[go: up one dir, main page]

WO2025008970A1 - System and method of caching dns responses for application detection - Google Patents

System and method of caching dns responses for application detection Download PDF

Info

Publication number
WO2025008970A1
WO2025008970A1 PCT/IN2024/050958 IN2024050958W WO2025008970A1 WO 2025008970 A1 WO2025008970 A1 WO 2025008970A1 IN 2024050958 W IN2024050958 W IN 2024050958W WO 2025008970 A1 WO2025008970 A1 WO 2025008970A1
Authority
WO
WIPO (PCT)
Prior art keywords
dns
unit
upf
units
address
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
PCT/IN2024/050958
Other languages
French (fr)
Inventor
Aayush Bhatnagar
Adityakar Jha
Anu Ranjan
Pankaj Malhotra
Swarup Sengupta
Ranjan Mamgain
Yog VASHISHTH
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Jio Platforms Ltd
Original Assignee
Jio Platforms Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Jio Platforms Ltd filed Critical Jio Platforms Ltd
Publication of WO2025008970A1 publication Critical patent/WO2025008970A1/en
Pending legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/45Network directories; Name-to-address mapping
    • H04L61/4505Network directories; Name-to-address mapping using standardised directories; using standardised directory access protocols
    • H04L61/4511Network directories; Name-to-address mapping using standardised directories; using standardised directory access protocols using domain name system [DNS]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/58Caching of addresses or names

