EP3149892A1 - Object tagging - Google Patents

Object tagging

Info

Publication number
EP3149892A1
EP3149892A1 EP15798787.6A EP15798787A EP3149892A1 EP 3149892 A1 EP3149892 A1 EP 3149892A1 EP 15798787 A EP15798787 A EP 15798787A EP 3149892 A1 EP3149892 A1 EP 3149892A1
Authority
EP
European Patent Office
Prior art keywords
tag
network
user
various embodiments
eligible
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
EP15798787.6A
Other languages
German (de)
French (fr)
Other versions
EP3149892A4 (en
Inventor
Brian DENTON
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
F5 Inc
Original Assignee
F5 Networks Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by F5 Networks Inc filed Critical F5 Networks Inc
Publication of EP3149892A1 publication Critical patent/EP3149892A1/en
Publication of EP3149892A4 publication Critical patent/EP3149892A4/en
Withdrawn legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/28Restricting access to network management systems or functions, e.g. using authorisation function to access network configuration
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/02Standardisation; Integration
    • H04L41/0233Object-oriented techniques, for representation of network management data, e.g. common object request broker architecture [CORBA]

Definitions

  • the present invention relates generally to network traffic management and, more particularly, but not exclusively to methods for the organization and management of object employed for network traffic management.
  • network traffic management systems may be responsible managing numerous entities of many different types, such as, network devices, network computers, mobile computers, network connections, users, network security, applications, services, configurations, or the like.
  • one or more entities may be described and/or abstracted using objects or other abstract data type structures. These representations may be arranged to represent one or more features and properties of the entities that are managed by a network traffic management system.
  • object definitions may be re-used and/or shared across multiple services and/or applications in the network management system. Often, different object instances that share the same object definitions may require organization that may be customized for the particular applications or services that may be employing those objects.
  • network management systems are often employed to manage dynamic network environments, static organization of objects representing such systems may be problematic given the dynamic nature of the systems they are employed to model. Thus, it is with respect to these considerations and others that the invention has been made.
  • FIGURE 1 is a system diagram of an environment in which embodiments of the invention may be implemented
  • FIGURE 2 shows an embodiment of a client computer that may be included in a system such as that shown in FIGURE 1
  • FIGURE 3 shows an embodiment of a network computer that may be included in a system such as that shown in FIGURE 1 ;
  • FIGURE 4 illustrates a logical schematic of a portion of a system that includes objects representing objects employed by a packet traffic management device for managing networks in accordance with at least one of the various embodiments;
  • FIGURE 5 shows an overview flowchart for a process for object tagging, in accordance with at least one of the various embodiments
  • FIGURE 6 shows an overview flowchart for a process for associating object tags with an object, in accordance with at least one of the various embodiments
  • FIGURE 7 shows an overview flowchart for a process for filtering objects based on object tags in accordance with at least one of the various embodiments
  • FIGURE 8 shows an overview flowchart for a process for employing object tags in network management rules in accordance with at least one of the various embodiments.
  • FIGURE 9 shows an overview flowchart for a process for employing object tags for determine actions for network management in accordance with at least one of the various embodiments.
  • tuple refers to a set of values that identify a source and destination of a connection.
  • a 5 tuple may include a source Internet Protocol (IP) address, a destination IP address, a source port number, a destination port number, virtual LAN segment identifier (VLAN ID), tunnel identifier, routing interface identifier, physical interface identifier, or a protocol identifier.
  • IP Internet Protocol
  • VLAN ID virtual LAN segment identifier
  • tunnel identifier may be a TCP source port number.
  • destination port number may be a TCP destination port number.
  • tuples may be used to identify network flows (e.g., connection flows).
  • a tuple need not be a 5 tuple, and other combinations of the above may also be used.
  • a tuple may be a four-tuple, using a source IP address, a destination IP address, a source port number, and a destination port number. Other combinations are also considered.
  • a "flow key" refers to key that may be generated based on a tuple comprising any combination of fields selected from within a network packet header, including those fields identified above.
  • network policy rule refers to conditions and/or actions that may be paired together such that if a condition is met then the corresponding action may be executed.
  • conditions may be compound conditions comprised of multiple conditions In at least one of the various embodiments,
  • actions may also compound actions, or in other words, multiple actions may be associated with a condition and/or a policy rule.
  • Policy rules may be arranged perform various network traffic management actions on network traffic, such as, load balancing, network flow steering, firewalling, modifying traffic data, enforcing security, caching, compression, decompression, cryptographic operations, proxying, traffic routing, traffic switching, bandwidth shaping, quota tracking, or the like.
  • object definition refers to a representation of entities and/or concepts that comprise a managed networking environment.
  • an object definition may be referred to as a class, or object type.
  • the object definition represents the data structure and/or behaviors for modeling the entity the object represents.
  • the object definition may be an inherent or built-in feature of an object-oriented programming language (e.g., Java, C++, C#, or the like).
  • the object definition may be a logical representation of an abstract data type using a non-object oriented programming language.
  • the number of different types of object definitions may arbitrarily vary depending on the scope, purpose, or arrangement of the management network environment. Accordingly, object definitions may be designed to represent the various entities and/or concepts present in a network traffic management system, such as, connections, requests, networks, sub-networks, connection pools, users, servers, clients, switches, routers, errors, notification, packets, channels, applications, or the like.
  • object refers to an instance of an object definition. Whereas an object definition describes information for modeling an entire class of one or more entities, an object represents a single instance of an object defined by an object definition.
  • objects may be employed for modeling one or more of the various entities and/or concepts present in a network traffic management system, such as, connections, requests, networks, sub-networks, connection pools, users, servers, clients, switches, routers, errors, notification, packets, channels, applications, or the like.
  • object tags refer alpha-numeric values that may be associated with one or more objects.
  • object tags may be created by users, predefined by a network management system, configured, automatically generated by scripts or other programs, or the like.
  • object tag may be defined to include a prefix string or character, such as, a hash '#', an asterisk '*', a sequence of one or more letters and/or characters, or the like.
  • Object tags associated to objects may be used as basis for arranging/grouping objects, generating search results (in response to a search query), assigning visibility and/or access rights, or the like. Additional description of object tags is included throughout the specification.
  • tag collection refers to a data structure used by objects for containing object tags.
  • objects may have one or more tag collections that hold or reference the object tags that have been added to the object.
  • tag collections may be arranged as data structure that store the object tags by copy or by reference.
  • tag string refers to a string of characters that may represent a portion of an object tag.
  • users may enter in tag strings that may be employed to determine candidate object tags.
  • tag strings may enable 'type-ahead' user interfaces that generate a list of candidate object tags that partially match the tag string.
  • active object tag refers to an object tag that is associated with one or more behaviors.
  • One or more action associated with the behaviors may be executed depending on the given context.
  • '#logchanges' may be an active object tag that indicates that each time the tagged object is modified a corresponding log entry that records the changes should be generated.
  • automated object tag refers to an object tag that may configured be automatically added or included in object. In at least one of the various aspects
  • automatic object tags may be configured to be added object of a given object definition type and/or in a certain context.
  • automatic object tags may employed by the network management device to add tags to hidden or restricted tag collections.
  • embodiments are directed towards managing communication over a network with a packet traffic management device (PTMD).
  • PTMD packet traffic management device
  • an object based on an object definition that models at least one entity in the network may be provided such that the object includes one or more tag collections.
  • one or more candidate object tags may be determined based on a tag string that may be provided by a user.
  • one or more eligible object tags may be determined from the candidate object tags based on a configuration rule. In at least one of the various embodiments, one or more of the eligible object tags may be determined based on an authorization level of the user.
  • the eligible object tags may be added to one or more tag collections based on characteristic of the eligible object tags.
  • the object and its tag collections may be stored in a data store. Further, in at least one of the various embodiments, one or more tag collections of an object may be concealed from the user based on the authorization level of the user.
  • one or more other object may be searched for based on one or more object tags that may be provided by the user. If a resource threshold is met or exceeded by the PTMD, the search may be terminated.
  • one or more network management rules may be executed on one or more object based on an object tag that is included in a network management rule.
  • one or more actions may be associated with an object tag such that the action may be executed on each object that includes the object tag.
  • FIGURE 1 shows components of one embodiment of an environment in which the invention may be practiced. Not all of the components may be required to practice these innovations, and variations in the arrangement and type of the components may be made without departing from the spirit or scope of the invention.
  • system 100 of FIGURE 1 includes local area networks (“LANs”)/ wide area networks (“WANs”) - (network) 108, wireless network 107, client computers 102-105, packet traffic management device (“PTMD”) 109, and server computers 110-111.
  • Network 108 is in communication with and enables communication between client computers 102-105, wireless network 107, and PTMD 109.
  • Wireless network 107 further enables communication with wireless devices, such as client computers 103-105.
  • PTMD 109 is in communication with network 108 and server computers 110-111.
  • client computers 102-105 is described in more detail below in conjunction with FIGURE 2.
  • client computers 102-105 may operate over wired and/or a wireless networks, such as networks 107 and/or 108.
  • client computers 102-105 may include virtually any computing device, or computer capable of communicating over a network. It should be recognized that more or less client computers may be included within a system such as described herein, and embodiments are therefore not constrained by the number or type of client computers employed.
  • Computers that may operate as client computer 102 may include computers that typically connect using a wired or wireless communications medium, such as personal computers, servers, multiprocessor systems, microprocessor-based or programmable consumer electronics, network PCs, or the like.
  • client computers 102-105 may include virtually any portable computing computer, or computer, capable of connecting to another computing device, or computer and communicating information, such as laptop computers, smart phones, mobile computers, tablet computers, or the like.
  • client computers are not so limited and may also include other portable devices, such as cellular telephones, display pagers, radio frequency (“RF") devices, infrared (“IR”) devices, Personal Digital Assistants ("PDAs”), wearable computers, integrated devices combining one or more of the preceding devices, and the like.
  • client computers 102-105 typically range widely in terms of capabilities and features.
  • client computers 102-105 may provide access to various computing applications, including a browser, or other web-based applications.
  • a web-enabled client computer may include a browser application that is configured to receive and to send web pages, web-based messages, and the like.
  • the browser application may be configured to receive and display graphics, text, multimedia, and the like, employing virtually any web-based language, including a wireless application protocol messages ("WAP"), and the like.
  • WAP wireless application protocol
  • the browser application is enabled to employ Handheld Device
  • Client computers 102-105 also may include at least one other client application that is configured to communicate by receiving and/or sending data with one or more other computing devices and/or computers.
  • the client application may include a capability to send and/or receive content, or the like.
  • the client application may further provide information that identifies itself, including a type, capability, name, or the like.
  • client computers 102-105 may uniquely identify themselves through any of a variety of mechanisms, including a phone number, network address, MAC address, Mobile Identification Number (" ⁇ "), an electronic serial number (“ESN”), or other mobile device identifier.
  • the information may also indicate a content format that the client computer is enabled to employ. Such information may be provided in a network packet, or the like, sent between other client computers, PTMD 109, server computers 1 10-111, or other computing devices.
  • Client computers 102-105 may further be configured to include a client application that enables an end-user to log into an end-user account that may be managed by another computer, such as server computers 110-111, or the like.
  • client application that enables an end-user to log into an end-user account that may be managed by another computer, such as server computers 110-111, or the like.
  • Such end-user account in one non- limiting example, may be configured to enable the end-user to manage one or more online activities, including in one non-limiting example, search activities, social networking activities, browse various websites, communicate with other users, participate in gaming, interact with various applications, or the like. However, participation in online activities may also be performed without logging into the end-user account.
  • Wireless network 107 is configured to couple client computers 103-105 and its components with network 108.
  • Wireless network 107 may include any of a variety of wireless sub-networks that may further overlay stand-alone ad-hoc networks, and the like, to provide an infrastructure-oriented connection for client computers 102-105.
  • Such sub-networks may include mesh networks, Wireless LAN ("WLAN") networks, cellular networks, and the like.
  • the system may include more than one wireless network.
  • Wireless network 107 may further include an autonomous system of terminals, gateways, routers, and the like connected by wireless radio links, and the like. These connectors may be configured to move freely and randomly and organize themselves arbitrarily, such that the topology of wireless network 107 may change rapidly.
  • Wireless network 107 may further employ a plurality of access technologies including 2nd (2G), 3rd (3G), 4th (4G) 5 th (5G) generation radio access for cellular systems, WLAN, Wireless Router ("WR") mesh, and the like.
  • Access technologies such as 2G, 3G, 4G, 5G, and future access networks may enable wide area coverage for mobile computers, such as client computers 103-105 with various degrees of mobility.
  • wireless network 107 may enable a radio connection through a radio network access such as Global System for Mobil communication (“GSM”), General Packet Radio Services (“GPRS”),
  • GSM Global System for Mobil communication
  • GPRS General Packet Radio Services
  • wireless network 107 may include virtually any wireless communication mechanism by which information may travel between client computers 103-105 and another computing device, computer, network, and the like.
  • Network 108 is configured to couple network computers with other computing devices, and/or computers, including, server computers 110-111 through PTMD 109, client computer 102, and client computers 103-105 through wireless network 107.
  • Network 108 is enabled to employ any form of computer readable media for communicating information from one electronic device to another.
  • network 108 can include the Internet in addition to LANs, WANs, direct connections, such as through a universal serial bus ("USB") port, other forms of computer readable media, or any combination thereof.
  • a router acts as a link between LANs, enabling messages to be sent from one to another.
  • communication links within LANs typically include twisted wire pair or coaxial cable
  • communication links between networks may utilize analog telephone lines, full or fractional dedicated digital lines including Tl, T2, T3, and T4, and/or other carrier mechanisms including, for example, E- carriers, Integrated Services Digital Networks ("ISDNs"), Digital Subscriber Lines (“DSLs”), wireless links including satellite links, or other communications links known to those skilled in the art.
  • ISDNs Integrated Services Digital Networks
  • DSLs Digital Subscriber Lines
  • communication links may further employ any of a variety of digital signaling technologies, including without limit, for example, DS-0, DS-1, DS-2, DS-3, DS-4, OC-3, OC- 12, OC-48, or the like.
  • network 108 may be configured to transport information of an Internet Protocol ("IP").
  • IP Internet Protocol
  • network 108 includes any communication method by which information may travel between computing devices and/or computers.
  • communication media typically embodies computer readable instructions, data structures, program modules, or other transport mechanism and includes any information delivery media.
  • communication media includes wired media such as twisted pair, coaxial cable, fiber optics, wave guides, and other wired media and wireless media such as acoustic, RF, infrared, and other wireless media.
  • PTMD 109 may include virtually any network computer capable of managing network traffic between client computers 102-105 and server computers 110-111. Such computers include, for example, routers, proxies, firewalls, load balancers, cache devices, devices that perform network address translation, or the like, or any combination thereof. PTMD 109 may perform the operations of routing, translating, switching packets, network address translation, firewall services, network flow control, or the like. In one embodiment, PTMD 109 may inspect incoming network packets, and may perform an address translation, port translation, a packet sequence translation, and the like, and route the network packets based, at least in part, on the packet inspection. In some embodiments, PTMD 109 may perform load balancing operations to determine a server computer to direct a request. Such load balancing operations may be based on network traffic, network topology, capacity of a server, content requested, or other traffic distribution mechanisms.
  • the PTMD 109 may include a control segment and a separate data flow segment.
  • the control segment may include software-optimized operations that perform high-level control functions and per-flow policy enforcement for packet traffic management.
  • the control segment may be configured to manage connection flows maintained at the data flow segment.
  • the control segment may provide instructions, such as, for example, a packet translation instruction, to the data flow segment to enable the data flow segment to route received packets to a server computer, such as server computer 110-111.
  • the data flow segment may include hardware-optimized operations that perform statistics gathering, per-packet policy enforcement (e.g., packet address translations), high-speed flow caches, or the like, on connection flows maintained at DFS between client computers, such as client computers 102-105, and server computers, such as server computers 110-111.
  • client computers such as client computers 102-105
  • server computers such as server computers 110-111.
  • PTMD 109 may be arranged to represent one or more entities and/or concepts associated with network management using object definition and/or objects. Objects may be employed to represent one or more items or concepts employed during the management of networks and/or network traffic.
  • Server computers 110-1 11 may include virtually any network computer that may operate as a website server.
  • server computers 110-111 are not limited to website servers, and may also operate as messaging server, a File Transfer Protocol (FTP) server, a database server, content server, application server, or the like. Additionally, each of server computers 110-111 may be configured to perform a different operation.
  • Computers that may operate as server computers 110-111 include various network computers, including, but not limited to personal computers, desktop computers, multiprocessor systems, microprocessor-based or programmable consumer electronics, network PCs, server computers, network appliances, and the like.
  • FIGURE 1 illustrates server computers 110-111 as single computers
  • server computers 110-111 are not so limited.
  • one or more functions of each of server computers 110- 111 may be distributed across one or more distinct network computers.
  • server computers 110-111 are not limited to a particular configuration.
  • server computers 110-111 may contain a plurality of network computers that operate using a master/slave approach, where one of the plurality of network computers of server computers 110-111 operate to manage and/or otherwise coordinate operations of the other network computers.
  • the server computers 110-111 may operate as a plurality of network computers within a cluster architecture, a peer-to-peer architecture, a cloud architecture, or the like.
  • the invention is not to be construed as being limited to a single environment, and other configurations, and architectures are also envisaged.
  • FIGURE 2 shows one embodiment of client computer 200 that may be included in a system implementing embodiments of the invention.
  • Client computer 200 may include many more or less components than those shown in FIGURE 2. However, the components shown are sufficient to disclose an illustrative embodiment for practicing the present invention.
