Method for classifying packets using multi-class structures

US 7,415,023 B2
Filed: 11/30/2006
Issued: 08/19/2008
Est. Priority Date: 02/08/2002
Status: Expired due to Term

First Claim

Patent Images

1. A method comprising:

reading a classification policy that specifies a plurality of classes, each class associated with one or more matching rules;

generating a super class that includes the matching rules associated with the plurality of classes;

converting the matching rules in the super class into a hierarchical arrangement of lookup tables and associated equivalence sets, the hierarchical arrangement having a first level and a final level, the final level associated with a final equivalence set;

associating each entry in the final equivalence set with one of the classes of the plurality of classes;

applying a network packet to each level of the hierarchical arrangement of lookup tables to generate indexes into subsequent levels of the hierarchical arrangement of lookup tables, and ultimately to generate an index into the final equivalence set; and

applying the index to the final equivalence set to yield a particular entry that indicates the network packet is associated with a particular class.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In one embodiment, a super class that contains a plurality of matching rules is generated. The matching rules of the super class are converted into a hierarchical arrangement of lookup tables and equivalence sets, the hierarchical arrangement having a plurality of levels including a first level and a final level. A final equivalence set is associated with the final level. The lookup tables and final equivalence set are then used to generate a results table that indicates a network packet is associated with a particular class.

Citations

20 Claims

1. A method comprising:
- reading a classification policy that specifies a plurality of classes, each class associated with one or more matching rules;
  
  generating a super class that includes the matching rules associated with the plurality of classes;
  
  converting the matching rules in the super class into a hierarchical arrangement of lookup tables and associated equivalence sets, the hierarchical arrangement having a first level and a final level, the final level associated with a final equivalence set;
  
  associating each entry in the final equivalence set with one of the classes of the plurality of classes;
  
  applying a network packet to each level of the hierarchical arrangement of lookup tables to generate indexes into subsequent levels of the hierarchical arrangement of lookup tables, and ultimately to generate an index into the final equivalence set; and
  
  applying the index to the final equivalence set to yield a particular entry that indicates the network packet is associated with a particular class.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1, wherein the super class comprises for each matching rule:
    - a class name that identifies that class;
      
      a class criterion associated with that class.
  - 3. The method of claim 1, wherein the step of applying a network packet further comprises:
    - dividing the network packet into a plurality of sections; and
      
      applying each section to a different lookup table of the first level of lookup tables.
  - 4. The method of claim 1, wherein the step of converting further comprises:
    - merging two or more first level lookup tables and associated equivalence sets to produce a next level lookup table and associated equivalence set.
  - 5. The method of claim 4, wherein the step of converting further comprises:
    - merging two or more next level lookup tables and associated equivalence sets to produce the final level lookup table and associated equivalence set.
  - 6. The method of claim 1, further comprising:
    - transferring the hierarchical arrangement of lookup tables and the final equivalence set to a separate network device; and
      
      wherein the separate network device implements the steps of applying a network packet and applying the index.

7. An apparatus comprising:
- a memory configured to store a classification policy that specifies a plurality of classes, each class associated with one or more matching rules;
  
  a processor configured to generate a super class that includes the matching rules associated with the plurality of classes, convert the matching rules in the super class into a hierarchical arrangement of lookup tables and associated equivalence sets, the hierarchical arrangement having a first level and a final level, the final level associated with a final equivalence set, the processor further configured to associate each entry in the final equivalence set with one of the classes of the plurality of classes; and
  
  a packet memory configured to store a network packet;
  
  wherein the processor is further configured to apply the network packet to each level of the hierarchical arrangement of lookup tables to generate indexes into subsequent levels of the hierarchical arrangement of lookup tables, and ultimately to generate an index into the final equivalence set, and the processor father configured to apply the index to the final equivalence set to yield a particular entry that indicates the network packet is associated with a particular class.
- View Dependent Claims (8, 9, 10, 11)
- - 8. The apparatus of claim 7, wherein the super class comprises for each matching rule:
    - a class name that identifies that class; and
      
      a class criterion associated with that class.
  - 9. The apparatus of claim 7, wherein the processor is further configured to divide the network packet into a plurality of sections, and to apply each section to a different lookup table of the first level of lookup tables.
  - 10. The apparatus of claim 7, wherein the processor is further configured to merge two or more first level lookup tables and associated equivalence sets to produce a next level lookup table and associated equivalence set.
  - 11. The apparatus of claim 10, wherein the processor is further configured to merge two or more next level lookup tables and associated equivalence sets to produce the final level lookup table and associated equivalence set.

