Strong and searching a hierarchy of items of particular use with IP security policies and security associations
First Claim
1. A method for maintaining a data structure, the method comprising:
- identifying an ordered list of Internet Protocol security policies;
programming ordered associative memory entries associated with the ordered list of Internet Protocol security policies;
programming corresponding context memory entries associated with the ordered list of Internet Protocol security policies;
performing an associative memory lookup operation on said ordered associative memory entries based on a received packet to identify a particular associative memory entry location;
performing a lookup operation on the context memory based on the particular associative memory entry location to identify a particular Internet Protocol security policy of the ordered list of Internet Protocol security policies; and
adding a particular security association entry based on the received packet to said ordered associative memory entries, the particular security association entry corresponding to the particular Internet Protocol security policy, and the particular security association entry being added to said ordered associative memory entries prior to the particular associative memory entry location and after other security policy entries of said ordered list of Internet Protocol security policies located prior to the particular associative memory entry location.
1 Assignment
0 Petitions
Accused Products
Abstract
Mechanisms for storing and searching a hierarchy of items are disclosed which may be particularly useful for implementing security policies and security associations, such as, but not limited to Internet Protocol security (IPsec). A hierarchy of items is stored in a search priority order. Multiple element definitions and groups of elements are identified. Representations of the element definitions and elements are stored in a prioritized searchable data structure in decreasing search priority such that representations of each particular element definition is stored after representations of a set of particular elements associated with the particular element definition and before representations of lower priority element definitions and their associated elements. The element definitions may include Internet Protocol security policies and the elements may include Internet Protocol security associations. The searchable data structure may include an associative memory or a plurality of associative memory entries.
113 Citations
16 Claims
-
1. A method for maintaining a data structure, the method comprising:
-
identifying an ordered list of Internet Protocol security policies;
programming ordered associative memory entries associated with the ordered list of Internet Protocol security policies;
programming corresponding context memory entries associated with the ordered list of Internet Protocol security policies;
performing an associative memory lookup operation on said ordered associative memory entries based on a received packet to identify a particular associative memory entry location;
performing a lookup operation on the context memory based on the particular associative memory entry location to identify a particular Internet Protocol security policy of the ordered list of Internet Protocol security policies; and
adding a particular security association entry based on the received packet to said ordered associative memory entries, the particular security association entry corresponding to the particular Internet Protocol security policy, and the particular security association entry being added to said ordered associative memory entries prior to the particular associative memory entry location and after other security policy entries of said ordered list of Internet Protocol security policies located prior to the particular associative memory entry location. - View Dependent Claims (2, 3)
-
-
4. An apparatus for maintaining a data structure based an ordered list of Internet Protocol security policies, the apparatus comprising:
-
means for programming ordered associative memory entries associated with the ordered list of Internet Protocol security policies;
means for programming corresponding context memory entries associated with the ordered list of Internet Protocol security policies;
means for performing an associative memory lookup operation on said ordered associative memory entries based on a received packet to identify a particular associative memory entry location;
means for performing a lookup operation on the context memory based on the particular associative memory entry location to identify a particular Internet Protocol security policy of the ordered list of Internet Protocol security policies; and
means for adding a particular security association entry based on the received packet to said ordered associative memory entries, the particular security association entry corresponding to the particular Internet Protocol security policy, and the particular security association entry being added to said ordered associative memory entries prior to the particular associative memory entry location and after other security policy entries of said ordered list of Internet Protocol security policies located prior to the particular associative memory entry location. - View Dependent Claims (5, 6, 7, 8, 9)
-
-
10. A computer-readable medium containing computer-executable instructions for performing steps for maintaining a data structure based an ordered list of Internet Protocol security policies, said steps comprising:
-
programming ordered associative memory entries associated with the ordered list of Internet Protocol security policies;
programming corresponding context memory entries associated with the ordered list of Internet Protocol security policies;
performing an associative memory lookup operation on said ordered associative memory entries based on a received packet to identify a particular associative memory entry location;
performing a lookup operation on the context memory based on the particular associative memory entry location to identify a particular Internet Protocol security policy of the ordered list of Internet Protocol security policies; and
adding a particular security association entry based on the received packet to said ordered associative memory entries, the particular security association entry corresponding to the particular Internet Protocol security policy, and the particular security association entry being added to said ordered associative memory entries prior to the particular associative memory entry location and after other security policy entries of said ordered list of Internet Protocol security policies located prior to the particular associative memory entry location. - View Dependent Claims (11, 12)
-
-
13. An apparatus for maintaining entries of an associative memory based an ordered list of Internet Protocol security policies, the apparatus comprising:
-
the associative memory including ordered associative memory entries associated with the ordered list of Internet Protocol security policies;
a programming mechanism coupled to the associative memory;
a mechanism for generating lookup words to the associative memory based on which the associative memory performs a lookup operation to identify a particular associative memory entry location;
a context memory for performing lookup operations based on the particular associative memory entry location to identify a particular Internet Protocol security policy of the ordered list of Internet Protocol security policies;
wherein the programming mechanism is configured to add a particular security association entry based on the received packet to said ordered associative memory entries, the particular security association entry corresponding to the particular Internet Protocol security policy, and the particular security association entry being added to said ordered associative memory entries prior to the particular associative memory entry location and after other security policy entries of said ordered list of Internet Protocol security policies located prior to the particular associative memory entry location. - View Dependent Claims (14, 15, 16)
-
Specification