  • Client computer 200 may represent, for example, one embodiment of at least one of client computers 102-105 of FIGURE 1.
  • client computer 200 includes a processor 202 in communication with memory 226 via a bus 234.
  • Client computer 200 also includes a power supply 228, one or more network interfaces 236, an audio interface 238, a display 240, a keypad 242, and an input/output interface 248.
  • Power supply 228 provides power to client computer 200.
  • a rechargeable or non- rechargeable battery may be used to provide power.
  • the power may also be provided by an external power source, such as an AC adapter or a powered docking cradle that supplements and/or recharges a battery.
  • Client computer 200 may optionally communicate with a base station (not shown), or directly with another computing device and/or computer.
  • Network interface 236 includes circuitry for coupling client computer 200 to one or more networks, and is constructed for use with one or more communication protocols and technologies including, but not limited to, global system for mobile communication (“GSM”), code division multiple access (“CDMA”), time division multiple access (“TDM A”), High Speed Downlink Packet Access (“HSDPA”), Long Term Evolution (“LTE”), user datagram protocol (“UDP”), transmission control
  • GSM global system for mobile communication
  • CDMA code division multiple access
  • TDM A time division multiple access
  • HSDPA High Speed Downlink Packet Access
  • LTE Long Term Evolution
  • UDP user datagram protocol
  • Network interface 236 is sometimes known as a transceiver, transceiving device, or network interface card (“NIC”).
  • Audio interface 238 is arranged to produce and receive audio signals such as the sound of a human voice.
  • audio interface 238 may be coupled to a speaker and microphone (not shown) to enable telecommunication with others and/or generate an audio acknowledgement for some action.
  • Display 240 may be a liquid crystal display (“LCD”), gas plasma, light emitting diode (“LED”), or any other type of display used with a computing device and/or computer.
  • Display 240 may also include a touch sensitive screen arranged to receive input from an object such as a stylus or a digit from a human hand.
  • Keypad 242 may comprise any input device arranged to receive input from a user.
  • keypad 242 may include a push button numeric dial, or a keyboard.
  • Keypad 242 may also include command buttons that are associated with selecting and sending images.
  • Client computer 200 also comprises input/output interface 248 for communicating with external devices, such as a headset, or other input or output devices not shown in FIGURE 2.
  • Input/output interface 248 can utilize one or more communication technologies, such as USB, infrared, BluetoothTM, or the like.
  • Client computer 200 may also include a GPS transceiver (not shown) to determine the physical coordinates of client computer 200 on the surface of the Earth.
  • a GPS transceiver typically outputs a location as latitude and longitude values.
  • the GPS transceiver can also employ other geo-positioning mechanisms, including, but not limited to, triangulation, assisted GPS ("AGPS"), Enhanced Observed Time Difference ("E-OTD”), Cell Identifier (“CI”), Service Area Identifier (“SAI”), Enhanced Timing Advance (“ETA”), Base Station Subsystem (“BSS”), or the like, to further determine the physical location of client computer 200 on the surface of the Earth.
  • AGPS assisted GPS
  • E-OTD Enhanced Observed Time Difference
  • CI Cell Identifier
  • SAI Service Area Identifier
  • ETA Enhanced Timing Advance
  • BSS Base Station Subsystem
  • a GPS transceiver can determine a physical location within millimeters for client computer 200; and in other cases, the determined physical location may be less precise, such as within a meter or significantly greater distances.
  • client computer 200 may through other components, provide other information that may be employed to determine a physical location of the computer, including for example, a Media Access Control ("MAC") address, IP address, or the like.
  • MAC Media Access Control
  • Memory 226 includes a Random Access Memory (“RAM”) 204, a Read-only Memory (“ROM”) 222, and other storage means.
  • Mass memory 226 illustrates an example of computer readable storage media (devices) for storage of information such as computer readable instructions, data structures, program modules or other data.
  • Mass memory 226 stores a basic input/output system (“BIOS") 224 for controlling low-level operation of client computer 200.
  • BIOS basic input/output system
  • the mass memory also stores an operating system 206 for controlling the operation of client computer 200. It will be appreciated that this component may include a general-purpose operating system such as a version of UNIX, or LINUXTM, or a specialized client
  • the operating system may include, or interface with a Java virtual machine module that enables control of hardware components and/or operating system operations via Java application programs.
  • Mass memory 226 further includes one or more data storage 208, which can be utilized by client computer 200 to store, among other things, applications 214 and/or other data.
  • data storage 208 may also be employed to store information that describes various capabilities of client computer 200. The information may then be provided to another device or computer based on any of a variety of events, including being sent as part of a header during a communication, sent upon request, or the like.
  • Data storage 208 may also be employed to store social networking information including address books, buddy lists, aliases, user profile information, or the like. Further, data storage 208 may also store message, web page content, or any of a variety of user generated content. At least a portion of the information may also be stored on another component of network computer 200, including, but not limited to processor readable storage device 230, a disk drive or other computer readable storage medias (not shown) within client computer 200.
  • Processor readable storage device 230 may include volatile, nonvolatile, removable, and non-removable media implemented in any method or technology for storage of information, such as computer- or processor-readable instructions, data structures, program modules, or other data. Examples of computer readable storage media include RAM, ROM, Electrically Erasable Programmable Read-only Memory (“EEPROM”), flash memory or other memory technology, Compact Disc Read-only Memory (“CD-ROM”), digital versatile disks (“DVD”) or other optical storage, magnetic cassettes, magnetic tape, magnetic disk storage or other magnetic storage devices, or any other physical medium which can be used to store the desired information and which can be accessed by a computing device and/or computer. Processor readable storage device 230 may also be referred to herein as computer readable storage media.
  • RAM random access memory
  • ROM Read Only Memory
  • EEPROM Electrically Erasable Programmable Read-only Memory
  • CD-ROM Compact Disc Read-only Memory
  • DVD digital versatile disks
  • Processor readable storage device 230 may also be referred to
  • Applications 214 may include computer executable instructions which, when executed by client computer 200, transmit, receive, and/or otherwise process network data.
  • Network data may include, but is not limited to, messages (e.g., SMS, Multimedia Message Service (“MMS”), instant message (“IM”), email, and/or other messages), audio, video, and enable
  • Applications 214 may include, for example, browser 218.
  • Applications 214 may include other applications, which may include, but are not limited to, calendars, search programs, email clients, IM applications, SMS applications, voice over Internet Protocol ("VOIP") applications, contact managers, task managers, transcoders, database programs, word processing programs, security applications, spreadsheet programs, games, search programs, and so forth.
  • VOIP voice over Internet Protocol
  • Browser 218 may include virtually any application configured to receive and display graphics, text, multimedia, and the like, employing virtually any web based language.
  • the browser application is enabled to employ HDML, WML, WMLScript,
  • browser 218 may enable a user of client computer 200 to communicate with another network computer, such as PTMD 109 and/or indirectly with server computers 110-111.
  • FIGURE 3 shows one embodiment of a network computer 300, according to one embodiment of the invention.
  • Network computer 300 may include many more or less components than those shown. The components shown, however, are sufficient to disclose an illustrative embodiment for practicing the invention.
  • Network computer 300 may be configured to operate as a server, client, peer, a host, or any other computer.
  • Network computer 300 may represent, for example PTMD 109 of FIGURE 1 , server computers 110- 111 of FIGURE 1 , and/or other network computers.
  • Network computer 300 includes processor 302, processor readable storage device 328, network interface unit 330, an input/output interface 332, hard disk drive 334, video display adapter 336, data flow segment (“DFS”) 338 and a mass memory, all in communication with each other via bus 326.
  • the mass memory generally includes RAM 304, ROM 322 and one or more permanent mass storage devices, such as hard disk drive 334, tape drive, optical drive, and/or floppy disk drive.
  • the mass memory stores operating system 306 for controlling the operation of network computer 300. Any general-purpose operating system may be employed.
  • BIOS Basic input/output system
  • BIOS Basic input/output system
  • network computer 300 also can communicate with the Internet, or some other communications network, via network interface unit 330, which is constructed for use with various communication protocols including the TCP/IP protocol.
  • Network interface unit 330 is sometimes known as a transceiver, transceiving device, or network interface card ("NIC").
  • Network computer 300 also comprises input/output interface 332 for communicating with external devices, such as a keyboard, or other input or output devices not shown in FIGURE 3.
  • Input/output interface 332 can utilize one or more communication technologies, such as USB, infrared, BluetoothTM, or the like.
  • the mass memory as described above illustrates another type of computer readable media, namely computer readable storage media and/or processor readable storage media, including processor readable storage device 328.
  • Processor readable storage device 328 may include volatile, nonvolatile, removable, and non-removable media implemented in any method or technology for storage of information, such as computer readable instructions, data structures, program modules, or other data. Examples of processor readable storage media include RAM, ROM, EEPROM, flash memory or other memory technology, CD-ROM, digital versatile disks (DVD) or other optical storage, magnetic cassettes, magnetic tape, magnetic disk storage or other magnetic storage devices, or any other media which can be used to store the desired information and which can be accessed by a computing device and/or computer.
  • Data storage 308 may include a database, text, spreadsheet, folder, file, or the like, that may be configured to maintain and store user account identifiers, user profiles, email addresses, IM addresses, and/or other network addresses; or the like.
  • Data stores 308 may further include program code, data, algorithms, and the like, for use by a processor, such as central processing unit 302 to execute and perform actions.
  • a processor such as central processing unit 302 to execute and perform actions.
  • at least some of data store 308 might also be stored on another component of network computer 300, including, but not limited to processor-readable storage device 328, hard disk drive 334, or the like.
  • the mass memory may also stores program code and data.
  • One or more applications 314 may be loaded into mass memory and run on operating system 306.
  • application programs may include transcoders, schedulers, calendars, database programs, word processing programs, Hypertext Transfer Protocol ("HTTP") programs, customizable user interface programs, IPSec applications, encryption programs, security programs, SMS message servers, IM message servers, email servers, account managers, and so forth.
  • Web server 316 and control segment (“CS") 318 may also be included as application programs within applications 314.
  • Web server 316 represent any of a variety of services that are configured to provide content, including messages, over a network to another computing device and/or computer.
  • web server 316 includes, for example, a web server, a File Transfer Protocol ("FTP") server, a database server, a content server, or the like.
  • Web server 316 may provide the content including messages over the network using any of a variety of formats including, but not limited to WAP, HDML, WML, SGML, HTML, XML, Compact HTML (“cHTML”), Extensible HTML (“xHTML”), or the like.
  • Web server 316 may also be configured to enable a user of a client computer, such as client computers 102-105 of FIGURE 1, to browse websites, upload user data, or the like.
  • Network computer 300 may also include DFS 338 for maintaining connection flows between client computers, such as client computers 102-105 of FIGURE 1, and server computers, such as server computers 110-111 of FIGURE 1.
  • DFS 338 may include hardware-optimized operations for packet traffic management, such as repetitive operations associated with packet traffic management. For example, DFS 338 may perform statistics gathering, per-packet policy enforcement (e.g., packet address translations), or the like, on connection flows maintained at DFS 338.
  • DFS 338 may route, switch, forward, and/or otherwise direct packets based on rules for a particular connection flow signature (e.g., a 5 tuple of a received packet).
  • DFS 338 may include capabilities and perform tasks such as that of a router, a switch, a routing switch, firewalls, network address translation, or the like.
  • the rules for a particular connection flow signature may be based on instructions received from CS 318.
  • DFS 338 may store the instructions received from CS 318 in a local memory as a table or some other data structure.
  • DFS 338 may also store a flow state table to indicate a state of current connection flows maintained at DFS 338.
  • components of DFS 338 may comprise and/or work in combination to provide high-speed flow caches for optimizing packet traffic management.
  • CS 318 may provide connection updates to DFS 338 that may include activating or deactivating one or more protocol options for a particular connection flow, such as, turning on or off SYN-Cookie for TCP flows, or the like.
  • DFS 338 may provide connection flow updates to CS 318.
  • a connection flow update may include a status of the connection flow, a current state of the connection flow, other statistical information regarding the connection flow, or the like.
  • the connection flow update may also include an identifier that corresponds to the connection flow. The identifier may be generated and provided by CS 318 when a connection flow is established at DFS 338.
  • the connection flow update may be a connection flow delete update provided to CS 318 after the connection flow is terminated at DFS 338.
  • the connection flow update and/or the connection flow delete update may be provided to CS 318 periodically, at predefined time intervals, or the like.
  • DFS 338 may stagger a time when a plurality of connection flow updates are provided to CS.
  • DFS 338 may include a plurality of data flow segments.
  • a first data flow segment within DFS 338 may forward packets received from a client computer to a server computer, while a second data flow segment within DFS 338 may forward and/or route packets received from a server computer to a client computer.
  • DFS 338 may also be implemented in software.
  • CS 318 may include a control segment that may include software-optimized operations to perform high-level control functions and per- flow policy enforcement for packet traffic management. CS 318 may be configured to manage connection flows maintained at DFS 338.
  • CS 318 may provide instructions, such as, for example, a packet address translation instructions, to DFS 338 to enable DFS 338 to forward received packets to a server computer, such as server computer 110-111 of FIGURE 1. In some other embodiments, CS 318 may forward and/or route packets between a client computer and a server computer independent of DFS 338.
  • CS 318 may include a plurality of control segments. In some embodiments, a plurality of control segments may access and/or manage connection flows at a single data flow segments and/or a plurality of data flow segments. In some other embodiments, CS 318 may include an internal data flow segment. In one such embodiment, the internal data flow segment of CS 318 may be distributed and/or separate from CS 318. For example, in one embodiment, CS 318 may be employed in software, while the internal data flow segment may be employed in hardware. In some other embodiments, CS 318 may identify if connection flows are split between different data flow segments and/or between a DFS 338 and CS 318. In at least one embodiment, CS 318 may also be implemented in hardware.
  • CS 318 may be arranged to employ one or more objects for representing entities and/or concepts that may be under management by a PTMD. Accordingly, each object may be instantiated based on an object class and/or object data type that defines the properties and/or behaviors associated with the representation of the entity or concept.
  • objects may be associated with one or more object tags.
  • One or more object tags may be associated with an object and/or object type by users, configuration rules, administrators, operations of CS 318, or the like.
  • CS 318 may be arranged to include a rule engine for applying one or more rules to incoming and/or outgoing network traffic and/or network connections.
  • the rules may be written in one or more scripting and/or computer programming languages, such as, TCL, Perl, Java, Javascript, C, C++, C#, or the like, or combination thereof.
  • the rules may include one or more conditions that may be associated with one or more actions.
  • the rules and rule engine enable customized network traffic management actions to be defined.
  • such actions may include, load balancing, cryptography, compression/decompression, access control, connection pooling, firewall tasks, network performance monitoring, resource caching, or the like, or combination thereof.
  • the rules engine included in CS 318 may be arranged to evaluate conditions and perform actions based in part on objects and/or object properties. Accordingly, in at least one of the various embodiments, object tags that may be associated with an object may be incorporated in the conditions and/or actions that comprise the rules. See, FIGURE 8 and its accompanying description.
  • FIGURE 4 illustrates a logical schematic of a portion of system 400 that includes objects representing objects employed by a PTMD for managing networks in accordance with at least one of the various embodiments.
  • CS 318 may be arranged to represent one or more entities associated with the management of networks and/or network traffic using objects.
  • Object 402 and object 416 are non-limiting examples of the kind of objects that may be employed in at least one of the various
  • objects and/or object types may be implemented using one or more well-known, or custom, object-oriented programming languages.
  • objects and/or object types may be implemented using object-oriented techniques using a non-object oriented language.
  • objects and/or object type may be implemented using customer programming languages and/or scripts.
  • the particular underlying data structure and/or implementation for objects employed by the PTMD may vary depending on the programming languages that are used, as well as one or more modeling decisions, engineering decisions and/or preferences unrelated to the innovations included herein.
  • object 402 and object 416, as described herein are at least sufficient for enabling the practice of the innovations included herein.
  • object 402 may be arranged to model a collection of network connections called a connection pool.
  • object 402 may include one or more properties, such as, object identifier (OID) 404, type 406, description 408, properties 410, tag collection 412, tag collection 414, or the like.
  • properties 410 may be assumed to include one or more property fields that may be relevant for modeling the object.
  • the number and type of properties may vary depending on the entity or concept the object is modeling.
  • a connection pool object such as, object 402 may include properties (not shown), such as, maximum number of connections, current number of connections, minimum number of connections, connection type, timeout information, virtual network address, or the like.
  • properties not shown
  • the particular properties used for modeling the entities or concepts represented by the object are unimportant.
  • tag collection 412 may be a tag collection that includes one or more tags strings, such as, #DNS, #BACKUP, #SEATTLE, or the like.
  • the tag strings that comprise an object tag may be formatted in various ways.
  • the tags in tag collection 412 include a leading 'hash symbol', however, other symbols may be used, or in some embodiments, no special symbol may be required.
  • tag strings may be comprised of any alphanumeric character. However, in at least one of the various embodiments, one or more, characters or string patterns may be excluded and/or reserved depending on the configuration, policy, and/or arrangement of the PTMD.
  • objects may be associated with one more object tags by adding and/or including them in one or more of their tag collections. Different instances of the same object type may be associated with different object tags.
  • object 416 includes tag collection 418 that includes different tags than tag collection 412 of object 402 - even though object 402 and object 416 may represent the same type of object (e.g., Connection Pools).
  • tags may be used for internal organization of the objects. In such cases, for some embodiments, tags used for internal organization of the objects may be hidden from view for one or more users. Accordingly, in the examples shown in FIGURE 4, tag collection 412 and tag collection
  • tags 418 may represent tags that may be visible and/or accessible to users while tag collection 414 and tag collection 420 may represent tags that may be employed internally and not generally visible or available to users.
  • objects may be arranged to include more or less tag collections than are shown in FIGURE 4.
  • tags having different classifications and/or different access levels may be stored together rather than in separate tag collections.
  • tags may be employed for reasons related to the specific operational parameters of a network and the management priorities/goals associated with the managed network.
  • object 402 and object 416 both include the '#DNS' tag. In some embodiments, this may be used to indicate that the objects, in this case, these connection pools, are associated with one or more domain name system services.
  • the tags may have different semantic meaning depending on a particular implementation and/or network environment.
  • object 402 includes the #SEATTLE tag which may indicate that the connection pool is associated with servers located in the city, Seattle, Washington.
  • the #SEATTLE tag may be used to indicate that a support team located in Seattle, Washington is responsible for maintaining the services associated with this connection pool.
  • the selection of one or more of the tag strings and the semantic meaning of these tag may be determined by one or more users and/or determined by configuration information.
