Virtual egress packet classification at ingress

US 6,763,394 B2
Filed: 08/22/2001
Issued: 07/13/2004
Est. Priority Date: 08/22/2001
Status: Expired due to Term

- Alert
- Pin

Associated Cases

Associated Defendants

First Claim

Patent Images

1. In a network packet router having one or more ingress and egress ports, a system implemented at an ingress port for egress pass/drop determination for packets, comprising:

a rule set comprising a first lookup table including header combinations and values for which a pass/drop decision may be applied, the set including an egress port identity for each header combination and value set;

a second lookup table for accomplishing ingress rule determinations without egress port numbers; and

a mechanism noting pertinent headers of a specific incoming packet, and an egress port to which the packet is to be sent, comparing, in the fast and second lookup tables, the headers with rules in the rule set, and returning a determination of a rule to be applied.

View all claims

4 Assignments

Timeline View

Assignment View

Litigations

2 Petitions

Accused Products

Abstract

In a network packet router having one or more ingress and egress ports, a method is implemented at an ingress port for egress pass/drop determination for packets, comprising the steps of (a) noting header combinations and values, and egress port destination for incoming packets; (b) comparing the header combinations and values with rule sets associated with the header combinations and values including egress port identities, and (c) returning a determination of pass or drop for the packet.

20 Citations

View as Search Results

24 Claims

1. In a network packet router having one or more ingress and egress ports, a system implemented at an ingress port for egress pass/drop determination for packets, comprising:
- a rule set comprising a first lookup table including header combinations and values for which a pass/drop decision may be applied, the set including an egress port identity for each header combination and value set;
  
  a second lookup table for accomplishing ingress rule determinations without egress port numbers; and
  
  a mechanism noting pertinent headers of a specific incoming packet, and an egress port to which the packet is to be sent, comparing, in the fast and second lookup tables, the headers with rules in the rule set, and returning a determination of a rule to be applied.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The system of claim 1 wherein the rule returned determines pass or drop for the packet.
  - 3. The system of claim 1 wherein the network is the Internet.
  - 4. The system of claim 1 wherein a content addressable memory (CAM) is used for header combination matches, and pass/drop is determined by the address location of any match.
  - 5. The system of claim 4 wherein the CAM is divided into more than two sections, and a result or action is associated with each section.
  - 6. The system of claim 1 comprising two sections in the CAM, and wherein pass or drop is determined by the section of the CAM wherein a content match is found.

7. In a network packet router, an ingress port, comprising:
- an interface for receiving packets;
  
  a first mechanism for noting header combinations and values, and egress ports for transmission, for individual ones of the received packets; and
  
  a second mechanism comparing the headers and values with a rule set comprising header combinations and values and egress ports, and returning a rule for the packet;
  
  wherein the rule set association is in the form of a lookup table and a second lookup table is provided for accomplishing ingress rule determinations without egress port numbers.
- View Dependent Claims (8, 9, 10, 11, 12)
- - 8. The ingress port of claim 7 wherein the rule returned is a pass or drop determination for the packet.
  - 9. The ingress port of claim 7 wherein the network is the Internet.
  - 10. The ingress port of claim 7 wherein a content addressable memory (CAM) is used for header combination matches, and an associated rule is determined by the address location of any match.
  - 11. The ingress port of claim 10 wherein the CAM is divided into two sections, and a pass or drop determination is determined by the section wherein the address lies for the content match.
  - 12. The ingress port of claim 10 wherein the CAM is divided into more than two sections, and a result or action is associated with each section.

13. A network packet router comprising:
- one or more ingress ports; and
  
  one or more egress ports;
  
  characterized in that individual ones of the ingress ports comprise a first mechanism for noting header field combinations and values, and egress ports for transmission, for individual ones of the received packets, and a second mechanism including a first lookup table for comparing the headers with rules associated with the egress ports and field values, and returning a rule determination for the packet, and a second lookup table is provided for accomplishing ingress pass/drop determinations without egress port numbers.
- View Dependent Claims (14, 15, 16, 17, 18)
- - 14. The router of claim 13 wherein the rule returned determines pass or drop for the associated packet.
  - 15. The router of claim 13 wherein the network is the Internet.
  - 16. The router of claim 13 wherein a content addressable memory (CAM) is used for header combination matches, and a rule is determined by the address location of any match.
  - 17. The packet router of claim 16 wherein the CAM is divided into two sections, and a pass or drop determination is determined by the section wherein the address lies for the content match.
  - 18. The router of claim 16 wherein the CAM is divided into more than two sections, and a result or action is associated with each section.

19. In a network packet router having one or more ingress and egress ports, a method implemented at an ingress port for determining both ingress and egress rules for packets, comprising the steps of:
- (a) noting header combinations and values, and egress port destination for incoming packets;
  
  (b) comparing, in a first lookup table, the header combinations and values and egress port destinations with a rule set associated with the header combinations and values including egress port destinations; and
  
  (c) returning a rule for the packet;
  
  (d) comparing, in a second lookup table, a separate rule set association for accomplishing ingress rule application determinations without egress port numbers; and
  
  (e) returning a rule for the packet as a result of step (d).
- View Dependent Claims (20, 21, 22, 23, 24)
- - 20. The method of claim 19 wherein, in step (c), the rule returned indicates pass or drop for the associated packet.
  - 21. The method of claim 19 wherein the network is the Internet.
  - 22. The method of claim 19 wherein, in step (b), a content addressable memory (CAM) is consulted for rule set matches, and a rule is determined by the address location of any match.
  - 23. The method of claim 22 wherein the CAM is divided into two sections, and pass or drop is determined by the section wherein the address is found for a content match.
  - 24. The method of claim 22 wherein the CAM is divided into more than two sections, and each section is associated with a different result or action.

Specification

Resources

Litigation Campaign Assessment

Litigation Data

Current Assignee
Parity Networks LLC
Original Assignee
Pluris, Inc
Inventors
Tuck, III, Russell R., Agarwal, Puneet
Primary Examiner(s)
Lim, Krisna

Application Number

US09/935,444
Publication Number

US 20030053474A1
Time in Patent Office

1,056 Days
Field of Search

709/238, 370/392, 370/389
US Class Current

709/238
CPC Class Codes

H04L 45/00   Routing or path finding of ...

H04L 45/7453   using hashing

H04L 47/10   Flow control; Congestion co...

H04L 47/2441   relying on flow classificat...

H04L 47/32   by discarding or delaying d...

H04L 63/0227   Filtering policies mail mes...

H04L 63/0236   Filtering by address, proto...

H04L 63/0263   Rule management

H04L 63/101   Access control lists [ACL]

Virtual egress packet classification at ingress

First Claim

4 Assignments

Litigations

2 Petitions

Accused Products

Abstract

20 Citations

24 Claims

Specification

Use Cases

Quick Links

Others

Virtual egress packet classification at ingress

First Claim

4 Assignments

Subscription Required

Subscription Required

Litigations

2 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

20 Citations

24 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others