Method and apparatus for flexible frame processing and classification engine

US 7,719,980 B2
Filed: 02/19/2002
Issued: 05/18/2010
Est. Priority Date: 02/19/2002
Status: Expired due to Fees

First Claim

Patent Images

1. A method of handling data packets in a network device, said method comprising:

receiving an incoming data packet;

parsing the incoming data packet to obtain a portion of the incoming data packet, the portion including a packet field;

comparing said portion with rules stored in a rule table of the network device, wherein each rule of said rules specifies a set of actions and includes at least one rule field, the at least one rule field including a rule field value, a mask, and a selection flag, the mask specifying a mask-specified subset of the rule field value, and wherein the comparing further includesapplying the mask to the packet field to obtain a packet field value, and to the rule field value to obtain a mask-specified rule field value, andobtaining a comparison result by comparing the packet field value against the mask-specified rule field value;

selecting a match between said portion and a particular rule of said rules, based on the comparison result and the selection flag, including selecting the match for the rule field when either the comparison result is positive and the selection flag is positive, or when the comparison result is negative and the selection flag is negative; and

executing a particular set of actions specified by said particular rule.

View all claims

6 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method of handling data packets in a network device and an apparatus for handling data packets in a network device are disclosed. The method includes receiving an incoming data packet and the incoming data packet is parsed to obtain a portion of the incoming data packet. That portion is compared with rules stored in a rule table, where each rule specifies a set of actions. A match between the portion and a particular rule of the rules is selected and a particular set of actions, specified by that particular rule is executed. Each rule includes a mask, a selection flag and a validity check that are used in the comparison of the portion with each rule. The rules may be compared with the packet portion serially or in a parallel fashion and if more than one rule matches the portion, the highest priority is selected as the matching rule.

22 Citations

View as Search Results

74 Claims

1. A method of handling data packets in a network device, said method comprising:
- receiving an incoming data packet;
  
  parsing the incoming data packet to obtain a portion of the incoming data packet, the portion including a packet field;
  
  comparing said portion with rules stored in a rule table of the network device, wherein each rule of said rules specifies a set of actions and includes at least one rule field, the at least one rule field including a rule field value, a mask, and a selection flag, the mask specifying a mask-specified subset of the rule field value, and wherein the comparing further includesapplying the mask to the packet field to obtain a packet field value, and to the rule field value to obtain a mask-specified rule field value, andobtaining a comparison result by comparing the packet field value against the mask-specified rule field value;
  
  selecting a match between said portion and a particular rule of said rules, based on the comparison result and the selection flag, including selecting the match for the rule field when either the comparison result is positive and the selection flag is positive, or when the comparison result is negative and the selection flag is negative; and
  
  executing a particular set of actions specified by said particular rule.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23)
- - 2. A method of handling data packets as recited in claim 1, wherein comparing said portion with rules stored in a rule table comprises comparing specific fields of the incoming data packet with corresponding rule fields in all of the rules stored in the rule table.
  - 3. A method of handling data packets as recited in claim 2, wherein specific fields of the packet include a source port identification number and layer 2 to layer 7 headers.
  - 4. A method of handling data packets as recited in claim 1, wherein selecting a match between said portion and a particular rule of said rules comprises selecting a highest priority rule of said rules to be the particular rule when more than one rule of said rules match said portion.
  - 5. A method of handling data packets as recited in claim 4, wherein the highest priority rule is determined by the addresses of said rules within said rules table.
  - 6. A method of handling data packets as recited in claim 1, wherein said mask comprises an encoded compact mask and the comparing said portion with rules stored in a rule table comprises:
    - applying said encoded compact mask of said rule fields to corresponding fields of the incoming data packet to obtain the packet field value;
      
      comparing the packet field value with the rule field value contained in said one of said rules; and
      