  • a PTMD may be arranged to associate particular object tags with semantic meaning that is honored by the PTMD.
  • the tag #DNS may be a system provided tag that is used for associating a connection pool with domain name system services provided by the PTMD.
  • objects associated with a DNS service would be required to be associated with the #DNS tag.
  • associating an object with an object tag that has semantic meaning would result in that semantic meaning being applied to each object associated with the tag.
  • a PTMD may be arranged to provide object tags that indicate behavior as well as semantic meaning. Accordingly, in at least one of the various embodiments, the PTMD may be arranged to perform one or more actions on objects that are associated with object tags that indicate a behavior. In at least one of the various
  • the behavior associated with an object tag may vary depending on the operational context and the object type.
  • a PTMD may be arranged to perform mirroring (e.g., duplication) actions on objects that are associated with #MIRROR tag. Accordingly, since object 402 includes the #MIRROR tag in tag collection 414, the PTMD in this example may be arranged to perform actions to mirror the information associated with object 402 because it is associated with the #MIRROR tag.
  • mirroring e.g., duplication
  • processes 500, 600, 700, 800 and, 900 described in conjunction with FIGURES 5-9, respectively may be implemented by and/or executed on a network computer, such as network computer 300 of FIGURE 3.
  • these processes or portions of these processes may be implemented by and/or executed on a plurality of network computers, such as network computer 300 of FIGURE 3.
  • these processes or portions of these processes may be
  • FIGURE 5 shows an overview flowchart for process 500 for object tagging, in accordance with at least one of the various embodiments.
  • client computers such as client computer 200 as shown in FIGURE 2.
  • FIGURE 5 shows an overview flowchart for process 500 for object tagging, in accordance with at least one of the various embodiments.
  • one or more objects may be provided to process 500 for tagging.
  • objects may be provided by various mechanisms, including, user selection, rule based selection, configuration settings, presented in a user interface, or the like.
  • a PTMD may be arranged to provide one or more user interfaces that enable a user to select the object from one or more lists and/or collections of existing objects. Also, in at least one of the various embodiments, the PTMD may be arranged to enable newly created objects to be provided to process 500 for object tagging.
  • control may flow to block 508; otherwise, in at least one of the various embodiments, control may flow to block 510.
  • the PTMD may be arranged to automatically associate certain object tags to particular objects and/or object types.
  • object tags that may be automatically associated with objects may be considered automatic tags and/or automatic object tags. Accordingly, in at least one of the various embodiments, automatic object tags may be added to one or more of the tag collections for an object.
  • the automatic object tags for automatically adding to the object may be determined and added to the tag collections for the object.
  • the PTMD may be arranged to employ configuration information and/or rule based policies for determining the automatic object tags, if any, to add to an object.
  • automatic object tags may be tags that convey semantic descriptions and/or default information for the object. For example, if a user employs a DNS Service application create a new object, a tag such as #DNS may be added to that new object to indicate that the object was created using the DNS Service application.
  • users may configure a PTMD to automatically add various object tags to any given object based on a variety of configuration parameters. For example, in at least one of the various embodiments, the PTMD may be configured to add an object tag that corresponds to information associated with the user that created the object, such as, the user's name, the user's team, or the like.
  • the configuration information may include rules for identifying automatic object tags that may be added to objects. Accordingly, in at least one of the various embodiments, these rules may identify one or more object tags to automatically add with particular object types. Further, in at least one of the various embodiments, these rules may identify one or more object tags to automatically add with particular object types. Further, in at least one of the various embodiments, these rules may identify one or more object tags to automatically add with particular object types. Further, in at least one of the various
  • the rules for automatically adding object tags to objects may include one or more conditions that may be tested for determining whether to automatically add a particular object tag to a given object.
  • configuration information may be comprised of scripting languages, pattern matching, Boolean operators, comparison operators, or the like.
  • an object may have more than one tag collections.
  • one or more of the tag collections may be hidden from some and/or all users of the PTMD. Accordingly, in at least one of the various embodiments, as mentioned above, an object may have more than one tag collections.
  • configuration information and/or policy rules may be arranged to automatically add one or more object tags to restricted and/or hidden tag collections.
  • determining which tag collection to add the object tag may be based on at least one characteristic of the object tag.
  • a tag collection may be configured to contain restricted object tags, such as, object tags that are only visible/accessible to
  • a user may be enabled to add one or more object tags to the object.
  • a user may be provide one or more interfaces for adding one or more object tags to the provided object.
  • the PTMD may be arranged to provide graphical user interfaces that enable a user to generate and/or select object tags for adding to the provided object.
  • control may loop back to block 510; otherwise, in at least one of the various embodiments, control may be returned to a calling process.
  • FIGURE 6 shows an overview flowchart for process 600 for adding object tags to an object, in accordance with at least one of the various embodiments.
  • process 600 may be arranged to enable a user to provide input that may be used determining object tags.
  • process 600 may be arranged to enable a user to provide input that may be used determining object tags.
  • user input may be collected from various types of user interfaces, such as, graphical user interfaces, command line interfaces, or the like.
  • users may provide information for multiple object tags.
  • process 600 may be arranged to enable the user to enter characters or words through a user interface and/or select object tags from a list.
  • a PTMD may be arranged to a user to provide user input for tag selection using a command-line-interface.
  • one or more candidate object tags may be determined based on the user input.
  • users may provide one or more tag strings that comprises strings or portions of strings.
  • process 600 may be arranged to search for existing object tags that match the provide tag strings. If no matches are found, process 600 may generate new object tags that correspond to the unmatched tag strings.
  • one or more policy based rules may be employed to determine which of the candidate object tags are eligible for adding to the present object.
  • these rule may include one or more inclusionary or exclusion conditions for determining the eligibility of tag strings and/or candidate object tags.
  • some tag strings may be determined to be improper for employing as object tags. In at least one of the various embodiments, for various reasons, some tag strings may be determined to be improper for employing as object tags. In at least one of the various embodiments, for various reasons, some tag strings may be determined to be improper for employing as object tags. In at least one of the various embodiments, for various reasons, some tag strings may be determined to be improper for employing as object tags. In at least one of the various tag strings may be determined to be improper for employing as object tags.
  • a PTMD may be arranged include a dictionary of words and/or phrases that are excluded from being employed as object tags.
  • the PTMD may be arranged to include a dictionary of words or phrases that are deemed to be obscene, offensive, or otherwise inappropriate for use as object tags.
  • some tag strings may be excluded because they are reserved words or phrases that are designed to be used in specialized/restricted circumstances. Also, in at least one of the various embodiments, some tag strings may be reserved for use by users having different roles and/or access levels than the user that may be providing them.
  • some tag strings may be determined to improper if they match existing object tags that are restricted from being used by the current user.
  • an administrator user e.g., a user enabled to have more access rights than a normal user
  • normal users may be restricted from using tag strings that correspond to the restricted object tag.
  • one or more of the candidate object tags may be selected for adding to the object.
  • a PTMD may be arranged to enable a user to select one or more of the candidate object tags and add them to the provided object.
  • the number of object tags that may be added to an object may be limited based on a predefined configuration value. Otherwise, one or more of the candidate object tags may be added to an object.
  • some objects may have more than one tag collections for holding object tags.
  • a PTMD may be arranged to include one or more tag collections for automatic object tags, user supplied object tags, active object tags, administrator level object tags, or the like.
  • tag collections may be included and/or organized on a per user basis. Accordingly, in at least one of the various embodiments, one or more object tags added by a user may be associated with one or more tag collections that may be exclusive to the user. For these objects, a user may be enabled to select which tag collection an object tag may be added. However, in at least one of the various embodiments, users may be enabled to access/view tag collections based on their roles and/or access levels. For examples, if a tag collection is restricted to administrative users, normal user may be prevented from associating object tags with the restricted tag collection. At decision block 608, in at least one of the various embodiments, if the user is finished adding object tags to the object, control may flow to block 610; otherwise, control may loop back block 606.
  • the object tags that may be added to the object may be stored in a stable datastore, such as, a database, file system, or the like.
  • control may be returned to a calling process.
  • FIGURE 7 shows an overview flowchart for process 700 for filtering objects based on object tags in accordance with at least one of the various embodiments.
  • one or more tag strings may be provided for filtering.
  • a user may employ user interface for providing the tag strings.
  • one or more of the tag strings may be provided by another process and/or computer program.
  • process 700 may be arranged to retrieve one or more of the tags strings from configuration information.
  • tag strings may be provided based on the application of one or more rules or scripts for enforcing one or more policies.
  • one or more eligible object tags may be determined from the provided tag strings.
  • a PTMD may be arranged to search one or more data stores and/or indexes to find one or more object tags that match the provided tag strings.
  • process 700 may indicate as much by modifying the appearance of the tag string. For example, a tag string that matches a restricted object tag may be shown using a red font, whereas tag strings corresponding to non-restricted object tags may be shown in black.
  • one or more objects that are associated with the eligible object tags may be determined.
  • the PTMD may be arranged to search/query one or more data stores and/or databases to determine the object that include with the eligible object tags.
  • the search may be restricted to objects having the same object type.
  • the search may be opened to objects of different types.
  • the user providing the tag strings may also be enabled to indicate if the object tag search should be restricted to objects of certain object types, or if it is open to all object types.
  • the results of the search may be redistricted based on the user role and/or authorization/access level.
  • the user conducting the search does not have permission to view and/or access all objects returned by the search, those restricted objects may be excluded from the results.
  • control may flow to block 712; otherwise, control may flow to decision block 710.
  • the PTMD may be arranged to monitor the resources that may be consumed by the object tag/object search. Also, in at least one of the various embodiments, the PTMD may be arranged to monitor the overall utilization of resource on the PTMD as a whole. Accordingly, the PTMD may be arranged to prioritize the processes and/or threads such their operation does not impact other higher priority operations of the PTMD.
  • the PTMD may be arranged to monitor the length of time an object tag search may be running. Further, in at least one of the various embodiments, one or more timeouts may be defined for object tag searches. Accordingly, in at least one of the various embodiments, if a timeout value is exceeded, the PTMD may take further action, such as, canceling the object tag searches, providing a user-interface to request more time, logging an error to an error log, notifying one or more users, generating an event, or the like. At decision block 710, in at least one of the various embodiments, if there are more objects to filter, control may loop back to block 706; otherwise, control may flow to block 712.
  • the determined objects and/or information about the determined object may be provided to another process.
  • the results of the object tag search may be presented to the user.
  • the PTMD may be arranged to display the search results in a list or other well-known user interface style to the user.
  • the results may be saved and/or stored for recall at another time.
  • the results may be provided to another process that may be performing one or more actions on the objects that are in the result set. Next, control may be returned to a calling process.
  • FIGURE 8 shows an overview flowchart for process 800 for employing object tags in network management rules in accordance with at least one of the various embodiments.
  • one or more network traffic management actions may be executed by a control segment that is operative on a network computer or PTMD, such as, CS 318.
  • CS318 may be arranged to employ rules and a rules engine for network management.
  • rules may be customized to support objects, object types, and/or object tags.
  • the PTMD may be configured to execute one or more rules for determining how to handle the event.
  • one or more objects may be determined based on the execution of the rules.
  • one or more rules for processing incoming events may be arranged to reference one or more objects.
  • rules may be arranged to map one or more objects to a specific event. For example, a connection requests may be mapped to a particular connection pool object based on the tuple information that corresponds to the request.
  • the rules may instantiate new objects to wrap the incoming events, or the rules may load one or more existing objects as part of handling the events.
  • a rule engine executing one or more rules may be arranged to load or create one or more objects of various object types for managing the network.
  • control may flow block 808; otherwise, control may flow to block 810.
  • the rule engine included in CS 318 may be arranged to may be arranged to support the inclusion of object tags in the rules.
  • conditions and/or actions comprising the rules may include references to object tags.
  • the object tags that may be included in the determined objects may be employed by the rule engine based on the particular rule.
  • rules may be constructed in various arbitrary ways to employ the object tags to perform network management.
  • a condition clause may be arranged to test if an object includes one or more particular object tags before performing an action.
  • actions may include operations directed at objects that may have one or more particular tags.
  • a condition may be defined to test if a server object is associated with a particular object tag before forwarding it a request.
  • an action may be defined to perform an action on all server objects that include a particular object tag.
  • object tags One of ordinary skill in the art will appreciate that depending on the particular operative network management policies, conditions and/or actions in rules may be arranged arbitrarily to use object tags. However, the examples presented herein are at least sufficient for disclosing these innovations. Accordingly, it is in the interest of brevity that further examples are not described.
  • the rules may be applied to the determined objects.
  • the rule may be executed in CS 318 normally.
  • the determined objects may be modified and/or augmented based on the object tags associated with the objects. For example, if the rule includes an object tag filter statement, the determined objects may be limited to objects that are associated with object tags that correspond to the filter.
  • control may be returned to a calling process.
  • FIGURE 9 shows an overview flowchart for process 900 for employing object tags for determining actions for network management in accordance with at least one of the various embodiments.
  • an object may be provided to a control segment application.
  • CS 318 may be arranged to include a rules engine that may enable objects and/or object tags to be processed using arbitrary/customized rules.
  • CS 318 may include internal modules that may be arranged to operate on the objects during the normal course of performing network management and/or network traffic management operations.
  • a display interface may be arranged to represent entities, such as, servers, connection pools, switches, networks, users, or the like, using objects. Accordingly, these objects may include one or more object tags.
  • one or more of the object tags may be include in different tag collections for the objects. For example, some object tags may be associated to the object by a user and stored in one tag collection, whereas other object tags, unavailable to the user, may be stored in another tag collection of the object by the system or an administrator.
  • control may flow to decision block 906; otherwise, control may flow to block 914.
  • decision block 906 in at least one of the various embodiments, if any of the object tags included in the object are active object tags, control may flow to block 908; other control may flow to block 914.
  • an active object tag is an object tags that has been associated with a behavior. Thus, in at least one of the various embodiments, there may be some behavior and/or action that may be applied to those objects that include an active object tag.
  • the context of process 900 may dictate if an active tag is relevant to the current operation.
  • an object may include an active object tag that may be relevant if the properties of an object have been updated/changed. Accordingly, in this example, the behavior corresponding to active object tag may be executed during a save/store operation of a modified object.
  • one or more behaviors associated with the active object tags may be determined.
  • various mechanism may be employed to associate active object tags to an action and/or behavior, such as, scripts, code snippets, callback functions, closures, or the like.
  • databases, lookup tables, hash tables, or the like, or combination thereof may be employ for associating an active object tag with the code or callback function that may perform the actions associated with its behavior.
  • one or more well-known data structures may be employed to associate active object tags with the underlying actions to execute the behavior.
  • additional meta-data such as, parameter information, may be associated with the active object tag.
  • the behavior components of active object tags may be cache in one or more pools to reduce the time it may take to initialize the behavior.
  • the computer code may be compiled and/or resources such as memory buffers, database connection, network connection, file handles, or the like, or combination thereof, may be prepared in advance, or otherwise staged.
  • the determined behaviors may be performed.
  • the actions associated with the behavior may be executed by the PTMD.
  • control may flow to block 914; otherwise, control may loop back to block 910.
  • the PTMD may be arranged to perform resource monitoring similar as described for block 708 in FIGURE 7. Accordingly, if the execution of the behavior negatively impacts the performance of the PTMD or otherwise exceeds a timeout or resource threshold the one or more actions associated with the behavior may be terminated.
  • active object tags may be assigned priority values which may be considered when determining if the execution of the behavior should be terminated.
  • the resource monitoring configuration may include different threshold values and/or timeout for different active object tags and/or active object tag priority. For example, an active object tag associated with a higher priority may have a longer timeout than a lower priority active object tag.
  • one or more actions that may be associated with the object, separate from actions associated with an active object tag may be performed.
  • CS 318 may be arranged to perform additional network management actions independent of active object tags include in the objects. These actions may be internal or rule engine based actions that comprise the regular network management operation of the PTMD.
  • control may be returned to a calling process.
  • each block of the flowchart illustration, and combinations of blocks in the flowchart illustration can be implemented by computer program instructions.
  • These program instructions may be provided to a processor to produce a machine, such that the instructions, which execute on the processor, create means for implementing the actions specified in the flowchart block or blocks.
  • the computer program instructions may be executed by a processor to cause a series of operational steps to be performed by the processor to produce a computer-implemented process such that the instructions, which execute on the processor to provide steps for implementing the actions specified in the flowchart block or blocks.
  • the computer program instructions may also cause at least some of the operational steps shown in the blocks of the flowcharts to be performed in parallel.
  • blocks of the flowchart illustration support combinations of means for performing the specified actions, combinations of steps for performing the specified actions and program instruction means for performing the specified actions. It will also be understood that each block of the flowchart illustration, and combinations of blocks in the flowchart illustration, can be implemented by special purpose hardware-based systems, which perform the specified actions or steps, or combinations of special purpose hardware and computer instructions.
  • special purpose hardware-based systems which perform the specified actions or steps, or combinations of special purpose hardware and computer instructions.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Information Transfer Between Computers (AREA)

