View All Documents & Correspondence
System And Method For Controlling Operation Of A Switch In A Network
Abstract: A method and a system are provided for controlling operation of a switch in a network. In an embodiment, the method comprises receiving a set of instructions at a switch. The set of instructions pertain to selection of one of an operation of a plurality of operations of the switch. The plurality of operations is indicative of any or a combination of a firewall operation, a load balancer operation, and an intrusion detection operation. Further, the operation of the switch is adjusted to perform one of the selected operations for routing of a plurality of data packets from a source location to a destination location in the network.
Notices, Deadlines & Correspondence
Patent Information
Applicants
Chitkara Innovation Incubator Foundation
Inventors
1. BADOTRA, Sumit
2. PANDA, Surya Narayan
3. DATTA, Priyanka
Specification
[0001] The present invention relates generally to multiple operations of a switch and, more particularly, to controlling and managing varied operations of the switch.
BACKGROUND
[0002] In a traditional switch device, for enabling operations such as packet forwarding and high-level routing on a single switch device, a user has to physically visit a location where the switch is placed, login to command line and then configure the switch through the command line. This process is a tedious and a time consuming task and is equally ineffective. In addition, in traditional switch based networking techniques that use firewalls and next-generation firewalls there is a need for a network administrator to physically configure and activate the switch for performing both the functions.
[0003] Also, preparing the switch to act both as a load balancer and having to perform the task of a firewall has its own set of limitations in flexibility and adaptability. These challenges compel the user to buy and install individual devices that individually act as a firewall or a load balancer to achieve the normal functionality.
[0004] Based on the above mentioned limitations, it can be gauged that is a lack of availability of switch devices that can simultaneously work as a firewall or as a load balancer as per user’s requirement. There is thus a need in the art for an improved system and method for enabling the switch to act as a firewall and a load balancer simultaneously.
OBJECTS OF THE PRESENT DISCLOSURE
[0005] Some of the objects of the present disclosure aimed to ameliorate one or more problems of the prior art or to at least provide a useful alternative are listed herein below.
[0006] An object of the present disclosure is to provide a method that facilitates to control operations of a switch.
[0007] An object of the present disclosure is to provide a method that facilitates to train the switch to perform firewall and load balancer based operations simultaneously.
[0008] An object of the present disclosure is to provide a method that facilitates to alter and reprogram the functioning of the switch based on packets to be routed.
SUMMARY OF THE INVENTION
[0009] The present invention relates generally to multiple switch operations and, more particularly, to controlling and managing varied operations for the switch.
[00010] According to an aspect of the present disclosure is provided a method for controlling operation of a switch in a network, said method comprising: receiving, at a processor operatively coupled with the switch, a set of instructions pertaining to selection of one of an operation of a plurality of operations of the switch, the plurality of operations being indicative of any or a combination of a firewall operation, a load balancer operation, and an intrusion detection operation; and responsive to receiving the selected operation, adjusting, at the processor, the operation of the switch to perform one of the selected operation for routing of a plurality of data packets from a source location to a destination location in the network.
[00011] According to an embodiment, upon the switch performing the firewall operation, processing is done at a transport layer and an application layer of the network for routing of the plurality of data packets in the network.
[00012] According to an embodiment, upon the switch performing the load balancer operation, the processor applies a First Come First Serve (FCFS) mechanism and a weighted round robin mechanism for routing of the plurality of data packets in the network.
[00013] According to an embodiment, operation of the switch is controlled based on a routing decision related to routing of each of the plurality of data packets in the network.
[00014] According to an embodiment, the switch is operated to perform the firewall operation when the routing decision is indicative of blocking routing of the plurality of data packets in the network.
[00015] According to an embodiment, the switch is operated to perform the load balancer operation when the routing decision is indicative of routing a selective set of data packets of the plurality of data packets in the network.
[00016] According to an embodiment, the selective set of data packets pertain to a first set of data packets of the plurality of data packets having a higher priority and need to be routed on priority in the network.
[00017] According to an embodiment, the routing of the selective set of data packets of the plurality of data packets in the network facilitates prevention of occurrence of traffic congestion in the network.
[00018] According to an embodiment, the switch is operated to perform the intruder detection operation when at least one of a data packet of the plurality of data packets to be routed in the network is suspicious and is to be scanned for intrusion prevention.
