WO2009107117A2 - Compressed ip flow recognition for in-line integrated mobile dpi - Google Patents

Compressed ip flow recognition for in-line integrated mobile dpi Download PDF

Info

Publication number
WO2009107117A2
WO2009107117A2 PCT/IB2009/051317 IB2009051317W WO2009107117A2 WO 2009107117 A2 WO2009107117 A2 WO 2009107117A2 IB 2009051317 W IB2009051317 W IB 2009051317W WO 2009107117 A2 WO2009107117 A2 WO 2009107117A2
Authority
WO
WIPO (PCT)
Prior art keywords
packet
node
destination
compressed
source
Prior art date
Application number
PCT/IB2009/051317
Other languages
French (fr)
Other versions
WO2009107117A3 (en
Inventor
Andrew Dolganow
Jason Rusmisel
Original Assignee
Alcatel Lucent
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Alcatel Lucent filed Critical Alcatel Lucent
Priority to CN200980106453.XA priority Critical patent/CN101960815B/en
Priority to JP2010548241A priority patent/JP5600602B2/en
Priority to KR1020107018971A priority patent/KR101124721B1/en
Priority to EP09714027A priority patent/EP2263363B1/en
Publication of WO2009107117A2 publication Critical patent/WO2009107117A2/en
Publication of WO2009107117A3 publication Critical patent/WO2009107117A3/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/04Protocols for data compression, e.g. ROHC
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/22Parsing or analysis of headers
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/50Network service management, e.g. ensuring proper service fulfilment according to agreements
    • H04L41/5003Managing SLA; Interaction between SLA and QoS
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/50Network service management, e.g. ensuring proper service fulfilment according to agreements
    • H04L41/508Network service management, e.g. ensuring proper service fulfilment according to agreements based on type of value added network service under agreement
    • H04L41/5087Network service management, e.g. ensuring proper service fulfilment according to agreements based on type of value added network service under agreement wherein the managed service relates to voice services
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/50Network service management, e.g. ensuring proper service fulfilment according to agreements
    • H04L41/508Network service management, e.g. ensuring proper service fulfilment according to agreements based on type of value added network service under agreement
    • H04L41/509Network service management, e.g. ensuring proper service fulfilment according to agreements based on type of value added network service under agreement wherein the managed service relates to media content delivery, e.g. audio, video or TV
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/24Negotiation of communication capabilities