Abstract

Embodiments are directed towards embodiments are directed towards managing communication over a network with a packet traffic management device (PTMD). An object based on an object definition that models an entity in the network may be provided. If one or more automatic object tags may be associated with the object definition they may be determined and added to a tag collection. Candidate object tags may be determined based on a tag string that may be provided by a user. Eligible object tags may be determined from the candidate object tags based on a configuration rule. The eligible object tags may be added to a tag collections based on characteristic of the eligible object tags. The object and its tag collections may be stored in a data store. Object may be searched for based on object tags that may be provided by the user.

Description

OBJECT TAGGING
TECHNICAL FIELD
The present invention relates generally to network traffic management and, more particularly, but not exclusively to methods for the organization and management of object employed for network traffic management.
BACKGROUND
Often, network traffic management systems may be responsible managing numerous entities of many different types, such as, network devices, network computers, mobile computers, network connections, users, network security, applications, services, configurations, or the like. In some cases, one or more entities may be described and/or abstracted using objects or other abstract data type structures. These representations may be arranged to represent one or more features and properties of the entities that are managed by a network traffic management system. In many cases, object definitions may be re-used and/or shared across multiple services and/or applications in the network management system. Often, different object instances that share the same object definitions may require organization that may be customized for the particular applications or services that may be employing those objects. Further, since network management systems are often employed to manage dynamic network environments, static organization of objects representing such systems may be problematic given the dynamic nature of the systems they are employed to model. Thus, it is with respect to these considerations and others that the invention has been made.
BRIEF DESCRIPTION OF THE DRAWINGS
Non-limiting and non-exhaustive embodiments of the present innovations are described with reference to the following drawings. In the drawings, like reference numerals refer to like parts throughout the various figures unless otherwise specified. For a better understanding of the described innovations, reference will be made to the following Description of Various
Embodiments, which is to be read in association with the accompanying drawings, wherein:
FIGURE 1 is a system diagram of an environment in which embodiments of the invention may be implemented;
FIGURE 2 shows an embodiment of a client computer that may be included in a system such as that shown in FIGURE 1; FIGURE 3 shows an embodiment of a network computer that may be included in a system such as that shown in FIGURE 1 ;
FIGURE 4 illustrates a logical schematic of a portion of a system that includes objects representing objects employed by a packet traffic management device for managing networks in accordance with at least one of the various embodiments;
FIGURE 5 shows an overview flowchart for a process for object tagging, in accordance with at least one of the various embodiments;
FIGURE 6 shows an overview flowchart for a process for associating object tags with an object, in accordance with at least one of the various embodiments;
FIGURE 7 shows an overview flowchart for a process for filtering objects based on object tags in accordance with at least one of the various embodiments;
FIGURE 8 shows an overview flowchart for a process for employing object tags in network management rules in accordance with at least one of the various embodiments; and
FIGURE 9 shows an overview flowchart for a process for employing object tags for determine actions for network management in accordance with at least one of the various embodiments.
DETAILED DESCRIPTION OF VARIOUS EMBODIMENTS
The present innovations now will be described more fully hereinafter with reference to the accompanying drawings, which form a part hereof, and which show, by way of illustration, specific embodiments by which the invention may be practiced. These innovations may, however, be embodied in many different forms and should not be construed as limited to the embodiments set forth herein; rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the scope of the invention to those skilled in the art. Among other things, the present innovations may be embodied as methods, computers, or devices. Accordingly, the present innovations may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. The following detailed description is, therefore, not to be taken in a limiting sense.
Throughout the specification and claims, the following terms take the meanings explicitly associated herein, unless the context clearly dictates otherwise. The phrase "In one of the embodiments" or "in at least one of the various embodiments" as used herein does not necessarily refer to the same embodiment, though it may. Furthermore, the phrase "in another embodiment" as used herein does not necessarily refer to a different embodiment, although it may. Thus, as described below, various embodiments of the innovations may be readily combined, without departing from the scope or spirit of the innovations.
In addition, as used herein, the term "or" is an inclusive "or" operator, and is equivalent to the term "and/or," unless the context clearly dictates otherwise. The term "based on" is not exclusive and allows for being based on additional factors not described, unless the context clearly dictates otherwise. In addition, throughout the specification, the meaning of "a," "an," and "the" include plural references. The meaning of "in" includes "in" and "on."
As used herein, the term "tuple" refers to a set of values that identify a source and destination of a connection. In one embodiment, a 5 tuple may include a source Internet Protocol (IP) address, a destination IP address, a source port number, a destination port number, virtual LAN segment identifier (VLAN ID), tunnel identifier, routing interface identifier, physical interface identifier, or a protocol identifier. In at least one of the various embodiments, source port numbers may be a TCP source port number. Likewise, in at least one of the various embodiments, destination port number may be a TCP destination port number. In at least one of the various embodiments, tuples may be used to identify network flows (e.g., connection flows). However, a tuple need not be a 5 tuple, and other combinations of the above may also be used. For example, a tuple may be a four-tuple, using a source IP address, a destination IP address, a source port number, and a destination port number. Other combinations are also considered. Moreover, as used herein, a "flow key" refers to key that may be generated based on a tuple comprising any combination of fields selected from within a network packet header, including those fields identified above.
As used herein the terms "network policy rule," or "policy rule" refer to conditions and/or actions that may be paired together such that if a condition is met then the corresponding action may be executed. In at least one of the various embodiments, conditions may be compound conditions comprised of multiple conditions In at least one of the various
embodiments, actions may also compound actions, or in other words, multiple actions may be associated with a condition and/or a policy rule. Policy rules may be arranged perform various network traffic management actions on network traffic, such as, load balancing, network flow steering, firewalling, modifying traffic data, enforcing security, caching, compression, decompression, cryptographic operations, proxying, traffic routing, traffic switching, bandwidth shaping, quota tracking, or the like. The term "object definition" as used herein refers to a representation of entities and/or concepts that comprise a managed networking environment. In some embodiments, an object definition may be referred to as a class, or object type. The object definition represents the data structure and/or behaviors for modeling the entity the object represents. In some cases, the object definition may be an inherent or built-in feature of an object-oriented programming language (e.g., Java, C++, C#, or the like). In other cases, the object definition may be a logical representation of an abstract data type using a non-object oriented programming language. The number of different types of object definitions may arbitrarily vary depending on the scope, purpose, or arrangement of the management network environment. Accordingly, object definitions may be designed to represent the various entities and/or concepts present in a network traffic management system, such as, connections, requests, networks, sub-networks, connection pools, users, servers, clients, switches, routers, errors, notification, packets, channels, applications, or the like.
The term "object" as used herein refer to an instance of an object definition. Whereas an object definition describes information for modeling an entire class of one or more entities, an object represents a single instance of an object defined by an object definition. In the context of network traffic management, objects may be employed for modeling one or more of the various entities and/or concepts present in a network traffic management system, such as, connections, requests, networks, sub-networks, connection pools, users, servers, clients, switches, routers, errors, notification, packets, channels, applications, or the like.
The terms "tag," or "object tag" as used herein refer alpha-numeric values that may be associated with one or more objects. In at least one of the various embodiments, object tags may be created by users, predefined by a network management system, configured, automatically generated by scripts or other programs, or the like. In some cases, object tag may be defined to include a prefix string or character, such as, a hash '#', an asterisk '*', a sequence of one or more letters and/or characters, or the like. Object tags associated to objects may be used as basis for arranging/grouping objects, generating search results (in response to a search query), assigning visibility and/or access rights, or the like. Additional description of object tags is included throughout the specification. The term "tag collection" as used herein refers to a data structure used by objects for containing object tags. In at least one of the various embodiments, objects may have one or more tag collections that hold or reference the object tags that have been added to the object. In at least one of the various embodiments, tag collections may be arranged as data structure that store the object tags by copy or by reference.
The term "tag string" as used herein refers to a string of characters that may represent a portion of an object tag. In at least one of the various embodiments, users may enter in tag strings that may be employed to determine candidate object tags. In some embodiments, tag strings may enable 'type-ahead' user interfaces that generate a list of candidate object tags that partially match the tag string.
The term "active object tag" as used herein refers to an object tag that is associated with one or more behaviors. One or more action associated with the behaviors may be executed depending on the given context. For example, '#logchanges' may be an active object tag that indicates that each time the tagged object is modified a corresponding log entry that records the changes should be generated.
The term "automatic object tag" as used herein refers to an object tag that may configured be automatically added or included in object. In at least one of the various
embodiments, automatic object tags may be configured to be added object of a given object definition type and/or in a certain context. In at least one of the various embodiments, automatic object tags may employed by the network management device to add tags to hidden or restricted tag collections.
The following briefly describes the various embodiments to provide a basic
understanding of some aspects of the invention. This brief description is not intended as an extensive overview. It is not intended to identify key or critical elements, or to delineate or otherwise narrow the scope. Its purpose is merely to present some concepts in a simplified form as a prelude to the more detailed description that is presented later.
Briefly stated, embodiments are directed towards managing communication over a network with a packet traffic management device (PTMD). In at least one of the various embodiments, an object based on an object definition that models at least one entity in the network may be provided such that the object includes one or more tag collections. In at least one of the various embodiments, when one or more automatic object tags may be associated with the object definition they may be determined and added to one or more of the tag collections based on at least one characteristic of the one or more automatic object tags. In at least one of the various embodiments, one or more candidate object tags may be determined based on a tag string that may be provided by a user.
In at least one of the various embodiments, one or more eligible object tags may be determined from the candidate object tags based on a configuration rule. In at least one of the various embodiments, one or more of the eligible object tags may be determined based on an authorization level of the user.
In at least one of the various embodiments, the eligible object tags may be added to one or more tag collections based on characteristic of the eligible object tags.
And, in at least one of the various embodiments, the object and its tag collections may be stored in a data store. Further, in at least one of the various embodiments, one or more tag collections of an object may be concealed from the user based on the authorization level of the user.
In at least one of the various embodiments, one or more other object may be searched for based on one or more object tags that may be provided by the user. If a resource threshold is met or exceeded by the PTMD, the search may be terminated.
In at least one of the various embodiments, one or more network management rules may be executed on one or more object based on an object tag that is included in a network management rule. Similarly, in at least one of the various embodiments, one or more actions may be associated with an object tag such that the action may be executed on each object that includes the object tag.
Illustrative Operating Environment
FIGURE 1 shows components of one embodiment of an environment in which the invention may be practiced. Not all of the components may be required to practice these innovations, and variations in the arrangement and type of the components may be made without departing from the spirit or scope of the invention.
As shown, system 100 of FIGURE 1 includes local area networks ("LANs")/ wide area networks ("WANs") - (network) 108, wireless network 107, client computers 102-105, packet traffic management device ("PTMD") 109, and server computers 110-111. Network 108 is in communication with and enables communication between client computers 102-105, wireless network 107, and PTMD 109. Wireless network 107 further enables communication with wireless devices, such as client computers 103-105. PTMD 109 is in communication with network 108 and server computers 110-111. One embodiment of client computers 102-105 is described in more detail below in conjunction with FIGURE 2. In one embodiment, at least some of client computers 102-105 may operate over wired and/or a wireless networks, such as networks 107 and/or 108. Generally, client computers 102-105 may include virtually any computing device, or computer capable of communicating over a network. It should be recognized that more or less client computers may be included within a system such as described herein, and embodiments are therefore not constrained by the number or type of client computers employed.
Computers that may operate as client computer 102 may include computers that typically connect using a wired or wireless communications medium, such as personal computers, servers, multiprocessor systems, microprocessor-based or programmable consumer electronics, network PCs, or the like. In some embodiments, client computers 102-105 may include virtually any portable computing computer, or computer, capable of connecting to another computing device, or computer and communicating information, such as laptop computers, smart phones, mobile computers, tablet computers, or the like. However, client computers are not so limited and may also include other portable devices, such as cellular telephones, display pagers, radio frequency ("RF") devices, infrared ("IR") devices, Personal Digital Assistants ("PDAs"), wearable computers, integrated devices combining one or more of the preceding devices, and the like. As such, client computers 102-105 typically range widely in terms of capabilities and features.
Moreover, client computers 102-105 may provide access to various computing applications, including a browser, or other web-based applications.
A web-enabled client computer may include a browser application that is configured to receive and to send web pages, web-based messages, and the like. The browser application may be configured to receive and display graphics, text, multimedia, and the like, employing virtually any web-based language, including a wireless application protocol messages ("WAP"), and the like. In one embodiment, the browser application is enabled to employ Handheld Device
Markup Language ("HDML"), Wireless Markup Language ("WML"), WMLScript, JavaScript, Standard Generalized Markup Language ("SGML"), HyperText Markup Language ("HTML"), extensible Markup Language ("XML"), and the like, to display and send a message. In one embodiment, a user of the client computer may employ the browser application to perform various activities over a network (online). However, another application resident on the client computer may also be used to perform various online activities. Client computers 102-105 also may include at least one other client application that is configured to communicate by receiving and/or sending data with one or more other computing devices and/or computers. The client application may include a capability to send and/or receive content, or the like. The client application may further provide information that identifies itself, including a type, capability, name, or the like. In one embodiment, client computers 102-105 may uniquely identify themselves through any of a variety of mechanisms, including a phone number, network address, MAC address, Mobile Identification Number ("ΜΓΝ"), an electronic serial number ("ESN"), or other mobile device identifier. The information may also indicate a content format that the client computer is enabled to employ. Such information may be provided in a network packet, or the like, sent between other client computers, PTMD 109, server computers 1 10-111, or other computing devices.
Client computers 102-105 may further be configured to include a client application that enables an end-user to log into an end-user account that may be managed by another computer, such as server computers 110-111, or the like. Such end-user account, in one non- limiting example, may be configured to enable the end-user to manage one or more online activities, including in one non-limiting example, search activities, social networking activities, browse various websites, communicate with other users, participate in gaming, interact with various applications, or the like. However, participation in online activities may also be performed without logging into the end-user account. Wireless network 107 is configured to couple client computers 103-105 and its components with network 108. Wireless network 107 may include any of a variety of wireless sub-networks that may further overlay stand-alone ad-hoc networks, and the like, to provide an infrastructure-oriented connection for client computers 102-105. Such sub-networks may include mesh networks, Wireless LAN ("WLAN") networks, cellular networks, and the like. In one embodiment, the system may include more than one wireless network.
Wireless network 107 may further include an autonomous system of terminals, gateways, routers, and the like connected by wireless radio links, and the like. These connectors may be configured to move freely and randomly and organize themselves arbitrarily, such that the topology of wireless network 107 may change rapidly.
Wireless network 107 may further employ a plurality of access technologies including 2nd (2G), 3rd (3G), 4th (4G) 5th (5G) generation radio access for cellular systems, WLAN, Wireless Router ("WR") mesh, and the like. Access technologies such as 2G, 3G, 4G, 5G, and future access networks may enable wide area coverage for mobile computers, such as client computers 103-105 with various degrees of mobility. In one non-limiting example, wireless network 107 may enable a radio connection through a radio network access such as Global System for Mobil communication ("GSM"), General Packet Radio Services ("GPRS"),
