(12) United States Patent
`Dolganow et al.
`
`(10) Patent No.:
`(45) Date of Patent:
`
`US 8,165,024 B2
`Apr. 24, 2012
`
`USOO81 65024B2
`
`(54) USE OF DPI TO EXTRACT AND FORWARD
`APPLICATION CHARACTERISTICS
`
`(75) Inventors: Andrew Dolganow, Kanata (CA); Keith
`Allan, Kanata (CA); Colin Leon Kahn,
`Morris Plains, NJ (US)
`
`(73) Assignee: Alcatel Lucent, Paris (FR)
`
`(*) Notice:
`
`Subject to any disclaimer, the term of this
`past iy c.listed under 35
`M
`YW-
`y
`ayS.
`(21) Appl. No.: 12/078,701
`
`(22) Filed:
`(65)
`
`Apr. 3, 2008
`Prior Publication Data
`US 2009/O252148A1
`Oct. 8, 2009
`(51) Int. Cl
`(2006.01)
`itouL i2/26
`(200 6. 01)
`H04L 2/56
`(52) U.S. Cl. ........ irr 370/237; 370/235; 370/395.43
`(58) Field of Classification Search ............... ... ... None
`See application file for complete search history.
`References Cited
`
`(56)
`
`U.S. PATENT DOCUMENTS
`6,320,863 B1 * 1 1/2001 Ramfelt ........................ 370/404
`6,587,470 B1* 7/2003 Elliot et al. ................... 370/404
`
`
`
`6,678,832 B1* 1/2004 Gotanda ....................... T13/400
`6,741,595 B2* 5/2004 Maher et al. ...
`370,392
`6,799,030 B2 * 9/2004 Barber et al. ......
`... 455,343.1
`7,362,763 B2 * 4/2008 Wybenga et al. .......... 370/395.1
`7,508,764 B2* 3/2009 Backet al. ...
`370,235
`7,606,147 B2 * 10/2009 Luft et al. ......
`370,229
`2007/0162289 A1* 7/2007 Olsson et al. ..................... 705/1
`2008/O123660 A1* 5, 2008 Sammour et al. ........ 370,395.21
`2008/0214189 A1* 9/2008 Taaghol ..................... 455,432.2
`* cited by examiner
`
`Primary Examiner — Chi Pham
`Assistant Examiner — Soon-Dong Hyun
`(74) Attorney, Agent, or Firm — Kramer & Amado P.C.
`
`ABSTRACT
`(57)
`Various exemplary embodiments are a method and related
`device and computer-readable medium including one or more
`of the following: receiving a packet sent from the source node
`to the destination node; associating the packet with an active
`flow by accessing information in the packet; performing deep
`packet inspection (DPI) to identify an application associated
`with the active flow; determining a classification for the
`packet based on characteristics of the identified application;
`associating, with the packet, information identifying the clas
`sification; forwarding the packet including the information
`identifying the classification towards the destination node:
`and performing processing on the packet at a downstream
`device by extracting the classification from the packet.
`
`25 Claims, 4 Drawing Sheets
`
`150
`
`Microsoft
`Ex. 1001 - Page 1
`
`

`

`U.S. Patent
`
`Apr. 24, 2012
`
`Sheet 1 of 4
`
`US 8,165,024 B2
`
`
`
`Microsoft
`Ex. 1001 - Page 2
`
`

`

`U.S. Patent
`
`Apr. 24, 2012
`
`Sheet 2 of 4
`
`US 8,165,024 B2
`
`an
`
`220
`
`230
`
`240
`
`250
`
`SOURCE
`ADDRESS
`
`DESTINATION
`ADDRESS
`
`APPLICATION
`INFO
`
`DATA
`
`FIG. 2
`
`on,
`
`310
`
`
`
`320
`
`330
`
`340
`
`350
`
`PROTOCOL
`
`SEOUENCE
`
`PAYLOAD
`
`FIG. 3
`
`Microsoft
`Ex. 1001 - Page 3
`
`

`

`U.S. Patent
`
`Apr. 24, 2012
`
`Sheet 3 of 4
`
`US 8,165,024 B2
`
`ty
`
`410
`
`420
`
`43O
`
`HIGH PRIORITY MEDIUM PRIORITY LOW PRIORITY
`DATA
`DATA
`DAA
`
`FIG. 4
`
`co
`
`510
`
`
`
`520
`
`530
`
`540
`
`FRAME
`
`PFRAME
`
`B FRAME 1
`
`B FRAME 2
`
`FIG. 5
`
`Microsoft
`Ex. 1001 - Page 4
`
`

