1. Field of Art
The present invention generally relates to the field of networking and, more particularly, to the processing or filtering of network traffic.
2. Description of the Related Art
Organizations, such as companies and institutions, have come to increasingly rely on their internal and external networks for information dissemination, service delivery, communications, and data storage, for example. Organizations have become particularly vulnerable to disruptions to both internal and external network services. Such disruptions may occur from, for example, malicious code such as computer viruses that may be transmitted via email or other file transfers from an external network. Organizations may also need to protect sensitive information in their internal network from access by unauthorized users. In addition, organizations have to deal with an ever increasing number of communication and file transfer services, such as instant messaging and peer-to-peer file sharing. The use of such services by employees of an organization may expand to occupy a substantial portion of available bandwidth in the organization's network.
There is thus a desire to exercise some control over such traffic in both internal and external networks. For example, an organization's policy may dictate that all instant messaging and peer-to-peer traffic between any computer on the organization's network and any computer outside the organization's network must be subject to one or more policy rules. Such policy rules may include completely blocking access to certain applications. There may also be a need to monitor and control work-related communications and other data transfers, which may inadvertently subject the internal organization's network to viruses, intrusion attempts or other unauthorized uses. In other cases, it may be desired to provide traffic shaping with respect to network traffic in order to optimize or guarantee performance, reduce latencies, and/or increase the usable network bandwidth. It may also be desired to provide quality of service (QoS) to provide different priorities to various applications, users or data flows and/or guarantee performance levels for specified data flows.
While such monitoring and controlling of traffic is in many instances highly desirable, such processes may require the provision of additional computer resources. Depending on the organization's network management policies, the monitoring and controlling of data transfers may place a substantial overhead on the operation of the network and may result in unacceptable delays in transferring data from internal to external networks, particularly where there are a large number of network management policies in place.