Methods of Structuring Data, Pre-Compiled Exception List Engines, and Network Appliances
First Claim
1. A method of sorting a plurality of internet protocol (IP) addresses, each IP address having a numeric value within a range of numeric values, the method comprising:
- dividing the range into a plurality of clusters representing a plurality of contiguous sub-ranges, each sub-range encompassing substantially the same number of numeric values of the range and each sub-range associated with a different cluster;
assigning each IP address to the cluster associated with the sub-range that includes the numeric value of said IP address, each cluster having a cluster size defined by the number of IP addresses assigned to that cluster;
assigning the IP addresses in each cluster to one of a plurality of pages, each page having a page size limit defining the maximum number of IP addresses that can be assigned to that page, and each page having a page size defined by the number of IP addresses assigned to that page;
if one of said pages has a page size less than its page size limit, duplicating on said page at least one of the IP addresses assigned to that page to increase the page size of said page; and
ordering, for each page, the IP addresses assigned to said page by numeric value.
7 Assignments
0 Petitions
Accused Products
Abstract
A computer executed method is disclosed for sorting a plurality of internet protocol (IP) addresses. The method includes dividing the range of IP addresses into a plurality of clusters representing a plurality of contiguous sub-ranges, assigning each IP address to the cluster associated with the sub-range that includes that IP address, and assigning the IP addresses in each cluster to one of a plurality of pages. If one of the pages has a size less than a page size limit, the method includes duplicating on that page at least one of the IP addresses assigned to that page. For each page, the IP addresses assigned to that page are ordered by numeric value. A network appliance incorporating aspects of the method is also disclosed.
-
Citations
43 Claims
-
1. A method of sorting a plurality of internet protocol (IP) addresses, each IP address having a numeric value within a range of numeric values, the method comprising:
-
dividing the range into a plurality of clusters representing a plurality of contiguous sub-ranges, each sub-range encompassing substantially the same number of numeric values of the range and each sub-range associated with a different cluster; assigning each IP address to the cluster associated with the sub-range that includes the numeric value of said IP address, each cluster having a cluster size defined by the number of IP addresses assigned to that cluster; assigning the IP addresses in each cluster to one of a plurality of pages, each page having a page size limit defining the maximum number of IP addresses that can be assigned to that page, and each page having a page size defined by the number of IP addresses assigned to that page; if one of said pages has a page size less than its page size limit, duplicating on said page at least one of the IP addresses assigned to that page to increase the page size of said page; and ordering, for each page, the IP addresses assigned to said page by numeric value. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
-
-
16. A method of sorting a plurality of internet protocol (IP) addresses, each IP address having a numeric value within a range of numeric values, the method comprising:
-
dividing the range into a plurality of clusters representing a plurality of contiguous sub-ranges, each sub-range encompassing substantially the same number of numeric values of the range and each sub-range associated with a different cluster; assigning each IP address to the cluster associated with the sub-range that includes the numeric value of said IP address, each cluster having a cluster size defined by the number of IP addresses assigned to that cluster; ordering the clusters by cluster size; assigning the IP addresses in each cluster to one of a plurality of pages, each page having a same page size limit defining the maximum number of IP addresses that can be assigned to that page, and each page having a page size defined by the number of IP addresses assigned to that page; if one or more of said pages has a page size less than its page size limit, duplicating on said page one or more of the IP addresses assigned to that page to increase the page size of said page to its page size limit; and ordering, for each page, the IP addresses assigned to said page by numeric value. - View Dependent Claims (17, 18, 19, 20, 21, 22, 23, 24, 25)
-
-
26. A network appliance for connection to a first network, the appliance comprising:
-
at least one input coupled to the first network for receiving a packet from the first network, the packet including an internet protocol (IP) address; at least one processor for determining whether to allow the packet from the first network to proceed; at least one memory device storing instructions and data, the data including; a plurality of pages storing a plurality of excepted IP addresses, the excepted IP addresses each having a numeric value within a range, the range divided into a plurality of contiguous sub-ranges, each page including one or more of the excepted IP addresses having numeric values within one or more of the sub-ranges associated with that page, each page having a page size defined by the number of IP addresses assigned to that page, the IP addresses assigned to each page ordered by numeric value; the at least one processor configured via said instructions to; identify the IP address of the packet from the first network; identify a target page that will include the IP address if the IP address is one of the plurality of excepted IP addresses; search the target page to determine if the IP address is one of the excepted IP addresses in the target page; and process the packet from the first network according to whether the IP address is an excepted IP address in the target page. - View Dependent Claims (27, 28, 29, 30, 31, 32, 33, 34, 35, 36)
-
-
37. A network appliance for connection to a first network, the appliance comprising:
-
at least one input coupled to the first network for receiving a packet from the first network, the packet including an internet protocol (IP) address; at least one processor for determining whether to allow the packet from the first network to proceed; at least one memory device; a first engine stored in the memory device, the first engine including a plurality of pages storing a plurality of excepted IP addresses, the excepted IP addresses each having a numeric value within a range of numeric values, the range divided into a plurality of contiguous sub-ranges, each page including one or more of the excepted IP addresses having numeric values within one or more of the sub-ranges associated with that page, each page having a page size defined by the number of excepted IP addresses assigned to that page, the excepted IP addresses assigned to each page ordered by numeric value; and a first finite state machine (FSM), the first FSM including instructions executable by the processor to determine the page associated with the sub-range encompassing the IP address, and output an indication of the page associated with the sub-range encompassing the IP address; instructions executable by the processor to search the page associated with the sub-range encompassing the IP address to determine if the IP address is an excepted IP address, and output an indication of whether the IP address is an excepted IP address; the processor configured via instructions stored in the memory device to process the packet from the first network according to the indication from the first engine. - View Dependent Claims (38, 39, 40, 41, 42, 43)
-
Specification