`

`U.S. Patent
`
`Apr. 24, 2012
`
`Sheet 4 of 4
`
`US 8,165,024 B2
`
`600 Ya
`
`610
`
`START
`
`
`
`RECEIVE A PACKET
`
`PERFORM DP PROCESSING
`
`CLASSIFY PACKET
`
`ASSOCATE INFORMATION
`WITH PACKET
`
`FORWARD PACKET
`
`PERFORM
`APPLICATION-SPECIFIC
`PROCESSING
`
`680
`
`STOP
`
`FIG. 6
`
`630
`
`640
`
`650
`
`660
`
`670
`
`Microsoft
`Ex. 1001 - Page 5
`
`

`

`US 8,165,024 B2
`
`1.
`USE OF DIP TO EXTRACT AND FORWARD
`APPLICATION CHARACTERISTICS
`
`FIELD OF THE INVENTION
`
`This invention relates generally to communication of infor
`mation regarding characteristics of an application associated
`with a data packet.
`
`DESCRIPTION OF RELATED ART
`
`10
`
`2
`of unique values, such that the network can effectively man
`age only a small number of applications.
`Still further, current implementations treat all data packets
`associated with an application in the same manner. For
`example, a current implementation might modify a quality of
`service assigned to every packet in a data flow. Accordingly,
`current implementations fail to consider that some packets
`associated with an application flow are more important than
`others and therefore fail to most efficiently utilize bandwidth
`in the network.
`Accordingly, there is a need for an in-line device that
`identifies characteristics of applications associated with data
`packets and conveys this information for downstream pro
`cessing. There is also a need for associating application char
`acteristic information with data packets without requiring the
`packet to be marked at end-user equipment. In addition, there
`is a need for packet marking in a mobile network that utilizes
`a packet marking scheme such that a large number of appli
`cations and application characteristics may be identified at
`any location in the network, without requiring Deep Packet
`Inspection (DPI) processing to be performed at each location.
`Furthermore, there is a need for identifying characteristics of
`applications to allow downstream processing of packets
`based on the importance of the packets to the application flow.
`The foregoing objects and advantages of the invention are
`illustrative of those that can be achieved by the various exem
`plary embodiments and are not intended to be exhaustive or
`limiting of the possible advantages which can be realized.
`Thus, these and other objects and advantages of the various
`exemplary embodiments will be apparent from the descrip
`tion herein or can be learned from practicing the various
`exemplary embodiments, both as embodied herein or as
`modified in view of any variation that may be apparent to
`those skilled in the art. Accordingly, the present invention
`resides in the novel methods, arrangements, combinations,
`and improvements herein shown and described in various
`exemplary embodiments.
`
`SUMMARY OF THE INVENTION
`
`In light of the present need for in-band DPI application
`awareness propagation enhancements, a brief Summary of
`various exemplary embodiments is presented. Some simpli
`fications and omissions may be made in the following Sum
`mary, which is intended to highlight and introduce some
`aspects of the various exemplary embodiments, but not to
`limit the scope of the invention. Detailed descriptions of a
`preferred exemplary embodiment adequate to allow those of
`ordinary skill in the art to make and use the inventive concepts
`will follow in later sections.
`In various exemplary embodiments, a DPI device is placed
`in-line in a non-mobile portion of a mobile network, Such that
`packets pass through the DPI device prior to being forwarded.
`Thus, in various exemplary embodiments, the DPI device
`identifies and classifies traffic passing through the mobile
`network based on information extracted from the header and/
`or data portion of the incoming packets. Using the informa