Definitions

  • This invention relates generally to identification of IP flows in a network employing any form of Layer 3 or Layer 4 compression.
  • Selling application-specified services would allow users to pay for the services they desire to receive, while eliminating the need for the service provider to exponentially increase bandwidth.
  • service providers In order to sell application-specific services, however, service providers must first modify the underlying network architecture to identify and gather information about applications. In the radio portion of mobile networks, the use of per-application traffic management is especially critical, as bandwidth is limited due to the inherent restrictions of radio frequencies. Consequently, mobile operators have started to deploy deep packet inspection (DPI) appliances to help identify applications not only for the purpose of billing, but also to perform traffic management based on the identified application.
  • DPI deep packet inspection
  • DPI elements are located such that they are unable to effectively manage radio frequencies, as information pertaining to the mobile base station is removed by the time the packets encounter the DPI element.
  • DPI elements would need to be moved to a location in the network that provides visibility of both the end user and the mobile base station.
  • Placing the DPI elements in these locations requires DPI elements to deal with mobility aspects of the network. More particularly, mobile networks utilize compression schemes to optimize data transmitted over the radio interface. While compression minimizes the amount of data sent over the radio portion of the network, it also removes IP flow information required by the DPI element to effectively identify applications and perform per-application processing.
  • a DPI device is placed in-line in a no n- mobile portion of a mobile network, such that packets pass through the DPI device prior to being forwarded.
  • the DPI device identifies and classifies traffic passing through the mobile network based on information extracted from the header and/or data portion of the incoming packets.
  • the DPI device may implement in-line policy enforcement to manage traffic based on the identified application, even though the DPI device is located in a user scope outside of the mobile portion of the network.
  • In-line placement of the DPI device in a mobile network raises several problems.
  • Mobile networks often use compression to minimize the use of limited bandwidth. More specifically, after establishing a flow between two nodes, the source node omits much of the packet header information to decrease the amount of transmitted data. For example, many compression schemes eliminate the source address, source port, destination address, and destination port, thereby making application identification and application-specific processing impossible at the DPI device. In order to properly function, however, the DPI device must associate every packet with a particular flow, not just the first packet. Thus, placing the DPI device in-line without modification of its functionality would fail to accomplish application-aware processing.
  • a method of processing packets sent from a source node to a destination node and a related computer-readable medium encoded with instructions comprise: receiving an uncompressed packet sent from the source node to the destination node during a compression negotiation stage; storing information extracted from the uncompressed packet, the stored information sufficient to uniquely identify flows; receiving a compressed packet sent from the source node to the destination node; associating the compressed packet with an active flow by accessing the stored information; performing deep packet inspection (DPI) to identify an application associated with the active flow; and performing application-specific processing on at least one packet belonging to the active flow.
  • DPI deep packet inspection
  • the information extracted from the uncompressed packet comprises a context identifier used to establish a compression context between the source node and the destination node. Furthermore, in various exemplary embodiments, the information extracted extracted from the uncompressed packet comprises at least one of a source address and a destination address extracted from a tunnel header used to forward the uncompressed packet from the source node to the destination node. In addition, in various exemplary embodiments, the information extracted from the uncompressed packet comprises at least one of a source IP address, source port number, destination IP address, destination port number, and protocol number.
  • the application is selected from the group consisting of an email application, a web browser, a video application, an audio application, voice over IP, instant messaging, and a peer-to peer application.
  • the step of performing DPI to identify an application associated with the active flow comprises at least one of signature matching, pattern matching, stateful monitoring, behavioral analysis, and statistical analysis.
  • the compressed packet is compressed using a compression scheme selected from the group consisting of ROHC, cRTP, VC, and IPHC.
  • the step of performing application-specific processing comprises performing a traffic management function on the at least one packet belonging to the active flow.
  • the traffic management function comprises modifying a quality of service associated with the at least one packet belonging to the active flow.
  • a device for processing traffic in a network employing compression comprises: a communication module that receives an uncompressed and compressed packets sent from a source node to a destination node over an active IP flow; a storage device that stores information regarding packets; and a processor configured to identify an active IP flow associated with the compressed packet by accessing the information stored in the storage device and to perform deep packet inspection (DPI) to identify an application associated with the identified flow or any other type of application-specific processing.
  • DPI deep packet inspection
  • the device is a standalone DPI device or is integrated into a router.
  • FIG. 1 is a schematic diagram of an exemplary mobile network utilizing in-line DPI in a mobile part of a network by identifying compressed flows;
  • FIG. 2 is a schematic diagram of an exemplary uncompressed L3 packet;
  • FIG. 3 is a schematic diagram of an exemplary compressed L3 packet
  • FIG. 4 is a schematic diagram of an exemplary system used to perform DPI on compressed
  • FIG. 5 is a flowchart of an exemplary embodiment of a method for compressed flow recognition for an in-line integrated DPI device.
  • FIG. 1 is a schematic diagram of an exemplary mobile network 100 utilizing in-line DPI in a mobile part of the network 100 by identifying compressed flows.
  • Exemplary mobile network 100 includes user node 110, wireless base station 120, network 130, radio network controller 140, deep packet inspection device 150, and packet data serving node 160.
  • user node 110 is a device operated by a user that enables access to mobile network 100. More specifically, in various exemplary embodiments, user node 110 is a cell phone, personal digital assistant, personal or laptop computer, wireless email device, or any other device that supports wireless communications. Furthermore, in various exemplary embodiments, user node 110 negotiates and performs header compression in conjunction with packet data serving node 160 to reduce the amount of data transferred over mobile network 100.
  • wireless base station 120 is a device including an antenna to wirelessly exchange data with user node 110 over a plurality of radio channels. Furthermore, wireless base station 120 includes a wire line interface to forward data into network 130. Thus, in various exemplary embodiments, wireless base station 120 is a Node B in a 3G network or another base transceiver station communicating in a Global System for Mobile Communications (GSM), Universal Mobile Telecommunications System (UMTS), or other wireless network.
  • GSM Global System for Mobile Communications
  • UMTS Universal Mobile Telecommunications System
  • network 130 provides a connection between wireless base station 120 and radio network controller 140. It should be apparent that network 130 may be any network capable of sending data and requests between wireless base station 120 and radio network controller 140. Accordingly, network 130 may comprise a plurality of routers, switches, bridges, and other components suitable for receiving and forwarding data packets.
  • radio network controller 140 controls and manages a plurality of wireless base stations 120. Thus, radio network controller 140 directs the transmission and reception of data in wireless base station 120 by controlling the radio transmitters and receivers in wireless base station 120. Furthermore, in various exemplary embodiments, radio network controller 140 receives and transmits packet-switched data between wireless base station 120 and packet data serving node 160.
  • radio network controller 140 may be replaced by a base station controller or another device capable of directing the operation of wireless base station 120 and receiving and transmitting data packets.
  • mobile network 100 includes a deep packet inspection (DPI) device 150 that intercepts, "sniffs," or otherwise receives packets transmitted from radio network controller 140 to packet data switching node 160. More specifically, as described further below with reference to FIG. 5, DPI device 150 receives a packet, determines whether it is compressed or uncompressed, and performs processing according to that determination.
  • DPI device 150 comprises specialized hardware and/or software that is capable of examining data packets received from radio network controller 140 to identify information associated with the packets.
  • DPI device 150 includes a storage medium that stores information used to identify flows, a processor for performing analysis, and a communication module to receive and transmit packets.
  • DPI device 150 is integrated into radio network controller 140, packet data switching node 160, or into a network element that is part of a network (not shown) providing connectivity between radio network controller 140 and packet data switching node 160.
  • the network providing connectivity comprises a plurality of routers, switches, bridges, and other components suitable for receiving and forwarding data packets.
  • DPI device 150 is placed or integrated into wireless base station 120 or a network element that is part of network 130.
  • DPI device 150 examines any combination of information in layers 2 through 7 of the Open Systems Interconnection (OSI) model.
  • OSI Open Systems Interconnection
  • DPI device 150 performs a "deep" analysis of one or more packets in order to identify an application associated with the packets. For example, DPI device 150 may analyze a packet to determine whether the packet relates to email, streaming video, web browsing, peer-to-peer transfer, or any other application of interest to the service provider.
  • DPI device 150 performs traffic management operations, then forwards the packet to packet data serving node 160.
  • packet data serving node 160 serves as a connection between mobile network 100 and one or more IP networks (not shown). Thus, in various exemplary embodiments, packet data serving node 160 forwards packets between the Internet and radio network controller 140. Furthermore, in various exemplary embodiments, packet data serving node 160 performs header decompression on compressed packets received from user node 110. It should be apparent that packet data serving node 160 may be replaced by a Gateway General Packet Radio Service Support Node (GGSN), a Serving Gateway General Packet Radio Service Support Node (SGSN), or any other node capable of providing a connection between mobile network 100 and an IP network.
  • GGSN Gateway General Packet Radio Service Support Node
  • SGSN Serving Gateway General Packet Radio Service Support Node
  • FIG. 2 is a schematic diagram of an exemplary uncompressed packet 200.