[00019] According to an aspect of the present disclosure is provided a system for controlling operation of a switch in a network, said system comprising: one or more processors of the switch coupled with a memory, the memory storing instructions which when executed by the one or more processors causes the switch to: receive a set of instructions pertaining to selection of one of an operation of a plurality of operations of the switch, the plurality of operations being indicative of any or a combination of a firewall operation, a load balancer operation, and an intrusion detection operation; and responsive to receiving the selected operation, adjust the operation of the switch to perform one of the selected operation in the network.
[00020] Various objects, features, aspects and advantages of the present disclosure will become more apparent from the following detailed description of preferred embodiments, along with the accompanying drawing figures in which like numerals represent like features.
BRIEF DESCRIPTION OF THE ACCOMPANYING DRAWINGS
[00021] In the figures, similar components and/or features may have the same reference label. Further, various components of the same type may be distinguished by following the reference label with a second label that distinguishes among the similar components. If only the first reference label is used in the specification, the description is applicable to any one of the similar components having the same first reference label irrespective of the second reference label.
[00022] FIG. 1 illustrates a network implementation of a system for enabling multiple simultaneous functionality of a switch in accordance with an embodiment of the present disclosure.
[00023] FIG. 2 illustrates exemplary functional components of a system in accordance with an embodiment of the present disclosure.
[00024] FIG. 3 illustrates exemplary flow of a packet in the system for routing in accordance with an embodiment of the present disclosure.
[00025] FIG. 4 illustrates exemplary implementation of the system in accordance with an embodiment of the present disclosure.
[00026] FIG. 5 is a high-level flow diagram illustrating working of the system in accordance with an embodiment of the present disclosure.
[00027] FIG. 6 illustrates an exemplary computer system to implement the proposed system in accordance with embodiments of the present disclosure.
DETAILED DESCRIPTION
[00028] In the following description, numerous specific details are set forth in order to provide a thorough understanding of embodiments of the present invention. It will be apparent to one skilled in the art that embodiments of the present invention may be practiced without some of these specific details.
[00029] Embodiments of the present invention include various steps, which will be described below. The steps may be performed by hardware components or may be embodied in machine-executable instructions, which may be used to cause a general-purpose or special-purpose processor programmed with the instructions to perform the steps. Alternatively, steps may be performed by a combination of hardware, software, firmware and/or by human operators.
[00030] Embodiments of the present invention may be provided as a computer program product, which may include a machine-readable storage medium tangibly embodying thereon instructions, which may be used to program a computer (or other electronic devices) to perform a process. The machine-readable medium may include, but is not limited to, fixed (hard) drives, magnetic tape, floppy diskettes, optical disks, compact disc read-only memories (CD-ROMs), and magneto-optical disks, semiconductor memories, such as ROMs, PROMs, random access memories (RAMs), programmable read-only memories (PROMs), erasable PROMs (EPROMs), electrically erasable PROMs (EEPROMs), flash memory, magnetic or optical cards, or other type of media/machine-readable medium suitable for storing electronic instructions (e.g., computer programming code, such as software or firmware).
[00031] Various methods described herein may be practiced by combining one or more machine-readable storage media containing the code according to the present invention with appropriate standard computer hardware to execute the code contained therein. An apparatus for practicing various embodiments of the present invention may involve one or more computers (or one or more processors within a single computer) and storage systems containing or having network access to computer program(s) coded in accordance with various methods described herein, and the method steps of the invention could be accomplished by modules, routines, subroutines, or subparts of a computer program product.
[00032] Referring to the drawings, the invention will now be described in more detail.
[00033] FIG. 1 illustrates a network implementation of a system 100 for enabling multiple simultaneous functionality of a switch in accordance with an embodiment of the present disclosure.
[00034] According to an embodiment, an operation controlling system 100 is disclosed that is configured to facilitate providing multiple functions to a switch that is part of a network. As an example the switch 106 may be a software defined network (SDN) switch or an Open Flow switch that is an Open Flow-enabled data switch that communicates over an Open Flow channel to an external controller. The Open Flow switch may perform a packet lookup and forwarding according to one or more flow tables and a group table. The Open Flow switch may communicate with the controller and the controller may manage the switch via the Open Flow switch protocol. The Open Flow switch protocol may be designed to manage and direct traffic among routers and switches of varying types.
