ROUTING TRAFFIC THROUGH A VIRTUAL ROUTER-BASED NETWORK SWITCH
First Claim
Patent Images
1. A method comprising:
- establishing a flow data structure identifying a plurality of current packet flows associated with a plurality of virtual routers in a virtual router-based network device;
receiving an incoming packet by the virtual router-based network device;
determining whether the incoming packet is associated with a current packet flow of the plurality of current packet flows by accessing the flow data structure based on a header associated with the incoming packet; and
if it is determined that the incoming packet is associated with the current packet flow, then hardware forwarding the incoming packet via a network interface of the virtual router-based network device without intervention by a processor of the virtual router-based network device, otherwise forwarding the incoming packet to software on the processor for flow learning.
3 Assignments
0 Petitions
Accused Products
Abstract
Methods and systems are provided for routing traffic through a virtual router-based network switch. According to one embodiment, a flow data structure is established that identifies current packet flows associated with multiple virtual routers in the virtual router-based network device. When an incoming packet is received by the virtual router-based network device, it is then determined whether the incoming packet is associated with a current packet flow by accessing the flow data structure based on a header associated with the incoming packet. If it is determined that the incoming packet is associated with the current packet flow, then the incoming packet is hardware forwarded via a network interface of the virtual router-based network device without intervention by a processor of the virtual router-based network device, otherwise the incoming packet is forwarded to software on the processor for flow learning.
-
Citations
4 Claims
-
1. A method comprising:
-
establishing a flow data structure identifying a plurality of current packet flows associated with a plurality of virtual routers in a virtual router-based network device; receiving an incoming packet by the virtual router-based network device; determining whether the incoming packet is associated with a current packet flow of the plurality of current packet flows by accessing the flow data structure based on a header associated with the incoming packet; and if it is determined that the incoming packet is associated with the current packet flow, then hardware forwarding the incoming packet via a network interface of the virtual router-based network device without intervention by a processor of the virtual router-based network device, otherwise forwarding the incoming packet to software on the processor for flow learning.
-
-
2. A method comprising:
-
establishing a hardware accelerated micro-flow by configuring forwarding state information of a flow cache entry associated with the hardware accelerated micro-flow, the hardware accelerated micro-flow having an identifier and an invalidation tag; upon receiving an incoming packet that is part of the hardware accelerated micro-flow, comparing the invalidation tag to a value in an invalid tag table, the value located by the identifier; and invalidating the hardware accelerated micro-flow when the value does not match the invalidation tag.
-
-
3. A method comprising:
-
associating a rate metering structure with each micro-flow of a plurality of micro-flows of a virtual router-based network device; maintaining a corresponding rate statistic for each micro-flow in the rate metering structures; and upon detecting that the corresponding rate statistic is exceeded for a micro-flow of the plurality of micro-flows with which an incoming packet is associated, dropping the incoming packet.
-
-
4. A method comprising:
-
associating a flow metering structure with a virtual router; upon detecting a packet flow is to be assigned to the virtual router, incrementing a flow counter in the flow metering structure; comparing the flow counter to a predetermined limit value; and if the flow counter does not exceed the predetermined limit value then establishing the packet flow, otherwise refusing to establish the packet flow.
-
Specification
-
- Resources
Litigation Campaign Assessment
Thank you for your request. You will receive a custom alert email when the Litigation Campaign Assessment is available.
×
-
Current AssigneeGoogle LLC (Alphabet Inc.)
-
Original AssigneeFortinet Inc.
-
InventorsJain, Samir, Millet, Tim, Lockwood, Gregory, Alam, Naveed, Hussain, Zahid, Cheng, Joseph
-
Granted Patent
-
Time in Patent OfficeDays
-
Field of Search
-
US Class Current370/389
-
CPC Class CodesH04L 45/00 Routing or path finding of ...H04L 45/586 of virtual routersH04L 45/742 Route cache; Operation thereofH04L 49/252 Store and forward routingH04L 49/505 Corrective measuresH04L 49/70 Virtual switches