  • uncompressed packet 200 includes, among others, packet header 210, source address 220, destination address 230, context identifier (ID) 240, and data 250.
  • packet header 210 includes data used to forward uncompressed packet 200 from a source to a destination.
  • packet header 210 includes a source address field 220, which may include a source IP address and a source port. Furthermore, in various exemplary embodiments, packet header 210 includes destination address field 230, which may include a destination IP address and a destination port. Furthermore, packet header 210 includes context ID 240, which, in various exemplary embodiments, uniquely identifies a compression context between a compressor and a decompressor. [0040] It should be apparent that packet header 210 is shown as including only source address field 220, destination address 230, and context ID 240 for the sake of simplicity.
  • packet header 210 includes additional fields including, but not limited to, a protocol number, traffic class, flow label, payload length, next header, and hop limit.
  • uncompressed packet 200 may be an IP packet, Transmission Control Protocol (TCP) packet, User Datagram Protocol (UDP) packet, or a packet formatted in any other protocol that may be subjected to compression.
  • FIG. 3 is a schematic diagram of an exemplary compressed packet 300.
  • compressed packet 300 includes only a context ID 240 and data 350. Thus, after a compressor and a decompressor negotiate a compression context, the compressor sends compressed packet 300 to minimize the amount of data transfer.
  • FIG. 4 is a schematic diagram of an exemplary system 400 used to perform DPI on compressed data packets.
  • exemplary system 400 includes source node 410, DPI device 420, and destination node 430. It should be apparent that, in various exemplary embodiments, source node 410 sends packets to destination node 430 using any compression scheme including, but not limited to, ROHC, cRTP, Van Jacobson Header Compression (VC), and Internet Protocol Header Compression (IPHC).
  • ROHC ROHC
  • cRTP Van Jacobson Header Compression
  • IPHC Internet Protocol Header Compression
  • source node 410 forwards packets over a network to destination node 430.
  • source node 410 is a compressor used to compress packets sent to a decompressor.
  • source node 410 is a user node 110, radio network controller 140, packet data serving node 160, or any other node located in a position in the network where compression of outgoing packets would be advantageous.
  • source node 410 sends uncompressed packets, which are later received and compressed by a compressor.
  • DPI device 420 is similar in structure and functionality to DPI device 150. Thus, in various exemplary embodiments, DPI device 420 intercepts, "sniffs,” or otherwise receives packets transmitted from source node 410 to destination node 430. More specifically, as described further below with reference to FIG. 5, DPI device 420 receives a packet, determines whether it is compressed or uncompressed, and performs processing according to that determination.
  • DPI device 420 is a component integrated into a router. Thus, in various exemplary embodiments, DPI device 420 analyzes each packet received by the router before the router forwards the packet to the next hop.
  • DPI device 420 is illustrated as directly connected to source node 410 and destination 430 for the sake of simplicity. Accordingly, in various exemplary embodiments, one or more switches, routers, bridges, or other network elements are placed between DPI device 420 and source node 410 or destination node 430.
  • destination node 430 receives packets from source node 410.
  • destination node 430 is a decompressor used to decompressor packets received from a compressor.
  • destination node 430 is a user node 110, radio network controller 140, packet data serving node 160, or any other node located in a position in the network where decompression of incoming packets is advantageous.
  • destination node 430 receives uncompressed packets, as the compressed packets may be processed by a decompressor prior to reaching destination node 430.
  • FIG. 5 is a flowchart of an exemplary embodiment of a method 500 for compressed flow recognition for an in-line integrated DPI device 420.
  • Exemplary method 500 starts in step 510 and proceeds to step 520, where DPI device 420 intercepts, sniffs, or otherwise receives a packet transmitted from source node 410 to destination node 430.
  • Exemplary method 500 then proceeds to step 530, where DPI device 420 determines whether the packet is compressed.
  • step 530 it is determined that the packet is not compressed (i.e. uncompressed)
  • exemplary method 500 proceeds to step 540, where it is determined whether uncompressed packet 200 is to be associated with a new flow.
  • DPI device 420 accesses information in the header of uncompressed packet 200 used to uniquely identify a flow and determines whether this information is stored in DPI device 420.
  • the information extracted from the header includes the source IP, source port number, destination IP, destination port number, and a protocol number.
  • exemplary method 500 proceeds to step 550.
  • DPI device 420 stores any information that will be used to associate packets received in the future with the identified flow.
  • DPI device 420 extracts context identifier 240 from uncompressed packet 200 and stores context identifier 240, such that DPI device may identify subsequently received data packets using the same context identifier 240.
  • context identifier 240 is sufficient to uniquely identify a flow between source node 410 and destination node 430.
  • additional information is necessary to uniquely identify each flow.
  • DPI device 420 also gathers information from the tunnel header used to route packets from source node 410 to destination node 430.
  • this information may describe an L2 or L3 tunnel that carries the packet between radio network controller 140 and packet data switching node 160.
  • DPI device 420 extracts one or more fields from the tunnel header, such as the source IP address or destination IP address, and stores these fields in association with context identifier 240. Because the tunnel headers are not compressed, DPI device 420 will be able to gather this information from subsequent compressed packets transmitted from source node 410 to destination node 430. Thus, for example, DPI device 420 could extract the IP address of RNC 140 or PDSN 160 from the tunnel header to enable DPI device 420 to uniquely identify flows.
  • DPI device 420 also stores information from the packet header of uncompressed packet 200.
  • DPI device 420 may extract the source IP address, source port number, destination IP address, destination port number, and protocol number, and store this information in conjunction with the context ID and/or tunnel header information.
  • DPI device 420 may seamlessly process both compressed and uncompressed packets in a particular flow, as all information required to uniquely identify the flow is stored in DPI device 420.
  • the information stored in step 550 in addition to context identifier 240 is not limited to tunnel headers and IP 5-tuple or 6-tuple data.
  • DPI device 420 stores any additional information that is sufficient to uniquely identify the compression context between a compressor and a decompressor.
  • step 540 it is determined that uncompressed packet 200 is not associated with a new flow (i.e. the packet is associated with an already identified flow)
  • exemplary method 500 proceeds to step 560.
  • step 560 DPI device 420 updates any stored information that is used to uniquely identify the flow. More particularly, DPI device 420 updates any information that changed since it was initially stored in step 550.
  • step 530 when in step 530, it is determined that the packet is compressed, exemplary method 500 proceeds to step 570, where DPI device 420 retrieves information necessary to uniquely identify the flow.
  • DPI device 420 extracts context identifier 240 from compressed packet 300.
  • DPI device 420 optionally extracts information from the tunnel header used to transmit compressed packet 300 from source node 410 to destination node 430 or any other information required to uniquely identify the flow.
  • Exemplary method 500 then proceeds to step 580.
  • step 580 DPI device 420 associates the packet with a previously identified flow based on the information extracted from compressed packet 300 and the information stored in DPI device 420.
  • context ID 240 is sufficient to uniquely identify a flow between source node 410 and destination node 430.
  • DPI device 420 associates the compressed packet 300 with a flow by comparing context ID 240 to the context ID information stored in DPI device 420.
  • DPI device 420 must utilize additional information to uniquely identify the flow between source node 410 and destination node 430. More specifically, in various exemplary embodiments, DPI device 420 extracts one or more fields from the tunnel header of compressed packet 300, such as a source IP address or a destinationIP address. DPI device 420 then associates the packet with the active flow by comparing the context ID 240 and information extracted from the tunnel header to the corresponding information stored in DPI device 420.
  • exemplary method 500 proceeds to step 590, where DPI device 420 performs DPI processing based on the identified flow.
  • DPI device 420 examines any combination of information in OSI layers 3 through 7 of one or more packets to identify an application associated with the flow.
  • DPI device 420 may analyze one or more packets to determine whether the flow relates to email, streaming video, web browsing, peer-to-peer transfer, Voice over IP (VoIP), or any other application of interest to the service provider.
  • the analysis performed by DPI device 420 includes at least one of signature and pattern matching, stateful monitoring, behavioral analysis, and statistical analysis.
  • DPI device 420 performs application- specific processing.
  • this application-specific processing includes traffic management operations.
  • DPI device 420 may access a service level agreement associated with the subscriber located at source node 410 to determine how to treat packets in the identified flow. Based on this determination, DPI device 420 may associate a Quality of Service (QoS) marking with the packets, such as a Differentiated Services Code Point (DSCP).
  • QoS Quality of Service
  • DSCP Differentiated Services Code Point
  • DPI device 420 may determine that the flow corresponds to streaming video and that the subscriber located at source node 410 has paid an additional fee to receive a high quality of service for such transfers.
  • DPI device 420 may mark the packets with a higher DSCP value to indicate that the packets should be given high priority.
  • DPI device 420 may determine that the flow is associated with a peer-to -peer transfer and that the subscriber is only paying for a base level of service. Accordingly, DPI device 420 may mark the packets in the flow with a value indicating that the packet should be given a lower priority.
  • DPI device 420 may perform any application-specific processing. Thus, in addition to QoS processing, DPI device 420 may, for example, drop packets, collect statistics, and manage billing.
  • exemplary method 500 After performing DPI processing in step 590, exemplary method 500 proceeds to step 595, where exemplary method 500 stops.
  • various exemplary embodiments include a DPI device that identifies and analyzes a flow, even when packets in the flow are subjected to a compression algorithm. More specifically, in various exemplary embodiments, the DPI device stores information included in an uncompressed packet and utilizes this information to identify subsequently received compressed packets associated with the flow. Based on the flow identification, the DPI device examines packets in the flow, identifies a corresponding application, and performs application-specific processing.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Business, Economics & Management (AREA)
  • General Business, Economics & Management (AREA)
  • Multimedia (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

