Packet filtering in connection-based switching networks

US 6,510,151 B1
Filed: 09/19/1996
Issued: 01/21/2003
Est. Priority Date: 09/19/1996
Status: Expired due to Term

First Claim

Patent Images

1. A method of filtering a plurality of packets received by a switch having a set of known virtual connections, and the switch further having a fast port coupled to a shared-media subnetwork of a connection-oriented communication network, the set of known virtual connections being programmed through the shared media subnetwork, and a second port, the method comprising the steps of:

storing information on the set of known virtual connections for the connection-oriented communication network for the switch;

forwarding a packet, corresponding to one of the known virtual connections from the first port to the second port, wherein the one of the known virtual connections is programmed through the shared-media subnetwork; and

selectively in-line filtering one of the packets, received by the switch on the first port, that does not correspond to one of the set of known virtual connections, wherein the step of selectively in-line filtering comprises the steps of;

maintaining an in-line filter table based on a plurality of destination addresses corresponding to packets to be filtered; and

for one of the packets that does not correspond to one of the known connections, adding an entry to the in-line filter table corresponding to a destination address for that packet.

View all claims

14 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and apparatus are provided for using shared-media networks in a connection-based networking scheme. The method and apparatus may include filtering of packets received by a switch in the shared-media subnetwork. In-line filtering of packets is also disclosed.

Citations

24 Claims

1. A method of filtering a plurality of packets received by a switch having a set of known virtual connections, and the switch further having a fast port coupled to a shared-media subnetwork of a connection-oriented communication network, the set of known virtual connections being programmed through the shared media subnetwork, and a second port, the method comprising the steps of:
- storing information on the set of known virtual connections for the connection-oriented communication network for the switch;
  
  forwarding a packet, corresponding to one of the known virtual connections from the first port to the second port, wherein the one of the known virtual connections is programmed through the shared-media subnetwork; and
  
  selectively in-line filtering one of the packets, received by the switch on the first port, that does not correspond to one of the set of known virtual connections, wherein the step of selectively in-line filtering comprises the steps of;
  
  maintaining an in-line filter table based on a plurality of destination addresses corresponding to packets to be filtered; and
  
  for one of the packets that does not correspond to one of the known connections, adding an entry to the in-line filter table corresponding to a destination address for that packet.
- View Dependent Claims (2, 3, 4)
- - 2. The method of claim 1, wherein the step of selectively in-line filtering further comprises the step of:
3. The method of claim 1, further comprising the step of:
- selectively filtering one of the packets based on which port that packet was received by the switch, a destination address for that packet and a source address for that packet.
4. The method of claim 1, wherein the shared-media subnetwork comprises an FDDI token ring network.

5. A method of filtering a plurality of packets received by a switch having a set of known virtual connections, and the switch further having a first port coupled to a shared media subnetwork of a connection-oriented communication network, the set of known virtual connections being programmed through the shared media subnetwork, and a second port, the method comprising the steps of:
- storing information on the set of known virtual connections for the connection-oriented communication network for the switch;
  
  forwarding a packet, corresponding to one of the known virtual connections from the first port to the second port, wherein the one of the known virtual connections is programed through the shared-media subnetwork;
  
  selectively in-line filtering one of the packets, received by the switch on the first port, that does not correspond to one of the set of known virtual connections; and
  
  maintaining, for at least one destination address that has a known connection through the switch using the first port as a source port, a count of the number of connections for that destination address which the flirt port as a source port.
- View Dependent Claims (6, 7)
- - 6. The method of claim 5, wherein the step of selectively in-line filtering comprises the steps of:
7. The method of claim 6, further comprising the steps of:
- maintaining a filter connection table that includes entries designating packets to be filtered;
  
  for one of the packets that is received on the first port and does not correspond to one of the known connections, adding an entry to the filter connection table corresponding to that packet, if a destination address for that packet has a connection count using the first port of more than zero; and
  
  filtering any packet received by the switch that has a corresponding entry in the filter connection table.

8. A switch for a connection-oriented communication network, the switch being coupled to a shared-media subnetwork, comprising:
- a first port;
  
  a second port;
  
  means for storing information on a set of known connection-oriented virtual connections for the switch;
  
  means, coupled to the first port, the second port and the means for storing, for forwarding a first packet corresponding to one of the known virtual connections from the first port to the second port, wherein the one of the known virtual connections is programmed through the shared-media subnetwork; and
  
  means, coupled to the first port and the second port, for in-line filtering a packet received on the first port, when the packet does not correspond to one of the known virtual connections, wherein the means for selectively in-line filtering comprises;
  
  means for maintaining an inline filter table based on destination addresses of a plurality of packets to be filtered;
  
  means for adding an entry to the in-line filter table corresponding to the destination address of a received packet that does not correspond to one of the known connections.
- View Dependent Claims (9, 10, 11)
- - 9. The switch of claim 8, wherein the means for filtering further comprises:
10. The switch of claim 8, further comprising an FDDI component, coupled to the first port, to manage communication over an FDDI token ring'"'"'s network.
11. The switch of claim 8, wherein the means for selectively in-line filtering further comprises:
- means for adding an entry to the in-line filter table corresponding to the source address for the received packet.

