Systems and methods to forward packets not passed by criteria-based filters in packet forwarding systems

US 10,447,617 B2
Filed: 05/07/2018
Issued: 10/15/2019
Est. Priority Date: 05/27/2015
Status: Active Grant

First Claim

Patent Images

1. A packet forwarding system for network packets, comprising:

one or more servers hosting one or more virtual host hardware systems operating to provide one or more virtual machine platforms;

wherein the one or virtual machine platforms comprise;

input ports having receive packets from one or more network sources as inputs;

output ports having send packets to one or more network destinations as outputs;

filter engines coupled to determine how packets are forwarded from the input ports to the output ports based upon packet forwarding rules;

a user interface to allow configuration of filters, the filters comprising at least one of;

a first set of filters comprising one or more pass-by-criteria (PBC) filters and a pass unmatched PBC filter coupled to a common input port;

each PBC filter passing received packets that match at least one criterion relating to the received packets from the common input port to at least one output port; and

the pass unmatched PBC filter passing received packets that do not match any of the PBC filters from the common input port to at least one output port;

ora second set of filters comprising one or more deny by-criteria (DBC) filters and a pass matched DBC filter coupled to a common input port;

each DBC filter passing received packets that do not match at least one criterion relating to the received packets from the common input port to at least one output port; and

the pass matched DBC filter passing received packets that match all of the DBC filters from the common input port to at least one output port; and

a filter processor having packet forwarding rules as an output applied to the filter engines, the packet forwarding rules being based upon the filters;

wherein the filters include the first set of filters and the second set of filters; and

wherein the at least one output port for the pass unmatched PBC filter is different from the at least one output port for the PBC filters, and the at least one output port for the pass matched DBC filter is different from the at least one output port for the DBC filters.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and methods are disclosed to forward packets not passed by criteria-based filters in packet forwarding systems. The disclosed embodiments include one or more Not Passed By Criteria (NPBC) filters that are defined for input ports along with one or more criteria-based filters, such as for example, Pass by Criteria (PBC) filters and/or Deny by Criteria filters (DBC), that forward packets not passed by these criteria-based filters. NPBC filters include, for example, Pass Unmatched PBC filters associated with PBC filters and configured to forward packets not passed by PBC filters and/or Pass Matched DBC filters associated with DBC filters and configured to forward packets not passed by DBC filters. Using one or more NPBC filters within the disclosed embodiments, packet data that is not being passed along to output ports by the criteria-based filters can be easily passed to one or more designated output ports.

62 Citations

12 Claims

1. A packet forwarding system for network packets, comprising:
- one or more servers hosting one or more virtual host hardware systems operating to provide one or more virtual machine platforms;
  
  wherein the one or virtual machine platforms comprise;
  
  input ports having receive packets from one or more network sources as inputs;
  
  output ports having send packets to one or more network destinations as outputs;
  
  filter engines coupled to determine how packets are forwarded from the input ports to the output ports based upon packet forwarding rules;
  
  a user interface to allow configuration of filters, the filters comprising at least one of;
  
  a first set of filters comprising one or more pass-by-criteria (PBC) filters and a pass unmatched PBC filter coupled to a common input port;
  
  each PBC filter passing received packets that match at least one criterion relating to the received packets from the common input port to at least one output port; and
  
  the pass unmatched PBC filter passing received packets that do not match any of the PBC filters from the common input port to at least one output port;
  
  ora second set of filters comprising one or more deny by-criteria (DBC) filters and a pass matched DBC filter coupled to a common input port;
  
  each DBC filter passing received packets that do not match at least one criterion relating to the received packets from the common input port to at least one output port; and
  
  the pass matched DBC filter passing received packets that match all of the DBC filters from the common input port to at least one output port; and
  
  a filter processor having packet forwarding rules as an output applied to the filter engines, the packet forwarding rules being based upon the filters;
  
  wherein the filters include the first set of filters and the second set of filters; and
  
  wherein the at least one output port for the pass unmatched PBC filter is different from the at least one output port for the PBC filters, and the at least one output port for the pass matched DBC filter is different from the at least one output port for the DBC filters.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The packet forwarding system of claim 1, wherein the at least one output port for the pass unmatched PBC filter is different from the at least one output port for the PBC filters.
  - 3. The packet forwarding system of claim 1, wherein criteria for the one or more PBC filters comprises at least one or more of a virtual local area network (VLAN) identifier, a destination port, or a protocol.
  - 4. The packet forwarding system of claim 1, wherein the at least one output port for the pass matched DBC filter is different from the at least one output port for the DBC filters.
  - 5. The packet forwarding system of claim 1, wherein criteria for the one or more DBC filters comprises at least one or more of a virtual local area network (VLAN) identifier, a destination port, or a protocol.
  - 6. The packet forwarding system of claim 1, wherein criteria for the one or more PBC filters comprises at least one or more of a virtual local area network (VLAN) identifier, a destination port, or a protocol;
    - and wherein criteria for the one or more DBC filters comprises at least one or more of a virtual local area network (VLAN) identifier, a destination port, or a protocol.