      examining the selection flag of said one of said rule fields to determine whether said one of said rules is a potential match.
  - 7. A method of handling data packets as recited in claim 6, wherein each rule has at least three types of rule fields comprising:
    - rule fields with a fixed location and a compact mask,rule fields with a fixed field location and a full mask that is as wide as the packet field value, andrule fields with a programmable field location which allows the rule field value to be mapped to any contiguous section of said portion of the incoming data packet.
  - 8. A method of handling data packets as recited in claim 6, wherein applying said mask of one of the rules comprises expanding the compact mask to a full mask as wide as the packet field value and applying the full mask to said portion.
  - 9. A method of handling data packets as recited in claim 8, wherein the full mask is applied to said portion to obtain at least one of an IP destination address and an IP source address as the packet field value.
  - 10. A method of handling data packets as recited in claim 7, further comprising examining a global programmable flag to determine whether a start address of the programmable field location is a beginning of a layer 2 header or a layer 3 header of the incoming data packet.
  - 11. A method of handling data packets as recited in claim 6, wherein examining the selection flag comprises inverting the result of the comparing the packet field value step when the selection flag is set to a particular value.
  - 12. A method of handling data packets as recited in claim 6, wherein the method further comprises determining a validity of the packet field value and using the determination to decide whether said one of said rules is the potential match.
  - 13. A method of handling data packets as recited in claim 12, wherein determining a validity of the packet field value comprises parsing said portion of the data packet to determine the validity and returning the validity result and the packet field value.
  - 14. A method of handling data packets as recited in claim 12, wherein determining a validity of the packet field value comprises comparing one or more programmable rule fields with certain packet field values in the incoming data packet, and, when the one or more programmable rule fields do not match, overriding comparison results of all other rule fields in the same rule.
  - 15. A method of handling data packets as recited in claim 14, wherein comparing one or more programmable rule fields with certain packet field values comprises determining how many bytes of the packet field value of the incoming data packet are present and indicating the rule field is not the match when mask bits of invalid bytes of the rule field value are not set to zeros.
  - 16. A method of handling data packets as recited in claim 13, wherein parsing said portion to determine validity further comprises determining whether a particular section of said portion required for a selected rule field value is present in the parsed portion.
  - 17. A method of handling data packets as recited in claim 12, wherein determining a validity of the packet field value comprises determining that one of said rules is the potential match when the packet field value is invalid but the compact mask of the rule field is all zeros.
  - 18. A method of handling data packets as recited in claim 12, wherein Currently Amended determining a validity of the packet field value comprises determining that one of said rules is the potential match when the packet field value is invalid but a valid bit of the rule field is set to zero.
  - 19. A method of handling data packets as recited in claim 1, wherein executing a particular set of actions specified by said particular rule comprises modifying a header of the incoming data packet, forwarding the incoming data packet to a destination address, or updating a management information register.
  - 20. A method of handling data packets as recited in claim 19, wherein updating a management information register comprises providing a bitmap used to increment individual counters indicating a forwarding, dropping, or processing of certain types of packets.
  - 21. A method of handling data packets as recited in claim 19, wherein said particular set of actions comprises setting a flow identification for the incoming data packet such that the packet is classified according to a class of service.
  - 22. A method of handling data packets as recited in claim 1, wherein comparing said portion with rules stored in a rule table comprises comparing said portion with rules stored in a rule table implemented in a static random access memory, with three types of rule fields and action fields all stored in each row of the static random access memory.
  - 23. A method of handling data packets as recited in claim 1, wherein comparing said portion with rules stored in a rule table comprises comparing said portion with rules stored in a rule table implemented in a content addressed memory, where each entry of the content addressed memory includes a selection flag and a validity bit.

24. A network device for handling data packets comprising:
- rules table;
  
  means for receiving an incoming data packet;
  
  means for parsing the incoming data packet to obtain a portion of the incoming data packet, the portion including a packet field;
  
  means for comparing said portion with rules stored in said rule table, of the network device, wherein each rule of said rules specifies a set of actions and includes at least one rule field, the at least one rule field including a rule field value, a mask, and a selection flag, the mask specifying a mask-specified subset of the rule field value, and wherein the means for comparing further includesmeans for applying the mask to the packet field to obtain a packet field value, and to the rule field value to obtain a mask-specified rule field value, andmeans for obtaining a comparison result by comparing the packet field value against the mask-specified rule field value;
  
  means for selecting a match between said portion and a particular rule of said rules, based on the comparison result and the selection flag, including selecting the match for the rule field when either the comparison result is positive and the selection flag is positive, or when the comparison result is negative and the selection flag is negative; and
  
