Method and apparatus for filtering packets based on flows using address tables

US 20020051448A1
Filed: 08/20/2001
Published: 05/02/2002
Est. Priority Date: 08/18/2000
Status: Active Grant

First Claim

Patent Images

1. A network switch for network communications, said network switch comprising:

a first data port interface, said first data port interface supporting a plurality of data ports transmitting and receiving data at a first data rate;

a second data port interface, said second data port interface supporting a plurality of data ports transmitting and receiving data at a second data rate;

a CPU interface, said CPU interface configured to communicate with a CPU;

an internal memory, said internal memory communicating with said first data port interface and said second data port interface;

a memory management unit, said memory management unit including an external memory interface for communicating data from at least one of said first data port interface and said second data port interface and an external memory;

a communication channel, communicating data and messaging information between said first data port interface, said second data port interface, the CPU interface, said internal memory, and said memory management unit;

wherein one data port interface of said first data port interface and said second data port interface comprises a fast filtering processor, said fast filtering processor filtering the data coming into the one data port interface, and taking selective filter action based upon a filtering result, and wherein said one data port interface further comprises a flow monitor for monitoring flows of data through the network switch, where a flow of said flows of data is defined by a combination of a source address and a destination address for a portion of the data passing through the network switch.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A data switch for network communications includes a first data port interface which supports at least one data port which transmits and receives data. A second data port interface is also provided supporting at least one data port transmitting and receiving data. A CPU interface is provided, with the CPU interface configured to communicate with a CPU. A common memory is provided, and communicates with the first data port interface and the second data port interface. A memory management unit is provided, and communicates data from the first data port interface and the second data port interface and an common memory. A communication channel is provided, with the communication channel communicating data and messaging information between the first data port interface, the second data port interface, and the memory management unit. One data port interface of the first and second data port interfaces has a fast filtering processor for filtering the data coming into the one data port interface, and taking selective filter action based upon a filtering result. Also the one data port interface includes a flow monitor for monitoring flows of data through the network switch, where a flow of data is defined by a combination of a source address and a destination address for a portion of the data passing through the network switch.

31 Citations

View as Search Results

15 Claims

1. A network switch for network communications, said network switch comprising:
- a first data port interface, said first data port interface supporting a plurality of data ports transmitting and receiving data at a first data rate;
  
  a second data port interface, said second data port interface supporting a plurality of data ports transmitting and receiving data at a second data rate;
  
  a CPU interface, said CPU interface configured to communicate with a CPU;
  
  an internal memory, said internal memory communicating with said first data port interface and said second data port interface;
  
  a memory management unit, said memory management unit including an external memory interface for communicating data from at least one of said first data port interface and said second data port interface and an external memory;
  
  a communication channel, communicating data and messaging information between said first data port interface, said second data port interface, the CPU interface, said internal memory, and said memory management unit;
  
  wherein one data port interface of said first data port interface and said second data port interface comprises a fast filtering processor, said fast filtering processor filtering the data coming into the one data port interface, and taking selective filter action based upon a filtering result, and wherein said one data port interface further comprises a flow monitor for monitoring flows of data through the network switch, where a flow of said flows of data is defined by a combination of a source address and a destination address for a portion of the data passing through the network switch.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. A network switch as recited in claim 1, wherein said fast filtering processor is programmable by inputs from the CPU through the CPU interface.
  - 3. A network switch as recited in claim 1, wherein said one data port interface includes a rules table interface and an indexed rules table thereupon, and wherein said fast filtering processor applies a filter mask to a packet incoming thereto, providing a filter result, wherein said filter result is applied to predetermined rules in said indexed rules table, and wherein action is taken on the packet and said flows of data are updated based upon the filtering result.
  - 4. A network switch as recited in claim 3, wherein said first data port interface, second data port interface, CPU interface, internal memory, memory management unit, communications channel, fast filtering processor, and said rules table are implemented on a common semiconductor substrate.
  - 5. A network switch as recited in claim 4, wherein said fast filtering processor includes a set of exclusive filter masks and inclusive filter masks therein, wherein said exclusive filter masks are configured to exclude all packets except packets with which there is a match with the filter result.
  - 6. A network switch as recited in claim 4, wherein said fast filtering processor includes filter masks which filter ingress port fields, egress port fields, and filter select fields of an incoming packet.
  - 7. A network switch as recited in claim 6, wherein the indexed rules table includes filter value fields for filter result look-up, ingress port fields, egress port fields, filter select fields, action bit fields, priority bit fields, type-of-services fields, and output port fields.
  - 8. A network switch as recited in claim 7, wherein the indexed rules table is indexed by values obtained from lookups of the source and destination addresses for the incoming packet.
  - 9. A network switch as recited in claim 1, wherein the fast filtering processor filters the packets independent of the CPU interface, and therefore without communicating with the CPU.

10. A method of handling data packets in a network switch, said method comprising:
- placing incoming packets into an input queue;
  
  applying the input data packets to an address resolution logic engine;
  
  performing a lookup to determine whether certain packet fields are stored in a lookup table and determining index values for the input data packets;
  
  filtering the incoming packet through a fast filtering processor in order to determine what specific actions should be taken to modify the packet for further handling; and
  
  discarding, forwarding, or modifying the packet based upon the filtering;
  
  wherein said index values are used by the fast filtering processor to rapidly find an indexed specific action of said specific actions.
- View Dependent Claims (11, 12, 14, 15)
- - 11. A method as recited in claim 10, wherein said step of determining index values for the input data packets is based upon lookups of a source address and a destination address for the input data packet.
  - 12. A method as recited in claim 11, wherein said source and destination addresses for the input data packet are related to a flow and said filtering step further comprises monitoring flows of data through the network switch.
  - 14. A network switch as recited in claim 13, wherein said means for determining index values for the input data packets comprises means for performing lookups of a source address and a destination address for the input data packet.
  - 15. A network switch as recited in claim 13, wherein said source and destination addresses for the input data packet are related to a flow and said means for filtering further comprises means for monitoring flows of data through the network switch.

13. A network switch for handling data packets comprising:
- means for placing incoming packets into an input queue;
  
  means for applying the input data packets to an address resolution logic engine;
  
  means performing a lookup to determine whether certain packet fields are stored in a lookup table and means for determining index values for the input data packets;
  
  means for filtering the incoming packet through a fast filtering processor in order to determine what specific actions should be taken to modify the packet for further handling; and
  
  means for discarding, forwarding, or modifying the packet based upon the filtering;
  
  wherein said index values are used by the fast filtering processor to rapidly find an indexed specific action of said specific actions.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Avago Technologies General IP PTE Limited (Broadcom, Inc.)
Original Assignee
Broadcom Corporation (Broadcom, Inc.)
Inventors
Kalkunte, Mohan, Ambe, Shekhar, Kadambi, Shiri

Granted Patent

US 7,099,336 B2
Time in Patent Office

Days
Field of Search
US Class Current

370/389
CPC Class Codes

H04L 49/30   Peripheral units, e.g. inpu...

H04L 49/3018   Input queuing

H04L 49/351   for local area network [LAN...

H04L 49/352   Gigabit ethernet switching ...

H04L 49/354   for supporting virtual loca...

Method and apparatus for filtering packets based on flows using address tables

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

31 Citations

15 Claims

Specification

Use Cases

Quick Links

Others

Method and apparatus for filtering packets based on flows using address tables

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

31 Citations

15 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others