7. A method to forward network packets within a packet forwarding system, comprising:
- operating one or more servers to host one or more virtual host hardware systems to provide one or more virtual machine platforms; and
  
  with the one or virtual machine platforms;
  
  allowing a user to define filters through a user interface for a packet forwarding system, the filters comprising at least one of;
  
  a first set of filters comprising one or more pass-by-criteria (PBC) filters and a pass unmatched PBC filter coupled to a common input port,each PBC filter passing received packets that match at least one criterion relating to the received packets from the common input port to at least one output port, andthe pass unmatched PBC filter passing received packets that do not match any of the PBC filters from the common input port to at least one output port;
  
  ora second set of filters comprising one or more deny-by-criteria (DBC) filters and a pass matched DBC filter coupled to a common input port,each DBC filter passing received packets that do not match at least one criterion relating to the received packets from the common input port to at least one output port, andthe pass matched DBC filter passing received packets that match all of the DBC filters from the common input port to at least one output port;
  
  generating packet forwarding rules based upon the filters;
  
  applying the packet forwarding rules to filter engines within the packet forwarding system, the filter engines determining how packets are forwarded between input ports and output ports within the packet forwarding system;
  
  receiving, with the common input port, packets from one or more network sources; and
  
  outputting the packets based upon the filters;
  
  wherein the filters include the first set of filters and the second set of filters;
  
  wherein the outputting comprises passing received packets to at least one output port for the packet forwarding system based upon the one or more PBC filters and the one or more DBC filters, forwarding received packets that do not match any of the one or more PBC filters to at least one output port based upon the pass unmatched PBC filter, and forwarding received packets that match all of the one or more DBC filters to at least one output port based upon the pass matched DBC filter; and
  
  wherein the at least one output port for the pass unmatched PBC filter is different from the at least one output port for the PBC filters, and the at least one output port for the pass matched DBC filter is different from the at least one output port for the DBC filters.
- View Dependent Claims (8, 9, 10, 11, 12)
- - 8. The method of claim 7, wherein the at least one output port for the pass unmatched PBC filter is different from the at least one output port for the PBC filters.
  - 9. The method of claim 7, wherein criteria for the one or more PBC filters comprises at least one or more of a virtual local area network (VLAN) identifier, a destination port, or a protocol.
  - 10. The method of claim 7, wherein the at least one output port for the pass matched DBC filter is different from the at least one output port for the DBC filters.
  - 11. The method of claim 7, wherein criteria for the one or more DBC filters comprises at least one or more of a virtual local area network (VLAN) identifier, a destination port, or a protocol.
  - 12. The method of claim 7, wherein criteria for the one or more PBC filters comprises at least one or more of a virtual local area network (VLAN) identifier, a destination port, or a protocol, and wherein criteria for the one or more DBC filters comprises at least one or more of a virtual local area network (VLAN) identifier, a destination port, or a protocol.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Keysight Technologies Singapore (Holdings) Pte. Limited. (Keysight Technologies, Inc.)
Original Assignee
Keysight Technologies Singapore (Holdings) Pte. Limited. (Keysight Technologies, Inc.)
Inventors
Abkowitz, Patricia A., Boyd, Ramona, Spooner, Andrew, Pleshek, Ronald A.
Primary Examiner(s)
Zhu, Bo Hui A

Application Number

US15/972,305
Publication Number

US 20180255003A1
Time in Patent Office

526 Days
Field of Search
US Class Current
CPC Class Codes

H04L 49/253 using establishment or rele...

Systems and methods to forward packets not passed by criteria-based filters in packet forwarding systems

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

62 Citations

12 Claims

Specification

Use Cases

Quick Links

Others

Systems and methods to forward packets not passed by criteria-based filters in packet forwarding systems

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

62 Citations

12 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others