Definitions

  • the present invention generally relates to the field of communication networks, and more specifically to a system and method of caching Domain Name Server (DNS) responses for application detection.
  • DNS Domain Name Server
  • a User Plane Function serves as a crucial interconnection point between the mobile infrastructure and the data network.
  • the UPF facilitates the exchange of data packets between the mobile devices and the data network, performing various important functions such as packet processing, data buffering, policy enforcement, quality of service (QoS) enforcement, user plane accounting, lawful interception, and other standard-defined 3rd Generation Partnership Project (3GPP) functionalities.
  • 3GPP 3rd Generation Partnership Project
  • One of the key tasks of the UPF is to classify incoming packets of a user session based on their application type and apply the appropriate processing rules accordingly.
  • the packet classification process involves identifying different types of traffic associated with a specific user session and mapping it to different processing legs based on the associated rules. This enables efficient handling and management of network traffic, ensuring optimized network performance and resource allocation.
  • IP validation an IP database storing IP addresses corresponding to domain names and URLs configured for Application Detection Function (ADF) is maintained. Uplink packets' destination IP addresses are searched in this IP database to identify the corresponding application.
  • ADF Application Detection Function
  • This IP database is built based on DNS sniffing of each DNS packet response generated by the UE and checking for the presence of relevant domains which are configured for ADF.
  • this process is computationally intensive and poses performance challenges in packet processing nodes like the UPF, especially when dealing with high volumes of traffic.
  • One or more embodiments of the present invention provide a system and method of caching Domain Name Server (DNS) responses for application detection.
  • DNS Domain Name Server
  • a method of caching DNS responses for application detection includes the step of establishing, by a User Plane Function (UPF) unit, a connection with a plurality of User Equipments (UEs) and a plurality of DNS units. Further, the method includes the step of receiving, by the UPF unit, at least one domain access request from at least one of the plurality of UEs. The at least one domain access request includes information of at least one data packet. The method includes the step of determining, by the UPF unit, a destination Internet Protocol (IP) address of the at least one data packet pertaining to the at least one domain access request, by raising a first set of DNS queries to the plurality of DNS units.
  • IP Internet Protocol
  • the first set of DNS queries are generated by the UPF unit. Further, the method further includes the step of caching, by the UPF unit, one or more responses received from the plurality of DNS units pertaining to the first set of DNS queries in a DNS cache unit. The one or more responses pertain to a domain name corresponding to the destination IP address of the at least one data packet.
  • the UPF unit is connected with the plurality of UEs and the plurality of DNS units via a first interface unit and a second interface unit, respectively.
  • the method includes upon receiving the at least one domain access request, the UPF unit is configured to detect an application by utilizing the domain name corresponding to the destination IP address of the at least one data packet pertaining to the at least one domain access request stored in the DNS cache unit.
  • the method includes the step of raising a second set of DNS queries to the plurality of DNS units by the UPF unit.
  • the method includes the step of raising a second set of DNS queries to update the DNS cache unit by the UPF unit.
  • the second set of DNS queries are directed towards a set of plurality of known applications registered in the plurality of DNS units.
  • the method includes the step of caching responses to the second set of DNS queries in the DNS cache unit by the UPF unit.
  • the method includes the step of retaining information in the DNS cache unit for a pre -defined time period before updating the DNS cache unit by the UPF unit.
  • the method includes the step of maintaining the DNS cache unit in a standby UPF unit as backup in events of a failure or restart.
  • the method includes the step of pertaining one or more responses to the domain name mapped onto the corresponding destination IP address in the plurality of DNS units.
  • the method further includes the step of retrieving the domain name mapped onto the corresponding destination IP address based on matching the destination IP address against a domain name to IP address mapping table at the plurality of DNS units by the UPF unit.
  • a system of caching DNS responses for application detection includes a plurality of DNS units, and a plurality of User Equipments (UE).
  • the system includes a User Plane Function (UPF) unit is in connection with the plurality of UEs and the plurality of DNS units.
  • the UPF unit is configured to receive at least one domain access request from at least one of the plurality of UEs.
  • the at least one domain access request includes information of at least one data packet.
  • the system includes the UPF unit configured to determine a destination Internet Protocol (IP) address of the at least one data packet pertaining to the at least one domain access request by raising a first set of DNS queries to the plurality of DNS units.
  • IP Internet Protocol
  • the UPF unit is configured to cache one or more responses received from the plurality of DNS units pertaining to the first set of DNS queries in a DNS cache unit.
  • the one or more responses pertain to a domain name corresponding to the destination IP address of the at least one data packet.
  • a plurality of User Equipments is communicated with a User Plane Function (UPF) unit.
  • the plurality of UEs includes one or more primary processors, having a memory unit, communicatively coupled to the UPF unit.
  • the memory unit stores instructions which when executed by the one or more primary processors causes the UE to send at least one domain access request to the UPF unit for accessing a desired application from a set of plurality of known applications registered in a plurality of DNS unit via the UPF unit.
  • the at least one domain access request includes information of at least one data packet.
  • FIG. 1 is an exemplary block diagram of an environment for caching Domain Name Server (DNS) responses for application detection, according to one or more embodiments of the present invention
  • DNS Domain Name Server
  • FIG. 2 illustrates a block diagram of an architecture of a system for caching DNS Responses in a User Plane Function (UPF), according to one or more embodiments of the present invention.
  • UPF User Plane Function
  • FIG. 3 is an exemplary block diagram of the system of FIG. 2 for caching DNS responses for application detection, according to one or more embodiments of the present invention
  • FIG. 4 is a schematic representation of the present system of FIG. 2, according to one or more embodiments of the present invention.
  • FIG. 5 is a flow diagram illustrating a method of caching Domain Name Server (DNS) responses for application detection, according to one or more embodiments of the present invention.
  • DNS Domain Name Server
  • the present invention aims to provide an improved approach for efficient application detection in a User Plane Function (UPF) of mobile communication networks.
  • the invention overcomes the limitations of the conventional DNS sniffing method by introducing a novel technique that significantly reduces CPU consumption while accurately identifying applications associated with network traffic flows.
  • the invention encompasses a smart caching mechanism that intelligently stores IP addresses and corresponding domain names, eliminating the need for repeated DNS sniffing and substantially reducing CPU consumption.
  • the smart caching mechanism enhances the efficiency of the application detection process, leading to improved network performance and reduced processing overhead.
  • FIG. 1 is an exemplary block diagram of an environment 100 for caching Domain Name Server (DNS) responses for application detection, according to one or more embodiments of the present invention.
  • the environment 100 includes a network 105, a User Equipment (UE) 110, a server 115, and a system 125.
  • the UE 110 aids a user to interact with the system 125 for transmitting at least one domain access request to a User Plane Function (UPF) unit 210 (shown in FIG.2) for accessing a desired application from a set of plurality of known applications registered in a plurality of DNS units 220 (shown in FIG.2) via the UPF unit 210.
  • the at least one domain access request includes information of at least one data packet.
  • UPF User Plane Function
  • each of the first UE 110a, the second UE 110b, and the third UE 110c is one of, but are not limited to, any electrical, electronic, electro-mechanical or an equipment and a combination of one or more of the above devices such as virtual reality (VR) devices, augmented reality (AR) devices, laptop, general -purpose computer, desktop, personal digital assistant, tablet computer, mainframe computer, or any other computing device.
  • VR virtual reality
  • AR augmented reality
  • the network 105 includes, by way of example but not limitation, one or more of a wireless network, a wired network, an internet, an intranet, a public network, a private network, a packet-switched network, a circuit-switched network, an ad hoc network, an infrastructure network, a Public-Switched Telephone Network (PSTN), a cable network, a cellular network, a satellite network, a fiber optic network, or some combination thereof.
  • PSTN Public-Switched Telephone Network
  • the network 105 may include, but is not limited to, a Third Generation (3G), a Fourth Generation (4G), a Fifth Generation (5G), a Sixth Generation (6G), a New Radio (NR), a Narrow Band Internet of Things (NB-IoT), an Open Radio Access Network (O-RAN), and the like.
  • 3G Third Generation
  • 4G Fourth Generation
  • 5G Fifth Generation
  • 6G Sixth Generation
  • NR New Radio
  • NB-IoT Narrow Band Internet of Things
  • OF-RAN Open Radio Access Network
  • the network 105 may also include, by way of example but not limitation, at least a portion of one or more networks having one or more nodes that transmit, receive, forward, generate, buffer, store, route, switch, process, or a combination thereof, etc. one or more messages, packets, signals, waves, voltage or current levels, some combination thereof, or so forth.
  • the network 105 may also include, by way of example but not limitation, one or more of a wireless network, a wired network, an internet, an intranet, a public network, a private network, a packet-switched network, a circuit-switched network, an ad hoc network, an infrastructure network, a Public- Switched Telephone Network (PSTN), a cable network, a cellular network, a satellite network, a fiber optic network, a VOIP or some combination thereof.
  • PSTN Public- Switched Telephone Network
  • the environment 100 includes the server 115 accessible via the network 105.
  • the server 115 may include by way of example but not limitation, one or more of a standalone server, a server blade, a server rack, a bank of servers, a server farm, hardware supporting a part of a cloud service or system, a home server, hardware running a virtualized server, one or more processors executing code to function as a server, one or more machines performing server-side functionality as described herein, at least a portion of any of the above, some combination thereof.
  • the entity may include, but is not limited to, a vendor, a network operator, a company, an organization, a university, a lab facility, a business enterprise, a defence facility, or any other facility that provides content.
  • the environment 100 further includes the system 125 communicably coupled to the server 115 and each of the first UE 110a, the second UE 110b, and the third UE 110c via the network 105.
  • the system 125 is adapted to be embedded within the server 115 or is embedded as the individual entity. However, for the purpose of description, the system 125 is described as an integral part of the server 115, without deviating from the scope of the present disclosure.
  • the system 125 is configured to cache Domain Name Server (DNS) responses for application detection.
  • DNS Domain Name Server
  • FIG. 2 illustrates a block diagram of an architecture 200 of the system 125 for caching DNS responses in a User Plane Function (UPF) unit 210, according to one or more embodiments of the present invention.
  • FIG. 3 is an exemplary block diagram of the system 125 for caching DNS responses for application detection, according to one or more embodiments of the present invention.
  • the system 125 relates to efficient caching of DNS responses in the UPF unit 210 for application detection.
  • the system 125 includes one or more processors 305, and a memory 310.
  • the one or more processors 305 hereinafter referred to as the processor 305, may be implemented as one or more microprocessors, microcomputers, microcontrollers, digital signal processors, central processing units, state machines, logic circuitries, single board computers, and/or any devices that manipulate signals based on operational instructions.
