Tagging packets with a lookup key to facilitate usage of a unified packet forwarding cache
First Claim
1. A method comprising:
- receiving a packet at a network device, the packet including a header and a payload;
tagging the packet, by a first packet-processing application, with a cache lookup key based upon original contents of the header, the cache lookup key indicating where in a unified cache a cache entry corresponding to the packet will be stored, the cache lookup key being stored in a field of the unified cache, and the cache lookup key being part of a packet descriptor of the packet;
translating the header of the packet from the original contents by an address translation packet-processing application after tagging the packet;
forwarding the packet descriptor and the packet to a second packet processing application after translating the header; and
the second packet-processing application accessing the cache entry from the unified cache using the cache lookup key from the packet descriptor added by the first packet processing application, wherein the unified cache is shared by multiple packet forwarding processes and allows a flow to be classified once and then subsequent packets can be processed with a single lookup in the unified cache.
1 Assignment
0 Petitions
Accused Products
Abstract
Apparatus and methods are provided for a Network Address Translation (NAT)-aware unified cache. According to one embodiment, multiple packet-processing applications distributed among one or more processors of a network device share one or more unified caches without requiring a cache synchronization protocol. When a packet is received at the network device, a first packet-processing application, such as NAT or another application that modifies part of the packet header upon which a cache lookup key is based, tags the packet with a cache lookup key based upon the original contents of the packet header. Then, other packet-processing applications attempting to access the cache entry from the unified cache subsequent to the tagging by the first packet-processing application use the tag (the cache lookup key generated by the first packet-processing application) rather than determining the cache lookup key based upon the current contents of the packet header.
44 Citations
21 Claims
-
1. A method comprising:
-
receiving a packet at a network device, the packet including a header and a payload; tagging the packet, by a first packet-processing application, with a cache lookup key based upon original contents of the header, the cache lookup key indicating where in a unified cache a cache entry corresponding to the packet will be stored, the cache lookup key being stored in a field of the unified cache, and the cache lookup key being part of a packet descriptor of the packet; translating the header of the packet from the original contents by an address translation packet-processing application after tagging the packet; forwarding the packet descriptor and the packet to a second packet processing application after translating the header; and the second packet-processing application accessing the cache entry from the unified cache using the cache lookup key from the packet descriptor added by the first packet processing application, wherein the unified cache is shared by multiple packet forwarding processes and allows a flow to be classified once and then subsequent packets can be processed with a single lookup in the unified cache. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A method comprising the steps of:
-
a step for determining whether a cache lookup key is present in a packet descriptor associated with a received packet; a step for performing a lookup in a unified cache with the cache lookup key if it is determined that the cache lookup key is present in the packet descriptor; a step for creating a new cache entry in the unified cache based upon information in a header of the received packet and tagging the packet with a new cache lookup key if it is determined that the cache lookup key is not present in the packet descriptor or the lookup does not locate an appropriate existing cache entry, the new cache lookup key being based upon contents of the header of the packet; a step for storing the new cache lookup key in a field of the unified cache; a step for conveying the cache lookup key from a NAT packet-processing task to a packet filtering packet-processing task; a step for updating an existing cache entry with module-specific information by the NAT packet processing task, the updating including translating the header of the packet; and a step for accessing the new cache entry from the unified cache by the packet-filtering packet processing task using the cache lookup key, after translating the header, wherein the unified cache is shared by multiple packet forwarding processes and allows a flow to be classified once and then subsequent packets can be processed with a single lookup in the unified cache. - View Dependent Claims (9, 10)
-
-
11. A machine-readable medium having stored thereon data representing instructions that, if executed by one or more processors of a network device, cause the one or more processors to:
-
receive a packet including a header and a payload; tag the packet, by a first packet-processing application of a plurality of packet-processing applications, with a cache lookup key based upon original contents of the header, the cache lookup key indicating where in a unified cache a cache entry corresponding to the packet will be stored; the cache lookup key being stored in a field of the unified cache, and the cache lookup key being part of a packet descriptor of the packet; translate the header of the packet from the original contents by an address translation packet-processing application after tagging the packet; forward the packet descriptor and the packet to a second packet processing application after translating the header; and use the cache lookup key from the packet descriptor rather than generating a new cache lookup key based upon current contents of the header by a second application accessing the cache entry from the unified cache subsequent to the tagging by the first packet-processing application, wherein the unified cache is shared by multiple packet forwarding processes and allows a flow to be classified once and then subsequent packets can be processed with a single lookup in the unified cache. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20, 21)
-
Specification