Various exemplary embodiments comprise a method and related device and computer-readable medium including one or more of the following: receiving an uncompressed packet sent from the source node to the destination node during a compression negotiation stage; storing information extracted from the uncompressed packet, the stored information sufficient to uniquely identify flows; receiving a compressed packet sent from the source node to the destination node; associating the compressed packet with an active flow by accessing the stored information and information in the compressed packet; performing deep packet inspection (DPI) to identify an application associated with the active flow; and performing application-specific processing on at least one packet belonging to the active flow. In various exemplary embodiments, the information extracted from the uncompressed packet includes a context identifier used to establish a compression context between a compressor and a decompressor.

Description

COMPRESSED IP FLOW RECOGNITION FOR IN-LINE INTEGRATED MOBILE DPI
BACKGROUND OF THE INVENTION
1. Field of the Invention
[0001] This invention relates generally to identification of IP flows in a network employing any form of Layer 3 or Layer 4 compression.
2. Description of Related Art
[0002] As the Internet has gradually become an integral part of everyday life, the number of Internet users has constantly increased. Recent estimates place the number of users worldwide at over one billion. To compound the problem, the Internet has also experienced a tremendous increase in the amount of traffic per user. As streaming video, peer-to-peer networking, and other high bandwidth applications become the norm, the burdens placed on the underlying network architecture increase exponentially. Consider, for example, the increase in bandwidth from the typical 56 kilobit/second modem used around ten years ago to an average 5 megabit/second DSL connection presently used. In less than ten years, the bandwidth of the average connection available to the end user has increased close to one hundred times.
[0003] Despite the massive increases in the amount of users and traffic, a slowing of the growth of the Internet does not appear to be in sight. In developing countries, Internet access is viewed as a sign of progress. On the other hand, for those who currently have access to the Internet, the reliance on the Internet is constantly increasing. For example, users often run web-based applications as a replacement for local applications or download high-quality movies rather than renting a DVD. Countless other uses of large amounts of bandwidth are available or currently being developed. [0004] Although these signs of progress are encouraging to most, service providers face a difficult decision. When designing the congestion management systems, service providers did not contemplate the use of the Internet for streaming video, peer-to-peer applications, and other high bandwidth uses. As a result, when a large number of users run high-bandwidth applications, the best effort architecture frequently experiences congestion, thereby interfering with the user experience.
[0005] These problems are particularly salient in the context of mobile networks, where bandwidth is even more limited. Mobile networks are seeing a gradual transformation from voice-only services to data or mixed voice-data services. As per-user bandwidth requirements have increased, the burdens placed on the mobile network architecture have also increased. [0006] Service providers, particularly mobile network service providers, must therefore decide between several options: continue providing best effort service; increase bandwidth and essentially become a transport "utility"; or sell application-specific services based on the requirements of the individual users. Service providers view the first two options as unsatisfactory, as users are dissatisfied with best effort service, while indiscriminately increasing bandwidth would result in additional costs to the service provider with no corresponding increase in revenue. Selling application-specified services, on the other hand, would allow users to pay for the services they desire to receive, while eliminating the need for the service provider to exponentially increase bandwidth. [0007] In order to sell application-specific services, however, service providers must first modify the underlying network architecture to identify and gather information about applications. In the radio portion of mobile networks, the use of per-application traffic management is especially critical, as bandwidth is limited due to the inherent restrictions of radio frequencies. Consequently, mobile operators have started to deploy deep packet inspection (DPI) appliances to help identify applications not only for the purpose of billing, but also to perform traffic management based on the identified application.
[0008] In existing mobile network architectures, however, DPI elements are located such that they are unable to effectively manage radio frequencies, as information pertaining to the mobile base station is removed by the time the packets encounter the DPI element. In order to effectively monitor and manage per-application usage, DPI elements would need to be moved to a location in the network that provides visibility of both the end user and the mobile base station. [0009] Placing the DPI elements in these locations, however, requires DPI elements to deal with mobility aspects of the network. More particularly, mobile networks utilize compression schemes to optimize data transmitted over the radio interface. While compression minimizes the amount of data sent over the radio portion of the network, it also removes IP flow information required by the DPI element to effectively identify applications and perform per-application processing. [0010] Accordingly, there is a need for a device that identifies applications associated with data packets where the packet may be compressed. Furthermore, there is a need for an in-line device that identifies applications associated with data packets subject to a compression scheme, such as Robust Header Compression (ROHC) or Compressed Real-Time Transport Protocol (cRTP). [0011] The foregoing objects and advantages of the invention are illustrative of those that can be achieved by the various exemplary embodiments and are not intended to be exhaustive or limiting of the possible advantages which can be realized. Thus, these and other objects and advantages of the various exemplary embodiments will be apparent from the description herein or can be learned from practicing the various exemplary embodiments, both as embodied herein or as modified in view of any variation that may be apparent to those skilled in the art. Accordingly, the present invention resides in the novel methods, arrangements, combinations, and improvements herein shown and described in various exemplary embodiments.
SUMMARY OF THE INVENTION
[0012] In light of the present need for compressed IP-flow recognition for in-line integrated mobile Deep Packet Inspection (DPI), a brief summary of various exemplary embodiments is presented. Some simplifications and omissions may be made in the following summary, which is intended to highlight and introduce some aspects of the various exemplary embodiments, but not to limit the scope of the invention. Detailed descriptions of a preferred exemplary embodiment adequate to allow those of ordinary skill in the art to make and use the inventive concepts will follow in later sections.
[0013] In various exemplary embodiments, a DPI device is placed in-line in a no n- mobile portion of a mobile network, such that packets pass through the DPI device prior to being forwarded. Thus, in various exemplary embodiments, the DPI device identifies and classifies traffic passing through the mobile network based on information extracted from the header and/or data portion of the incoming packets. Using the information extracted from the packets, the DPI device may implement in-line policy enforcement to manage traffic based on the identified application, even though the DPI device is located in a user scope outside of the mobile portion of the network. [0014] In-line placement of the DPI device in a mobile network, however, raises several problems.
Mobile networks often use compression to minimize the use of limited bandwidth. More specifically, after establishing a flow between two nodes, the source node omits much of the packet header information to decrease the amount of transmitted data. For example, many compression schemes eliminate the source address, source port, destination address, and destination port, thereby making application identification and application-specific processing impossible at the DPI device. In order to properly function, however, the DPI device must associate every packet with a particular flow, not just the first packet. Thus, placing the DPI device in-line without modification of its functionality would fail to accomplish application-aware processing. [0015] Accordingly, in various exemplary embodiments, a method of processing packets sent from a source node to a destination node and a related computer-readable medium encoded with instructions comprise: receiving an uncompressed packet sent from the source node to the destination node during a compression negotiation stage; storing information extracted from the uncompressed packet, the stored information sufficient to uniquely identify flows; receiving a compressed packet sent from the source node to the destination node; associating the compressed packet with an active flow by accessing the stored information; performing deep packet inspection (DPI) to identify an application associated with the active flow; and performing application-specific processing on at least one packet belonging to the active flow. [0016] In various exemplary embodiments, the information extracted from the uncompressed packet comprises a context identifier used to establish a compression context between the source node and the destination node. Furthermore, in various exemplary embodiments, the information extracted extracted from the uncompressed packet comprises at least one of a source address and a destination address extracted from a tunnel header used to forward the uncompressed packet from the source node to the destination node. In addition, in various exemplary embodiments, the information extracted from the uncompressed packet comprises at least one of a source IP address, source port number, destination IP address, destination port number, and protocol number.
[0017] In various exemplary embodiments, the application is selected from the group consisting of an email application, a web browser, a video application, an audio application, voice over IP, instant messaging, and a peer-to peer application. In various exemplary embodiments, the step of performing DPI to identify an application associated with the active flow comprises at least one of signature matching, pattern matching, stateful monitoring, behavioral analysis, and statistical analysis.
