Method and system for policy-based forwarding
First Claim
Patent Images
1. A method comprising:
- determining, using a processor of a network device, if a packet is subject to a policy, whereinsaid packet is identified by analyzing, using said processor, said packet using a filtering rule, andsaid analyzing comprisesdetermining, using said processor, whether a destination address of said packet is intended for forwarding across a boundary of a virtual local area network by looking up said destination address of said packet in a forwarding table, anddetermining, using said processor, whether said packet matches an entry in an access control list table associated with said virtual local area network using said destination address; and
forwarding said packet, wherein said forwarding said packet comprisesif said packet is subject to said policy,forwarding said packet to a policy-based forwarding engine of said network device, andperforming said forwarding said packet based on said policy usingsaid policy-based forwarding engine, whereinsaid performing said forwarding comprises rewriting said destination address based on an adjacency table, andif said packet is not subject to said policy,determining if said packet is subject to a forwarding rule, andif said packet is subject to said forwarding rule,forwarding said packet to a forwarding engine of said network device, andperforming said forwarding based on said forwarding rule using said forwarding engine.
1 Assignment
0 Petitions
Accused Products
Abstract
A method of operating a network is disclosed. The method includes identifying a packet as being subject to a policy and forwarding said packet based on said policy, if said packet is subject to said policy.
184 Citations
57 Claims
-
1. A method comprising:
-
determining, using a processor of a network device, if a packet is subject to a policy, wherein said packet is identified by analyzing, using said processor, said packet using a filtering rule, and said analyzing comprises determining, using said processor, whether a destination address of said packet is intended for forwarding across a boundary of a virtual local area network by looking up said destination address of said packet in a forwarding table, and determining, using said processor, whether said packet matches an entry in an access control list table associated with said virtual local area network using said destination address; and forwarding said packet, wherein said forwarding said packet comprises if said packet is subject to said policy, forwarding said packet to a policy-based forwarding engine of said network device, and performing said forwarding said packet based on said policy using said policy-based forwarding engine, wherein said performing said forwarding comprises rewriting said destination address based on an adjacency table, and if said packet is not subject to said policy, determining if said packet is subject to a forwarding rule, and if said packet is subject to said forwarding rule, forwarding said packet to a forwarding engine of said network device, and performing said forwarding based on said forwarding rule using said forwarding engine. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
-
14. A network element comprising:
-
a policy-based forwarding engine, wherein; said policy-based forwarding engine is configured to implement policy-based forwarding, and said policy-based forwarding engine is configured to rewrite a destination address of a packet based on an adjacency table; and a forwarding engine, wherein said forwarding engine and said policy-based forwarding engine are coupled to receive a packet, said forwarding engine comprises a forwarding table, said forwarding table is configured to store a first destination address in an access control list associated with a virtual local area network, said forwarding engine is configured to determine if said packet is subject to a policy, said forwarding engine is configured to identify said packet by analyzing said packet using a filtering rule, said forwarding engine is configured to analyze said packet by determining whether a destination address of said packet is intended for forwarding across a boundary of a virtual local area network by looking up said destination address of said packet in said forwarding table, and said forwarding engine is configured to analyze said packet by determining whether said packet matches an entry in an access control list table associated with said virtual local area network using said destination address, said forwarding engine is configured to, if said packet is not subject to said policy, determine if said packet is subject to a forwarding rule, and said first destination address is a destination address of a policy-based forwarding engine. - View Dependent Claims (15, 16, 17, 18, 19)
-
-
20. A network element comprising:
-
a processor; a forwarding engine, coupled to said processor; a policy-based forwarding engine, coupled to said processor; a computer readable storage medium coupled to said processor; and computer code, encoded in said computer readable storage medium, for operating a network and configured to cause said processor to determine if a packet is subject to a policy, wherein said packet is identified by analyzing said packet using a filtering rule, said analyzing comprises determining whether a destination address of said packet is intended for forwarding across a boundary of a virtual local area network by looking up said destination address of said packet in a forwarding table, and determining whether said packet matches an entry in an access control list table associated with said virtual local area network using said destination address; and forward said packet, wherein said forwarding said packet comprises if said packet is subject to said policy, forwarding said packet to said policy-based forwarding engine, and causing said policy-based forwarding engine to perform said forwarding said packet based on said policy, wherein
said causing said forwarding comprises rewriting said destination address based on an adjacency table, andif said packet is not subject to said policy, determining if said packet is subject to a forwarding rule, and
if said packet is subject to said forwarding rule,
forwarding said packet to said forwarding engine, and
causing said forwarding engine to perform said forwarding based on said forwarding rule. - View Dependent Claims (21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32)
-
-
33. A non-transitory computer-readable storage medium, storing a computer program product comprising:
-
a first set of instructions, executable on a computer system, configured to determine if a packet is subject to a policy, wherein said packet is identified by analyzing said packet using a filtering rule, said analyzing comprises determining whether a destination address of said packet is intended for forwarding across a boundary of a virtual local area network by looking up said destination address of said packet in a forwarding table, and determining whether said packet matches an entry in an access control list table associated with said virtual local area network using said destination address; and a second set of instructions, executable on said computer system, configured to forward said packet, wherein said second set of instructions is further configured to if said packet is subject to said policy, forward said packet to a policy-based forwarding engine, and cause said policy-based forwarding engine to perform said forwarding said packet based on said policy, wherein said performing said forwarding comprises rewriting said destination address based on an adjacency table, and if said packet is not subject to said policy, determine if said packet is subject to a forwarding rule, and if said packet is subject to said forwarding rule, forward said packet to a forwarding engine, and cause said forwarding engine to perform said forwarding based on said forwarding rule. - View Dependent Claims (34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44)
-
-
45. An apparatus for operating a network comprising:
-
a forwarding engine; a policy-based forwarding engine; means for determining if a packet is subject to a policy, wherein said means for determining comprises a means for analyzing said packet using a filtering rule, a means for determining whether a destination address of said packet is intended for forwarding across a boundary of a virtual local area network by looking up said destination address of said packet in a forwarding table, and a means for determining whether said packet matches an entry in an access control list table associated with said virtual local area network using said destination address; and means for forwarding said packet, wherein said means for forwarding said packet comprises if said packet is subject to said policy, means for forwarding said packet to said policy-based forwarding engine, and means for causing said policy-based forwarding engine to perform said forwarding said packet based on said policy, wherein said means for performing said forwarding comprises means for rewriting said destination address based on an adjacency table, and if said packet is not subject to said policy, means for determining if said packet is subject to a forwarding rule, and if said packet is subject to a forwarding rule, means for forwarding said packet to said forwarding engine, and means for causing said forwarding engine to perform said forwarding based on said forwarding rule. - View Dependent Claims (46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57)
-
Specification