Enhanced Data GSM Environment ("EDGE"), code division multiple access ("CDMA"), time division multiple access ("TDMA"), Wideband Code Division Multiple Access ("WCDMA"), High Speed Downlink Packet Access ("HSDPA"), Long Term Evolution ("LTE"), and the like. In essence, wireless network 107 may include virtually any wireless communication mechanism by which information may travel between client computers 103-105 and another computing device, computer, network, and the like.
Network 108 is configured to couple network computers with other computing devices, and/or computers, including, server computers 110-111 through PTMD 109, client computer 102, and client computers 103-105 through wireless network 107. Network 108 is enabled to employ any form of computer readable media for communicating information from one electronic device to another. Also, network 108 can include the Internet in addition to LANs, WANs, direct connections, such as through a universal serial bus ("USB") port, other forms of computer readable media, or any combination thereof. On an interconnected set of LANs, including those based on differing architectures and protocols, a router acts as a link between LANs, enabling messages to be sent from one to another. In addition, communication links within LANs typically include twisted wire pair or coaxial cable, while communication links between networks may utilize analog telephone lines, full or fractional dedicated digital lines including Tl, T2, T3, and T4, and/or other carrier mechanisms including, for example, E- carriers, Integrated Services Digital Networks ("ISDNs"), Digital Subscriber Lines ("DSLs"), wireless links including satellite links, or other communications links known to those skilled in the art. Moreover, communication links may further employ any of a variety of digital signaling technologies, including without limit, for example, DS-0, DS-1, DS-2, DS-3, DS-4, OC-3, OC- 12, OC-48, or the like. Furthermore, remote computers and other related electronic devices could be remotely connected to either LANs or WANs via a modem and temporary telephone link. In one embodiment, network 108 may be configured to transport information of an Internet Protocol ("IP"). In essence, network 108 includes any communication method by which information may travel between computing devices and/or computers. Additionally, communication media typically embodies computer readable instructions, data structures, program modules, or other transport mechanism and includes any information delivery media. By way of example, communication media includes wired media such as twisted pair, coaxial cable, fiber optics, wave guides, and other wired media and wireless media such as acoustic, RF, infrared, and other wireless media.
One embodiment of PTMD 109 is described in more detail below in conjunction with FIGURE 3. Briefly, however, PTMD 109 may include virtually any network computer capable of managing network traffic between client computers 102-105 and server computers 110-111. Such computers include, for example, routers, proxies, firewalls, load balancers, cache devices, devices that perform network address translation, or the like, or any combination thereof. PTMD 109 may perform the operations of routing, translating, switching packets, network address translation, firewall services, network flow control, or the like. In one embodiment, PTMD 109 may inspect incoming network packets, and may perform an address translation, port translation, a packet sequence translation, and the like, and route the network packets based, at least in part, on the packet inspection. In some embodiments, PTMD 109 may perform load balancing operations to determine a server computer to direct a request. Such load balancing operations may be based on network traffic, network topology, capacity of a server, content requested, or other traffic distribution mechanisms.
PTMD 109 may include a control segment and a separate data flow segment. The control segment may include software-optimized operations that perform high-level control functions and per-flow policy enforcement for packet traffic management. In at least one of the various embodiments, the control segment may be configured to manage connection flows maintained at the data flow segment. In at least one of the embodiments, the control segment may provide instructions, such as, for example, a packet translation instruction, to the data flow segment to enable the data flow segment to route received packets to a server computer, such as server computer 110-111. The data flow segment may include hardware-optimized operations that perform statistics gathering, per-packet policy enforcement (e.g., packet address translations), high-speed flow caches, or the like, on connection flows maintained at DFS between client computers, such as client computers 102-105, and server computers, such as server computers 110-111.
PTMD 109 may be arranged to represent one or more entities and/or concepts associated with network management using object definition and/or objects. Objects may be employed to represent one or more items or concepts employed during the management of networks and/or network traffic.
Server computers 110-1 11 may include virtually any network computer that may operate as a website server. However, server computers 110-111 are not limited to website servers, and may also operate as messaging server, a File Transfer Protocol (FTP) server, a database server, content server, application server, or the like. Additionally, each of server computers 110-111 may be configured to perform a different operation. Computers that may operate as server computers 110-111 include various network computers, including, but not limited to personal computers, desktop computers, multiprocessor systems, microprocessor-based or programmable consumer electronics, network PCs, server computers, network appliances, and the like.
Although FIGURE 1 illustrates server computers 110-111 as single computers, the invention is not so limited. For example, one or more functions of each of server computers 110- 111 may be distributed across one or more distinct network computers. Moreover, server computers 110-111 are not limited to a particular configuration. Thus, in one embodiment, server computers 110-111 may contain a plurality of network computers that operate using a master/slave approach, where one of the plurality of network computers of server computers 110-111 operate to manage and/or otherwise coordinate operations of the other network computers. In other embodiments, the server computers 110-111 may operate as a plurality of network computers within a cluster architecture, a peer-to-peer architecture, a cloud architecture, or the like. Thus, the invention is not to be construed as being limited to a single environment, and other configurations, and architectures are also envisaged.
Illustrative Client Computer
FIGURE 2 shows one embodiment of client computer 200 that may be included in a system implementing embodiments of the invention. Client computer 200 may include many more or less components than those shown in FIGURE 2. However, the components shown are sufficient to disclose an illustrative embodiment for practicing the present invention. Client computer 200 may represent, for example, one embodiment of at least one of client computers 102-105 of FIGURE 1.
As shown in the figure, client computer 200 includes a processor 202 in communication with memory 226 via a bus 234. Client computer 200 also includes a power supply 228, one or more network interfaces 236, an audio interface 238, a display 240, a keypad 242, and an input/output interface 248.
Power supply 228 provides power to client computer 200. A rechargeable or non- rechargeable battery may be used to provide power. The power may also be provided by an external power source, such as an AC adapter or a powered docking cradle that supplements and/or recharges a battery.
Client computer 200 may optionally communicate with a base station (not shown), or directly with another computing device and/or computer. Network interface 236 includes circuitry for coupling client computer 200 to one or more networks, and is constructed for use with one or more communication protocols and technologies including, but not limited to, global system for mobile communication ("GSM"), code division multiple access ("CDMA"), time division multiple access ("TDM A"), High Speed Downlink Packet Access ("HSDPA"), Long Term Evolution ("LTE"), user datagram protocol ("UDP"), transmission control
protocol/Internet protocol ("TCP/IP"), short message service ("SMS"), general packet radio service ("GPRS"), WAP, ultra wide band ("UWB"), IEEE 802.16 Worldwide Interoperability for Microwave Access ("WiMax"), session initiated protocol/real-time transport protocol ("SIP/PvTP"), or any of a variety of other wireless communication protocols. Network interface 236 is sometimes known as a transceiver, transceiving device, or network interface card ("NIC").
Audio interface 238 is arranged to produce and receive audio signals such as the sound of a human voice. For example, audio interface 238 may be coupled to a speaker and microphone (not shown) to enable telecommunication with others and/or generate an audio acknowledgement for some action.
Display 240 may be a liquid crystal display ("LCD"), gas plasma, light emitting diode ("LED"), or any other type of display used with a computing device and/or computer. Display 240 may also include a touch sensitive screen arranged to receive input from an object such as a stylus or a digit from a human hand.
Keypad 242 may comprise any input device arranged to receive input from a user. For example, keypad 242 may include a push button numeric dial, or a keyboard. Keypad 242 may also include command buttons that are associated with selecting and sending images. Client computer 200 also comprises input/output interface 248 for communicating with external devices, such as a headset, or other input or output devices not shown in FIGURE 2. Input/output interface 248 can utilize one or more communication technologies, such as USB, infrared, Bluetooth™, or the like.
Client computer 200 may also include a GPS transceiver (not shown) to determine the physical coordinates of client computer 200 on the surface of the Earth. A GPS transceiver typically outputs a location as latitude and longitude values. However, the GPS transceiver can also employ other geo-positioning mechanisms, including, but not limited to, triangulation, assisted GPS ("AGPS"), Enhanced Observed Time Difference ("E-OTD"), Cell Identifier ("CI"), Service Area Identifier ("SAI"), Enhanced Timing Advance ("ETA"), Base Station Subsystem ("BSS"), or the like, to further determine the physical location of client computer 200 on the surface of the Earth. It is understood that under different conditions, a GPS transceiver can determine a physical location within millimeters for client computer 200; and in other cases, the determined physical location may be less precise, such as within a meter or significantly greater distances. In one embodiment, however, client computer 200 may through other components, provide other information that may be employed to determine a physical location of the computer, including for example, a Media Access Control ("MAC") address, IP address, or the like.
Memory 226 includes a Random Access Memory ("RAM") 204, a Read-only Memory ("ROM") 222, and other storage means. Mass memory 226 illustrates an example of computer readable storage media (devices) for storage of information such as computer readable instructions, data structures, program modules or other data. Mass memory 226 stores a basic input/output system ("BIOS") 224 for controlling low-level operation of client computer 200. The mass memory also stores an operating system 206 for controlling the operation of client computer 200. It will be appreciated that this component may include a general-purpose operating system such as a version of UNIX, or LINUX™, or a specialized client
communication operating system such as Windows Mobile™, or the Symbian® operating system. The operating system may include, or interface with a Java virtual machine module that enables control of hardware components and/or operating system operations via Java application programs.
Mass memory 226 further includes one or more data storage 208, which can be utilized by client computer 200 to store, among other things, applications 214 and/or other data. For example, data storage 208 may also be employed to store information that describes various capabilities of client computer 200. The information may then be provided to another device or computer based on any of a variety of events, including being sent as part of a header during a communication, sent upon request, or the like. Data storage 208 may also be employed to store social networking information including address books, buddy lists, aliases, user profile information, or the like. Further, data storage 208 may also store message, web page content, or any of a variety of user generated content. At least a portion of the information may also be stored on another component of network computer 200, including, but not limited to processor readable storage device 230, a disk drive or other computer readable storage medias (not shown) within client computer 200.
Processor readable storage device 230 may include volatile, nonvolatile, removable, and non-removable media implemented in any method or technology for storage of information, such as computer- or processor-readable instructions, data structures, program modules, or other data. Examples of computer readable storage media include RAM, ROM, Electrically Erasable Programmable Read-only Memory ("EEPROM"), flash memory or other memory technology, Compact Disc Read-only Memory ("CD-ROM"), digital versatile disks ("DVD") or other optical storage, magnetic cassettes, magnetic tape, magnetic disk storage or other magnetic storage devices, or any other physical medium which can be used to store the desired information and which can be accessed by a computing device and/or computer. Processor readable storage device 230 may also be referred to herein as computer readable storage media.
Applications 214 may include computer executable instructions which, when executed by client computer 200, transmit, receive, and/or otherwise process network data. Network data may include, but is not limited to, messages (e.g., SMS, Multimedia Message Service ("MMS"), instant message ("IM"), email, and/or other messages), audio, video, and enable
telecommunication with another user of another client computer. Applications 214 may include, for example, browser 218. Applications 214 may include other applications, which may include, but are not limited to, calendars, search programs, email clients, IM applications, SMS applications, voice over Internet Protocol ("VOIP") applications, contact managers, task managers, transcoders, database programs, word processing programs, security applications, spreadsheet programs, games, search programs, and so forth.
Browser 218 may include virtually any application configured to receive and display graphics, text, multimedia, and the like, employing virtually any web based language. In one embodiment, the browser application is enabled to employ HDML, WML, WMLScript,
JavaScript, SGML, HTML, XML, and the like, to display and send a message. However, any of a variety of other web-based programming languages may be employed. In one embodiment, browser 218 may enable a user of client computer 200 to communicate with another network computer, such as PTMD 109 and/or indirectly with server computers 110-111.
Illustrative Network Computer FIGURE 3 shows one embodiment of a network computer 300, according to one embodiment of the invention. Network computer 300 may include many more or less components than those shown. The components shown, however, are sufficient to disclose an illustrative embodiment for practicing the invention. Network computer 300 may be configured to operate as a server, client, peer, a host, or any other computer. Network computer 300 may represent, for example PTMD 109 of FIGURE 1 , server computers 110- 111 of FIGURE 1 , and/or other network computers.
Network computer 300 includes processor 302, processor readable storage device 328, network interface unit 330, an input/output interface 332, hard disk drive 334, video display adapter 336, data flow segment ("DFS") 338 and a mass memory, all in communication with each other via bus 326. The mass memory generally includes RAM 304, ROM 322 and one or more permanent mass storage devices, such as hard disk drive 334, tape drive, optical drive, and/or floppy disk drive. The mass memory stores operating system 306 for controlling the operation of network computer 300. Any general-purpose operating system may be employed. Basic input/output system ("BIOS") 324 is also provided for controlling the low-level operation of network computer 300. As illustrated in FIGURE 3, network computer 300 also can communicate with the Internet, or some other communications network, via network interface unit 330, which is constructed for use with various communication protocols including the TCP/IP protocol. Network interface unit 330 is sometimes known as a transceiver, transceiving device, or network interface card ("NIC"). Network computer 300 also comprises input/output interface 332 for communicating with external devices, such as a keyboard, or other input or output devices not shown in FIGURE 3. Input/output interface 332 can utilize one or more communication technologies, such as USB, infrared, Bluetooth™, or the like.
The mass memory as described above illustrates another type of computer readable media, namely computer readable storage media and/or processor readable storage media, including processor readable storage device 328. Processor readable storage device 328 may include volatile, nonvolatile, removable, and non-removable media implemented in any method or technology for storage of information, such as computer readable instructions, data structures, program modules, or other data. Examples of processor readable storage media include RAM, ROM, EEPROM, flash memory or other memory technology, CD-ROM, digital versatile disks (DVD) or other optical storage, magnetic cassettes, magnetic tape, magnetic disk storage or other magnetic storage devices, or any other media which can be used to store the desired information and which can be accessed by a computing device and/or computer.
Data storage 308 may include a database, text, spreadsheet, folder, file, or the like, that may be configured to maintain and store user account identifiers, user profiles, email addresses, IM addresses, and/or other network addresses; or the like. Data stores 308 may further include program code, data, algorithms, and the like, for use by a processor, such as central processing unit 302 to execute and perform actions. In one embodiment, at least some of data store 308 might also be stored on another component of network computer 300, including, but not limited to processor-readable storage device 328, hard disk drive 334, or the like. The mass memory may also stores program code and data. One or more applications 314 may be loaded into mass memory and run on operating system 306. Examples of application programs may include transcoders, schedulers, calendars, database programs, word processing programs, Hypertext Transfer Protocol ("HTTP") programs, customizable user interface programs, IPSec applications, encryption programs, security programs, SMS message servers, IM message servers, email servers, account managers, and so forth. Web server 316 and control segment ("CS") 318 may also be included as application programs within applications 314.
Web server 316 represent any of a variety of services that are configured to provide content, including messages, over a network to another computing device and/or computer. Thus, web server 316 includes, for example, a web server, a File Transfer Protocol ("FTP") server, a database server, a content server, or the like. Web server 316 may provide the content including messages over the network using any of a variety of formats including, but not limited to WAP, HDML, WML, SGML, HTML, XML, Compact HTML ("cHTML"), Extensible HTML ("xHTML"), or the like. Web server 316 may also be configured to enable a user of a client computer, such as client computers 102-105 of FIGURE 1, to browse websites, upload user data, or the like. Network computer 300 may also include DFS 338 for maintaining connection flows between client computers, such as client computers 102-105 of FIGURE 1, and server computers, such as server computers 110-111 of FIGURE 1. In one embodiment, DFS 338 may include hardware-optimized operations for packet traffic management, such as repetitive operations associated with packet traffic management. For example, DFS 338 may perform statistics gathering, per-packet policy enforcement (e.g., packet address translations), or the like, on connection flows maintained at DFS 338. In some embodiments, DFS 338 may route, switch, forward, and/or otherwise direct packets based on rules for a particular connection flow signature (e.g., a 5 tuple of a received packet). Thus, DFS 338 may include capabilities and perform tasks such as that of a router, a switch, a routing switch, firewalls, network address translation, or the like. In some embodiments, the rules for a particular connection flow signature may be based on instructions received from CS 318. In one embodiment, DFS 338 may store the instructions received from CS 318 in a local memory as a table or some other data structure. In some other embodiments, DFS 338 may also store a flow state table to indicate a state of current connection flows maintained at DFS 338. In at least one of the various embodiments, components of DFS 338 may comprise and/or work in combination to provide high-speed flow caches for optimizing packet traffic management. In at least one of the various embodiments, CS 318 may provide connection updates to DFS 338 that may include activating or deactivating one or more protocol options for a particular connection flow, such as, turning on or off SYN-Cookie for TCP flows, or the like.