[00035] The switch can be defined as a piece of hardware that utilizes packet switching to receive, process and forward data between devices within a network. With global rise of server virtualization, traditional network switches are being gradually replaced with software-defined network controllers (SDN switches) that rely on the code as opposed to network bridges and hardware. The switch 106 defined herewith may be a SDN switch.
[00036] The switch 106 is connected to a data store 104 via a network 102. The network 102 can be a wireless network, a wired network or a combination thereof. The network 102 can be implemented as one of the different types of networks, such as intranet, local area network (LAN), wide area network (WAN), the internet, Wi-Fi, LTE network, CDMA network, and the like. Further, the network 108 can either be a dedicated network or a shared network. The shared network represents an association of the different types of networks that use a variety of protocols, for example, Hypertext Transfer Protocol (HTTP), Transmission Control Protocol/Internet Protocol (TCP/IP), Wireless Application Protocol (WAP), and the like, to communicate with one another. Further the network 102 can include a variety of network devices, including routers, bridges, servers, computing devices, storage devices, and the like.
[00037] In an embodiment, the data store 104 includes a relational database. The relational database may store information related to traversal of packets that pass through the switch 106 from a source location to a destination location via the network 104.
[00038] In an embodiment, an operation of a switch 106 of a network may be controlled. This is done by receiving a set of instructions pertaining to selection of one of an operation of a plurality of operations of the switch. The operation of the switch may be controlled based on a routing decision related to routing of each of the plurality of data packets in the network.
[00039] The plurality of operations is indicative of any or a combination of a firewall operation, a load balancer operation, and an intrusion detection operation. Upon receiving the selected operation, the operation of the switch is adjusted to perform one of the selected operations for routing of a plurality of data packets from a source location to a destination location in the network. When the switch 106 performs the firewall operation, processing may be done at a transport layer and an application layer of the network for routing of the plurality of data packets in the network. In an embodiment, the switch 106 may be operated to perform the firewall operation when the routing decision is indicative of blocking routing of the plurality of data packets in the network. In an embodiment, the switch may operate as a firewall, and work on both transport and application layer of software defined network (SDN) based architecture and therefore can be termed as a multi layer firewall whereas load balancer will make use of First Come First Serve (FCFS) and Weighted Round Robin algorithm to perform the functionality.
[00040] Further, when the switch performs the load balancer operation, a First Come First Serve (FCFS) mechanism and a weighted round robin mechanism may be adopted for routing of the plurality of data packets in the network. The switch 106 may be operated to perform the load balancer operation when the routing decision is indicative of routing a selective set of data packets of the plurality of data packets in the network. The selective set of data packets may pertain to a first set of data packets of the plurality of data packets having a higher priority and need to be routed on priority in the network. Further, the routing of the selective set of data packets of the plurality of data packets in the network may facilitate prevention of occurrence of traffic congestion in the network.
[00041] In an embodiment, the switch 106 may be operated to perform the intruder detection operation when at least one of a data packet of the plurality of data packets to be routed in the network is suspicious and is to be scanned for intrusion prevention.
[00042] Further, the system 100 may be accessed by entities 108-1, 108-2…108-N (which are collectively referred to as entities 108 and individually referred to as the entity 108, hereinafter) can communicate with the system 100 through one or more computing devices 110-1, 110-2…110-N (which are collectively referred to as computing devices 110 and individually referred to as the computing device 110, hereinafter) that can be communicatively coupled to the system 102 through a network 102. The entities 108 can be any person, who is an administrator, a data scientist, a cloud based programmer, a customer, a user, and the like. The computing devices 110 may include a variety of computing systems, including but not limited to, a laptop computer, a desktop computer, a notebook, a workstation, a portable computer, a personal digital assistant, a handheld device, a smartphone and a mobile device.
[00043] FIG. 2 illustrates at 200 exemplary functional components of a system 100 in accordance with an embodiment of the present disclosure.
