Programmable disrupt of multicast packets for secure networks
First Claim
1. An apparatus for controlling a multicast response to a multicast data packet, comprising:
- a repeater including an input port for receiving a data packet having a destination address field wherein said destination address field includes a multicast identifier, and a plurality of output ports, said repeater including a security system for transmitting said data packet from each output port of a first group of said plurality of output ports when an associated address matches said destination address field, said security system transmitting a first output packet from a first output port of said plurality of output ports when a first associated address of said first port does not match said destination address field, and transmitting a second output packet from a second output port of said plurality of output ports when a second associated address of said second output port does not match said destination address field;
a first multicast controller, coupled to said first output port and said security system, for controlling a first transmission of said first output packet by said security system, said first transmission providing said data packet as said first output packet when said data packet includes said multicast identifier; and
a second multicast controller, coupled to said second output port and said security system, for controlling a second transmission of said second output packet by said security system, said second transmission providing said second output packet as a disrupted data packet when said data packet includes said multicast identifier.
3 Assignments
0 Petitions
Accused Products
Abstract
A secure repeater implementing data packet masking includes a programmable and selective, on a per port basis, multicast response. A multicast controller receives a multicast identifier extracted from a destination address field of a data packet. A plurality of memories, one associated with each port, determines the associated port'"'"'s response to the multicast identifier. Each memory stores a multicast control code. When the multicast control code for a particular port has a value indicating that the associated port is enabled to receive multicast packets, assertion of the multicast identifier to the multicast controller for the particular port results in disabling the security masking for the port and subsequent transmission of unmodified data from the particular port.
60 Citations
7 Claims
-
1. An apparatus for controlling a multicast response to a multicast data packet, comprising:
-
a repeater including an input port for receiving a data packet having a destination address field wherein said destination address field includes a multicast identifier, and a plurality of output ports, said repeater including a security system for transmitting said data packet from each output port of a first group of said plurality of output ports when an associated address matches said destination address field, said security system transmitting a first output packet from a first output port of said plurality of output ports when a first associated address of said first port does not match said destination address field, and transmitting a second output packet from a second output port of said plurality of output ports when a second associated address of said second output port does not match said destination address field; a first multicast controller, coupled to said first output port and said security system, for controlling a first transmission of said first output packet by said security system, said first transmission providing said data packet as said first output packet when said data packet includes said multicast identifier; and a second multicast controller, coupled to said second output port and said security system, for controlling a second transmission of said second output packet by said security system, said second transmission providing said second output packet as a disrupted data packet when said data packet includes said multicast identifier. - View Dependent Claims (2)
-
-
3. A repeater having a plurality of ports, comprising:
-
a repeater front-end for receiving a data packet at a first port of the plurality of ports, said data packet including a destination address field, said destination address field including a multicast identifier, said repeater front-end driving a first output with said data packet and driving a second output with an ENABLE signal; a disrupter, coupled to of said repeater front-end, for providing a modified data packet at an output of said disrupter; a shift register, coupled to said repeater front-end and responsive to a SHIFT-- ENABLE signal, for extracting said destination address field from said data packet, and for extracting said multicast identifier from said destination address field; an address compare circuit, coupled to said shift register and responsive to an assertion of a COMPARE signal, for comparing said destination source address to a plurality of stored addresses, each stored address corresponding to one of the plurality of ports, said address compare circuit having a plurality of EQUAL signals each corresponding to one of said stored addresses wherein said address compare circuit asserts a particular one EQUAL signal corresponding to a particular stored address matching said destination address field; a controller, coupled to said repeater front end, said shift register and said address compare circuit, and responsive to said ENABLE signal and to said data packet, for asserting said SHIFT-ENABLE signal and said compare signal; a plurality of multicast controllers, a particular one multicast controller coupled to said particular one EQUAL signal of said plurality of EQUAL signals and to said shift register, for driving a plurality of DISRUPT SELECT signals each having a first state and a second state, said particular one multicast controller including a memory for storing a multicast control code and driving a first one of said DISRUPT SELECT signals with said first state when said multicast identifier indicates said data packet is a multicast packet and said multicast control code enables multicasting response; and a multiplexer, coupled to said repeater front end and to said disrupter, for routing said data packet to a particular output port of the repeater that corresponds to said particular one multicast controller when said first one DISRUPT SELECT signal has said first state, otherwise, said multiplexer routing said modified data packet to said output port when said DISRUPT SELECT signal has said second value.
-
-
4. A method for transmitting a multicast packet from a repeater having a security system for transmitting a data packet received at an input port to a first output port of a plurality of output ports when an associated first address matches a destination address field, and transmitting a modified data packet to a subset of said plurality of output ports when associated addresses do not match said destination address field;
- comprising the steps of;
detecting when the data packet is the multicast packet; comparing a multicast control word stored in each memory of a plurality of memories associated with the subset of output ports to a multicast identifier in the multicast packet, to determine a group of associated output ports that are to receive the multicast packet; and transmitting the multicast packet from said group of output ports and transmitting a modified data packet from output ports not within said group.
- comprising the steps of;
-
5. A repeater comprising:
-
a repeater front-end having an input port for receiving a data packet including a destination address field wherein said destination address field includes a multicast identifier, and a plurality of output ports, said repeater front-end including a security system for transmitting a modified data packet to a subset of said plurality of output ports having addresses not matching said destination address field; and means, coupled to said repeater front-end, for asserting a multicast signal when said data packet is a multicast signal; and means, coupled to said asserting means and to said repeater front-end, for selectively disabling said security system for a predetermined particular one output port when said multicast signal is asserted.
-
-
6. An apparatus for controlling a multicast response to a multicast data packet, comprising:
-
a repeater including an input port for receiving a data packet having a destination address field wherein said destination address field includes a multicast identifier, and a plurality of output ports, said repeater including a security system for transmitting a first output packet from a first output port of said plurality of output ports when a first associated address of said first port does not match said destination address field, and transmitting a second output packet from a second output port of said plurality of output ports when a second associated address of said second output port does not match said destination address field; a first multicast controller, coupled to said first output port and said security system, for controlling a first transmission of said first output packet by said security system, said first transmission providing said data packet as first output packet when said data packet includes said multicast identifier; and a second multicast controller, coupled to said second output port and said security system, for controlling a second transmission of said second output packet by said security system, said second transmission providing said second output packet as a disrupted data packet when said data packet includes said multicast identifier.
-
-
7. In a network including a plurality of intercoupled repeaters, a particular repeater for controlling a multicast response to a multicast data packet, comprising:
-
a repeater front-end including an input port for receiving a data packet having a destination address field wherein said destination address field includes a multicast identifier, and a plurality of output ports, said repeater including a security system for transmitting a first output packet from a first output port of said plurality of output ports when a first associated address of said first port does not match said destination address field, and transmitting a second output packet from a second output port of said plurality of output ports when a second associated address of said second output port does not match said destination address field; a first multicast controller, coupled to said first output port and said security system, for controlling a first transmission of said first output packet by said security system, said first transmission providing said data packet as first output packet when said data packet includes said multicast identifier; and a second multicast controller, coupled to said second output port and said security system, for controlling a second transmission of said second output packet by said security system, said second transmission providing said second output packet as a disrupted data packet when said data packet includes said multicast identifier.
-
Specification