System and process for GHIH-speed pattern matching for application-level switching of data packets
First Claim
1. A method for creating, identifying, retrieving and storing the flow path switching information of a packet of information bytes comprising the steps of:
- (a) retrieving the header of the packet, (b) selecting a programmable subset of said header bytes, (c) hashing said subset to form a hash result, (d) second hashing of the header to form a signature value, (e) selecting portions of said hash result to form an index into a memory, (f) determining whether there is a valid flow tag at said index, (g) if there is no valid flow tag, then (g) (1) decoding the header of the packet to determine a forwarding flow path, (g) (2) creating a flow tag pointer for the packet, said flow tag pointer having a destination in a flow table, (g) (3) storing the flow tag pointer at said index, (g) (4) storing said signature value at said index, (g) (5) storing said forwarding flow path in said flow table at said flow tag pointer, and (g) (6) forwarding the packet, (h) if there is a valid flow tag, then (h) (1) comparing said signature value to a stored signature value at said index; and
, (h) (2) if said signature value matches said stored signature value, following a stored flow tag pointer at said index to stored flow information in said flow table and forwarding the packet according to said stored flow information.
6 Assignments
0 Petitions
Accused Products
Abstract
A process and system for switching connections of data packet flows between nodes of data processing system networks operating on diverse protocols according to the application layer information on the data packets. The process retrieves and hashes the header information to from an index into memory where a flow tag pointer is stored. The flow tag points to flow switching information that directs the forwarding of the packet. The switching information is sent along with the packet data to direct the forwarding state information about the flow is updated in the flow switching information. The hash function includes a multiplication and division by polynomials forming a hash result and a signature result. Both hash and signature are used to ensure that the information retrieved is valid. If invalid, The pre hashed header information is parsed to determine the forwarding information. This forwarding information is stored for later use and the appropriate flow tag pointer is stored in the hash result index.
145 Citations
14 Claims
-
1. A method for creating, identifying, retrieving and storing the flow path switching information of a packet of information bytes comprising the steps of:
-
(a) retrieving the header of the packet, (b) selecting a programmable subset of said header bytes, (c) hashing said subset to form a hash result, (d) second hashing of the header to form a signature value, (e) selecting portions of said hash result to form an index into a memory, (f) determining whether there is a valid flow tag at said index, (g) if there is no valid flow tag, then (g) (1) decoding the header of the packet to determine a forwarding flow path, (g) (2) creating a flow tag pointer for the packet, said flow tag pointer having a destination in a flow table, (g) (3) storing the flow tag pointer at said index, (g) (4) storing said signature value at said index, (g) (5) storing said forwarding flow path in said flow table at said flow tag pointer, and (g) (6) forwarding the packet, (h) if there is a valid flow tag, then (h) (1) comparing said signature value to a stored signature value at said index; and
,(h) (2) if said signature value matches said stored signature value, following a stored flow tag pointer at said index to stored flow information in said flow table and forwarding the packet according to said stored flow information.
-
-
2. A method for creating, identifying, retrieving and storing the flow path switching information of a data packet comprising the steps of:
-
(a) selecting a programmable subset of header bytes from the data packet, (b) hashing said subset to form a hash result, (c) second hashing of said subset to form a signature value, (d) selecting portions of said hash result to form an index into a memory, (e) determining whether there is a valid flow tag at said index, (f) if there is no valid flow tag, then (f) (1) decoding the header of the packet to determine a forwarding flaw path, (f) (2) creating a flow tag pointer for the packet, said flow tag pointer having a destination in a flow table, (f) (3) storing the flow tag pointer and said signature value at said index, (f) (4) storing said forwarding flow path in said flow table at said flow tag pointer, and (f) (5) forwarding the packet, (g) if there is a valid flow tag, then (g) (1) comparing said signature value to a stored signature value at said index;
(g) (2) if said signature value matches said stored signature value, following a stored flow tag pointer at said index to stored flow information in said flow table and forwarding the packet according to said stored flow information, (h) receiving a second packet having similar relevant header bytes as the previous packet in the flow path, and (i) performing steps (a) and (g) thereby determining a second forwarding path. - View Dependent Claims (3, 4, 5)
(b) (1) forming an ordered set from said selected number of bytes, (b) (2) multiplying said ordered set by a random polynomial to form a product polynomial, (b) (3) choosing an irreducible and primitive polynomial, and (b) (4) dividing said product polynomial by said irreducible and primitive polynomial forming a remainder polynomial, wherein said remainder is the hash result.
