
`
`
`
`
`
`
`
`
`Michael J. Quinn and Mary L. Laier, entitled “Method and
`
`
`
`
`
`
`
`Apparatus for Fast Lookup of Related Classification Entities
`
`
`
`
`in a Tree-Ordered Classification Hierarchy;”
`
`
`
`
`
`
`
`
`USS. patent application Ser. No. 10/015,826, in the name
`
`
`
`
`
`
`
`of Guy Riddle, entitled “Dynamic Tunnel Probing in a
`
`
`Communications Network;”
`
`
`
`
`
`
`
`
`USS. patent application Ser. No. 10/104,238, in the name
`
`
`
`
`
`
`
`
`
`of Robert Purvy and Mark Hill, entitled “Methods and
`
`
`
`
`
`
`Systems Allowing for Non-Intrusive Network Manage-
`
`ment;”
`
`20
`
`25
`
`30
`
`35
`
`40
`
`45
`
`50
`
`55
`
`60
`
`65
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`2
`
`
`
`
`
`
`
`U.S. patent application Ser. No. 10/108,085, in the name
`
`
`
`
`
`
`
`
`of Wei-Lung Lai, Jon Eric Okholm, and Michael J. Quinn,
`
`
`
`
`
`entitled “Output Scheduling Data Structure Facilitating
`
`
`
`
`
`Hierarchical Network Resource Allocation Scheme;”
`
`
`
`
`
`
`
`USS. patent application Ser. No. 10/155,936, in the name
`
`
`
`
`
`
`
`
`of Guy Riddle, Robert L. Packer and Mark Hill, entitled
`
`
`
`
`
`“Method for Automatically Classifying ‘Traffic with
`
`
`
`
`
`Enhanced Hierarchy in a Packet Communications Net-
`
`work;”
`
`
`
`
`
`
`
`US'S. patent application Ser. No. 10/177,518, in the name
`
`
`
`
`
`
`
`of Guy Riddle, entitled “Methods, Apparatuses and Systems
`
`
`
`
`
`Allowing for Progressive Network Resource Utilization
`
`
`Control Scheme;”
`
`
`
`
`
`
`
`US'S. patent application Ser. No. 10/178,617, in the name
`
`
`
`
`
`
`of Robert E. Purvy, entitled “Methods, Apparatuses and
`
`
`
`
`
`
`Systems Facilitating Analysis of Network Device Perfor-
`
`
`mance;” and
`
`
`
`
`
`
`
`
`US'S. patent application Ser. No. 10/236,149, in the name
`
`
`
`
`
`
`
`
`of Brett Galloway and George Powers, entitled “Classifica-
`
`
`
`
`
`
`tion Data Structure enabling Multi-Dimensional Network
`Traffic Classification and Control Schemes.”
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`FIELD OF THE INVENTION
`
`
`
`
`
`
`
`
`
`
`
`
`The present invention relates to computer networks and,
`
`
`
`
`
`
`
`more particularly,
`to methods, apparatuses and systems
`
`
`
`
`
`
`
`facilitating the synchronization of monitoring and/or man-
`
`
`
`
`
`
`
`agementtasks associated with network devices deployed in
`
`
`
`redundant network topologies.
`
`BACKGROUND OF THE INVENTION
`
`
`
`
`
`
`
`
`
`
`
`
`Efficient allocation of network resources, such as avail-
`
`
`
`
`
`
`
`able network bandwidth, has becomecritical as enterprises
`
`
`
`
`
`
`increase reliance on distributed computing environments
`
`
`
`
`
`
`
`and wide area computer networks to accomplish critical
`
`
`
`
`
`
`
`
`tasks. The widely-used TCP/IP protocol suite, which imple-
`ments the world-wide data communications network envi-
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`ronment called the Internet and is employed in manylocal
`
`
`
`
`
`
`
`
`area networks, omits any explicit supervisory function over
`
`
`
`
`
`
`
`
`
`
`the rate of data transport over the various devices that
`
`
`
`
`
`
`
`
`comprise the network. While there are certain perceived
`
`
`
`
`
`
`
`advantages, this characteristic has the consequence of jux-
`
`
`
`
`
`
`
`
`taposing very high-speed packets and very low-speed pack-
`
`
`
`
`
`
`
`ets in potential conflict and producescertain inefficiencies.