In some embodiments, DFS 338 may provide connection flow updates to CS 318. In one embodiment, a connection flow update may include a status of the connection flow, a current state of the connection flow, other statistical information regarding the connection flow, or the like. The connection flow update may also include an identifier that corresponds to the connection flow. The identifier may be generated and provided by CS 318 when a connection flow is established at DFS 338. In some embodiments, the connection flow update may be a connection flow delete update provided to CS 318 after the connection flow is terminated at DFS 338. The connection flow update and/or the connection flow delete update may be provided to CS 318 periodically, at predefined time intervals, or the like. In some embodiments, DFS 338 may stagger a time when a plurality of connection flow updates are provided to CS.
In some other embodiments, DFS 338 may include a plurality of data flow segments. In one non-limiting example, a first data flow segment within DFS 338 may forward packets received from a client computer to a server computer, while a second data flow segment within DFS 338 may forward and/or route packets received from a server computer to a client computer. In at least one of the various embodiments, DFS 338 may also be implemented in software. CS 318 may include a control segment that may include software-optimized operations to perform high-level control functions and per- flow policy enforcement for packet traffic management. CS 318 may be configured to manage connection flows maintained at DFS 338. In one embodiments, CS 318 may provide instructions, such as, for example, a packet address translation instructions, to DFS 338 to enable DFS 338 to forward received packets to a server computer, such as server computer 110-111 of FIGURE 1. In some other embodiments, CS 318 may forward and/or route packets between a client computer and a server computer independent of DFS 338.
In at least one of the various embodiments, CS 318 may include a plurality of control segments. In some embodiments, a plurality of control segments may access and/or manage connection flows at a single data flow segments and/or a plurality of data flow segments. In some other embodiments, CS 318 may include an internal data flow segment. In one such embodiment, the internal data flow segment of CS 318 may be distributed and/or separate from CS 318. For example, in one embodiment, CS 318 may be employed in software, while the internal data flow segment may be employed in hardware. In some other embodiments, CS 318 may identify if connection flows are split between different data flow segments and/or between a DFS 338 and CS 318. In at least one embodiment, CS 318 may also be implemented in hardware.
In at least one of the various embodiments, CS 318 may be arranged to employ one or more objects for representing entities and/or concepts that may be under management by a PTMD. Accordingly, each object may be instantiated based on an object class and/or object data type that defines the properties and/or behaviors associated with the representation of the entity or concept. In at least one of the various embodiments, objects may be associated with one or more object tags. One or more object tags may be associated with an object and/or object type by users, configuration rules, administrators, operations of CS 318, or the like. Further, in at least one of the various embodiments, CS 318 may be arranged to include a rule engine for applying one or more rules to incoming and/or outgoing network traffic and/or network connections. In at least one of the various embodiments, the rules may be written in one or more scripting and/or computer programming languages, such as, TCL, Perl, Java, Javascript, C, C++, C#, or the like, or combination thereof. In at least one of the various embodiments, the rules may include one or more conditions that may be associated with one or more actions. The rules and rule engine enable customized network traffic management actions to be defined. In at least one of the various embodiments, such actions may include, load balancing, cryptography, compression/decompression, access control, connection pooling, firewall tasks, network performance monitoring, resource caching, or the like, or combination thereof.
In at least one of the various embodiments, the rules engine included in CS 318 may be arranged to evaluate conditions and perform actions based in part on objects and/or object properties. Accordingly, in at least one of the various embodiments, object tags that may be associated with an object may be incorporated in the conditions and/or actions that comprise the rules. See, FIGURE 8 and its accompanying description.
Illustrative Logical Architecture and Use Case FIGURE 4 illustrates a logical schematic of a portion of system 400 that includes objects representing objects employed by a PTMD for managing networks in accordance with at least one of the various embodiments. In at least one of the various embodiments, as mentioned above, CS 318 may be arranged to represent one or more entities associated with the management of networks and/or network traffic using objects. Object 402 and object 416 are non-limiting examples of the kind of objects that may be employed in at least one of the various
embodiments.
In at least one of the various embodiments, there may be many different types of objects (each with their own object definition) and many more instances (objects) for each object type. In at least one of the various embodiments, objects and/or object types may be implemented using one or more well-known, or custom, object-oriented programming languages. Or, in at least one of the various embodiments, objects and/or object types may be implemented using object-oriented techniques using a non-object oriented language. Further, in at least one of the various embodiments, objects and/or object type may be implemented using customer programming languages and/or scripts. Accordingly, in at least one of the various embodiments, the particular underlying data structure and/or implementation for objects employed by the PTMD may vary depending on the programming languages that are used, as well as one or more modeling decisions, engineering decisions and/or preferences unrelated to the innovations included herein. However, one of ordinary skill in the art will appreciate that object 402 and object 416, as described herein, are at least sufficient for enabling the practice of the innovations included herein. In at least one of the various embodiments, object 402 may be arranged to model a collection of network connections called a connection pool. In at least one of the various embodiments, object 402 may include one or more properties, such as, object identifier (OID) 404, type 406, description 408, properties 410, tag collection 412, tag collection 414, or the like. In at least one of the various embodiments, properties 410 may be assumed to include one or more property fields that may be relevant for modeling the object.
In at least one of the various embodiments, the number and type of properties may vary depending on the entity or concept the object is modeling. For example, in at least one of the various embodiments, a connection pool object, such as, object 402 may include properties (not shown), such as, maximum number of connections, current number of connections, minimum number of connections, connection type, timeout information, virtual network address, or the like. For the innovations disclosed herein, the particular properties used for modeling the entities or concepts represented by the object are unimportant.
In at least one of the various embodiments, tag collection 412 may be a tag collection that includes one or more tags strings, such as, #DNS, #BACKUP, #SEATTLE, or the like. In at least one of the various embodiments, the tag strings that comprise an object tag may be formatted in various ways. In this example, the tags in tag collection 412 include a leading 'hash symbol', however, other symbols may be used, or in some embodiments, no special symbol may be required. Also, in at least one of the various embodiments, tag strings may be comprised of any alphanumeric character. However, in at least one of the various embodiments, one or more, characters or string patterns may be excluded and/or reserved depending on the configuration, policy, and/or arrangement of the PTMD.
In at least one of the various embodiments, objects may be associated with one more object tags by adding and/or including them in one or more of their tag collections. Different instances of the same object type may be associated with different object tags. For example, object 416 includes tag collection 418 that includes different tags than tag collection 412 of object 402 - even though object 402 and object 416 may represent the same type of object (e.g., Connection Pools).
In at least one of the various embodiments, objects may be arranged to be associated with tags having different classifications. In at least one of the various embodiments, some tags may be user defined and/or user selected while other tags may be defined and/or selected by users and/or processes/applications having a sufficient access level (e.g., administrative users). Also, in at least one of the various embodiments, tags may be used for internal organization of the objects. In such cases, for some embodiments, tags used for internal organization of the objects may be hidden from view for one or more users. Accordingly, in the examples shown in FIGURE 4, tag collection 412 and tag collection
418 may represent tags that may be visible and/or accessible to users while tag collection 414 and tag collection 420 may represent tags that may be employed internally and not generally visible or available to users. Note, that in at least one of the various embodiments, objects may be arranged to include more or less tag collections than are shown in FIGURE 4. Further, in at least one of the various embodiments, tags having different classifications and/or different access levels may be stored together rather than in separate tag collections.
In at least one of the various embodiments, tags may be employed for reasons related to the specific operational parameters of a network and the management priorities/goals associated with the managed network. For example, in at least one of the various embodiments, object 402 and object 416 both include the '#DNS' tag. In some embodiments, this may be used to indicate that the objects, in this case, these connection pools, are associated with one or more domain name system services.
In at least one of the various embodiments, the tags may have different semantic meaning depending on a particular implementation and/or network environment. For example, object 402 includes the #SEATTLE tag which may indicate that the connection pool is associated with servers located in the city, Seattle, Washington. In other cases, in at least one of the various embodiments, the #SEATTLE tag may be used to indicate that a support team located in Seattle, Washington is responsible for maintaining the services associated with this connection pool. Accordingly, the selection of one or more of the tag strings and the semantic meaning of these tag may be determined by one or more users and/or determined by configuration information. In at least one of the various embodiments, there may be one or more tags that may be defined to have an assigned value (e.g., tag string) and/or an assigned semantic meaning. For example, a PTMD may be arranged to associate particular object tags with semantic meaning that is honored by the PTMD. For example, the tag #DNS may be a system provided tag that is used for associating a connection pool with domain name system services provided by the PTMD. Accordingly, in this example, in at least one of the various embodiments, objects associated with a DNS service would be required to be associated with the #DNS tag. Likewise, associating an object with an object tag that has semantic meaning would result in that semantic meaning being applied to each object associated with the tag. Further, in at least one of the various embodiments, a PTMD may be arranged to provide object tags that indicate behavior as well as semantic meaning. Accordingly, in at least one of the various embodiments, the PTMD may be arranged to perform one or more actions on objects that are associated with object tags that indicate a behavior. In at least one of the various
embodiments, the behavior associated with an object tag may vary depending on the operational context and the object type. For example, in at least one of the various embodiments, a PTMD may be arranged to perform mirroring (e.g., duplication) actions on objects that are associated with #MIRROR tag. Accordingly, since object 402 includes the #MIRROR tag in tag collection 414, the PTMD in this example may be arranged to perform actions to mirror the information associated with object 402 because it is associated with the #MIRROR tag. Generalized Operation
The operation of certain aspects of the invention will now be described with respect to FIGURES 5-9. In at least one of various embodiments, processes 500, 600, 700, 800 and, 900 described in conjunction with FIGURES 5-9, respectively, may be implemented by and/or executed on a network computer, such as network computer 300 of FIGURE 3. In other embodiments, these processes or portions of these processes may be implemented by and/or executed on a plurality of network computers, such as network computer 300 of FIGURE 3. Further, in other embodiments, these processes or portions of these processes may be
implemented by and/or executed on one or more client computers, such as client computer 200 as shown in FIGURE 2. However, embodiments are not so limited and various combinations of network computers, or the like, may be utilized. FIGURE 5 shows an overview flowchart for process 500 for object tagging, in accordance with at least one of the various embodiments. After a start block, at block 502, in at least one of the various embodiments, one or more objects may be provided to process 500 for tagging. In at least one of the various embodiments, objects may be provided by various mechanisms, including, user selection, rule based selection, configuration settings, presented in a user interface, or the like.
At decision block 504, in at least one of the various embodiments, if the provided object is a newly created object, control may flow to decision block 506; otherwise, control may flow block 510. In at least one of the various embodiments, a PTMD may be arranged to provide one or more user interfaces that enable a user to select the object from one or more lists and/or collections of existing objects. Also, in at least one of the various embodiments, the PTMD may be arranged to enable newly created objects to be provided to process 500 for object tagging.
At decision block 506, in at least one of the various embodiments, if there are one or more object tags that are configured for auto-tagging, control may flow to block 508; otherwise, in at least one of the various embodiments, control may flow to block 510.
In at least one of the various embodiments, the PTMD may be arranged to automatically associate certain object tags to particular objects and/or object types. In at least one of the various embodiments, object tags that may be automatically associated with objects may be considered automatic tags and/or automatic object tags. Accordingly, in at least one of the various embodiments, automatic object tags may be added to one or more of the tag collections for an object.
At block 508, in at least one of the various embodiments, the automatic object tags for automatically adding to the object may be determined and added to the tag collections for the object. In at least one of the various embodiments, the PTMD may be arranged to employ configuration information and/or rule based policies for determining the automatic object tags, if any, to add to an object.
In at least one of the various embodiments, automatic object tags may be tags that convey semantic descriptions and/or default information for the object. For example, if a user employs a DNS Service application create a new object, a tag such as #DNS may be added to that new object to indicate that the object was created using the DNS Service application. In at least one of the various embodiments, users may configure a PTMD to automatically add various object tags to any given object based on a variety of configuration parameters. For example, in at least one of the various embodiments, the PTMD may be configured to add an object tag that corresponds to information associated with the user that created the object, such as, the user's name, the user's team, or the like.
Also, in at least one of the various embodiments, the configuration information may include rules for identifying automatic object tags that may be added to objects. Accordingly, in at least one of the various embodiments, these rules may identify one or more object tags to automatically add with particular object types. Further, in at least one of the various
embodiments, the rules for automatically adding object tags to objects may include one or more conditions that may be tested for determining whether to automatically add a particular object tag to a given object. Accordingly, in at least one of the various embodiments, configuration information may be comprised of scripting languages, pattern matching, Boolean operators, comparison operators, or the like.
In at least one of the various embodiments, as mentioned above, an object may have more than one tag collections. In some embodiments, one or more of the tag collections may be hidden from some and/or all users of the PTMD. Accordingly, in at least one of the various
embodiments, configuration information and/or policy rules may be arranged to automatically add one or more object tags to restricted and/or hidden tag collections. In at least one of the various embodiments, determining which tag collection to add the object tag may be based on at least one characteristic of the object tag. For example, a tag collection may be configured to contain restricted object tags, such as, object tags that are only visible/accessible to
administrators.
At block 510, in at least one of the various embodiments, a user may be enabled to add one or more object tags to the object. In at least one of the various embodiments, a user may be provide one or more interfaces for adding one or more object tags to the provided object. In at least one of the various embodiments, the PTMD may be arranged to provide graphical user interfaces that enable a user to generate and/or select object tags for adding to the provided object. At decision block 512, in at least one of the various embodiments, if there are more object tags to add to the object, control may loop back to block 510; otherwise, in at least one of the various embodiments, control may be returned to a calling process.
FIGURE 6 shows an overview flowchart for process 600 for adding object tags to an object, in accordance with at least one of the various embodiments. After a start block, at block 602, in at least one of the various embodiments, process 600 may be arranged to enable a user to provide input that may be used determining object tags. In at least one of the various
embodiments, user input may be collected from various types of user interfaces, such as, graphical user interfaces, command line interfaces, or the like. In at least one of the various embodiments, users may provide information for multiple object tags. In at least one of the various embodiments, process 600 may be arranged to enable the user to enter characters or words through a user interface and/or select object tags from a list. Further, in at least one of the various embodiments, a PTMD may be arranged to a user to provide user input for tag selection using a command-line-interface. At block 604, in at least one of the various embodiments, one or more candidate object tags may be determined based on the user input. In at least one of the various embodiments, users may provide one or more tag strings that comprises strings or portions of strings.