  • the system 125 includes one processor 305.
  • the system 125 may include multiple processors as per the requirement and without deviating from the scope of the present disclosure.
  • the information related to at least one domain access request from the UE 110 to the UPF unit 210 may be provided or stored in the memory 310.
  • the processor 305 is configured to fetch and execute computer-readable instructions stored in the memory 310.
  • the memory 310 may be configured to store one or more computer-readable instructions or routines in a non-transitory computer- readable storage medium, which may be fetched and executed to create or share data packets over a network service.
  • the memory 310 may include any non-transitory storage device including, for example, volatile memory such as RAM, or non-volatile memory such as EPROMs, FLASH memory, unalterable memory, and the like.
  • the database 340 is configured to store the at least one domain access request to the UPF unit 210 which is transmitted by the UE 110. Further, the database 340 provides structured storage, support for complex queries, and enables efficient data retrieval and analysis.
  • the database 340 is one of, but is not limited to, one of a centralized database, a cloud-based database, a commercial database, an open-source database, a distributed database, an end-user database, a graphical database, a No- Structured Query Language (NoSQL) database, an object-oriented database, a personal database, an in-memory database, a document-based database, a time series database, a wide column database, a key value database, a search database, a cache databases, and so forth.
  • NoSQL No- Structured Query Language
  • the foregoing examples of database types are non-limiting and may not be mutually exclusive e.g., a database can be both commercial and cloudbased, or both relational and open-source, etc.
  • the processor 305 may be implemented as a combination of hardware and programming (for example, programmable instructions) to implement one or more functionalities of the processor 305.
  • programming for the processor 305 may be processor-executable instructions stored on a non-transitory machine-readable storage medium and the hardware for processor 305 may comprise a processing resource (for example, one or more processors), to execute such instructions.
  • the memory 310 may store instructions that, when executed by the processing resource, implement the processor 305.
  • the system 125 may comprise the memory 310 storing the instructions and the processing resource to execute the instructions, or the memory 310 may be separate but accessible to the system 125 and the processing resource.
  • the processor 305 may be implemented by electronic circuitry.
  • the processor 305 includes the UPF unit 210, and the plurality of DNS units 220.
  • the UPF unit 210 is connected with the plurality of UEs 110 and the plurality of DNS units 220 via the first interface unit 240 and the second interface unit 250 respectively.
  • the first interface unit 240 includes, but not limited to, a N3 interface.
  • the N3 interface is an interface defined within Third Generation Partnership Projects (3GPP) specifications for communication between a Next-Generation Node B (gNB) and the UPF 210.
  • the UPF unit 210 is a key component of a 5G core network responsible for handling user plane traffic.
  • the plurality of UEs 110 forwards user data packets to the UPF unit 210, ensuring seamless data transmission.
  • the information related to the at least one domain access request from the UE 110 to the UPF unit 210 is rendered via the first interface unit 240.
  • the second interface unit 250 includes, but not limited to, a N6 interface.
  • the N6 interface is a portion of the 5G network that carries data from the UPF unit 210 to the each of the DNS unit of the plurality of DNS units 22O.
  • the second interface unit 250 provides connectivity between the UPF unit 210 and the plurality of DNS units 220.
  • the information related to queries and responses of the UE 110, as well as queries and responses of the UPF unit 210 is rendered via the second interface unit 250.
  • the UPF unit 210 is connected to the plurality of DNS units 220 to facilitate communication for both queries and responses of the UE 110, as well as queries and responses of the UPF unit 210.
  • the UPF unit 210 is responsible for accurately identifying applications, managing and processing user data traffic between the plurality of UEs 110 and the each of the DNS unit of the plurality of DNS units 220 or services accessed by the user.
  • the UPF unit 210 is the key component in 5G networks responsible for packet forwarding, traffic routing, and other data-related functions.
  • the UPF unit 210 is a Virtual Network Function (VNF) that offers a high-performance forwarding engine for user traffic.
  • VNF Virtual Network Function
  • the UPF unit 210 uses at least one of, but not limited to, Vector Packet Processing (VPP) technology to achieve ultra-fast packet forwarding while retaining compatibility with all the user plane functionality.
  • VPP Vector Packet Processing
  • the UPF unit 210 facilitates data transmission, ensures efficient routing, and implements quality of service (QoS) policies for various other standard defined Third Generation Partnership Project (3GPP) functionalities.
  • 3GPP Third Generation Partnership Project
  • 3GPP is a 3rd Generation Partnership Project or 3GPP and is a collaborative project between a group of telecommunications associations with the initial goal of developing globally applicable specifications for Third Generation (3G) mobile systems.
  • 3GPP specifications cover cellular telecommunications technologies, including radio access, core network, and service capabilities, which provide a complete system description for mobile telecommunications.
  • the 3GPP specifications also provide hooks for non-radio access to the core network, and for networking with non-3GPP networks.
  • Each of the DNS unit of the plurality of DNS units 220 is a hierarchical decentralized naming system for computers, services, or any resource connected to the internet or a private network.
  • Each of the DNS unit of the plurality of DNS units 220 translates domain names into IP addresses, enabling users to access websites and other internet resources using human-readable names. For example, when users type domain names such as 'example.com' into the browsers,
  • Each of the DNS unit of the plurality of DNS units 220 is responsible for finding the correct IP address for those sites. In a typical DNS query without any caching, there are four servers that work together to deliver the IP address to a client.
  • each of the DNS unit of the plurality of DNS units 220 include a primary DNS server, a secondary DNS server, a public DNS server, and a root DNS server or a top-Level DNS server.
  • the UPF unit 210 includes a receiving module 320, a determining module 325, and a caching module 330 communicably coupled to each other for receiving at least one domain access request from at least one of the plurality of UEs 110, determining a destination Internet Protocol (IP) address of at least one data packet pertaining to the at least one domain access request, and caching one or more responses received from the each of the DNS unit of the plurality of DNS units 220.
  • IP Internet Protocol
  • the receiving module 320, the determining module 325, the caching module 330, and each of the DNS unit of the plurality of DNS units 220 in an embodiment, may be implemented as a combination of hardware and programming (for example, programmable instructions) to implement one or more functionalities of the processor 305.
  • the programming for the processor 305 may be processor-executable instructions stored on a non-transitory machine -readable storage medium and the hardware for the processor may comprise a processing resource (for example, one or more processors), to execute such instructions.
  • the memory 310 may store instructions that, when executed by the processing resource, implement the processor.
  • the system 125 may comprise the memory 310 storing the instructions and the processing resource to execute the instructions, or the memory 310 may be separate but accessible to the system 125 and the processing resource.
  • the processor 305 may be implemented by electronic circuitry.
  • the receiving module 320 of the UPF unit 210 is configured to receive at least one domain access request from at least one of the plurality of UEs 110.
  • the at least one domain access request includes information of at least one data packet.
  • the determining module 325 is configured to determine a destination Internet Protocol (IP) address of the at least one data packet pertaining to the at least one domain access request by raising a first set of DNS queries to the each of the DNS unit of the plurality of DNS units 220.
  • IP Internet Protocol
  • the first set of DNS queries are raised by the DNS cache unit 230 in the UPF unit 210.
  • the browser when a user enters a domain name, such as example.com, into a browser the browser utilizes the first set of DNS queries to locate the IP address for that domain name.
  • the UE 110 is configured to transmit the first set of DNS queries to the UPF unit 210.
  • the UPF unit 210 transmits the first set of DNS queries to the DNS unit 220.
  • the DNS unit 220 of the domain checks within the database 340 and determines an entry for example.com, which has an IP address.
  • the DNS unit 220 is configured to transmit the determined IP address to the UE 110.
  • the first set of DNS queries are raised only for domains and URLs for which application detection is required, thus avoiding the unnecessary opening of all DNS packets and reducing CPU consumption.
  • the DNS queries are a request for information sent from the UE 110 to the each of the DNS unit of the plurality of DNS units 220. For example, each time the user enters the domain name into the browser, such as example.com, the browser makes the first set of DNS queries to locate the IP address for that domain name.
  • the first set of DNS queries are usually of different types, e.g. Single A (which gives ipv4 type output), and Quad A queries (for ipv6).
  • the Single A (Address) record is a type of DNS record that maps the domain name to a single IPv4 address.
  • the DNS unit 220 When the first set of DNS queries requests the A record for a specific domain, the DNS unit 220 responds with the corresponding IPv4 address.
  • the DNS unit 220 allows devices to locate and communicate with a domain's host server. For example, if the user wants to visit "example.com," the UE 110 sends the first set of DNS queries for the A record of "example.com.”
  • the DNS unit 220 responds with the IPv4 address, which the UE 110 of the user can use to establish a connection to a website's server.
  • the Quad A queries refer to the first set of DNS queries that request a Quad A (IPv6 Address) record.
  • the Quad A record maps the domain name to an IPv6 address, similar to how an A record maps the domain name to the IPv4 address.
  • the DNS unit 220 responds with the corresponding IPv6 address.
  • the DNS unit 220 allows devices to locate and communicate with the domain's host server using the IPv6 protocol. For example, if the user wants to visit "example.com" and the UE 110 sends the first set of DNS queries for the Quad A record, the DNS unit 220 might respond with the IPv6 address.
  • the UE 110 of the user can use the IPv6 address to establish a connection to the website's server.
  • the DNS cache unit 230 is a temporary storage mechanism used by the UE 110 to store previously resolved DNS queries.
  • the each of the DNS unit of the plurality of DNS units 220 is responsible for handling the request which stores in the DNS cache unit 230 for future reference.
  • the caching module 330 is configured to cache one or more responses received from the each of the DNS unit of the plurality of DNS units 220 pertaining to the first set of DNS queries in the DNS cache unit 230.
  • the one or more responses pertain to a domain name corresponding to the destination IP address of the at least one data packet.
  • the one or more responses pertain to the domain name is mapped onto the corresponding destination IP address in the each of the DNS unit of the plurality of DNS units 220.
  • the UPF unit 210 is configured to retrieve the domain name mapped onto the corresponding destination IP address based on matching the destination IP address against the domain name to an IP address mapping table at the each of the DNS unit of the plurality of DNS units 220.
  • the UPF unit 210 Upon receiving the at least one domain access request, the UPF unit 210 is configured to detect an application by utilizing the domain name corresponding to the destination IP address of the at least one data packet. Further, the UPF unit 210 is configured to raise a second set of DNS queries to update the DNS cache unit 230 for identifying entries of the IP addresses in the database 340. The second set of DNS queries are directed towards a set of plurality of known applications registered in the each of the DNS unit of the plurality of DNS units 220. The UPF unit 210 is configured to cache the one or more responses to the second set of DNS queries in the DNS cache unit 230.
  • the UPF unit 210 is configured to retain information in the DNS cache unit 230 for a pre-defined time period before updating the DNS cache unit 230.