`tion extracted from the packets, the DPI device may add an
`application classification to the packets, thereby allowing
`downstream devices to identify the packet and perform appli
`cation-specific processing.
`Accordingly, in various exemplary embodiments, a
`method of processing packets sent from a source node to a
`destination node and a related computer-readable medium
`comprise: receiving a packet sent from the Source node to the
`destination node; associating the packet with an active flow
`by accessing information in the packet; performing deep
`
`15
`
`25
`
`30
`
`35
`
`40
`
`As streaming video, peer-to-peer networking, and other
`high bandwidth applications become the norm, the burdens
`placed on the underlying network architecture increase expo
`nentially. When designing the congestion management sys
`tems, service providers did not contemplate the use of the
`Internet for streaming video, peer-to-peer applications, and
`other high bandwidth uses. As a result, when a large number
`ofusers run high-bandwidth applications, the best effort, high
`oversubscription rate architecture frequently experiences
`congestion, thereby interfering with the user experience.
`These problems are particularly salient in the context of
`mobile networks, where bandwidth is even more limited.
`Mobile networks are seeing a gradual transformation from
`Voice-only services to data or mixed Voice-data services. As
`per-user bandwidth requirements have increased, the burdens
`placed on the mobile network architecture have also
`increased.
`Service providers, particularly mobile network service
`providers, must therefore decide between several options:
`continue providing best effort service; increase bandwidth
`and essentially become a transport “utility”; or sell applica
`tion-specific services based on the requirements of the indi
`vidual users. Service providers view the first two options as
`unsatisfactory, as users are dissatisfied with best effort ser
`vice, while indiscriminately increasing bandwidth would
`result in additional costs to the service provider with no
`corresponding increase in revenue. Selling application-spe
`cific services, on the other hand, would allow users to pay for
`the services they desire to receive, while eliminating the need
`for the service provider to exponentially increase bandwidth.
`In order to sell application-specific services, however, Ser
`vice providers must first modify the underlying network
`architecture to identify and gather information about appli
`45
`cations. In the radio portion of mobile networks, the use of
`per-application traffic management is especially critical, as
`bandwidth is limited due to the inherent restrictions of radio
`frequencies. Consequently, mobile operators frequently uti
`lize packet marking, such as Type of Service (ToS) marking to
`prioritize and forward packets.
`In existing mobile network architectures, however, the net
`work relies on end-user equipment for proper marking of
`packets. Thus, for example, a user's mobile handset could
`mark Voice packets as having a higher priority than data
`packets, thereby ensuring the quality of calls placed over the
`mobile network.
`In these current implementations, because the network
`relies on end-user equipment to mark packets, the mobile
`network cannot effectively prioritize packets without
`involvement of end-user equipment Supported by the mobile
`network. In addition, because values must be predefined and
`implemented in the end-user equipment, the mobile network
`operator lacks the flexibility to define new applications and
`markings without modifying the behavior of the end-user
`equipment. Furthermore, current implementations rely on
`packet marking protocols that include only a limited number
`
`50
`
`55
`
`60
`
`65
`
`Microsoft
`Ex. 1001 - Page 6
`
`

