Methods of structuring data, pre-compiled exception list engines, and network appliances
First Claim
1. A network appliance for connection to a first network, the appliance comprising:
- at least one input coupled to the first network for receiving a data packet from the first network, the data packet including an internet protocol (IP) address;
at least one memory device storing instructions and data, the data including;
a plurality of pages storing a plurality of excepted IP addresses, the excepted IP addresses each having a numeric value within a range of numeric values, the range divided into a plurality of clusters representing a plurality of contiguous sub-ranges, each page including one or more of the excepted IP addresses assigned to at least one of the clusters associated with the sub-range that includes the numeric value of said IP address within one or more of the sub-ranges associated with that page, each page having a page size defined by a maximum number of IP addresses that can be assigned to that page, the IP addresses in each cluster assigned to each page are ordered by numeric value; and
at least one processor executing computer-executable instructions, said instructions comprising instructions to;
identify the IP address of the packet from the first network;
identify-a target page that will include the IP address if the IP address is one of the plurality of excepted IP addresses, wherein the excepted IP addresses include a plurality of allowable IP addresses and a plurality of blocked IP addresses;
search-the target page to determine if the IP address is one of the excepted IP addresses in the target page;
process-the packet from the first network according to whether the IP address is an excepted IP address in the target page; and
determine whether to allow the packet from the first network to proceed based on if the IP address is an allowable IP address in the target page and to deny the packet from the first network from proceeding if the IP address is a blocked IP address in the target page.
6 Assignments
0 Petitions
Accused Products
Abstract
A computer executed method is disclosed for sorting a plurality of internet protocol (IP) addresses. The method includes dividing the range of IP addresses into a plurality of clusters representing a plurality of contiguous sub-ranges, assigning each IP address to the cluster associated with the sub-range that includes that IP address, and assigning the IP addresses in each cluster to one of a plurality of pages. If one of the pages has a size less than a page size limit, the method includes duplicating on that page at least one of the IP addresses assigned to that page. For each page, the IP addresses assigned to that page are ordered by numeric value. A network appliance incorporating aspects of the method is also disclosed.
40 Citations
18 Claims
-
1. A network appliance for connection to a first network, the appliance comprising:
-
at least one input coupled to the first network for receiving a data packet from the first network, the data packet including an internet protocol (IP) address; at least one memory device storing instructions and data, the data including; a plurality of pages storing a plurality of excepted IP addresses, the excepted IP addresses each having a numeric value within a range of numeric values, the range divided into a plurality of clusters representing a plurality of contiguous sub-ranges, each page including one or more of the excepted IP addresses assigned to at least one of the clusters associated with the sub-range that includes the numeric value of said IP address within one or more of the sub-ranges associated with that page, each page having a page size defined by a maximum number of IP addresses that can be assigned to that page, the IP addresses in each cluster assigned to each page are ordered by numeric value; and at least one processor executing computer-executable instructions, said instructions comprising instructions to; identify the IP address of the packet from the first network; identify-a target page that will include the IP address if the IP address is one of the plurality of excepted IP addresses, wherein the excepted IP addresses include a plurality of allowable IP addresses and a plurality of blocked IP addresses; search-the target page to determine if the IP address is one of the excepted IP addresses in the target page; process-the packet from the first network according to whether the IP address is an excepted IP address in the target page; and determine whether to allow the packet from the first network to proceed based on if the IP address is an allowable IP address in the target page and to deny the packet from the first network from proceeding if the IP address is a blocked IP address in the target page. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 18)
-
-
11. A network appliance for connection to a first network, the appliance comprising:
-
at least one input coupled to the first network for receiving a packet from the first network, the packet including an internet protocol (IP) address; at least one memory device; a first engine stored in the memory device, the first engine including a plurality of pages storing a plurality of excepted IP addresses, the excepted IP addresses each having a numeric value within a range of numeric values, the range divided into a plurality of clusters representing a plurality of contiguous sub-ranges, each page including one or more of the excepted IP addresses assigned to at least one of the clusters associated with the sub-range that includes the numeric value of the IP address within one or more of the sub-ranges associated with that page; and at least one processor executing a first finite state machine (FSM), the first FSM including instructions executable by the processor to; determine the page associated with the sub-range encompassing the IP address; search the page associated with the sub-range encompassing the IP address to determine if the IP address is an excepted IP address; and process the packet from the first network according to the IP address being an excepted IP address, wherein the packet from the first network is allowed to proceed based on the IP address being an excepted IP address. - View Dependent Claims (12, 13, 14, 15, 16, 17)
-
Specification