FILTER SELECTION AND RESUSE

US 20130007257A1
Filed: 06/30/2011
Published: 01/03/2013
Est. Priority Date: 06/30/2011
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

receiving, by a computing device, a network access request from a first user;

selecting, by the computing device, a candidate rule group associated with the packet flow, wherein the candidate rule group comprises one or more currently deployed rules of an existing rule group on the computing device that are currently installed within a forwarding plane of the computing device and are being applied by the forwarding plane of the computing device to network traffic associated with a second user;

installing, by the computing device, a new rule group comprising the one or more currently deployed rules of the existing rule group and one or more new rules associated with the first user and not currently installed within the forwarding plane of the computing device; and

applying, by the computing device, each rule of the new rule group to network traffic associated with the first user.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In general, techniques are described for selectively applying and reusing filters stored in a router. In one example, a method includes receiving a network access request from a first user. The method also includes selecting a candidate rule group associated with the packet flow, wherein the candidate rule group comprises one or more currently deployed rules of an existing rule group on the computing device that are currently installed within a forwarding plane and are being applied by the forwarding plane to network traffic associated with a second user. The method also includes installing a new rule group comprising the one or more currently deployed rules of the existing rule group and one or more new rules associated with the first user and not currently installed within a forwarding plane. The method also includes applying each rule of the new rule group to network traffic associated with the first user.

82 Citations

View as Search Results

33 Claims

1. A method comprising:
- receiving, by a computing device, a network access request from a first user;
  
  selecting, by the computing device, a candidate rule group associated with the packet flow, wherein the candidate rule group comprises one or more currently deployed rules of an existing rule group on the computing device that are currently installed within a forwarding plane of the computing device and are being applied by the forwarding plane of the computing device to network traffic associated with a second user;
  
  installing, by the computing device, a new rule group comprising the one or more currently deployed rules of the existing rule group and one or more new rules associated with the first user and not currently installed within the forwarding plane of the computing device; and
  
  applying, by the computing device, each rule of the new rule group to network traffic associated with the first user.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
- - 2. The method of claim 1 wherein selecting the candidate rule group associated with the packet flow further comprises:
    - wherein existing rules comprise the one or more currently deployed rules;
      
      querying, by the computing device, a bit matrix that indicates one or more associations between the existing rule group and the one or more existing rules stored on the network computing device to select the candidate rule group,wherein one or more requested rules of a requested rule group comprise rules of the new rule group.
  - 3. The method of claim 2,wherein the bit matrix comprises a two-dimensional array comprising two or more elements,wherein a row of the bit matrix is associated with an existing rule of the existing rules, andwherein a column of the bit matrix is associated with the existing rule group of one or more existing rule groups.
  - 4. The method of claim 3,wherein a bit stored in an element of the two-dimensional array identified by a rule index associated with the existing rule and a column index associated with the existing rule group indicates the existing rule is included in the existing rule group.
  - 5. The method of claim 2, wherein querying the bit matrix further comprises:
    - selecting, by the computing device, the existing rule group;
      
      selecting, by the computing device, bits of the bit matrix associated with the existing rule group, wherein each bit of the selected bits is associated with one of the one or more requested rules, wherein each bit of the selected bits indicates whether each of the one or more requested rules is included in the existing rule group; and
      
      based on the one or more bits, determining, by the computing device, if each of the requested rules are included in the existing rule group.
  - 6. The method of claim 2, wherein each requested rule of the one or more requested rules comprises one or more filters.
  - 7. The method of claim 2, wherein the existing rule groups are stored in a group datastore, and wherein each existing group in the group datastore is identifiable by a group index.
  - 8. The method of claim 2, further comprising:
    - determining, by the computing device, each of the requested rules matches each rule of the existing rule group; and
      
      assigning, by the computing device, the existing rule group as the candidate rule group.
  - 9. The method of claim 2, further comprising:
    - determining, by the computing device, the existing rule group comprises a superset of the requested rule group;
      
      selecting, by the computing device, the existing rule group as the candidate rule group; and
      
