Applications processing in a network apparatus
Abstract
A method and system for distributing flows between a multiple processors. The flows can be received from an external source such as a network, by a front-end processor that recognizes the flow and the associated request, and identifies at least one internal applications processor to process the request/flow. The front-end processor utilizes a flow scheduling vector related to the identified applications processor(s), and the flow scheduling vector can be based on intrinsic data from the applications processor(s) that can include CPU utilization, memory utilization, packet loss, and queue length or buffer occupation. In some embodiments, applications processors can be understood to belong to a group, wherein applications processors within a group can be configured identically. A flow schedule vector can be computed for the different applications processor groups.
Claims
exact text as granted — not AI-modifiedWhat is claimed is:
1 . A system of intrusion detection in a network comprising:
a flow processing facility that is configured to detect and process intrusions in network data flowing through the facility, the facility comprising at least one network processor module having at least one processor, a plurality of network ports for connecting network devices for communicating network data, and instructions to cause the at least one processor to recognize one or more data packets in the network data that contain data, including profile information, for processing by an application executing on the flow processing facility by applying a policy to the data, and directing a portion of the network data to at least one flow processor module for executing the application based on the profile information and the policy; the at least one flow processor module having at least one processor and at least one memory for storing the application for execution by the at least one flow processor module processor, the at least one flow processor module including instructions to receive the portion of the network data from the at least one network processor module, to process the data in the one or more data packets for detecting intrusions, thereby providing one or more data packets with processed data, and to return the one or more data packets with processed data to the at least one network processor module for facilitating prevention of a detected intrusion from being propagated to the network; and at least one control processor module in communication with the at least one flow processor module and the at least one network processor module, and having at least one control processor module processor, and instructions for causing the at least one control processor module processor to manage the applications in the flow processor module memories.
2 . The system of claim 1 , wherein the control processor module instructions for causing the at least one control processor module processor to manage the applications in the flow processor module memories further comprise instructions to cause the at least one control processor module to perform a step from the group consisting of, downloading applications to the flow processor module memories, and deleting applications from the flow processor module memories.
3 . The system of claim 1 , further comprising a management server module in communication with the at least one control processor module and having at least one management server module processor.
4 . The system of claim 3 , wherein the management server module further comprises instructions for causing the at least one management server module processor to cause the at least one control processor module to perform a step from the group consisting of, downloading applications from the management server module to the flow processor module memories, and deleting applications from the flow processor module memories.
5 . The system of claim 1 , further comprising a local memory device coupled to the at least one of control processor module.
6 . The system of claim 1 , further comprising a remote memory device coupled to the at least one of control processor module.
7 . The system of claim 1 , wherein the at least one control processor module further comprises instructions to cause the at least one control processor module processor to transfer data between a management server module and the at least one flow processor module.
8 . The system of claim 1 , further comprising at least one storage device coupled to the at least one of flow processor module.
9 . The system of claim 1 , further comprising at least one storage device coupled to the at least one of network processor module.
10 . A method of intrusion detection in a network, comprising:
providing a flow processing facility in-line in a network; configuring the flow processing facility to detect intrusions received by the flow processing facility by recognizing with a network processor module of the flow processing facility one or more data packets in a data flow that contain data, including profile information, for processing by an application executing on the flow processing facility by applying a policy to the data; directing the one or more data packets associated with a data flow that includes detected intrusions from the network processor module to at least one application processor module, based on the profile information and the policy, to process the data thereby providing one or more data packets with processed data; and executing the application on the at least one application processor module, thereby taking an action on the one or more data packets with processed data such that the data flow of the detected intrusion is not propagated to the network.
11 . The method of claim 10 , further including managing the application executing on the at least one application processor with a control processor module that is in communication with the network processor module and the at least one application processor module.
12 . The method of claim 10 , wherein executing the application on the at least one application processor module further comprises selecting the at least one application based on the subscriber profile information.
13 . The method of claim 12 , further comprising configuring the at least one application processor module for the at least one selected application.
14 . The method of claim 12 , further comprising selecting at least one application processor module based on the at least one identified application.
15 . The method of claim 10 , further comprising selecting at least one application processor module based on application processor module loading.
16 . The method of claim 10 , further comprising selecting at least one application processor module based on applying the policy to the data.
17 . The method of claim 10 , wherein directing the one or more data packets further comprises identifying a source of the stream of data packets and retrieving an application subscriber profile based on the data source.Join the waitlist — get patent alerts
Track US2016191571A1 — get alerts on status changes and closely related new filings.
We store only your email — no account needed. See our privacy policy.