Rule swapping in a packet network
DCFirst Claim
Patent Images
1. A method comprising:
- preprocessing, by a network protection device, a first rule set by performing operations on the first rule set, prior to the first rule set being implemented on the network protection device, to optimize performance of the network protection device;
configuring the network protection device to process packets in accordance with the preprocessed first rule set after preprocessing the first rule set;
receiving, a plurality of packets after configuring the network protection device to process packets in accordance with the preprocessed first rule set;
processing, by the network protection device, a first portion of the plurality of packets in accordance with the preprocessed first rule set;
preprocessing, by the network protection device, a second rule set by performing operations on the second rule set, prior to the second rule set being implemented on the network protection device, to optimize performance of the network protection device;
signaling the network protection device to process packets in accordance with the second rule set; and
responsive to the signaling;
ceasing processing of one or more packets by the network protection device;
caching the one or more packets;
reconfiguring the network protection device to process packets in accordance with the preprocessed second rule set;
signaling completion of reconfiguration to process packets in accordance with the preprocessed second rule set; and
responsive to signaling the completion of the reconfiguration, processing the one or more cached packets by the network protection device in accordance with the preprocessed second rule set,wherein the operations performed on the first rule set and the second rule set include at least one of;
merging two or more rules within the first rule set or the second rule set into one rule;
separating one or more rules within the first rule set or the second rule set into two or more rules;
orreordering one or more rules within the first rule set or the second rule set.
2 Assignments
Litigations
1 Petition
Accused Products
Abstract
In some variations, first and second rule sets may be received by a network protection device. The first and second rule sets may be preprocessed. The network protection device may be configured to process packets in accordance with the first rule set. Packets may be received by the network protection device. A first portion of the packets may be processed in accordance with the first rule set. The network protection device may be reconfigured to process packets in accordance with the second rule set. A second portion of the packets may be processed in accordance with the second rule set.
-
Citations
30 Claims
-
1. A method comprising:
-
preprocessing, by a network protection device, a first rule set by performing operations on the first rule set, prior to the first rule set being implemented on the network protection device, to optimize performance of the network protection device; configuring the network protection device to process packets in accordance with the preprocessed first rule set after preprocessing the first rule set; receiving, a plurality of packets after configuring the network protection device to process packets in accordance with the preprocessed first rule set; processing, by the network protection device, a first portion of the plurality of packets in accordance with the preprocessed first rule set; preprocessing, by the network protection device, a second rule set by performing operations on the second rule set, prior to the second rule set being implemented on the network protection device, to optimize performance of the network protection device; signaling the network protection device to process packets in accordance with the second rule set; and responsive to the signaling; ceasing processing of one or more packets by the network protection device; caching the one or more packets; reconfiguring the network protection device to process packets in accordance with the preprocessed second rule set; signaling completion of reconfiguration to process packets in accordance with the preprocessed second rule set; and responsive to signaling the completion of the reconfiguration, processing the one or more cached packets by the network protection device in accordance with the preprocessed second rule set, wherein the operations performed on the first rule set and the second rule set include at least one of; merging two or more rules within the first rule set or the second rule set into one rule; separating one or more rules within the first rule set or the second rule set into two or more rules;
orreordering one or more rules within the first rule set or the second rule set. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
-
14. A network protection device comprising:
-
at least one processor; and memory comprising instructions that, when executed by the at least one processor, cause the network protection device to; preprocess a first rule set by performing operations on the first rule set, prior to the first rule set being implemented on the network protection device, to optimize performance of the network protection device; configure the at least one processor to process packets in accordance with the preprocessed first rule set after preprocessing the first rule set; receive a plurality of packets after configuring of the at least one processor to process packets in accordance with the preprocessed first rule set; process a first portion of the plurality of packets in accordance with the preprocessed first rule set; preprocess a second rule set by performing operations on the second rule set, prior to the second rule set being implemented on the network protection device, to optimize performance of the network protection device; signal the at least one processor to process packets in accordance with the second rule set; and responsive to the signaling; cease processing of one or more packets; cache the one or more packets; reconfigure the at least one processor to process packets in accordance with the preprocessed second rule set; and process the one or more cached packets in accordance with the preprocessed second rule set wherein the operations performed on the first rule set and the second rule set include at least one of; merging two or more rules within the first rule set or the second rule set into one rule; separating one or more rules within the first rule set or the second rule set into two or more rules;
orreordering one or more rules within the first rule set or the second rule set. - View Dependent Claims (15, 16, 17)
-
-
18. One or more non-transitory computer-readable media comprising instructions that, when executed by one or more processors of a computing system, cause the computing system to:
-
preprocess a first rule set by performing operations on the first rule set, prior to the first rule set being implemented on a network protection device, to optimize performance of the network protection device; configure the one or more processors to process packets in accordance with the preprocessed first rule set; receive a plurality of packets after configuring of the at least one processor to process packets in accordance with the preprocessed first rule set; process a first portion of the plurality of packets in accordance with the preprocessed first rule set; preprocess a second rule set by performing operations on the second rule set, prior to the second rule set being implemented on the network protection device, to optimize performance of the network protection device; signal the one or more processors to process packets in accordance with the second rule set; cease processing of one or more packets; cache the one or more packets; reconfigure the one or more processors to process packets in accordance with the preprocessed second rule set; and process the one or more cached packets in accordance with the preprocessed second rule set, wherein the operations performed on the first rule set and the second rule set include at least one of; merging two or more rules within the first rule set or the second rule set into one rule; separating one or more rules within the first rule set or the second rule set into two or more rules;
orreordering one or more rules within the first rule set or the second rule set; configure the one or more processors to process packets in accordance with the first rule set. - View Dependent Claims (19, 20, 21)
-
-
22. A method comprising:
-
preprocessing, by a network protection device, both a first rule set and a second rule set by performing operations on the first rule set and the second rule set, prior to the first rule set and the second rule set being implemented on the network protection device, to optimize performance of the network protection device, wherein the operations performed on the first rule set and the second rule set include at least one of; merging two or more rules within the first rule set or the second rule set into one rule; separating one or more rules within the first rule set or the second rule set into two or more rules;
orreordering one or more rules within the first rule set or the second rule set; configuring the network protection device to process packets in accordance with the preprocessed first rule set after preprocessing the first rule set and the second rule set; receiving, a plurality of packets after configuring the network protection device to process packets in accordance with the preprocessed first rule set; processing, by the network protection device, a first portion of the plurality of packets in accordance with the preprocessed first rule set; signaling the network protection device to process packets in accordance with the second rule set; and responsive to the signaling; ceasing processing of one or more packets by the network protection device; caching the one or more packets; reconfiguring the network protection device to process packets in accordance with the preprocessed second rule set; signaling completion of reconfiguration to process packets in accordance with the preprocessed second rule set; and responsive to signaling the completion of the reconfiguration, processing the one or more cached packets by the network protection device in accordance with the preprocessed second rule set. - View Dependent Claims (23, 24, 25, 26, 27, 28, 29, 30)
-
Specification