L2/L3 MULTI-MODE SWITCH INCLUDING POLICY PROCESSING

US 20080253366A1
Filed: 04/11/2007
Published: 10/16/2008
Est. Priority Date: 04/11/2007
Status: Active Grant

First Claim

Patent Images

1. A method for forwarding data packets in a computer network comprising the steps of:

receiving a data packet;

examining the data packet to classify the data packet including classifying the data packet as a L2 or L3 packet and including determining at least one zone associated with the packet;

processing the packet in accordance with one or more policies associated with the zone;

determining forwarding information associated with the data packet; and

if one or more policies permit, forwarding the data packet toward an intended destination using the forwarding information.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods and apparatus for processing data packets in a computer network are described. One general method includes receiving a data packet; examining the data packet to classify the data packet including classifying the data packet as a L2 or L3 packet and including determining at least one zone associated with the packet; processing the packet in accordance with one or more policies associated with the zone; determining forwarding information associated with the data packet; and if one or more policies permit, forwarding the data packet toward an intended destination using the forwarding information.

224 Citations

18 Claims

1. A method for forwarding data packets in a computer network comprising the steps of:
- receiving a data packet;
  
  examining the data packet to classify the data packet including classifying the data packet as a L2 or L3 packet and including determining at least one zone associated with the packet;
  
  processing the packet in accordance with one or more policies associated with the zone;
  
  determining forwarding information associated with the data packet; and
  
  if one or more policies permit, forwarding the data packet toward an intended destination using the forwarding information.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1 where determining a zone includes determining a destination zone associated with the data packet.
  - 3. The method of claim 1 where determining a zone includes determining a source zone associated with the data packet.
  - 4. The method of claim 1 where processing the packet includes classifying the packet in accordance header data.
  - 5. The method of claim 1 where processing the packet includes classifying the packet in accordance with signature data.
  - 6. The method of claim 1 where processing the data packet includes classifying the packet based on the content.
  - 7. The method of claim 1 where processing the packet includes content based protocol decoding.
  - 8. The method of claim 1 where processing the packet includes content based object extraction.
  - 9. The method of claim 1 where processing the packet includes content based pattern matching.
  - 10. The method of claim 1 where processing the packet is selected from the group consisting of logging, storing, allowing the packet to pass, setting an alarm, blocking, or dropping the packet.

11. A device comprising:
- A multi-mode switch for classifying received data packets as L2 or L3 packets and determining a zone associated with received packets;
  
  An L2 routing table for use in determining a L2 forwarding definition;
  
  An L3 routing table for use in determining a L3 routing definition;
  
  A policy engine for determining one or more policies associated with received packets based on a zone;
  
  A policy set; and
  
  A processing engine for processing the received packets in accordance with any associated policies and forwarding received packets in accordance with L2/L3 forwarding/routing definitions.
- View Dependent Claims (12, 13, 14, 15)
- - 12. The device of claim 11 further comprisinga session engine for determining a session associated with a packet flow.
  - 13. The device of claim 11 where the multi-mode switch is operable to determine a destination zone associated with a received packet.
  - 14. The device of claim 11 where the multi-mode switch is operable to determine a source zone associated with a received packet.
  - 15. The device of claim 11 further comprising a plurality of ingress ports, egress ports and a switch fabric.

16. A method comprising:
- receiving a data packet;
  
  examining the data packet to determine if the packet is a layer 2 or layer 3 packet for forwarding purposes;
  
  determining a zone associated with the packet and a security policy;
  
  starting a session based on the policy determination; and
  
  forwarding the packet in accordance with the look-up information.
- View Dependent Claims (17, 18)
- - 17. The method of claim 16 wherein determining a zone further comprises determining a zone based on one of the target or source destination associated with the packet.
  - 18. The method of claim 16 further comprising processing subsequent packets in accordance with the security policy, session information and L2/L3 forwarding/routing definitions.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Palo Alto Networks Incorporated
Original Assignee
Palo Alto Networks Incorporated
Inventors
Zuk, Nir, Mao, Yuming, Xu, Haoying, Green, Arnit

Granted Patent

US 8,594,085 B2
Time in Patent Office

Days
Field of Search
US Class Current

370/389
CPC Class Codes

H04L 45/04   Interdomain routing, e.g. h...

H04L 45/308   Route determination based o...

H04L 45/54   Organization of routing tables

H04L 45/56   Routing software

H04L 45/60   Router architectures

H04L 45/66   Layer 2 routing, e.g. in Et...

H04L 45/745   Address table lookup; Addre...

H04L 69/22   Parsing or analysis of headers

L2/L3 MULTI-MODE SWITCH INCLUDING POLICY PROCESSING

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

224 Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

L2/L3 MULTI-MODE SWITCH INCLUDING POLICY PROCESSING

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

224 Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links