  means for executing a particular set of actions specified by said particular rule.
- View Dependent Claims (25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46)
- - 25. A network device for handling data packets as recited in claim 24, wherein the means for comparing said portion with rules stored in a rule table comprisesmeans for comparing specific fields of the incoming data packet with corresponding rule fields in all of the rules stored in the rule table.
  - 26. A network device for handling data packets as recited in claim 25, wherein specific fields of the packet include a source port identification number and layer 2 to layer 7 headers.
  - 27. A network device for handling data packets as recited in claim 24, wherein the means for selecting a match between said portion and a particular rule of said rules comprises means for selecting a highest priority rule of said rules to be the particular rule when more than one rule of said rules match said portion.
  - 28. A network device for handling data packets as recited in claim 27, wherein the means for selecting a highest priority rule determines the highest priority rule by examining the addresses of said rules within said rules table.
  - 29. A network device for handling data packets as recited in claim 24, wherein said mask comprises an encoded compact mask and the means for comparing said portion with rules stored in a rule table comprises:
    - means for applying said encoded compact mask of said rule fields to corresponding fields of the incoming data packet to obtain the packet field value;
      
      means for comparing the packet field value with the rule field value contained in said one of said rules; and
      
      means for examining the selection flag of said one of said rule fields to determine whether said one of said rules is a potential match.
  - 30. A network device for handling data packets as recited in claim 29, wherein each rule has at least three types of rule fields comprising:
    - rule fields with a fixed location and a compact mask,rule fields with a fixed field location and a full mask that is as wide as the packet field value, andrule fields with a programmable field location which allows the rule field value to be mapped to any contiguous section of said portion of the incoming data packet.
  - 31. A network device for handling data packets as recited in claim 29, wherein the means for applying said mask of one of the rules comprises means for expanding the compact mask to a full mask as wide as the packet field value and means for applying the full mask to said portion.
  - 32. A network device for handling data packets as recited in claim 31, wherein the means for applying the full mask obtains at least one of an IP destination address and an IP source address as the packet field value.
  - 33. A network device for handling data packets as recited in claim 30, further comprising means for examining a global programmable flag to determine whether a start address of the programmable field location is a beginning of a layer 2 header or a layer 3 header of the incoming data packet.
  - 34. A network device for handling data packets as recited in claim 29, wherein the means for examining the selection flag comprises means for inverting the result of the means for comparing the packet field value, where the means for inverting inverts the result when the selection flag is set to a particular value.
  - 35. A network device for handling data packets as recited in claim 29, wherein the network device further comprises means for determining a validity of the packet field value and decision means to decide whether said one of said rules is the potential match.
  - 36. A network device for handling data packets as recited in claim 35, wherein the means for determining a validity of the packet field value comprises means for parsing said portion of the data packet to determine the validity and means for returning the validity result and the packet field value.
  - 37. A network device for handling data packets as recited in claim 35, wherein the means for determining a validity of the packet field value comprises means for comparing one or more programmable rule fields with certain packet field values in the incoming data packet, and, means for overriding comparison results of all other rule fields in the same rule, where the means for overriding comparison results acts when the one or more programmable rule fields do not match.
  - 38. A network device for handling data packets as recited in claim 37, wherein the means for comparing one or more programmable rule fields with certain packet field values comprises means for determining how many bytes of the packet field value of the incoming data packet are present and means for indicating the rule field is not the match when mask bits of invalid bytes of the rule field value are not set to zeros.
  - 39. A network device for handling data packets as recited in claim 36, wherein the means for parsing said portion to determine validity further comprises means for determining whether a particular section of said portion required for a selected rule field value is present in the parsed portion.
  - 40. A network device for handling data packets as recited in claim 35, wherein the means for determining a validity of the packet field value comprises means for determining that one of said rules is the potential match when the packet field value is invalid but the compact mask of the rule field is all zeros.
  - 41. A network device for handling data packets as recited in claim 35, wherein the means for determining a validity of the packet field value comprises means for determining that one of said rules is the potential match when the packet field value is invalid but a valid bit of the rule field is set to zero.
  - 42. A network device for handling data packets as recited in claim 24, wherein the means for executing a particular set of actions specified by said particular rule comprises means for modifying a header of the incoming data packet, means for forwarding the incoming data packet to a destination address, or means for updating a management information register.
  - 43. A network device for handling data packets as recited in claim 42, wherein the means for updating a management information register comprises means for providing a bitmap used to increment individual counters indicating a forwarding, dropping, or processing of certain types of packets.
  - 44. A network device for handling data packets as recited in claim 42, wherein the means for executing a particular set of actions comprises means for setting a flow identification for the incoming data packet such that the packet is classified according to a class of service.
  - 45. A network device for handling data packets as recited in claim 24, wherein the rule table is implemented in a static random access memory, with three types of rule fields and action fields all stored in each row of the static random access memory.
  - 46. A network device for handling data packets as recited in claim 24, wherein the rule table is implemented in a content addressed memory, where each entry of the content addressed memory includes a selection flag and a validity bit.

