Methods and Systems for Fragmentation and Reassembly for IP Tunnels in Hardware Pipelines

US 20060262808A1
Filed: 04/20/2006
Published: 11/23/2006
Est. Priority Date: 04/21/2005
Status: Abandoned Application

First Claim

Patent Images

1. A method for inline fragment reassembly of tunneled data, comprising the steps of:

receiving an initial segment of a plurality of tunneled segments of a first fragmented packet;

processing the initial segment;

storing the initial segment in a memory;

receiving a last segment of the plurality of tunneled segments of the first fragmented packet;

processing the last segment;

storing the last segment in the memory;

moving the plurality of tunneled segments to an output queue; and

stitching together the plurality of tunneled segments to form a reassembled packet.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A novel flow-through architecture for fragmentation and reassembly of tunnel packets in network devices is presented. The fragmentation and reassembly of tunneled packets are handled in the hardware pipeline to achieve line-rate processing of the traffic flow without the need for additional store and forward operations typically provided by a host processor or a co-processor. In addition, the hardware pipeline may perform fragmentation and reassembly of packets using encrypted tunnels by performing segment-by-segment crypto. A network device implementing fragment reassembly can include an ingress hardware pipeline that reassembles fragmented packets between a media access control (MAC) of the device and an output packet memory of the device, where the incoming fragmented packets can be encrypted and/or tunneled. A network device implementing packet fragmentation can include an egress hardware pipeline that fragments packets between an input packet memory of the device and the MAC, where the outgoing fragments can be encrypted and/or tunneled.

50 Citations

View as Search Results

23 Claims

1. A method for inline fragment reassembly of tunneled data, comprising the steps of:
- receiving an initial segment of a plurality of tunneled segments of a first fragmented packet;
  
  processing the initial segment;
  
  storing the initial segment in a memory;
  
  receiving a last segment of the plurality of tunneled segments of the first fragmented packet;
  
  processing the last segment;
  
  storing the last segment in the memory;
  
  moving the plurality of tunneled segments to an output queue; and
  
  stitching together the plurality of tunneled segments to form a reassembled packet.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, wherein the step of processing the initial segment includes the steps of:
    - initializing a reassembly flow, including;
      
      linking one or more portions of a header of the initial segment to a tunnel table; and
      
      initializing an IP reassembly queue, wherein the tunnel table and the IP reassembly queue are part of an ingress hardware pipeline;
      
      detecting a payload type;
      
      performing, based on the payload type, one or more segment processing functions.
  - 3. The method of claim 2, wherein based on the detected payload type being an encrypted payload type, the one or more segment processing functions include:
    - parsing encryption information; and
      
      decrypting the initial segment.
  - 4. The method of claim 2, further including the steps of:
    - storing a fragment context into the tunnel table, wherein the fragment context includes one or more of items selected from a group of items, the group of items including a packet ID, a source address, a destination address, an offset value, a packet format and an encryption context; and
      
      queuing an initial pointer associated with the initial segment into the IP reassembly queue.
  - 5. The method of claim 4, wherein the step of processing the last segment includes the steps of:
    - updating at least some of the fragment context;
      
      detecting whether the last segment is encrypted; and
      
      performing segment verification processing.
  - 6. The method of claim 5, wherein for an encrypted last segment, further including the steps of, prior to the step of performing segment verification processing:
    - loading the encryption context of the fragment context from the tunnel table; and
      
      decrypting the next segment.
  - 7. The method of claim 4, further comprising the steps of, prior to the step of receiving the last segment:
    - receiving an intermediate segment of the plurality of tunneled segments of the first fragmented packet;
      
      processing the intermediate segment; and
      
      storing the intermediate segment in the memory.
  - 8. The method of claim 7, wherein the step of processing the intermediate segment includes the steps of:
    - updating at least some of the fragment context;
      
      detecting whether the intermediate segment is encrypted; and
      
      performing segment verification processing.
  - 9. The method of claim 8, wherein for an encrypted intermediate segment, further including the steps of, prior to the step of performing segment verification processing:
    - loading the encryption context of the fragment context from the tunnel table;
      
      decrypting the intermediate segment;
      
      storing the decryption context of the fragment context into the tunnel table; and
      
      queuing an intermediate pointer associated with the intermediate segment into the IP reassembly queue.