`

`US 8,165,024 B2
`
`10
`
`15
`
`30
`
`35
`
`40
`
`3
`packet inspection (DPI) to identify an application associated
`with the active flow; determining a classification for the
`packet based on characteristics of the identified application;
`associating, with the packet, information identifying the clas
`sification; forwarding the packet including the information
`identifying the classification towards the destination node:
`and performing processing on the packet at a downstream
`device by extracting the classification from the packet.
`In various exemplary embodiments, the packet is an IP
`packet and the information identifying the classification is
`placed in aheader extension of the IP packet. Alternatively, in
`various exemplary embodiments, the packet is formatted
`according to a proprietary protocol and the information iden
`tifying the classification is placed in a proprietary protocol
`extension of the packet. In addition, in various exemplary
`embodiments, the packet is a Generic Routing Encapsulation
`(GRE) packet and the information identifying the classifica
`tion is placed in a key field of the GRET packet or a sequence
`number of the GRE packet.
`In various exemplary embodiments, the step of determin
`ing a classification for the packet considers at least one of an
`effect of the packet on a user experience and an importance of
`the packet to an application. Furthermore, in various exem
`plary embodiments, the step of performing processing on the
`25
`packet at a downstream device comprises performing a traffic
`management function on the packet, which may include drop
`ping the packet and modifying a quality of service associated
`with the packet.
`Finally, in various exemplary embodiments, a device for
`processing traffic in a network comprises: a communication
`module that receives and forwards a packet sent from a source
`node to a destination node; and a processor configured to
`identify an active flow associated with the packet by access
`ing information stored in the packet, perform deep packet
`inspection (DPI) to identify an application associated with the
`active flow, determine a classification for the packet based on
`characteristics of the identified application, and associate,
`with the packet, information identifying the classification,
`wherein the information identifying the classification is
`extracted from the packet by a downstream device.
`
`BRIEF DESCRIPTION OF THE DRAWINGS
`
`45
`
`50
`
`In order to better understand various exemplary embodi
`ments, reference is made to the accompanying drawings,
`wherein:
`FIG. 1 is a schematic diagram of an exemplary mobile
`network utilizing in-line DPI in a mobile part of a network;
`FIG. 2 is a schematic diagram of an exemplary L3 packet
`including a field for storing application information;
`FIG.3 is a schematic diagram of an exemplary GRE packet
`including key and sequence number fields;
`FIG. 4 is a schematic diagram of an exemplary set of data
`frames associated with an application;
`55
`FIG. 5 is a schematic diagram of an exemplary set of
`MPEG-4 data frames; and
`FIG. 6 is a flowchart of an exemplary embodiment of a
`method for using deep packet inspection to extract and for
`ward application characteristics.
`
`60
`
`DETAILED DESCRIPTION OF THE PREFERRED
`EMBODIMENTS OF THE INVENTION
`
`Referring now to the drawings, in which like numerals
`refer to like components or steps, there are disclosed broad
`aspects of various exemplary embodiments.
`
`65
`
`4
`FIG. 1 is a schematic diagram of an exemplary mobile
`network 100 utilizing in-line DPI in a mobile part of the
`network 100. Exemplary mobile network 100 includes user
`node 110, wireless base station 120, network 130, radio net
`work controller 140, deep packet inspection device 150,
`packet data serving node 160, and network 170.
`In various exemplary embodiments, user node 110 is a
`device operated by a user that enables access to mobile net
`work 100. More specifically, in various exemplary embodi
`ments, user node 110 is a cell phone, personal digital assis
`tant, personal or laptop computer, wireless email device, or
`any other device that Supports wireless communications. Fur
`thermore, in various exemplary embodiments, user node 110
`generates and sends data packets related to one or more appli
`cations.
`In various exemplary embodiments, wireless base station
`120 is a device including an antenna to wirelessly exchange
`data with user node 110 over a plurality of radio channels.
`Furthermore, wireless base station 120 includes a wire line
`interface to forward data into network 130. Thus, in various
`exemplary embodiments, wireless base station 120 is a Node
`B in a 3G network or another base transceiver station com
`municating in a Global System for Mobile Communications
`(GSM), Universal Mobile Telecommunications System
`(UMTS), Long Term Evolution (LTE), or other wireless net
`work.
`Additionally, in various exemplary embodiments, network
`130 provides a connection between wireless base station 120
`and radio network controller 140. It should be apparent that
`network 130 may be any network capable of sending data and
`requests between wireless base station 120 and radio network
`controller 140. Accordingly, network 130 may comprise a
`plurality of routers, Switches, bridges, and other components
`Suitable for receiving and forwarding data packets.
`In various exemplary embodiments, radio network control
`ler 140 controls and manages a plurality of wireless base
`stations 120. Thus, radio network controller 140 directs the
`transmission and reception of data in wireless base station
`120 by controlling the radio transmitters and receivers in
`wireless base station 120. Furthermore, in various exemplary
`embodiments, radio network controller 140 receives and
`transmits packet-switched data between wireless base station
`120 and packet data serving node 160. It should be apparent
`that radio network controller 140 may be replaced by a base
`station controller or another device capable of directing the
`operation of wireless base station 120 and receiving and
`transmitting data packets.
`In various exemplary embodiments, radio network control
`ler 140 utilizes application information inserted into a data
`packet by deep packet inspection device 150 to manage the
`flow of data. More particularly, in various exemplary embodi
`ments, radio network controller 140 identifies a classification
`of a packet inserted by DPI device 150 and performs quality
`of service processing based on the classification, such as
`determining whether to allow or drop the packet.
`In addition, in various exemplary embodiments, mobile
`network 100 includes a deep packet inspection device 150
`that intercepts, "sniffs.” or otherwise receives packets trans
`mitted from user node 110 to a destination in network 170 or
`from a point in network 170 to user node 110. More specifi
`cally, as described further below with reference to FIG. 6, DPI
`device 150 receives a packet, identifies characteristics of an
`application associated with the packet, and adds a marking or
`other information to the packet to allow downstream applica
`tion-specific processing and forwarding.
`In various exemplary embodiments, DPI device 150 com
`prises specialized hardware and/or software that is capable of
`
`Microsoft
`Ex. 1001 - Page 7
`
`

