Control system for high speed rule processors
First Claim
1. A method for controlling rule processors in a gateway managing data traffic between two networks, said method comprising:
- receiving packet information derived from a packet arrived in the gateway;
looking up control words in internal registers;
processing, concurrently and respectively, said packet information within a plurality of nanocomputers with respect to a set of rules, said plurality of nanocomputers organized into nanocomputer groups, each of said nanocomputers controlled and operating under the control words;
returning match results from said plurality of nanocomputers to a nanocomputer group if said packet information matches any of the rules;
prioritizing said match results within said nanocomputer group that contains a match and returning a group prioritized result from said nanocomputer group to a control unit; and
prioritizing said group prioritized results respectively from said each nanocomputer group to generate a said final prioritized result.
6 Assignments
0 Petitions
Accused Products
Abstract
A control system for high-speed rule processors used in a gateway system is disclosed. The gateway system employing the current invention can process packets at wire speed by using massive parallel processors, each of the processors operating concurrently and independently. Further, the processing capacities in the gateway system employing the current invention are expandable. The number of packet inspector engines may be increased and all of the engines are connected in a cascade manner. Under the control system, all of the engines operate concurrently and independently and results from each of the engines are collected sequentially through a common data bus. As such the processing speed of packets becomes relatively independent of the complexities and numbers of rules that may be applied to the packets.
177 Citations
12 Claims
-
1. A method for controlling rule processors in a gateway managing data traffic between two networks, said method comprising:
-
receiving packet information derived from a packet arrived in the gateway;
looking up control words in internal registers;
processing, concurrently and respectively, said packet information within a plurality of nanocomputers with respect to a set of rules, said plurality of nanocomputers organized into nanocomputer groups, each of said nanocomputers controlled and operating under the control words;
returning match results from said plurality of nanocomputers to a nanocomputer group if said packet information matches any of the rules;
prioritizing said match results within said nanocomputer group that contains a match and returning a group prioritized result from said nanocomputer group to a control unit; and
prioritizing said group prioritized results respectively from said each nanocomputer group to generate a said final prioritized result. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
writing said packet information into an internal buffer; and
determining if said packet information exceeds a threshold, said threshold indicating the amount of data that can be received for processing.
-
-
3. The method as claimed in claim 1, wherein said looking up control words comprises:
accessing said control words from a memory through a data bus;
wherein said control words comprises instructions for operation cycles to be executed.
-
4. The method as claimed in claim 3, further comprising:
returning match results from said plurality of nanocomputers if said packet information matches any of the rules.
-
5. The method as claimed in claim 4;
- wherein said match results are group prioritized results within each nanocomputer group; and
said method further comprising determining a final prioritized result from said group prioritized results.
- wherein said match results are group prioritized results within each nanocomputer group; and
-
6. The method as claimed in claim 5 wherein said determining a final prioritized result comprises:
prioritizing said final prioritized result from said group prioritized results respectively from said each nanocomputer group that produces said match results.
-
7. The method as claimed in claim 1, still further comprising:
-
storing said final prioritized result in a local memory; and
releasing said final prioritized result from said local memory to said data bus upon detecting an enable signal therefrom.
-
-
8. The method as claimed in claim 7, wherein said local memory is a result merge logic circuit coupled to said data bus.
-
9. An apparatus for managing packet data in a gateway managing data traffic between two networks, said apparatus comprising:
-
an interface receiving packet information derived from a packet arrived in the gateway when said interface sends out a ready signal;
said interface further comprising;
a number of attribute registers, each storing one aspect of attributes in said packet information, and at least one threshold register containing a value specifying a limited amount of data said interface can accommodate for subsequent processing;
an array of nanocomputers, each processing, concurrently and respectively, said packet information with respect to an allocated set of rules;
a match result generated when said packet information matches any of said rules;
a plurality of group logic circuits for receiving respective match results from a respective group of nanocomputers, said group logic circuits generating a prioritized group result; and
a control unit for receiving respective prioritized group results from said group logic circuits, said control unit generating a prioritized final result from said prioritized group results. - View Dependent Claims (10, 11, 12)
-
Specification