Method for optimizing a route cache

US 8,175,098 B2
Filed: 08/27/2009
Issued: 05/08/2012
Est. Priority Date: 08/27/2009
Status: Active Grant

First Claim

Patent Images

1. A method for sending a network-packet having a packet-source-address and a packet-destination-address, comprising:

establishing a route-cache comprising entries containing at least an entry-source-address, an entry-destination-address, and an entry-reference to a network-interface;

designating the network-interface with a front-interface;

associating the network-interface with a front-interface-IP-address;

creating an off-link destination-entry in the route-cache containing an entry-source-address identical to the front-interface IP-address, and a forwarding-address, wherein the off-link destination-entry does not include the packet-destination-address;

determining if the packet destination-address is an off-link address;

if the packet-destination-address is determined to be an off-link address, then finding in the route-cache the off-link destination-entry having the same source-address as the packet-source-address and having the forwarding-address, wherein finding in the route-cache the off-link source-entry comprises;

calculating a search-hash-value based on at least the packet-source-address; and

finding, in the route-cache, an entry containing a hash-value identical to the search-hash-value; and

sending the packet to the forwarding-address via the front-interface.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method for managing a route cache to reduce the risk of disruption from denial of service attacks. All traffic arriving on a front interface from local (on-link) nodes (e.g., neighbor nodes) can be treated normally. However, for packets arriving from remote (off-link) sources addressed to a given destination IP address, a single, shared route cache entry can be used. The source-address field in this entry can be zeroed-out since it will not be used for traffic coming from any one source. Similarly, for all packets going to off-link destinations through the front-interface, another single shared route cache entry can be created and used. The destination-address field in this entry can be zeroed out since it will not be used for traffic going to any one destination.

60 Citations

27 Claims

1. A method for sending a network-packet having a packet-source-address and a packet-destination-address, comprising:
- establishing a route-cache comprising entries containing at least an entry-source-address, an entry-destination-address, and an entry-reference to a network-interface;
  
  designating the network-interface with a front-interface;
  
  associating the network-interface with a front-interface-IP-address;
  
  creating an off-link destination-entry in the route-cache containing an entry-source-address identical to the front-interface IP-address, and a forwarding-address, wherein the off-link destination-entry does not include the packet-destination-address;
  
  determining if the packet destination-address is an off-link address;
  
  if the packet-destination-address is determined to be an off-link address, then finding in the route-cache the off-link destination-entry having the same source-address as the packet-source-address and having the forwarding-address, wherein finding in the route-cache the off-link source-entry comprises;
  
  calculating a search-hash-value based on at least the packet-source-address; and
  
  finding, in the route-cache, an entry containing a hash-value identical to the search-hash-value; and
  
  sending the packet to the forwarding-address via the front-interface.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1, wherein the off-link-destination-entry contains an entry-service-type-identifier and the network-packet contains a packet-service-type-identifier and finding in the route-cache the off-link source-entry further comprises:
    - ensuring that the entry-service-type-identifier is identical to the packet-service-type-identifier.
  - 3. The method of claim 1, wherein the off-link-destination-entry contains an entry-protocol-identifier and the network-packet contains a packet-protocol-identifier and finding in the route-cache the off-link source-entry further comprises:
    - ensuring that the entry-protocol-identifier is identical to the packet-protocol-identifier.
  - 4. The method of claim 1, wherein the off-link-destination-entry contains an entry-differentiated-services-code-point and the network-packet contains a packet-differentiated-services-code-point and finding in the route-cache the off-link source-entry further comprises:
    - ensuring that the entry-differentiated-services-code-point is identical to the packet-differentiated-services-code-point.
  - 5. The method of claim 1, wherein the network-packet originates from a socket which has an associated socket-connection state, and which is controlled by an operating system;
    - determining that the socket-connection-state is not available in the route-cache; and
      
      requesting, from the operating system, the connection-state of the socket.
  - 6. The method of claim 5, where the socket forms a TCP connection.

