Packet processing in a multiple processor system

US 7,746,862 B1
Filed: 01/25/2006
Issued: 06/29/2010
Est. Priority Date: 08/02/2005
Status: Active Grant

First Claim

Patent Images

1. A packet processing system, comprising:

a packet interface to receive a packet;

a flow engine, connected to the packet interface, to route the packet to a first processing engine;

the first processing engine, connected to the flow engine, comprising a firewall processing engine, an intrusion detection system, or a network address translation (NAT) engine, to;

receive the packet from the flow engine,process the packet,create a tag associated with the packet, where the tag includes;

information about the processing of the packet, andan indication to drop other packets subsequently received at the packet processing system from a same session as the packet, andtransmit the packet to the flow engine;

where the flow engine is further to;

receive the packet from the first processing engine, androute the packet to a second processing engine;

the second processing engine, connected to the flow engine, comprising a firewall processing engine, an intrusion detection system, or a network address translation (NAT) engine, to;

receive the packet from the flow engine, andprocess the packet using the tag information, where the first processing engine is different than the second processing engine.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Packet processing is provided in a multiple processor system including a first processor to processing a packet and to create a tag associated with the packet. The tag includes information about the processing of the packet. A second processor receives the packet subsequent to the first processor and processes the packet using the tag information.

64 Citations

View as Search Results

26 Claims

1. A packet processing system, comprising:
- a packet interface to receive a packet;
  
  a flow engine, connected to the packet interface, to route the packet to a first processing engine;
  
  the first processing engine, connected to the flow engine, comprising a firewall processing engine, an intrusion detection system, or a network address translation (NAT) engine, to;
  
  receive the packet from the flow engine,process the packet,create a tag associated with the packet, where the tag includes;
  
  information about the processing of the packet, andan indication to drop other packets subsequently received at the packet processing system from a same session as the packet, andtransmit the packet to the flow engine;
  
  where the flow engine is further to;
  
  receive the packet from the first processing engine, androute the packet to a second processing engine;
  
  the second processing engine, connected to the flow engine, comprising a firewall processing engine, an intrusion detection system, or a network address translation (NAT) engine, to;
  
  receive the packet from the flow engine, andprocess the packet using the tag information, where the first processing engine is different than the second processing engine.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. The packet processing system of claim 1, where the tag is appended to the packet.
  - 3. The packet processing system of claim 1, where the tag is prepended to the packet.
  - 4. The packet processing system of claim 1, where the tag includes data processed by the second processing engine.
  - 5. The packet processing system of claim 1, where the tag information includes at least one of session information, flow information, or inspection instructions.
  - 6. The packet processing system of claim 1, where the second processing engine is further to create a new tag associated with the packet, the tag including information about the processing of the packet.
  - 7. The packet processing system of claim 1, where the second processing engine is further to add new data to an existing tag.
  - 8. The packet processing system of claim 1, where each of the first and second processing engines includes a tag generator to create tags.
  - 9. The packet processing system of claim 1, where the first and second processing engines are to share a tag generator to create tags.
  - 10. The packet processing system of claim 1, where the first and second processing engines and at least one tag generator are integrated on one printed circuit board.
  - 11. The packet processing system of claim 1, where the first and second processing engines and at least one tag generator are integrated on one integrated circuit.
  - 12. The packet processing system of claim 1, where the first and second processing engines are included on one printed circuit board.
  - 13. The packet processing system of claim 1, where the first and second processing engines are included on one integrated circuit.

14. A method, comprising:
- receiving, via a packet interface, a packet;
  
  routing, via a flow engine, connected to the packet interface, the packet to a first processing engine,where the first processing engine connected to the flow engine, comprises at least one of a firewall processing engine, an intrusion detection system, or a network address translation (NAT) engine;
  
  receiving, via the first processing engine, the packet from the flow engine;
  
  processing, via the first processing engine, the packet received from the flow engine to create a processed packet;
  
  associating, via the first processing engine, a tag with the processed packet,where the tag includes information about the processing of the packet and an indication to drop other packets subsequently received at a packet processing system from a same session as the packet;
  
  transmitting, via the first processing engine, the processed packet, with the associated tag, to the flow engine;
  
  receiving, via the flow engine, the processed packet, with the associated tag, from the first processing engine;
  
  routing, via the flow engine, the processed packet, with the associated tag, from the first processing engine, to a second processing engine,where the second processing engine, connected to the flow engine, comprises a firewall processing engine, an intrusion detection system, or a network address translation (NAT) engine;
  
  receiving, via the second processing engine, the processed packet, with the associated tag, from the flow engine; and
  
  processing, via the second processing engine, the processed packet, with the associated tag, using the tag,where the first processing engine is different than the second processing engine.
- View Dependent Claims (15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26)
- - 15. The method of claim 14, where the tag is appended to the packet.
  - 16. The method of claim 14, where the tag is prepended to the packet.
  - 17. The method of claim 14, where the tag includes data processed by the second processing engine.
  - 18. The method of claim 14, where the tag includes at least one of session information, flow information, or inspection instructions.
  - 19. The method of claim 14, further comprising:
    - creating, via the second processing engine, a new tag associated with the processed packet, the new tag including information about the processing of the packet.
  - 20. The method of claim 14, further comprising:
    - adding, via the second processing engine, new data to the tag.
  - 21. The method of claim 14, where at least one of the first or second processing engines includes a tag generator to create tags.
  - 22. The method of claim 14, where the first and second processing engines share a tag generator to create tags.
  - 23. The method of claim 14, where the first and second processing engines and at least one tag generator are integrated on one printed circuit board.
  - 24. The method of claim 14, where the first and second processing engines and at least one tag generator are integrated on one integrated circuit.
  - 25. The method of claim 14, where the first and second processing engines are included on one printed circuit board.
  - 26. The method of claim 14, where the first and second processing engines are included on one integrated circuit.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Juniper Networks Incorporated
Original Assignee
Juniper Networks Incorporated
Inventors
Zuk, Nir, Mao, Yu Ming
Primary Examiner(s)
CHO, HONG SOL

Application Number

US11/338,732
Time in Patent Office

1,616 Days
Field of Search

370/389, 370/392, 370/394, 370/400, 370/401, 370/474
US Class Current

370/392
CPC Class Codes

H04L 63/0227 Filtering policies mail mes...

Packet processing in a multiple processor system

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

64 Citations

26 Claims

Specification

Use Cases

Quick Links

Others

Packet processing in a multiple processor system

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

64 Citations

26 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others