Search

US-20260128822-A1 - TAG-BASED SELECTIVE PACKET DUPLICATION

US20260128822A1US 20260128822 A1US20260128822 A1US 20260128822A1US-20260128822-A1

Abstract

Disclosed is technology for selectively determining whether to duplicate a packet based on factors beyond just the application it is associated with. For example, some methods determine a criticality of the packet by reading a tag stored in a header of the packet. The tag can represent a group to which the user is associated with, e.g., the financial department, and assign a criticality score based on that group and in some cases other factors. The criticality score can be measured against a threshold to determine whether duplication should occur in the next hop. The method therefore selectively determines whether to duplicate a packet, thereby avoiding costly overduplication, while also placing this tag in a header of the packet, which can be read easily and without deep packet inspection.

Inventors

  • Abhinesh Mishra
  • Saurabh Srivastava
  • Shishir Kumar
  • Manikandan Thiyagarajakumar

Assignees

  • CISCO TECHNOLOGY, INC.

Dates

Publication Date
20260507
Application Date
20241106

Claims (20)

  1. 1 . A method comprising: determining, by a network device, a group to which a user is associated; receiving a data packet; attaching a tag to a header of the data packet representing a user criticality score that quantifies a criticality of the group to which the user is associated; computing an overall criticality score based at least in part on the user criticality score; and determining whether to duplicate the data packet based on the overall criticality score.
  2. 2 . The method of claim 1 , further comprising: inspecting the data packet to determine an application to which the data packet is associated; determining an application criticality score based on the application to which the data packet is associated; and computing the overall criticality score based at least in part on the user criticality score and the application criticality score.
  3. 3 . The method of claim 1 , wherein determining whether to duplicate the data packet is performed by comparing the overall criticality score to a threshold score.
  4. 4 . The method of claim 3 , further comprising receiving the threshold score from an administrator of a network.
  5. 5 . The method of claim 1 , wherein the group to which the user is associated is determined by: authenticating the user; determining an internet protocol address (IP address) of the user; and determining the group to which the user is associated based on the IP address of the user.
  6. 6 . The method of claim 5 , wherein the IP address is determined by retrieving the IP address from at least one of a dynamic host configuration protocol pool (DHCP pool) and static allocation.
  7. 7 . The method of claim 1 , wherein determining whether to duplicate the data packet is performed by comparing the overall criticality score against a range of criticality scores, and duplicating the data packet only if the overall criticality score is within the range of criticality scores.
  8. 8 . A network device comprising: a storage configured to store instructions; and at least one processor configured to execute the instructions and cause the at least one processor to: determine a group to which a user is associated; receive a data packet; attach a tag to a header of the data packet representing a user criticality score that quantifies a criticality of the group to which the user is associated; compute an overall criticality score based at least in part on the user criticality score; and determine whether to duplicate the data packet based on the overall criticality score.
  9. 9 . The network device of claim 8 , wherein the at least one processor is configured to execute the instructions and further cause the at least one processor to: inspect the data packet to determine an application to which the data packet is associated; determine an application criticality score based on the application to which the data packet is associated; and compute the overall criticality score based at least in part on the user criticality score and the application criticality score.
  10. 10 . The network device of claim 8 , wherein the instructions to determine whether to duplicate the data packet is performed by comparing the overall criticality score against a threshold score.
  11. 11 . The network device of claim 10 , wherein the at least one processor is configured to execute the instructions and further cause the at least one processor to receive the threshold score from an administrator of a network.
  12. 12 . The network device of claim 8 , wherein the at least one processor is configured to execute the instructions and further cause the at least one processor to: authenticate the user; determine an IP address of the user; and determine the group to which the user is associated based on the IP address of the user.
  13. 13 . The network device of claim 12 , wherein the IP address is determined by retrieving the IP address from at least one of a DHCP pool and static allocation.
  14. 14 . The network device of claim 8 , wherein determining whether to duplicate the data packet is performed by comparing the overall criticality score against a range of criticality scores, and duplicating the data packet only if the overall criticality score is within the range of criticality scores.
  15. 15 . A non-transitory computer-readable storage medium including instructions that, when executed by at least one processor, cause the at least one processor to: determine a group to which a user is associated; receive a data packet; attach a tag to a header of the data packet representing a user criticality score that quantifies a criticality of the group to which the user is associated; compute an overall criticality score based at least in part on the user criticality score; and determine whether to duplicate the data packet based on the overall criticality score.
  16. 16 . The non-transitory computer-readable storage medium of claim 15 , wherein the at least one processor is configured to execute the instructions and further cause the at least one processor to: inspect the data packet to determine an application to which the data packet is associated; determine an application criticality score based on the application to which the data packet is associated; and compute the overall criticality score based at least in part on the user criticality score and the application criticality score.
  17. 17 . The non-transitory computer-readable storage medium of claim 15 , wherein the instructions to determine whether to duplicate the data packet is performed by comparing the overall criticality score against a threshold score.
  18. 18 . The non-transitory computer-readable storage medium of claim 17 , wherein the at least one processor is configured to execute the instructions and further cause the at least one processor to receive the threshold score from an administrator of a network.
  19. 19 . The non-transitory computer-readable storage medium of claim 15 , wherein the group to which the user is associated is determined by: authenticating the user; determining an IP address of the user; and determining the group to which the user is associated based on the IP address of the user.
  20. 20 . The non-transitory computer-readable storage medium of claim 19 , wherein the IP address is determined by retrieving the IP address from at least one of a DHCP pool and static allocation.