7. A method for receiving a network packet having a packet-source-address and a packet-destination-address, comprising:
- establishing a route-cache comprising entries containing at least an entry-source-address, an entry-destination-address, and an entry-reference to a physical network-interface;
  
  designating the physical network-interface as a front-interface;
  
  associating the physical network-interface with a front-interface IP-address;
  
  creating an off-link source entry in the route-cache containing an entry-destination-address identical to the front-interface IP-address, wherein the off-link source entry does not include the packet-source-address;
  
  determining if the packet-source-address is an off-link address;
  
  if the packet-source-address is determined to be an off-link address, then finding in the route-cache the off-link source entry having the same destination-address as the packet-destination-address; and
  
  forwarding the packet to a local socket.
- View Dependent Claims (8, 9, 10, 11, 12, 13)
- - 8. The method of claim 7, wherein finding in the route-cache the off-link source-entry comprises:
    - calculating a search-hash-value based on at least the packet-destination-address; and
      
      finding, in the route-cache, an entry containing a hash-value identical to the search-hash-value.
  - 9. The method of claim 7, wherein the off-link-source-entry contains an entry-service-type-identifier and the network-packet contains a packet-service-type-identifier and finding in the route-cache the off-link source-entry further comprises:
    - ensuring that the entry-service-type-identifier is identical to the packet-service-type-identifier.
  - 10. The method of claim 7, wherein the off-link-source-entry contains an entry-protocol-identifier and the network-packet contains a packet-protocol-identifier and finding in the route-cache the off-link source-entry further comprises:
    - ensuring that the entry-protocol-identifier is identical to the packet-protocol-identifier.
  - 11. The method of claim 7, wherein the off-link-source-entry contains an entry-differentiated-services-code-point and the network-packet contains a packet-differentiated-services-code-point and finding in the route-cache the off-link source-entry further comprises:
    - ensuring that the entry-differentiated-services-code-point is identical to the packet-differentiated-services-code-point.
  - 12. The method of claim 7, wherein the network-packet originates from a socket which has an associated socket-connection state, and which is controlled by an operating system;
    - determining that the socket-connection-state is not available in the route-cache; and
      
      requesting, from the operating system, the connection-state of the socket.
  - 13. The method of claim 12, where the socket forms a TCP connection.

14. A method for forwarding a network packet having a packet-source-address and a packet-destination-address, comprising:
- establishing a route-cache comprising entries containing information about how to process a packet wherein at least one entry contains an entry-source-address, an entry-destination-address, and an entry reference to a physical network-interface;
  
  creating an off-link source entry in the route-cache, wherein the off-link entry does not include the packet-source-address and the off-link source entry does not contain the packet-destination-address;
  
  determining if the packet-source-address is an off-link address;
  
  if the packet-source-address is determined to be an off-link address, then finding in the route-cache the off-link source entry; and
  
  forwarding the packet to the packet-destination-address.
- View Dependent Claims (15, 16, 17, 18, 19, 20)
- - 15. The method of claim 14, wherein creating an off-link source entry in the route-cache further comprises marking the entry such that it is only used for packets where the packet-destination-address is an on-link address;
    - andwherein finding in the route-cache the off-link source entry comprises determining that the packet-destination-address is an on-link address.
  - 16. The method of claim 14, wherein the off-link-source-entry contains an entry-service-type-identifier and the network-packet contains a packet-service-type-identifier and finding in the route-cache the off-link source-entry further comprises:
    - ensuring that the entry-service-type-identifier is identical to the packet-service-type-identifier.
  - 17. The method of claim 14, wherein the off-link-source-entry contains an entry-protocol-identifier and the network-packet contains a packet-protocol-identifier and finding in the route-cache the off-link source-entry further comprises:
    - ensuring that the entry-protocol-identifier is identical to the packet-protocol-identifier.
  - 18. The method of claim 14, wherein the off-link-source-entry contains an entry-differentiated-services-code-point and the network-packet contains a packet-differentiated-services-code-point and finding in the route-cache the off-link source-entry further comprises:
    - ensuring that the entry-differentiated-services-code-point is identical to the packet-differentiated-services-code-point.
  - 19. The method of claim 14, wherein the network-packet originates from a socket which has an associated socket-connection state, and which is controlled by an operating system;
    - determining that the socket-connection-state is not available in the route-cache; and
      
      requesting, from the operating system, the connection-state of the socket.
  - 20. The method of claim 19, where the socket forms a TCP connection.

