Computer networks such as the Internet are well known today. Such networks include communication media, firewalls, routers, network switches and hubs. Networks often interconnect client computers and servers. In the case of communications through the Internet and wide area networks, typically there are many routers and many possible routing paths between a source computer and a destination device (for example, a destination computer or gateway to a subnet) via the Internet. When a message arrives at a router, the router makes a decision as to the next router or “hop” in a path to the destination device. There are many known algorithms for making this decision, such as OSPF, RIP, IGRP, EIGRP, ISIS or BGP. The RIP, OSPF and ISIS protocols attempt to route message packets to a destination via the shortest path, i.e. fewest number of intervening routers. Routers using the OSPF protocol also can determine the bandwidth of the path to the next hop based on the interface used for forwarding the message packet to the next hop. The IGRP and EIGRP protocols attempt to route message packets based on greatest bandwidth, shortest delays and shortest path factors. The BGP protocol attempts to route message packets based on shortest Autonomous System path (i.e. fewest number of routers within a single administrative control) and least multi-exit discriminator (“MED”) (i.e. a preference for one route over another that is advertised to neighboring routers).
Quality of Service (“QoS”) may also be a factor in determining an optimum network path. QoS of a route or link in a route can be based on many factors including (a) the bandwidth of each link, (b) a routing queue which is used to determine the priority of processing and forwarding the message packet, and (c) specification of maximum latency or wait of the message packet within a router before forwarding to the next hop. Most routers have more than one routing queue with different priorities for each queue. For example, message packets on a higher priority routing queue are processed and forwarded before message packets on a lower priority routing queue. Some messages or bulk data transfers may need or warrant greater network bandwidth than others. This may result from a specification of QoS in a contract between a customer (who is sending the message or bulk data) and a service provider which is furnishing or managing part or all of the network which is used for the transmission.
US Published Patent Application 2002/0105910 discloses that the contents of any or all data packets are compared to a database of known signatures and if the contents of a data packet or packets, match a known signature, an action associated with that signature and/or session ID can be taken by network apparatus. Additionally, a content processor is operable to maintain state awareness throughout each individual traffic flow. In other words, a content processor maintains a database of each session which stores state information related to the current data packets from a traffic flow as well as state information related to the entirety of the traffic flow. This allows network apparatus to act based on the content of the data packets being scanned as well as the content of the entire traffic flow. Once the contents of the packets have been scanned and a conclusion reached by traffic flow scanning engine, the packets and the associated conclusions of either or both the header preprocessor and the content processor are sent to a quality of service (QoS) processor. The QoS processor again stores the packets in its own packet storage memory for forwarding. The QoS processor is operable to perform the traffic flow management for the stream of data packets processed by network apparatus. The QoS processor contains engines for traffic management, traffic shaping and packet modification. The QoS processor takes the conclusion of either or both of a header preprocessor and a content processor and assigns the data packet to one of its internal quality of service queues based on the conclusion. The quality of service queues can be assigned priority relative to one another or can be assigned a maximum or minimum percentage of the traffic flow through the device. This allows QoS processor to assign the necessary bandwidth to traffic flows such as VoIP, video and other flows, with high quality and reliability requirements while assigning remaining bandwidth to traffic flows with low quality requirements such as e-mail and general web surfing to low priority queues.
U.S. Pat. No. 6,654,373 discloses a traffic flow scanning processor which can be divided into a header processor and a payload analyzer. The header processor is capable of scanning the header information, determining routing requirements based on the header information and creating a unique session ID based on predetermined attributes of the data packet for identifying each individual active traffic flow within the network apparatus. The payload analyzer scans the contents of a data packet's payload and attempts to match the payload contents against a database of known strings. If a match is detected in the payload analyzer, the network apparatus is operable to perform a variety of programmable functions on the data packet or on the particular traffic flow to which the data packet is associated. In addition, the traffic flow scanning processor is able to maintain state awareness across each individual traffic flow. In addition to the traffic flow scanning processor, the network apparatus includes a quality of service processor. The quality of service processor is connected to the traffic flow scanning engine and receives the scanned data packets along with one or more conclusion or instructions from the scanning engine associated with each data packet. The quality of service processor is then operable to place each data packet into one of a plurality of quality of service queues according to the associated conclusions. The quality of service queue determines the priority of the associated data for transmission back onto the network. A routing network apparatus can be constructed using two or more route engine cards connected through a switch fabric and controlled by a management card. Each of the route engine cards includes a traffic flow scanning engine and at least one quality of service processor. The traffic flow scanning engine scans any or all of the data packets and develops an instruction or conclusion based on the contents of the data packet and maintains a state awareness across each individual traffic flow. The quality of service processor then places the data packet into a quality of service queue and modifies the packet as required for routing, quality, or security purposes. The quality of service processor then sends the data packet to the switch fabric which routes the data packets to the route engine card associated with its physical egress port. The quality of service processor on the egress route engine card acts as a buffer between the switch fabric and the physical egress ports and allocates access to the physical egress ports based on packet priority. The network apparatus has the ability to scan the contents of any data packet or packets for any information that can be represented as a signature or series of signatures. The signatures can be of any arbitrary length, can begin and end anywhere within the packets and can cross packet boundaries. Further, the network apparatus is able to maintain state awareness throughout all of the individual traffic flow by storing state information for each traffic flow representing any or all signatures matched during the course of that traffic flow.
U.S. Pat. No. 6,732,273 discloses that a sender of a message generates a message characterization code and attaches it to each message packet, apart from the body of the message packet. When a router receives the message packet, it reads the message characterization code. If the code indicates that the message requires secure communication (typically if the data in the payload is sensitive and not encrypted), then the router propagates the message packet in a secure manner such as by encryption or other secure path. However, if the code indicates that the message is not sensitive (typically if the data in the payload is not sensitive, or is sensitive but encrypted), then the router propagates the message packet along the shortest path, typically through the nonsecure Internet.
An object of the present invention is to enable a network device such as a router to determine a proper routing path for a message.
Another object of the present invention is to enable a network device such as a router to determine a proper routing path for a message without requiring any changes to the message packet format or content.