Packet processing in a multiple processor system
First Claim
Patent Images
1. A packet processing system, comprising:
- a packet interface to receive a packet;
a flow engine, connected to the packet interface, to route the packet to a first processing engine;
the first processing engine, connected to the flow engine, comprising a firewall processing engine, an intrusion detection system, or a network address translation (NAT) engine, to;
receive the packet from the flow engine,process the packet,create a tag associated with the packet, where the tag includes;
information about the processing of the packet, andan indication to drop other packets subsequently received at the packet processing system from a same session as the packet, andtransmit the packet to the flow engine;
where the flow engine is further to;
receive the packet from the first processing engine, androute the packet to a second processing engine;
the second processing engine, connected to the flow engine, comprising a firewall processing engine, an intrusion detection system, or a network address translation (NAT) engine, to;
receive the packet from the flow engine, andprocess the packet using the tag information, where the first processing engine is different than the second processing engine.
1 Assignment
0 Petitions
Accused Products
Abstract
Packet processing is provided in a multiple processor system including a first processor to processing a packet and to create a tag associated with the packet. The tag includes information about the processing of the packet. A second processor receives the packet subsequent to the first processor and processes the packet using the tag information.
64 Citations
26 Claims
-
1. A packet processing system, comprising:
-
a packet interface to receive a packet; a flow engine, connected to the packet interface, to route the packet to a first processing engine; the first processing engine, connected to the flow engine, comprising a firewall processing engine, an intrusion detection system, or a network address translation (NAT) engine, to; receive the packet from the flow engine, process the packet, create a tag associated with the packet, where the tag includes; information about the processing of the packet, and an indication to drop other packets subsequently received at the packet processing system from a same session as the packet, and transmit the packet to the flow engine; where the flow engine is further to; receive the packet from the first processing engine, and route the packet to a second processing engine; the second processing engine, connected to the flow engine, comprising a firewall processing engine, an intrusion detection system, or a network address translation (NAT) engine, to; receive the packet from the flow engine, and process the packet using the tag information, where the first processing engine is different than the second processing engine. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
-
14. A method, comprising:
-
receiving, via a packet interface, a packet; routing, via a flow engine, connected to the packet interface, the packet to a first processing engine, where the first processing engine connected to the flow engine, comprises at least one of a firewall processing engine, an intrusion detection system, or a network address translation (NAT) engine; receiving, via the first processing engine, the packet from the flow engine; processing, via the first processing engine, the packet received from the flow engine to create a processed packet; associating, via the first processing engine, a tag with the processed packet, where the tag includes information about the processing of the packet and an indication to drop other packets subsequently received at a packet processing system from a same session as the packet; transmitting, via the first processing engine, the processed packet, with the associated tag, to the flow engine; receiving, via the flow engine, the processed packet, with the associated tag, from the first processing engine; routing, via the flow engine, the processed packet, with the associated tag, from the first processing engine, to a second processing engine, where the second processing engine, connected to the flow engine, comprises a firewall processing engine, an intrusion detection system, or a network address translation (NAT) engine; receiving, via the second processing engine, the processed packet, with the associated tag, from the flow engine; and processing, via the second processing engine, the processed packet, with the associated tag, using the tag, where the first processing engine is different than the second processing engine. - View Dependent Claims (15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26)
-
Specification