21. A method for forwarding a network packet having a packet-source-address and a packet-destination-address, comprising:
- establishing a route-cache comprising entries containing information about how to process a packet wherein at least one entry contains an entry-source-address, an entry-destination-address, and an entry reference to a physical network-interface;
  
  creating an off-link destination entry in the route-cache, wherein the off-link entry does not include the packet-source-address and the off-link destination entry does not contain the packet-destination-address, wherein creating an off-link destination entry in the route-cache further comprises marking the entry such that it is only used for packets where the packet source address is an on-link address;
  
  determining if the packet-destination-address is an off-link address;
  
  if the packet-destination-address is determined to be an off-link address, then finding in the route-cache the off-link destination entry, wherein finding in the route-cache the off-link destination entry comprises verifying that the packet source address is an on-link address; and
  
  forwarding the packet to the packet-destination-address.
- View Dependent Claims (22, 23, 24, 25, 26)
- - 22. The method of claim 21, wherein the off-link-destination-entry contains an entry-service-type-identifier and the network-packet contains a packet-service-type-identifier and finding in the route-cache the off-link source-entry further comprises:
    - ensuring that the entry-service-type-identifier is identical to the packet-service-type-identifier.
  - 23. The method of claim 21, wherein the off-link-destination-entry contains an entry-protocol-identifier and the network-packet contains a packet-protocol-identifier and finding in the route-cache the off-link source-entry further comprises:
    - ensuring that the entry-protocol-identifier is identical to the packet-protocol-identifier.
  - 24. The method of claim 21, wherein the off-link-destination-entry contains an entry-differentiated-services-code-point and the network-packet contains a packet-differentiated-services-code-point and finding in the route-cache the off-link source-entry further comprises:
    - ensuring that the entry-differentiated-services-code-point is identical to the packet-differentiated-services-code-point.
  - 25. The method of claim 21, wherein the network-packet originates from a socket which has an associated socket-connection state, and which is controlled by an operating system;
    - determining that the socket-connection-state is not available in the route-cache; and
      
      requesting, from the operating system, the connection-state of the socket.
  - 26. The method of claim 25, where the socket forms a TCP connection.

27. A method for forwarding a network-packet having a packet-source-address and a packet-destination-address using a route-cache having entries containing at least an entry-source-address, an entry-destination-address, an entry-reference to a source physical network-interface and an entry-reference to a destination physical network-interface, comprising:
- creating a first shared entry in the route-cache containing an entry-reference to a source physical network-interface and data to determine whether a destination IP address matched the entry, wherein the first shared entry does not include a packet-destination-address and does not include a packet-source-address;
  
  receiving a packet containing a destination IP address on a physical network interface; and
  
  finding in the route-cache an entry containing an entry-reference to the source physical network-interface on which the packet was received and containing data indicating that the packet destination IP address matches the entry.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
VeriSign, Inc.
Original Assignee
VeriSign, Inc.
Inventors
Bhogavilli, Suresh Kumar, Wiley, Glen Stuart
Primary Examiner(s)
PARK, JUNG H

Application Number

US12/548,564
Publication Number

US 20110051728A1
Time in Patent Office

985 Days
Field of Search

370/328, 370/338, 370/392
US Class Current

370/392
CPC Class Codes

H04L 45/742 Route cache; Operation thereof

H04L 63/1458 Denial of Service

Method for optimizing a route cache

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

60 Citations

27 Claims

Specification

Solutions

Use Cases

Quick Links

Method for optimizing a route cache

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

60 Citations

27 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links