      generating, by the computing device, a second bitmap that indicates the positions of the requested rules within the candidate rule group.
  - 10. The method of claim 2, further comprising:
    - determining, by the computing device, the existing rule group of the existing rule groups comprises a subset of the requested rule group, wherein at least one of the requested rules is not included the existing rule group;
      
      selecting, by the computing device, the existing rule group as the candidate rule group; and
      
      generating, by the computing device, a second bitmap that indicates the positions of the requested rules within the candidate rule group.
  - 11. The method of claim 10, further comprising:
    - determining, by the computing device, the existing rule group is capable of storing the at least one of the requested rules; and
      
      storing, by the computing device, the at least one of the requested rules in the existing rule group.
  - 12. The method of claim 10, wherein selecting the existing rule group as the candidate rule group further comprises:
    - determining, by the computing device, if the existing rule group includes a greater quantity, fewer quantity, or exact quantity of the requested rules than the candidate rule group.
  - 13. The method of claim 10, wherein selecting the existing rule group as the candidate rule group further comprises:
    - determining, by the computing device, if a first reference count of the existing rule group is greater, less than or equal to a second reference count of the candidate rule group.
  - 14. The method of claim 2, wherein querying the bit matrix that indicates one or more associations between existing rule groups and existing rules further comprises:
    - selecting, by the computing device, an existing rule group of the existing rule groups; and
      
      determining, by the computing device, if each requested rule of the requested rule group is included in the existing rule group.
  - 15. The method of claim 13, wherein if each requested rule of the requested rule group is included in the existing rule group:
    - determining, by the computing device, if a first ordering of the requested rules in the requested rule group is equal to a second order of the requested rules in the existing rule group.
  - 16. The method of claim 2, further comprising:
    - receiving, by the computing device, a message to delete a rule from an existing rule group of the existing rule groups;
      
      selecting, by the computing device, the existing rule group that includes the rule;
      
      decrementing, by the computing device, a reference count of the rule;
      
      determining, by the computing device, the reference count of the rule is zero;
      
      removing, by the computing device, the rule from one or more integrated circuits of the computing device;
      
      clearing, by the computing device, a bit in the bit matrix that indicates the rule is included in the existing rule group; and
      
      removing, by the computing device, the rule from the existing rule group.
  - 17. The method of claim 2, further comprising:
    - receiving, by the computing device, a message to delete an existing rule group;
      
      selecting, by the computing device, the existing rule group;
      
      decrementing, by the computing device, a reference count of the existing rule group;
      
      determining, by the computing device, the reference count of the existing rule group is zero;
      
      removing, by the computing device, the existing rule group from one or more integrated circuits of the computing device; and
      
      removing, by the computing device, the existing rule group from a group datastore that includes the existing rule groups.

18. A network device comprising:
- one or more network interfaces to receive a network access request from a first user;
  
  a manager module that detects the first packet flow,wherein the manager module selects a candidate rule group associated with the packet flow, wherein the candidate rule group comprises one or more currently deployed rules of an existing rule group on the computing device that are currently installed within a forwarding plane of the computing device and are being applied by the forwarding plane of the computing device to network traffic associated with a second user;
  
  wherein the manager module installs a new rule group comprising the one or more currently deployed rules of the existing rule group and one or more new rules associated with the first user and not currently installed within the forwarding plane of the computing device; and
  
  wherein the manager module applies each rule of the new rule group to network traffic associated with the first user.
- View Dependent Claims (19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33)
- - 19. The network device of claim 18,wherein the manager module receives a request for a requested rule group comprising one or more requested rules;
    - wherein existing rules comprise the one or more currently deployed rules; and
      