  • the DNS cache unit 230 is maintained in a standby UPF unit 260 in the event of a failure or restart.
  • the standby UPF unit 260 is a secondary or backup instance of a UPF that is kept ready to take over user plane operations in case the active UPF unit 270 encounters issues or fails.
  • the UPF unit 210 is a critical component in the 5G core network responsible for routing user data packets to and from the data network and the 5G radio access network (RAN).
  • RAN radio access network
  • the standby UPF unit 260 ensures high availability and reliability of the network 105 by providing a seamless failover mechanism, which ensures a seamless switch-over from an active UPF unit 270 to the standby UPF unit 260 in the event of the failure or restart, resulting in reduced latency and uninterrupted application detection.
  • the each of the DNS unit of the plurality of DNS units 220 are load balanced and the cache at each of the DNS unit 220 are maintained independently.
  • the first set of DNS queries from the UE 110 and the UPF 210 may land on each of the DNS unit of the plurality of DNS units leading to different results.
  • the UPF unit 210 generates the first set of queries and the second set of queries with a varied 5 -tuple information.
  • the 5 -tuple information refers to a set of five elements that uniquely identify a network connection or flow in a communication system. These elements are commonly used in networking protocols, such as a Transmission Control Protocol (TCP) and a User Datagram Protocol (UDP), to differentiate between different data streams.
  • TCP Transmission Control Protocol
  • UDP User Datagram Protocol
  • the 5-tuple information includes a source IP address, a destination IP address, a source port number, a destination port number, and a protocol.
  • the UPF unit 210 transmits all the set of queries to the each of the DNS unit of the plurality of DNS units 220 and maintains a consistent and up- to-date DNS cache unit 230 in the UPF unit 210.
  • the system 125 optimizes the application detection process in the UPF unit 210 by leveraging caching techniques, smart query generation, dynamic updating, and high availability configurations. Through these measures, the UPF unit 210 achieves efficient processing of network traffic, reduced CPU consumption, and improved performance in application detection for enhanced user experience.
  • FIG. 4 is a schematic representation of the present system of FIG.3, according to one or more embodiments of the present invention.
  • FIG. 3 describes the system 125 for caching DNS responses for application detection.
  • the embodiment with respect to FIG. 3 will be explained with respect to the first UE 110a for the purpose of description and illustration and should nowhere be construed as limited to the scope of the present disclosure.
  • each of the first UE 110a, the second UE 110b, and the third UE 110c may include an external storage device, a bus, a main memory, a read-only memory, a mass storage device, communication port(s), and a processor.
  • the exemplary embodiment as illustrated in the FIG. 4 will be explained with respect to the first UE 110a.
  • the first UE 110a includes one or more primary processors 405 communicably coupled to the one or more processors 305 of the system 125.
  • the one or more primary processors 405 are coupled with a memory unit 410 storing instructions which are executed by the one or more primary processors 405. Execution of the stored instructions by the one or more primary processors 405 enables the first UE 110a to send the at least one domain access request to the UPF unit 210 for accessing a desired application from the set of plurality of known applications registered in the each of the DNS unit of the plurality of DNS unit 220 via the UPF unit 210.
  • the at least one domain access request includes information of at least one data packet.
  • the one or more processors 305 of the system 125 is configured to receive the at least one domain access request from the at least one of the plurality of UEs 110, determine the destination IP address of the at least one data packet pertaining to the at least one domain access request by raising the first set of DNS queries to the each of the DNS unit of the plurality of DNS units 220, and cache the one or more responses received from the each of the DNS unit of the plurality of DNS units 220 pertaining to the first set of DNS queries in the DNS cache unit 230.
  • the system 125 includes the one or more processors 305, the memory 310, and the second interface unit 250.
  • the operations and functions of the one or more processors 305, the memory 310, and the second interface unit 250 are already explained in FIG. 3.
  • the processor 305 includes the UPF unit 210, and the each of the DNS unit of the plurality of DNS units 220.
  • the UPF unit 210 includes the receiving module 320, the determining module 325, and the caching module 330.
  • FIG. 5 is a flow diagram illustrating a method of caching Domain Name Server (DNS) responses for application detection, according to one or more embodiments of the present invention.
  • DNS Domain Name Server
  • the method 500 includes the step of establishing the connection with the plurality of UEs 110 and the each of the DNS unit of the plurality of DNS units 220 via the first interface unit 240 and the second interface unit 250 respectively by the UPF unit 210.
  • the first interface unit 240 includes, but not limited to, the N3 interface.
  • the plurality of UEs 110 forwards user data packets to the UPF unit 210, ensuring seamless data transmission.
  • the information related to the at least one domain access request from the UE 110 to the UPF unit 210 is rendered via the first interface unit 240.
  • the second interface unit 250 includes, but not limited to, the N6 interface.
  • the second interface unit 250 provides connectivity between the UPF unit 210 and the each of the DNS unit of the plurality of DNS units 220.
  • the information related to queries and responses of the UE 110, as well as queries and responses of the UPF unit 210 is rendered via the second interface unit 250.
  • the UPF unit 210 is connected to the each of the DNS unit of the plurality of DNS units 220 to facilitate communication for both queries and responses of the UE 110, as well as queries and responses of the UPF unit 210.
  • the method 500 includes the step of receiving at least one domain access request from at least one of the plurality of UEs 110 by the receiving module 320 of the UPF unit 210.
  • the determining module 325 is configured to determine the destination Internet Protocol (IP) Address of the at least one data packet.
  • IP Internet Protocol
  • the method 500 includes the step of determining the destination IP address of the at least one data packet pertaining to the at least one domain access request by raising the first set of DNS queries to the each of the DNS unit of the plurality of DNS units 220.
  • the first set of DNS queries are raised by the DNS cache unit 230 in the UPF unit 210.
  • the first set of DNS queries are raised only for domains and URLs for which application detection is required, thus avoiding the unnecessary opening of all DNS packets and reducing CPU consumption.
  • the DNS cache unit 230 is a temporary storage mechanism used by the UE 110 to store previously resolved DNS queries.
  • the each of the DNS unit of the plurality of DNS units 220 is responsible for handling the request which stores in the DNS cache unit 230 for future reference.
  • the method 500 includes the step of caching the one or more responses received from the each of the DNS unit of the plurality of DNS units 220 pertaining to the first set of DNS queries in the DNS cache unit 230 by the caching module 330.
  • the one or more responses pertain to the domain name is mapped onto the corresponding destination IP address in the each of the DNS unit of the plurality of DNS units 220.
  • the UPF unit 210 is configured to retrieve the domain name mapped onto the corresponding destination IP address based on matching the destination IP address against the domain name to an IP address mapping table at the each of the DNS unit of the plurality of DNS units 220.
  • the UPF unit 210 Upon receiving the at least one domain access request, the UPF unit 210 is configured to detect an application by utilizing the domain name corresponding to the destination IP address of the at least one data packet. Further, the UPF unit 210 is configured to raise the second set of DNS queries to update the DNS cache unit 230 for identifying entries of the IP addresses in the database 340. The second set of DNS queries are directed towards the set of plurality of known applications registered in the each of the DNS unit of the plurality of DNS units 220. The UPF unit 210 is configured to cache the one or more responses to the second set of DNS queries in the DNS cache unit 230.
  • the UPF unit 210 is configured to retain information in the DNS cache unit 230 for the pre-defined time period before updating the DNS cache unit 230.
  • the DNS cache unit 230 is maintained in the standby UPF unit 260 in the event of the failure or restart. This redundancy ensures a seamless switch-over from the active UPF unit 270 to the standby UPF unit 260 in the event of the failure or restart, resulting in reduced latency and uninterrupted application detection.
  • the each of the DNS unit of the plurality of DNS units 220 are load balanced and the cache at each of the DNS unit 220 are maintained independently.
  • the DNS query from the UE 110 and the UPF 210 may land on each of the DNS unit of the plurality of DNS units 220 leading to different results.
  • the UPF unit 210 generates the first set of queries and the second set of queries with varied 5-tuple information.
  • the UPF unit 210 transmits all the set of queries on the each of the DNS unit of the plurality of DNS units 220 and maintain a consistent and up-to-date DNS cache unit 230 in the UPF unit 210.
  • the system 125 optimizes the application detection process in the UPF unit 210 by leveraging caching techniques, smart query generation, dynamic updating, and high availability configurations.
  • the UPF unit 210 achieves efficient processing of network traffic, reduced CPU consumption, and improved performance in application detection for enhanced user experience.
  • the method 500 optimizes the application detection process in the UPF unit 210 by leveraging caching techniques, smart query generation, dynamic updating, and high availability configurations.
  • the UPF unit 210 achieves efficient processing of network traffic, reduced CPU consumption, and improved performance in application detection, leading to an enhanced user experience.
  • the present invention further discloses a non-transitory computer-readable medium having stored thereon computer-readable instructions.
  • the computer- readable instructions are executed by a processor 305.
  • the processor 305 is configured to establish a connection with each of a plurality of User Equipments (UEs) 110 and a each of the DNS unit of the plurality of DNS units 220.
  • the processor 305 is configured to receive at least one domain access request from at least one of the plurality of UEs 110.
  • the at least one domain access request includes information of at least one data packet.
  • the processor 305 is configured to determine a destination Internet Protocol (IP) address of the at least one data packet pertaining to the at least one domain access request by raising a first set of DNS queries to the each of the DNS unit of the plurality of DNS units 220.
  • IP Internet Protocol
  • the processor 305 is configured to cache one or more responses received from the each of the DNS unit of the plurality of DNS units 220 pertaining to the first set of DNS queries in a DNS cache unit 230.
  • the present disclosure incorporates technical advancement of caching DNS responses received from the each of the DNS unit of the plurality of DNS units by generating the first set of DNS queries in the DNS cache unit, thereby optimizing packet processing, enhancing network performance, and improving resource utilization.
  • the UPF unit avoids the CPU-intensive task of sniffing and analysing of all DNS packets, which reduces processing overhead and enhances the efficiency of application detection. This significantly reduces CPU consumption, allowing the UPF unit to allocate its resources more efficiently.
  • the invention encompasses a smart caching mechanism that intelligently stores IP addresses and corresponding domain names, eliminating the need for repeated DNS sniffing and substantially reducing CPU consumption.
  • the smart caching mechanism enhances the efficiency of the application detection process, leading to improved network performance and reduced processing overhead.
  • the invention offers advantages such as improved performance, reduced CPU consumption, quick cache building, dynamic cache maintenance, high availability support, and effective handling of load-balanced DNS units. These benefits contribute to enhanced application detection efficiency and an optimized user experience.
  • the present invention offers multiple advantages over the prior art and the above listed are a few examples to emphasize on some of the advantageous features.
  • the listed advantages are to be read in a non-limiting manner.
  • UPF User Plane Function
  • Second interface unit- 250 Second interface unit- 250;