[00044] In an aspect, an operation controlling system 100 herein also referred to as system 100) may comprise one or more processor(s) 202. The one or more processor(s) 202 may be implemented as one or more microprocessors, microcomputers, microcontrollers, digital signal processors, central processing units, logic circuitries, and/or any devices that manipulate data based on operational instructions. Among other capabilities, the one or more processor(s) 202 are configured to fetch and execute computer-readable instructions stored in a memory 204 of the system 100. The memory 204 may store one or more computer-readable instructions or routines, which may be fetched and executed to create or share the data units over a network service. The memory 204 may comprise any non-transitory storage device including, for example, volatile memory such as RAM, or non-volatile memory such as EPROM, flash memory, and the like.
[00045] The system 100 may also comprise an interface(s) 206. The interface(s) 206 may comprise a variety of interfaces, for example, interfaces for data input and output devices, referred to as I/O devices, storage devices, and the like. The interface(s) 206 may facilitate communication of system 100. The interface(s) 206 may also provide a communication pathway for one or more components of the processing engine 208. Examples of such components include, but are not limited to, processing engine(s) 208 and database 218.
[00046] The processing engine(s) 208 may be implemented as a combination of hardware and programming (for example, programmable instructions) to implement one or more functionalities of the processing engine(s) 208. The processing engine(s) 208 is stored on the memory 206 and runs on the processor(s) 202. In examples described herein, such combinations of hardware and programming may be implemented in several different ways. For example, the programming for the processing engine(s) 208 may be processor executable instructions stored on a non-transitory machine-readable storage medium and the hardware for the processing engine(s) 208 may comprise a processing resource (for example, one or more processors), to execute such instructions. In the present examples, the machine-readable storage medium may store instructions that, when executed by the processing resource, implement the processing engine(s) 208. In such examples, the system 100 may comprise the machine-readable storage medium storing the instructions and the processing resource to execute the instructions, or the machine-readable storage medium may be separate but accessible to system 100 and the processing resource. In other examples, the processing engine(s) 208 may be implemented by electronic circuitry.
[00047] The database 210 may comprise data that is either stored or generated as a result of functionalities implemented by any of the components of the processing engine(s) 208 or the system 100. In an embodiment, the processing engine(s) 208 may include operations selection engine 212, operations adjusting engine 214. Other engine(s) 118 can supplement the functionalities of the processing engine 208 or the system 100.
[00048] In an embodiment, the operations selection engine 212 may facilitate the switch to receive a set of instructions pertaining to selection of one of an operation of a plurality of operations of the switch. The plurality of operations is indicative of any or a combination of a firewall operation, a load balancer operation, and an intrusion detection operation. Operation of the switch may be controlled based on a routing decision related to routing of each of the plurality of data packets in the network. The switch may be operated to perform the firewall operation when the routing decision is indicative of blocking routing of the plurality of data packets in the network. Further, the switch may be operated to perform the load balancer operation when the routing decision is indicative of routing a selective set of data packets of the plurality of data packets in the network. The selective set of data packets may pertain to a first set of data packets of the plurality of data packets having a higher priority and that need to be routed on priority in the network. As can be appreciated the routing of the selective set of data packets of the plurality of data packets in the network facilitates prevention of occurrence of a traffic congestion in the network.
[00049] In an embodiment, the operations adjusting engine 214 receives the selected operation and adjusts the operation of the switch to perform one of the selected operation for routing of a plurality of data packets from a source location to a destination location in the network. When the switch performs the firewall operation, the processing may be done at a transport layer and an application layer of the network for routing of the plurality of data packets in the network. Also, when the switch performs the load balancer operation, the processor applies a First Come First Serve (FCFS) mechanism and a weighted round robin mechanism for routing of the plurality of data packets in the network. In addition, the switch may be operated to perform the intruder detection operation when at least one of a data packet of the plurality of data packets to be routed in the network is suspicious and is to be scanned for intrusion prevention.
[00050] In an embodiment, the switch may be any of the devices such as servers, firewalls, or any IP-addressable object including an alias IP address. In an exemplary embodiment, the switch facilitates using sticky connections that ensure that two distinct data flows are load balanced to same destination. The CSM can load-balance traffic to regular or stealth firewalls. When the switch performs the operation as a firewall, it does this for balancing traffic among firewalls that contain unique IP addresses.