12. A switch for a connection-oriented communication network, the switch being coupled to a shared-media subnetwork, comprising:
- a first port;
  
  a second port;
  
  means for storing information on a set of known connection-oriented virtual connections for the switch;
  
  means, coupled to the first port, the second port and the means for storing, for forwarding a first packet corresponding to one of the known virtual connections from the first port to the second port, wherein the one of the known virtual connections is programmed through the shared-media subnetwork;
  
  means, coupled to the first port and the second port, for in-line filtering a packet received on the first port, when the packet does not correspond to one of the known virtual connections; and
  
  means for maintaining, for each destination address of the known connections that uses the first port as a source port, a count of the number of known connections for that destination address which use the first port as a source port.
- View Dependent Claims (13, 14)
- - 13. The switch of claim 12, wherein the means for selectively in-line filtering comprises:
14. The switch of claim 13, further comprising:
- means for maintaining a filter connection table that includes entries designating packets to be filtered;
  
  means for adding an entry to the filter connection table that corresponds to a packet received by the switch and not corresponding to one of the known connections, if the destination address for the packet has a connection count of more than zero; and
  
  means for filtering any packet received having a corresponding entry in the filter connection table.

15. A method of programming a virtual connection for a packet in a connection-oriented network, the connection passing through a shared media subnetwork that includes a switch, the virtual connection passing from a source port of the switch through a destination port of the switch, the source port being coupled to the shared media subnetwork of the connection-oriented network, the method comprising the step of:
- programming a virtual connection through the connection-oriented communication network, the virtual connection passing through the shared-media subnetwork, the programming step including a step of disabling filtering of the packet when it is received on the source port of the switch.
- View Dependent Claims (16, 17, 18)
- - 16. The method of claim 15, wherein:
    - step of disabling comprises the step of disabling in-line filtering of the packet when it is received on the source port of the switch.
  - 17. The method of claim 16, wherein:
18. The method of claim 15, wherein:
- the step of disabling comprises the step of removing an entry corresponding to the connection being programed from a filter connection table for the switch.

19. A method of using a switch, having a first port and a second port, in a connection-oriented communication network for forwarding a plurality of packets, one of the packets being sent from a first end station on the connection-oriented network to a second end station on the network, the method comprising the steps of:
- identifying a virtual path through the network for one of the packets to be transmitted through the network from the first end station to the second end station, the identified virtual path passing through a shared media subnetwork that includes the switch;
  
  forwarding the one of the packets, being sent from the first end station to the second end station, from the first port of the switch to the second port of the switch, according to the identified virtual path; and
  
  selectively filtering one of the packets, received by the switch, that is not being transmitted from the first end station to the second end station defined by the virtual path.
- View Dependent Claims (20, 21, 22, 23, 24)
- - 20. The method of claim 19, wherein the first port is on a shared-media subnetwork and the step of selectively filtering includes the step of selectively filtering one of the packets received by the switch on its first port.
  - 21. The method of claim 20, wherein the step of filtering comprises the step of:
22. The method of claim 21, wherein the step of selectively in-line filtering includes the step of selectively in-line filtering one of the plurality of packets, based on the port on which that packet was received by the switch and a destination address for the packet.
23. The method of claim 22, further comprising the step of:
- selectively filtering one of the packets based on the port on which that packet was received by the switch, the destination address for that packet and the source address for that packet.
24. The method of claim 22, wherein the shared-media subnetwork includes an FDDI token ring network.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Extreme Networks, Inc.
Original Assignee
Enterasys Networks Incorporated (Extreme Networks, Inc.)
Inventors
DiPietro, Jason, Cioli, Jeffrey
Primary Examiner(s)
RAO, SEEMA SRINIVAS

Application Number

US08/716,056
Time in Patent Office

2,315 Days
Field of Search

370/401, 370/389, 370/402, 370/403, 370/404, 370/405, 370/406, 370/412, 370/428, 370/429, 370/229, 370/230, 370/231, 370/235, 370/456, 370/902, 370/463, 370/252, 370/360, 370/254, 370/911, 370/408, 370/225, 370/355, 370/381, 370/351, 370/388, 370/352, 370/395.31, 370/230.1, 340/825.05, 340/825.52, 395/200.75, 395/200.79, 395/309, 709/226, 709/239, 709/249
US Class Current

370/352
CPC Class Codes

H04L 12/4616   LAN interconnection over a ...

H04L 12/4625   Single bridge functionality...

H04L 49/102   using shared medium, e.g. b...

H04L 49/205   Quality of Service based

Packet filtering in connection-based switching networks

First Claim

14 Assignments

0 Petitions

Accused Products

Abstract

Citations

24 Claims

Specification

Solutions

Use Cases

Quick Links

Packet filtering in connection-based switching networks

First Claim

14 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

24 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links