Accordingly, in at least one of the various embodiments, process 600 may be arranged to search for existing object tags that match the provide tag strings. If no matches are found, process 600 may generate new object tags that correspond to the unmatched tag strings.
In at least one of the various embodiments, one or more policy based rules may be employed to determine which of the candidate object tags are eligible for adding to the present object. In at least one of the various embodiments, these rule may include one or more inclusionary or exclusion conditions for determining the eligibility of tag strings and/or candidate object tags.
In at least one of the various embodiments, for various reasons, some tag strings may be determined to be improper for employing as object tags. In at least one of the various
embodiments, there may be one or more reserved strings that may be excluded from eligibility for object tags. In at least one of the various embodiments, a PTMD may be arranged include a dictionary of words and/or phrases that are excluded from being employed as object tags. For example, the PTMD may be arranged to include a dictionary of words or phrases that are deemed to be obscene, offensive, or otherwise inappropriate for use as object tags.
In at least one of the various embodiments, some tag strings may be excluded because they are reserved words or phrases that are designed to be used in specialized/restricted circumstances. Also, in at least one of the various embodiments, some tag strings may be reserved for use by users having different roles and/or access levels than the user that may be providing them.
Also, in at least one of the various embodiments, some tag strings may be determined to improper if they match existing object tags that are restricted from being used by the current user. For example, an administrator user (e.g., a user enabled to have more access rights than a normal user) may create an object tag and restrict its use to administrator users. Accordingly, for example, normal users may be restricted from using tag strings that correspond to the restricted object tag.
At block 606, in at least one of the various embodiments, one or more of the candidate object tags may be selected for adding to the object. In at least one of the various embodiments, a PTMD may be arranged to enable a user to select one or more of the candidate object tags and add them to the provided object. In at least one of the various embodiments, the number of object tags that may be added to an object may be limited based on a predefined configuration value. Otherwise, one or more of the candidate object tags may be added to an object. In at least one of the various embodiments, some objects may have more than one tag collections for holding object tags. For example, a PTMD may be arranged to include one or more tag collections for automatic object tags, user supplied object tags, active object tags, administrator level object tags, or the like. Also, in at least one of the various embodiments, tag collections may be included and/or organized on a per user basis. Accordingly, in at least one of the various embodiments, one or more object tags added by a user may be associated with one or more tag collections that may be exclusive to the user. For these objects, a user may be enabled to select which tag collection an object tag may be added. However, in at least one of the various embodiments, users may be enabled to access/view tag collections based on their roles and/or access levels. For examples, if a tag collection is restricted to administrative users, normal user may be prevented from associating object tags with the restricted tag collection. At decision block 608, in at least one of the various embodiments, if the user is finished adding object tags to the object, control may flow to block 610; otherwise, control may loop back block 606.
At block 610, in at least one of the various embodiments, the object tags that may be added to the object may be stored in a stable datastore, such as, a database, file system, or the like. Next, in at least one of the various embodiments, control may be returned to a calling process.
FIGURE 7 shows an overview flowchart for process 700 for filtering objects based on object tags in accordance with at least one of the various embodiments. After a start block, at block 702, in at least one of the various embodiments, one or more tag strings may be provided for filtering. In at least one of the various embodiments, a user may employ user interface for providing the tag strings. In other embodiments, one or more of the tag strings may be provided by another process and/or computer program. In at least one of the various embodiments, process 700 may be arranged to retrieve one or more of the tags strings from configuration information. Also, in at least one of the various embodiments, tag strings may be provided based on the application of one or more rules or scripts for enforcing one or more policies.
At block 704, in at least one of the various embodiments, one or more eligible object tags may be determined from the provided tag strings. In at least one of the various embodiments, a PTMD may be arranged to search one or more data stores and/or indexes to find one or more object tags that match the provided tag strings. In at least one of the various embodiments, if a tag string matches a restricted object tag, process 700 may indicate as much by modifying the appearance of the tag string. For example, a tag string that matches a restricted object tag may be shown using a red font, whereas tag strings corresponding to non-restricted object tags may be shown in black. At block 706, in at least one of the various embodiments, one or more objects that are associated with the eligible object tags may be determined. In at least one of the various embodiments, the PTMD may be arranged to search/query one or more data stores and/or databases to determine the object that include with the eligible object tags. In at least one of the various embodiments, the search may be restricted to objects having the same object type.
Though, in some case, in at least one of the various embodiments, the search may be opened to objects of different types. In at least one of the various embodiments, the user providing the tag strings may also be enabled to indicate if the object tag search should be restricted to objects of certain object types, or if it is open to all object types.
Further, in at least one of the various embodiments, the results of the search may be redistricted based on the user role and/or authorization/access level. Thus, in at least one of the various embodiments, if the user conducting the search does not have permission to view and/or access all objects returned by the search, those restricted objects may be excluded from the results.
At decision block 708, in at least one of the various embodiments, if one or more resources in the PTMD are met or exceeded while determining the objects that include the eligible object tags, control may flow to block 712; otherwise, control may flow to decision block 710.
In at least one of the various embodiments, the PTMD may be arranged to monitor the resources that may be consumed by the object tag/object search. Also, in at least one of the various embodiments, the PTMD may be arranged to monitor the overall utilization of resource on the PTMD as a whole. Accordingly, the PTMD may be arranged to prioritize the processes and/or threads such their operation does not impact other higher priority operations of the PTMD.
Further, in at least one of the various embodiments, the PTMD may be arranged to monitor the length of time an object tag search may be running. Further, in at least one of the various embodiments, one or more timeouts may be defined for object tag searches. Accordingly, in at least one of the various embodiments, if a timeout value is exceeded, the PTMD may take further action, such as, canceling the object tag searches, providing a user-interface to request more time, logging an error to an error log, notifying one or more users, generating an event, or the like. At decision block 710, in at least one of the various embodiments, if there are more objects to filter, control may loop back to block 706; otherwise, control may flow to block 712.
At block 712, in at least one of the various embodiments, the determined objects and/or information about the determined object may be provided to another process. In at least one of the various embodiments, the results of the object tag search may be presented to the user. In at least one of the various embodiments, the PTMD may be arranged to display the search results in a list or other well-known user interface style to the user. In at least one of the various embodiments, the results may be saved and/or stored for recall at another time. Also, in at least one of the various embodiments, the results may be provided to another process that may be performing one or more actions on the objects that are in the result set. Next, control may be returned to a calling process. FIGURE 8 shows an overview flowchart for process 800 for employing object tags in network management rules in accordance with at least one of the various embodiments. After a start block, at block 802, in at least one of the various embodiments, one or more network traffic management actions may be executed by a control segment that is operative on a network computer or PTMD, such as, CS 318. In at least one of the various embodiments, as discussed above, CS318 may be arranged to employ rules and a rules engine for network management. In at least one of the various embodiments, rules may be customized to support objects, object types, and/or object tags. Accordingly, if a triggering event, such as, an incoming network request, occurs the PTMD may be configured to execute one or more rules for determining how to handle the event. At block 804, in at least one of the various embodiments, one or more objects may be determined based on the execution of the rules. In at least one of the various embodiments, one or more rules for processing incoming events may be arranged to reference one or more objects. Also, in at least one of the various embodiments, rules may be arranged to map one or more objects to a specific event. For example, a connection requests may be mapped to a particular connection pool object based on the tuple information that corresponds to the request. In other cases, in at least one of the various embodiments, the rules may instantiate new objects to wrap the incoming events, or the rules may load one or more existing objects as part of handling the events.
In at least one of the various embodiments, for the purposes of this innovation it suffices to disclose that a rule engine executing one or more rules may be arranged to load or create one or more objects of various object types for managing the network.
At decision block 806, in at least one of the various embodiments, if the one or more the rules include object tags, control may flow block 808; otherwise, control may flow to block 810.
In at least one of the various embodiments, the rule engine included in CS 318 may be arranged to may be arranged to support the inclusion of object tags in the rules. In at least one of the various embodiments, conditions and/or actions comprising the rules may include references to object tags.
At block 808, in at least one of the various embodiments, the object tags that may be included in the determined objects may be employed by the rule engine based on the particular rule. In at least one of the various embodiments, rules may be constructed in various arbitrary ways to employ the object tags to perform network management.
Accordingly, in at least one of the various embodiments, a condition clause may be arranged to test if an object includes one or more particular object tags before performing an action. Likewise, in at least one of the various embodiments, actions may include operations directed at objects that may have one or more particular tags. For example, in at least one of the various embodiments, a condition may be defined to test if a server object is associated with a particular object tag before forwarding it a request.
Likewise, for example, an action may be defined to perform an action on all server objects that include a particular object tag. One of ordinary skill in the art will appreciate that depending on the particular operative network management policies, conditions and/or actions in rules may be arranged arbitrarily to use object tags. However, the examples presented herein are at least sufficient for disclosing these innovations. Accordingly, it is in the interest of brevity that further examples are not described.
At block 810, in at least one of the various embodiments, the rules may be applied to the determined objects. In at least one of the various embodiments, if the rule does not include conditions or actions that reference object tags, the rule may be executed in CS 318 normally. In at least one of the various embodiments, if the rule did reference object tags the determined objects may be modified and/or augmented based on the object tags associated with the objects. For example, if the rule includes an object tag filter statement, the determined objects may be limited to objects that are associated with object tags that correspond to the filter. Next, in at least one of the various embodiments, control may be returned to a calling process.
FIGURE 9 shows an overview flowchart for process 900 for employing object tags for determining actions for network management in accordance with at least one of the various embodiments. After a start block, at block 902, in at least one of the various embodiments, an object may be provided to a control segment application. As mentioned above, CS 318 may be arranged to include a rules engine that may enable objects and/or object tags to be processed using arbitrary/customized rules. Also, in at least one of the various embodiments, CS 318 may include internal modules that may be arranged to operate on the objects during the normal course of performing network management and/or network traffic management operations. For example, a display interface may be arranged to represent entities, such as, servers, connection pools, switches, networks, users, or the like, using objects. Accordingly, these objects may include one or more object tags.
Further, in at least one of the various embodiments, one or more of the object tags may be include in different tag collections for the objects. For example, some object tags may be associated to the object by a user and stored in one tag collection, whereas other object tags, unavailable to the user, may be stored in another tag collection of the object by the system or an administrator.
At decision block 904, in at least one of the various embodiments, if the object includes one or more object tags, control may flow to decision block 906; otherwise, control may flow to block 914. At decision block 906, in at least one of the various embodiments, if any of the object tags included in the object are active object tags, control may flow to block 908; other control may flow to block 914. In at least one of the various embodiments, an active object tag is an object tags that has been associated with a behavior. Thus, in at least one of the various embodiments, there may be some behavior and/or action that may be applied to those objects that include an active object tag. In at least one of the various embodiments, the context of process 900 may dictate if an active tag is relevant to the current operation. For example, in at least one of the various embodiments, an object may include an active object tag that may be relevant if the properties of an object have been updated/changed. Accordingly, in this example, the behavior corresponding to active object tag may be executed during a save/store operation of a modified object. At block 908, in at least one of the various embodiments, one or more behaviors associated with the active object tags may be determined. In at least one of the various embodiments, various mechanism may be employed to associate active object tags to an action and/or behavior, such as, scripts, code snippets, callback functions, closures, or the like. In at least one of the various embodiments, databases, lookup tables, hash tables, or the like, or combination thereof, may be employ for associating an active object tag with the code or callback function that may perform the actions associated with its behavior. In at least one of the various embodiments, one or more well-known data structures may be employed to associate active object tags with the underlying actions to execute the behavior. Also, in some cases, additional meta-data such as, parameter information, may be associated with the active object tag.
In at least one of the various embodiments, the behavior components of active object tags may be cache in one or more pools to reduce the time it may take to initialize the behavior.
Accordingly, in at least one of the various embodiments, the computer code may be compiled and/or resources such as memory buffers, database connection, network connection, file handles, or the like, or combination thereof, may be prepared in advance, or otherwise staged.
At block 910, in at least one of the various embodiments, the determined behaviors may be performed. In at least one of the various embodiments, the actions associated with the behavior may be executed by the PTMD.
At decision block 912, in at least one of the various embodiments, if the behaviors associated with the active object tags have completed or if their associated actions have caused one or more PTMD resources to be exceeded, control may flow to block 914; otherwise, control may loop back to block 910.
In at least one of the various embodiments, the PTMD may be arranged to perform resource monitoring similar as described for block 708 in FIGURE 7. Accordingly, if the execution of the behavior negatively impacts the performance of the PTMD or otherwise exceeds a timeout or resource threshold the one or more actions associated with the behavior may be terminated.
In at least one of the various embodiments, active object tags may be assigned priority values which may be considered when determining if the execution of the behavior should be terminated. Accordingly, the resource monitoring configuration may include different threshold values and/or timeout for different active object tags and/or active object tag priority. For example, an active object tag associated with a higher priority may have a longer timeout than a lower priority active object tag.
At block 914, in at least one of the various embodiments, one or more actions that may be associated with the object, separate from actions associated with an active object tag may be performed. In at least one of the various embodiments, CS 318 may be arranged to perform additional network management actions independent of active object tags include in the objects. These actions may be internal or rule engine based actions that comprise the regular network management operation of the PTMD. Next, control may be returned to a calling process.
It will be understood that each block of the flowchart illustration, and combinations of blocks in the flowchart illustration, can be implemented by computer program instructions. These program instructions may be provided to a processor to produce a machine, such that the instructions, which execute on the processor, create means for implementing the actions specified in the flowchart block or blocks. The computer program instructions may be executed by a processor to cause a series of operational steps to be performed by the processor to produce a computer-implemented process such that the instructions, which execute on the processor to provide steps for implementing the actions specified in the flowchart block or blocks. The computer program instructions may also cause at least some of the operational steps shown in the blocks of the flowcharts to be performed in parallel. Moreover, some of the steps may also be performed across more than one processor, such as might arise in a multi-processor computer system. In addition, one or more blocks or combinations of blocks in the flowchart illustration may also be performed concurrently with other blocks or combinations of blocks, or even in a different sequence than illustrated without departing from the scope or spirit of the invention.
Accordingly, blocks of the flowchart illustration support combinations of means for performing the specified actions, combinations of steps for performing the specified actions and program instruction means for performing the specified actions. It will also be understood that each block of the flowchart illustration, and combinations of blocks in the flowchart illustration, can be implemented by special purpose hardware-based systems, which perform the specified actions or steps, or combinations of special purpose hardware and computer instructions. The foregoing examples should not be construed as limiting and/or exhaustive, but rather, an illustrative use case to show an implementation of at least one of the various embodiments of the invention.