47. A computer program embodied on a computer readable storage medium encoding instructions for performing a process of handling data packets in a network device, wherein the computer program is configured to cause execution of the process when the instructions are executed, said process comprising:
- receiving an incoming data packet;
  
  parsing the incoming data packet to obtain a portion of the incoming data packet, the portion including a packet field;
  
  comparing said portion with rules stored in a rule table of the network device, wherein each rule of said rules specifies a set of actions and includes at least one rule field, the at least one rule field including a rule field value, a mask, and a selection flag, the mask specifying a mask-specified subset of the rule field value, and wherein the comparing further includesapplying the mask to the packet field to obtain a packet field value, and to the rule field value to obtain a mask-specified rule field value, andobtaining a comparison result by comparing the packet field value against the mask-specified rule field value;
  
  selecting a match between said portion and a particular rule of said rules, based on the comparison result and the selection flag, including selecting the match for the rule field when either the comparison result is positive and the selection flag is positive, or when the comparison result is negative and the selection flag is negative; and
  
  executing a particular set of actions specified by said particular rule.
- View Dependent Claims (48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60)
- - 48. The computer program of claim 47, wherein said mask comprises an encoded compact mask and the comparing said portion with rules stored in a rule table comprises:
    - applying said encoded compact mask of said rule fields to corresponding fields of the incoming data packet to obtain the packet field value;
      
      comparing the packet field value with the rule field value contained in said one of said rules; and
      
      examining the selection flag of said one of said rule fields to determine whether said one of said rules is a potential match.
  - 49. The computer program of claim 48, wherein each rule has at least three types of rule fields comprising:
    - rule fields with a fixed location and a compact mask,rule fields with a fixed field location and a full mask that is as wide as the packet field value, andrule fields with a programmable field location which allows the rule field value to be mapped to any contiguous section of said portion of the incoming data packet.
  - 50. The computer program of claim 48, wherein applying said mask of one of the rules comprises expanding the compact mask to a full mask as wide as the packet field value and applying the full mask to said portion.
  - 51. The computer program of claim 50, wherein the full mask is applied to said portion to obtain at least one of an IP destination address and an IP source address as the packet field value.
  - 52. The computer program of claim 49, wherein the process further comprises examining a global programmable flag to determine whether a start address of the programmable field location is a beginning of a layer 2 header or a layer 3 header of the incoming data packet.
  - 53. The computer program of claim 48, wherein examining the selection flag comprises inverting the result of the comparing the packet field value step when the selection flag is set to a particular value.
  - 54. The computer program of claim 48, wherein the process further comprises determining a validity of the packet field value and using the determination to decide whether said one of said rules is the potential match.
  - 55. The computer program of claim 54, wherein determining a validity of the packet field value comprises parsing said portion of the data packet to determine the validity and returning the validity result and the packet field value.
  - 56. The computer program of claim 54, wherein determining a validity of the packet field value comprises comparing one or more programmable rule fields with certain packet field values in the incoming data packet, and, when the one or more programmable rule fields do not match, overriding comparison results of all other rule fields in the same rule.
  - 57. The computer program of claim 56, wherein comparing one or more programmable rule fields with certain packet field values comprises determining how many bytes of the packet field value of the incoming data packet are present and indicating the rule field is not the match when mask bits of invalid bytes of the rule field value are not set to zeros.
  - 58. The computer program of claim 55, wherein parsing said portion to determine validity further comprises determining whether a particular section of said portion required for a selected rule field value is present in the parsed portion.
  - 59. The computer program of claim 54, wherein determining a validity of the packet field value comprises determining that one of said rules is the potential match when the packet field value is invalid but the compact mask of the rule field is all zeros.
  - 60. The computer program of claim 54, wherein determining a validity of the packet field value comprises determining that one of said rules is the potential match when the packet field value is invalid but a valid bit of the rule field is set to zero.