[0018] In various exemplary embodiments, the compressed packet is compressed using a compression scheme selected from the group consisting of ROHC, cRTP, VC, and IPHC. In various exemplary embodiments, the step of performing application-specific processing comprises performing a traffic management function on the at least one packet belonging to the active flow. Thus, in various exemplary embodiments, the traffic management function comprises modifying a quality of service associated with the at least one packet belonging to the active flow.
[0019] Furthermore, in various exemplary embodiments, a device for processing traffic in a network employing compression comprises: a communication module that receives an uncompressed and compressed packets sent from a source node to a destination node over an active IP flow; a storage device that stores information regarding packets; and a processor configured to identify an active IP flow associated with the compressed packet by accessing the information stored in the storage device and to perform deep packet inspection (DPI) to identify an application associated with the identified flow or any other type of application-specific processing. In various exemplary embodiments, the device is a standalone DPI device or is integrated into a router.
BRIEF DESCRIPTION OF THE DRAWINGS
[0020] In order to better understand various exemplary embodiments, reference is made to the accompanying drawings, wherein:
[0021] FIG. 1 is a schematic diagram of an exemplary mobile network utilizing in-line DPI in a mobile part of a network by identifying compressed flows; [0022] FIG. 2 is a schematic diagram of an exemplary uncompressed L3 packet;
[0023] FIG. 3 is a schematic diagram of an exemplary compressed L3 packet;
[0024] FIG. 4 is a schematic diagram of an exemplary system used to perform DPI on compressed
L3 data packets; and
[0025] FIG. 5 is a flowchart of an exemplary embodiment of a method for compressed flow recognition for an in-line integrated DPI device.
DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS OF THE INVENTION
[0026] Referring now to the drawings, in which like numerals refer to like components or steps, there are disclosed broad aspects of various exemplary embodiments. [0027] FIG. 1 is a schematic diagram of an exemplary mobile network 100 utilizing in-line DPI in a mobile part of the network 100 by identifying compressed flows. Exemplary mobile network 100 includes user node 110, wireless base station 120, network 130, radio network controller 140, deep packet inspection device 150, and packet data serving node 160.
[0028] In various exemplary embodiments, user node 110 is a device operated by a user that enables access to mobile network 100. More specifically, in various exemplary embodiments, user node 110 is a cell phone, personal digital assistant, personal or laptop computer, wireless email device, or any other device that supports wireless communications. Furthermore, in various exemplary embodiments, user node 110 negotiates and performs header compression in conjunction with packet data serving node 160 to reduce the amount of data transferred over mobile network 100. [0029] In various exemplary embodiments, wireless base station 120 is a device including an antenna to wirelessly exchange data with user node 110 over a plurality of radio channels. Furthermore, wireless base station 120 includes a wire line interface to forward data into network 130. Thus, in various exemplary embodiments, wireless base station 120 is a Node B in a 3G network or another base transceiver station communicating in a Global System for Mobile Communications (GSM), Universal Mobile Telecommunications System (UMTS), or other wireless network.
[0030] Additionally, in various exemplary embodiments, network 130 provides a connection between wireless base station 120 and radio network controller 140. It should be apparent that network 130 may be any network capable of sending data and requests between wireless base station 120 and radio network controller 140. Accordingly, network 130 may comprise a plurality of routers, switches, bridges, and other components suitable for receiving and forwarding data packets. [0031] In various exemplary embodiments, radio network controller 140 controls and manages a plurality of wireless base stations 120. Thus, radio network controller 140 directs the transmission and reception of data in wireless base station 120 by controlling the radio transmitters and receivers in wireless base station 120. Furthermore, in various exemplary embodiments, radio network controller 140 receives and transmits packet-switched data between wireless base station 120 and packet data serving node 160. It should be apparent that radio network controller 140 may be replaced by a base station controller or another device capable of directing the operation of wireless base station 120 and receiving and transmitting data packets. [0032] In addition, in various exemplary embodiments, mobile network 100 includes a deep packet inspection (DPI) device 150 that intercepts, "sniffs," or otherwise receives packets transmitted from radio network controller 140 to packet data switching node 160. More specifically, as described further below with reference to FIG. 5, DPI device 150 receives a packet, determines whether it is compressed or uncompressed, and performs processing according to that determination. [0033] In various exemplary embodiments, DPI device 150 comprises specialized hardware and/or software that is capable of examining data packets received from radio network controller 140 to identify information associated with the packets. Thus, in various exemplary embodiments, DPI device 150 includes a storage medium that stores information used to identify flows, a processor for performing analysis, and a communication module to receive and transmit packets. [0034] In addition, in various exemplary embodiments, DPI device 150 is integrated into radio network controller 140, packet data switching node 160, or into a network element that is part of a network (not shown) providing connectivity between radio network controller 140 and packet data switching node 160. In various exemplary embodiments, the network providing connectivity comprises a plurality of routers, switches, bridges, and other components suitable for receiving and forwarding data packets. Alternatively, in various exemplary embodiments, DPI device 150 is placed or integrated into wireless base station 120 or a network element that is part of network 130. [0035] In various exemplary embodiments, DPI device 150 examines any combination of information in layers 2 through 7 of the Open Systems Interconnection (OSI) model. Thus, in various exemplary embodiments, DPI device 150 performs a "deep" analysis of one or more packets in order to identify an application associated with the packets. For example, DPI device 150 may analyze a packet to determine whether the packet relates to email, streaming video, web browsing, peer-to-peer transfer, or any other application of interest to the service provider. Furthermore, in various exemplary embodiments, DPI device 150 performs traffic management operations, then forwards the packet to packet data serving node 160.
[0036] In various exemplary embodiments, packet data serving node 160 serves as a connection between mobile network 100 and one or more IP networks (not shown). Thus, in various exemplary embodiments, packet data serving node 160 forwards packets between the Internet and radio network controller 140. Furthermore, in various exemplary embodiments, packet data serving node 160 performs header decompression on compressed packets received from user node 110. It should be apparent that packet data serving node 160 may be replaced by a Gateway General Packet Radio Service Support Node (GGSN), a Serving Gateway General Packet Radio Service Support Node (SGSN), or any other node capable of providing a connection between mobile network 100 and an IP network. [0037] It should be apparent that, although illustrated as a 3G wireless mobile network, network 100 may be any network that utilizes compression. Thus, in various exemplary embodiments, network 100 is a cellular network operating under a different standard, a satellite network, a wired network, or some other type of network utilizing compression between nodes. [0038] FIG. 2 is a schematic diagram of an exemplary uncompressed packet 200. In various exemplary embodiments, uncompressed packet 200 includes, among others, packet header 210, source address 220, destination address 230, context identifier (ID) 240, and data 250. [0039] In various exemplary embodiments, packet header 210 includes data used to forward uncompressed packet 200 from a source to a destination. Thus, in various exemplary embodiments, packet header 210 includes a source address field 220, which may include a source IP address and a source port. Furthermore, in various exemplary embodiments, packet header 210 includes destination address field 230, which may include a destination IP address and a destination port. Furthermore, packet header 210 includes context ID 240, which, in various exemplary embodiments, uniquely identifies a compression context between a compressor and a decompressor. [0040] It should be apparent that packet header 210 is shown as including only source address field 220, destination address 230, and context ID 240 for the sake of simplicity. Thus, in various exemplary embodiments, packet header 210 includes additional fields including, but not limited to, a protocol number, traffic class, flow label, payload length, next header, and hop limit. Furthermore, it should be apparent that uncompressed packet 200 may be an IP packet, Transmission Control Protocol (TCP) packet, User Datagram Protocol (UDP) packet, or a packet formatted in any other protocol that may be subjected to compression. [0041] FIG. 3 is a schematic diagram of an exemplary compressed packet 300. In various exemplary embodiments, compressed packet 300 includes only a context ID 240 and data 350. Thus, after a compressor and a decompressor negotiate a compression context, the compressor sends compressed packet 300 to minimize the amount of data transfer. [0042] FIG. 4 is a schematic diagram of an exemplary system 400 used to perform DPI on compressed data packets. Exemplary system 400 includes source node 410, DPI device 420, and destination node 430. It should be apparent that, in various exemplary embodiments, source node 410 sends packets to destination node 430 using any compression scheme including, but not limited to, ROHC, cRTP, Van Jacobson Header Compression (VC), and Internet Protocol Header Compression (IPHC).
[0043] In various exemplary embodiments, source node 410 forwards packets over a network to destination node 430. In various exemplary embodiments, source node 410 is a compressor used to compress packets sent to a decompressor. Thus, in various exemplary embodiments, source node 410 is a user node 110, radio network controller 140, packet data serving node 160, or any other node located in a position in the network where compression of outgoing packets would be advantageous. Alternatively, in various exemplary embodiments, source node 410 sends uncompressed packets, which are later received and compressed by a compressor.
