Fast flexible filter processor based architecture for a network device

US 7,746,854 B2
Filed: 02/23/2005
Issued: 06/29/2010
Est. Priority Date: 07/08/1998
Status: Expired due to Fees

First Claim

Patent Images

1. A method of filtering data packets in a network device, said method comprising:

receiving an incoming packet from a port of the network device;

extracting, at the network device, packet fields of the incoming packet;

classifying, at the network device, the incoming packet and generating action instructions based on values contained in the extracted packet fields; and

modifying, at the network device, the incoming packet based on the action instructions and a predetermined criteria set for the network device,wherein the network device includes a cell channel configured to transport the incoming packet, a protocol channel synchronized with the cell channel and configured to direct a flow of the incoming packet, and a sideband channel decoupled from the cell channel and configured to communicate with a processor to receive rules according to which one or more of the extracting, classifying, or modifying occurs.

View all claims

5 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method of filtering data packets in a network device is disclosed. An incoming packet is received from a port and the incoming packet is inspected and packet fields are extracted. The incoming packet is classified based on the extracted packet fields and action instructions are generated. The incoming packet is then modified based on the action instructions. Further, the inspection and extraction includes applying inspection mask windows to any portion of the incoming packet to extract programmable packet fields.

Citations

22 Claims

1. A method of filtering data packets in a network device, said method comprising:
- receiving an incoming packet from a port of the network device;
  
  extracting, at the network device, packet fields of the incoming packet;
  
  classifying, at the network device, the incoming packet and generating action instructions based on values contained in the extracted packet fields; and
  
  modifying, at the network device, the incoming packet based on the action instructions and a predetermined criteria set for the network device,wherein the network device includes a cell channel configured to transport the incoming packet, a protocol channel synchronized with the cell channel and configured to direct a flow of the incoming packet, and a sideband channel decoupled from the cell channel and configured to communicate with a processor to receive rules according to which one or more of the extracting, classifying, or modifying occurs.
- View Dependent Claims (2, 3, 4, 5)
- - 2. A method as recited in claim 1, wherein said network device comprises one of a switch and a router and the modifying the incoming packet comprises discarding the incoming packet, forwarding the incoming packet, modifying the packet or modifying a forwarding control message for the incoming packet.
  - 3. A method as recited in claim 1, wherein said network device comprises a network co-processor and classifying the incoming packet comprises classifying the incoming packet based on protocol type and data payload of the incoming packet.
  - 4. A method as recited in claim 1, wherein said network device comprises a network interface controller and classifying the incoming packet comprises classifying the incoming packet based on one of a flow identification for packets having a particular source and a particular destination and a flow identification parameter.
  - 5. A method as recited in claim 1, wherein said network device comprises a streaming media processor and classifying the incoming packet comprises authenticating the incoming packet based on the predetermined criteria set for the network device.

6. A data filter for data packets in a network device, said data filter comprising:
- receiving means for receiving an incoming packet from a port;
  
  extracting means for extracting packet fields of the incoming packet;
  
  classifying means for classifying the incoming packet and generating action instructions based on values contained in the extracted packet fields; and
  
  modifying means for modifying the incoming packet based on the action instructions and a predetermined criteria set for the network device,wherein the network device includes a cell channel configured to transport the incoming packet, a protocol channel synchronized with the cell channel and configured to direct a flow of the incoming packet, and a sideband channel decoupled from the cell channel and configured to communicate with a processor to receive rules according to which one or more of the extracting, classifying, or modifying occurs.
- View Dependent Claims (7, 8, 9, 10)
- - 7. A data filter as recited in claim 6, wherein said network device comprises one of a switch and a router and the modifying means comprises processing means for discarding the incoming packet, forwarding the incoming packet, modifying the incoming packet or modifying a forwarding control message for the incoming packet.
  - 8. A data filter as recited in claim 6, wherein said network device comprises a network co-processor and the classifying means comprises classifying means for classifying the incoming packet based on protocol type and data payload of the incoming packet.
  - 9. A data filter as recited in claim 6, wherein said network device comprises a network interface controller and the classifying means comprises classifying means for classifying the incoming packet based on one of a flow identification for packets having a particular source and a particular destination and a flow identification parameter.
  - 10. A data filter as recited in claim 6, wherein said network device comprises a streaming media processor and the classifying means comprises authenticating means for authenticating the incoming packet based on the predetermined criteria set for the network device.

