The approaches described in this section could be pursued, but are not necessarily approaches that have been previously conceived or pursued. Therefore, unless otherwise indicated herein, the approaches described in this section are not prior art to the claims in this application and are not admitted to be prior art by inclusion in this section.
In data processing networks, routers, switches, servers and other network elements process network frames. A network flow comprises of one or more network frames typically having the same five-tuple of source address, destination address, source port number, destination port number, and protocol identifier. A network flow can be established between two networking devices associated with a client computer and a server computer.
Adding services to a network in a transparent fashion is not easily accomplished with current technology. Routers in present networks typically route packets based on the network address of a destination computer, and there is no simple technique to add, in the middle of the packet flow between client and server or other endpoint devices, computers to perform services. Routers and switches forward packets individually rather than making decisions based upon characteristics of a connection, and forwarding decisions are primarily driven by the value of the destination address. Consequently, if a network administrator wishes to configure the network to route or switch a frame through a service device before the frame reaches the endpoint destination address, few techniques are available.
Filters or policy-based routing do not implement decision-making based upon flows. Certain firewalls or load balancers, such as the ACE device commercially available from Cisco Systems, Inc., San Jose, Calif., focus on the destination address of a server computer and do not perform selection of a next hop based upon flow characteristics.