The character and requirements of networks and networking hardware are changing dramatically as the demands on networks change. Not only is there an ever-increasing demand for more bandwidth, the nature of the traffic flowing on the networks is changing. With the demand for video and voice over the network in addition to data, end users and network providers alike are demanding that the network provide services such as quality-of-service (QoS), traffic metering, and enhanced security. However, the existing Internet Protocol (IP) networks were not designed to provide such services because of the limited information they contain about the nature of the data passing over them.
Existing network equipment that makes up the infrastructure was designed only to forward data through the network's maze of switches and routers without any regard for the nature of the traffic. The equipment used in existing networks, such as routers, switches, and remote access servers (RAS), are not able to process any information in the network data stream beyond the packet headers and usually only the headers associated with a particular layer of the network or with a set of particular protocols. Inferences can be made about the type of traffic by the particular protocol, or by other information in the packet header such as address or port numbers, but high-level information about the nature of the traffic and the content of the traffic is impossible to discern at wire speeds.
The ability to look beyond the header information while still in the fast-path and into the packet contents would allow a network device to identify the nature of the information carried in the packet, thereby allowing much more detailed packet classification. Knowledge of the content would also allow specific contents to be identified and scanned to provide security such as virus detection, denial of service (DoS) prevention, etc. Further, looking deeper into the data packets and being able to maintain an awareness of content over an entire traffic flow would allow for validation of network traffic flows, and verification of network protocols to aid in the processing of packets down stream.
One major problem with looking into the contents of data packets at wire speeds is the fact that data packets often end up on the network out of sequence and fragmented. Data packets can end up out of sequence in many ways. For example, one or more later data packets in a sequence may be routed through a different, faster path than earlier data packets causing the sequence to be out of order. Or, a data packet or packets may be held at a device on the network for additional processing or may get stuck in a slower queue in a network device causing later sequenced data packets to be sent ahead of earlier packets.
Similarly, data packets can also become fragmented. Fragmentation can occur when a data packet is transmitted through a device such as a router or switch, which has a maximum limit on the size of packets it processes. If the data packet is greater than this maximum, the packet is broken into two or more fragmented packets to be transmitted.
Out of sequence packets and fragmented packets make it difficult to scan past header information into the payload contents of packets, and make it impossible to maintain any kind of intelligence or state between data packets since such intelligence or state would require scanning the contents of the packets in order. In order to scan the entire contents of data packets including the payloads, it is necessary to reassemble fragmented packets and reorder out of sequence packets.
Accordingly, what is needed is a queue engine that is able to reorder and reassemble data packets at wire speeds beyond 1 gigabit per second, thereby allowing the scanning of the entire contents of data packets including header and payload information so that state information or awareness can be maintained throughout an entire data traffic flow.