`
`
`
`
`
`
`
`Certain loading conditions degrade performance of net-
`
`
`
`
`
`
`
`
`worked applications and can even cause instabilities which
`
`
`
`
`
`
`
`
`
`could lead to overloads that could stop data transfer tempo-
`
`
`
`
`
`
`
`
`rarily. The above-identified U.S. patents and patent applica-
`
`
`
`
`
`
`tions provide explanations of certain technical aspects of a
`
`
`
`
`
`packet based telecommunications network environment,
`
`
`
`
`
`
`
`such as Internet/Intranet technology based largely on the
`
`
`
`
`
`
`
`
`TCP/IP protocol suite, and describe the deployment of
`
`
`
`
`
`
`
`bandwidth managementsolutions to monitor and manage
`
`
`
`
`
`
`
`network environments using such protocols and technolo-
`
`gies.
`
`
`
`
`
`
`An important aspect of implementing enterprise-grade
`
`
`
`
`
`network environments is provisioning mechanisms that
`
`
`
`
`
`
`
`address or adjustto the failure of systems associated with or
`
`
`
`
`
`
`
`connected to the network environment. For example, FIG.
`
`
`
`
`
`
`1A illustrates a computer network environment including a
`
`
`
`
`
`
`bandwidth management device 130 deployed to manage
`
`
`
`
`
`
`networktraffic traversing an access link 21 connected to a
`
`
`
`
`
`
`
`
`
`
`open computer network 50, such as the Internet. As one
`
`
`
`
`
`
`
`
`
`
`skilled in the art will recognize the failure of bandwidth
`
`
`
`
`
`
`
`
`
`management device 130 will prevent the flow of network
`
`
`
`
`
`
`
`traffic between end systems connected to LAN 40 and
`SplunkInc.
`Exhibit1018
`Page 14
`
`Splunk Inc. Exhibit 1018 Page 14
`
`

`

`
`3
`
`
`
`
`
`
`
`
`computer network 50. To prevent this from occurring, one
`
`
`
`
`
`
`
`
`prior art mechanism is to include a relay that actuates a
`
`
`
`
`
`
`
`
`
`switch to create a direct path for electrical signals across the
`
`
`
`
`
`
`
`bandwidth management device 130, when a software or
`
`
`
`
`
`
`hardware failure disables bandwidth management device
`
`
`
`
`
`
`
`
`130. In this manner, the bandwidth managementdevice 130
`
`
`
`
`
`
`
`essentially acts as a wire, allowing networktraffic to pass to
`
`
`
`
`
`
`
`
`thereby preserve network access. The problem with this
`
`
`
`
`
`
`
`approachis that, while network access is preserved, there is
`
`
`
`
`
`
`
`no failover mechanism to control or optimize network traffic
`
`
`
`
`
`
`
`
`while the bandwidth management device 130 remains down.
`
`
`
`
`
`
`
`
`To provide failover support that addresses this circum-
`
`
`
`
`
`
`
`
`stance, the prior art included a “hot standby” mechanism
`
`
`
`
`
`
`
`
`offered by Packeteer, Inc. of Cupertino, Calif., for use in
`
`
`
`
`
`
`
`shared Ethernet network environments employing the Car-
`
`
`
`
`
`
`
`rier Sense Multiple Access with Collision Detection
`
`
`
`
`
`
`
`(CSMA/CD) protocol. As FIG. 1B illustrates, redundant
`
`
`
`
`
`
`
`bandwidth management devices 230a, 2305 are deployed
`
`
`
`
`
`
`
`between router 22 and LAN 40. The inherent properties of
`the shared Ethernet LANs 40 and 41 meantthat all inbound
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`and outbound packets were received at both bandwidth
`
`
`
`
`
`
`
`management devices 230a, 2305. According to the hot
`
`
`
`
`
`
`standby mechanism, one bandwidth management device
`
`
`
`
`
`
`
`230a (for instance) operated in a normal mode classifying
`
`
`
`
`
`
`
`
`and shaping network traffic, while the other bandwidth
`
`
`
`
`
`
`management device 2305 operated in a monitor-only mode
`
`
`
`
`
`
`
`
`
`where the packets were dropped before egress from the
`
`
`
`
`
`
`
`device. The bandwidth management devices 230a, 2305
`
`
`
`
`
`
`
`
`were also configured to communicate with each other over
`30
`LAN40 and/or 41 to allow each device to detect when the
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`other failed. When such a failure occurred, bandwidth man-
`
`
`
`
`
`
`agement device 2305 previously operating in a monitor-only
`
`
`
`
`
`
`mode, could provide failover support
`in a substantially
`
`
`
`
`
`
`
`
`seamless fashion since its data structures were already
`
`
`
`
`
`
`
`
`populated with the information required to perform its
`function.