10. A device for inline fragment reassembly of tunneled data, comprising:
- means for receiving an initial segment of a plurality of tunneled segments of a first fragmented packet;
  
  means for processing the initial segment;
  
  means for storing the initial segment in a memory;
  
  means for receiving a last segment of the plurality of tunneled segments of the first fragmented packet;
  
  means for processing the last segment;
  
  means for storing the last segment in the memory;
  
  means for moving the plurality of tunneled segments to an output queue; and
  
  means for stitching together the plurality of tunneled segments to form a reassembled packet.

11. A method for inline fragmentation of tunneled data, comprising the steps of:
- receiving a packet from a packet memory;
  
  determining tunnel encapsulation is required for the packet;
  
  determining fragmentation is required for the packet;
  
  creating a header for an initial segment of a plurality of segments for the packet;
  
  transmitting the header and the initial segment, wherein the initial segment is an initial piece of the packet that is of a certain size;
  
  creating the header for a next segment of the plurality of segments for the packets; and
  
  transmitting the header and the next segment, wherein the next segment is a next piece of the packet that is of the certain size.
- View Dependent Claims (12)
- - 12. The method of claim 11, further including the steps of:
    - determining encryption is required for the packet; and
      
      as part of the steps of transmitting each of the initial and next segments, encrypting the initial and next segments.

13. A device for inline fragmentation of tunneled data, comprising:
- means for receiving a packet from a packet memory;
  
  means for determining tunnel encapsulation is required for the packet;
  
  means for determining fragmentation is required for the packet;
  
  means for creating a header for an initial segment of a plurality of segments for the packet;
  
  means for transmitting the header and the initial segment, wherein the initial segment is an initial piece of the packet that is of a certain size;
  
  means for creating the header for a next segment of the plurality of segments for the packets; and
  
  means for transmitting the header and the next segment, wherein the next segment is a next piece of the packet that is of the certain size.
- View Dependent Claims (14)
- - 14. The device of claim 13, further including:
    - means for determining encryption is required for the packet; and
      
      as part of the means for transmitting each of the initial and next segments, means for encrypting the initial and next segments.

15. A device, comprising:
- an ingress hardware pipeline that reassembles a plurality of incoming segments into a packet between a media access control (MAC) of the device and an output packet memory of the device.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The device of claim 15, wherein the plurality of incoming segments is a plurality of incoming tunneled segments.
  - 17. The device of claim 16, wherein the plurality of incoming tunneled segments are encrypted.
  - 18. The device of claim 15, further comprising:
    - an egress hardware pipeline that fragments a packet into a plurality of outgoing segments between an input packet memory of the device and the MAC.
  - 19. The device of claim 18, wherein the plurality of outgoing segments is a plurality of outgoing tunneled segments.
  - 20. The device of claim 19, wherein the plurality of outgoing tunneled segments are encrypted.

21. A device, comprising:
- an egress hardware pipeline that fragments a packets into a plurality of segments between an input packet memory of the device and the media access control (MAC) of the device.
- View Dependent Claims (22, 23)
- - 22. The device of claim 21, wherein the plurality of segments is a plurality of tunneled segments.
  - 23. The device of claim 22, wherein the plurality of tunneled segments are encrypted.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
SiNett Corp.
Original Assignee
SiNett Corp.
Inventors
Manral, Vishwas, Lin, Victor

Application Number

US11/379,559
Publication Number

US 20060262808A1
Time in Patent Office

Days
Field of Search
US Class Current

370/466
CPC Class Codes

H04L 12/4633   Interconnection of networks...

H04L 2212/00   Encapsulation of packets

H04L 49/90   Buffering arrangements

H04L 49/9094   Arrangements for simultaneo...

H04L 63/0428   wherein the data content is...

H04L 69/16   Implementation or adaptatio...

H04L 69/166   IP fragmentation; TCP segme...

H04L 69/168   specially adapted for link ...

Methods and Systems for Fragmentation and Reassembly for IP Tunnels in Hardware Pipelines

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

50 Citations

23 Claims

Specification

Solutions

Use Cases

Quick Links

Methods and Systems for Fragmentation and Reassembly for IP Tunnels in Hardware Pipelines

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

50 Citations

23 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links