Packet forwarding device with packet filter

US 7,680,114 B2
Filed: 03/03/2006
Issued: 03/16/2010
Est. Priority Date: 08/26/2005
Status: Expired due to Fees

First Claim

Patent Images

1. A forwarding device which forwards a packet, comprising:

a packet receiving unit which receives a packet from a port; and

an execution decision unit which decides whether to execute filtering on the basis of one of information of a first packet received by said packet receiving unit and input information of said packet receiving unit;

a routing information unit storing therein routing information including a set of address information versus destination address of said address information;

a destination decision unit searching said routing information unit for output destination information corresponding to a destination of the first packet to decide the output destination information; and

a filtering unit searching said routing information unit for filtering information for a source of said packet thereby to decide whether or not to discard the first packet;

wherein said execution decision unit decides whether to execute filtering on the basis of the output destination information decided by said destination decision unit; and

wherein the output destination information includes an interface number indicating a network to which the first packet is to be output, an output port number indicating a number of a port to which the first packet is to be output, and at least a part of a next hop address indicating an address of a next forwarding device to which the first packet is to be transmitted.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

To provide a packet forwarding device which minimizes degradation in packet forwarding performance at the time of execution of filtering there is provided a technique in which a destination decision processing unit of a destination decision and filtering unit decides whether to execute filtering on the basis of at least one of an input interface, an input port number, an output interface, and an output port number of an input packet and a plurality of pieces of information constituting the header of the packet. A filtering unit executes filtering only for a packet for which execution of filtering is decided. The packet forwarding device with the destination decision and filtering unit need not execute filtering for all packets and can minimize degradation in packet forwarding performance caused by filtering.

25 Citations

View as Search Results

15 Claims

1. A forwarding device which forwards a packet, comprising:
- a packet receiving unit which receives a packet from a port; and
  
  an execution decision unit which decides whether to execute filtering on the basis of one of information of a first packet received by said packet receiving unit and input information of said packet receiving unit;
  
  a routing information unit storing therein routing information including a set of address information versus destination address of said address information;
  
  a destination decision unit searching said routing information unit for output destination information corresponding to a destination of the first packet to decide the output destination information; and
  
  a filtering unit searching said routing information unit for filtering information for a source of said packet thereby to decide whether or not to discard the first packet;
  
  wherein said execution decision unit decides whether to execute filtering on the basis of the output destination information decided by said destination decision unit; and
  
  wherein the output destination information includes an interface number indicating a network to which the first packet is to be output, an output port number indicating a number of a port to which the first packet is to be output, and at least a part of a next hop address indicating an address of a next forwarding device to which the first packet is to be transmitted.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The forwarding device according to claim 1, whereinthe input information of said packet receiving unit includes one of an input port number indicating a number of a port from which the first packet is input and an input interface number indicating a number of an interface from which the first packet is input.
  - 3. The forwarding device according to claim 1, whereinsaid packet receiving unit has an internal header adding unit which adds, to the first packet, an input port number corresponding to a port from which the first packet is received, andsaid execution decision unit decides whether to execute filtering on the basis of the input port number added by said internal header adding unit.
  - 4. The forwarding device according to claim 1, whereinsaid packet receiving unit has an interface decision unit which decides an input interface number on the basis of one of header information and an input port number contained in the first packet, andsaid execution decision unit decides whether to execute filtering on the basis of the interface number decided by said interface decision unit.
  - 5. The forwarding device according to claim 1, whereinthe one of the information of the first packet received by said packet receiving unit and the input information of said packet receiving unit specifies a flow of the first packet.
  - 6. The forwarding device according to claim 5, whereinthe flow of the first packet includes at least one of an input port number indicating a port from which the first packet is input, an output port number indicating a port to which the first packet is to be output, an input interface number indicating an interface from which the first packet is input, an output interface number indicating an interface to which the first packet is to be output, and a source address and a destination address contained in a header of the first packet.
  - 7. The forwarding device according to claim 1, further comprising:
    - a filtering execution information store unit which stores information of the first packet received by said packet receiving unit and the input information of said packet receiving unit; and
      
      a filtering execution condition setting input unit which sets and inputs data to said filtering execution information store unit.
  - 8. The forwarding device according to claim 1, whereinsaid filtering unit decides to discard the first packet if a source address contained in header information of the first packet does not match said routing information stored in said routing information unit.
  - 9. The forwarding device according to claim 1, whereinthe execution decision unit decides a value of an on/off information and outputs the on/off information to the routing information unit, an on value indicating a decision to execute filtering and an off value indicating a decision not to execute filtering;
    - if the value of the on/off information is off, the first packet is to be forwarded without filtering; and
      
      the filtering unit searches the routing information unit for filing information to decide whether or not to discard the first packet only if the value of the on/off information is on.