`
`
`
`
`
`
`
`
`
`While the hot standby feature is suitable in shared Eth-
`
`
`
`
`
`
`
`ermet environments, the use of Ethernet LAN switches in
`
`
`
`
`
`
`
`more modern enterprise networks has presented further
`
`
`
`
`
`challenges. According to switched Ethernet environments,
`
`
`
`
`
`
`
`
`
`
`an end system only sees the packets intended for it, render-
`
`
`
`
`
`
`
`
`
`ing invalid the assumption upon which the hot standby
`
`
`
`
`
`
`mechanism is based. FIG. 2A illustrates a computer network
`
`
`
`
`
`
`
`environment implemented by LAN switches 23, where the
`
`
`
`
`
`
`
`
`
`
`end systems such as computers 42 and servers 44 are
`
`
`
`
`
`
`
`
`
`connected to different ports of a LAN switch 23. In the
`
`
`
`
`
`
`
`network environment of FIG. 2A, LAN switches 23 connect
`
`
`
`
`
`
`
`bandwidth management devices 30a, 305 to router 22, as
`
`
`
`
`
`
`
`
`well as the end systems associated with an enterprise net-
`
`
`
`
`
`
`
`
`work. While the bandwidth management devices 30a, 306
`
`
`
`
`
`
`
`are deployed in a redundant topology, without the present
`
`
`
`
`
`
`
`
`invention,
`there is no mechanism that ensures that one
`
`
`
`
`
`
`
`
`
`
`device can seamlessly take over for the other device should
`one fail.
`
`
`
`
`
`
`
`
`Furthermore, many enterprise network architectures fea-
`
`
`
`
`
`
`
`ture redundant topologies for such purposes as load-sharing
`
`
`
`
`
`
`
`
`and failover. For example, as FIG. 2B illustrates a typical
`
`
`
`
`
`
`enterprise network infrastructure may include a plurality of
`
`
`
`
`
`
`
`
`access links (e.g., 21a, 215) connecting an enterprise LAN
`60
`
`
`
`
`
`
`
`
`or WANto an open computer network 50. In these network
`
`
`
`
`
`
`topologies, network traffic may be directed completely
`
`
`
`
`
`
`
`through one route or may be load-shared betweenalternative
`
`
`
`
`
`
`routes. According to these deployment scenarios, a given
`
`
`
`
`
`
`
`bandwidth management device 30a or 305 during a given
`
`
`
`
`
`
`
`span of time maysee all network traffic, part of the network
`
`
`
`
`
`
`
`
`traffic, or no network traffic. This circumstance renders
`
`
`
`
`
`
`control of networktraffic on a network-wide basis problem-
`
`20
`
`25
`
`35
`
`40
`
`45
`
`50
`
`55
`
`65
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`US 7,366,101 B1
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`4
`
`
`
`
`
`
`atic, especially when the bandwidth management devices
`
`
`
`
`
`
`
`
`
`30a, 306 each encounter only part of the network traffic.
`
`
`
`
`
`
`
`That
`is, each bandwidth management device 30a, 308,
`
`
`
`
`
`
`
`without the invention described herein, does not obtain
`
`
`
`
`
`
`
`enough information aboutthe networktraffic associated with
`
`
`
`
`
`
`the entire network to be able to accurately monitor network
`
`
`
`
`
`
`
`traffic and makeintelligent decisions to control or shape the
`
`
`
`
`
`
`network traffic flowing through the corresponding access
`
`
`
`
`
`
`links 21a, 21d. In addition, if a given bandwidth manage-
`
`
`
`
`
`
`
`
`
`ment device 30a, 305 sees notraffic for a period of time and
`
`
`
`
`
`
`
`
`the active route fails (for example), the bandwidth manage-
`
`
`
`
`
`
`
`ment device deployed on the alternate route essentially
`
`
`
`
`
`
`
`becomesthe master controller but possesses no prior infor-
`
`
`
`
`
`
`
`mation about existing flows or other networkstatistics. This
`
`
`
`
`
`circumstance often renders it impossible to adequately clas-
`
`
`
`
`
`
`
`
`sify data flows associated with connections active at the time
`
`
`
`
`
`
`of a changeor failover in the active bandwidth management
`device.
