Neighbor discovery proxy with distributed packet inspection scheme

US 8,102,854 B2
Filed: 08/15/2008
Issued: 01/24/2012
Est. Priority Date: 05/25/2004
Status: Expired due to Fees

First Claim

Patent Images

1. A system, comprising:

a processing device configured to;

receive a packet encapsulated with a plurality of protocol layers including at least a first IPv6 layer and a second Ethernet layer that encapsulates the first IPv6 layer, the second Ethernet layer of the received packet including an Ethertype field containing a standard bit value that denotes, according to the Ethernet protocol, an IPv6 packet in a payload of the Ethernet frame;

inspect the received packet to determine whether the received packet is a neighbor discovery message, wherein the first IPv6 layer of the protocol layers is analyzed during the inspection;

if the received packet is not a neighbor discovery message according to the inspection, then forward the packet with the standard bit value in the Ethertype field;

if the received packet is a neighbor discovery message according to the inspection, then replace the standard bit value in the Ethertype field to a new non-standard bit value according to a distributed inspection scheme between the processing device and a remote device; and

forward the packet having the new non-standard bit value in the Ethertype field.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A network device is to receive traffic including neighbor discovery messages from requesting customer devices, and can detect the neighbor discovery messages within the traffic according to a distributed inspection scheme that includes the network device and a remote component. The network device is to then examine the neighbor discovery messages to determine if the neighbor discovery message should be forwarded to other of the customer devices, and respond to the requesting customer devices.

Citations

18 Claims

1. A system, comprising:
- a processing device configured to;
  
  receive a packet encapsulated with a plurality of protocol layers including at least a first IPv6 layer and a second Ethernet layer that encapsulates the first IPv6 layer, the second Ethernet layer of the received packet including an Ethertype field containing a standard bit value that denotes, according to the Ethernet protocol, an IPv6 packet in a payload of the Ethernet frame;
  
  inspect the received packet to determine whether the received packet is a neighbor discovery message, wherein the first IPv6 layer of the protocol layers is analyzed during the inspection;
  
  if the received packet is not a neighbor discovery message according to the inspection, then forward the packet with the standard bit value in the Ethertype field;
  
  if the received packet is a neighbor discovery message according to the inspection, then replace the standard bit value in the Ethertype field to a new non-standard bit value according to a distributed inspection scheme between the processing device and a remote device; and
  
  forward the packet having the new non-standard bit value in the Ethertype field.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The system of claim 1, further comprising a routing device, wherein the routing device is configured to:
    - receive the forwarded packet; and
      
      perform fast packet inspection on the forwarded packet to observe that the forwarded packet contains a neighbor discovery message, wherein said fast packet inspection checks for the non-standard bit value in the second Ethernet layer and consumes fewer processing resources than the inspection by the processing device.
  - 3. The system of claim 2, wherein the routing device is configured to determine whether to filter the neighbor discovery message according to a destination of the neighbor discovery message.
  - 4. The system of claim 1, wherein the inspection and replacing by the processing device offloads packet inspection from an access router.
  - 5. The system of claim 4, wherein the processing device is a cable modem and the access router is a Cable Modem Termination System (CMTS), wherein the cable modem is configured to perform an initial inspection of the packet and the CMTS performs a fast subsequent inspection based on the initial packet inspection by the cable modem.
  - 6. The system of claim 1, wherein the processing device performs the replacement prior to the processing device modulating the received packet for transmission on a cable network.

7. A system, comprising:
- a network device configured to operate between a first network and a second network, the network device to communicate traffic sent from a plurality of subscriber devices of the second network to the first network, to receive traffic from the first network for forwarding over the second network to the subscriber devices, wherein the network device includes;
  
  a database containing addressing information for the subscriber devices;
  
  a communications link to allow the network device to communicate with the second network; and
  
  a processor configured to;
  
  for an upstream portion of the traffic that is received over the second network, inspect an Ethertype field of IPv6-based packets included in the upstream traffic portion, said inspection to distinguish ones of the IPv6-based packets that contain a negotiated first bit value in their respective Ethertype fields from those ones of the IPv6-based packets that contain a standard second bit value in their respective Ethertype fields; and
  
  for only those ones of the IPv6-based packets that contain the negotiated first bit value in their respective Ethertype fields;
  
  identify an address corresponding to the IPv6-based packet;
  
