PACKET ACCESS CONTROL METHOD, FORWARDING ENGINE, AND COMMUNICATION APPARATUS

US 20090257434A1
Filed: 06/29/2009
Published: 10/15/2009
Est. Priority Date: 12/29/2006
Status: Abandoned Application

First Claim

Patent Images

1. A packet access control method, comprising:

querying an Access Control List (ACL) according to information on a received packet if the received packet does not need to be forwarded, and processing the packet according to an ACL rule if the packet hits the ACL rule, or sending the packet to a control plane through bandwidth available from a first bandwidth parameter if no ACL rule is hit, whereinthe information on the packet comprises at least one of the following;

source IP address, destination IP address, source port, destination port and protocol number.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A packet access control method includes: setting a first bandwidth parameter, and judging whether a received packet needs to be forwarded according to information on the received packet; querying the ACL according to the information on the packet if the packet does not need to be forwarded; performing a corresponding action if the packet hits an ACL rule, or sending the packet to the control plane by applying the first bandwidth parameter if the packet hits no ACL rule. Moreover, a packet forwarding engine and communication apparatus is provided. Through the method, packet forwarding engine and communication apparatus under the present invention, both precise control and service operation stability are implemented, thus improving stability of the apparatus and availability of the whole network.

78 Citations

View as Search Results

19 Claims

1. A packet access control method, comprising:
- querying an Access Control List (ACL) according to information on a received packet if the received packet does not need to be forwarded, and processing the packet according to an ACL rule if the packet hits the ACL rule, or sending the packet to a control plane through bandwidth available from a first bandwidth parameter if no ACL rule is hit, whereinthe information on the packet comprises at least one of the following;
  
  source IP address, destination IP address, source port, destination port and protocol number.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1, further comprising setting a second bandwidth parameter, wherein the bandwidth available from the second bandwidth parameter is higher than the bandwidth available from the first bandwidth parameter;
    - andwherein the processing the packet according to the ACL rule comprises;
      
      discarding the packet or sending the packet to the control plane through the bandwidth available from the second bandwidth parameter.
  - 3. The method of claim 1, further comprising:
    - judging whether the packet needs to be forwarded according to packet information;
      
      judging whether the ACL exists if determining that the packet does not need to be forwarded;
      
      and querying the ACL according to the packet information if the ACL exists.
  - 4. The method of claim 1, further comprising:
    - presetting a priority parameter for the packet, and sending the packet to the control plane according to a priority level corresponding to the priority parameter.
  - 5. The method of claim 1, further comprising:
    - configuring ACL rules for the packet according to the packet information related to a service or session if the packet is related to the service configured by network apparatus where a forwarding engine is installed; and
      
      sending the ACL rules to the forwarding engine, and updating the ACL.
  - 6. The method of claim 1, further comprising:
    - configuring the ACL rules of the packet according to the packet information related to the session after a session connection is set up dynamically between the network apparatus where the forwarding engine is installed and other network apparatus; and
      
      sending the ACL rules to the forwarding engine, and updating the ACL.

7. A packet access control method, comprising:
- querying an Access Control List (ACL) according to information on a received packet if the received packet does not need to be forwarded;
  
  sending the packet to a control plane through bandwidth available from a first bandwidth parameter if the packet hits no ACL rule; and
  
  sending the packet to the control plane through the bandwidth available from a second bandwidth parameter if the packet hits an ACL rule,wherein the bandwidth available from the second bandwidth parameter is higher than the bandwidth available from the first bandwidth parameter.
- View Dependent Claims (8)
- - 8. The method of claim 7, further comprising:
    - presetting a priority parameter for the packet, and sending the packet to the control plane according to a priority level corresponding to the priority parameter.

9. A packet forwarding engine, comprising:
- a setting module, adapted to set bandwidth parameters;
  
  a storing module, adapted to store and update an Access Control List (ACL);
  
  a receiving module, adapted to receive a packet;
  
  a forwarding judging module, adapted to judge whether the packet needs to be forwarded according to information on the packet received by the receiving module;
  
  an access control module, adapted to query ACL rules in the ACL, and query the ACL rules stored in the storing module according to the information on the packet after the forwarding judging module determines that the packet does not need to be forwarded; and
  
  a processing module, adapted to process the packet received by the receiving module according to a hit ACL rule if the ACL rule is hit, or send the packet received by the receiving module to a control plane by applying a first bandwidth parameter set by the setting module if no ACL rule is hit.
- View Dependent Claims (10, 11, 12, 13)
- - 10. The packet forwarding engine of claim 9, wherein the access control module comprises:
    - a querying module, adapted to query whether any ACL is stored in the storing module if the forwarding judging module determines that the packet does not need to be forwarded; and
      
