Firewall including local bus
First Claim
1. A network device comprising:
- a first interface to receive, from a first network, a plurality of packets destined for a second network;
a controller to transfer, via a first bus and within the network device, a first packet, of the plurality of packets, from the first interface to a memory in the network device; and
a processor, connected to the memory via the first bus and via a second bus of the network device, to;
determine whether the first bus is available,retrieve, via the first bus, the first packet from the memory when the first bus is available,retrieve, via the second bus, the first packet from the memory when the first bus is not available,the second bus being different than the first bus,the second bus connecting the processor to the memory without connecting the controller to the memory, and perform a plurality of operations on the first packet,the plurality of operations including one or more authentication operations, one or more encryption operations, one or more decryption operations, one or more virtual private network (VPN) processing operations, or one or more firewall operations,when performing the plurality of operations on the first packet, the processor is to perform a first operation and a second operation, of the plurality of operations, on the first packet in parallel,the first operation including one of;
an authentication operation of the one or more authentication operations, or
an encryption operation, of the one or more encryption operations, or
a decryption operation of the one or more decryption operations, andthe second operation being different than the first operation and including a different one of the authentication operation, the encryption operation, or the decryption operation.
0 Assignments
0 Petitions
Accused Products
Abstract
A gateway for screening packets transferred over a network. The gateway includes a plurality of network interfaces, a memory and a memory controller. Each network interface receives and forwards messages from a network through the gateway. The memory temporarily stores packets received from a network. The memory controller couples each of the network interfaces and is configured to coordinate the transfer of received packets to and from the memory using a memory bus. The gateway includes a firewall engine couples to the memory bus. The firewall engine is operable to retrieve packets from the memory and screen each packet prior to forwarding a given packet through the gateway and out an appropriate network interface. A local bus is coupled between the firewall engine and the memory providing a second path for retrieving packets from memory when the memory bus is busy.
69 Citations
23 Claims
-
1. A network device comprising:
-
a first interface to receive, from a first network, a plurality of packets destined for a second network; a controller to transfer, via a first bus and within the network device, a first packet, of the plurality of packets, from the first interface to a memory in the network device; and a processor, connected to the memory via the first bus and via a second bus of the network device, to; determine whether the first bus is available, retrieve, via the first bus, the first packet from the memory when the first bus is available, retrieve, via the second bus, the first packet from the memory when the first bus is not available, the second bus being different than the first bus, the second bus connecting the processor to the memory without connecting the controller to the memory, and perform a plurality of operations on the first packet, the plurality of operations including one or more authentication operations, one or more encryption operations, one or more decryption operations, one or more virtual private network (VPN) processing operations, or one or more firewall operations, when performing the plurality of operations on the first packet, the processor is to perform a first operation and a second operation, of the plurality of operations, on the first packet in parallel, the first operation including one of;
an authentication operation of the one or more authentication operations, or
an encryption operation, of the one or more encryption operations, or
a decryption operation of the one or more decryption operations, andthe second operation being different than the first operation and including a different one of the authentication operation, the encryption operation, or the decryption operation. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A system comprising:
-
a memory to store a plurality of packets; a controller, connected to the memory via a first bus, to control transfer of the plurality of packets to the memory; a processor, connected to the memory via the first bus and via a second bus, to; retrieve the plurality of packets from the memory via the first bus when the first bus is available, retrieve the plurality of packets from the memory via the second bus when the first bus is unavailable, the second bus being different than the first bus, the second bus directly connecting the processor to the memory without connecting the controller to the memory, and perform at least one of a plurality of operations on the plurality of packets, the plurality of operations including one or more authentication operations, one or more encryption operations, one or more decryption operations, one or more virtual private network (VPN) processing operations, or one or more firewall operations. - View Dependent Claims (12, 13, 14, 15, 16, 17)
-
-
18. A method comprising:
-
transferring, via a first bus of a device, a packet to a memory of the device, the packet being transferred to the memory using a controller of the device, the controller being connected to the memory via the first bus; determining, by a processor of the device, whether the first bus is available; retrieving, by the processor and via the first bus, the packet from the memory when the first bus is available; retrieving, by the processor and via a second bus of the device, the packet from the memory when the first bus is not available; the processor being connected to the memory via the first bus and the second bus, the second bus connecting the processor to the memory without connecting the controller to the memory, and the second bus being different than the first bus; and performing, by the processor, one or more operations on the packet, the one or more operations including one or more authentication operations, one or more encryption operations, one or more decryption operations, one or more virtual private network (VPN) processing operations, or one or more firewall operations. - View Dependent Claims (19, 20)
-
-
21. A non-transitory computer-readable medium comprising:
a plurality of instructions which, when executed by a hardware component of a device, cause the hardware component to; determine whether a first bus of the device is available for retrieving a packet from a memory of device, the packet being transferred, via the first bus, to the memory of the device using a controller of the device, the controller being connected to the memory via the first bus; retrieve, via the first bus, the packet from the memory of the device when the first bus is available; retrieve, via a second bus of the device, the packet from the memory when the first bus is not available, the hardware component being connected to the memory via the first bus and the second bus, the second bus connecting the hardware component to the memory without connecting the controller to the memory, and the second bus being different than the first bus; and perform a plurality of operations on the packet, the plurality of operations including one or more authentication operations, one or more encryption operations, one or more decryption operations, one or more virtual private network (VPN) processing operations, or one or more firewall operations, one or more instructions, of the plurality of instructions, to perform the plurality of operations on the packet including; one or more instructions to perform, on the packet in parallel, a first operation and a second operation of the plurality of operations, the first operation including one of;
an authentication operation of the one or more authentication operations, or
an encryption operation of the one or more encryption operations, or
a decryption operation of the one or more decryption operations, and
the second operation including a different one of the authentication operation, the encryption operation, or the decryption operation.- View Dependent Claims (22, 23)
Specification