[00051] When performing the operation as a load balancer, the switch maintains that load-balanced destinations are real servers. They may be firewalls, caches, or other networking devices. Sticky connections may be incorporated and used in the system for proper functioning of load-balanced applications of the switch. These applications utilize multiple connections from the same client to a server. The information transferred on one connection may affect processing of data packets transferred on another connection.
[00052] FIG. 3 illustrates at 300 an exemplary flow of a packet in the system 100 for routing in accordance with an embodiment of the present disclosure.
[00053] In an embodiment, at block 302 is shown a new data packet that arrives in for being transferred within a network. At block 304 is determined whether an entry for the data packet is maintained at a flow table. A packets event may be generated at block 310 when the entry for the data packet is not found in the flow table. Else, at block 306 the switch is operated to work as a firewall. Upon determination that the switch is working as a firewall, the switch code is replaced with a firewall code at block 312. If the determination at block 306 is not positive, the operation of the switch is set as a load balancer at block 308.
[00054] In an embodiment, at block 302 upon arrival of new data packet it reaches to an switch that can only function with the collaborate work of three essential elements: flow tables installed on switches, a controller, and a proprietary Open Flow protocol for the controller to talk securely with switches. The flow tables are set up on the switch(s). The controllers may talk to the switch(s) via the Open Flow protocol and impose policies on flows of the data packets. The controller may set up paths through the network optimized for specific characteristics, such as speed, fewest number of hops or reduced latency. Further, as an example when there is a new packet N1 coming towards switch and it first matches the entry of N1 in its flow table, the switch does not forward the packet to the controller rather the switch uses that entry to enable the packet to reach its destination. But on the other hand, if no match is found in the flow table, the switch may either drop or may forward the packet to the controller over the secure Open Flow channel.
[00055] In addition, once a decision is taken for the data packets, further additional functionality of the switch are decided by the controller on the basis of raised queries by a host. As an example, in case of high traffic, the system may want to block the traffic and the controller may enable the switch to act as a firewall and in other case if the system wants to distribute load of data packets amongst the varied number of hosts, the operation for the switch may be changed into a load balancer.
[00056] FIG. 4 illustrates exemplary implementation 400 of the system in accordance with an embodiment of the present disclosure.
[00057] In an embodiment, the disclosure facilitates to work as a firewall/load balancer/Open Flow switch/ Intrusion Prevention System (IPS) as per the need of the enterprise network. When the switch operates as a firewall 406, the firewall operates at two of the i.e. a transport layer 408 and an application layer 404 of the TCP/IP network model. In addition, when the switch is operated to function as a load balancer 412, the switch makes use of First Come First Serve (FCFS) mechanism 410, and a weighted round-robin algorithm 414. As an example, in these scenarios, the switch may use the specifications as available in Open Flow switch - latest version 1.3. As can be appreciated by those skilled in the art, the load balancer operation of the switch can be used in a multi-controller cluster formulation environment. Enabling the switch to be operated for multiple operations may advantageously make the switch flexible and dynamic as per load distribution of the data packets. A cloud based remotely located SDN controller 402 may talk to the switch(s) via the Open Flow protocol and impose policies on flows of the data packets via the switch (for example an Open Flow switch). In scenarios, where the switch operates as an Intrusion Prevention system (IPS), the switch enables to detect and mitigate network attacks for proper flow of the data packets as per a user-defined application.
[00058] FIG. 5 is a high-level flow diagram 500 illustrating working of the system in accordance with an embodiment of the present disclosure. The process described with reference to FIG. 5 may be implemented in the form of executable instructions stored on a machine readable medium and executed by a processing resource (e.g., a microcontroller, a microprocessor, central processing unit core(s), an application-specific integrated circuit (ASIC), a field programmable gate array (FPGA), and the like) and/or in the form of other types of electronic circuitry. For example, this processing may be performed by one or more computer systems of various forms, such as the computer system 600 described with reference to FIG. 6 below.
[00059] In an embodiment, at block 502, a set of instructions are received at a switch. The set of instructions pertain to selection of one of an operation of a plurality of operations of the switch. The plurality of operations is indicative of any or a combination of a firewall operation, a load balancer operation, and an intrusion detection operation.