`
`
`
`
`
`
`
`
`
`
`In light of the foregoing, a need in the art exists for
`
`
`
`
`
`
`
`methods, apparatuses, and systems that allow two or more
`
`
`
`
`
`network devices to synchronize as to network traflic indi-
`
`
`
`
`
`
`vidually encountered by each network device. A need further
`
`
`
`
`
`
`
`exists for methods, apparatuses and systemsfacilitating the
`
`
`
`
`
`monitoring and managementof networktraffic in redundant
`
`
`
`
`
`network topologies. Embodiments of the present invention
`
`
`
`
`substantially fulfill these needs.
`SUMMARY OF THE INVENTION
`
`
`
`
`
`
`
`
`
`
`
`
`The present invention provides methods, apparatuses and
`
`
`
`
`
`
`systemsdirected to a networktraffic synchronization mecha-
`
`
`
`
`
`
`
`
`nism facilitating the deployment of network devices in
`
`
`
`
`
`
`redundant network topologies.
`In certain embodiments,
`
`
`
`
`
`
`
`
`whena first network device directly receives networktraffic,
`
`
`
`
`
`
`
`
`
`
`it copies the network traffic and transmits it to at least one
`
`
`
`
`
`
`
`
`partner network device. The partner network device pro-
`
`
`
`
`
`
`
`
`cesses the copied networktraffic, just as if it had receivedit
`
`
`
`
`
`
`
`
`directly, but, in one embodiment, discards the traffic before
`
`
`
`
`
`
`
`
`forwarding it on to its destination. In one embodiment, the
`
`
`
`
`
`
`
`partner network devices are operative to exchange directly
`
`
`
`
`
`
`
`
`received network traffic. As a result, the present invention
`
`
`
`
`
`
`
`provides enhancedreliability and seamless failover. Each
`
`
`
`
`
`
`
`
`
`
`unit, for example, is ready at any time to take over for the
`
`
`
`
`
`
`
`
`
`other unit should a failure occur. As discussed below, the
`
`
`
`
`
`
`networktraffic synchronization mechanism can be applied to
`
`
`
`
`
`
`
`
`a variety of network devices, such as firewalls, gateways,
`
`
`
`
`
`
`network routers, and bandwidth managementdevices.
`DESCRIPTION OF THE DRAWINGS
`
`
`
`
`
`
`
`
`
`
`
`
`
`FIG. 1A is a functional block diagram illustrating a
`
`
`
`
`
`
`computer network environment including a bandwidth man-
`
`
`
`
`
`
`agement device deployed in a non-redundant network envi-
`
`
`
`
`
`ronment including a single access link.
`
`
`
`
`
`
`FIG. 1B is a functional block diagram showing the
`
`
`
`
`deployment of redundant network devices in a CSMA/CD
`network environment.
`
`
`
`
`
`
`
`
`FIG. 2A is a functional block diagram illustrating a
`
`
`
`
`
`
`
`computer network environment including first and second
`
`
`
`
`
`
`
`
`network devices 30a, 306 and LAN switches 23.
`
`
`
`
`
`
`FIG. 2B is a functional block diagram illustrating a
`
`
`
`
`
`
`
`computer network environment including first and second
`
`
`
`
`
`
`
`
`network devices 30a, 305 deployed to control traffic across
`
`
`
`
`
`redundant access links 21a, 216.
`
`
`
`
`
`
`
`FIG. 2C is a functional block diagram illustrating the
`
`
`
`
`
`
`
`network interfaces and other functionality associated with a
`
`
`
`
`
`network device configured according to an embodiment of
`
`
`
`the present invention.
`
`SplunkInc.