      a judging module, adapted to query ACL rules stored in the storing module according to the information on the packet received by the receiving module after the querying module finds the ACL,wherein if the querying module determines that no ACL exists, the processing module sends the packet received by the receiving module to the control plane by applying the first bandwidth parameter set by the setting module.
  - 11. The packet forwarding engine of claim 9, wherein the processing module comprises:
    - a forwarding module, adapted to forward the packet received by the receiving module after the forwarding judging module determines that the packet needs to be forwarded.
  - 12. The packet forwarding engine of claim 9, wherein the processing module further comprises:
    - a discarding module, adapted to discard the packet received by the receiving module according to the hit ACL rule; and
      
      a sending module, adapted to send the packet received by the receiving module to the control plane according to the hit ACL rule.
  - 13. The packet forwarding engine of claim 12, whereinthe setting module is adapted to set a second bandwidth parameter;
    - andthe sending module sends the packet to the control plane by applying the second bandwidth parameter if the packet needs to be sent to the control plane according to the hit ACL rule.

14. A communication apparatus, comprising:
- a control unit, adapted to configure an Access Control List (ACL) and process a packet; and
  
  a data unit, adapted to;
  
  set a bandwidth parameter and judge whether a received packet needs to be forwarded according to information on the received packet;
  
  query the ACL configured by the control unit according to the information on the packet if the packet does not need to be forwarded; and
  
  perform a corresponding operation if an ACL rule is hit, or send the packet to the control unit by applying the set bandwidth parameter if no ACL rule is hit.
- View Dependent Claims (15, 16, 17, 18, 19)
- - 15. The communication apparatus of claim 14, wherein the data unit comprises a packet forwarding engine, and the packet forwarding engine comprises:
    - a setting module, adapted to set a bandwidth parameter;
      
      a storing module, adapted to store and update the ACL delivered by the control unit;
      
      a receiving module, adapted to receive a packet;
      
      a forwarding judging module, adapted to judge whether the packet needs to be forwarded according to information on the packet received by the receiving module;
      
      an access control module, adapted to query ACL rules in the ACL and query the ACL stored in the storing module according to the information on the packet received by the receiving module after the forwarding judging module determines that the packet does not need to be forwarded, wherein the information on the packet comprises at least one of the following;
      
      source IP address, destination IP address, source port, destination port and protocol number; and
      
      a processing module, adapted to perform a corresponding action if the access control module determines that an ACL rule is hit, or send the packet received by the receiving module to a control plane by applying a first bandwidth parameter set by the setting module if no ACL rule is hit.
  - 16. The communication apparatus of claim 15, wherein the access control module comprises:
    - a querying module, adapted to query whether any ACL is stored in the storing module if the forwarding judging module determines that the packet does not need to be forwarded; and
      
      a judging module, adapted to query ACL rules stored in the storing module according to the information on the packet received by the receiving module after the querying module finds the ACL,wherein if the querying module determines that no ACL exists, the processing module sends the packet received by the receiving module to the control plane through the first bandwidth parameter set by the setting module.
  - 17. The communication apparatus of claim 15, wherein the packet forwarding engine further comprises:
    - a forwarding module, adapted to forward the packet received by the receiving module after the forwarding judging module determines that the packet needs to be forwarded.
  - 18. The communication apparatus of claim 15, wherein the processing module further comprises:
    - a discarding module, adapted to discard the packet received by the receiving module according to a hit ACL rule; and
      
      a sending module, adapted to send the packet received by the receiving module to the control plane according to a hit ACL rule.
  - 19. The communication apparatus of claim 17, whereinthe setting module is adapted to set a second bandwidth parameter;
    - andthe sending module sends the packet to the control plane by applying the second bandwidth parameter if the packet needs to be sent to the control plane according to the hit ACL rule.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Huawei Technologies Co., Ltd. (Huawei Investment & Holding Co., Ltd.)
Original Assignee
Huawei Technologies Co., Ltd. (Huawei Investment & Holding Co., Ltd.)
Inventors
Song, Duanzhi, Yang, Pingan, Xiong, Yi

Application Number

US12/493,879
Publication Number

US 20090257434A1
Time in Patent Office

Days
Field of Search
US Class Current

370/392
CPC Class Codes

H04L 47/10   Flow control; Congestion co...

H04L 47/32   by discarding or delaying d...

H04L 63/0227   Filtering policies mail mes...

H04L 63/101   Access control lists [ACL]

PACKET ACCESS CONTROL METHOD, FORWARDING ENGINE, AND COMMUNICATION APPARATUS

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

78 Citations

19 Claims

Specification

Use Cases

Quick Links

Others

PACKET ACCESS CONTROL METHOD, FORWARDING ENGINE, AND COMMUNICATION APPARATUS

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

78 Citations

19 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others