[00060] Further, at block 504, the operation of the switch is adjusted to perform one of the selected operations for routing of a plurality of data packets from a source location to a destination location in the network.
[00061] FIG. 6 illustrates an exemplary computer system to implement the proposed system in accordance with embodiments of the present disclosure.
[00062] FIG. 6 illustrates an exemplary computer system 600 to implement the proposed system in accordance with embodiments of the present disclosure. As shown in FIG. 6, computer system can include an external storage device 610, a bus 620, a main memory 630, a read only memory 640, a mass storage device 650, communication port 660, and a processor 670.
[00063] Those skilled in the art will appreciate that computer system 600 may include more than one processor 670 and communication ports 660. Examples of processor 670 include, but are not limited to, an Intel® Itanium® or Itanium 2 processor(s), or AMD® Opteron® or Athlon MP® processor(s), Motorola® lines of processors, FortiSOC™ system on a chip processors or other future processors. Processor 670 may include various modules associated with embodiments of the present invention.
[00064] Communication port 660 can be any of an RS-232 port for use with a modem based dialup connection, a 10/100 Ethernet port, a Gigabit or 10 Gigabit port using copper or fiber, a serial port, a parallel port, or other existing or future ports. Communication port 660 may be chosen depending on a network, such a Local Area Network (LAN), Wide Area Network (WAN), or any network to which computer system connects.
[00065] Memory 630 can be Random Access Memory (RAM), or any other dynamic storage device commonly known in the art. Read only memory 640 can be any static storage device(s) e.g., but not limited to, a Programmable Read Only Memory (PROM) chips for storing static information e.g., start-up or BIOS instructions for processor 670.
[00066] Mass storage 650 may be any current or future mass storage solution, which can be used to store information and/or instructions. Exemplary mass storage solutions include, but are not limited to, Parallel Advanced Technology Attachment (PATA) or Serial Advanced Technology Attachment (SATA) hard disk drives or solid-state drives (internal or external, e.g., having Universal Serial Bus (USB) and/or Firewire interfaces), e.g. those available from Seagate (e.g., the Seagate Barracuda 7102 family) or Hitachi (e.g., the Hitachi Deskstar 7K1000), one or more optical discs, Redundant Array of Independent Disks (RAID) storage, e.g. an array of disks (e.g., SATA arrays), available from various vendors including Dot Hill Systems Corp., LaCie, Nexsan Technologies, Inc. and Enhance Technology, Inc.
[00067] Bus 620 communicatively couples processor(s) 670 with the other memory, storage and communication blocks. Bus 620 can be, e.g. a Peripheral Component Interconnect (PCI) / PCI Extended (PCI-X) bus, Small Computer System Interface (SCSI), USB or the like, for connecting expansion cards, drives and other subsystems as well as other buses, such a front side bus (FSB), which connects processor 670 to software system.
[00068] Optionally, operator and administrative interfaces, e.g. a display, keyboard, and a cursor control device, may also be coupled to bus 620 to support direct operator interaction with computer system. Other operator and administrative interfaces can be provided through network connections connected through communication port 660. External storage device 610 can be any kind of external hard-drives, floppy drives, IOMEGA® Zip Drives, Compact Disc - Read Only Memory (CD-ROM), Compact Disc - Re-Writable (CD-RW), Digital Video Disk - Read Only Memory (DVD-ROM). Components described above are meant only to exemplify various possibilities. In no way should the aforementioned exemplary computer system limit the scope of the present disclosure.
[00069] While the foregoing describes various embodiments of the invention, other and further embodiments of the invention may be devised without departing from the basic scope thereof. The scope of the invention is determined by the claims that follow. The invention is not limited to the described embodiments, versions or examples, which are included to enable a person having ordinary skill in the art to make and use the invention when combined with information and knowledge available to the person having ordinary skill in the art.
ADVANTAGES OF THE PRESENT DISCLOSURE
[00070] The present disclosure provides a method that facilitates to provide a compiler that supports cross platform compilation of applications.
[00071] The present disclosure provides a method that facilitates to control operations of a switch.
[00072] The present disclosure provides a method that facilitates to train the switch to perform firewall and load balancer based operations simultaneously.
[00073] The present disclosure provides a method that facilitates to alter and reprogram the functioning of the switch based on packets to be routed.
