A new US patent was granted to Francisco Cortes Gomez of
Ericsson, for "
DISTRIBUTED TRAFFIC INSPECTION IN A TELECOMMUNICATIONS NETWORK" (
here)
DESCRIPTION
Distributed Traffic Inspection in a Telecommunications Network Technical Field
The present invention relates to methods for traffic inspection in a telecommunications network and to corresponding devices. Background
In telecommunications networks, inspection of a payload section of data packets may be used for enabling smarter network decisions, e.g., with respect to controlling data traffic. For example, the inspection may be used as a basis for providing differentiated treatment of traffic based on potentially complex characteristics of the data traffic itself. This differentiated treatment may involve acting on the data traffic itself, e.g., by discarding data packets, modifying data packets, throttling transmission rates, or the like. Further, the differentiated treatment may involve taking actions related to the data traffic, e.g., charging or replication of the data traffic for law enforcement purposes or monitoring. Such inspection of payload may be implemented as Deep Packet Inspection (DPI). DPI functionalities may for example be integrated in nodes conveying user plane traffic, e.g., in a gateway or transport node.
However, DPI may require significant amounts of processing resources. Accordingly, implementation of DPI in a node conveying user plane traffic may result in performance degradation of functionalities needed for conveying the user plane traffic. Such performance degradation may be up to several orders of magnitude.
In addition, the processing load caused by DPI may depend strongly not only on the complexity of implemented inspection algorithms, but also on the nature of inspected data traffic. For example, a high proportion of data traffic which is "easy to classify" may lead to relatively low processing load, while a high proportion of data traffic which is "hard to classify" may lead to a processing load which is significantly higher, e.g., up to several orders of magnitude, even if the absolute amount of conveyed data traffic remains unchanged. Although a statistical distribution of data traffic between „easy to classify" and „hard to classify" may be assumed as a general rule, this may alleviate high load variance within relatively short periods of time, but typically does not alleviate impacts from new traffic patterns or addition of complex services. For instance, the dissemination of a new virus/worm requiring complex detection rules, or the success of a new peer-to-peer product may significantly increase DPI load on a rather short time scale.
DPI may also be implemented in specialized nodes. Such nodes may be optimized for DPI and offer sufficiently high processing resources. However, as additional devices such specialized nodes typically require high-capacity network ports for transfer of the user plane data traffic. This applies to the specialized node itself, but also to other nodes connected to the specialized node. Such high-capacity network ports may contribute significantly to the overall cost of a node. Further, such specialized nodes are typically designed to offer processing resources which are sufficient to perform also very complex inspection and classification algorithms at high speed, which may result in significant costs for a given throughput of user plane data. In scenarios where the user plane data traffic has a high proportion of "easy to classify" data the expensive hardware of the specialized node would be utilized inefficiently. Moreover, such a specialized node may constitute an additional potential point of failure and add complexity to any high-availability transport network design.
Accordingly, there is a need for techniques which allow for efficiently inspecting traffic in a telecommunications network. Summary
According to an embodiment of the invention, a method of inspecting data traffic in a telecommunications network is provided. According to the method, a node of the telecommunications network receives data packets of a flow. The node also forwards the received data packets of the flow to a downstream node of the telecommunications network. Further, the node takes a decision whether to perform inspection of a payload section of at least one data packet of the flow at the node. The node indicates a result of this decision to the downstream node.
According to a further embodiment of the invention, a method of inspecting data traffic in a telecommunications network is provided. According to the method, a node of the telecommunications network receives data packets of a flow from an upstream node of the telecommunications network. Further, the node receives an indication of a result of a decision by the upstream node whether to perform inspection of a payload section of at least one data packet of the flow at the upstream node. On the basis of the indicated result of said decision by the upstream node, the node takes a decision whether to perform inspection of a payload section of at least one data packet of the flow at the node. According to a further embodiment of the invention, a node for a telecommunications network is provided. The node comprises at least one first interface for receiving data packets of a flow, at least one second interface for forwarding the received data packets to a downstream node of the telecommunications network, and a processor. The processor is configured to take a decision whether to perform inspection of a payload section of at least one data packet of the flow at the node and to indicate, e.g., via the second interface, a result of the decision to the downstream node.
According to a further embodiment of the invention, a node for a telecommunications network is provided. The node comprises at least one interface for receiving data packets of a flow from an upstream node of the telecommunications network and a processor configured to receive, e.g., via the interface, an indication of a result of a decision by the upstream node whether to perform inspection of a payload section of at least one data packet of the flow at the upstream node of the telecommunications network. Further, the processor is configured to take, on the basis of the indicated result of said decision by the upstream node, a decision whether to perform inspection of a payload section of at least one data packet of the flow at the node. According to a further embodiment of the invention, a system for inspecting data traffic in a telecommunications network is provided. The system comprises a first node and a second node.
The first node is configured to receive data packets of a flow, forward the data packets of the flow to the second node, take a first decision whether to perform inspection of a payload section of at least one data packet of the flow at the first node, and indicate a result of the first decision to the second node. The second node is configured to receive the data packets of the flow from the first node and, on the basis of the result of the first decision indicated by the first node, take a second decision whether to perform inspection of a payload section of at least one data packet of the flow at the second node. According to a further embodiment of the invention, a computer program product is provided, e.g., in the form of a computer readable storage medium, the computer program product comprises computer readable program code that, when executed by a processor of a node of a mobile telecommunications network, causes the node to operate in accordance with any of the above methods.