Flow classification is the process of classifying network data packets into various logical streams called flows. When data packets are transported in Internet protocol (IP) traffic, the data packets may require specific processing performed on the data packets. The specific processing may be dictated by the application sending or receiving the data packets or by the communication path through which the data packets travel. The flow classification is typically performed by filtering packets based upon certain parameters. For example, in a wireless communication setting where noise and interference may occur on a link in the communication path, certain applications may require that a minimum quality of service (QOS) be maintained throughout the communication transmission. Therefore, filters may be implemented in routers along the communication path to recognize the data packets requiring the maintenance of a minimum QOS and to route those data packets along reliable channels in the communication path that will ensure the minimum QOS is satisfied.
In TCP/IP network communications, packet filtering typically is performed using various parameters in the TCP/UDP/IP headers, such as source and/or destination IP addresses, source and/or destination port numbers, protocol/next header fields etc. The specific processing performed on the IP data packet traffic need not be limited to the routing of the data packet. Filtering can also be performed using higher layer protocol header parameters such as from the Real-Time Transport Protocol (RTP) header or the Session Initiation Protocol (SIP) header. The parameters addressed by filters may also be part of an application layer header or an application payload body.
The basic concept of classification is to differentiate data packets, such as an IP packet, within the stream of IP packets based upon certain characteristics (defined by the filtering parameters) to enable special handling of the IP packets. Classification of packets into streams (referred to herein as flows) can be used to provide a wide variety selective treatments to packets in each flow within a network, such as firewall, QOS, security, header compression, billing, logging, etc.
When an end-to-end communication link is established, all traffic is treated using default QOS, and if an application requires special processing it will request QOS processing by specifying its application filters to appropriate nodes or routers in the link. Specific applications may require the deployment of additional filters which may dictate the handling and specific processing of certain IP packets being transported over the communication link. Conflicts among filters can happen when there are pre-existing security filters deployed on routers if an application requests QOS processing, in which case the security and QOS filters can intersect or conflict with one another.
In some instances, end nodes or intermediate routers may require additional processing on IP data packets, such as to perform tunneling, apply security measures, etc. In such situations processing on IP data packets may move, modify or encrypt the various parameters used to enable the filtering so as to render the original filter unable to properly recognize those packets. This may occur when the parameters in the IP traffic headers is encrypted or moved from their usual offset position. Such instances are referred to as modified packets for purposes of this description. For example, when Internet Protocol Security (IPSec) is implemented using an Encapsulating Security Payload (ESP) protocol with encryption, the transport and higher headers may be encrypted. Consequently, filtering based on port numbers or other higher layers headers such as RTP cannot be properly performed.
As another example, when IP tunneling communication mechanisms are employed, the IP tunneling process encapsulates the IP data packet into one or more IP or higher layer headers. As a result, the parameters that are acted upon in a typical filtering procedure are dislocated (i.e., offset) from their usual position. Consequently, filtering based on these parameters may not be properly performed. Examples of commonly occurring IP tunneling scenarios which creates problems for conventional filtering operations include Mobile IP, IPv4-IPv6 interworking, and IPSec.