11. A fast flexible filter processor for data packets in a network device, said fast flexible filter processor comprising:
- an inspection engine, configured to receive an incoming data packet and extract selected packet fields from the incoming data packet;
  
  a classification engine communicating with the inspection engine, configured to receive the extracted selected packet fields and generate action instructions based on the values contained in the extracted packet fields;
  
  a packet processing engine communicating with the classification engine, configured to receive the action instructions and the incoming data packet, modify the incoming packet and output the modified incoming data packet,wherein the network device includes a cell channel configured to transport the incoming data packet, a protocol channel synchronized with the cell channel and configured to direct a flow of the incoming packet, and a sideband channel decoupled from the cell channel and configured to communicate with a processor to receive rules according to which one or more of the inspection engine, the classification engine, or the packet processing engine executes.
- View Dependent Claims (12, 13, 14, 15)
- - 12. A fast flexible filter processor as recited in claim 11, wherein said network device comprises one of a switch and a router and the packet processing engine is configured to discard the incoming packet, forward incoming packet, modify the incoming packet or modify a forwarding control message for the incoming packet based on the action instructions.
  - 13. A fast flexible filter processor as recited in claim 11, wherein said network device comprises a network co-processor and the classification engine is configured to classify the incoming packet based on protocol type and data payload of the incoming packet.
  - 14. A fast flexible filter processor as recited in claim 11, wherein said network device comprises a network interface controller and the classification engine is configured to classify the incoming packet based on one of a flow identification for packets have a particular source and a particular destination and a flow identification parameter.
  - 15. A fast flexible filter processor as recited in claim 11, wherein said network device comprises a streaming media processor and the classification engine is configured to authenticate the incoming packet based on a predetermined criteria set for the network device.

16. A network device for network communications, said network device comprising:
- a data port interface supporting at least one data port;
  
  a programmable interface, said programmable interface configured to communicate with a CPU or a programming source;
  
  a memory, said memory communicating with said data port interface; and
  
  a fast flexible filtering processor configured to receive packets coming into the data port interface, extract packet fields from said packets, determine action instructions from values contained in the extracted packet fields and take selective filter action based upon the action instructions and a predetermined criteria set for the network device,wherein the network device includes a cell channel configured to transport the incoming packet, a protocol channel synchronized with the cell channel and configured to direct a flow of the incoming packet, and a sideband channel decoupled from the cell channel and configured to communicate with the CPU and/or the programming source to receive rules according to which the fast flexible filtering processor executes.
- View Dependent Claims (17, 18, 19)
- - 17. A network device as recited in claim 16, wherein said fast flexible filtering processor is configured to be programmable by inputs from the CPU or the programming source through the programmable interface.
  - 18. A network device as recited in claim 16, wherein said data port interface, said programmable interface, said memory, and said fast flexible filtering processor are implemented on a common semiconductor substrate.
  - 19. A network device as recited in claim 16, wherein the fast flexible filtering processor filters the packets independent of the programmable interface, and therefore without communicating with the CPU or the programming source.

20. A method of handling data packets in a network device, said method comprising:
- placing data packets into an input queue;
  
  performing a lookup to determine whether certain packet fields are stored in a lookup table; and
  
  filtering the data packets through a fast flexible filtering processor in order to determine what specific actions should be taken to modify the data packets for further handling;
  
  wherein the filtering step further comprisesextracting a selectable packet field within the data packets,using values contained in the extracted selectable packet field to classify the data packets and determine action instructions for the data packets, and taking said specific actions to modify the data packets based on said action instructions and a predetermined criteria set for the network device,wherein the network device includes a cell channel configured to transport the incoming packet, a protocol channel synchronized with the cell channel and configured to direct a flow of the incoming packet, and a sideband channel decoupled from the cell channel and configured to communicate with a processor to receive rules according to which the filtering occurs.
- View Dependent Claims (21, 22)
- - 21. A method as recited in claim 20, wherein filtering the incoming packet includes filtering the packet independent of control from a remote processor.
  - 22. A method as recited in claim 20, wherein said taking said specific actions comprises taking programmable, specific actions, where the programmable, specific actions are implemented through programming instructions.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Avago Technologies International Sales Pte Limited (Broadcom, Inc.)
Original Assignee
Broadcom Corporation (Broadcom, Inc.)
Inventors
Ambe, Shekhar, Kadambi, Shiri, Relan, Sandeep
Primary Examiner(s)
NGUYEN, HANH N

Application Number

US11/063,868
Publication Number

US 20050152369A1
Time in Patent Office

1,952 Days
Field of Search

370/389, 370/395.1, 370/412, 370/400, 370/396, 370/392, 370/410, 370/390, 370/397, 370/395.21, 370/395.4, 370/419, 370/420, 709/238, 709/223, 709/224
US Class Current

370/389
CPC Class Codes

H04L 12/44   Star or tree networks

H04L 12/4645   Details on frame tagging ro...

H04L 12/467   Arrangements for supporting...

H04L 2012/445   with switching in a hub, e....

H04L 45/00   Routing or path finding of ...

H04L 45/505   Cell based

H04L 49/205   Quality of Service based

H04L 49/254   Centralised controller, i.e...

H04L 49/351   for local area network [LAN...

H04L 49/352   Gigabit ethernet switching ...

H04L 49/354   for supporting virtual loca...

H04L 49/90   Buffering arrangements

H04L 49/901   using storage descriptor, e...

H04L 49/9073   Early interruption upon arr...

Fast flexible filter processor based architecture for a network device

First Claim

5 Assignments

0 Petitions

Accused Products

Abstract

Citations

22 Claims

Specification

Solutions

Use Cases

Quick Links

Fast flexible filter processor based architecture for a network device

First Claim

5 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

22 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links