[00074] The present disclosure provides a method that facilitates to remove and avoid dependency on dedicated hardware for performing respective operations, and hence is cost effective and eliminates vendor specificity.
Claims:1. A method for controlling operation of a switch in a network, said method comprising:
receiving, at a processor operatively coupled with the switch, a set of instructions pertaining to selection of one of an operation of a plurality of operations of the switch, the plurality of operations being indicative of any or a combination of a firewall operation, a load balancer operation, and an intrusion detection operation; and
responsive to receiving the selected operation, adjusting, at the processor, the operation of the switch to perform one of the selected operation for routing of a plurality of data packets from a source location to a destination location in the network.
2. The method as claimed in claim 2, wherein upon the switch performing the firewall operation, processing is done at a transport layer and an application layer of the network for routing of the plurality of data packets in the network.
3. The method as claimed in claim 1, wherein upon the switch performing the load balancer operation, the processor applies a First Come First Serve (FCFS) mechanism and a weighted round robin mechanism for routing of the plurality of data packets in the network.
4. The method as claimed in claim 1, wherein operation of the switch is controlled based on a routing decision related to routing of each of the plurality of data packets in the network.
5. The method as claimed in claim 4, wherein the switch is operated to perform the firewall operation when the routing decision is indicative of blocking routing of the plurality of data packets in the network.
6. The method as claimed in claim 4, wherein the switch is operated to perform the load balancer operation when the routing decision is indicative of routing a selective set of data packets of the plurality of data packets in the network.
7. The method as claimed in claim 6, wherein the selective set of data packets pertain to a first set of data packets of the plurality of data packets having a higher priority and need to be routed on priority in the network.
8. The method as claimed in claim 6, wherein the routing of the selective set of data packets of the plurality of data packets in the network facilitates prevention of occurrence of a traffic congestion in the network.
9. The method as claimed in claim 1, wherein the switch is operated to perform the intruder detection operation when at least one of a data packet of the plurality of data packets to be routed in the network is suspicious and is to be scanned for intrusion prevention.
10. A system for controlling operation of a switch in a network, said system comprising:
one or more processors of the switch coupled with a memory, the memory storing instructions which when executed by the one or more processors causes the switch to:
receive a set of instructions pertaining to selection of one of an operation of a plurality of operations of the switch, the plurality of operations being indicative of any or a combination of a firewall operation, a load balancer operation, and an intrusion detection operation; and
responsive to receiving the selected operation, adjust the operation of the switch to perform one of the selected operation in the network.
Documents
Orders
| Section | Controller | Decision Date |
|---|---|---|
Application Documents
| # | Name | Date |
|---|---|---|
| 1 | 202011036303-IntimationOfGrant25-04-2024.pdf | 2024-04-25 |
| 1 | 202011036303-STATEMENT OF UNDERTAKING (FORM 3) [24-08-2020(online)].pdf | 2020-08-24 |