`

`5
`examining data packets received from or transmitted to radio
`network controller 140 to identify information associated
`with the packets. Thus, in various exemplary embodiments,
`DPI device 150 includes a storage medium that stores infor
`mation used to identify flows, a processor for performing
`analysis, and a communication module to receive and trans
`mit packets.
`In addition, in various exemplary embodiments, DPI
`device 150 is integrated into radio network controller 140,
`packet data Switching node 160, a network element that is part
`of a network (not shown) providing connectivity between
`radio network controller 140 and packet data switching node
`160, or into a network element that is part of network 170. In
`various exemplary embodiments, the network providing con
`nectivity comprises a plurality of routers, Switches, bridges,
`and other components suitable for receiving and forwarding
`data packets. Alternatively, in various exemplary embodi
`ments, DPI device 150 is placed or integrated into wireless
`base station 120 or a network element that is part of network
`130.
`In various exemplary embodiments, DPI device 150 exam
`ines any combination of information in layers 2 through 7 of
`the Open Systems Interconnection (OSI) model. Thus, in
`various exemplary embodiments, DPI device 150 performs a
`“deep' analysis of one or more packets in order to identify an
`application associated with the packets. For example, DPI
`device 150 may analyze a packet to determine whether the
`packet relates to email, streaming video, web browsing, peer
`to-peer transfer, or any other application of interest to the
`service provider. In addition, in various exemplary embodi
`ments, DPI device 150 classifies the packet based on under
`lying characteristics of the application, such as the compres
`sion Scheme, data structure, or any other application
`characteristic. Furthermore, in various exemplary embodi
`ments, DPI device 150 performs traffic management opera
`tions, then forwards the packet to radio network controller
`140 or to packet data serving node 160.
`It should be apparent, that although illustrated as a standa
`lone device, in various exemplary embodiments, DPI device
`150 is a component integrated into a router. Thus, in various
`exemplary embodiments, DPI device 150 analyzes each
`packet received by the router before the router forwards the
`packet to the next hop. Furthermore, in various exemplary
`embodiments, DPI device 150 instead resides between packet
`switching data node 160 and network 170.
`Furthermore, it should be apparent that DPI device 150 is
`illustrated as directly connected to radio network controller
`140 and packet data serving node 160 for the sake of simplic
`ity. Accordingly, in various exemplary embodiments, one or
`more Switches, routers, bridges, or other network elements
`are placed between DPI device 150 and radio network con
`troller 140 or packet data serving node 160.
`In various exemplary embodiments, packet data serving
`node 160 serves as a connection between mobile network 100
`and one or more IP networks (not shown). Thus, in various
`exemplary embodiments, packet data serving node 160 for
`wards packets between the Internet and radio network con
`troller 140. It should be apparent that packet data serving
`node 160 may be replaced by a Gateway General Packet
`Radio Service Support Node (GGSN), a Serving Gateway
`General Packet Radio Service Support Node (SGSN). Access
`Serving Gateway, or any other node capable of providing a
`connection between mobile network 100 and an IP network.
`In various exemplary embodiments, network 170 receives
`data from and transmits data to packet data serving node 160.
`Thus, in various exemplary embodiments, network 170 com
`
`25
`
`30
`
`35
`
`40
`
`45
`
`50
`
`55
`
`60
`
`65
`
`US 8,165,024 B2
`
`10
`
`15
`
`6