      wherein the manager module queries a bit matrix that indicates one or more associations between the rule group and the one or more existing rules stored on the network device to select the candidate rule group,wherein the candidate rule group includes at least one of the one or more requested rules of the requested rule group.
  - 20. The network device of claim 19,wherein the bit matrix comprises a two-dimensional array comprising two or more elements,wherein a row of the bit matrix is associated with an existing rule of the existing rules, andwherein a column of the bit matrix is associated with the existing rule group of one or more existing rule groups.
  - 21. The network device of claim 20,wherein a bit stored in an element of the two-dimensional array identified by a rule index associated with the existing rule and a column index associated with the existing rule group indicates the existing rule is included in the existing rule group.
  - 22. The network device of claim 19,wherein the manager module selects the existing rule group;
    - wherein the manager module selects bits of the bit matrix associated with the existing rule group, wherein each bit of the selected bits is associated with one of the one or more requested rules, wherein each bit of the selected bits indicates whether each of the one or more requested rules is included in the existing rule group; and
      
      wherein based on the one or more bits, the manager module determines if each of the requested rules are included in the existing rule group.
  - 23. The network device of claim 19,wherein each requested rule of the one or more requested rules comprises one or more filters.
  - 24. The network device of claim 19,wherein the existing rule groups are stored in a group datastore, and wherein each existing group in the group datastore is identifiable by a group index.
  - 25. The network device of claim 19,wherein the manager module determines each of the requested rules matches each rule of the existing rule group;
    - andwherein the manager module assigns the existing rule group as the candidate rule group.
  - 26. The network device of claim 19,wherein the manager module determines the existing rule group comprises a superset of the requested rule group;
    - wherein the manager module selects the existing rule group as the candidate rule group; and
      
      wherein the manager module generates a second bitmap that indicates the positions of the requested rules within the candidate rule group.
  - 27. The network device of claim 26,wherein the manager module determines the existing rule group is capable of storing the at least one of the requested rules;
    - andwherein the manager module stores the at least one of the requested rules in the existing rule group.
  - 28. The network device of claim 26,wherein the manager module determines if the existing rule group includes a greater quantity, fewer quantity, or exact quantity of the requested rules than the candidate rule group.
  - 29. The network device of claim 26,wherein the manager module determines if a first reference count of the existing rule group is greater, less than or equal to a second reference count of the candidate rule group.
  - 30. The network device of claim 19,wherein the manager module selects an existing rule group of the existing rule groups;
    - andwherein the manager module determines if each requested rule of the requested rule group is included in the existing rule group.
  - 31. The network device of claim 29,wherein the manager module determines if a first ordering of the requested rules in the requested rule group is equal to a second order of the requested rules in the existing rule group.
  - 32. The network device of claim 19,wherein the manager module receives a message to delete a rule from an existing rule group of the existing rule groups;
    - wherein the manager module selects the existing rule group that includes the rule;
      
      wherein the manager module decrements a reference count of the rule;
      
      wherein the manager module determines the reference count of the rule is zero;
      
      wherein the manager module removes the rule from one or more integrated circuits of the network device;
      
      wherein the manager module clears a bit in the bit matrix that indicates the rule is included in the existing rule group; and
      
      wherein the manager module removes the rule from the existing rule group.
  - 33. The network device of claim 19,wherein the manager module receives a message to delete an existing rule group;
    - wherein the manager module selects the existing rule group;
      
      wherein the manager module decrements a reference count of the existing rule group;
      
      wherein the manager module determines the reference count of the existing rule group is zero;
      
      wherein the manager module removes the existing rule group from one or more integrated circuits of the network device; and
      
      wherein the manager module removes the existing rule group from a group datastore that includes the existing rule groups.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Juniper Networks Incorporated
Original Assignee
Juniper Networks Incorporated
Inventors
Ramaraj, Balamurugan, Krishna, Gopi, Sathyanarayana, Ananda, Mehta, Apurva, Sankaran, Krishna, Attarwala, Murtuza

Granted Patent

US 8,949,413 B2
Time in Patent Office

Days
Field of Search
US Class Current

709/224
CPC Class Codes

H04L 63/0263 Rule management

H04L 63/102 Entity profiles

FILTER SELECTION AND RESUSE

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

82 Citations

33 Claims

Specification

Solutions

Use Cases

Quick Links

FILTER SELECTION AND RESUSE

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

82 Citations

33 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links