Firewall including local bus
First Claim
1. A network device comprising:
- an interface to receive a plurality of packets from a network;
a first memory to store the packets;
a controller to coordinate transfer of the packets to and from the memory;
a packet processor to perform a plurality of processing operations on the packets that are retrieved from the memory, wherein the packet processor includes a second memory to store a first portion of a control policy; and
a third memory to store a second portion of the control policy, wherein the packet processor is configured to;
apply the first portion of the control policy to at least one of the retrieved packets,search the third memory for the second portion of the control policy, andapply, following the search, the second portion of the control policy to the at least one retrieved packet.
1 Assignment
0 Petitions
Accused Products
Abstract
A gateway for screening packets transferred over a network. The gateway includes a plurality of network interfaces, a memory and a memory controller. Each network interface receives and forwards messages from a network through the gateway. The memory temporarily stores packets received from a network. The memory controller couples each of the network interfaces and is configured to coordinate the transfer of received packets to and from the memory using a memory bus. The gateway includes a firewall engine coupled to the memory bus. The firewall engine is operable to retrieve packets from the memory and screen each packet prior to forwarding a given packet through the gateway and out an appropriate network interface. A local bus is coupled between the firewall engine and the memory providing a second path for retrieving packets from memory when the memory bus is busy.
28 Citations
20 Claims
-
1. A network device comprising:
-
an interface to receive a plurality of packets from a network; a first memory to store the packets; a controller to coordinate transfer of the packets to and from the memory; a packet processor to perform a plurality of processing operations on the packets that are retrieved from the memory, wherein the packet processor includes a second memory to store a first portion of a control policy; and a third memory to store a second portion of the control policy, wherein the packet processor is configured to; apply the first portion of the control policy to at least one of the retrieved packets, search the third memory for the second portion of the control policy, and apply, following the search, the second portion of the control policy to the at least one retrieved packet. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A method comprising:
-
receiving, at a network device, a plurality of packets from a first network which are destined for a second network; transferring, via a first bus, a first one of the received packets for storage within the network device; retrieving, via a second bus, the first packet from storage; and performing a plurality of security-related packet processing operations on the retrieved packet, and concurrently transferring, via the first bus, a second one of the received packets for storage within the network device. - View Dependent Claims (12, 13, 14, 15, 16)
-
-
17. A communication system comprising:
-
means for receiving a plurality of packets from a network; means for storing the packets; means for coordinating transfer of the packets to and from storage; means for performing a plurality of security-related processing operations on the packets that are retrieved from storage; means for conveying a first one of the packets between the means for coordinating transfer and storage; and means for conveying a second one of the packets between storage and the means for performing security-related processing, wherein the first and second packets are conveyed concurrently. - View Dependent Claims (18, 19, 20)
-
Specification