`
`Exhibit1018
`
`Page 15
`
`Splunk Inc. Exhibit 1018 Page 15
`
`

`

`
`5
`
`
`
`
`
`
`
`FIG. 2D is a functional block diagram illustrating an
`alternative connection scheme betweenthe first and second
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`network devices for the exchange of network traffic syn-
`chronization data.
`
`
`
`
`
`
`
`
`
`FIG. 2E is a functional block diagram illustrating the
`
`
`
`
`
`
`
`network interfaces and other functionality associated with a
`
`
`
`
`
`
`network device configured according to another embodi-
`
`
`
`
`ment of the present invention.
`
`
`
`
`
`
`FIG. 2F is a functional block diagram illustrating the
`
`
`
`
`
`functionality associated with a network device including
`
`
`
`
`
`
`third and fourth non-synchronization network interfaces.
`
`
`
`
`
`
`FIG. 2G is a functional block diagram illustrating a
`
`
`
`
`
`
`
`computer network environmentincluding first, second and
`
`
`
`
`
`
`
`
`third network devices 430a, 4306 and 430c deployed to
`
`
`
`
`
`
`
`
`control traffic across redundant access links 21a, 21.
`
`
`
`
`
`
`FIG. 3 is a functional block diagram setting forth the
`
`
`
`
`functionality in a bandwidth management device according
`
`
`
`
`
`to an embodimentof the present invention.
`
`
`
`
`
`FIG. 4 is a flow chart diagram illustrating a method
`
`
`
`
`
`
`directed to the synchronization of network traffic data and
`the enforcement of bandwidth utilization control on network
`
`
`
`
`
`
`
`
`
`
`traffic data traversing an access link.
`
`
`
`
`
`FIG. 5 is a flow chart diagram illustrating a method
`
`
`
`
`
`directed to the synchronization of network traffic between
`two or more network devices.
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`20
`
`25
`
`
`
`DESCRIPTION OF PREFERRED
`
`
`EMBODIMENT(S)
`
`
`
`
`
`
`
`
`
`FIGS. 2A and 2B illustrate two possible network envi-
`
`
`
`
`
`
`ronments in which embodiments of the present invention
`
`
`
`
`
`
`
`may operate. FIG. 2A illustrates a computer network envi-
`ronment where access link 21 and router 22 connect LAN 40
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`to computer network 50. As FIG. 2A shows, the network
`
`
`
`
`
`
`
`environment includes redundant network devices 30a, 305
`
`
`
`
`
`
`operatively connected to communication paths between
`LAN 40 and router 22 via LAN switches 23. FIG. 2B
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`illustrates a computer network environment featuring a
`
`
`
`
`
`
`
`
`redundant network topology, that includes first and second
`
`
`
`
`
`
`
`
`
`
`access links 21a, 216; routers 22a, 226; and network devices
`
`
`
`
`
`
`
`
`
`30a, 305. Access links 21a, 216 operably connect computer
`
`
`
`
`
`
`
`network 140 to computer network 50. In one embodiment,
`
`
`
`
`
`
`
`computer network 140 is an enterprise WAN comprising a
`
`
`
`
`
`
`
`plurality of LAN segments. In one embodiment, computer
`
`
`
`
`
`
`
`
`
`network 50 is an open computer network, such as the
`
`
`
`
`
`
`
`
`
`Internet. As one skilled in the art will recognize, the network
`
`
`
`
`
`
`
`topology can be expandedto include additional access links
`and associated network devices. LAN switches 23 include a
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`plurality of ports to which end systems, such as client
`
`
`
`
`
`
`
`
`computers 42 and servers 44, and intermediate systems, such
`
`
`
`
`
`
`
`
`
`as routers and other switches, are connected. LAN switches
`
`
`
`
`
`
`
`
`
`23 receive packets on a given port and forward the packets
`
`
`
`
`
`
`
`
`to other network devices on selected ports. In one embodi-
`
`
`
`
`
`
`
`
`ment, LAN switch 23 is an Ethernet-based (IEEE 802.3)
`switch.