[0044] In various exemplary embodiments, DPI device 420 is similar in structure and functionality to DPI device 150. Thus, in various exemplary embodiments, DPI device 420 intercepts, "sniffs," or otherwise receives packets transmitted from source node 410 to destination node 430. More specifically, as described further below with reference to FIG. 5, DPI device 420 receives a packet, determines whether it is compressed or uncompressed, and performs processing according to that determination.
[0045] It should be apparent, that although illustrated as a standalone device, in various exemplary embodiments, DPI device 420 is a component integrated into a router. Thus, in various exemplary embodiments, DPI device 420 analyzes each packet received by the router before the router forwards the packet to the next hop.
[0046] Furthermore, it should be apparent that DPI device 420 is illustrated as directly connected to source node 410 and destination 430 for the sake of simplicity. Accordingly, in various exemplary embodiments, one or more switches, routers, bridges, or other network elements are placed between DPI device 420 and source node 410 or destination node 430.
[0047] In various exemplary embodiments, destination node 430 receives packets from source node 410. In various exemplary embodiments, destination node 430 is a decompressor used to decompressor packets received from a compressor. Thus, in various exemplary embodiments, destination node 430 is a user node 110, radio network controller 140, packet data serving node 160, or any other node located in a position in the network where decompression of incoming packets is advantageous. Alternatively, in various exemplary embodiments, destination node 430 receives uncompressed packets, as the compressed packets may be processed by a decompressor prior to reaching destination node 430. [0048] FIG. 5 is a flowchart of an exemplary embodiment of a method 500 for compressed flow recognition for an in-line integrated DPI device 420. Exemplary method 500 starts in step 510 and proceeds to step 520, where DPI device 420 intercepts, sniffs, or otherwise receives a packet transmitted from source node 410 to destination node 430. Exemplary method 500 then proceeds to step 530, where DPI device 420 determines whether the packet is compressed. [0049] When in step 530, it is determined that the packet is not compressed (i.e. uncompressed), exemplary method 500 proceeds to step 540, where it is determined whether uncompressed packet 200 is to be associated with a new flow. More particularly, DPI device 420 accesses information in the header of uncompressed packet 200 used to uniquely identify a flow and determines whether this information is stored in DPI device 420. Thus, in various exemplary embodiments, the information extracted from the header includes the source IP, source port number, destination IP, destination port number, and a protocol number. [0050] When in step 540, it is determined that uncompressed packet 200 is to be associated with a new flow, exemplary method 500 proceeds to step 550. In step 550, DPI device 420 stores any information that will be used to associate packets received in the future with the identified flow. [0051] More specifically, in step 550, DPI device 420 extracts context identifier 240 from uncompressed packet 200 and stores context identifier 240, such that DPI device may identify subsequently received data packets using the same context identifier 240. It should be apparent that, in various exemplary embodiments, context identifier 240 is sufficient to uniquely identify a flow between source node 410 and destination node 430. However, in various exemplary embodiments, additional information is necessary to uniquely identify each flow. [0052] Thus, in various exemplary embodiments, DPI device 420 also gathers information from the tunnel header used to route packets from source node 410 to destination node 430. Thus, for example, this information may describe an L2 or L3 tunnel that carries the packet between radio network controller 140 and packet data switching node 160. In various exemplary embodiments, DPI device 420 extracts one or more fields from the tunnel header, such as the source IP address or destination IP address, and stores these fields in association with context identifier 240. Because the tunnel headers are not compressed, DPI device 420 will be able to gather this information from subsequent compressed packets transmitted from source node 410 to destination node 430. Thus, for example, DPI device 420 could extract the IP address of RNC 140 or PDSN 160 from the tunnel header to enable DPI device 420 to uniquely identify flows.
[0053] In various exemplary embodiments, DPI device 420 also stores information from the packet header of uncompressed packet 200. Thus, DPI device 420 may extract the source IP address, source port number, destination IP address, destination port number, and protocol number, and store this information in conjunction with the context ID and/or tunnel header information. Accordingly, in various exemplary embodiments, DPI device 420 may seamlessly process both compressed and uncompressed packets in a particular flow, as all information required to uniquely identify the flow is stored in DPI device 420. [0054] It should be apparent that, in various exemplary embodiments, the information stored in step 550 in addition to context identifier 240 is not limited to tunnel headers and IP 5-tuple or 6-tuple data. Thus, in various exemplary embodiments, DPI device 420 stores any additional information that is sufficient to uniquely identify the compression context between a compressor and a decompressor. [0055] On the other hand, when in step 540, it is determined that uncompressed packet 200 is not associated with a new flow (i.e. the packet is associated with an already identified flow), exemplary method 500 proceeds to step 560. In step 560, DPI device 420 updates any stored information that is used to uniquely identify the flow. More particularly, DPI device 420 updates any information that changed since it was initially stored in step 550.
[0056] On the other hand, when in step 530, it is determined that the packet is compressed, exemplary method 500 proceeds to step 570, where DPI device 420 retrieves information necessary to uniquely identify the flow. Thus, in various exemplary embodiments, DPI device 420 extracts context identifier 240 from compressed packet 300. In addition, DPI device 420 optionally extracts information from the tunnel header used to transmit compressed packet 300 from source node 410 to destination node 430 or any other information required to uniquely identify the flow. Exemplary method 500 then proceeds to step 580. [0057] In step 580, DPI device 420 associates the packet with a previously identified flow based on the information extracted from compressed packet 300 and the information stored in DPI device 420. In various exemplary embodiments, context ID 240 is sufficient to uniquely identify a flow between source node 410 and destination node 430. Thus, in various exemplary embodiments, DPI device 420 associates the compressed packet 300 with a flow by comparing context ID 240 to the context ID information stored in DPI device 420.
[0058] Alternatively, in various exemplary embodiments, DPI device 420 must utilize additional information to uniquely identify the flow between source node 410 and destination node 430. More specifically, in various exemplary embodiments, DPI device 420 extracts one or more fields from the tunnel header of compressed packet 300, such as a source IP address or a destinationIP address. DPI device 420 then associates the packet with the active flow by comparing the context ID 240 and information extracted from the tunnel header to the corresponding information stored in DPI device 420.
[0059] After storing information in step 550, updating information in step 560, or associating the packet with the active flow in step 580, exemplary method 500 proceeds to step 590, where DPI device 420 performs DPI processing based on the identified flow. Thus, in various exemplary embodiments, DPI device 420 examines any combination of information in OSI layers 3 through 7 of one or more packets to identify an application associated with the flow. For example, DPI device 420 may analyze one or more packets to determine whether the flow relates to email, streaming video, web browsing, peer-to-peer transfer, Voice over IP (VoIP), or any other application of interest to the service provider. In various exemplary embodiments, the analysis performed by DPI device 420 includes at least one of signature and pattern matching, stateful monitoring, behavioral analysis, and statistical analysis.
[0060] Furthermore, in various exemplary embodiments, DPI device 420 performs application- specific processing. In various exemplary embodiments, this application-specific processing includes traffic management operations. Accordingly, DPI device 420 may access a service level agreement associated with the subscriber located at source node 410 to determine how to treat packets in the identified flow. Based on this determination, DPI device 420 may associate a Quality of Service (QoS) marking with the packets, such as a Differentiated Services Code Point (DSCP). [0061 ] For example, DPI device 420 may determine that the flow corresponds to streaming video and that the subscriber located at source node 410 has paid an additional fee to receive a high quality of service for such transfers. Accordingly, DPI device 420 may mark the packets with a higher DSCP value to indicate that the packets should be given high priority. Alternatively, DPI device 420 may determine that the flow is associated with a peer-to -peer transfer and that the subscriber is only paying for a base level of service. Accordingly, DPI device 420 may mark the packets in the flow with a value indicating that the packet should be given a lower priority. [0062] It should be apparent that although described with reference to marking of packets, DPI device 420 may perform any application-specific processing. Thus, in addition to QoS processing, DPI device 420 may, for example, drop packets, collect statistics, and manage billing. After performing DPI processing in step 590, exemplary method 500 proceeds to step 595, where exemplary method 500 stops. [0063] According to the forgoing, various exemplary embodiments include a DPI device that identifies and analyzes a flow, even when packets in the flow are subjected to a compression algorithm. More specifically, in various exemplary embodiments, the DPI device stores information included in an uncompressed packet and utilizes this information to identify subsequently received compressed packets associated with the flow. Based on the flow identification, the DPI device examines packets in the flow, identifies a corresponding application, and performs application-specific processing.
[0064] Although the various exemplary embodiments have been described in detail with particular reference to certain exemplary aspects thereof, it should be understood that the invention is capable of other embodiments and its details are capable of modifications in various obvious respects. As is readily apparent to those skilled in the art, variations and modifications can be affected while remaining within the spirit and scope of the invention. Accordingly, the foregoing disclosure, description, and figures are for illustrative purposes only and do not in any way limit the invention, which is defined only by the claims.