`prises a plurality of routers, Switches, bridges, user nodes and
`other components suitable for sending, receiving and for
`warding data packets.
`As described further below with reference to FIG. 6, packet
`data serving node 160, radio network controller 140, or one or
`more network elements that are part of network 130, 170 or a
`network between radio network controller 140 and packet
`data serving node 160 utilize application characteristic infor
`mation inserted into a data packet by deep packet inspection
`device 150 to manage the flow of data. More particularly, in
`various exemplary embodiments, any of the above mentioned
`nodes identifies the application and associated characteristics
`using information found in the data packet and performs
`quality of service processing, such as determining whether to
`allow or drop the packet upon congestion.
`It should be apparent that, although illustrated as a 3G
`wireless mobile network, network 100 may be a different type
`network. Thus, in various exemplary embodiments, network
`100 is a cellular network operating under a different standard,
`a satellite network, a wired network, or some other type of
`network in which application-specific processing is desired.
`FIG. 2 is a schematic diagram of an exemplary L3 packet
`200 including one or more fields for storing application infor
`mation. In various exemplary embodiments, L3 packet 200
`includes, among other fields, packet header 210, Source
`address 220, destination address 230, application information
`240, and data 250.
`In various exemplary embodiments, packet header 210
`includes data used to forward packet 200 from a source to a
`destination. Thus, in various exemplary embodiments, packet
`header 210 includes a source address 220, which may include
`a source IP address and a source port. Furthermore, in various
`exemplary embodiments, packet header 210 includes desti
`nation address 230, which may include a destination IP
`address and a destination port.
`Furthermore, packet 200 includes application information
`240, which, in various exemplary embodiments, identifies an
`application associated with packet 200. In various exemplary
`embodiments, application information 240 is placed into an
`IP header extension, which may be an additional header
`inserted between packet header 210 and data 250 of packet
`200. Thus, in various exemplary embodiments, application
`information 240 consists of one or more type length values
`(TLV) indicating a name, alphanumeric identifier, or other
`information identifying an application associated with packet
`2OO.
`Furthermore, in various exemplary embodiments, applica
`tion information 240 includes an alphanumeric value that
`classifies the packet based on importance, priority, or any
`other characteristic of the underlying application. It should be
`apparent that, instead of an alphanumeric value, any informa
`tion Suitable for identifying the application and associated
`characteristics may be placed in application information 240.
`Furthermore, it should be apparent that packet header 210
`is shown as including only source address field 220 and
`destination address 230 for the sake of simplicity. Thus, in
`various exemplary embodiments, packet header 210 includes
`additional fields including, but not limited to, a protocol num
`ber, traffic class, flow label, payload length, next header, and
`hop limit. Furthermore, it should be apparent that packet 200
`may be an IP packet, Transmission Control Protocol (TCP)
`packet, User Datagram Protocol (UDP) packet, a packet for
`matted according to a proprietary protocol, or a packet for
`matted in any other protocol that may be modified to include
`application information and classification information.
`FIG. 3 is a schematic diagram of an exemplary Generic
`Routing Encapsulation packet 300 including key and
`
`Microsoft
`Ex. 1001 - Page 8
`
`