`
`
`
`
`
`A. Packet Synchronization Functionality
`
`
`
`
`
`
`
`As discussed above, FIG. 2A sets forth a packet-based
`
`
`
`
`
`
`computer network environment including network devices
`
`
`
`
`
`
`
`
`30a, 306 deployed to perform a network function on data
`
`
`
`
`
`
`
`
`flows traversing access links 21. In the network environment
`
`
`
`
`
`
`
`
`of FIG. 2B network devices 30a, 306 by operation of LAN
`
`
`
`
`
`
`switches 23 are operative to perform a network function on
`
`
`
`
`
`
`
`
`data flows traversing access links 21a, 215 respectively. As
`
`
`
`
`
`
`
`FIG. 2A shows, computer network 140 interconnects several
`
`
`
`
`
`
`
`
`TCP/IP end systems, including client devices 42 and server
`
`
`
`
`
`
`
`
`device 44, and provides access to resources operably con-
`
`30
`
`35
`
`40
`
`45
`
`55
`
`60
`
`65
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`US 7,366,101 B1
`
`
`
`
`6
`
`
`
`
`
`
`
`nected to computer network 50 via router 22. Access link 21
`
`
`
`
`
`
`
`
`is a physical and/or logical connection between two net-
`
`
`
`
`
`
`
`
`works, such as computer network 50 and network 140. The
`
`
`
`
`
`
`computer network environment,
`including computer net-
`
`
`
`
`
`works 140, 50 is a packet-based communications environ-
`
`
`
`
`
`
`
`ment, employing TCP/IP protocols, and/or other suitable
`
`
`
`
`
`
`
`protocols, and has a plurality of interconnected digital
`
`
`
`
`
`
`packet transmission stations or routing nodes. As FIG. 2A
`
`
`
`
`
`
`
`illustrates, network devices 30a, 306, in one embodiment,
`
`
`
`
`
`
`
`
`are provided between router 22, respectively, and computer
`
`
`
`
`
`
`
`network 140. As discussed in more detail below, network
`
`
`
`
`
`
`
`devices 30a, 305, can be bandwidth management devices
`
`
`
`
`
`
`
`
`
`that are each operative to classify data flows and, depending
`
`
`
`
`
`
`
`on the classification, enforce respective bandwidth utiliza-
`tion controls on the data flows to control bandwidth utili-
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`zation across and optimize networkapplication performance
`across access links 21. In the network environment of FIG.
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`2A, bandwidth management device 305,
`in one embodi-
`
`
`
`
`
`
`
`ment, may be deployedsolely to provide failover support in
`
`
`
`
`
`
`case of the failure of bandwidth management device 30a.
`
`
`
`
`
`
`
`Other operational configurations, however, are possible. In
`
`
`
`
`
`
`
`the network environment of FIG. 2B, bandwidth manage-
`
`
`
`
`
`
`
`
`ment devices 30a, 305 may operate concurrently to control
`
`
`
`
`
`
`
`
`bandwidth utilization across respective access links 21a, 215
`with one unit able to seamless take over for the other should
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`either unit itself, a LAN switch 23, a router 22a or 22h,
`
`
`
`
`
`
`
`
`
`and/or access links 21a or 216 fail. In such an embodiment,
`
`
`
`
`
`
`
`
`LAN switches 23 include the capability or re-directing
`
`
`
`
`
`
`
`
`
`traffic to alternate ports upon the detection of a network
`failure.
`
`
`
`
`
`
`
`
`Network devices 30a, 305 are operably connected to
`
`
`
`
`
`
`
`transmit packet data to synchronize networktraffic between
`
`
`
`
`
`
`
`each other. As the following provides, network devices 30a,
`
`
`
`
`
`
`
`305 can be connected to synchronize network traffic in a
`
`
`
`
`
`
`variety of configurations. As FIGS. 2A and 2B illustrate,
`
`
`
`
`
`
`
`transmission line 99 interconnects network devices 30a, 305
`
`
`
`
`
`
`
`
`
`to allow for sharing of network traffic data in the form of
`
`
`
`
`
`
`
`synchronization packets. FIG. 2C further illustrates the
`
`
`
`
`
`
`
`
`configuration of network device 30a according to an
`
`
`
`
`
`
`
`embodiment of the present invention. As FIG. 2C shows,
`
`
`
`
`
`
`
`
`network device 30a comprises control module 75, and, in
`
`
`
`
`
`
`
`
`one embodiment, network interfaces 71, 72, and synchro-
`
`
`
`
`
`
`
`nization network interface 74. As FIG. 2C illustrates, net-
`
`
`
`
`
`
`
`workinterfaces 71 and 72 operably connect