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The present invention relates to a system (125) and method (500) for caching DNS responses in a User Plane Function (UPF) (210) to enhance application detection. The method includes the step of establishing a connection with User Equipments (UEs) (110) and DNS units (220). The method includes the step of receiving at least one domain access request from the plurality of UEs (110). The method further includes the step of determining a destination Internet Protocol (IP) address of the at least one data packet by raising a first set of DNS queries to the plurality of DNS units (220). The method further includes the step of caching one or more responses received from the plurality of DNS units (220) in a DNS cache unit (230). By doing so, the system (125) and method (500) optimizes network traffic processing, improves performance, and enhances the user experience in application detection.

Description

SYSTEM AND METHOD OF CACHING DNS RESPONSES FOR
APPLICATION DETECTION
FIELD OF THE INVENTION
[0001] The present invention generally relates to the field of communication networks, and more specifically to a system and method of caching Domain Name Server (DNS) responses for application detection.
BACKGROUND OF THE INVENTION
[0002] In mobile communication networks, a User Plane Function (UPF) serves as a crucial interconnection point between the mobile infrastructure and the data network. The UPF facilitates the exchange of data packets between the mobile devices and the data network, performing various important functions such as packet processing, data buffering, policy enforcement, quality of service (QoS) enforcement, user plane accounting, lawful interception, and other standard-defined 3rd Generation Partnership Project (3GPP) functionalities.
[0003] One of the key tasks of the UPF is to classify incoming packets of a user session based on their application type and apply the appropriate processing rules accordingly. The packet classification process involves identifying different types of traffic associated with a specific user session and mapping it to different processing legs based on the associated rules. This enables efficient handling and management of network traffic, ensuring optimized network performance and resource allocation.
[0004] Conventionally, application detection for domain level entries in the UPF is performed through layer 3 application detection based on IP validation, where an IP database storing IP addresses corresponding to domain names and URLs configured for Application Detection Function (ADF) is maintained. Uplink packets' destination IP addresses are searched in this IP database to identify the corresponding application. This IP database is built based on DNS sniffing of each DNS packet response generated by the UE and checking for the presence of relevant domains which are configured for ADF. However, this process is computationally intensive and poses performance challenges in packet processing nodes like the UPF, especially when dealing with high volumes of traffic.
[0005] Thus, there is a need of an optimal solution for processing the high volume of DNS packets in time and resource effective manner, and the subsequent CPU consumption for opening and analyzing each packet for relevant domain IP addresses.
SUMMARY OF THE INVENTION
[0006] One or more embodiments of the present invention provide a system and method of caching Domain Name Server (DNS) responses for application detection.
[0007] In accordance with one embodiment, a method of caching DNS responses for application detection is disclosed. The method includes the step of establishing, by a User Plane Function (UPF) unit, a connection with a plurality of User Equipments (UEs) and a plurality of DNS units. Further, the method includes the step of receiving, by the UPF unit, at least one domain access request from at least one of the plurality of UEs. The at least one domain access request includes information of at least one data packet. The method includes the step of determining, by the UPF unit, a destination Internet Protocol (IP) address of the at least one data packet pertaining to the at least one domain access request, by raising a first set of DNS queries to the plurality of DNS units. The first set of DNS queries are generated by the UPF unit. Further, the method further includes the step of caching, by the UPF unit, one or more responses received from the plurality of DNS units pertaining to the first set of DNS queries in a DNS cache unit. The one or more responses pertain to a domain name corresponding to the destination IP address of the at least one data packet.
[0008] In one embodiment, the UPF unit is connected with the plurality of UEs and the plurality of DNS units via a first interface unit and a second interface unit, respectively. [0009] In another embodiment, the method includes upon receiving the at least one domain access request, the UPF unit is configured to detect an application by utilizing the domain name corresponding to the destination IP address of the at least one data packet pertaining to the at least one domain access request stored in the DNS cache unit.
[0010] In yet another embodiment, the method includes the step of raising a second set of DNS queries to the plurality of DNS units by the UPF unit.
[0011] In yet another embodiment, the method includes the step of raising a second set of DNS queries to update the DNS cache unit by the UPF unit. The second set of DNS queries are directed towards a set of plurality of known applications registered in the plurality of DNS units.
[0012] In yet another embodiment, the method includes the step of caching responses to the second set of DNS queries in the DNS cache unit by the UPF unit.
[0013] In yet another embodiment, the method includes the step of retaining information in the DNS cache unit for a pre -defined time period before updating the DNS cache unit by the UPF unit.
[0014] In yet another embodiment, the method includes the step of maintaining the DNS cache unit in a standby UPF unit as backup in events of a failure or restart.
[0015] In yet another embodiment, the method includes the step of pertaining one or more responses to the domain name mapped onto the corresponding destination IP address in the plurality of DNS units.
[0016] In yet another embodiment, the method further includes the step of retrieving the domain name mapped onto the corresponding destination IP address based on matching the destination IP address against a domain name to IP address mapping table at the plurality of DNS units by the UPF unit. [0017] In accordance with one embodiment, a system of caching DNS responses for application detection is disclosed. The system includes a plurality of DNS units, and a plurality of User Equipments (UE). The system includes a User Plane Function (UPF) unit is in connection with the plurality of UEs and the plurality of DNS units. The UPF unit is configured to receive at least one domain access request from at least one of the plurality of UEs. The at least one domain access request includes information of at least one data packet. Further, the system includes the UPF unit configured to determine a destination Internet Protocol (IP) address of the at least one data packet pertaining to the at least one domain access request by raising a first set of DNS queries to the plurality of DNS units. The UPF unit is configured to cache one or more responses received from the plurality of DNS units pertaining to the first set of DNS queries in a DNS cache unit. The one or more responses pertain to a domain name corresponding to the destination IP address of the at least one data packet.
[0018] In accordance with one embodiment, a plurality of User Equipments (UEs) is communicated with a User Plane Function (UPF) unit. The plurality of UEs includes one or more primary processors, having a memory unit, communicatively coupled to the UPF unit. The memory unit stores instructions which when executed by the one or more primary processors causes the UE to send at least one domain access request to the UPF unit for accessing a desired application from a set of plurality of known applications registered in a plurality of DNS unit via the UPF unit. The at least one domain access request includes information of at least one data packet.
[0019] Other features and aspects of this invention will be apparent from the following description and the accompanying drawings. The features and advantages described in this summary and in the following detailed description are not all- inclusive, and particularly, many additional features and advantages will be apparent to one of ordinary skill in the relevant art, in view of the drawings, specification, and claims hereof. Moreover, it should be noted that the language used in the specification has been principally selected for readability and instructional purposes and may not have been selected to delineate or circumscribe the inventive subject matter, resort to the claims being necessary to determine such inventive subject matter.
BRIEF DESCRIPTION OF THE DRAWINGS
[0020] The accompanying drawings, which are incorporated herein, and constitute a part of this invention, illustrate exemplary embodiments of the disclosed methods and systems in which like reference numerals refer to the same parts throughout the different drawings. Components in the drawings are not necessarily to scale, emphasis instead being placed upon clearly illustrating the principles of the present invention. Some drawings may indicate the components using block diagrams and may not represent the internal circuitry of each component. It will be appreciated by those skilled in the art that invention of such drawings includes invention of electrical components, electronic components or circuitry commonly used to implement such components.
[0021] FIG. 1 is an exemplary block diagram of an environment for caching Domain Name Server (DNS) responses for application detection, according to one or more embodiments of the present invention;
[0022] FIG. 2 illustrates a block diagram of an architecture of a system for caching DNS Responses in a User Plane Function (UPF), according to one or more embodiments of the present invention.
[0023] FIG. 3 is an exemplary block diagram of the system of FIG. 2 for caching DNS responses for application detection, according to one or more embodiments of the present invention;
[0024] FIG. 4 is a schematic representation of the present system of FIG. 2, according to one or more embodiments of the present invention; and [0025] FIG. 5 is a flow diagram illustrating a method of caching Domain Name Server (DNS) responses for application detection, according to one or more embodiments of the present invention.
[0026] The foregoing shall be more apparent from the following detailed description of the invention.
DETAILED DESCRIPTION OF THE INVENTION
[0027] Some embodiments of the present invention, illustrating all its features, will now be discussed in detail. It must also be noted that as used herein and in the appended claims, the singular forms "a", "an" and "the" include plural references unless the context clearly dictates otherwise.
[0028] Various modifications to the embodiment will be readily apparent to those skilled in the art and the generic principles herein may be applied to other embodiments. However, one of ordinary skill in the art will readily recognize that the present invention including the definitions listed here below are not intended to be limited to the embodiments illustrated but is to be accorded the widest scope consistent with the principles and features described herein.
[0029] A person of ordinary skill in the art will readily ascertain that the illustrated steps detailed in the figures and here below are set out to explain the exemplary embodiments shown, and it should be anticipated that ongoing technological development will change the manner in which particular functions are performed. These examples are presented herein for purposes of illustration, and not limitation. Further, the boundaries of the functional building blocks have been arbitrarily defined herein for the convenience of the description. Alternative boundaries can be defined so long as the specified functions and relationships thereof are appropriately performed. Alternatives (including equivalents, extensions, variations, deviations, etc., of those described herein) will be apparent to persons skilled in the relevant art(s) based on the teachings contained herein. Such alternatives fall within the scope and spirit of the disclosed embodiments.
[0030] The present invention aims to provide an improved approach for efficient application detection in a User Plane Function (UPF) of mobile communication networks. The invention overcomes the limitations of the conventional DNS sniffing method by introducing a novel technique that significantly reduces CPU consumption while accurately identifying applications associated with network traffic flows.
[0031] Accordingly, it is an object of the present invention to provide a system and method for caching DNS responses for efficient application detection in the UPF, thereby optimizing packet processing, enhancing network performance, and improving resource utilization.
[0032] Furthermore, the invention encompasses a smart caching mechanism that intelligently stores IP addresses and corresponding domain names, eliminating the need for repeated DNS sniffing and substantially reducing CPU consumption. The smart caching mechanism enhances the efficiency of the application detection process, leading to improved network performance and reduced processing overhead.
[0033] Additional features and advantages of the invention will be set forth in the description that follows, and in part will be apparent from the description, or may be learned by the practice of the invention. The objectives and other advantages of the invention will be realized and attained by the structure particularly pointed out in the written description and claims hereof, as well as the appended drawings.
[0034] FIG. 1 is an exemplary block diagram of an environment 100 for caching Domain Name Server (DNS) responses for application detection, according to one or more embodiments of the present invention. The environment 100 includes a network 105, a User Equipment (UE) 110, a server 115, and a system 125. The UE 110 aids a user to interact with the system 125 for transmitting at least one domain access request to a User Plane Function (UPF) unit 210 (shown in FIG.2) for accessing a desired application from a set of plurality of known applications registered in a plurality of DNS units 220 (shown in FIG.2) via the UPF unit 210. The at least one domain access request includes information of at least one data packet.
[0035] For the purpose of description and explanation, the description will be explained with respect to the plurality of UEs 110, or to be more specific will be explained with respect to a first UE 110a, a second UE 110b, and a third UE 110c, and should nowhere be construed as limiting the scope of the present disclosure. In an embodiment, each of the first UE 110a, the second UE 110b, and the third UE 110c is one of, but are not limited to, any electrical, electronic, electro-mechanical or an equipment and a combination of one or more of the above devices such as virtual reality (VR) devices, augmented reality (AR) devices, laptop, general -purpose computer, desktop, personal digital assistant, tablet computer, mainframe computer, or any other computing device.
[0036] The terms “user equipment,” and “plurality of UEs,” “first UE”, “second UE”, and “third UE” and variations thereof, as used herein, are used interchangeably, without limiting the scope of the present disclosure.
[0037] The network 105 includes, by way of example but not limitation, one or more of a wireless network, a wired network, an internet, an intranet, a public network, a private network, a packet-switched network, a circuit-switched network, an ad hoc network, an infrastructure network, a Public-Switched Telephone Network (PSTN), a cable network, a cellular network, a satellite network, a fiber optic network, or some combination thereof. The network 105 may include, but is not limited to, a Third Generation (3G), a Fourth Generation (4G), a Fifth Generation (5G), a Sixth Generation (6G), a New Radio (NR), a Narrow Band Internet of Things (NB-IoT), an Open Radio Access Network (O-RAN), and the like.