`

`US 8,165,024 B2
`
`10
`
`15
`
`7
`sequence number fields. GRE is a tunneling protocol used to
`encapsulate network layer packets inside of an IP tunneling
`packet. Thus, in various exemplary embodiments, GRE
`packet 300 includes, among other fields, version 310, proto
`col type 320, key 330, sequence number 340, and payload
`packet 350.
`GRE packet 300 includes version 310, which specifies a
`GRE protocol version with which the packet is associated.
`Furthermore, GRE packet 300 includes protocol type 320,
`which specifies the underlying protocol used for the packet
`encapsulated as payload packet 350.
`In addition, in various exemplary embodiments, GRE
`packet 300 includes key 330, which is a field inserted by the
`device or party that performs the encapsulation. Thus, in
`various exemplary embodiments, prior to forwarding packet
`300, DPI device 150 inserts application information into key
`330. Furthermore, in various exemplary embodiments, key
`330 includes an alphanumeric value that identifies an impor
`tance, priority, or other characteristic of the packet based on
`analysis of the underlying application. Accordingly, devices
`or parties that receive packet 300 downstream may extract the
`application information from key 330 and perform applica
`tion-specific processing based on the identified application
`and application characteristics.
`Furthermore, in various exemplary embodiments, GRE
`25
`packet 300 includes sequence number 340, which is a field
`inserted by the device or party that performs the encapsula
`tion. Sequence number 340 may be used to establish the order
`in which packets have been transmitted to the receiving
`device. Alternatively, in various exemplary embodiments,
`prior to forwarding packet 300, DPI device 150 inserts appli
`cation information and/or application characteristic informa
`tion into sequence number 340. Accordingly, devices or par
`ties that receive packet 300 downstream may extract the
`application information from sequence number 340 and per
`form application-specific processing based on the identified
`application and application characteristics.
`In various exemplary embodiments, GRE packet 300 also
`includes payload packet 350, which stores a packet that is
`encapsulated and routed. Accordingly, information contained
`in a delivery header (not shown) is used to forward packet 300
`from a source node to a destination node, while ignoring the
`routing information contained in payload packet 350.
`FIG. 4 is a schematic diagram of an exemplary set of data
`frames 400 associated with an application. Thus, exemplary
`set of data frames 400 includes high priority data frame 410.
`medium priority data frame 420, and low priority data frame
`430.
`Thus, as illustrated in FIG. 4, data associated with a par
`ticular application may be classified into multiple groups. In
`various exemplary embodiments, data frames associated with
`an application are grouped based on importance to the user
`experience, needs of the application, frames types used for an
`encoding scheme, or some other criterion. Accordingly, as
`described further below with reference to FIG. 6, DPI device
`150 receives a data packet, analyzes the packet to determine
`underlying characteristics, and associates the determined
`application characteristics with the packet.
`It should be apparent that data frames 400 may be associ
`ated with any application in which some frames have a greater
`effect on the user experience or should somehow be treated
`differently as they are forwarded through the network. Thus,
`data frames 400 may be MPEG-4 data frames, described in
`detail below with reference to FIG.5. Alternatively, in various
`exemplary embodiments, data frames 400 are encoded in
`another video format, such as Windows Media, a Real Media,
`or QuickTime. Furthermore, in various exemplary embodi
`
`35
`
`8
`ments, data frames 400 are audio files inaformat such as MP3
`Audio, Ogg Vorbis Audio, Windows Media, or any other
`audio encoding format. It should be apparent, however, that
`data frames 400 are not limited to audio and video files.
`It should also be apparent that an application may have any
`positive integer number of priorities or classes of data. Fur
`thermore, any characteristic of the underlying application
`may be used to classify, group, or otherwise characterize data
`frames received by DPI device 150.
`FIG. 5 is a schematic diagram of an exemplary set of
`MPEG-4 data frames 500. In various exemplary embodi
`ments, video encoded according to the MPEG-4 standard
`includes three types of frames: I frames, B frames, and P
`frames. Thus, exemplary set 500 includes I frame 510, P
`frame 520, B frame 1530, and B frame 2540.
`I frame 510, also called an Intra-frame, provides a full
`frame of data and can therefore be decoded without referenc
`ing another frame. P frame 520, also called a predicted frame,
`is deduced from the last frame, which inset 500 is I frame 510.
`B frame 1530 and B frame 2540, also called bidirectional
`predicted frames, are deduced from the previous and next I or
`P frames. Thus, although P frame 520 is located after B
`frames 530, 540, P frame 520 must be sent to the decoder
`prior to B frames 530, 540.
`Accordingly, to provide the best possible experience when
`streaming an MPEG-4 video during periods of network con
`gestion, the user should receive I frames with the highest
`priority, P frames with a medium priority, and B frames with
`a lowest priority. Thus, as described further below with ref
`erence to FIG. 6, when DPI device 150 receives a data packet
`associated with a flow identified as an MPEG-4 video stream,
`DPI device 150 analyzes the packet to determine the type of
`frame. Prior to forwarding the packet, DPI device 150 asso
`ciates, with the packet, information identifying the applica
`tion and/or classification information identifying the type of
`frame. The classification information associated with the
`frame may then be used by a downstream device to provide
`preferential treatment to I frames.
`FIG. 6 is a flowchart of an exemplary embodiment of a
`method 600 for using deep packet inspection to extract and
`forward application characteristics. Exemplary method starts
`in step 610 and proceeds to step 620, where DPI device 150
`intercepts, Sniffs, or otherwise receives a packet transmitted
`from a source node to a destination node.
`Exemplary method 600 then proceeds to step 630, where
`DPI device 150 identifies a flow associated with the packet
`using header information from the packet, then performs DPI
`processing on the identified flow. Thus, in various exemplary
`embodiments, DPI device 150 examines any combination of
`information in OSI layers 3 through 7 of one or more packets
`to identify an application associated with the flow. For
`example, DPI device 150 may analyze one or