  compare the identified address to the database to determine whether the database includes a stored address corresponding to the identified address;
  
  forward the IPv6-based packet if the corresponding stored address is absent from the database; and
  
  filter the IPv6-based packet according to the comparison if the corresponding stored address is present in the database, said filtering preventing the IPv6-based packet from being forwarded to a non-originating one of the subscriber devices.
- View Dependent Claims (8, 9, 10)
- - 8. The system of claim 7, wherein the processor is further configured to replace the negotiated first bit value with the standard second bit value in at least one of the IPv6-based packets before forwarding such IPv6-based packet.
  - 9. The system of claim 8, wherein the negotiated first bit value is a non-standard Ethertype field value.
  - 10. The system of claim 9, wherein the replacement ensures containment of the non-standard Ethertype field value within an upstream path of the second network.

11. A method, comprising:
- inspecting, at a first device, a first IPv6 layer of a packet, the first IPv6 layer encapsulated in a second Ethernet layer;
  
  if the inspection indicates that the packet is a neighbor discovery packet, then modifying original information contained in an Ethertype field of the second Ethernet layer of the packet to indicate a result of the inspection and forwarding the packet having the modified information in the Ethertype field from the first device, over a network, to a second device; and
  
  if the inspection indicates that the packet is not a neighbor discovery packet, then forwarding the packet having the original information in the Ethertype field from the first device, over the network, to the second device;
  
  wherein the original information in the Ethertype field includes a standard bit value for indicating that the packet contains an IPv6 packet in a payload of the Ethernet frame and the modified information does not contain the standard bit value.
- View Dependent Claims (12, 13, 14, 15, 16)
- - 12. The method of claim 11, further comprising:
    - identifying an address included in the packet;
      
      comparing the identified address to a list containing addressing information for cable modems;
      
      determining whether the list includes a stored address corresponding to the identified address according to the comparison; and
      
      preventing the packet from being forwarded according to the determination such that the packet is not forwarded if the stored address is present in the list.
  - 13. The method of claim 12, further comprising responding to a source of the packet if the packet is prevented from being forwarded.
  - 14. The method of claim 11, further comprising:
    - subsequently inspecting the second Ethernet layer at the second device, the subsequent inspection to observe the modified information; and
      
      responsive to the observation of the modified information, determining whether to forward the packet from the second device to an indicated destination.
  - 15. The method of claim 14, wherein the subsequent inspection to observe the modified information analyzes a subset of data analyzed during the previous inspection.
  - 16. The method of claim 11, wherein the modified information is contained within an Ethertype field of the packet.

17. A method, comprising:
- receiving a packet encapsulated with a plurality of protocol layers including at least a first IPv6 layer and a second Ethertype layer that encapsulates the first IPv6 layer, the second Ethertype layer of the received packet including an Ethertype field containing a standard bit value that denotes, according to the Ethernet protocol, an IPv6 packet in a payload of the Ethernet frame;
  
  inspecting the received packet to determine whether the received packet is a neighbor discovery message, wherein the first IPv6 layer of the plurality of protocol layers is analyzed during the inspection;
  
  if the received packet is not a neighbor discovery message according to the inspection, then forwarding the packet with the standard bit value in the Ethertype field;
  
  if the received packet is a neighbor discovery message according to the inspection, then replacing the standard bit value in the Ethertype field to a new non-standard bit value according to a network-distributed inspection scheme; and
  
  forwarding the packet having the new non-standard bit value in the Ethertype field.
- View Dependent Claims (18)
- - 18. The method of claim 17, wherein the standard bit value is one of a plurality of Ethernet standard values and the new non-standard bit value is another value that is different than all of the plurality of Ethernet standard values.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Original Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Inventors
Singh, Hemant, Beebee, William, Sudan, Madhu, Littlefield, Joshua
Primary Examiner(s)
Zhou, Yong

Application Number

US12/192,935
Publication Number

US 20080298277A1
Time in Patent Office

1,257 Days
Field of Search

None
US Class Current

370/392
CPC Class Codes

H04L 12/2801   Broadband local area networks

H04L 12/66   Arrangements for connecting...

H04L 45/00   Routing or path finding of ...

Neighbor discovery proxy with distributed packet inspection scheme

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Neighbor discovery proxy with distributed packet inspection scheme

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links