[0038] The network 105 may also include, by way of example but not limitation, at least a portion of one or more networks having one or more nodes that transmit, receive, forward, generate, buffer, store, route, switch, process, or a combination thereof, etc. one or more messages, packets, signals, waves, voltage or current levels, some combination thereof, or so forth. The network 105 may also include, by way of example but not limitation, one or more of a wireless network, a wired network, an internet, an intranet, a public network, a private network, a packet-switched network, a circuit-switched network, an ad hoc network, an infrastructure network, a Public- Switched Telephone Network (PSTN), a cable network, a cellular network, a satellite network, a fiber optic network, a VOIP or some combination thereof.
[0039] The environment 100 includes the server 115 accessible via the network 105. The server 115 may include by way of example but not limitation, one or more of a standalone server, a server blade, a server rack, a bank of servers, a server farm, hardware supporting a part of a cloud service or system, a home server, hardware running a virtualized server, one or more processors executing code to function as a server, one or more machines performing server-side functionality as described herein, at least a portion of any of the above, some combination thereof. In an embodiment, the entity may include, but is not limited to, a vendor, a network operator, a company, an organization, a university, a lab facility, a business enterprise, a defence facility, or any other facility that provides content.
[0040] The environment 100 further includes the system 125 communicably coupled to the server 115 and each of the first UE 110a, the second UE 110b, and the third UE 110c via the network 105. The system 125 is adapted to be embedded within the server 115 or is embedded as the individual entity. However, for the purpose of description, the system 125 is described as an integral part of the server 115, without deviating from the scope of the present disclosure. The system 125 is configured to cache Domain Name Server (DNS) responses for application detection.
[0041] Operational and construction features of the system 125 will be explained in detail with respect to the following figures.
[0042] Referring to FIG. 2 and FIG. 3, FIG. 2 illustrates a block diagram of an architecture 200 of the system 125 for caching DNS responses in a User Plane Function (UPF) unit 210, according to one or more embodiments of the present invention. FIG. 3 is an exemplary block diagram of the system 125 for caching DNS responses for application detection, according to one or more embodiments of the present invention. The system 125 relates to efficient caching of DNS responses in the UPF unit 210 for application detection.
[0043] The system 125 includes one or more processors 305, and a memory 310. The one or more processors 305, hereinafter referred to as the processor 305, may be implemented as one or more microprocessors, microcomputers, microcontrollers, digital signal processors, central processing units, state machines, logic circuitries, single board computers, and/or any devices that manipulate signals based on operational instructions. As per the illustrated embodiment, the system 125 includes one processor 305. However, it is to be noted that the system 125 may include multiple processors as per the requirement and without deviating from the scope of the present disclosure.
[0044] The information related to at least one domain access request from the UE 110 to the UPF unit 210 may be provided or stored in the memory 310. Among other capabilities, the processor 305 is configured to fetch and execute computer-readable instructions stored in the memory 310. The memory 310 may be configured to store one or more computer-readable instructions or routines in a non-transitory computer- readable storage medium, which may be fetched and executed to create or share data packets over a network service. The memory 310 may include any non-transitory storage device including, for example, volatile memory such as RAM, or non-volatile memory such as EPROMs, FLASH memory, unalterable memory, and the like.
[0045] The database 340 is configured to store the at least one domain access request to the UPF unit 210 which is transmitted by the UE 110. Further, the database 340 provides structured storage, support for complex queries, and enables efficient data retrieval and analysis. The database 340 is one of, but is not limited to, one of a centralized database, a cloud-based database, a commercial database, an open-source database, a distributed database, an end-user database, a graphical database, a No- Structured Query Language (NoSQL) database, an object-oriented database, a personal database, an in-memory database, a document-based database, a time series database, a wide column database, a key value database, a search database, a cache databases, and so forth. The foregoing examples of database types are non-limiting and may not be mutually exclusive e.g., a database can be both commercial and cloudbased, or both relational and open-source, etc.
[0046] Further, the processor 305, in an embodiment, may be implemented as a combination of hardware and programming (for example, programmable instructions) to implement one or more functionalities of the processor 305. In the examples described herein, such combinations of hardware and programming may be implemented in several different ways. For example, the programming for the processor 305 may be processor-executable instructions stored on a non-transitory machine-readable storage medium and the hardware for processor 305 may comprise a processing resource (for example, one or more processors), to execute such instructions. In the present examples, the memory 310 may store instructions that, when executed by the processing resource, implement the processor 305. In such examples, the system 125 may comprise the memory 310 storing the instructions and the processing resource to execute the instructions, or the memory 310 may be separate but accessible to the system 125 and the processing resource. In other examples, the processor 305 may be implemented by electronic circuitry.
[0047] In order for the system 125 to cache DNS responses for application detection, the processor 305 includes the UPF unit 210, and the plurality of DNS units 220. The UPF unit 210 is connected with the plurality of UEs 110 and the plurality of DNS units 220 via the first interface unit 240 and the second interface unit 250 respectively. In an embodiment, the first interface unit 240 includes, but not limited to, a N3 interface. The N3 interface is an interface defined within Third Generation Partnership Projects (3GPP) specifications for communication between a Next-Generation Node B (gNB) and the UPF 210. The UPF unit 210 is a key component of a 5G core network responsible for handling user plane traffic. In the first interface unit 240, the plurality of UEs 110 forwards user data packets to the UPF unit 210, ensuring seamless data transmission. The information related to the at least one domain access request from the UE 110 to the UPF unit 210 is rendered via the first interface unit 240.
[0048] As per one embodiment, the second interface unit 250 includes, but not limited to, a N6 interface. The N6 interface is a portion of the 5G network that carries data from the UPF unit 210 to the each of the DNS unit of the plurality of DNS units 22O.The second interface unit 250 provides connectivity between the UPF unit 210 and the plurality of DNS units 220. The information related to queries and responses of the UE 110, as well as queries and responses of the UPF unit 210 is rendered via the second interface unit 250. The UPF unit 210 is connected to the plurality of DNS units 220 to facilitate communication for both queries and responses of the UE 110, as well as queries and responses of the UPF unit 210.
[0049] The UPF unit 210 is responsible for accurately identifying applications, managing and processing user data traffic between the plurality of UEs 110 and the each of the DNS unit of the plurality of DNS units 220 or services accessed by the user. The UPF unit 210 is the key component in 5G networks responsible for packet forwarding, traffic routing, and other data-related functions. The UPF unit 210 is a Virtual Network Function (VNF) that offers a high-performance forwarding engine for user traffic. The UPF unit 210 uses at least one of, but not limited to, Vector Packet Processing (VPP) technology to achieve ultra-fast packet forwarding while retaining compatibility with all the user plane functionality. The UPF unit 210 facilitates data transmission, ensures efficient routing, and implements quality of service (QoS) policies for various other standard defined Third Generation Partnership Project (3GPP) functionalities.
[0050] The term “3GPP” is a 3rd Generation Partnership Project or 3GPP and is a collaborative project between a group of telecommunications associations with the initial goal of developing globally applicable specifications for Third Generation (3G) mobile systems. 3GPP specifications cover cellular telecommunications technologies, including radio access, core network, and service capabilities, which provide a complete system description for mobile telecommunications. The 3GPP specifications also provide hooks for non-radio access to the core network, and for networking with non-3GPP networks.
[0051] Each of the DNS unit of the plurality of DNS units 220 is a hierarchical decentralized naming system for computers, services, or any resource connected to the internet or a private network. Each of the DNS unit of the plurality of DNS units 220 translates domain names into IP addresses, enabling users to access websites and other internet resources using human-readable names. For example, when users type domain names such as 'example.com' into the browsers, Each of the DNS unit of the plurality of DNS units 220 is responsible for finding the correct IP address for those sites. In a typical DNS query without any caching, there are four servers that work together to deliver the IP address to a client. Further, each of the DNS unit of the plurality of DNS units 220 include a primary DNS server, a secondary DNS server, a public DNS server, and a root DNS server or a top-Level DNS server.
[0052] In one embodiment, the UPF unit 210 includes a receiving module 320, a determining module 325, and a caching module 330 communicably coupled to each other for receiving at least one domain access request from at least one of the plurality of UEs 110, determining a destination Internet Protocol (IP) address of at least one data packet pertaining to the at least one domain access request, and caching one or more responses received from the each of the DNS unit of the plurality of DNS units 220.
[0053] The receiving module 320, the determining module 325, the caching module 330, and each of the DNS unit of the plurality of DNS units 220 in an embodiment, may be implemented as a combination of hardware and programming (for example, programmable instructions) to implement one or more functionalities of the processor 305. In the examples described herein, such combinations of hardware and programming may be implemented in several different ways. For example, the programming for the processor 305 may be processor-executable instructions stored on a non-transitory machine -readable storage medium and the hardware for the processor may comprise a processing resource (for example, one or more processors), to execute such instructions. In the present examples, the memory 310 may store instructions that, when executed by the processing resource, implement the processor. In such examples, the system 125 may comprise the memory 310 storing the instructions and the processing resource to execute the instructions, or the memory 310 may be separate but accessible to the system 125 and the processing resource. In other examples, the processor 305 may be implemented by electronic circuitry.
[0054] The receiving module 320 of the UPF unit 210 is configured to receive at least one domain access request from at least one of the plurality of UEs 110. In an embodiment, the at least one domain access request includes information of at least one data packet. On receiving the at least one domain access request from the at least one of the plurality of UEs 110, the determining module 325 is configured to determine a destination Internet Protocol (IP) address of the at least one data packet pertaining to the at least one domain access request by raising a first set of DNS queries to the each of the DNS unit of the plurality of DNS units 220. In an embodiment, the first set of DNS queries are raised by the DNS cache unit 230 in the UPF unit 210.
[0055] In an exemplary embodiment, when a user enters a domain name, such as example.com, into a browser the browser utilizes the first set of DNS queries to locate the IP address for that domain name. As the UE 110 is not aware of the IP address, the UE 110 is configured to transmit the first set of DNS queries to the UPF unit 210. Thereafter, the UPF unit 210 transmits the first set of DNS queries to the DNS unit 220. The DNS unit 220 of the domain checks within the database 340 and determines an entry for example.com, which has an IP address. The DNS unit 220 is configured to transmit the determined IP address to the UE 110.
[0056] In one embodiment, the first set of DNS queries are raised only for domains and URLs for which application detection is required, thus avoiding the unnecessary opening of all DNS packets and reducing CPU consumption. The DNS queries are a request for information sent from the UE 110 to the each of the DNS unit of the plurality of DNS units 220. For example, each time the user enters the domain name into the browser, such as example.com, the browser makes the first set of DNS queries to locate the IP address for that domain name. The first set of DNS queries are usually of different types, e.g. Single A (which gives ipv4 type output), and Quad A queries (for ipv6). The Single A (Address) record is a type of DNS record that maps the domain name to a single IPv4 address. When the first set of DNS queries requests the A record for a specific domain, the DNS unit 220 responds with the corresponding IPv4 address. The DNS unit 220 allows devices to locate and communicate with a domain's host server. For example, if the user wants to visit "example.com," the UE 110 sends the first set of DNS queries for the A record of "example.com." The DNS unit 220 responds with the IPv4 address, which the UE 110 of the user can use to establish a connection to a website's server.
[0057] The Quad A queries refer to the first set of DNS queries that request a Quad A (IPv6 Address) record. The Quad A record maps the domain name to an IPv6 address, similar to how an A record maps the domain name to the IPv4 address. When the first set of DNS queries requests the Quad A record for a specific domain, the DNS unit 220 responds with the corresponding IPv6 address. The DNS unit 220 allows devices to locate and communicate with the domain's host server using the IPv6 protocol. For example, if the user wants to visit "example.com" and the UE 110 sends the first set of DNS queries for the Quad A record, the DNS unit 220 might respond with the IPv6 address. The UE 110 of the user can use the IPv6 address to establish a connection to the website's server.
[0058] The DNS cache unit 230 is a temporary storage mechanism used by the UE 110 to store previously resolved DNS queries. When the UE 110 requests the IP address corresponding to the domain name, the each of the DNS unit of the plurality of DNS units 220 is responsible for handling the request which stores in the DNS cache unit 230 for future reference. [0059] On determining the destination IP address of the at least one data packet pertaining to the at least one domain access request by the determining module 325, the caching module 330 is configured to cache one or more responses received from the each of the DNS unit of the plurality of DNS units 220 pertaining to the first set of DNS queries in the DNS cache unit 230. In one embodiment, the one or more responses pertain to a domain name corresponding to the destination IP address of the at least one data packet. The one or more responses pertain to the domain name is mapped onto the corresponding destination IP address in the each of the DNS unit of the plurality of DNS units 220. The UPF unit 210 is configured to retrieve the domain name mapped onto the corresponding destination IP address based on matching the destination IP address against the domain name to an IP address mapping table at the each of the DNS unit of the plurality of DNS units 220.