12. An apparatus comprising:
- means for reading a policy that specifies a plurality of classes, each class associated with one or more matching rules;
  
  means for generating a super class that includes the matching rules associated with the plurality of classes;
  
  means for converting the matching rules in the super class into a hierarchical arrangement of lookup tables and associated equivalence sets, the hierarchical arrangement having a first level and a final level, the final level associated with a final equivalence set;
  
  means for associating each entry in the final equivalence set with one of the classes of the plurality of classes;
  
  means for applying a network packet to each level of the hierarchical arrangement of lookup tables, to generate indexes into subsequent levels of the hierarchical arrangement of lookup tables, and ultimately to generate an index into the final equivalence set; and
  
  means for applying the index to the final equivalence set to yield a particular entry that indicates the network packet is associated with a particular class.

13. An apparatus comprising:
- a processor configured to read a classification policy that specifies a plurality of classes, each class associated with one or more matching rules, the processor further configured to generate a super class that contains the matching rules associated with the classes, the super class including for each class a class name that identifies the class, a class criterion associated with the class, and a representation of the one or more matching rules associated with the class; and
  
  a memory configured to store the super class as well as a hierarchical arrangement of lookup tables and associated equivalence sets generated by the processor from the super class, the hierarchical arrangement having a plurality of levels including a first level and a final level, a final equivalence set being associated with the final level.
- View Dependent Claims (14, 15, 16, 17, 18)
- - 14. The apparatus of claim 13, wherein the processor is further configured to apply a network packet to the each level of the hierarchical arrangement of lookup tables to generate indexes into subsequent levels of the hierarchical arrangement of lookup tables, and ultimately to generate an index into the final equivalence set.
  - 15. The apparatus of claim 14, wherein the processor is further configured to apply the index to the final equivalence set to yield a particular entry that indicates the network packet is associated with a particular class.
  - 16. The apparatus of claim 14, wherein the processor is further configured to divide the network packet into a plurality of sections, and to apply each section to a different lookup table of the first level of lookup tables.
  - 17. The apparatus of claim 13, wherein the processor is further configured to merge two or more first level lookup tables and associated equivalence sets to produce a next level lookup table and associated equivalence set.
  - 18. The apparatus of claim 13, further comprising:
    - an interface configured to transfer the hierarchical arrangement of lookup tables and the final equivalence set from the apparatus to a separate network device that applies a network packet to the hierarchical arrangement of lookup tables and the final equivalence set.

19. An apparatus comprising:
- a memory;
  
  a processor coupled to the memory, the processor configured to generate a super class that contains a plurality of matching rules and to convert the matching rules of the super class into a hierarchical arrangement of lookup tables and equivalence sets, the hierarchical arrangement having a plurality of levels including a first level and a final level, a final equivalence set associated with the final level, the processor further configured to place the lookup tables and final equivalence set in the memory and to generate a results table from the entries in the final equivalence set and place the results table in the memory.
- View Dependent Claims (20)
- - 20. The apparatus of claim 19, further comprising:
    - an interface configured to transfer the hierarchical arrangement of lookup tables and the final equivalence set from the apparatus to a separate network device that applies a network.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Original Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Inventors
Li, Liang, Dao, Thanh Trung, McRae, Andrew A., Nhan, Hugh
Primary Examiner(s)
Harper; Kevin C

Application Number

US11/606,509
Publication Number

US 20070086337A1
Time in Patent Office

628 Days
Field of Search

370/392
US Class Current

370/392
CPC Class Codes

H04L 45/742   Route cache; Operation thereof

H04L 47/10   Flow control; Congestion co...

H04L 47/17   Interaction among intermedi...

H04L 47/2441   relying on flow classificat...

H04L 47/43   Assembling or disassembling...

H04L 63/0227   Filtering policies mail mes...

H04L 63/101   Access control lists [ACL]

Method for classifying packets using multi-class structures

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Method for classifying packets using multi-class structures

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links