-
-
4. The method of claim 3 wherein step (d) further comprises the steps of:
-
(c) (1) multiplying said order set by a second random polynomial to form a second product polynomial, (c) (2) dividing said second product polynomial by said irreducible and primitive polynomial forming a remainder polynomial to form the signature value, (c) (3) storing the signature value, wherein comparing said stored signature value to a signature value from a second verifies that the flow tag pointer is valid.
-
-
5. The method of claim 2 further comprising the steps of:
-
(j) retrieving several additional packet headers in sequence, (k) processing the additional packet headers by (l) pipelining the steps (a)-(g) as applied to all said headers of the packets sequentially, wherein the processing steps of the packets overlap each other but are offset in time.
-
-
6. A method for identifying, and retrieving the flow path switching information of a packet of information comprising the steps of:
-
retrieving the header of the packet, selecting one or more header bytes from the header, forming an ordered set of said selected header bytes, multiplying the header with a polynomial to form a first result, dividing the first result by another polynomial to form the hash result, multiplying said ordered set by a second random polynomial forming a second product polynomial, dividing said second product polynomial by an irreducible and primitive polynomial forming a remainder polynomial to form the signature value, comparing stored signature values with presently calculated signatures values to determine that said flow tag pointer is valid, selecting portions of the hash result to form an index into memory, retrieving a valid flow tag pointer from the memory contents at the index, verifying the validity of the flow tag pointer by comparing the calculated signature value with a previously stored signature value, retrieving switching information stored in a flow table at the selected flow tag pointer destination, and, forwarding the packet according to said retrieved switching information.
-
-
7. A method for forming an index into an information field from an incoming byte stream comprising the steps of:
-
selecting a programmable never of said bytes at programmable byte positions, forming an ordered set from said number of bytes;
multiplying said ordered set by a random polynomial forming a product polynomial, forming an irreducible and primitive polynomial, dividing said product polynomial by said irreducible and primitive polynomial forming a remainder polynomial, referred to as a hash result, and forming said index by selecting portions of said hash result. - View Dependent Claims (8, 9, 10)
multiplying said ordered set by a second random polynomial forming a second product polynomial, dividing said second product polynomial by said irreducible and primitive polynomial forming a remainder polynomial to form a signature value, comparing said signature value to a signature value previously stored in the index to determine that said index is valid.
-
-
9. The method as defined in claim 8 wherein the step of forming the signature value includes calculations involving lossy compressions including CRC'"'"'s and checksums, and
storing the signature value as part of the hash result. -
10. The method of claim 8 further comprising the step of using the signature value as a hash key directly to increase the confidence of a non-aliased hash result.
-
11. Apparatus for determining whether a presently received data packet is part of a flow initiated by a previously received data packet, said apparatus comprising:
-
(a) a trash preprocessor having an input of a portion of said presently received data packet and an output of a hash result, said hash preprocessor to (i) select a programmable number of bytes of said portion of said data packet at programmable byte positions, (ii) form an ordered set from said number of bytes, (iii) multiply said ordered set by a random polynomial to form a product polynomial, (iv) form an irreducible and primitive polynomial, (v) divide said product polynomial by said irreducible and primitive polynomial to form a remainder polynomial to produce said hash result; and
(b) a comparator having inputs of said hash result and a corresponding hash result of said previously received data packet, and having an output tagging said presently received data packet as part of said flow if and only if there is a match. - View Dependent Claims (12, 13)
-
-
14. Apparatus for determining whether a presently received data packet is part of a flow initiated by a previously received data packet, said apparatus comprising:
-
(a) a hash preprocessor having an input of a portion of said presently received data packet and an output of a hash result;
said hash preprocessor to (i) select a programmable number of bytes of said portion of said data packet at programmable byte positions, (ii) form an ordered set from said number of bytes, (iii) multiply said ordered set by a random polynomial to form a product polynomial, (iv) forms an irreducible and primitive polynomial, (v) divide said product polynomial by said irreducible and primitive polynomial to form a remainder polynomial to produce said hash result;
(b) a comparator having inputs of said hash result and a corresponding hash result of said previously received data packet, and having an output tagging said presently received data packet as part of said flow if and only if there is a match; and
(c) a second hash processor having an input of a larger portion of sand presently received data packet and an output of a signature value, which is compared to the corresponding signature value of a corresponding portion of said presently received data packet, said second hash preprocessor to (i) select a programmable number of bytes of a portion of said data packet at programmable byte positions, (ii) form an ordered set from said number of bytes, (iii) multiply said ordered set by a random polynomial to form a product polynomial, (iv) form an irreducible and primitive polynomial, and (v) divide said product polynomial by said irreducible and primitive polynomial to to form a remainder polynomial to produce said signature value.
-
Specification