| 2 | 202011036303-FORM FOR STARTUP [24-08-2020(online)].pdf | 2020-08-24 |
| 2 | 202011036303-PatentCertificate25-04-2024.pdf | 2024-04-25 |
| 3 | 202011036303-FORM FOR SMALL ENTITY(FORM-28) [24-08-2020(online)].pdf | 2020-08-24 |
| 3 | 202011036303-Annexure [30-03-2024(online)].pdf | 2024-03-30 |
| 4 | 202011036303-Written submissions and relevant documents [30-03-2024(online)].pdf | 2024-03-30 |
| 4 | 202011036303-FORM 1 [24-08-2020(online)].pdf | 2020-08-24 |
| 5 | 202011036303-FORM-26 [26-03-2024(online)].pdf | 2024-03-26 |
| 5 | 202011036303-EVIDENCE FOR REGISTRATION UNDER SSI(FORM-28) [24-08-2020(online)].pdf | 2020-08-24 |
| 6 | 202011036303-EVIDENCE FOR REGISTRATION UNDER SSI [24-08-2020(online)].pdf | 2020-08-24 |
| 6 | 202011036303-Correspondence to notify the Controller [22-03-2024(online)].pdf | 2024-03-22 |
| 7 | 202011036303-US(14)-HearingNotice-(HearingDate-28-03-2024).pdf | 2024-03-11 |
| 7 | 202011036303-DRAWINGS [24-08-2020(online)].pdf | 2020-08-24 |
| 8 | 202011036303-DECLARATION OF INVENTORSHIP (FORM 5) [24-08-2020(online)].pdf | 2020-08-24 |
| 8 | 202011036303-CLAIMS [15-03-2023(online)].pdf | 2023-03-15 |
| 9 | 202011036303-COMPLETE SPECIFICATION [24-08-2020(online)].pdf | 2020-08-24 |
| 9 | 202011036303-CORRESPONDENCE [15-03-2023(online)].pdf | 2023-03-15 |
| 10 | 202011036303-FER_SER_REPLY [15-03-2023(online)].pdf | 2023-03-15 |
| 10 | 202011036303-FORM-26 [28-10-2020(online)].pdf | 2020-10-28 |
| 11 | 202011036303-FORM-26 [15-03-2023(online)].pdf | 2023-03-15 |
| 11 | 202011036303-Proof of Right [20-01-2021(online)].pdf | 2021-01-20 |
| 12 | 202011036303-FER.pdf | 2022-09-22 |
| 12 | 202011036303-FORM 18 [12-05-2022(online)].pdf | 2022-05-12 |
| 13 | 202011036303-FER.pdf | 2022-09-22 |
| 13 | 202011036303-FORM 18 [12-05-2022(online)].pdf | 2022-05-12 |
| 14 | 202011036303-FORM-26 [15-03-2023(online)].pdf | 2023-03-15 |
| 14 | 202011036303-Proof of Right [20-01-2021(online)].pdf | 2021-01-20 |
| 15 | 202011036303-FER_SER_REPLY [15-03-2023(online)].pdf | 2023-03-15 |
| 15 | 202011036303-FORM-26 [28-10-2020(online)].pdf | 2020-10-28 |
| 16 | 202011036303-COMPLETE SPECIFICATION [24-08-2020(online)].pdf | 2020-08-24 |
| 16 | 202011036303-CORRESPONDENCE [15-03-2023(online)].pdf | 2023-03-15 |
| 17 | 202011036303-DECLARATION OF INVENTORSHIP (FORM 5) [24-08-2020(online)].pdf | 2020-08-24 |
| 17 | 202011036303-CLAIMS [15-03-2023(online)].pdf | 2023-03-15 |
| 18 | 202011036303-US(14)-HearingNotice-(HearingDate-28-03-2024).pdf | 2024-03-11 |
| 18 | 202011036303-DRAWINGS [24-08-2020(online)].pdf | 2020-08-24 |
| 19 | 202011036303-EVIDENCE FOR REGISTRATION UNDER SSI [24-08-2020(online)].pdf | 2020-08-24 |
| 19 | 202011036303-Correspondence to notify the Controller [22-03-2024(online)].pdf | 2024-03-22 |
| 20 | 202011036303-FORM-26 [26-03-2024(online)].pdf | 2024-03-26 |
| 20 | 202011036303-EVIDENCE FOR REGISTRATION UNDER SSI(FORM-28) [24-08-2020(online)].pdf | 2020-08-24 |
| 21 | 202011036303-Written submissions and relevant documents [30-03-2024(online)].pdf | 2024-03-30 |
| 21 | 202011036303-FORM 1 [24-08-2020(online)].pdf | 2020-08-24 |
| 22 | 202011036303-FORM FOR SMALL ENTITY(FORM-28) [24-08-2020(online)].pdf | 2020-08-24 |
| 22 | 202011036303-Annexure [30-03-2024(online)].pdf | 2024-03-30 |
| 23 | 202011036303-PatentCertificate25-04-2024.pdf | 2024-04-25 |
| 23 | 202011036303-FORM FOR STARTUP [24-08-2020(online)].pdf | 2020-08-24 |
| 24 | 202011036303-STATEMENT OF UNDERTAKING (FORM 3) [24-08-2020(online)].pdf | 2020-08-24 |
| 24 | 202011036303-IntimationOfGrant25-04-2024.pdf | 2024-04-25 |
Search Strategy
| 1 | 202011036303SEARCHSTRATEGYE_22-09-2022.pdf |