Claims

What is claimed is:
1. A method of processing packets sent from a source node to a destination node, the method comprising: receiving an uncompressed packet sent from the source node to the destination node during a compression negotiation stage; storing information extracted from the uncompressed packet, the stored information sufficient to uniquely identify flows; receiving a compressed packet sent from the source node to the destination node? associating the compressed packet with an active flow by accessing the stored information and information in the compressed packet; performing deep packet inspection (DPI) to identify an application associated with the active flow; and performing application-specific processing on at least one packet belonging to the active flow.
2. The method of processing packets sent from a source node to a destination node according to claim 1, further comprising: using a context identifier to establish a compression context between a compressor and a decompressor, wherein the source node is the compressor and the destination node is the decompressor.
3. The method of processing packets sent from a source node to a destination node according to claim 1, further comprising: using at least one of a source address and a destination address extracted from a tunnel header to forward the uncompressed packet along a path from the source node to the destination node, wherein the information extracted from the uncompressed packet comprises at least one of a source IP address, source port number, destination IP address, destination port number, and protocol number.
4. The method of processing packets sent from a source node to a destination node according to claim 1, wherein performing DPI to identify an application associated with the active flow comprises at least one of signature matching, pattern matching, stateful monitoring, behavioral analysis, and statistical analysis, and wherein the compressed packet is compressed using a compression scheme selected from the group consisting of ROHC, cRTP, VC, and IPHC.
5. The method of processing packets sent from a source node to a destination node according to claim 1, further comprising: performing a traffic management function on the at least one packet belonging to the active flow; and modifying a quality of service associated with the at least one packet belonging to the active flow.
6. A device for processing traffic in a network employing compression, the device comprising: a communication module that receives an uncompressed packet and a compressed packet sent from a source node to a destination node over an active flow; a storage device that stores information extracted from the uncompressed packet; and a processor configured to: identify the active flow associated with the compressed packet by accessing the information stored in the storage device and information contained in the compressed packet, and perform deep packet inspection (DPI) to identify an application associated with the identified flow.
7. The device for processing traffic in a network employing compression according to claim 6, wherein the information extracted from the uncompressed packet comprises at least one of the following: a context identifier used to establish a compression context between a compressor and a decompressor, a source address and a destination address extracted from a tunnel header used to forward the uncompressed packet along a path from the source node to the destination node, a source IP address, a source port number, a destination IP address, a destination port number, and a protocol number.
8. The device for processing traffic in a network employing compression according to claim 6, wherein the compressed packet is compressed using a compression scheme selected from the group consisting of ROHC, cRTP, VC, and IPHC.
9. A computer-readable medium encoded with instructions for processing packets sent from a source node to a destination node, the computer readable medium comprising: instructions for receiving an uncompressed packet sent from the source node to the destination node during a compression negotiation stage; instructions for storing information extracted from the uncompressed packet, the stored information sufficient to uniquely identify flows; instructions for receiving a compressed packet sent from the source node to the destination node; instructions for associating the compressed packet with an active flow by accessing the stored information and information in the compressed packet; instructions for performing deep packet inspection (DPI) to identify an application associated with the active flow; and instructions for performing application- specific processing on at least one packet belonging to the active flow.
10. The computer-readable medium encoded with instructions for processing packets sent from a source node to a destination node according to claim 9, wherein the information extracted from the uncompressed packet comprises at least one of context identifier used to establish a compression context between a compressor and a decompressor, and a source address and a destination address extracted from a tunnel header used to forward the uncompressed packet along a path from the source node to the destination node.
PCT/IB2009/051317 2008-02-28 2009-02-17 Compressed ip flow recognition for in-line integrated mobile dpi WO2009107117A2 (en)

Priority Applications (4)

Application Number Priority Date Filing Date Title
CN200980106453.XA CN101960815B (en) 2008-02-28 2009-02-17 Compressed IP flow recognition for in-line integrated mobile DPI
JP2010548241A JP5600602B2 (en) 2008-02-28 2009-02-17 Compressed IP flow recognition for mobile deep packet inspection embedded inline
KR1020107018971A KR101124721B1 (en) 2008-02-28 2009-02-17 Compressed ip flow recognition for in-line integrated mobile deep packet inspection dpi
EP09714027A EP2263363B1 (en) 2008-02-28 2009-02-17 Compressed ip flow recognition for in-line integrated mobile dpi

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US12/071,982 US8885644B2 (en) 2008-02-28 2008-02-28 Compressed IP flow recognition for in-line, integrated mobile DPI
US12/071,982 2008-02-28

Publications (2)

Publication Number Publication Date
WO2009107117A2 true WO2009107117A2 (en) 2009-09-03
WO2009107117A3 WO2009107117A3 (en) 2009-10-22

Family

ID=40934163

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/IB2009/051317 WO2009107117A2 (en) 2008-02-28 2009-02-17 Compressed ip flow recognition for in-line integrated mobile dpi

Country Status (6)

Country Link
US (1) US8885644B2 (en)
EP (1) EP2263363B1 (en)
JP (1) JP5600602B2 (en)
KR (1) KR101124721B1 (en)
CN (1) CN101960815B (en)
WO (1) WO2009107117A2 (en)

Cited By (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2013543185A (en) * 2010-10-22 2013-11-28 アファームド ネットワークス,インク. Integration of multiple functions into a single platform
JP2013545387A (en) * 2010-11-01 2013-12-19 アルカテル−ルーセント Framework for content-based VLAN classification and Ethernet network to support content-based bridging
US9480101B2 (en) 2013-02-21 2016-10-25 Altiostar Networks, Inc. Systems and methods for scheduling of data packets based on application detection in a base station
CN107787003A (en) * 2016-08-24 2018-03-09 中兴通讯股份有限公司 A kind of method and apparatus of flow detection
US10856134B2 (en) 2017-09-19 2020-12-01 Microsoft Technolgy Licensing, LLC SMS messaging using a service capability exposure function
US10855645B2 (en) 2015-01-09 2020-12-01 Microsoft Technology Licensing, Llc EPC node selection using custom service types
US11032378B2 (en) 2017-05-31 2021-06-08 Microsoft Technology Licensing, Llc Decoupled control and data plane synchronization for IPSEC geographic redundancy
US11038841B2 (en) 2017-05-05 2021-06-15 Microsoft Technology Licensing, Llc Methods of and systems of service capabilities exposure function (SCEF) based internet-of-things (IOT) communications
US11051201B2 (en) 2018-02-20 2021-06-29 Microsoft Technology Licensing, Llc Dynamic selection of network elements
US11121921B2 (en) 2019-01-15 2021-09-14 Microsoft Technology Licensing, Llc Dynamic auto-configuration of multi-tenant PaaS components
US11212343B2 (en) 2018-07-23 2021-12-28 Microsoft Technology Licensing, Llc System and method for intelligently managing sessions in a mobile network
US11516113B2 (en) 2018-03-20 2022-11-29 Microsoft Technology Licensing, Llc Systems and methods for network slicing

Families Citing this family (17)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8009696B2 (en) * 2004-08-06 2011-08-30 Ipeak Networks Incorporated System and method for achieving accelerated throughput
WO2007140337A2 (en) * 2006-05-25 2007-12-06 Proximetry, Inc. Systems and methods for wireless resource management
US8509237B2 (en) * 2009-06-26 2013-08-13 Wisconsin Alumni Research Foundation Architecture and system for coordinated network-wide redundancy elimination
GB2496385B (en) * 2011-11-08 2014-03-05 Canon Kk Methods and network devices for communicating data packets
JP5784511B2 (en) * 2012-01-10 2015-09-24 株式会社日立製作所 Management device, wireless communication system, and connection management method
US20150156653A1 (en) * 2012-06-12 2015-06-04 Telefonaktiebolaget L M Ericsson (Publ) Packet analysis within a radio access network
US9258218B2 (en) * 2012-11-30 2016-02-09 Alcatel Lucent Software-defined network overlay
CN103067199B (en) * 2012-12-19 2015-11-25 华为技术有限公司 Depth message detection result diffusion method and device
CN103974325B (en) * 2013-01-31 2018-04-27 华为技术有限公司 Method, equipment and the system of multi-mode networks fusion
CA2908701C (en) 2013-04-05 2016-07-19 Media Global Links Co., Ltd. Ip uncompressed video encoder and decoder
WO2015062746A1 (en) * 2013-10-29 2015-05-07 Telefonaktiebolaget L M Ericsson (Publ) Dynamic compression coverage
US9323715B2 (en) * 2013-11-14 2016-04-26 Cavium, Inc. Method and apparatus to represent a processor context with fewer bits
WO2016004599A1 (en) * 2014-07-10 2016-01-14 华为技术有限公司 Data transmission method, system and related device
CN107210964B (en) * 2015-08-31 2020-11-10 华为技术有限公司 Data stream header compression transmission method, system, controller and node
US10432535B2 (en) * 2017-02-28 2019-10-01 Hewlett Packard Enterprise Development Lp Performing a specific action on a network packet identified as a message queuing telemetry transport (MQTT) packet
CN111404642B (en) * 2019-01-02 2023-03-31 中国移动通信有限公司研究院 Information interaction method, DPI system and application system
CN111046002B (en) * 2019-12-06 2022-08-02 浪潮(北京)电子信息产业有限公司 Data compression method, decompression method, system and related device of graph data