Claims

CLAIMS What is claimed as new and desired to be protected by Letters Patent of the UnitedStates is:
1. A method for managing communication over a network with a traffic management device (TMD) that is operative to perform actions, comprising:
providing an object based on an object definition that models at least one entity in the network, wherein the object includes at least one collection that is operative to contain at least one tag;
when at least one automatic object tag is associated with the object definition, performing further actions that include:
determining at least one automatic object tag based on the object definition that models the object; and
adding the at least one automatic object tag to the at least one collection based on at least one characteristic of the object; and
determining at least one candidate object tag based on at least a tag string that is provided by a user;
when at least one candidate object tag is determined to be an eligible object tag based at least in part on a user authorization level, adding the at least one eligible object tag to the at least one collection based on at least one characteristic of the at least one eligible object tag; and
storing the object and the at least one collection in a data store.
2. The method of Claim 1 , further comprising, searching for at least one other object based on at least one object tag that is provided by the user, wherein the search is terminated if a resource usage threshold is at least met by the TMD.
3. The method of Claim 1, wherein determining the at least one eligible object tag, further comprises, determining the at least one eligible object tag based in part on at least one policy rule.
4. The method Claim 1, further comprising, executing at least one network management rule on at least one object, wherein the at least one object is determined based on an object tag that is included in the at least one network management rule.
5. The method Claim 1 , further comprising, associating at least one action with the at least one object tag, wherein the at least one action is at least executed on the at least one object.
6. The method of Claim 1, further comprising, concealing the at least one collection from the user based on the authorization level of the user.
7. A network computer for managing communication over a network, comprising:
a transceiver for communicating over the network;
a memory for storing at least instructions;
a processor device that is operative to execute instructions that enable operations, including:
providing an object based on an object definition that models at least one entity in the network, wherein the object includes at least one collection that is operative to contain at least one tag;
when at least one automatic object tag is associated with the object definition, performing further actions that include:
determining at least one automatic object tag based on the object definition that models the object; and
adding the at least one automatic object tag to the at least one collection based on at least one characteristic of the object; and
determining at least one candidate object tag based on at least a tag string that is provided by a user;
when at least one candidate object tag is determined to be an eligible object tag based at least in part on a user authorization level, adding the at least one eligible object tag to the at least one collection based on at least one characteristic of the at least one eligible object tag; and
storing the object and the at least one collection in a data store.
8. The network computer of Claim 7, wherein the network computer processor device is operative to enable actions, further comprising, searching for at least one other object based on at least one object tag that is provided by the user, wherein the search is terminated if a resource usage threshold is at least met by the network computer.
9. The network computer of Claim 7, wherein determining the at least one eligible object tag, further comprises, determining the at least one eligible object tag based in part on at least one policy rule.
10. The network computer of Claim 7, wherein the network computer processor device is operative to enable actions, further comprising, executing at least one network management rule on at least one object, wherein the at least one object is determined based on an object tag that is included in the at least one network management rule.
11. The network computer of Claim 7, wherein the network computer processor device is operative to enable actions, further comprising, associating at least one action with the at least one object tag, wherein the at least one action is at least executed on the at least one object.
12. The network computer of Claim 7, wherein the network computer processor device is operative to enable actions, further comprising, concealing the at least one collection from the user based on the authorization level of the user.
13. A processor readable non- transitive storage media that includes instructions for managing communication over a network, wherein a network computer that executes at least a portion of the instructions enables operations, comprising:
providing an object based on an object definition that models at least one entity in the network, wherein the object includes at least one collection that is operative to contain at least one tag; when at least one automatic object tag is associated with the object definition, performing further actions that include:
determining at least one automatic object tag based on the object definition that models the object; and
adding the at least one automatic object tag to the at least one collection based on at least one characteristic of the object; and
determining at least one candidate object tag based on at least a tag string that is provided by a user;
when at least one candidate object tag is determined to be an eligible object tag based at least in part on a user authorization level, adding the at least one eligible object tag to the at least one collection based on at least one characteristic of the at least one eligible object tag; and
storing the object and the at least one collection in a data store.
14. The media of Claim 13, further comprising, searching for at least one other object based on at least one object tag that is provided by the user, wherein the search is terminated if a resource usage threshold is at least met by the network computer.
15. The media of Claim 13, wherein determining the at least one eligible object tag, further comprises, determining the at least one eligible object tag based in part on at least one policy rule.
16. The media of Claim 13, further comprising, executing at least one network management rule on at least one object, wherein the at least one object is determined based on an object tag that is included in the at least one network management rule.
17. The media of Claim 13, further comprising, associating at least one action with the at least one object tag, wherein the at least one action is at least executed on the at least one object.
18. The media of Claim 13, further comprising, concealing the at least one collection from the user based on the authorization level of the user.
19. A system arranged for managing communication over a network, comprising: a network computer, including:
a transceiver for communicating over the network;
a memory for storing at least instructions;
a processor device that is operative to execute instructions that enable operations, including:
providing an object based on an object definition that models at least one entity in the network, wherein the object includes at least one collection that is operative to contain at least one tag;
when at least one automatic object tag is associated with the object definition, performing further actions that include:
determining at least one automatic object tag based on the object definition that models the object; and
adding the at least one automatic object tag to the at least one collection based on at least one characteristic of the object; and
determining at least one candidate object tag based on at least a tag string that is provided by a user;
when at least one candidate object tag is determined to be an eligible object tag based at least in part on a user authorization level, adding the at least one eligible object tag to the at least one collection based on at least one characteristic of the at least one eligible object tag; and
storing the object and the at least one collection in a data store; and a client computer, comprising:
a transceiver for communicating over the network;
a memory for storing at least instructions;
a processor device that is operative to execute instructions that enable operations, including:
communicating at least one tag string to the network computer.
20. The system of Claim 19, wherein the network computer processor device is operative to enable actions, further comprising, searching for at least one other object based on at least one object tag that is provided by the user, wherein the search is terminated if a resource usage threshold is at least met by the network computer.
21. The system of Claim 19, wherein determining the at least one eligible object tag, further comprises, determining the at least one eligible object tag based in part on at least one policy rule.
22. The system of Claim 19, wherein the network computer processor device is operative to enable actions, further comprising, executing at least one network management rule on at least one object, wherein the at least one object is determined based on an object tag that is included in the at least one network management rule.
23. The system of Claim 19, wherein the network computer processor device is operative to enable actions, further comprising, associating at least one action with the at least one object tag, wherein the at least one action is at least executed on the at least one object.
24. The system of Claim 19, wherein the network computer processor device is operative to enable actions, further comprising, concealing the at least one collection from the user based on the authorization level of the user.
EP15798787.6A 2014-05-29 2015-05-21 Object tagging Withdrawn EP3149892A4 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US201414290740A 2014-05-29 2014-05-29
PCT/US2015/032073 WO2015183704A1 (en) 2014-05-29 2015-05-21 Object tagging

Publications (2)

Publication Number Publication Date
EP3149892A1 true EP3149892A1 (en) 2017-04-05
EP3149892A4 EP3149892A4 (en) 2017-11-22

Family

ID=54699604

Family Applications (1)

Application Number Title Priority Date Filing Date
EP15798787.6A Withdrawn EP3149892A4 (en) 2014-05-29 2015-05-21 Object tagging

Country Status (2)

Country Link
EP (1) EP3149892A4 (en)
WO (1) WO2015183704A1 (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115600600B (en) * 2022-10-26 2023-10-17 中电金信软件有限公司 Label naming method, device, electronic equipment and medium of multi-object label system

Family Cites Families (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9111088B2 (en) * 2006-08-14 2015-08-18 Quantum Security, Inc. Policy-based physical security system for restricting access to computer resources and data flow through network equipment
US8176072B2 (en) * 2009-07-28 2012-05-08 Vulcan Technologies Llc Method and system for tag suggestion in a tag-associated data-object storage system
FR2951841A1 (en) * 2009-10-23 2011-04-29 Alcatel Lucent MANAGEMENT OF LABELS RELATING TO SHARED MULTIMEDIA OBJECTS IN A TELECOMMUNICATIONS NETWORK
US8862769B2 (en) * 2010-11-23 2014-10-14 Qualcomm Incorporated Object-based transport protocol
US8699499B2 (en) * 2010-12-08 2014-04-15 At&T Intellectual Property I, L.P. Methods and apparatus to provision cloud computing network elements
US20130166550A1 (en) * 2011-12-21 2013-06-27 Sap Ag Integration of Tags and Object Data
CN104823200B (en) * 2012-09-21 2017-07-18 维萨国际服务协会 Dynamic object label and associated system and method

Also Published As

Publication number Publication date
WO2015183704A1 (en) 2015-12-03
EP3149892A4 (en) 2017-11-22

Similar Documents

Publication Publication Date Title
US10454768B2 (en) Extending policy rulesets with scripting
US9952886B2 (en) Elastic offload of prebuilt traffic management system component virtual machines
US9762492B2 (en) Data flow segment optimized for hot flows
US9436693B1 (en) Dynamic network access of snapshotted versions of a clustered file system
EP3149894B1 (en) Assisting application classification using predicted subscriber behavior
US9596184B1 (en) Hot service flow hardware offloads based on service priority and resource usage
US20150082417A1 (en) Firewall configured with dynamic collaboration from network services in a virtual network environment
US9880814B1 (en) Dynamic generation of plugins based on user-customized catalogs
US9906423B2 (en) Tag latency monitoring and control system for enhanced web page performance
US11088952B2 (en) Network traffic control based on application path
US20150235126A1 (en) Concurrent evaluation of large rule sets with conditions
WO2017112907A1 (en) Inserting and removing stateful devices in a network
US9154423B1 (en) Minimize SYN-flood issues with flow cache while maintaining performance
EP2965204B1 (en) Server to client reverse persistence
EP3149892A1 (en) Object tagging
US10326700B1 (en) Hash based per subscriber DNS based traffic classification
EP3167575B1 (en) Delayed proxy action
US9081611B1 (en) System for iteratively identifying available next higher priority tracks when identified track matching the task's native track priority is unavailable
US11457095B1 (en) Stateless communication using a stateful protocol
US9525632B1 (en) Minimize recycle SYN issues for split TCP hot flows to improve system reliability and performance
US11411875B1 (en) Network traffic control based on application identifier

Legal Events

Date Code Title Description
PUAI Public reference made under article 153(3) epc to a published international application that has entered the european phase

Free format text: ORIGINAL CODE: 0009012

17P Request for examination filed

Effective date: 20161125

AK Designated contracting states

Kind code of ref document: A1

Designated state(s): AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO RS SE SI SK SM TR

AX Request for extension of the european patent

Extension state: BA ME

DAV Request for validation of the european patent (deleted)
DAX Request for extension of the european patent (deleted)
A4 Supplementary search report drawn up and despatched

Effective date: 20171019

RIC1 Information provided on ipc code assigned before grant

Ipc: H04L 12/24 20060101AFI20171013BHEP

RAP1 Party data changed (applicant data changed or rights of an application transferred)

Owner name: F5 NETWORKS, INC

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: THE APPLICATION IS DEEMED TO BE WITHDRAWN

18D Application deemed to be withdrawn

Effective date: 20180519