61. A network device for handling data packets, comprising:
- a rules table;
  
  a receiving unit configured to receive an incoming data packet;
  
  a parsing unit configured to parse the incoming data packet to obtain a portion of the incoming data packet, the portion including a packet field;
  
  a comparing unit configured to compare said portion with rules stored in said rule table, of the network device, wherein each rule of said rules specifies a set of actions and includes at least one rule field, the at least one rule field including a rule field value, a mask, and a selection flag, the mask specifying a mask-specified subset of the rule field value, and wherein the comparing unit is further configured toapply the mask to the packet field to obtain a packet field value, and to the rule field value to obtain a mask-specified rule field value, andobtain a comparison result by comparing the packet field value against the mask-specified rule field value;
  
  a selecting unit configured to select a match between said portion and a particular rule of said rules, based on the comparison result and the selection flag, including selecting the match for the rule field when either the comparison result is positive and the selection flag is positive, or when the comparison result is negative and the selection flag is negative; and
  
  an executing unit configured to execute a particular set of actions specified by said particular rule.
- View Dependent Claims (62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74)
- - 62. The network device of claim 61, wherein said mask comprises an encoded compact mask and the comparing unit comprises:
    - an applying unit configured to apply said encoded compact mask of said rule fields to corresponding fields of the incoming data packet to obtain the packet field value;
      
      a comparison unit configured to compare the packet field value with the rule field value contained in said one of said rules; and
      
      an examining unit configured to examine the selection flag of said one of said rule fields to determine whether said one of said rules is a potential match.
  - 63. The network device of claim 62, wherein each rule has at least three types of rule fields comprising:
    - rule fields with a fixed location and a compact mask,rule fields with a fixed field location and a full mask that is as wide as the packet field value, andrule fields with a programmable field location which allows the rule field value to be mapped to any contiguous section of said portion of the incoming data packet.
  - 64. The network device of claim 62, wherein the applying unit comprises an expanding unit configured to expand the compact mask to a full mask as wide as the packet field value and an application unit configured to apply the full mask to said portion.
  - 65. The network device of claim 64, wherein the application unit is configured to obtain at least one of an IP destination address and an IP source address as the packet field value.
  - 66. The network device of claim 63, further comprising:
    - an examination unit configured to examine a global programmable flag to determine whether a start address of the programmable field location is a beginning of a layer 2 header or a layer 3 header of the incoming data packet.
  - 67. The network device of claim 62, wherein the examining unit comprises an inverting unit configured to invert the result of the comparison unit, where the inverting unit is configured to invert the result when the selection flag is set to a particular value.
  - 68. The network device of claim 62, wherein the network device further comprises:
    - a determining unit configured to determine a validity of the packet field value; and
      
      a decision unit configured to decide whether said one of said rules is the potential match.
  - 69. The network device of claim 68, wherein the determining unit comprises a parser unit configured to parse said portion of the data packet to determine the validity and a returning unit configured to return the validity result and the packet field value.
  - 70. The network device of claim 68, wherein the determining unit comprises a comparer unit configured to compare one or more programmable rule fields with certain packet field values in the incoming data packet, and, an overriding unit configured to override comparison results of all other rule fields in the same rule, where the overriding unit is configured to act when the one or more programmable rule fields do not match.
  - 71. The network device of claim 70, wherein the comparer unit comprises a determination unit configured to determine how many bytes of the packet field value of the incoming data packet are present and an indicating unit configured to indicate that the rule field is not the match when mask bits of invalid bytes of the rule field value are not set to zeros.
  - 72. The network device of claim 69, wherein the parser unit further comprises a determination unit configured to determine whether a particular section of said portion required for a selected rule field value is present in the parsed portion.
  - 73. The network device of claim 68, wherein the determining unit comprises a determination unit configured to determine that one of said rules is the potential match when the packet field value is invalid but the compact mask of the rule field is all zeros.
  - 74. The network device of claim 68, wherein the determining unit comprises a determination unit configured to determine that one of said rules is the potential match when the packet field value is invalid but a valid bit of the rule field is set to zero.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Avago Technologies International Sales Pte Limited (Broadcom, Inc.)
Original Assignee
Broadcom Corporation (Broadcom, Inc.)
Inventors
Kim, Hyungwon, Lee, Dennis S., Kim, Yongbum
Primary Examiner(s)
Mills; Donald L

Application Number

US10/076,367
Publication Number

US 20030156586A1
Time in Patent Office

3,010 Days
Field of Search

370/230, 370/230.1, 370/235, 370/236.2, 370/389, 370/401, 370/428, 370/429, 370/465, 370/298, 370/412, 709/224, 709/225, 709/226
US Class Current

370/235
CPC Class Codes

H04L 69/22 Parsing or analysis of headers

Method and apparatus for flexible frame processing and classification engine

First Claim

6 Assignments

0 Petitions

Accused Products

Abstract

22 Citations

74 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus for flexible frame processing and classification engine

First Claim

6 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

22 Citations

74 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links