Description

TECHNICAL FIELD The present disclosure relates to network communication, and in particular to performing selective packet duplication based on tags. BACKGROUND Reliable transmission of data packets is a focus for mission-critical applications such as financial transactions, healthcare monitoring, and real-time communication. These applications demand high availability and minimal downtime, where any packet loss or delay could result in significant disruptions. As a common approach, network architects often employ tunneling protocols that encapsulate and securely transmit data across networks. To enhance reliability, packet duplication is applied within these tunnels, where multiple copies of the same packet are sent to ensure that at least one copy reaches the destination. BRIEF DESCRIPTION OF THE SEVERAL VIEWS OF THE DRAWINGS In order to describe the manner in which the above-recited and other advantages and features of the disclosure can be obtained, a more particular description of the principles briefly described above will be rendered by reference to specific embodiments thereof which are illustrated in the appended drawings. Understanding that these drawings depict only exemplary embodiments of the disclosure and are not therefore to be considered to be limiting of its scope, the principles herein are described and explained with additional specificity and detail through the use of the accompanying drawings in which: FIG. 1 illustrates an example of a high-level network architecture in accordance with at least some embodiments of the present technology. FIG. 2 illustrates an example communication network including one or more autonomous systems (ASes) in accordance with at least some embodiments of the present technology. FIG. 3 illustrates a schematic diagram of a packet duplication method in accordance with at least some embodiments of the present technology. FIG. 4 illustrates a schematic diagram of a packet duplication system in accordance with at least some embodiments of the present technology. FIG. 5 illustrates a schematic diagram of an exemplary system architecture to be used with selective duplication methods in accordance with at least some embodiments of the present technology. FIG. 6 illustrates a routine for selective packet duplication in accordance with at least some embodiments of the present technology. FIG. 7 shows an example of a system for implementing certain aspects of the present technology. DETAILED DESCRIPTION OF EXEMPLARY EMBODIMENTS Various embodiments of the disclosure are discussed in detail below. While specific implementations are discussed, it should be understood that this is done for illustration purposes only. A person skilled in the relevant art will recognize that other components and configurations may be used without parting from the spirit and scope of the disclosure. Thus, the following description and drawings are illustrative and are not to be construed as limiting. Numerous specific details are described to provide a thorough understanding of the disclosure. However, in certain instances, well-known or conventional details are not described in order to avoid obscuring the description. References to one or an embodiment in the present disclosure can be references to the same embodiment or any embodiment; and such references mean at least one of the embodiments. Reference to “one embodiment” or “an embodiment” means that a particular feature, structure, or characteristic described in connection with the embodiment is included in at least one embodiment of the disclosure. The appearances of the phrase “in one embodiment” in various places in the specification are not necessarily all referring to the same embodiment, nor are separate or alternative embodiments mutually exclusive of other embodiments. Moreover, various features are described which may be exhibited by some embodiments and not by others. A used herein the term “configured” shall be considered to interchangeably be used to refer to configured and configurable, unless the term “configurable” is explicitly used to distinguish from “configured”. The proper understanding of the term will be apparent to persons of ordinary skill in the art in the context in which the term is used. The terms used in this specification generally have their ordinary meanings in the art, within the context of the disclosure, and in the specific context where each term is used. Alternative language and synonyms may be used for any one or more of the terms discussed herein, and no special significance should be placed upon whether or not a term is elaborated or discussed herein. In some cases, synonyms for certain terms are provided. A recital of one or more synonyms does not exclude the use of other synonyms. The use of examples anywhere in this specification including examples of any terms discussed herein is illustrative only and is not intended to further limit the scope and meaning of the disclosure or of any example ter