[0060] Upon receiving the at least one domain access request, the UPF unit 210 is configured to detect an application by utilizing the domain name corresponding to the destination IP address of the at least one data packet. Further, the UPF unit 210 is configured to raise a second set of DNS queries to update the DNS cache unit 230 for identifying entries of the IP addresses in the database 340. The second set of DNS queries are directed towards a set of plurality of known applications registered in the each of the DNS unit of the plurality of DNS units 220. The UPF unit 210 is configured to cache the one or more responses to the second set of DNS queries in the DNS cache unit 230.
[0061] The UPF unit 210 is configured to retain information in the DNS cache unit 230 for a pre-defined time period before updating the DNS cache unit 230. The DNS cache unit 230 is maintained in a standby UPF unit 260 in the event of a failure or restart. The standby UPF unit 260 is a secondary or backup instance of a UPF that is kept ready to take over user plane operations in case the active UPF unit 270 encounters issues or fails. The UPF unit 210 is a critical component in the 5G core network responsible for routing user data packets to and from the data network and the 5G radio access network (RAN). The standby UPF unit 260 ensures high availability and reliability of the network 105 by providing a seamless failover mechanism, which ensures a seamless switch-over from an active UPF unit 270 to the standby UPF unit 260 in the event of the failure or restart, resulting in reduced latency and uninterrupted application detection.
[0062] As per the illustrated embodiments, the each of the DNS unit of the plurality of DNS units 220 are load balanced and the cache at each of the DNS unit 220 are maintained independently. In the event, the first set of DNS queries from the UE 110 and the UPF 210 may land on each of the DNS unit of the plurality of DNS units leading to different results. The UPF unit 210 generates the first set of queries and the second set of queries with a varied 5 -tuple information. The 5 -tuple information refers to a set of five elements that uniquely identify a network connection or flow in a communication system. These elements are commonly used in networking protocols, such as a Transmission Control Protocol (TCP) and a User Datagram Protocol (UDP), to differentiate between different data streams. The 5-tuple information includes a source IP address, a destination IP address, a source port number, a destination port number, and a protocol. The UPF unit 210 transmits all the set of queries to the each of the DNS unit of the plurality of DNS units 220 and maintains a consistent and up- to-date DNS cache unit 230 in the UPF unit 210.
[0063] By doing so, the system 125 optimizes the application detection process in the UPF unit 210 by leveraging caching techniques, smart query generation, dynamic updating, and high availability configurations. Through these measures, the UPF unit 210 achieves efficient processing of network traffic, reduced CPU consumption, and improved performance in application detection for enhanced user experience.
[0064] FIG. 4 is a schematic representation of the present system of FIG.3, according to one or more embodiments of the present invention. Referring to FIG. 3, describes the system 125 for caching DNS responses for application detection. It is to be noted that the embodiment with respect to FIG. 3 will be explained with respect to the first UE 110a for the purpose of description and illustration and should nowhere be construed as limited to the scope of the present disclosure. [0065] As mentioned earlier in FIG.l, each of the first UE 110a, the second UE 110b, and the third UE 110c may include an external storage device, a bus, a main memory, a read-only memory, a mass storage device, communication port(s), and a processor. The exemplary embodiment as illustrated in the FIG. 4 will be explained with respect to the first UE 110a. The first UE 110a includes one or more primary processors 405 communicably coupled to the one or more processors 305 of the system 125.
[0066] The one or more primary processors 405 are coupled with a memory unit 410 storing instructions which are executed by the one or more primary processors 405. Execution of the stored instructions by the one or more primary processors 405 enables the first UE 110a to send the at least one domain access request to the UPF unit 210 for accessing a desired application from the set of plurality of known applications registered in the each of the DNS unit of the plurality of DNS unit 220 via the UPF unit 210. The at least one domain access request includes information of at least one data packet.
[0067] As mentioned earlier in FIG. 3, the one or more processors 305 of the system 125 is configured to receive the at least one domain access request from the at least one of the plurality of UEs 110, determine the destination IP address of the at least one data packet pertaining to the at least one domain access request by raising the first set of DNS queries to the each of the DNS unit of the plurality of DNS units 220, and cache the one or more responses received from the each of the DNS unit of the plurality of DNS units 220 pertaining to the first set of DNS queries in the DNS cache unit 230.
[0068] As per the illustrated embodiment, the system 125 includes the one or more processors 305, the memory 310, and the second interface unit 250. The operations and functions of the one or more processors 305, the memory 310, and the second interface unit 250 are already explained in FIG. 3. For the sake of brevity, a similar description related to the working and operation of the system 125 as illustrated in FIG. 3 has been omitted to avoid repetition. [0069] Further, the processor 305 includes the UPF unit 210, and the each of the DNS unit of the plurality of DNS units 220. The UPF unit 210 includes the receiving module 320, the determining module 325, and the caching module 330. The operations and functions of the receiving module 320, the determining module 325, and the caching module 330 are already explained in FIG. 3. Hence, for the sake of brevity, a similar description related to the working and operation of the system 125 as illustrated in FIG. 3 has been omitted to avoid repetition. The limited description provided for the system 125 in FIG. 4, should be read with the description provided for the system 125 in the FIG. 3 above, and should not be construed as limiting the scope of the present disclosure.
[0070] FIG. 5 is a flow diagram illustrating a method of caching Domain Name Server (DNS) responses for application detection, according to one or more embodiments of the present invention.
[0071] At step 505, the method 500 includes the step of establishing the connection with the plurality of UEs 110 and the each of the DNS unit of the plurality of DNS units 220 via the first interface unit 240 and the second interface unit 250 respectively by the UPF unit 210. In an embodiment, the first interface unit 240 includes, but not limited to, the N3 interface. In the first interface unit 240, the plurality of UEs 110 forwards user data packets to the UPF unit 210, ensuring seamless data transmission. The information related to the at least one domain access request from the UE 110 to the UPF unit 210 is rendered via the first interface unit 240.
[0072] As per one embodiment, the second interface unit 250 includes, but not limited to, the N6 interface. The second interface unit 250 provides connectivity between the UPF unit 210 and the each of the DNS unit of the plurality of DNS units 220. The information related to queries and responses of the UE 110, as well as queries and responses of the UPF unit 210 is rendered via the second interface unit 250. The UPF unit 210 is connected to the each of the DNS unit of the plurality of DNS units 220 to facilitate communication for both queries and responses of the UE 110, as well as queries and responses of the UPF unit 210. [0073] At step 510, the method 500 includes the step of receiving at least one domain access request from at least one of the plurality of UEs 110 by the receiving module 320 of the UPF unit 210. On receiving the at least one domain access request from the at least one of the plurality of UEs 110, the determining module 325 is configured to determine the destination Internet Protocol (IP) Address of the at least one data packet.
[0074] At step 515, the method 500 includes the step of determining the destination IP address of the at least one data packet pertaining to the at least one domain access request by raising the first set of DNS queries to the each of the DNS unit of the plurality of DNS units 220. In an embodiment, the first set of DNS queries are raised by the DNS cache unit 230 in the UPF unit 210. In one embodiment, the first set of DNS queries are raised only for domains and URLs for which application detection is required, thus avoiding the unnecessary opening of all DNS packets and reducing CPU consumption. The DNS cache unit 230 is a temporary storage mechanism used by the UE 110 to store previously resolved DNS queries. When the UE 110 requests the IP address corresponding to the domain name, the each of the DNS unit of the plurality of DNS units 220 is responsible for handling the request which stores in the DNS cache unit 230 for future reference.
[0075] At step 520, the method 500 includes the step of caching the one or more responses received from the each of the DNS unit of the plurality of DNS units 220 pertaining to the first set of DNS queries in the DNS cache unit 230 by the caching module 330. The one or more responses pertain to the domain name is mapped onto the corresponding destination IP address in the each of the DNS unit of the plurality of DNS units 220. The UPF unit 210 is configured to retrieve the domain name mapped onto the corresponding destination IP address based on matching the destination IP address against the domain name to an IP address mapping table at the each of the DNS unit of the plurality of DNS units 220.
[0076] Upon receiving the at least one domain access request, the UPF unit 210 is configured to detect an application by utilizing the domain name corresponding to the destination IP address of the at least one data packet. Further, the UPF unit 210 is configured to raise the second set of DNS queries to update the DNS cache unit 230 for identifying entries of the IP addresses in the database 340. The second set of DNS queries are directed towards the set of plurality of known applications registered in the each of the DNS unit of the plurality of DNS units 220. The UPF unit 210 is configured to cache the one or more responses to the second set of DNS queries in the DNS cache unit 230.
[0077] The UPF unit 210 is configured to retain information in the DNS cache unit 230 for the pre-defined time period before updating the DNS cache unit 230. The DNS cache unit 230 is maintained in the standby UPF unit 260 in the event of the failure or restart. This redundancy ensures a seamless switch-over from the active UPF unit 270 to the standby UPF unit 260 in the event of the failure or restart, resulting in reduced latency and uninterrupted application detection.
[0078] As per the illustrated embodiment, the each of the DNS unit of the plurality of DNS units 220 are load balanced and the cache at each of the DNS unit 220 are maintained independently. In the event, the DNS query from the UE 110 and the UPF 210 may land on each of the DNS unit of the plurality of DNS units 220 leading to different results. The UPF unit 210 generates the first set of queries and the second set of queries with varied 5-tuple information. The UPF unit 210 transmits all the set of queries on the each of the DNS unit of the plurality of DNS units 220 and maintain a consistent and up-to-date DNS cache unit 230 in the UPF unit 210. By doing so, the system 125 optimizes the application detection process in the UPF unit 210 by leveraging caching techniques, smart query generation, dynamic updating, and high availability configurations.
[0079] Through these measures, the UPF unit 210 achieves efficient processing of network traffic, reduced CPU consumption, and improved performance in application detection for enhanced user experience. By doing so, the method 500 optimizes the application detection process in the UPF unit 210 by leveraging caching techniques, smart query generation, dynamic updating, and high availability configurations. By following these steps, the UPF unit 210 achieves efficient processing of network traffic, reduced CPU consumption, and improved performance in application detection, leading to an enhanced user experience.
[0080] The present invention further discloses a non-transitory computer-readable medium having stored thereon computer-readable instructions. The computer- readable instructions are executed by a processor 305. The processor 305 is configured to establish a connection with each of a plurality of User Equipments (UEs) 110 and a each of the DNS unit of the plurality of DNS units 220. The processor 305 is configured to receive at least one domain access request from at least one of the plurality of UEs 110. The at least one domain access request includes information of at least one data packet. The processor 305 is configured to determine a destination Internet Protocol (IP) address of the at least one data packet pertaining to the at least one domain access request by raising a first set of DNS queries to the each of the DNS unit of the plurality of DNS units 220. The processor 305 is configured to cache one or more responses received from the each of the DNS unit of the plurality of DNS units 220 pertaining to the first set of DNS queries in a DNS cache unit 230.
[0081] A person of ordinary skill in the art will readily ascertain that the illustrated embodiments and steps in description and drawings (FIG.1-5) are set out to explain the exemplary embodiments shown, and it should be anticipated that ongoing technological development will change the manner in which particular functions are performed. These examples are presented herein for purposes of illustration, and not limitation. Further, the boundaries of the functional building blocks have been arbitrarily defined herein for the convenience of the description. Alternative boundaries can be defined so long as the specified functions and relationships thereof are appropriately performed. Alternatives (including equivalents, extensions, variations, deviations, etc., of those described herein) will be apparent to persons skilled in the relevant art(s) based on the teachings contained herein. Such alternatives fall within the scope and spirit of the disclosed embodiments.
[0082] The present disclosure incorporates technical advancement of caching DNS responses received from the each of the DNS unit of the plurality of DNS units by generating the first set of DNS queries in the DNS cache unit, thereby optimizing packet processing, enhancing network performance, and improving resource utilization. By generating its own DNS queries and maintaining the DNS queries in the DNS cache unit, the UPF unit avoids the CPU-intensive task of sniffing and analysing of all DNS packets, which reduces processing overhead and enhances the efficiency of application detection. This significantly reduces CPU consumption, allowing the UPF unit to allocate its resources more efficiently.
[0083] Furthermore, the invention encompasses a smart caching mechanism that intelligently stores IP addresses and corresponding domain names, eliminating the need for repeated DNS sniffing and substantially reducing CPU consumption. The smart caching mechanism enhances the efficiency of the application detection process, leading to improved network performance and reduced processing overhead.
[0084] Overall, the invention offers advantages such as improved performance, reduced CPU consumption, quick cache building, dynamic cache maintenance, high availability support, and effective handling of load-balanced DNS units. These benefits contribute to enhanced application detection efficiency and an optimized user experience.
[0085] The present invention offers multiple advantages over the prior art and the above listed are a few examples to emphasize on some of the advantageous features. The listed advantages are to be read in a non-limiting manner.
REFERENCE NUMERAES
[0086] Environment - 100;
[0087] Network - 105;
[0088] User Equipment - 110;
[0089] Server - 115;
[0090] System -125;
[0091] User Plane Function (UPF) unit - 210;
[0092] Plurality of DNS units- 220;
[0093] DNS cache unit- 230;
[0094] First interface unit - 240;
[0095] Second interface unit- 250;
[0096] Standby UPF unit-260;
[0097] Active UPF unit-270;
[0098] Processor-305;
[0099] Memory-310;
[00100] Receiving module -320;
[00101] Determining module- 325;
[00102] Caching module-330;
[00103] Database- 340;
[00104] Primary processor- 405;
[00105] Memory unit-410.

