Reverse path forwarding protection of packets using automated population of access control lists based on a forwarding information base
First Claim
1. A method for processing packets, the method comprising:
- identifying a lookup value by extracting one or more values from a packet, said one or more values including a source address of the packet;
performing an access control list lookup operation in an access control list based on the lookup value to identify a permit or a deny condition, wherein the access control list includes access control list entries;
processing the packet based on the permit or the deny condition identified in said performing the access control list lookup operation, wherein said processing the packet based on the permit condition includes performing a forwarding lookup operation on a representation of a forwarding information base to identify a location and forwarding the packet to the location; and
automatically generating the access control list entries based on the forwarding information base;
wherein said automatically generating the access control list entries includes automatically generating the access control list entries based on the forwarding information base and a predefined access control list.
1 Assignment
0 Petitions
Accused Products
Abstract
Reverse path forwarding protection of packets is provided using automated population of access control lists based on a forwarding information base. One implementation identifies a lookup value by extracting one or more values including a source address from a packet. An access control list lookup operation is performed on an access control list based on the lookup value to identify a permit or a deny condition, the access control list including multiple access control list entries. The packet is processed based on the permit or the deny condition identified in by the access control list lookup operation, this processing the packet based on the permit condition includes performing a forwarding lookup operation on a representation of a forwarding information base to identify a location and forwarding the packet to the location. The access control list entries are automatically generated based on a forwarding information base.
-
Citations
24 Claims
-
1. A method for processing packets, the method comprising:
-
identifying a lookup value by extracting one or more values from a packet, said one or more values including a source address of the packet; performing an access control list lookup operation in an access control list based on the lookup value to identify a permit or a deny condition, wherein the access control list includes access control list entries; processing the packet based on the permit or the deny condition identified in said performing the access control list lookup operation, wherein said processing the packet based on the permit condition includes performing a forwarding lookup operation on a representation of a forwarding information base to identify a location and forwarding the packet to the location; and automatically generating the access control list entries based on the forwarding information base; wherein said automatically generating the access control list entries includes automatically generating the access control list entries based on the forwarding information base and a predefined access control list. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. An apparatus for processing packets, the apparatus comprising:
-
means for identifying a lookup value by extracting one or more values from a packet, said one or more values including a source address of the packet; means for performing an access control list lookup operation in an access control list based on the lookup value to identify a permit or a deny condition, wherein the access control list includes access control list entries; means for processing the packet based on the permit or the deny condition identified in said performing the access control list lookup operation, wherein said processing the packet based on the permit condition includes performing a forwarding lookup operation on a representation of a forwarding information base to identify a location and forwarding the packet to the location; and means for automatically generating the access control list entries based on the forwarding information base; wherein said means for automatically generating the access control list entries includes means for automatically generating the access control list entries based on the forwarding information base and a predefined access control list. - View Dependent Claims (8, 9, 10, 11, 12)
-
-
13. An apparatus comprising:
-
a lookup value generator configured to generate a lookup value by extracting one or more values from a packet, said one or more values including a source address of the packet; an access control list lookup mechanism configured to perform an access control list lookup operation in an access control list based on the lookup word to identify a permit or a deny condition; a packet processor configure to process the packet based on the permit or the deny condition identified by the access control list lookup operation, wherein said processing the packet based on the permit condition includes performing a forwarding lookup operation on a representation of a forwarding information base to identify a location and forwarding the packet to the location; and an access control list generator configured to automatically generate entries in the access control list based on the forwarding information base; wherein the access control list generator automatically generates entries based on the forwarding information base and on a predefined access control list. - View Dependent Claims (14, 15, 16, 17, 18)
-
-
19. Logic encoded in one or more tangible media for execution and when execute operable to perform the operations of:
-
identifying a lookup value by extracting one or more values from a packet, said one or more values including a source address of the packet; performing an access control list lookup operation in an access control list based on the lookup value to identify a permit or a deny condition, wherein the access control list includes access control list entries; processing the packet based on the permit or the deny condition identified in said performing the access control list lookup operation, wherein said processing the packet based on the permit condition includes performing a forwarding lookup operation on a representation of a forwarding information base to identify a location and forwarding the packet to the location; and automatically generating the access control list entries based on the forwarding information base; wherein said automatically generating the access control list entries includes automatically generating the access control list entries based on the forwarding information base and a predefined access control list. - View Dependent Claims (20, 21, 22, 23, 24)
-
Specification