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1564960A1 (en) * 2001-05-16 2005-08-17 Bytemobile, Inc. System and methods for providing differentiated services within a network communication system
WO2006052183A1 (en) * 2004-11-15 2006-05-18 Telefonaktiebolaget Lm Ericsson (Publ) Method and apparatus for header compression with transmission of context information dependent upon media characteristic
WO2007081727A2 (en) * 2006-01-04 2007-07-19 Starent Networks Corporation Selecting application session services to process packet data streams based on profile information

Family Cites Families (14)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP3640660B2 (en) * 1999-08-06 2005-04-20 松下電器産業株式会社 Data transmission method, data transmission device, and data reception device
EP1411700B8 (en) * 1999-08-06 2006-08-30 Matsushita Electric Industrial Co., Ltd. Data transmission method, data transmission apparatus, and data reception apparatus
US7031314B2 (en) * 2001-05-16 2006-04-18 Bytemobile, Inc. Systems and methods for providing differentiated services within a network communication system
US7065087B2 (en) * 2003-07-08 2006-06-20 Cisco Technology, Inc. Performing compression of user datagram protocol packets
US7860032B2 (en) * 2003-08-08 2010-12-28 Qualcomm Incorporated Apparatus and method for efficiently running applications on a wireless communication device
KR100602633B1 (en) * 2003-11-08 2006-07-19 삼성전자주식회사 apparatus and method for header compression in packet
US7430617B2 (en) * 2003-12-19 2008-09-30 Nokia Corporation Method and system for header compression
JP2005252855A (en) 2004-03-05 2005-09-15 Nec Electronics Corp Apparatus and method of handling header-compressed packet
US7719966B2 (en) * 2005-04-13 2010-05-18 Zeugma Systems Inc. Network element architecture for deep packet inspection
US7784094B2 (en) 2005-06-30 2010-08-24 Intel Corporation Stateful packet content matching mechanisms
US8505092B2 (en) * 2007-01-05 2013-08-06 Trend Micro Incorporated Dynamic provisioning of protection software in a host intrusion prevention system
EP1983718A1 (en) * 2007-04-17 2008-10-22 Danmarks Tekniske Universitet Method and apparatus for inspection of compressed data packages
US7782859B2 (en) * 2007-05-07 2010-08-24 Cisco Technology, Inc. Enhanced packet classification
US8126428B2 (en) * 2007-08-07 2012-02-28 Clearwire Corporation Subscriber management system for a communication network

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1564960A1 (en) * 2001-05-16 2005-08-17 Bytemobile, Inc. System and methods for providing differentiated services within a network communication system
WO2006052183A1 (en) * 2004-11-15 2006-05-18 Telefonaktiebolaget Lm Ericsson (Publ) Method and apparatus for header compression with transmission of context information dependent upon media characteristic
WO2007081727A2 (en) * 2006-01-04 2007-07-19 Starent Networks Corporation Selecting application session services to process packet data streams based on profile information

Cited By (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2013543185A (en) * 2010-10-22 2013-11-28 アファームド ネットワークス,インク. Integration of multiple functions into a single platform
JP2013545387A (en) * 2010-11-01 2013-12-19 アルカテル−ルーセント Framework for content-based VLAN classification and Ethernet network to support content-based bridging
US9480101B2 (en) 2013-02-21 2016-10-25 Altiostar Networks, Inc. Systems and methods for scheduling of data packets based on application detection in a base station
US10855645B2 (en) 2015-01-09 2020-12-01 Microsoft Technology Licensing, Llc EPC node selection using custom service types
CN107787003A (en) * 2016-08-24 2018-03-09 中兴通讯股份有限公司 A kind of method and apparatus of flow detection
US11038841B2 (en) 2017-05-05 2021-06-15 Microsoft Technology Licensing, Llc Methods of and systems of service capabilities exposure function (SCEF) based internet-of-things (IOT) communications
US11032378B2 (en) 2017-05-31 2021-06-08 Microsoft Technology Licensing, Llc Decoupled control and data plane synchronization for IPSEC geographic redundancy
US10856134B2 (en) 2017-09-19 2020-12-01 Microsoft Technolgy Licensing, LLC SMS messaging using a service capability exposure function
US11051201B2 (en) 2018-02-20 2021-06-29 Microsoft Technology Licensing, Llc Dynamic selection of network elements
US11516113B2 (en) 2018-03-20 2022-11-29 Microsoft Technology Licensing, Llc Systems and methods for network slicing
US11212343B2 (en) 2018-07-23 2021-12-28 Microsoft Technology Licensing, Llc System and method for intelligently managing sessions in a mobile network
US11121921B2 (en) 2019-01-15 2021-09-14 Microsoft Technology Licensing, Llc Dynamic auto-configuration of multi-tenant PaaS components

Also Published As

Publication number Publication date
EP2263363B1 (en) 2013-01-23
CN101960815B (en) 2013-09-11
EP2263363A2 (en) 2010-12-22
JP2011519491A (en) 2011-07-07
KR101124721B1 (en) 2012-03-23
WO2009107117A3 (en) 2009-10-22
US8885644B2 (en) 2014-11-11
US20090219930A1 (en) 2009-09-03
JP5600602B2 (en) 2014-10-01
KR20100109970A (en) 2010-10-11
CN101960815A (en) 2011-01-26

Similar Documents

Publication Publication Date Title
US8885644B2 (en) Compressed IP flow recognition for in-line, integrated mobile DPI
EP2277299B1 (en) In-band dpi application awareness propagation enhancements
US8165024B2 (en) Use of DPI to extract and forward application characteristics
US8289864B2 (en) DPI-triggered application-aware dormancy timer adjustment for mobile data bearers
US8179846B2 (en) DPI-driven bearer termination for short-lived applications
EP1614258B1 (en) Method and system for rate control service in a network
US9231874B2 (en) Method and network node for handling TCP traffic
US20050041584A1 (en) Auto-IP traffic optimization in mobile telecommunications systems
WO2009148539A1 (en) Method and apparatus for providing quality-of service in radio access networks
WO2000042755A1 (en) Mobile communications network
FR2825561A1 (en) METHOD FOR TRANSMITTING IP PACKETS THROUGH A CELLULAR RADIO COMMUNICATION SYSTEM, AND EQUIPMENT OF THE CELLULAR SYSTEM FOR CARRYING OUT SAID METHOD
JP2005520436A (en) Multi-stream wireless router, gateway, communication system, and method therefor
US20100128665A1 (en) Method for providing signaling between a core network and a radio access network
KR20050026056A (en) Communication of packet data units over signalling and data traffic channels
WO2022258526A1 (en) Method for traffic matching in terminals with ue route selection policy (ursp)
Yang et al. A multi-link mechanism for heterogeneous radio networks
CN113330782B (en) Selecting a network based on real-time network characteristics
KR20050088596A (en) The method of configuration and transmission for contents based charging in wcdma
WO2023117044A1 (en) Opposite reflective qos

Legal Events

Date Code Title Description
WWE Wipo information: entry into national phase

Ref document number: 200980106453.X

Country of ref document: CN

121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 09714027

Country of ref document: EP

Kind code of ref document: A2

ENP Entry into the national phase

Ref document number: 20107018971

Country of ref document: KR

Kind code of ref document: A

WWE Wipo information: entry into national phase

Ref document number: 2010548241

Country of ref document: JP

Ref document number: 5355/CHENP/2010

Country of ref document: IN

NENP Non-entry into the national phase

Ref country code: DE

WWE Wipo information: entry into national phase

Ref document number: 2009714027

Country of ref document: EP