Claims

We claim:
1. A method (500) of caching Domain Name Sever (DNS) responses for application detection, the method (500) comprising the steps of: establishing (505), by a User Plane Function (UPF) unit (210), a connection with a plurality of User Equipments (UEs) (110) and a plurality of DNS units (220); receiving (510), by the UPF unit (210), at least one domain access request from at least one of the plurality of UEs (110), wherein the least one domain access request includes information of at least one data packet; determining (515), by the UPF unit (210), a destination Internet Protocol (IP) address of the at least one data packet pertaining to the at least one domain access request, by raising a first set of DNS queries to the plurality of DNS units (220), wherein the first set of DNS queries are generated by the UPF unit (210); and caching (520), by the UPF unit (210), one or more responses received from the plurality of DNS units (220) pertaining to the first set of DNS queries in a DNS cache unit (230), wherein the one or more responses pertain to a domain name corresponding to the destination IP address of the at least one data packet.
2. The method (500) as claimed in claim 1, wherein the UPF unit (210) is connected with the plurality of UEs (110) and the plurality of DNS units (230) via a first interface unit (240) and a second interface unit (250), respectively.
3. The method (500) as claimed in claim 1 , wherein, upon receiving the at least one domain access request, the UPF unit (210) is configured to detect an application by utilizing the domain name corresponding to the destination IP address of the at least one data packet pertaining to the at least one domain access request stored in the DNS cache unit (230).
4. The method (500) as claimed in claim 1, wherein the UPF unit (210) is configured to raise a second set of DNS queries to update the DNS cache unit (230), wherein the second set of DNS queries are directed towards a set of plurality of known applications registered in the plurality of DNS units (220).
5. The method (500) as claimed in claim 4, wherein the UPF unit (210) is configured to cache responses to the second set of DNS queries in the DNS cache unit (230).
6. The method (500) as claimed in claim 1, wherein the UPF unit (210) is configured to retain information in the DNS cache unit (230) for a pre-defined time period before updating the DNS cache unit (230).
7. The method (500) as claimed in claim 1, wherein the DNS cache unit (230) is maintained in a standby UPF unit (260) as backup in events of a failure or restart.
8. The method (500) as claimed in claim 1, wherein the one or more responses pertain to the domain name mapped onto the corresponding destination IP address in the plurality of DNS units (220).
9. The method (500) as claimed in claim 8, wherein the UPF unit (210), retrieves the domain name mapped onto the corresponding destination IP address based on, matching the destination IP address against a domain name to IP address mapping table at the plurality of DNS units (220).
10. A system (125) for caching domain name sever (DNS) responses for application detection, the system (125) comprising: a plurality of DNS units (220); a User Plane Function (UPF) unit (210) in connection with the plurality of UEs (110) and the plurality of DNS units (220), wherein the UPF unit (210) is configured to: a receiving module (320) is configured to receive, at least one domain access request from at least one of the plurality of UEs (110), wherein the least one domain access request includes information of at least one data packet; a determining module (325) is configured to determine, a destination Internet Protocol (IP) address of the at least one data packet pertaining to the at least one domain access request by raising a first set of DNS queries to the plurality of DNS units (220); and a caching module (330) is configured to cache, one or more responses received from the plurality of DNS units (220) pertaining to the first set of DNS queries in a DNS cache unit (230), wherein the one or more responses pertain to a domain name corresponding to the destination IP address of the at least one data packet.
11. The system (125) as claimed in claim 10, wherein the UPF unit (210) is connected with the plurality of UEs (110) and the plurality of DNS units (220) via a first interface unit (240) and a second interface unit (250) respectively.
12. The system (125) as claimed in claim 10, wherein the UPF unit (210) is configured to detect an application by utilizing the domain name corresponding to the destination IP address of the at least one data packet pertaining to the at least one domain access request, stored in the DNS cache unit (230), on receiving at least one domain access request.
13. The system (125) as claimed in claim 10, wherein the UPF unit (210) is configured to raise a second set of DNS queries to update the DNS cache unit (230), wherein the second set of DNS queries are directed towards a set of plurality of known applications registered in the plurality of DNS units (220).
14. The system (125) as claimed in claim 13, wherein the UPF unit (210) is configured to cache responses to the second set of DNS queries in the DNS cache unit (230).
15. The system (125) as claimed in claim 10, wherein the UPF unit (210) is configured to retain information in the DNS cache unit (230) for a pre-defined time period before updating the DNS cache unit (230).
16. The system (125) as claimed in claim 10, wherein the DNS cache unit (230) is maintained in a standby UPF unit (260) in the event of a failure or restart.
17. The system (125) as claimed in claim 10, wherein the one or more responses pertain to the domain name mapped onto the corresponding destination IP address in the plurality of DNS units (220).
18. The system (125) as claimed in claim 17, wherein the UPF unit (210), retrieves the domain name mapped onto the corresponding destination IP address based on, matching the destination IP address against a domain name to IP address mapping table at the plurality of DNS units (220).
19. A plurality of User Equipment’s (UEs) (110) to communicate with the UPF unit (210), the plurality of UEs (110) comprises of: one or more primary processors (405), having a memory unit (410), communicatively coupled to the UPF unit (210), wherein said memory unit (410) stores instructions which when executed by the one or more primary processors (405) causes the UE (110) to: send, at least one domain access request to the UPF unit (210) for accessing a desired application from a set of plurality of known applications registered in a plurality of DNS unit (220) via the UPF unit (210), wherein the at least one domain access request includes information of at least one data packet; and wherein the UPF unit (210) is further configured to perform the steps as claimed in claim 1.
20. A non-transitory computer-readable medium having stored thereon computer- readable instructions that, when executed by a processor (305), causes the processor (305) to: establish, by the processor (305), a connection with a plurality of User Equipments (UEs) (110) and a plurality of DNS units (220); receive, by the processor (506), at least one domain access request from at least one of the plurality of UEs (110), wherein the least one domain access request includes information of at least one data packet; determine, by the processor (506), a destination Internet Protocol (IP) address of the at least one data packet pertaining to the at least one domain access request, by raising a first set of DNS queries to the plurality of DNS units (220), wherein the first set of DNS queries are generated by the UPF unit (210); and cache, by the processor (506), one or more responses received from the plurality of DNS units (220) pertaining to the first set of DNS queries in a DNS cache unit (230), wherein the one or more responses pertain to a domain name corresponding to the destination IP address of the at least one data packet.
PCT/IN2024/050958 2023-07-05 2024-06-27 System and method of caching dns responses for application detection Pending WO2025008970A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
IN202321045199 2023-07-05
IN202321045199 2023-07-05

Publications (1)

Publication Number Publication Date
WO2025008970A1 true WO2025008970A1 (en) 2025-01-09

Family

ID=94171847

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/IN2024/050958 Pending WO2025008970A1 (en) 2023-07-05 2024-06-27 System and method of caching dns responses for application detection

Country Status (1)

Country Link
WO (1) WO2025008970A1 (en)

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP4156649A2 (en) * 2017-10-27 2023-03-29 Huawei Technologies Co., Ltd. Domain name access method and device

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP4156649A2 (en) * 2017-10-27 2023-03-29 Huawei Technologies Co., Ltd. Domain name access method and device

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
RICARDO HARRILAL-PARCHMENT; DIANA PINEDA; KEMAL AKKAYA; ABDULLAH AYDEGER; ALEXANDER PEREZ-PONS: "Bringing DNS Service to 5G Edge for Reduced Latencies in mMTC Applications", ARXIV.ORG, CORNELL UNIVERSITY LIBRARY, 201 OLIN LIBRARY CORNELL UNIVERSITY ITHACA, NY 14853, 30 May 2023 (2023-05-30), 201 Olin Library Cornell University Ithaca, NY 14853, XP091524373 *
TECHLTEWORLD: "UPF (User Plane Function) In 5G-NR", 13 April 2023 (2023-04-13), XP093261806, Retrieved from the Internet <URL:https://techlteworld.com/upf-user-plane-function-in-5g-nr/> *

Similar Documents

Publication Publication Date Title
CN110351283B (en) Data transmission method, device, equipment and storage medium
US10015243B2 (en) Optimized content distribution based on metrics derived from the end user
US9172632B2 (en) Optimized content distribution based on metrics derived from the end user
CN110049022B (en) Domain name access control method and device and computer readable storage medium
CN107613037B (en) Domain name redirection method and system
US11134117B1 (en) Network request intercepting framework for compliance monitoring
US10616128B2 (en) Method and system for identifying network resources
WO2020088170A1 (en) Domain name system configuration method and related apparatus
WO2017096888A1 (en) Method and device for implementing domain name system
US11768890B2 (en) Method and server apparatus for dynamically identifying pop-out links in networked applications via lookup
CN109413224B (en) Message forwarding method and device
US10333966B2 (en) Quarantining an internet protocol address
US20160197989A1 (en) Managing traffic-overload on a server
US10404651B2 (en) Domain name system network traffic management
CN114301872B (en) Domain name based access method and device, electronic equipment and storage medium
CN114448849A (en) Website IPv6 network support mode detection method and electronic device
CN115190107B (en) Multi-subsystem management method based on extensive domain name, management terminal and readable storage medium
WO2025008970A1 (en) System and method of caching dns responses for application detection
JP2017118248A (en) Device, method and program for name resolution
CN119155279A (en) Domain name management method and related equipment
US10298539B2 (en) Passive delegations and records
US10958580B2 (en) System and method of performing load balancing over an overlay network
US12261818B2 (en) System and method of discovering a network asset from a network sample
CN114650271B (en) Global load DNS neighbor site learning method and device
EP3657741B1 (en) Data packet routing method and data packet routing device

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 24835691

Country of ref document: EP

Kind code of ref document: A1