10. A forwarding device having a plurality of interface units each connected to an extra-device port and an intra-device line, comprising:
- a packet receiving unit which receives a first packet from a first extra- device port of a first interface unit of the plurality of interface units;
  
  a routing information unit storing therein routing information including a set of address information versus destination address of said address information;
  
  an input-side destination decision unit which searches said routing information unit for output destination information corresponding to a destination of the first packet to decide output destination information corresponding to a destination contained in the first packet received by said packet receiving unit;
  
  a filtering execution decision unit which decides whether to execute filtering on the basis of the output destination information decided by said input-side destination decision unit;
  
  a filtering result decision unit which searches said routing information unit for output destination information corresponding to a destination of the first packet to decide the output destination information to decide whether to allow forwarding of the first packet if said filtering execution decision unit decides execution of filtering; and
  
  a packet transmitting unit which transmits information of the first packet to the output destination information decided by said input-side destination unit through the intra-device line if said filtering execution decision unit decides non- execution of filtering or if said filtering result decision unit decides allowance of forwarding; and
  
  an interface number decision unit which decides a first input interface number on the basis of one of a Dort number corresponding to the first extra-device port from which the first packet is received and information in a header of the packet,wherein said filtering result decision unit decides whether to allow forwarding on the basis of the first interface number corresponding to the first extra-device port decided by said interface number decision unit in addition to the source address contained in the first packet.
- View Dependent Claims (11, 12)
- - 11. The forwarding device according to claim 10, whereinsaid filtering result decision unit decides whether to allow forwarding on the basis of a source address contained in the first packet.
  - 12. The forwarding device according to claim 10, whereinthe filtering execution decision unit decides a value of an on/off information and outputs the on/off information to the routing information unit, an on value indicating a decision to execute filtering and an off value indicating a decision not to execute filtering;
    - if the value of the on/off information is off, the packet transmitting unit transmits information of the first packet without filtering to the output destination information decided by the input-side destination unit through the intra-device line; and
      
      the filtering result decision unit searches the routing information unit to decide whether to allow forwarding of the first packet only if the value of the on/off information is on.

13. A forwarding device having a plurality of interface units each connected to an extra-device port and an intra-device line, comprising:
- a packet receiving unit which receives a first packet from a first extra-device port of a first interface unit of the plurality of interface units;
  
  a routing information unit storing therein routing information including a set of address information versus destination address of said address information;
  
  an intra-device forwarding unit which searches said routing information unit for output destination information corresponding to a destination of the first packet to forward information of the first packet, to which input source information corresponding to the first extra-device port is added, to a second interface unit corresponding to said output destination information contained in the first packet received by said packet receiving unit;
  
  a filtering execution decision unit which decides whether to execute filtering on the basis of at least one of the information of the first packet received by the second interface unit and the input source information;
  
  a filtering result decision unit which searches said routing information unit for output destination information corresponding to a destination of the first packet to decide the output destination information to decide whether to allow forwarding of the first packet if said filtering execution decision unit decides execution of filtering; and
  
  a packet transmitting unit which transmits the first packet through an extra-device port of the second interface unit if said filtering execution decision unit decides non-execution of filtering or if said filtering result decision unit decides allowance of forwarding.
- View Dependent Claims (14, 15)
- - 14. The forwarding device according to claim 13, whereinthe input source information includes one of an input interface number and an input port number.
  - 15. The forwarding device according to claim 13, whereinthe filtering execution decision unit decides a value of an on/off information and outputs the on/off information to the routing information unit, an on value indicating a decision to execute filtering and an off value indicating a decision not to execute filtering;
    - if the value of the on/off information is off, the packet transmitting unit transmits the first packet without filtering through the extra-device port of the second interface unit; and
      
      the filtering result decision unit searches the routing information unit to decide whether to allow forwarding of the first packet only if the value of the on/off information is on.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Alaxala Networks Corporation (Fortinet Inc.)
Original Assignee
Alaxala Networks Corporation (Fortinet Inc.)
Inventors
Shimojo, Toshio, Yazaki, Takeki
Primary Examiner(s)
Shah; Chirag G
Assistant Examiner(s)
PERSAUD, AMARNAUTH G

Application Number

US11/366,443
Publication Number

US 20070047548A1
Time in Patent Office

1,474 Days
Field of Search

726 12- 13
US Class Current

370/392
CPC Class Codes

H04L 49/3009 Header conversion, routing ...

H04L 63/1458 Denial of Service

Packet forwarding device with packet filter

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

25 Citations

15 Claims

Specification

Solutions

Use Cases

Quick Links

Packet forwarding device with packet filter

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

25 Citations

15 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links