Virtual egress packet classification at ingress
DCFirst Claim
Patent Images
1. In a network packet router having one or more ingress and egress ports, a system implemented at an ingress port for egress pass/drop determination for packets, comprising:
- a rule set comprising a first lookup table including header combinations and values for which a pass/drop decision may be applied, the set including an egress port identity for each header combination and value set;
a second lookup table for accomplishing ingress rule determinations without egress port numbers; and
a mechanism noting pertinent headers of a specific incoming packet, and an egress port to which the packet is to be sent, comparing, in the fast and second lookup tables, the headers with rules in the rule set, and returning a determination of a rule to be applied.
4 Assignments
Litigations
2 Petitions
Accused Products
Abstract
In a network packet router having one or more ingress and egress ports, a method is implemented at an ingress port for egress pass/drop determination for packets, comprising the steps of (a) noting header combinations and values, and egress port destination for incoming packets; (b) comparing the header combinations and values with rule sets associated with the header combinations and values including egress port identities, and (c) returning a determination of pass or drop for the packet.
20 Citations
24 Claims
-
1. In a network packet router having one or more ingress and egress ports, a system implemented at an ingress port for egress pass/drop determination for packets, comprising:
-
a rule set comprising a first lookup table including header combinations and values for which a pass/drop decision may be applied, the set including an egress port identity for each header combination and value set;
a second lookup table for accomplishing ingress rule determinations without egress port numbers; and
a mechanism noting pertinent headers of a specific incoming packet, and an egress port to which the packet is to be sent, comparing, in the fast and second lookup tables, the headers with rules in the rule set, and returning a determination of a rule to be applied. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. In a network packet router, an ingress port, comprising:
-
an interface for receiving packets;
a first mechanism for noting header combinations and values, and egress ports for transmission, for individual ones of the received packets; and
a second mechanism comparing the headers and values with a rule set comprising header combinations and values and egress ports, and returning a rule for the packet;
wherein the rule set association is in the form of a lookup table and a second lookup table is provided for accomplishing ingress rule determinations without egress port numbers. - View Dependent Claims (8, 9, 10, 11, 12)
-
-
13. A network packet router comprising:
-
one or more ingress ports; and
one or more egress ports;
characterized in that individual ones of the ingress ports comprise a first mechanism for noting header field combinations and values, and egress ports for transmission, for individual ones of the received packets, and a second mechanism including a first lookup table for comparing the headers with rules associated with the egress ports and field values, and returning a rule determination for the packet, and a second lookup table is provided for accomplishing ingress pass/drop determinations without egress port numbers. - View Dependent Claims (14, 15, 16, 17, 18)
-
-
19. In a network packet router having one or more ingress and egress ports, a method implemented at an ingress port for determining both ingress and egress rules for packets, comprising the steps of:
-
(a) noting header combinations and values, and egress port destination for incoming packets;
(b) comparing, in a first lookup table, the header combinations and values and egress port destinations with a rule set associated with the header combinations and values including egress port destinations; and
(c) returning a rule for the packet;
(d) comparing, in a second lookup table, a separate rule set association for accomplishing ingress rule application determinations without egress port numbers; and
(e) returning a rule for the packet as a result of step (d). - View Dependent Claims (20, 21, 22, 23, 24)
-
Specification