Method for synchronization of policy cache with various policy-based applications
First Claim
Patent Images
1. A hardware-based policy engine to manage traffic over a computer network, comprising:
- an input data path to receive packets of network traffic constituting at least one stream;
means for providing at least a portion of each stream to a host processor executing a policy-based software application and for receiving from the host processor at least one action specification associated with said each stream;
means for maintaining a policy binding database based on the at least one action specification received from the policy application processor;
at least one action processor configured to act on the packets of network traffic; and
a stream classifier that determines an association of each packet with at least one action processor based on data in the packet that uniquely identifies the stream to which the packet belongs, the classification determination being made in cooperation with the policy-binding database and without the involvement of the host processor wherein the at least one action processor acts on the packets of network traffic based on the classification association determined by the stream classifier.
9 Assignments
0 Petitions
Accused Products
Abstract
A hardware-based policy engine that employs a policy cache to process packets of network traffic. The policy engine includes a stream classifier that associates each packet with at least one action processor based on data in the packet, and the action processor further acts on the packets based on the association determined by the stream classifier.
32 Citations
15 Claims
-
1. A hardware-based policy engine to manage traffic over a computer network, comprising:
-
an input data path to receive packets of network traffic constituting at least one stream;
means for providing at least a portion of each stream to a host processor executing a policy-based software application and for receiving from the host processor at least one action specification associated with said each stream;
means for maintaining a policy binding database based on the at least one action specification received from the policy application processor;
at least one action processor configured to act on the packets of network traffic; and
a stream classifier that determines an association of each packet with at least one action processor based on data in the packet that uniquely identifies the stream to which the packet belongs, the classification determination being made in cooperation with the policy-binding database and without the involvement of the host processor wherein the at least one action processor acts on the packets of network traffic based on the classification association determined by the stream classifier. - View Dependent Claims (2, 3)
-
-
12. (New) The system of claim 11, wherein the stream classifier computes a hash value from a field in the packet and uses the hash value to select one action specification.
-
13. (New) The system of claim 11, wherein the policy cache has a plurality of stream classifications and each stream classification being associated with multiple action specifications.
-
14. (New) The system of claim 11, wherein the policy engine stores the action specifications into the policy cache.
-
15. (New) The system of claim 11, wherein the policy engine provides a few packets of the flow to a flow classifier.
Specification