Tagging packets with a lookup key to facilitate usage of a unified packet forwarding cache
First Claim
1. A method comprising:
- receiving a packet at a network device, the packet including a header and a payload;
tagging the packet, by a first packet-processing application of a plurality of packet-processing applications, with a cache lookup key based upon original contents of the header, the cache lookup key indicating where in a unified cache a cache entry corresponding to the packet will be stored; and
those of the plurality of packet-processing applications attempting to access the cache entry from the unified cache subsequent to the tagging by the first packet-processing application using the cache lookup key rather than generating a new cache lookup key based upon current contents of the header.
1 Assignment
0 Petitions
Accused Products
Abstract
Apparatus and methods are provided for a Network Address Translation (NAT)-aware unified cache. According to one embodiment, multiple packet-processing applications distributed among one or more processors of a network device share one or more unified caches without requiring a cache synchronization protocol. When a packet is received at the network device, a first packet-processing application, such as NAT or another application that modifies part of the packet header upon which a cache lookup key is based, tags the packet with a cache lookup key based upon the original contents of the packet header. Then, other packet-processing applications attempting to access the cache entry from the unified cache subsequent to the tagging by the first packet-processing application use the tag (the cache lookup key generated by the first packet-processing application) rather than determining the cache lookup key based upon the current contents of the packet header.
120 Citations
32 Claims
-
1. A method comprising:
-
receiving a packet at a network device, the packet including a header and a payload;
tagging the packet, by a first packet-processing application of a plurality of packet-processing applications, with a cache lookup key based upon original contents of the header, the cache lookup key indicating where in a unified cache a cache entry corresponding to the packet will be stored; and
those of the plurality of packet-processing applications attempting to access the cache entry from the unified cache subsequent to the tagging by the first packet-processing application using the cache lookup key rather than generating a new cache lookup key based upon current contents of the header. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A method comprising the steps of:
-
a step for determining whether a cache lookup key is present in a packet descriptor associated with a received packet;
a step for performing a lookup in a unified cache with the cache lookup key if it is determined that the cache lookup key is present in the packet descriptor;
a step for creating a new cache entry in the unified cache based upon information in a header of the received packet and tagging the packet if it is determined that the cache lookup key is not present in the packet descriptor or the lookup does not locate an appropriate existing cache entry; and
a step for updating an existing cache entry with module-specific information. - View Dependent Claims (9, 10, 11)
-
-
12. A network device comprising:
-
a plurality of incoming interfaces upon which Internet Protocol (IP) packets are received;
a plurality of unified caches, each unified cache of the plurality of unified caches associated with a corresponding incoming interface of the plurality of incoming interfaces;
a Network Address Translation (NAT) module coupled to each of the plurality of interfaces and to each of the plurality of unified caches to translate one or more addresses in headers of received IP packets in accordance with a plurality of NAT rules stored in a NAT rule table, tag the received IP packets with cache lookup keys for the unified cache associated with the incoming interface upon which they are received, and insert new cache entries into the unified caches as new packet flows are detected;
a filtering module coupled to each of the plurality of unified caches and to the NAT module to receive tagged IP packets from the NAT module, perform packet filtering in accordance with a plurality of filtering rules stored in a filter rule table, and to access and update existing cache entries in the unified caches using the cache lookup keys added by the NAT module; and
a forwarding module coupled to each of the plurality of unified caches and to the filtering module to receive tagged IP packets from the filtering module, perform packet forwarding in accordance with a plurality of forwarding rules stored in a routing table, and to access and update existing cache entries in the unified caches using the cache lookup keys added by the NAT module. - View Dependent Claims (13, 14, 15, 16)
-
-
17. A network device comprising:
-
a plurality of incoming interface means upon which Internet Protocol (IP) packets are received;
a plurality of unified cache means, each associated with a corresponding incoming interface of the plurality of incoming interfaces, for storing recently used packet forwarding information;
a Network Address Translation (NAT) means, coupled to each of the plurality of interface means and to each of the plurality of unified cache means, for translating one or more addresses in headers of received IP packets in accordance with a plurality of NAT rules stored in a NAT rule table, tagging the received IP packets with cache lookup keys for the unified cache means associated with the incoming interface means upon which they are received, and inserting new cache entries into the unified cache means as new packet flows are detected;
a packet filtering means, coupled to each of the plurality of unified cache means and to the NAT means, for receiving tagged IP packets from the NAT means, performing packet filtering in accordance with a plurality of filtering rules stored in a filter rule table, and for accessing and updating existing cache entries in the unified cache means using the cache lookup keys added by the NAT means; and
a packet forwarding means, coupled to each of the plurality of unified cache means and to the packet filtering means, for receiving tagged IP packets from the packet filtering means, performing packet forwarding in accordance with a plurality of forwarding rules stored in a routing table, and for accessing and updating existing cache entries in the unified cache means using the cache lookup keys added by the NAT means. - View Dependent Claims (18, 19, 20, 21)
-
-
22. A machine-readable medium having stored thereon data representing instructions that, if executed by one or more processors of a network device, cause the one or more processors to:
-
receive a packet including a header and a payload;
tag the packet, by a first packet-processing application of a plurality of packet-processing applications, with a cache lookup key based upon original contents of the header, the cache lookup key indicating where in a unified cache a cache entry corresponding to the packet will be stored; and
use the cache lookup key rather than generating a new cache lookup key based upon current contents of the header by those of the plurality of packet-processing applications attempting to access the cache entry from the unified cache subsequent to the tagging by the first packet-processing application. - View Dependent Claims (23, 24, 25, 26, 27, 28, 29, 30, 31, 32)
-
Specification