Generating accounting data based on access control list entries
First Claim
1. A method, comprising:
- configuring a mechanism for accumulating information based on an access control list including a plurality of access control list entries, with one or more of the plurality of access control list entries identifying network accounting data collection requests;
said configuring the mechanism including;
associating network accounting data collection mechanisms with each of said one or more of the plurality of access control list entries identifying network accounting data collection requests; and
wherein the access control list identifies to a bridge or a router information for allowing and denying flows of packet traffic, with at least one of the plurality of access control list entries identifies a deny operation and at least one of the plurality of access control list entries identifies a permit operation; and
employing the bridge or the router to perform the following operations;
for each particular item of a plurality of items;
identifying a particular network accounting data collection mechanism of said network accounting data collection mechanisms corresponding to the particular item based on matching the particular item with said one or more of the plurality of access control list entries; and
in response, updating the particular network accounting data collection mechanism corresponding to the particular item;
wherein each item of the plurality of items includes one or more fields of a corresponding received packet; and
wherein said operation of identifying the particular network accounting data collection mechanism of said network accounting data collection mechanisms corresponding to the particular item includes;
performing a lookup operation in an associative memory based on the lookup value including the particular item to identify an associative memory result; and
performing a lookup operation on an adjunct memory based on the associative memory result to identify the particular network accounting data collection mechanism of said network accounting data collection mechanisms.
2 Assignments
0 Petitions
Accused Products
Abstract
Methods, apparatus, and other mechanisms are disclosed for generating accounting or other data based on that indicated in access control lists or other specifications, and typically using associative memory entries in one or more associative memory banks and/or memory devices. One implementation identifies an access control list including multiple access control list entries, with a subset of these access control list entries identifying accounting requests. Accounting mechanisms are associated with each of said access control list entries in the subset of access control list entries identifying accounting requests. An item is identified, and a corresponding accounting mechanism is updated. In one implementation, the item includes at least one autonomous system number. In one implementation, at least one of the accounting mechanisms is associated with at least two different access control list entries in the subset of access control list entries identifying accounting requests.
-
Citations
9 Claims
-
1. A method, comprising:
-
configuring a mechanism for accumulating information based on an access control list including a plurality of access control list entries, with one or more of the plurality of access control list entries identifying network accounting data collection requests;
said configuring the mechanism including;
associating network accounting data collection mechanisms with each of said one or more of the plurality of access control list entries identifying network accounting data collection requests; and
wherein the access control list identifies to a bridge or a router information for allowing and denying flows of packet traffic, with at least one of the plurality of access control list entries identifies a deny operation and at least one of the plurality of access control list entries identifies a permit operation; andemploying the bridge or the router to perform the following operations;
for each particular item of a plurality of items;
identifying a particular network accounting data collection mechanism of said network accounting data collection mechanisms corresponding to the particular item based on matching the particular item with said one or more of the plurality of access control list entries; and
in response, updating the particular network accounting data collection mechanism corresponding to the particular item;wherein each item of the plurality of items includes one or more fields of a corresponding received packet; and
wherein said operation of identifying the particular network accounting data collection mechanism of said network accounting data collection mechanisms corresponding to the particular item includes;
performing a lookup operation in an associative memory based on the lookup value including the particular item to identify an associative memory result; and
performing a lookup operation on an adjunct memory based on the associative memory result to identify the particular network accounting data collection mechanism of said network accounting data collection mechanisms. - View Dependent Claims (2, 3)
-
-
4. An apparatus, comprising:
-
one or more processors and memory, wherein the memory stores one or more instructions that, when executed by said one or more processors, perform operations comprising;
configuring a mechanism for accumulating information based on an access control list including a plurality of access control list entries, with one or more of the plurality of access control list entries identifying network accounting data collection requests;
said configuring the mechanism including;
associating network accounting data collection mechanisms with each of said one or more of the plurality of access control list entries identifying network accounting data collection requests; and
wherein the access control list identifies to a bridge or router information for allowing and denying flows of packet traffic, with at least one of the plurality of access control list entries identifies a deny operation and at least one of the plurality of access control list entries identifies a permit operation; andmeans for;
for each particular item of a plurality of items;
identifying a particular network accounting data collection mechanism of said network accounting data collection mechanisms corresponding to the particular item based on matching the particular item with said one or more of the plurality of access control list entries; and
in response, updating the particular network accounting data collection mechanism corresponding to the particular item;wherein the apparatus is the bridge or the router; and
wherein each item of the plurality of items includes one or more fields of a corresponding received packet; and
wherein said means for identifying the particular network accounting data collection mechanism of said network accounting data collection mechanisms corresponding to the particular item includes;
means for performing a lookup operation in an associative memory based on the lookup value including the particular item to identify an associative memory result; and
means for performing a lookup operation on an adjunct memory based on the associative memory result to identify the particular network accounting data collection mechanism of said network accounting data collection mechanisms. - View Dependent Claims (5, 6)
-
-
7. An apparatus, comprising:
-
means for configuring a mechanism for accumulating information based on an access control list including a plurality of access control list entries, with one or more of the plurality of access control list entries identifying network accounting data collection requests;
said means for configuring the mechanism including;
means for associating network accounting data collection mechanisms with each of said one or more of the plurality of access control list entries identifying network accounting data collection requests; and
wherein the access control list identifies to a bridge or router information for allowing and denying flows of packet traffic, with at least one of the plurality of access control list entries identifies a deny operation and at least one of the plurality of access control list entries identifies a permit operation; andmeans for;
for each particular item of a plurality of items;
identifying and a particular network accounting data collection mechanism of said network accounting data collection mechanisms corresponding to the particular item based on matching the particular item with said one or more of the plurality of access control list entries; and
in response, updating the particular network accounting data collection mechanism corresponding to the particular item;wherein the apparatus is the bridge or the router; and
wherein each item of the plurality of items includes one or more fields of a corresponding received packet; and
wherein said means for identifying the particular network accounting data collection mechanism of said network accounting data collection mechanisms corresponding to the particular item includes;
means for performing a lookup operation in an associative memory based on the lookup value including the particular item to identify an associative memory result; and
means for performing a lookup operation on an adjunct memory based on the associative memory result to identify the particular network accounting data collection mechanism of said network accounting data collection mechanisms. - View Dependent Claims (8, 9)
-
Specification